last executing test programs: 5.359150693s ago: executing program 0 (id=1528): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000a0015f65672409bfa200000000000007020000f8ffffffb701e5eb8c50b65cab933a0300008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8b}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r1, 0x0, 0x2ca}, 0x18) r2 = gettid() request_key(&(0x7f0000000080)='rxrpc\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000002a80)='\x8e\x00\x9e\xbb\x1e\x1av\xe8M\x00d\xaaI\x00\x00\x00\x00\x00\x00\t<\xe5u\xedA\xa7\aT\xdd\xd1{\xff\xcb\xdb\xb14x\x0f\xdf\x83\xdd31\xc2s\xcb\xbf\x04\x00\x00\x00<\xfe\xf9\f\xe6E\b\x00\xd7\x85q\xc4\xab\xbd&\x92\x89(\xf3\"\xceJ\x14\x185\xa6- \xe6uK\xe1D\x8f\x9f\x92\xca\x93#\xf5E\xc2\x91Yl\x17\a\x02\t\x17\x7f\xc4\xde\x04\x9b\x89#\xf6&[\xd81\xb3\xdc\x00\x04\x15\x03\x17R\xd24\xeb\xb5\xc2\xff\x1bnF\x8e\xe4\'\x18\xba9.\xd4\xd9\xc6\x98\x8f\xc6D!p\xbeV\xb7x\r@\x1b5\x8br\x11\xdex\x19\x89\xdc\x1el\xcd\x13\xb6\xc2\xdb]@F\xe3?\xfe\x0f\x04\x11\xc3\x8f:uXQ\x0f\v\xfc\xff\x7fL\xfb\xa8]\xd4\xd7\x13?\xe3<#\x1f\x9a\x03C\x8f\xe7\rV1\x99\xaf@Re\x18K\xb6\xee\xeeAnR\n\x8a\xe4\x1a:&\xc7\x15B\x8aG\xa4\a`\xee\xaf\x80T\xddo\xc4D^z\xbf\x1c\x87F?!k\'\xc3\xf9\xa3\xd9\x85\xb1N%\x17\f\xd0#\x05^\xf7\x11\x13\xadKb\x8ck\x10\xd3 >\t\xe0\x16\x80\x82\xb3\xcc\xc7\x05*\x9b\x0eQ\x92\xd7\xbaO\x06\xb2\xdc\xe7/\x1f\x90]IB94(evFMJ\x85\xc4S\xa8\x8b\xbe\xd3\x90\xe9\t\x00\x13\x1e\x9a\x94\x00\x00\x00\x00\x00', 0xffffffffffffffff) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921"], 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000002380)='net/ip_mr_cache\x00') pread64(r4, &(0x7f0000000100)=""/253, 0xfd, 0xadc) syz_usb_disconnect(r3) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_VOICE(r5, 0x112, 0xb, 0x0, &(0x7f00000010c0)) bind$802154_raw(r4, &(0x7f0000000200)={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0002}}}, 0x14) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f2110"], 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000072000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000100)='kfree\x00', r8}, 0x10) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xc}, 0x40004) sendmsg$NFT_BATCH(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=ANY=[@ANYRESOCT=r2, @ANYRES8], 0x54}, 0x1, 0x0, 0x0, 0x2406c045}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000080a01010000000000000000020000000900010073797a300000000038000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c0003400000000000000002"], 0xcdc}, 0x1, 0x0, 0x0, 0x20000050}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180), 0x2, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r6, &(0x7f0000000040)={0x5, 0x10, 0xfa00, {&(0x7f00000004c0), r9, 0x2}}, 0x18) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000240)={0x60000018}) r10 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r10, 0x0, 0x11) syz_usb_ep_write(r3, 0x81, 0x1, &(0x7f00000000c0)="ad") ioctl$COMEDI_BUFCONFIG(0xffffffffffffffff, 0x8020640d, &(0x7f0000000140)={0x0, 0x8, 0x7, 0x7}) io_setup(0x3, &(0x7f0000000180)) 4.847106018s ago: executing program 1 (id=1532): r0 = socket(0x1d, 0x3, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) futex(&(0x7f00000001c0)=0x1, 0x8, 0x0, &(0x7f0000000200)={0x0, 0x3938700}, 0x0, 0x2) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3ff, 0x8, &(0x7f0000006680)) r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x3}, &(0x7f0000000340), 0xf2, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000000c0)={r3, r3, r3}, &(0x7f0000000080)=""/34, 0x22, &(0x7f0000000000)={&(0x7f0000000280)={'wp512-generic\x00'}}) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, 0x0) bind$can_j1939(r0, 0x0, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0xb) keyctl$update(0x2, r3, &(0x7f0000000040)="3a77ca2f441f0166a88d84e4f8716573a5372153d986", 0x16) kexec_load(0x8, 0x0, 0x0, 0x160000) socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$nl_route(r0, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x14000080}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x810}, 0x20004040) rseq(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) keyctl$update(0x2, r3, &(0x7f0000000140)="2fb04ecc48405a03a0e3346a0686f195dd3c8aa201ef9506523e2d0ef5ef0ff2fb021bf888d5ac2a783c160255e06a12cae92ceca54b34f82f6725fcdb", 0x3d) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@ipv4_newroute={0x24, 0x18, 0x1, 0x2, 0x25dfdbfb, {0x2, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x6}]}, 0x24}}, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) r5 = socket(0x1, 0x1, 0x0) ioctl$sock_ifreq(r5, 0x8931, &(0x7f0000000040)={'team_slave_0\x00', @ifru_flags=0x1}) syz_clone(0x25000000, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x2c, 0x10, 0x401, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x9}, [@IFLA_ADDRESS={0xa, 0x1, @broadcast}]}, 0x2c}}, 0x0) 3.147577161s ago: executing program 1 (id=1538): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x800, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r3, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) sendmsg$inet(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x35}}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="9f", 0x1}], 0x1}, 0x4cbe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x30}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0) 3.060141141s ago: executing program 0 (id=1539): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x82, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) openat$vnet(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0) syz_clone(0xaa081180, 0x0, 0x0, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1c0000, 0x1, &(0x7f0000000040)) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$tun(0xffffff9c, &(0x7f0000000180), 0x0, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) userfaultfd(0x802) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000800000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000032ce8500000004000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendfile(r2, r2, 0x0, 0x2000fb) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) 2.379137666s ago: executing program 2 (id=1545): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010022000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f687372"], 0xfc}}, 0x0) 2.180162926s ago: executing program 1 (id=1546): bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000ff0000b70300000000a9a4850000000400000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) 2.179913801s ago: executing program 1 (id=1547): r0 = socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)) syz_init_net_socket$nl_generic(0xb, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='stat\x00') lseek(r3, 0x9, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0xffff0018) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r4}, 0x10) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = syz_pidfd_open(r5, 0x0) pidfd_send_signal(r6, 0x2, 0x0, 0x0) 2.08654157s ago: executing program 2 (id=1548): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x0, 0x0) rt_sigsuspend(&(0x7f0000000040)={[0x20000001]}, 0x8) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0) ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r1, 0x8002f515, &(0x7f00000000c0)) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x101140, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'rose0\x00', 0x112}) r4 = socket$kcm(0x2, 0x1, 0x84) setsockopt$sock_attach_bpf(r4, 0x84, 0x84, &(0x7f0000000000), 0x90) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000040)={'ip6tnl0\x00', 0x400}) ioctl$TUNGETIFF(r3, 0x800454d2, &(0x7f0000000140)={'wg2\x00'}) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000100)={0xa, 0x0, 0x3, 0x0, 0x0, [{{r0}, 0xd}, {{r2}, 0x474f}, {{r1}, 0xf}]}) sendfile(r1, r0, &(0x7f0000000180)=0x58, 0x40000007) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x50, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x8719d29}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x2}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x1d}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e20}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x40) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x0, 0x0) (async) rt_sigsuspend(&(0x7f0000000040)={[0x20000001]}, 0x8) (async) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0) (async) ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r1, 0x8002f515, &(0x7f00000000c0)) (async) syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x101140, 0x0) (async) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'rose0\x00', 0x112}) (async) socket$kcm(0x2, 0x1, 0x84) (async) setsockopt$sock_attach_bpf(r4, 0x84, 0x84, &(0x7f0000000000), 0x90) (async) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000040)={'ip6tnl0\x00', 0x400}) (async) ioctl$TUNGETIFF(r3, 0x800454d2, &(0x7f0000000140)={'wg2\x00'}) (async) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000100)={0xa, 0x0, 0x3, 0x0, 0x0, [{{r0}, 0xd}, {{r2}, 0x474f}, {{r1}, 0xf}]}) (async) sendfile(r1, r0, &(0x7f0000000180)=0x58, 0x40000007) (async) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x50, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x8719d29}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x2}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x1d}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e20}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x40) (async) 2.085670583s ago: executing program 2 (id=1549): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180), 0x2, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f0000000040)={0x5, 0x10, 0xfa00, {&(0x7f00000004c0), r3, 0x2}}, 0x18) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, &(0x7f0000000040), 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180), 0x2, 0x8}}, 0x20) (async) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100), 0x13f, 0x4}}, 0x20) (async) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f0000000040)={0x5, 0x10, 0xfa00, {&(0x7f00000004c0), r3, 0x2}}, 0x18) (async) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, &(0x7f0000000040), 0x0) (async) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) (async) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) (async) 1.990200924s ago: executing program 0 (id=1550): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)={0x118, 0x14, 0x1, 0x70bd2d, 0x25dfdbfc, "", [@nested={0x107, 0x4e, 0x0, 0x1, [@typed={0xc, 0x2, 0x0, 0x0, @u64=0x8}, @typed={0x14, 0x2001, 0x0, 0x0, @ipv6=@empty}, @generic="2a725624d55e18f54ca5798d3fe7955ef9868c011de6a6d4494d7aba163930e7a6d17e0b2db61f06be12a8fe12bf5df24b2807a60c94c81f539deb8a1f987eb7669e1395c2ce8f7c2854902221ce978006451bd593aa73c50e0dfd544fd4fa321cbe1ddd38f2dfb0cec37543dac9e03b4dc38a9d937e23023ab86a8ce5f7a6d9772d2c9b91825cd6f77be8203cbe17d83dbb0590b1ef553211edef00ead1ebbe1b58e5b323435a913a2e5ce557c4ec021c723d2022c694102308a8fb6114ab4d007089b6a2816f689a565d4e70637725b2ff732144f7ad7c1b9da6e48e2063", @typed={0x4, 0xe9}]}]}, 0x118}], 0x1, 0x0, 0x0, 0x40004}, 0x0) ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0) r2 = openat$sw_sync(0xffffff9c, &(0x7f0000000080), 0x80800, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000140)={0x0, "e89c5b0900f8ff0000000007000000000000005b00"}) write$bt_hci(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="c1ced166ae58ee91f259d9467f7c7ea844884c0106a617a9edaeacc80861ca090bd4ba7a794e8f496c37b01653c36363f3d8426b6bd11b254a48202dd743f8cf54b6b1d8b215719b3dea5c4ee41e7fa64b4525d6af14dac41b8eb084c4c0fbf5f874e65ae237af18acf6b6f1bd0ee4bce5eb087eb3ddacf2f67e70cd965e"], 0xb) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="68000000020605000000000000000000000000000e0003006269746d61703a697000000005000400000000000900020073797a310000000020000780050003001f0000000c000180080000080006400000021c05000500020000000500010006000000"], 0x68}}, 0x0) 1.750767199s ago: executing program 0 (id=1551): syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) (async, rerun: 64) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) (rerun: 64) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) (async, rerun: 32) r1 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(0xffffffffffffffff, 0xc058534b, &(0x7f0000000400)={0x4, 0x2, 0x7, 0x3, 0x200, 0xfff}) (async) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000400)=@generic={&(0x7f0000000300)='./file0\x00'}, 0x18) (async, rerun: 32) socket$inet6(0xa, 0x3, 0x4) (async, rerun: 32) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000280)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x0, 0x4, 0x2, 0x3, {0xa, 0x4e23, 0x9, @mcast1, 0x2212a3eb}}}, 0x32) (async) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x39}, 0x0) (async, rerun: 64) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) (rerun: 64) sched_setaffinity(0x0, 0x35, &(0x7f0000000200)=0x2) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_open_dev$evdev(0x0, 0x1, 0x0) (async) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~\x00\x00\x00'], 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4040800) (async) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@host, 0x1}) (async) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @host, 0x0, 0x0, 0x5e, 0x9, 0x40000, 0xfffffffd}) (async) r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000100)={@hyper}) r5 = fanotify_init(0x200, 0x0) (async) r6 = epoll_create(0x2) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f00000000c0)={0x30000015}) (async) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @host, 0xc, 0x0, 0x5e, 0x2000001, 0x4, 0x1c, 0x4}) (async, rerun: 32) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)}) (rerun: 32) r7 = userfaultfd(0x1) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79}) (async) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, 0x0) 1.679448961s ago: executing program 2 (id=1552): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000140)=0x40, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r4}, 0x10) bind$xdp(r0, 0x0, 0x0) 1.599635568s ago: executing program 2 (id=1553): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x10000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async, rerun: 32) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async, rerun: 32) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) (async) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) (async) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x100, &(0x7f0000000280)=0xfffffffc, 0x0, 0x4) (async) io_uring_setup(0x3210, &(0x7f0000000480)={0x0, 0x14c7, 0x80, 0x23, 0xa1}) (async) r4 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x40000020, 0x0, 0x7}]}) (async, rerun: 32) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) (async, rerun: 32) r8 = fsmount(r4, 0x1, 0x0) r9 = openat$cgroup_procs(r8, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) pread64(r9, &(0x7f00000000c0)=""/36, 0xfffffe49, 0x800000000004) (async) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1.520044521s ago: executing program 0 (id=1554): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x800, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r3, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) sendmsg$inet(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x35}}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="9f", 0x1}], 0x1}, 0x4cbe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x30}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0) 1.519443966s ago: executing program 3 (id=1555): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x20800, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, 0x0}, 0x20) read$sequencer(r0, 0x0, 0x0) 1.280235621s ago: executing program 3 (id=1556): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r1}, 0x18) r2 = syz_io_uring_setup(0x7630, &(0x7f0000000200)={0x0, 0x7ffffffd, 0x1, 0x40000000, 0x1f4}, &(0x7f0000000480), &(0x7f0000000000)) io_uring_enter(r2, 0x0, 0x0, 0xd, &(0x7f0000000800), 0x18) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x103503, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r4, 0x400caed0, &(0x7f0000000040)={0x8000000}) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000850}, 0x40) syz_emit_ethernet(0x22, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x8, 0x1d, 0x0, @multicast2, @loopback}}}}}, 0x0) 1.206333666s ago: executing program 3 (id=1557): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, r0}) r3 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000080)={0x9, 0x14de29e9, 0x7, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, &(0x7f0000000140)={r4}) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r6 = socket$inet6_sctp(0xa, 0x801, 0x84) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) ioctl$COMEDI_POLL(r9, 0x640f) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000040)={'full', 0x20, 0x17e, 0x20, 0x100002}, 0x2f) r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) write$cgroup_int(r10, &(0x7f0000000040)=0x900, 0x12) sendmmsg$inet6(r6, &(0x7f0000000380)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x6, @private0, 0x2}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="b20f5bb28c75b4ec3a6df7ed10224550e72bd8e71ca230803753f99a12d628c40532c0ede975c930647407708eb781ce3c2f162fbe8f97cc52f4b125283b2312aa555c8bd0001a", 0x47}, {&(0x7f0000000480)}, {&(0x7f0000000580)="6c7532da0ab7782e239d6c515bbe7a65829fe42293e2b0e95bf1e409e1cd076a5a9bc608a9129a6c55d66ebb3d0e791210825e0487077d055c8250b5b7d68893495ea03d36a83a8660632a67f351dd90e1b2cecd677caf073d076ba9b38cc384a4935f9aa1df797dd84651283a2f0638e2dc935354508d8ac157a6351521ed2be3d05a09f9f76a071200f373d32af958a8761b67530510b4da85c3647ce20ae4fbd651d721714a14853b038ab9785f0c2ffbe041c16e3ae1c3d200beaa92d9727bf4d1b53ee183dd8e", 0x106}, {&(0x7f0000000380)}, {&(0x7f0000000780)="e837acd9b018b92a9dae00347d34620d746c089be1101357584003b70b59bd6093f8e2ba8f253da08190bc5d5195c2338e0de7b7cfdc7204ebb02dfaa47b79eccf5b0f11ef4c80c1b4fdc854fab914ece15144c6fd6a3b9d96c441896631467646d907", 0x63}, {&(0x7f0000000980)="60eea90b386a36afec8bfd95b26724e159c632001cac031f9de5fc31f72155bf28ce056b99fa89c145032844204313b86bb318dba3a5d6bceee1e78210bc63ee034b00000000670100000000000000a4dba7371cf70a6ca08a83dc9c5726d5a1e83bd977fb5b383bac5bd850341cc65680c9fb155d26162412a5be9308055b055beb667af070c148ab4bd1a1dbfe68f1e2b342a7d7e8f73dfb84ef3fc3800c59c73b848a56941cd068eb7c41b42f4d72cba886e9f8bae7bc6ad5ffea19928e9a86cf7f34ab8b36be2812229cf88bcfc9a25fc3d2a99e3f13e4031d974b3aacbb6140f293cd16b8b1f37611bcc6381b89079ea1b779dc0acf5932f68aa8698279c4bac7b4f4663a0078b4159ff24e55949318713c94221e116250f06b3f27fba818e177c003bd3a8ff2c4f5adbebbd0e348fd7b38a62df7f9801e639de98a299dd43e2ecf595ddd29a34820a347afd1b941c3fdb88e89", 0x156}, {0x0}], 0x7, &(0x7f0000000940)}}, {{&(0x7f0000000280)={0xa, 0x4e25, 0x80, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xa}, 0x1c, 0x0, 0x0, &(0x7f0000001a80)}}, {{&(0x7f0000002c40)={0xa, 0x4e23, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c, 0x0}}, {{&(0x7f0000002dc0)={0xa, 0x4e20, 0x400, @loopback}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000002e00)="b56d1c08838ea57d0a568f11e4a5c3dfd16bd77374936f481df728e8e89b2bdca33925a417cc71374763bdc52f62356a04c6d3c5773fca23a8be71937130f40e7321baeb18f0e36e626f440b19d6b5ff4efc1ecf2794b479fd785f22eaa2718d922edf30d837cb57180c8f968e076785c378ede0aec3bc91b4fea133f607bc0959bf3c97ad53e913ecc2", 0x8a}, {&(0x7f0000002f00)="2892d5dacd25fe130827b49500d70612703019492a0ae7c671b3b9b7605e3d94a6c319eb386933635eb95c0077dd1c22ed651d405a0d46dbdec17fa32d204d90a862dc9a380e95d1c9aafe98feb9c7e1e7f54d96b9118031300e649ebb0c4f234621827c107230feaf56fd667ddf0524", 0x70}, {&(0x7f0000003f80)="e45a1a39a96edc306fa107cc81d66233e8d2d1daef901a3e0874306de95ef856ef82a79c19fc8d7bbb5c59a1380014894401d8e24288c2c8a09b7b281ea3578cc31f69db2458b95d4955f3cbb36e31d708ab682c0131573209c9ecd69fea5a74aebe470d408c616c87a174f034f6c1a8e3af2135840ed979e3205661aba43d777f4d7ba64e64f96e9a88049263cefa904e60db26fd33d76deb0ccfd50a023ac10653f17dee90b51267ecb7da9f0c6c50550063f4199647f83ba788d30397278faf422e34d19814188ae7fc5101fda2523a9c9cfccaac0f985a5906de191540a0e31ef9cba1a27bc87b203f67bfcd88ccb6a8947bf3f72b0972bb6b781ccff61525ae66b7df2988670d321d2f23ae50342e9af51560b86ad51543fdbc0c0cfae48f3ee15d75a7ca6091c3133d7db188844ff8be88a00da75a8c1bec22495f40c2f37beda9fed9ae097b336ab07dd9470028566fca00c7733ae6859186e67f687f57740a145eabc1d15dde5c5679a2771f05e6bf168a167862dd0ff5aeb4a2425c63c4c8f4aade6a81df270d64cbe4f3de835c5d78ccad4d9b84b5f876d17ea42ef3193c331adac057bd54662d67eb8c3a0bdc212bbcb4029a16edd5c2dee88d22f85d2863ccd2ec367b6d2bd583406c8c917617287a67378efc29082ce6096780ec3d7232ea20532ed4d9552b4b82f941035d3784839bf0ed87593d408efbd337ad7a5efa28d88e955672a7cadac41b653173a4a92fb488ac42ddc9d67ac9d090632afc3a911fd39e4deee46b0f94a7a1a10edb3c6f3f809b666fab2ac12f85fcb5d2a6aab586e90e59ae11d96dd8260bb666f5e2216b2fadedf396ada1a2ee2c5b43901838ddf8e3dced51135d49b35051294efaa479e9ca458d4c46b572f967a2ad82d812189233bf36b02eaec92c875e3ba60b7c6da60b1c5a502b082371b7fded3782d0860a96f07881abe50356add95c453e65710cc921a92a0518c1603af853ea61b71d21893b8bdd0ab9a09071d11a92ad71a64bd056d1ced67ac0b7ebda0c1d668c74d6d21701bb6cfbe09ab6e1c8646f66c18e3e3aa3af5f2e8644ff95f5da261539ae57d93f34dc4dfb4c2837116f77916fd1c93cdf45ab620154cba85fa8764244cc12943f2ecad41c1c0a2d0027c6e6a1b82ef854ccfd804f358ac09bd97cdfea08fbbca6d76bf74afc3ba5494e9aa2e18f5bcac4262ea864ed4cb91d1ed40ba9d33ddf0b22b95cf1d71dc65159f0d1a2b20d26daa95d1f572e428f3386c4a16ed97b8d59cbc9f73df7485f603622e6b9721e4fab59f98def8c1f024be5a4e52b76223e870bce045024990d6db7384a43c1f01b82fe672b4d82ad21e470a4e927436aa87e00a4a88fe06621b86975782f80fe98313992acfbfdf3359a0e3d8bdb272bf863369abb6d9f3b473784e913da105b880f778deba00f8dcf1efc7e4a27194b93a0d1164bbac04fdcb62097db18d3c545ae0112c4db1d448660743b4a7ea54d3768b4c9ebce8de542bf8722dd7ad3c83c9d6b15d43b9d08489f3311e73acf8c074e7f18807a9139e7f8205d18cfd78f55f9e66566ca82a9b6034476723076e5ce718f01f3c4c91ebf5dc64d889456161aa9e19c832c823a48c38bea0fa44000fb0b45b9f2c6f9d0506b6ff503210a3fea39838cf97d3aac1b060aeca9d0c8cbcd6184c7d2b3fa4285f72d071015d86316d435ad71f37d80dd9d85ef1642269dde6d955cb1de9ed4d770de151dd3f188f8f4c4b517a1f68214a3907c8d0a633f34495fe85bd9835b2fdca58baa32e64486498f3ebe2c259d287fba556f1e7001d309bb5c91424de9e9145c61f056f13bf5bea6e9d7abf5b9a3c618d8b5fca20f5023b8bab2544cee5e190de5e2954efb1e063e2f89a3b967f25f261497b34ceac9f70967f66ef17ed1ac0f99d375790a30b7aeae9ec479262ec21e3697c727b1cf89d63461b2f3b9bb257bd5e644fab3c5131df102478f717e67d3099254a7ea554974b6b9a037af3b6f89728bc8d23954c808c6092851b96b2ae84fe00b1dc6e6c1a47ad7f5b8dff669a0adcd382c9290f48f2d2bbf00b45fa4cb39b1e452b86e388e919f481143d2368d5791c9504d7788cab4b3df202e075d357f83f64f7fe1c3bebcf30eea56e24ac577360029b2ea8e43ecd7e7f885a715808bb6205425cb9218938fe3c6320adfb80499300e8c83d271e6aa13ef6fcd5ab8468833c19ab9f5634f79b81216710d3c900735fb3a418ab565b6af4882896d5698c109c1475f55a1fa9c28de019f77483aeea80ed4fa4185f50705fcc19dcd2b59c1ecc10daa01cdf9695f1456dc4f59fa4e6b8c6d60d09c9a0f7ef77a192f61c5548c91321b79dd08c0902cd131068ab183651de387c15f48f156a87f4f6e8071ac5a55da87d4e188409a6138b18b87011fb89b72bfcc270a45599f6fe33be013dd431efa041ff582f2f4dec01126f254cd07fa6d6250d512bd218359075d219dfcd2c94b58bd41bd7bacaf7099775338a18d3639b86450b8392ebb055ded376f48fecbf6146f5515a0d22a7e7dd51c91a08f846bfa003f89870c63a3d090cfce46c0ceedfa182e22c548e8c7dfab6fd51a79bcb98f7eab7bf06f3a26ba0289c99b6b753084a173113f3a0b775e2ff800cba84e4891ee936026c2c6068059ccb8585fa9e2ddb69e163754eee6d5f92e1bafb227b6cc51eba5a55e18b71df5270ff7f07adc90198b4fef5b6d56932614435ba287b03959a866ac79f81f30581b2264cf50e7db912855b7e3d57a2c5e0853e62664859135827f4dbac090fbd0c21fc846696afc950088bd38125a945e11c757d8f6e30e2110f8ca81665d27e52f84a875f24fb7d6068fb2f4d1bec890d0ac66ce0c1d1461834ae6cc661b9a82c73344be541cfb5cdf27adf10db26ffd9b04a874915beba39d80d5a1868923490ecd75f347f2a48891dfd1984f36da5ee76197960d4675c4cde201e576ef24152af3cc69f99d7d4e3a9f8adac61d71807abfc9c41e60bec78e4bf937c0b28cdfbaae211fcd19daa9822343edf4d0e6385e65e967ec2cb54e9d482a27c3bb408e40b74f714de1ac2fa0645db8758ac459862f44f22bbc67467f42ff38def6c3e9bfd64d1deae705db54458f8a7b989679920aca73a34b296087305bb3a4724757b7c940a7330f875f2febde61109ddf55ca108a54b4ca3b98300f07b4b22c89f5246553e90a115deb2ad089f6539864b297b2eac6587a11161ff8e55b74202c48017d07bba993f2f5eac4e5470417a72283e6ece03113e9236724814c60f0ed50107848c66e957be0268f75b36198b0159ddcd57060aa43799a4f0154f25794fbfce33460e26603b782488fb0561067784dcb8102a2b102cd0673cd45e0230ba8efc2bd95bb32d013dc2e1d23b63d87a9715b3ea68ac71a1a32092fa791c560b607a426b754e645e370629012eea367b0645a300b2adc5f57ab91d497de2f8d4e22219aba22af5ddb58be7c0aaf3d25bbea8a7e9b657bd5993b7b075591fbf26231ea6a73558101c777be8449997a6c7673677c675eff617204d54af7182d920764c201053144e3c7e7206b740b46539e398008db9a446b0652d64a821683f07fd4fb823bad330c3a6bd6dcbbd5a07e349ce8a36c403ac97475377ea5d800e869414c2d564b2da9eaac255d94a7f54fff1768513faa7cb78bd9f011dc11887ddf9a4651c8bf18804a084c44d213bae764a862b2407ef6c787026814f5cbf0932eac928ad51f9e0ee2f5b365dbf84f21a6ac97364ff1a6d56d94b1d0a4add9879676e74e86992e50acf903a27fdd6b2348179e3b34fecaab12c67248070213b891a331c32aa9a72a9af7356b9ab54faf070dece6b81ae177eb2651f63cbc3c1ce06a0caa4bb5402457bc7f68fc26773450c81a5256a00ad09e0fa1e54805d909ad2dc2d8c9490a2f02d6618dbf82dd861936a9b42dc1998b620ae7584a6bce2f1274869df3c29f1fbf4ce161c61aacfd83899f6f2686d694936ac689802d1df836fedc90d77bc79af96054988f42b855b37acca1e12086c6d9f9b3da10c031eb73646a525c500868e25c62e76474753b1592850caa42d12e9f42eea7b8f24003e9e2af1d5bd370ecb14be7b0190d721316149872bbe908c276067600c6cce69f321ff45ea5e46c86fcfd0965313c5def24734c57af30dca8ebfbfa5895d672671f2c4bff1d9a01812e5b55239e18698b065d253466dbac75300dc47b4bbec0f89ec9cb81a1eaeaf4531a4474ac7a44e58e3ba8b23513cf5a5661eb27f9c1872d3bf5eed2a63de6ee4100a0b3d4ec6c896d075ece03a6a862da93abf96cef0f2ba93ad063d7dd1e74e32187f10887908a1a9df222036e98395a3b5437f2c10d0f2e6ef313c5a7879e0c51ef1022fb9a936b9d7b44eed7dd3a9eceaa4bb1bdd5bfb9757bd1d226044eaefa6528e55613cf24f46d46eca0bc0fbab9a7e4fde865f5101114c0bade4e0b99751ea97d597174a0d1851b5d969de561e9ca8c8819f5dc546342eebde992f26e9c640aa8bb1be5b69a703409219cf860ed0ee676baba3c896bc51417c7b026b1373fcd6b4fbdd60f81de8c7d14628883966f4bef8eab973799e8fa5305ea8e6ae472a0739bdf66a436001a7347c0588905eae8218601da5c758a2f4b64647c545a046b0564e5cf45da3023d071e8f9b5b348a8b5e7a5fe2d9ecb8877abd0425910ff45afbc9e16389521897db954099b3517c4ae44a470f426473ed74393eff6daa3515d6af65ed749c04ab3d07826adad373816fc0447c12e76448df806df10005c6acd8e43eef5622aa8926cb167599552af93b4862643ab9260088cbf7c5b9b1a6dffa9e5e87faf803a469172e27560ff9fd79a51a7737c625d9725309645b68159cf416ea8562104230f44af6cec217674cbd9a78f4a21edcc8511897f55c2d4725becf5cfcf0e786f56e8f55069a0dff8bfab53a7b8be9f3a60ee0114d46a47895861a1c2acd00ba3e45cc76094e1e5396c593a11859994a5ffdfcebc55936a1b257f76264ea9cc395f280d4f774fb2994177cb05fc91d94ebed2f217540ad6e7c11f73ac5c52d23264232001501e8b4b046fb43de00417c27368ada823e0a9c43ff22a32ab9dd97c52a79ee951e2019c13e5973254c61c67879abeb9274e610c248386724f1ffc79ea365be173bbfac859ddb9ed29c6c60285b0e09588e0865a36233ea0c336cd95cfa0c61ab7b0d30d2f0db9145773c245e2ce2f7e336470229b722dbd45eec15034755fcf65ef013216a501281dd1f2d74913935d6652495ccbdfa8cc83b767d96d41204338fca7d25ac0e105e0e3cf334ea5f38fc688495c523120f3793edafcd1fdd362fd9ef7d0a24d3ef625eebfc88d774e35fcf9ec8df5873ff1acf6cd9dc79bd82ea96379e1d5dfbcff9213bde301104fbe87b71c1ee9ff4edb87db1d5762205b75adc456c5756cb7aa45444d26374eb28be5c3beffe6e4d65973e11f8a0a33c037ad0dc9cb4b41cd87a736cc25e1b623f244564d0601f8b4dd0c84e9edd87093746c6ff717f4ca81b4111ba87324bb79b4f27301a985f8f3f2824a4f44bbdab97cca9fa5359fda9433c70a75a5d96290bcf45b013177266b905d17bd76155af4dd2c6b9c871e9fbaeeebbb334e493b5570cfc259cfc15a94f78b477a8443fb7aecf3b901dc105105ec7716186f662cbe7cdf536aa67c3fa960b5601d16c4c18768efc52721f6a4d89470db9c7122029419187ff7c71111f694172a12ce0d3ce33b56736db8669c17", 0x1000}, {&(0x7f0000004f80)="c352af511b2df17ed6d4cdcbaf8b0e0a8314cbf760b85f66b0dcc93ca6069926167d4563352fe0f54dae27172f637b50e83182feaf466ccafc2a5921f65cf208861e6ad8f016ca1828ee4bc1671c30746f2c4eee059b41f6f08e7ecdfdb06ee5d2a8bfca87e87f4257b8366776de06e44d0c9745bccad37dbf06183936d4f69a0dc3ac6982dd5c7464e428c90d40d0a187c74c774ce29ef6f714", 0x9a}, {&(0x7f0000005040)="c0577a7f4510d4131b2c8d77c10aa512090ee7351d85a41dc82cca8bb3ac7a47bdbd52490034249103cd7a1438004ef2c82345abe7102c47762cb26099b4355300d377a600e4f440bbcd60e7c29324611e82312cd1e781d2", 0x58}], 0x5, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r7], 0x20}}], 0x4, 0x0) r11 = syz_open_dev$loop(&(0x7f0000000080), 0x40000047ffffe, 0x1a2c42) ioctl$LOOP_CONFIGURE(r11, 0x4c0a, &(0x7f0000001ac0)={r5, 0x2000, {0x0, 0x0, 0x0, 0x1, 0x140000, 0x0, 0x0, 0x1e, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03748a50ceaac594b1b300000000c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e770a00000000000000930606f9000000000f000000000600"}}) r12 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r13 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r13, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="010000000000000000000100000038000180060001000200000008000500000000000c0007000000000000000000080009000000000008000800000000400800060073697000"], 0x4c}}, 0x0) dup(r11) 759.372243ms ago: executing program 1 (id=1558): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000300000001000000000000010000000000000000000000000000000105000000100000000000000000000003000000000100000002"], 0x0, 0x53, 0x0, 0x1}, 0x28) 679.999275ms ago: executing program 1 (id=1559): bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040), 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000005f00)={'wlan0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000100)=0x1) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x5, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000200)={0x1, [0x0]}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000040)={r4, 0x10000}, &(0x7f0000000200)=0x8) r5 = getpid() sched_setaffinity(0x0, 0x28, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f0000000040)={0x84, @empty, 0x4e1d, 0x3, 'lc\x00', 0x2, 0x4, 0x64}, 0x2c) r9 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r9, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e21, 0x3, 'nq\x00', 0x8, 0x323b, 0x58}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e23, 0x2000, 0x0, 0x12d5c, 0x12d5c}}, 0x44) 269.227637ms ago: executing program 3 (id=1560): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000fcffffff0000000000000000950000008dbb0000fa0b5bcfc66d3560e17d0e9a92190ec78e7577571c9325177a39d9369fcca012ac809136287b19a15ce23c8f222644b22a3d70aca306c3c5cea5419fe6e4478c5d44880c4c4c918cb9624feba345e2a4eb206fc7a8fcc0ebe636ec29d08ce77cc9688424f13d5046aabdd7967ffdf44417d7b847e1cab7f93632d5de2a743937ef5891740d4df4e113bee8360384435d21b1322989b3d4d1f547ef94457223022c8296a2e3734b9faee0a6f43b05fd6b25ce1e745d045483d2b7fd0603"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a430fe0000000071302000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00ff040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x3}, 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0xffffffa0}, 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r1) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'syztnl0\x00', &(0x7f0000000340)={'sit0\x00', 0x0, 0x10, 0x10, 0xb, 0x4, {{0x1a, 0x4, 0x0, 0x2f, 0x68, 0x66, 0x0, 0x6, 0x0, 0x0, @rand_addr=0x64010101, @private=0xa010100, {[@timestamp={0x44, 0x28, 0x5, 0x0, 0x8, [0xfffffffd, 0xd, 0x5, 0x4, 0xd9, 0x1, 0xfffffffc, 0x6, 0x7]}, @ssrr={0x89, 0x2b, 0xc8, [@dev={0xac, 0x14, 0x14, 0x39}, @rand_addr=0x64010101, @loopback, @dev={0xac, 0x14, 0x14, 0x2b}, @loopback, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'team0\x00', 0x0}) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r6, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @link_local}, 0x14) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)={0x164, r3, 0x10, 0x70bd28, 0x25dfdbfb, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}]}, @HEADER={0x4}]}, 0x164}, 0x1, 0x0, 0x0, 0x4880}, 0x2000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r8 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r9 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r9, &(0x7f0000000080)={{0x6, @rose}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @default, @bcast]}, 0x10) r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r10, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001400210200000000fcdbdf25031100800c0002"], 0x114}], 0x1}, 0x40014) 212.365332ms ago: executing program 3 (id=1561): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000140)=0x40, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r4}, 0x10) bind$xdp(r0, 0x0, 0x0) 140.093339ms ago: executing program 3 (id=1562): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="24000000760009ee"], 0x24}, 0x1, 0x5502000000000000, 0x0, 0x4000000}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0x5f}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0xe0}, @NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}]}], {0x14}}, 0x88}}, 0x0) socket$rds(0x15, 0x5, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x803, 0x0) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_pkt_type_change={{0x1d, 0x5}, {0x6, 0xc8, 0x7}}}, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000009680)={0x14, 0x27, 0x1, 0x70bd28, 0x25dfdbff, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4000040}, 0x24004910) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000a63bd105495370737f9dfb18fb92921c0fc183ef7c1586e5e0567111c1e1"], 0x50) socketpair$unix(0x1, 0x3, 0x0, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904000001098b7500090583"], 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x0) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socket(0xf, 0x80000, 0x0) io_uring_setup(0x7625, &(0x7f00000003c0)={0x0, 0x9678, 0x2, 0x200000, 0xa9}) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x4f27, 0x5, 0x2, 0x401, 0x1, 0xcc7, 0xfff, 0x5c952399, 0x5, 0x3ff, 0x802, 0x1600, 0x1, 0x1, 0x9, 0xe1cb, 0x6, 0x4, 0x3, 0x395, 0x80000089, 0xfffffffd, 0x0, 0xfffffff5, 0xffffeadb, 0x3, 0x3c, 0x8, 0x4, 0x8000000, 0xdffffffa]}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e00000000000000080000001000000001000200", @ANYRES32, @ANYBLOB=';\x00'/18, @ANYRES32=0x0, @ANYBLOB="0319000003000000a17ffb6f220000000000000000"], 0x50) socket$nl_generic(0x10, 0x3, 0x10) 139.93008ms ago: executing program 2 (id=1563): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005001201", 0x2e}], 0x1}, 0x48000) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000011000500000000000000400007000000", @ANYRES32=r3, @ANYBLOB="00000000000000001c001a8018000580140007800800010000000000080002"], 0x3c}}, 0x0) 0s ago: executing program 0 (id=1564): openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x80140) openat$uinput(0xffffff9c, &(0x7f0000000180), 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x5) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$inet(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x20040001) syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000003c0), 0x2000, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000380)={0xc}) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) chdir(&(0x7f0000000080)='./file0\x00') setpgid(r2, r2) setpgid(0x0, r2) sched_setaffinity(0x0, 0x0, 0x0) prlimit64(r2, 0xf, &(0x7f0000000200)={0x8, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) alarm(0x8) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x302) write$cgroup_int(r4, &(0x7f0000000040)=0x1f00, 0x12) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40100, 0x0) r6 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r5, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r6}, './file0\x00'}) kernel console output (not intermixed with test programs): RED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 177.726942][ T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.731274][ T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.734846][ T53] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 177.745628][ T53] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 177.748937][ T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.760521][ T53] usb 5-1: config 0 descriptor?? [ 178.188108][ T53] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 178.656608][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.883277][ T8697] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 179.398685][ C2] plantronics 0003:047F:FFFF.0002: usb_submit_urb(ctrl) failed: -1 [ 179.495285][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 179.498204][ T8713] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 180.169677][ T8721] tipc: Started in network mode [ 180.171352][ T8721] tipc: Node identity ae246afbb376, cluster identity 4711 [ 180.173354][ T8721] tipc: Enabled bearer , priority 0 [ 180.188424][ T6010] usb 5-1: USB disconnect, device number 8 [ 180.192527][ T8721] syzkaller0: entered promiscuous mode [ 180.201650][ T8721] syzkaller0: entered allmulticast mode [ 180.275550][ T5947] Bluetooth: hci2: Malformed MSFT vendor event: 0x02 [ 180.287547][ T8721] tipc: Resetting bearer [ 180.331324][ T8720] tipc: Resetting bearer [ 180.359007][ T8720] tipc: Disabling bearer [ 180.928529][ T8729] netlink: 24 bytes leftover after parsing attributes in process `syz.1.765'. [ 181.067469][ T8729] netlink: 10 bytes leftover after parsing attributes in process `syz.1.765'. [ 181.161808][ T8736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.166512][ T8736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.169513][ T8736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.172472][ T8736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.176289][ T8736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.179048][ T8736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.181611][ T8736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.184122][ T8736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.187114][ T8736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.189821][ T8736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.299772][ T8736] raw_sendmsg: syz.1.767 forgot to set AF_INET. Fix it! [ 181.424623][ T40] audit: type=1400 audit(1768327615.116:12): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=232822 pid=8735 comm="syz.1.767" [ 181.575300][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 182.363705][ T8747] netlink: 8 bytes leftover after parsing attributes in process `syz.1.772'. [ 182.413133][ T8749] loop5: detected capacity change from 0 to 7 [ 182.425802][ T5948] Dev loop5: unable to read RDB block 7 [ 182.428153][ T5948] loop5: AHDI p1 p2 p3 [ 182.435541][ T5948] loop5: partition table partially beyond EOD, truncated [ 182.438273][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 182.445334][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 182.450528][ T8749] Dev loop5: unable to read RDB block 7 [ 182.452932][ T8749] loop5: AHDI p1 p2 p3 [ 182.454669][ T8749] loop5: partition table partially beyond EOD, truncated [ 182.465833][ T8749] loop5: p1 start 1601398130 is beyond EOD, truncated [ 182.472140][ T8749] loop5: p2 start 1702059890 is beyond EOD, truncated [ 183.045129][ T8750] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 183.055544][ T8756] faux_driver vgem: [drm] Unknown color mode 2054; guessing buffer size. [ 183.169413][ T8762] netlink: 8 bytes leftover after parsing attributes in process `syz.3.776'. [ 183.647044][ T8770] tipc: Enabled bearer , priority 10 [ 183.655254][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 183.793249][ T8775] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 184.279579][ T8777] netlink: 8 bytes leftover after parsing attributes in process `syz.1.782'. [ 184.635766][ T8779] netlink: 40 bytes leftover after parsing attributes in process `syz.3.783'. [ 184.787612][ T5944] tipc: Node number set to 4195889237 [ 185.537430][ T8790] netlink: 24 bytes leftover after parsing attributes in process `syz.1.785'. [ 185.735743][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 185.742054][ T8796] netlink: 8 bytes leftover after parsing attributes in process `syz.0.787'. [ 186.052762][ T8815] netlink: 8 bytes leftover after parsing attributes in process `syz.0.791'. [ 186.284561][ T8821] netlink: 96 bytes leftover after parsing attributes in process `syz.2.794'. [ 186.472031][ T8819] netlink: 8 bytes leftover after parsing attributes in process `syz.1.792'. [ 186.586254][ T8819] net_ratelimit: 24 callbacks suppressed [ 186.586558][ T8819] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 186.679888][ T8829] syzkaller1: entered promiscuous mode [ 186.681991][ T8829] syzkaller1: entered allmulticast mode [ 187.600444][ T8839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.800'. [ 187.836097][ T8851] ref_ctr_offset mismatch. inode: 0x454 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x18 [ 187.840605][ T8852] ref_ctr_offset mismatch. inode: 0x454 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x18 [ 187.981233][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.185243][ T8861] netlink: 8 bytes leftover after parsing attributes in process `syz.2.806'. [ 188.262244][ T8862] netlink: 8 bytes leftover after parsing attributes in process `syz.3.808'. [ 188.361893][ T8847] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 188.437035][ T8861] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 188.545474][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.548989][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.551588][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.617943][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.625670][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.689645][ T8862] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 189.217029][ T8888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.815'. [ 189.283551][ T8891] syzkaller0: entered promiscuous mode [ 189.288474][ T8891] syzkaller0: entered allmulticast mode [ 189.299446][ T8872] netlink: 8 bytes leftover after parsing attributes in process `syz.0.811'. [ 189.608680][ T8903] loop5: detected capacity change from 0 to 7 [ 189.612235][ T5948] Dev loop5: unable to read RDB block 7 [ 189.614559][ T5948] loop5: AHDI p1 p2 p3 [ 189.616640][ T5948] loop5: partition table partially beyond EOD, truncated [ 189.619379][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 189.621628][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 189.625011][ T8903] Dev loop5: unable to read RDB block 7 [ 189.632126][ T8903] loop5: AHDI p1 p2 p3 [ 189.633562][ T8903] loop5: partition table partially beyond EOD, truncated [ 189.636939][ T8903] loop5: p1 start 1601398130 is beyond EOD, truncated [ 189.639646][ T8903] loop5: p2 start 1702059890 is beyond EOD, truncated [ 189.815282][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 189.817372][ T8901] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 191.050880][ T8925] netlink: 8 bytes leftover after parsing attributes in process `syz.1.824'. [ 191.067641][ T8926] x_tables: duplicate underflow at hook 1 [ 191.069622][ T8925] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 191.230739][ T8931] netlink: 8 bytes leftover after parsing attributes in process `syz.2.827'. [ 191.644065][ T8938] netlink: 96 bytes leftover after parsing attributes in process `syz.3.831'. [ 191.793795][ T8940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.832'. [ 191.895289][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 192.187740][ T8950] netlink: 'syz.0.836': attribute type 32 has an invalid length. [ 192.348277][ T8955] loop5: detected capacity change from 0 to 7 [ 192.351789][ T8955] Dev loop5: unable to read RDB block 7 [ 192.353597][ T8955] loop5: AHDI p1 p2 p3 [ 192.354945][ T8955] loop5: partition table partially beyond EOD, truncated [ 192.359159][ T8955] loop5: p1 start 1601398130 is beyond EOD, truncated [ 192.363047][ T8955] loop5: p2 start 1702059890 is beyond EOD, truncated [ 192.457462][ T8961] netlink: 96 bytes leftover after parsing attributes in process `syz.0.841'. [ 192.652228][ T8962] overlay: ./file1 is not a directory [ 192.674756][ T8962] netlink: 'syz.2.839': attribute type 10 has an invalid length. [ 192.683579][ T8962] netlink: 40 bytes leftover after parsing attributes in process `syz.2.839'. [ 192.699388][ T8962] team0: Port device geneve0 added [ 192.864778][ T8948] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 192.962834][ T8975] netlink: 8 bytes leftover after parsing attributes in process `syz.0.846'. [ 192.991008][ T8976] 9pnet_virtio: no channels available for device syz [ 193.015385][ C2] net_ratelimit: 1 callbacks suppressed [ 193.015398][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 193.019889][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 193.022437][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 193.179843][ T8975] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 193.536189][ T8996] netlink: 96 bytes leftover after parsing attributes in process `syz.2.851'. [ 193.549208][ T8992] netlink: 8 bytes leftover after parsing attributes in process `syz.3.847'. [ 193.701494][ T8992] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 193.739702][ T53] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 194.165111][ T9008] netlink: 8 bytes leftover after parsing attributes in process `syz.0.857'. [ 194.215764][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 194.973132][ T9024] loop5: detected capacity change from 0 to 7 [ 194.977349][ T9024] Dev loop5: unable to read RDB block 7 [ 194.979228][ T9024] loop5: AHDI p1 p2 p3 [ 194.980628][ T9024] loop5: partition table partially beyond EOD, truncated [ 194.983177][ T9024] loop5: p1 start 1601398130 is beyond EOD, truncated [ 194.985741][ T9024] loop5: p2 start 1702059890 is beyond EOD, truncated [ 195.460935][ T9033] netlink: 8 bytes leftover after parsing attributes in process `syz.0.865'. [ 196.135472][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 196.138864][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 196.142272][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 196.207763][ T9033] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 196.771486][ T9058] __nla_validate_parse: 1 callbacks suppressed [ 196.771498][ T9058] netlink: 8 bytes leftover after parsing attributes in process `syz.3.871'. [ 197.105249][ T6028] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 197.164582][ T9074] netlink: 8 bytes leftover after parsing attributes in process `syz.0.876'. [ 197.286201][ T6028] usb 8-1: config 0 has no interfaces? [ 197.288010][ T6028] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 197.290797][ T6028] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.294580][ T6028] usb 8-1: config 0 descriptor?? [ 197.528635][ T6028] usb 8-1: USB disconnect, device number 11 [ 197.560397][ T9086] netlink: 8 bytes leftover after parsing attributes in process `syz.0.880'. [ 198.234290][ T9102] netlink: 8 bytes leftover after parsing attributes in process `syz.3.886'. [ 198.246263][ T9103] netlink: 44 bytes leftover after parsing attributes in process `syz.0.885'. [ 198.261115][ T9095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.883'. [ 198.269910][ T9100] netlink: 32 bytes leftover after parsing attributes in process `syz.0.885'. [ 198.274890][ T9095] net_ratelimit: 4 callbacks suppressed [ 198.274896][ T9095] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 198.619382][ T9115] lo speed is unknown, defaulting to 1000 [ 198.622147][ T9115] lo speed is unknown, defaulting to 1000 [ 198.858055][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 198.860572][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.261801][ T9112] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 199.899458][ T9126] netlink: 8 bytes leftover after parsing attributes in process `syz.0.893'. [ 199.905981][ T9126] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 200.055497][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 200.059090][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 200.204176][ T9141] netlink: 8 bytes leftover after parsing attributes in process `syz.3.897'. [ 200.211670][ T9142] netlink: 28 bytes leftover after parsing attributes in process `syz.1.898'. [ 200.280957][ T9146] ptrace attach of "/syz-executor exec"[5942] was attempted by ""[9146] [ 200.293032][ T9146] ptrace attach of "/syz-executor exec"[5942] was attempted by ""[9146] [ 200.438634][ T9152] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 200.440497][ T9152] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 200.443187][ T9152] vhci_hcd vhci_hcd.0: Device attached [ 200.655741][ T53] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 200.715298][ T6010] usb 40-1: SetAddress Request (2) to port 0 [ 200.717347][ T6010] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 200.744113][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 200.765401][ T9155] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 200.818839][ T53] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 200.822245][ T53] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.825673][ T53] usb 7-1: Product: syz [ 200.827291][ T53] usb 7-1: Manufacturer: syz [ 200.831453][ T53] usb 7-1: SerialNumber: syz [ 200.848260][ T53] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 200.892292][ T24] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 200.970976][ T9160] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 201.073150][ T9153] vhci_hcd: connection reset by peer [ 201.075855][ T7215] vhci_hcd vhci_hcd.1: stop threads [ 201.078150][ T7215] vhci_hcd vhci_hcd.1: release socket [ 201.080831][ T7215] vhci_hcd vhci_hcd.1: disconnect device [ 201.345498][ T61] usb 7-1: USB disconnect, device number 7 [ 201.587724][ T9167] /dev/sr0: Can't open blockdev [ 201.710753][ T9172] loop5: detected capacity change from 0 to 7 [ 201.713275][ T9172] Dev loop5: unable to read RDB block 7 [ 201.715012][ T9172] loop5: AHDI p1 p2 p3 [ 201.716680][ T9172] loop5: partition table partially beyond EOD, truncated [ 201.719034][ T9172] loop5: p1 start 1601398130 is beyond EOD, truncated [ 201.721141][ T9172] loop5: p2 start 1702059890 is beyond EOD, truncated [ 201.975284][ T24] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 201.977616][ T24] ath9k_htc: Failed to initialize the device [ 201.980903][ T61] usb 7-1: ath9k_htc: USB layer deinitialized [ 202.318447][ T9193] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 202.438285][ T9200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 202.441122][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 202.506629][ T9201] __nla_validate_parse: 2 callbacks suppressed [ 202.506674][ T9201] netlink: 8 bytes leftover after parsing attributes in process `syz.2.911'. [ 202.576437][ T9201] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 202.741374][ T9215] netlink: 8 bytes leftover after parsing attributes in process `syz.3.917'. [ 203.255348][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.335436][ T9] net_ratelimit: 2 callbacks suppressed [ 203.335450][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.010861][ T9240] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 204.046527][ T9245] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 204.050437][ T9245] macvtap1: entered promiscuous mode [ 204.054795][ T9245] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 204.180843][ T9250] netlink: 8 bytes leftover after parsing attributes in process `syz.1.930'. [ 204.601115][ T40] audit: type=1326 audit(1768327638.296:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 204.608855][ T40] audit: type=1326 audit(1768327638.296:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 204.619248][ T9259] siw: device registration error -23 [ 204.621344][ T40] audit: type=1326 audit(1768327638.296:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 204.645319][ T40] audit: type=1326 audit(1768327638.296:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 204.651968][ T40] audit: type=1326 audit(1768327638.296:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 204.658725][ T40] audit: type=1326 audit(1768327638.296:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 204.675274][ T40] audit: type=1326 audit(1768327638.296:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 204.683613][ T40] audit: type=1326 audit(1768327638.296:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 204.695272][ T40] audit: type=1326 audit(1768327638.296:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 204.703943][ T40] audit: type=1326 audit(1768327638.296:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9256 comm="syz.3.933" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000 [ 204.828227][ T24] libceph: connect (1)[c::]:6789 error -101 [ 204.830616][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 204.834304][ T9257] ceph: No mds server is up or the cluster is laggy [ 205.307865][ T9270] netlink: 8 bytes leftover after parsing attributes in process `syz.0.934'. [ 205.325391][ T9270] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 205.511601][ T9278] netlink: 8 bytes leftover after parsing attributes in process `syz.2.938'. [ 205.815331][ T6010] usb 40-1: device descriptor read/8, error -110 [ 206.044336][ T9292] netlink: 8 bytes leftover after parsing attributes in process `syz.0.942'. [ 206.111037][ T9297] loop5: detected capacity change from 0 to 7 [ 206.115097][ T5948] Dev loop5: unable to read RDB block 7 [ 206.125274][ T5948] loop5: AHDI p1 p2 p3 [ 206.127280][ T5948] loop5: partition table partially beyond EOD, truncated [ 206.130390][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 206.133218][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 206.141353][ T9297] Dev loop5: unable to read RDB block 7 [ 206.152036][ T9297] loop5: AHDI p1 p2 p3 [ 206.153735][ T9297] loop5: partition table partially beyond EOD, truncated [ 206.157533][ T9297] loop5: p1 start 1601398130 is beyond EOD, truncated [ 206.159681][ T9297] loop5: p2 start 1702059890 is beyond EOD, truncated [ 206.219550][ T6010] usb usb40-port1: attempt power cycle [ 206.441518][ T9310] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 206.515018][ T9313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.947'. [ 206.519032][ T9313] netlink: 'syz.2.947': attribute type 5 has an invalid length. [ 206.521575][ T9313] netlink: 20 bytes leftover after parsing attributes in process `syz.2.947'. [ 206.532440][ T9314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.948'. [ 206.565724][ T9314] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 206.786185][ T6010] usb usb40-port1: unable to enumerate USB device [ 206.962632][ T9324] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.965678][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 207.005889][ T9307] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 207.206287][ T9331] netlink: 8 bytes leftover after parsing attributes in process `syz.3.955'. [ 207.556062][ T9347] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 207.735364][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 207.891405][ T9356] netlink: 84 bytes leftover after parsing attributes in process `syz.0.962'. [ 208.267691][ T9369] netlink: 8 bytes leftover after parsing attributes in process `syz.3.967'. [ 208.444812][ T9351] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 208.535428][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 209.547825][ T9399] netlink: 8 bytes leftover after parsing attributes in process `syz.3.969'. [ 209.612552][ T9399] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 209.640351][ T9402] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 209.653835][ T9405] netlink: 4 bytes leftover after parsing attributes in process `syz.0.976'. [ 209.657530][ T9405] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 209.706549][ T9405] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 209.985303][ T61] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 210.015108][ T9418] netlink: 84 bytes leftover after parsing attributes in process `syz.1.979'. [ 210.157221][ T61] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 210.161678][ T61] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 210.165826][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.171872][ T61] usb 7-1: config 0 descriptor?? [ 210.192755][ T9422] netlink: 8 bytes leftover after parsing attributes in process `syz.3.982'. [ 210.445383][ T61] usbhid 7-1:0.0: can't add hid device: -71 [ 210.445497][ T9429] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 210.448145][ T61] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 210.449857][ T9429] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 210.454851][ T61] usb 7-1: USB disconnect, device number 8 [ 210.470977][ T9429] vhci_hcd vhci_hcd.0: Device attached [ 210.480433][ T9431] vhci_hcd: connection closed [ 210.480633][ T7215] vhci_hcd vhci_hcd.3: stop threads [ 210.484827][ T7215] vhci_hcd vhci_hcd.3: release socket [ 210.488994][ T7215] vhci_hcd vhci_hcd.3: disconnect device [ 210.577482][ T9415] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 210.615345][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 210.855334][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 210.905426][ T61] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 210.977388][ T40] kauditd_printk_skb: 806 callbacks suppressed [ 210.977401][ T40] audit: type=1800 audit(1768327644.676:829): pid=9440 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.987" name="bus" dev="ramfs" ino=22766 res=0 errno=0 [ 211.065274][ T61] usb 7-1: Using ep0 maxpacket: 32 [ 211.119809][ T61] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 211.123269][ T61] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 211.130528][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.142804][ T61] usb 7-1: config 0 descriptor?? [ 211.152987][ T61] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 211.156752][ T61] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 211.370762][ T9464] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 211.625337][ T61] usb 7-1: USB disconnect, device number 9 [ 211.633521][ T61] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 211.706954][ T9473] netlink: 84 bytes leftover after parsing attributes in process `syz.3.994'. [ 212.222824][ T9468] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 212.292750][ T9480] netlink: 116 bytes leftover after parsing attributes in process `syz.2.997'. [ 212.371534][ T9483] netlink: 8 bytes leftover after parsing attributes in process `syz.2.998'. [ 212.558900][ T9493] loop5: detected capacity change from 0 to 7 [ 212.561617][ T9493] Dev loop5: unable to read RDB block 7 [ 212.563440][ T9493] loop5: AHDI p1 p2 p3 [ 212.564892][ T9493] loop5: partition table partially beyond EOD, truncated [ 212.576125][ T9493] loop5: p1 start 1601398130 is beyond EOD, truncated [ 212.578324][ T9493] loop5: p2 start 1702059890 is beyond EOD, truncated [ 212.738589][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 212.935883][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 213.349672][ T9513] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1008'. [ 213.375306][ T6010] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 213.528010][ T6010] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 213.532664][ T6010] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 213.536613][ T6010] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.542463][ T24] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 213.548260][ T6010] usb 6-1: config 0 descriptor?? [ 213.593021][ T9515] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1010'. [ 213.697165][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 213.701782][ T24] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 213.705637][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.718032][ T24] usb 8-1: config 0 descriptor?? [ 213.756188][ T6010] usbhid 6-1:0.0: can't add hid device: -71 [ 213.758450][ T6010] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 213.769979][ T6010] usb 6-1: USB disconnect, device number 8 [ 213.874944][ T9510] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 213.927812][ T24] usbhid 8-1:0.0: can't add hid device: -71 [ 213.929736][ T24] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 213.939944][ T24] usb 8-1: USB disconnect, device number 12 [ 214.135411][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.139104][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.142682][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.215281][ T6010] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 214.365356][ T24] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 214.379230][ T9534] lo speed is unknown, defaulting to 1000 [ 214.381949][ T9534] lo speed is unknown, defaulting to 1000 [ 214.385261][ T6010] usb 6-1: Using ep0 maxpacket: 32 [ 214.392246][ T6010] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 214.397408][ T6010] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 214.400291][ T6010] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.404894][ T6010] usb 6-1: config 0 descriptor?? [ 214.408978][ T6010] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 214.413539][ T6010] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 214.492788][ T9540] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1017'. [ 214.516069][ T24] usb 8-1: Using ep0 maxpacket: 32 [ 214.536223][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 214.540011][ T24] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 214.542925][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.551202][ T24] usb 8-1: config 0 descriptor?? [ 214.555791][ T24] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 214.563224][ T24] ldusb 8-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 214.775319][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 214.810555][ T9557] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 214.840629][ T9559] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1024'. [ 214.876985][ T5944] usb 6-1: USB disconnect, device number 9 [ 214.881897][ T5944] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 215.016181][ T9] usb 8-1: USB disconnect, device number 13 [ 215.019738][ T9] ldusb 8-1:0.0: LD USB Device #1 now disconnected [ 215.089657][ T9565] loop5: detected capacity change from 0 to 7 [ 215.093466][ T5948] Dev loop5: unable to read RDB block 7 [ 215.095540][ T5948] loop5: AHDI p1 p2 p3 [ 215.096927][ T5948] loop5: partition table partially beyond EOD, truncated [ 215.099481][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 215.101569][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 215.104921][ T9565] Dev loop5: unable to read RDB block 7 [ 215.107852][ T9565] loop5: AHDI p1 p2 p3 [ 215.109583][ T9565] loop5: partition table partially beyond EOD, truncated [ 215.112970][ T9565] loop5: p1 start 1601398130 is beyond EOD, truncated [ 215.115966][ T9565] loop5: p2 start 1702059890 is beyond EOD, truncated [ 215.728289][ T9583] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1032'. [ 215.789408][ T9578] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 215.791860][ T9578] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 215.794938][ T9578] vhci_hcd vhci_hcd.0: Device attached [ 215.871456][ T9584] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 216.055291][ T6010] usb 44-1: SetAddress Request (6) to port 0 [ 216.057180][ T6010] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd [ 216.351476][ T9593] xt_bpf: check failed: parse error [ 216.354541][ T40] audit: type=1326 audit(1768327650.046:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9592 comm="syz.1.1035" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 216.362882][ T40] audit: type=1326 audit(1768327650.046:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9592 comm="syz.1.1035" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 216.412017][ T40] audit: type=1326 audit(1768327650.046:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9592 comm="syz.1.1035" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 216.427723][ T40] audit: type=1326 audit(1768327650.056:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9592 comm="syz.1.1035" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 216.438171][ T40] audit: type=1326 audit(1768327650.056:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9592 comm="syz.1.1035" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000 [ 216.454776][ T9602] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1036'. [ 216.517727][ T9606] loop5: detected capacity change from 0 to 7 [ 216.519876][ T9586] vhci_hcd: connection reset by peer [ 216.521206][ T9606] Dev loop5: unable to read RDB block 7 [ 216.522617][ T7197] vhci_hcd vhci_hcd.3: stop threads [ 216.523621][ T9606] loop5: AHDI p1 p2 p3 [ 216.525310][ T7197] vhci_hcd vhci_hcd.3: release socket [ 216.526849][ T9606] loop5: partition table partially beyond EOD, [ 216.528642][ T7197] vhci_hcd vhci_hcd.3: disconnect device [ 216.528676][ T9606] truncated [ 216.534249][ T9606] loop5: p1 start 1601398130 is beyond EOD, truncated [ 216.536559][ T9606] loop5: p2 start 1702059890 is beyond EOD, truncated [ 216.815288][ T61] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 216.856364][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 216.966829][ T61] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.971319][ T61] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 216.975538][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.981477][ T61] usb 7-1: config 0 descriptor?? [ 217.861940][ T9619] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1044'. [ 217.891565][ T9624] overlayfs: missing 'workdir' [ 217.961304][ T9630] macvtap1: entered promiscuous mode [ 217.963099][ T9630] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode [ 217.970078][ T9630] mac80211_hwsim hwsim7 wlan1: left promiscuous mode [ 217.985800][ T61] usbhid 7-1:0.0: can't add hid device: -71 [ 217.988181][ T61] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 217.992224][ T61] usb 7-1: USB disconnect, device number 10 [ 218.281858][ T9636] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1048'. [ 218.285251][ T61] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 218.317417][ T9636] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 218.435283][ T61] usb 7-1: Using ep0 maxpacket: 32 [ 218.440874][ T61] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.444594][ T61] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 218.448279][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.452668][ T61] usb 7-1: config 0 descriptor?? [ 218.458444][ T61] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 218.464770][ T61] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 218.615397][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.618872][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.622574][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.626091][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.657578][ T9649] overlayfs: failed to resolve './file1/file0': -2 [ 218.915515][ T9658] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 218.925524][ T9] usb 7-1: USB disconnect, device number 11 [ 218.939156][ T9] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 219.122835][ T9666] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1060'. [ 219.279660][ T9662] loop6: detected capacity change from 0 to 2640 [ 219.282800][ T9662] buffer_io_error: 138 callbacks suppressed [ 219.283532][ T9662] Buffer I/O error on dev loop6, logical block 0, async page read [ 219.290249][ T9662] Buffer I/O error on dev loop6, logical block 0, async page read [ 219.292876][ T9662] Buffer I/O error on dev loop6, logical block 0, async page read [ 219.296056][ T9662] Buffer I/O error on dev loop6, logical block 0, async page read [ 219.298592][ T9662] Buffer I/O error on dev loop6, logical block 0, async page read [ 219.301058][ T9662] Buffer I/O error on dev loop6, logical block 0, async page read [ 219.303505][ T9662] Buffer I/O error on dev loop6, logical block 0, async page read [ 219.306389][ T9662] Buffer I/O error on dev loop6, logical block 0, async page read [ 219.308878][ T9662] ldm_validate_partition_table(): Disk read failed. [ 219.311007][ T9662] Buffer I/O error on dev loop6, logical block 0, async page read [ 219.313439][ T9662] Buffer I/O error on dev loop6, logical block 0, async page read [ 219.325562][ T9662] Dev loop6: unable to read RDB block 0 [ 219.334685][ T9662] loop6: unable to read partition table [ 219.337308][ T9662] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 219.354512][ T9662] evm: overlay not supported [ 219.426062][ T9662] loop6: detected capacity change from 2640 to 524288000 [ 219.838440][ T9698] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 220.314207][ T9709] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1075'. [ 220.365219][ T9711] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1076'. [ 220.492683][ T9714] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1076'. [ 220.564332][ T9709] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 221.105366][ T6010] usb 44-1: device descriptor read/8, error -110 [ 221.380268][ T9738] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 221.382612][ T9738] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 221.385041][ T9738] vhci_hcd vhci_hcd.0: Device attached [ 221.496623][ T6010] usb usb44-port1: attempt power cycle [ 221.500121][ T9741] vhci_hcd: connection closed [ 221.500298][ T46] vhci_hcd vhci_hcd.1: stop threads [ 221.503493][ T46] vhci_hcd vhci_hcd.1: release socket [ 221.505350][ T46] vhci_hcd vhci_hcd.1: disconnect device [ 221.567899][ T53] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 222.056254][ T6010] usb usb44-port1: unable to enumerate USB device [ 222.455389][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 222.545895][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 222.871574][ T9779] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1091'. [ 223.050067][ T9779] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 223.644719][ T9787] all: renamed from bridge_slave_0 (while UP) [ 223.690853][ T9791] tipc: Enabled bearer , priority 0 [ 223.693522][ T9791] syzkaller0: entered promiscuous mode [ 223.696511][ T9791] syzkaller0: entered allmulticast mode [ 223.699373][ T9793] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1096'. [ 223.726172][ T9791] tipc: Resetting bearer [ 223.729075][ T9790] tipc: Resetting bearer [ 223.740329][ T9790] tipc: Disabling bearer [ 223.990318][ T9805] kvm: emulating exchange as write [ 224.070937][ T9809] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.074636][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.375471][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.379132][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.382756][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.386176][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.540738][ T9829] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1104'. [ 224.563824][ T9829] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 225.205254][ T53] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 225.325322][ T933] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 225.356522][ T53] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 225.360118][ T53] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 225.363106][ T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.371270][ T53] usb 8-1: config 0 descriptor?? [ 225.477158][ T933] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 225.480705][ T933] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 225.484051][ T933] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.490338][ T933] usb 6-1: config 0 descriptor?? [ 225.577971][ T53] usbhid 8-1:0.0: can't add hid device: -71 [ 225.579927][ T53] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 225.605147][ T53] usb 8-1: USB disconnect, device number 14 [ 226.075325][ T63] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 226.237335][ T63] usb 8-1: Using ep0 maxpacket: 32 [ 226.242561][ T63] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 226.249553][ T63] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 226.254356][ T63] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.278089][ T63] usb 8-1: config 0 descriptor?? [ 226.282860][ T63] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 226.287579][ T63] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 226.648613][ T933] usbhid 6-1:0.0: can't add hid device: -71 [ 226.650617][ T933] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 226.654142][ T933] usb 6-1: USB disconnect, device number 10 [ 226.747529][ T6028] usb 8-1: USB disconnect, device number 15 [ 226.751806][ T6028] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 226.945279][ T933] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 227.096580][ T933] usb 6-1: Using ep0 maxpacket: 32 [ 227.099541][ T933] usb 6-1: config index 0 descriptor too short (expected 36, got 27) [ 227.102029][ T933] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 227.106078][ T933] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 227.108926][ T933] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.112670][ T933] usb 6-1: config 0 descriptor?? [ 227.118398][ T933] ldusb 6-1:0.0: Interrupt in endpoint not found [ 227.123867][ T933] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 227.268290][ T9862] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 1ùà^!‚lü1Ü*ø$pOcÚÉ”ÎÜr$åG—•µ [ 227.337586][ T63] usb 6-1: USB disconnect, device number 11 [ 227.423863][ T9864] FAULT_INJECTION: forcing a failure. [ 227.423863][ T9864] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 227.428406][ T9864] CPU: 1 UID: 0 PID: 9864 Comm: syz.3.1115 Tainted: G L syzkaller #0 PREEMPT(full) [ 227.428424][ T9864] Tainted: [L]=SOFTLOCKUP [ 227.428428][ T9864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 227.428435][ T9864] Call Trace: [ 227.428439][ T9864] [ 227.428443][ T9864] dump_stack_lvl+0x16c/0x1f0 [ 227.428465][ T9864] should_fail_ex+0x512/0x640 [ 227.428481][ T9864] _copy_from_user+0x2e/0xd0 [ 227.428494][ T9864] get_compat_msghdr+0xa7/0x170 [ 227.428510][ T9864] ? __pfx_get_compat_msghdr+0x10/0x10 [ 227.428541][ T9864] ___sys_sendmsg+0x1ae/0x1d0 [ 227.428560][ T9864] ? __pfx____sys_sendmsg+0x10/0x10 [ 227.428581][ T9864] ? find_held_lock+0x2b/0x80 [ 227.428604][ T9864] __sys_sendmsg+0x16d/0x220 [ 227.428619][ T9864] ? __pfx___sys_sendmsg+0x10/0x10 [ 227.428642][ T9864] __do_fast_syscall_32+0xe8/0x680 [ 227.428655][ T9864] do_fast_syscall_32+0x32/0x80 [ 227.428666][ T9864] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 227.428680][ T9864] RIP: 0023:0xf705d579 [ 227.428688][ T9864] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 227.428699][ T9864] RSP: 002b:00000000f544d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 227.428710][ T9864] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000580 [ 227.428728][ T9864] RDX: 0000000020000810 RSI: 0000000000000000 RDI: 0000000000000000 [ 227.428734][ T9864] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 227.428740][ T9864] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 227.428747][ T9864] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 227.428760][ T9864] [ 227.994764][ T9869] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 228.098062][ T9873] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1119'. [ 228.124656][ T9873] team0: Port device team_slave_0 removed [ 228.201822][ T9881] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1118'. [ 228.225053][ T9881] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 229.415456][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 229.418915][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 229.422269][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 229.425709][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 229.693744][ T9908] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1128'. [ 229.871606][ T9916] FAULT_INJECTION: forcing a failure. [ 229.871606][ T9916] name failslab, interval 1, probability 0, space 0, times 0 [ 229.885624][ T9916] CPU: 1 UID: 0 PID: 9916 Comm: syz.1.1131 Tainted: G L syzkaller #0 PREEMPT(full) [ 229.885644][ T9916] Tainted: [L]=SOFTLOCKUP [ 229.885647][ T9916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 229.885655][ T9916] Call Trace: [ 229.885659][ T9916] [ 229.885664][ T9916] dump_stack_lvl+0x16c/0x1f0 [ 229.885686][ T9916] should_fail_ex+0x512/0x640 [ 229.885700][ T9916] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 229.885716][ T9916] should_failslab+0xc2/0x120 [ 229.885734][ T9916] kmem_cache_alloc_node_noprof+0x86/0x800 [ 229.885747][ T9916] ? __alloc_skb+0x156/0x410 [ 229.885763][ T9916] ? __alloc_skb+0x156/0x410 [ 229.885775][ T9916] __alloc_skb+0x156/0x410 [ 229.885786][ T9916] ? __alloc_skb+0x35d/0x410 [ 229.885798][ T9916] ? __pfx___alloc_skb+0x10/0x10 [ 229.885812][ T9916] ? unwind_get_return_address+0x59/0xa0 [ 229.885827][ T9916] ? __pfx___might_resched+0x10/0x10 [ 229.885846][ T9916] netlink_alloc_large_skb+0x69/0x140 [ 229.885864][ T9916] netlink_sendmsg+0x698/0xdd0 [ 229.885883][ T9916] ? __pfx_netlink_sendmsg+0x10/0x10 [ 229.885901][ T9916] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 229.885922][ T9916] ____sys_sendmsg+0xa5d/0xc30 [ 229.885935][ T9916] ? __pfx_____sys_sendmsg+0x10/0x10 [ 229.885945][ T9916] ? get_compat_msghdr+0x11a/0x170 [ 229.885965][ T9916] ___sys_sendmsg+0x134/0x1d0 [ 229.885981][ T9916] ? __pfx____sys_sendmsg+0x10/0x10 [ 229.886001][ T9916] ? find_held_lock+0x2b/0x80 [ 229.886024][ T9916] __sys_sendmsg+0x16d/0x220 [ 229.886039][ T9916] ? __pfx___sys_sendmsg+0x10/0x10 [ 229.886061][ T9916] __do_fast_syscall_32+0xe8/0x680 [ 229.886074][ T9916] do_fast_syscall_32+0x32/0x80 [ 229.886085][ T9916] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 229.886099][ T9916] RIP: 0023:0xf700d579 [ 229.886109][ T9916] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 229.886120][ T9916] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 229.886142][ T9916] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000580 [ 229.886149][ T9916] RDX: 0000000020000810 RSI: 0000000000000000 RDI: 0000000000000000 [ 229.886156][ T9916] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 229.886162][ T9916] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 229.886168][ T9916] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 229.886181][ T9916] [ 230.425404][ T9925] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1130'. [ 230.428376][ T9925] netlink: 'syz.3.1130': attribute type 5 has an invalid length. [ 230.430730][ T9925] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1130'. [ 230.443307][ T9925] geneve3: entered promiscuous mode [ 230.445795][ T9925] geneve3: entered allmulticast mode [ 230.450312][ T46] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0 [ 230.454009][ T46] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0 [ 230.463888][ T46] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0 [ 230.467474][ T46] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0 [ 230.670645][ T9914] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 230.928710][ T9928] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1134'. [ 230.939116][ T9928] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 231.395167][ T9949] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 231.468047][ T9951] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1140'. [ 231.573805][ T9951] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 232.137929][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.222362][ T9979] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1144'. [ 232.225586][ T9979] netlink: 'syz.3.1144': attribute type 5 has an invalid length. [ 232.228314][ T9979] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1144'. [ 232.375236][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 232.377347][ T9975] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 232.861592][ T9992] loop5: detected capacity change from 0 to 7 [ 232.865414][ T9992] Dev loop5: unable to read RDB block 7 [ 232.875121][ T9992] loop5: AHDI p1 p2 p3 [ 232.876727][ T9992] loop5: partition table partially beyond EOD, truncated [ 232.879246][ T9992] loop5: p1 start 1601398130 is beyond EOD, truncated [ 232.881470][ T9992] loop5: p2 start 1702059890 is beyond EOD, truncated [ 232.951922][ T9995] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1151'. [ 233.240817][T10001] lo speed is unknown, defaulting to 1000 [ 233.243685][T10001] lo speed is unknown, defaulting to 1000 [ 234.097237][T10022] FAULT_INJECTION: forcing a failure. [ 234.097237][T10022] name failslab, interval 1, probability 0, space 0, times 0 [ 234.101375][T10022] CPU: 2 UID: 0 PID: 10022 Comm: syz.2.1160 Tainted: G L syzkaller #0 PREEMPT(full) [ 234.101399][T10022] Tainted: [L]=SOFTLOCKUP [ 234.101404][T10022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 234.101413][T10022] Call Trace: [ 234.101418][T10022] [ 234.101424][T10022] dump_stack_lvl+0x16c/0x1f0 [ 234.101451][T10022] should_fail_ex+0x512/0x640 [ 234.101469][T10022] ? __kmalloc_noprof+0xca/0x910 [ 234.101486][T10022] should_failslab+0xc2/0x120 [ 234.101510][T10022] __kmalloc_noprof+0xeb/0x910 [ 234.101525][T10022] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 234.101546][T10022] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 234.101562][T10022] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 234.101582][T10022] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 234.101598][T10022] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 234.101612][T10022] ? genl_get_cmd+0x194/0x580 [ 234.101630][T10022] ? bpf_lsm_capable+0x9/0x10 [ 234.101650][T10022] ? security_capable+0x7e/0x260 [ 234.101678][T10022] genl_rcv_msg+0x55c/0x800 [ 234.101695][T10022] ? __pfx_genl_rcv_msg+0x10/0x10 [ 234.101710][T10022] ? __pfx_netlbl_cipsov4_add+0x10/0x10 [ 234.101727][T10022] ? __lock_acquire+0x436/0x2890 [ 234.101744][T10022] netlink_rcv_skb+0x158/0x420 [ 234.101766][T10022] ? __pfx_genl_rcv_msg+0x10/0x10 [ 234.101781][T10022] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 234.101811][T10022] ? netlink_deliver_tap+0x1ae/0xd30 [ 234.101835][T10022] genl_rcv+0x28/0x40 [ 234.101846][T10022] netlink_unicast+0x5aa/0x870 [ 234.101871][T10022] ? __pfx_netlink_unicast+0x10/0x10 [ 234.101892][T10022] ? __pfx___might_resched+0x10/0x10 [ 234.101919][T10022] netlink_sendmsg+0x8c8/0xdd0 [ 234.101943][T10022] ? __pfx_netlink_sendmsg+0x10/0x10 [ 234.101968][T10022] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 234.101997][T10022] ____sys_sendmsg+0xa5d/0xc30 [ 234.102013][T10022] ? __pfx_____sys_sendmsg+0x10/0x10 [ 234.102026][T10022] ? get_compat_msghdr+0x11a/0x170 [ 234.102055][T10022] ___sys_sendmsg+0x134/0x1d0 [ 234.102075][T10022] ? __pfx____sys_sendmsg+0x10/0x10 [ 234.102104][T10022] ? find_held_lock+0x2b/0x80 [ 234.102135][T10022] __sys_sendmsg+0x16d/0x220 [ 234.102154][T10022] ? __pfx___sys_sendmsg+0x10/0x10 [ 234.102187][T10022] __do_fast_syscall_32+0xe8/0x680 [ 234.102204][T10022] do_fast_syscall_32+0x32/0x80 [ 234.102218][T10022] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 234.102242][T10022] RIP: 0023:0xf70dd579 [ 234.102253][T10022] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 234.102268][T10022] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 234.102282][T10022] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000580 [ 234.102291][T10022] RDX: 0000000020000810 RSI: 0000000000000000 RDI: 0000000000000000 [ 234.102300][T10022] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 234.102323][T10022] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 234.102334][T10022] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 234.102355][T10022] [ 234.247620][T10027] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1162'. [ 234.251053][T10027] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1162'. [ 234.455401][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 234.540109][T10025] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 234.588466][T10035] netlink: 'syz.1.1156': attribute type 5 has an invalid length. [ 234.616527][T10035] geneve3: entered promiscuous mode [ 234.619101][T10035] geneve3: entered allmulticast mode [ 235.255472][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.259118][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.262635][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.265391][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.545590][T10054] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 236.535373][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 236.820272][T10071] FAULT_INJECTION: forcing a failure. [ 236.820272][T10071] name failslab, interval 1, probability 0, space 0, times 0 [ 236.825723][T10071] CPU: 2 UID: 0 PID: 10071 Comm: syz.3.1175 Tainted: G L syzkaller #0 PREEMPT(full) [ 236.825752][T10071] Tainted: [L]=SOFTLOCKUP [ 236.825758][T10071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 236.825771][T10071] Call Trace: [ 236.825777][T10071] [ 236.825784][T10071] dump_stack_lvl+0x16c/0x1f0 [ 236.825819][T10071] should_fail_ex+0x512/0x640 [ 236.825841][T10071] ? __kmalloc_cache_noprof+0x5f/0x800 [ 236.825865][T10071] should_failslab+0xc2/0x120 [ 236.825893][T10071] __kmalloc_cache_noprof+0x80/0x800 [ 236.825916][T10071] ? netlbl_cipsov4_add+0x3b9/0x24c0 [ 236.825935][T10071] ? __nla_validate+0x3e/0x50 [ 236.825962][T10071] ? netlbl_cipsov4_add+0x3b9/0x24c0 [ 236.825980][T10071] netlbl_cipsov4_add+0x3b9/0x24c0 [ 236.825998][T10071] ? rcu_is_watching+0x12/0xc0 [ 236.826027][T10071] ? __pfx_netlbl_cipsov4_add+0x10/0x10 [ 236.826049][T10071] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 236.826072][T10071] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 236.826098][T10071] genl_family_rcv_msg_doit+0x209/0x2f0 [ 236.826119][T10071] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 236.826139][T10071] ? genl_get_cmd+0x194/0x580 [ 236.826165][T10071] ? bpf_lsm_capable+0x9/0x10 [ 236.826188][T10071] ? security_capable+0x7e/0x260 [ 236.826225][T10071] genl_rcv_msg+0x55c/0x800 [ 236.826248][T10071] ? __pfx_genl_rcv_msg+0x10/0x10 [ 236.826274][T10071] ? __pfx_netlbl_cipsov4_add+0x10/0x10 [ 236.826297][T10071] ? __lock_acquire+0x436/0x2890 [ 236.826319][T10071] netlink_rcv_skb+0x158/0x420 [ 236.826347][T10071] ? __pfx_genl_rcv_msg+0x10/0x10 [ 236.826368][T10071] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 236.826407][T10071] ? netlink_deliver_tap+0x1ae/0xd30 [ 236.826439][T10071] genl_rcv+0x28/0x40 [ 236.826454][T10071] netlink_unicast+0x5aa/0x870 [ 236.826486][T10071] ? __pfx_netlink_unicast+0x10/0x10 [ 236.826513][T10071] ? __pfx___might_resched+0x10/0x10 [ 236.826548][T10071] netlink_sendmsg+0x8c8/0xdd0 [ 236.826581][T10071] ? __pfx_netlink_sendmsg+0x10/0x10 [ 236.826613][T10071] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 236.826649][T10071] ____sys_sendmsg+0xa5d/0xc30 [ 236.826672][T10071] ? __pfx_____sys_sendmsg+0x10/0x10 [ 236.826690][T10071] ? get_compat_msghdr+0x11a/0x170 [ 236.826728][T10071] ___sys_sendmsg+0x134/0x1d0 [ 236.826769][T10071] ? __pfx____sys_sendmsg+0x10/0x10 [ 236.826792][T10071] ? __pfx___irq_work_queue_local+0x10/0x10 [ 236.826834][T10071] ? find_held_lock+0x2b/0x80 [ 236.826876][T10071] __sys_sendmsg+0x16d/0x220 [ 236.826902][T10071] ? __pfx___sys_sendmsg+0x10/0x10 [ 236.826926][T10071] ? __pfx_bpf_trace_run2+0x10/0x10 [ 236.826961][T10071] ? syscall_trace_enter+0x1cb/0x220 [ 236.826987][T10071] ? rcu_is_watching+0x12/0xc0 [ 236.827015][T10071] __do_fast_syscall_32+0xe8/0x680 [ 236.827037][T10071] do_fast_syscall_32+0x32/0x80 [ 236.827056][T10071] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 236.827080][T10071] RIP: 0023:0xf705d579 [ 236.827095][T10071] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 236.827113][T10071] RSP: 002b:00000000f544d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 236.827130][T10071] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000580 [ 236.827143][T10071] RDX: 0000000020000810 RSI: 0000000000000000 RDI: 0000000000000000 [ 236.827153][T10071] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 236.827163][T10071] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 236.827174][T10071] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 236.827199][T10071] [ 237.124392][T10078] __nla_validate_parse: 33 callbacks suppressed [ 237.124405][T10078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1173'. [ 237.155311][T10078] netlink: 'syz.2.1173': attribute type 5 has an invalid length. [ 237.158077][T10078] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1173'. [ 237.174298][T10078] geneve4: entered promiscuous mode [ 237.176197][T10078] geneve4: entered allmulticast mode [ 237.465649][ T933] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 237.596406][T10070] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 237.615338][ T933] usb 8-1: Using ep0 maxpacket: 32 [ 237.617629][ T933] usb 8-1: no configurations [ 237.623867][ T933] usb 8-1: can't read configurations, error -22 [ 237.757853][ T933] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 237.915332][ T933] usb 8-1: Using ep0 maxpacket: 32 [ 237.919680][ T933] usb 8-1: no configurations [ 237.923725][ T933] usb 8-1: can't read configurations, error -22 [ 237.932551][ T933] usb usb8-port1: attempt power cycle [ 238.203845][T10090] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1178'. [ 238.295347][ T933] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 238.315683][ T933] usb 8-1: Using ep0 maxpacket: 32 [ 238.320061][ T933] usb 8-1: no configurations [ 238.321553][ T933] usb 8-1: can't read configurations, error -22 [ 238.465249][ T933] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 238.485965][ T933] usb 8-1: Using ep0 maxpacket: 32 [ 238.488766][ T933] usb 8-1: no configurations [ 238.490508][ T933] usb 8-1: can't read configurations, error -22 [ 238.492750][ T933] usb usb8-port1: unable to enumerate USB device [ 238.564852][T10095] loop0: detected capacity change from 0 to 2560 [ 238.570699][ T5948] buffer_io_error: 11 callbacks suppressed [ 238.570712][ T5948] Buffer I/O error on dev loop0, logical block 0, async page read [ 238.575631][ T5948] Buffer I/O error on dev loop0, logical block 0, async page read [ 238.580846][ T5948] Buffer I/O error on dev loop0, logical block 0, async page read [ 238.583531][ T5948] Buffer I/O error on dev loop0, logical block 0, async page read [ 238.586485][ T5948] Buffer I/O error on dev loop0, logical block 0, async page read [ 238.592778][T10095] sp0: Synchronizing with TNC [ 238.609815][T10095] Buffer I/O error on dev loop0, logical block 0, lost async page write [ 238.613090][T10095] Buffer I/O error on dev loop0, logical block 1, lost async page write [ 238.617076][T10095] Buffer I/O error on dev loop0, logical block 2, lost async page write [ 238.621355][T10095] Buffer I/O error on dev loop0, logical block 3, lost async page write [ 238.624474][T10095] Buffer I/O error on dev loop0, logical block 4, lost async page write [ 238.783665][T10097] netlink: 'syz.1.1182': attribute type 3 has an invalid length. [ 238.786821][T10097] netlink: 'syz.1.1182': attribute type 4 has an invalid length. [ 238.957904][T10102] trusted_key: encrypted_key: insufficient parameters specified [ 239.041515][T10105] netlink: 'syz.0.1185': attribute type 4 has an invalid length. [ 239.044161][T10105] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1185'. [ 239.095416][ T5947] Bluetooth: hci0: command 0x0419 tx timeout [ 240.145581][ T933] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 240.305252][ T933] usb 6-1: Using ep0 maxpacket: 16 [ 240.308379][ T933] usb 6-1: config 0 has an invalid descriptor of length 140, skipping remainder of the config [ 240.312622][ T933] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 240.321925][ T933] usb 6-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 240.325270][ T933] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.327832][ T933] usb 6-1: Product: syz [ 240.332539][T10133] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 240.333776][ T933] usb 6-1: Manufacturer: syz [ 240.333787][ T933] usb 6-1: SerialNumber: syz [ 240.340380][ T933] usb 6-1: config 0 descriptor?? [ 240.569211][ T933] usb 6-1: USB disconnect, device number 12 [ 241.015384][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 241.018030][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 241.020578][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 241.023163][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 241.210932][T10150] loop5: detected capacity change from 0 to 7 [ 241.227331][T10150] Dev loop5: unable to read RDB block 7 [ 241.235993][T10150] loop5: AHDI p1 p2 p3 [ 241.244616][T10150] loop5: partition table partially beyond EOD, truncated [ 241.366624][T10150] loop5: p1 start 1601398130 is beyond EOD, truncated [ 241.368732][T10150] loop5: p2 start 1702059890 is beyond EOD, truncated [ 241.735443][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 242.017447][T10161] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1205'. [ 242.326274][T10168] FAULT_INJECTION: forcing a failure. [ 242.326274][T10168] name failslab, interval 1, probability 0, space 0, times 0 [ 242.330155][T10168] CPU: 1 UID: 0 PID: 10168 Comm: syz.0.1207 Tainted: G L syzkaller #0 PREEMPT(full) [ 242.330173][T10168] Tainted: [L]=SOFTLOCKUP [ 242.330177][T10168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 242.330184][T10168] Call Trace: [ 242.330188][T10168] [ 242.330193][T10168] dump_stack_lvl+0x16c/0x1f0 [ 242.330215][T10168] should_fail_ex+0x512/0x640 [ 242.330229][T10168] ? __kmalloc_cache_noprof+0x5f/0x800 [ 242.330243][T10168] should_failslab+0xc2/0x120 [ 242.330261][T10168] __kmalloc_cache_noprof+0x80/0x800 [ 242.330274][T10168] ? netlbl_cipsov4_add+0x3f9/0x24c0 [ 242.330288][T10168] ? netlbl_cipsov4_add+0x3f9/0x24c0 [ 242.330298][T10168] netlbl_cipsov4_add+0x3f9/0x24c0 [ 242.330308][T10168] ? rcu_is_watching+0x12/0xc0 [ 242.330325][T10168] ? __pfx_netlbl_cipsov4_add+0x10/0x10 [ 242.330338][T10168] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 242.330351][T10168] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 242.330366][T10168] genl_family_rcv_msg_doit+0x209/0x2f0 [ 242.330378][T10168] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 242.330389][T10168] ? genl_get_cmd+0x194/0x580 [ 242.330403][T10168] ? bpf_lsm_capable+0x9/0x10 [ 242.330418][T10168] ? security_capable+0x7e/0x260 [ 242.330439][T10168] genl_rcv_msg+0x55c/0x800 [ 242.330452][T10168] ? __pfx_genl_rcv_msg+0x10/0x10 [ 242.330463][T10168] ? __pfx_netlbl_cipsov4_add+0x10/0x10 [ 242.330475][T10168] ? __lock_acquire+0x436/0x2890 [ 242.330488][T10168] netlink_rcv_skb+0x158/0x420 [ 242.330505][T10168] ? __pfx_genl_rcv_msg+0x10/0x10 [ 242.330516][T10168] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 242.330539][T10168] ? netlink_deliver_tap+0x1ae/0xd30 [ 242.330557][T10168] genl_rcv+0x28/0x40 [ 242.330566][T10168] netlink_unicast+0x5aa/0x870 [ 242.330584][T10168] ? __pfx_netlink_unicast+0x10/0x10 [ 242.330601][T10168] ? __pfx___might_resched+0x10/0x10 [ 242.330621][T10168] netlink_sendmsg+0x8c8/0xdd0 [ 242.330640][T10168] ? __pfx_netlink_sendmsg+0x10/0x10 [ 242.330658][T10168] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 242.330680][T10168] ____sys_sendmsg+0xa5d/0xc30 [ 242.330692][T10168] ? __pfx_____sys_sendmsg+0x10/0x10 [ 242.330702][T10168] ? get_compat_msghdr+0x11a/0x170 [ 242.330724][T10168] ___sys_sendmsg+0x134/0x1d0 [ 242.330740][T10168] ? __pfx____sys_sendmsg+0x10/0x10 [ 242.330754][T10168] ? __pfx___irq_work_queue_local+0x10/0x10 [ 242.330778][T10168] ? find_held_lock+0x2b/0x80 [ 242.330801][T10168] __sys_sendmsg+0x16d/0x220 [ 242.330816][T10168] ? __pfx___sys_sendmsg+0x10/0x10 [ 242.330831][T10168] ? __pfx_bpf_trace_run2+0x10/0x10 [ 242.330851][T10168] ? syscall_trace_enter+0x1cb/0x220 [ 242.330867][T10168] ? rcu_is_watching+0x12/0xc0 [ 242.330883][T10168] __do_fast_syscall_32+0xe8/0x680 [ 242.330895][T10168] do_fast_syscall_32+0x32/0x80 [ 242.330906][T10168] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 242.330920][T10168] RIP: 0023:0xf709d579 [ 242.330929][T10168] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 242.330943][T10168] RSP: 002b:00000000f548d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 242.330955][T10168] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000580 [ 242.330961][T10168] RDX: 0000000020000810 RSI: 0000000000000000 RDI: 0000000000000000 [ 242.330968][T10168] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 242.330974][T10168] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 242.330980][T10168] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 242.330994][T10168] [ 242.475381][T10172] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 242.756349][ T40] audit: type=1326 audit(1768327676.456:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10181 comm="syz.2.1213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 242.763102][ T40] audit: type=1326 audit(1768327676.456:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10181 comm="syz.2.1213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 242.771308][ T40] audit: type=1326 audit(1768327676.456:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10181 comm="syz.2.1213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 242.771735][T10184] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1214'. [ 242.785441][ T40] audit: type=1326 audit(1768327676.456:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10181 comm="syz.2.1213" exe="/syz-executor" sig=0 arch=40000003 syscall=306 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 242.792031][ T40] audit: type=1326 audit(1768327676.456:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10181 comm="syz.2.1213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 242.799218][ T40] audit: type=1326 audit(1768327676.456:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10181 comm="syz.2.1213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 242.810510][ T40] audit: type=1326 audit(1768327676.456:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10181 comm="syz.2.1213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 242.821269][ T40] audit: type=1326 audit(1768327676.456:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10181 comm="syz.2.1213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 242.829523][ T40] audit: type=1326 audit(1768327676.456:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10181 comm="syz.2.1213" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 242.839828][ T40] audit: type=1326 audit(1768327676.456:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10181 comm="syz.2.1213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 242.841365][T10186] xt_addrtype: ipv6 BLACKHOLE matching not supported [ 242.981614][T10194] lo speed is unknown, defaulting to 1000 [ 242.991436][T10194] lo speed is unknown, defaulting to 1000 [ 243.000281][T10195] lo speed is unknown, defaulting to 1000 [ 243.003824][T10195] lo speed is unknown, defaulting to 1000 [ 243.717317][T10219] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1224'. [ 243.790284][T10224] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1225'. [ 244.415649][T10243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1229'. [ 245.248682][T10258] loop5: detected capacity change from 0 to 7 [ 245.256183][ T5948] Dev loop5: unable to read RDB block 7 [ 245.259281][ T5948] loop5: AHDI p1 p2 p3 [ 245.260647][ T5948] loop5: partition table partially beyond EOD, truncated [ 245.265101][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 245.269208][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 245.611821][T10258] Dev loop5: unable to read RDB block 7 [ 245.625876][T10258] loop5: AHDI p1 p2 p3 [ 245.628010][T10258] loop5: partition table partially beyond EOD, truncated [ 245.631295][T10258] loop5: p1 start 1601398130 is beyond EOD, truncated [ 245.634135][T10258] loop5: p2 start 1702059890 is beyond EOD, truncated [ 245.718006][T10266] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1236'. [ 245.753685][T10268] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 245.948270][T10274] Bluetooth: MGMT ver 1.23 [ 246.055438][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 246.059010][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 246.062432][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 246.063618][T10280] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1240'. [ 246.066017][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 246.771733][T10289] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1243'. [ 246.977618][T10239] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1227'. [ 247.018236][T10239] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1227'. [ 247.105635][T10239] netlink: 'syz.3.1227': attribute type 2 has an invalid length. [ 247.376971][T10295] loop5: detected capacity change from 0 to 7 [ 247.397177][ T5948] Dev loop5: unable to read RDB block 7 [ 247.398926][ T5948] loop5: AHDI p1 p2 p3 [ 247.400251][ T5948] loop5: partition table partially beyond EOD, truncated [ 247.427568][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 247.431960][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 247.445843][T10295] Dev loop5: unable to read RDB block 7 [ 247.448173][T10295] loop5: AHDI p1 p2 p3 [ 247.449768][T10295] loop5: partition table partially beyond EOD, truncated [ 247.455412][T10295] loop5: p1 start 1601398130 is beyond EOD, truncated [ 247.457875][T10295] loop5: p2 start 1702059890 is beyond EOD, truncated [ 248.306218][T10317] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1252'. [ 248.387821][T10323] vlan0: entered promiscuous mode [ 248.389745][T10323] bridge0: entered promiscuous mode [ 248.534299][T10325] loop5: detected capacity change from 0 to 7 [ 248.537414][T10325] Dev loop5: unable to read RDB block 7 [ 248.539511][T10325] loop5: AHDI p1 p2 p3 [ 248.541073][T10325] loop5: partition table partially beyond EOD, truncated [ 248.543542][T10325] loop5: p1 start 1601398130 is beyond EOD, truncated [ 248.556229][T10325] loop5: p2 start 1702059890 is beyond EOD, truncated [ 248.725010][T10330] MTD: Attempt to mount non-MTD device "/dev/sr0" [ 248.917723][T10330] /dev/sr0: Can't open blockdev [ 248.937423][T10330] netlink: 'syz.0.1257': attribute type 3 has an invalid length. [ 248.974527][T10330] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 249.088733][T10340] FAULT_INJECTION: forcing a failure. [ 249.088733][T10340] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 249.100928][T10340] CPU: 1 UID: 0 PID: 10340 Comm: syz.1.1259 Tainted: G L syzkaller #0 PREEMPT(full) [ 249.100949][T10340] Tainted: [L]=SOFTLOCKUP [ 249.100952][T10340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 249.100960][T10340] Call Trace: [ 249.100963][T10340] [ 249.100968][T10340] dump_stack_lvl+0x16c/0x1f0 [ 249.100991][T10340] should_fail_ex+0x512/0x640 [ 249.101008][T10340] _copy_to_user+0x32/0xd0 [ 249.101021][T10340] simple_read_from_buffer+0xcb/0x170 [ 249.101039][T10340] proc_fail_nth_read+0x197/0x240 [ 249.101058][T10340] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 249.101077][T10340] ? rw_verify_area+0xcf/0x6c0 [ 249.101092][T10340] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 249.101110][T10340] vfs_read+0x1e4/0xcf0 [ 249.101140][T10340] ? __pfx___mutex_lock+0x10/0x10 [ 249.101154][T10340] ? __pfx_vfs_read+0x10/0x10 [ 249.101167][T10340] ? find_held_lock+0x2b/0x80 [ 249.101186][T10340] ? __fget_files+0x20e/0x3c0 [ 249.101206][T10340] ksys_read+0x12a/0x250 [ 249.101221][T10340] ? __pfx_ksys_read+0x10/0x10 [ 249.101241][T10340] __do_fast_syscall_32+0xe8/0x680 [ 249.101253][T10340] do_fast_syscall_32+0x32/0x80 [ 249.101264][T10340] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 249.101278][T10340] RIP: 0023:0xf700d579 [ 249.101287][T10340] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 249.101298][T10340] RSP: 002b:00000000f53fd590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 249.101308][T10340] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f53fd620 [ 249.101316][T10340] RDX: 000000000000000f RSI: 00000000f73a6ff4 RDI: 0000000000000000 [ 249.101325][T10340] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 249.101334][T10340] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 249.101343][T10340] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 249.101366][T10340] [ 249.293956][T10345] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1261'. [ 249.435660][T10348] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 249.439874][T10348] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 249.444415][T10348] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 249.448474][T10348] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 249.452224][T10348] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 249.460286][T10349] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 249.463039][T10349] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 249.471369][T10349] vhci_hcd vhci_hcd.0: Device attached [ 249.476806][T10349] random: crng reseeded on system resumption [ 249.721330][T10361] loop5: detected capacity change from 0 to 7 [ 249.724880][T10361] Dev loop5: unable to read RDB block 7 [ 249.727565][T10361] loop5: AHDI p1 p2 p3 [ 249.729010][T10361] loop5: partition table partially beyond EOD, truncated [ 249.731431][T10361] loop5: p1 start 1601398130 is beyond EOD, truncated [ 249.733921][T10361] loop5: p2 start 1702059890 is beyond EOD, truncated [ 249.776061][ T53] usb 40-1: SetAddress Request (6) to port 0 [ 249.778112][ T53] usb 40-1: new SuperSpeed USB device number 6 using vhci_hcd [ 249.909939][T10366] lo speed is unknown, defaulting to 1000 [ 249.912749][T10366] lo speed is unknown, defaulting to 1000 [ 249.935695][T10364] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1264'. [ 250.051722][T10373] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 250.077436][T10353] vhci_hcd: connection reset by peer [ 250.099686][ T7202] vhci_hcd vhci_hcd.1: stop threads [ 250.101467][ T7202] vhci_hcd vhci_hcd.1: release socket [ 250.103386][ T7202] vhci_hcd vhci_hcd.1: disconnect device [ 250.136975][T10377] input: syz0 as /devices/virtual/input/input8 [ 250.650175][T10390] loop5: detected capacity change from 0 to 7 [ 250.650325][T10389] netlink: 212 bytes leftover after parsing attributes in process `syz.0.1275'. [ 250.663630][T10389] netlink: 328 bytes leftover after parsing attributes in process `syz.0.1275'. [ 250.672414][ T5948] Dev loop5: unable to read RDB block 7 [ 250.674952][ T5948] loop5: AHDI p1 p2 p3 [ 250.678268][ T5948] loop5: partition table partially beyond EOD, truncated [ 250.681598][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 250.684019][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 250.696638][T10390] Dev loop5: unable to read RDB block 7 [ 250.700263][T10390] loop5: AHDI p1 p2 p3 [ 250.702030][T10390] loop5: partition table partially beyond EOD, truncated [ 250.704639][T10390] loop5: p1 start 1601398130 is beyond EOD, truncated [ 250.715466][T10390] loop5: p2 start 1702059890 is beyond EOD, truncated [ 250.880427][T10396] netlink: 'syz.0.1278': attribute type 8 has an invalid length. [ 250.883605][T10396] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1278'. [ 250.891443][T10396] bond0: entered promiscuous mode [ 250.893629][T10396] bond_slave_0: entered promiscuous mode [ 250.896467][T10396] bond_slave_1: entered promiscuous mode [ 250.899968][T10396] team0: entered promiscuous mode [ 250.903354][T10396] team_slave_0: entered promiscuous mode [ 250.908054][T10396] team_slave_1: entered promiscuous mode [ 250.911962][T10396] hsr1: entered promiscuous mode [ 250.914069][T10397] netlink: 'syz.0.1278': attribute type 8 has an invalid length. [ 250.915348][T10396] netlink: 'syz.0.1278': attribute type 8 has an invalid length. [ 250.917775][T10397] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1278'. [ 250.920070][T10396] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1278'. [ 251.095357][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 251.098221][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 251.101017][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 251.103883][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 251.355537][ T7200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 251.495477][ T5955] Bluetooth: hci2: command 0x0c1a tx timeout [ 251.495505][ T65] Bluetooth: hci0: command 0x0419 tx timeout [ 251.497541][ T5947] Bluetooth: hci3: command 0x0c1a tx timeout [ 251.499506][ T5957] Bluetooth: hci1: command 0x0c1a tx timeout [ 251.601436][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 251.634413][ T6009] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 251.956751][T10420] lo speed is unknown, defaulting to 1000 [ 251.960496][T10420] lo speed is unknown, defaulting to 1000 [ 253.045825][T10445] loop5: detected capacity change from 0 to 7 [ 253.052666][ T5948] Dev loop5: unable to read RDB block 7 [ 253.054504][ T5948] loop5: AHDI p1 p2 p3 [ 253.056216][ T5948] loop5: partition table partially beyond EOD, truncated [ 253.058840][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 253.061089][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 253.066292][T10445] Dev loop5: unable to read RDB block 7 [ 253.068098][T10445] loop5: AHDI p1 p2 p3 [ 253.069429][T10445] loop5: partition table partially beyond EOD, truncated [ 253.072040][T10445] loop5: p1 start 1601398130 is beyond EOD, truncated [ 253.074340][T10445] loop5: p2 start 1702059890 is beyond EOD, truncated [ 253.149905][T10448] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 253.407146][T10453] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1296'. [ 253.412877][T10453] netlink: 'syz.0.1296': attribute type 30 has an invalid length. [ 253.418835][T10453] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1296'. [ 253.525370][ T63] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 253.585306][ T5957] Bluetooth: hci3: command 0x0c1a tx timeout [ 253.715284][ T63] usb 8-1: Using ep0 maxpacket: 16 [ 253.720504][ T63] usb 8-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 253.724231][ T63] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.735350][ T63] usb 8-1: Product: syz [ 253.737134][ T63] usb 8-1: Manufacturer: syz [ 253.739078][ T63] usb 8-1: SerialNumber: syz [ 253.766519][ T63] r8152-cfgselector 8-1: Unknown version 0x0000 [ 253.769444][ T63] r8152-cfgselector 8-1: config 0 descriptor?? [ 253.993675][ T63] r8152-cfgselector 8-1: Unknown version 0x0000 [ 253.998022][ T63] r8152-cfgselector 8-1: bad CDC descriptors [ 254.009233][ T63] r8152-cfgselector 8-1: USB disconnect, device number 20 [ 254.419916][T10482] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 254.855818][ T53] usb 40-1: device descriptor read/8, error -110 [ 255.291475][ T53] usb usb40-port1: attempt power cycle [ 255.663383][T10513] mac80211_hwsim hwsim3 syzkaller0: Caught tx_queue_len zero misconfig [ 255.984077][T10527] loop5: detected capacity change from 0 to 7 [ 255.993411][T10527] Dev loop5: unable to read RDB block 7 [ 256.002941][T10527] loop5: AHDI p1 p2 p3 [ 256.005364][T10527] loop5: partition table partially beyond EOD, truncated [ 256.008376][T10527] loop5: p1 start 1601398130 is beyond EOD, truncated [ 256.024689][T10527] loop5: p2 start 1702059890 is beyond EOD, truncated [ 256.156332][ T53] usb usb40-port1: unable to enumerate USB device [ 256.273064][T10535] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1316'. [ 256.391233][T10545] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1318'. [ 256.590978][T10549] binder: 10548:10549 ioctl 4004ae99 800001c0 returned -22 [ 256.597013][T10549] binder: 10548:10549 ioctl 89e9 0 returned -22 [ 256.603284][T10549] binder: 10548:10549 ioctl 8933 80000240 returned -22 [ 256.614810][T10549] binder: 10548:10549 ioctl 8004480e 80000280 returned -22 [ 256.617594][T10549] binder: 10548:10549 ioctl c018937b 80000440 returned -22 [ 256.622964][T10549] binder: 10548:10549 ioctl 80044942 80000700 returned -22 [ 256.628538][T10549] binder: 10548:10549 ioctl c1205531 80000980 returned -22 [ 256.817553][T10551] loop0: detected capacity change from 0 to 2560 [ 256.926932][T10551] buffer_io_error: 315 callbacks suppressed [ 256.926944][T10551] Buffer I/O error on dev loop0, logical block 0, lost async page write [ 256.931898][T10551] Buffer I/O error on dev loop0, logical block 1, lost async page write [ 256.934700][T10551] Buffer I/O error on dev loop0, logical block 2, lost async page write [ 256.986464][T10551] Buffer I/O error on dev loop0, logical block 3, lost async page write [ 256.990093][T10551] Buffer I/O error on dev loop0, logical block 4, lost async page write [ 256.993329][T10551] Buffer I/O error on dev loop0, logical block 5, lost async page write [ 256.996266][T10551] Buffer I/O error on dev loop0, logical block 6, lost async page write [ 256.999625][T10551] Buffer I/O error on dev loop0, logical block 7, lost async page write [ 257.003209][T10551] Buffer I/O error on dev loop0, logical block 8, lost async page write [ 257.006173][T10551] Buffer I/O error on dev loop0, logical block 9, lost async page write [ 257.015469][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 257.019421][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 257.023211][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 257.026512][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 257.967930][T10570] 9pnet_virtio: no channels available for device syz [ 259.215525][T10588] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1327'. [ 259.219480][T10588] netlink: 'syz.0.1327': attribute type 5 has an invalid length. [ 259.222928][T10588] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1327'. [ 259.578186][T10594] loop5: detected capacity change from 0 to 7 [ 259.581007][T10594] Dev loop5: unable to read RDB block 7 [ 259.582991][T10594] loop5: AHDI p1 p2 p3 [ 259.584533][T10594] loop5: partition table partially beyond EOD, truncated [ 259.587188][T10594] loop5: p1 start 1601398130 is beyond EOD, truncated [ 259.589393][T10594] loop5: p2 start 1702059890 is beyond EOD, truncated [ 259.650600][T10598] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1334'. [ 260.061683][T10583] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 260.070540][T10614] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1339'. [ 260.314239][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.317218][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.466558][T10621] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1341'. [ 260.538020][T10627] loop5: detected capacity change from 0 to 7 [ 260.540894][ T5948] Dev loop5: unable to read RDB block 7 [ 260.542733][ T5948] loop5: AHDI p1 p2 p3 [ 260.544141][ T5948] loop5: partition table partially beyond EOD, truncated [ 260.546655][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 260.550076][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 260.554709][T10627] Dev loop5: unable to read RDB block 7 [ 260.558307][T10627] loop5: AHDI p1 p2 p3 [ 260.559789][T10627] loop5: partition table partially beyond EOD, truncated [ 260.562178][T10627] loop5: p1 start 1601398130 is beyond EOD, truncated [ 260.564389][T10627] loop5: p2 start 1702059890 is beyond EOD, truncated [ 260.615088][T10629] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1345'. [ 260.752048][T10636] Invalid ELF header len 8 [ 260.883341][T10649] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 260.886175][T10649] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 260.889892][T10649] vhci_hcd vhci_hcd.0: Device attached [ 260.947368][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 260.949987][T10650] vhci_hcd: connection closed [ 260.950456][ T1149] vhci_hcd vhci_hcd.1: stop threads [ 260.954052][ T1149] vhci_hcd vhci_hcd.1: release socket [ 260.956224][ T1149] vhci_hcd vhci_hcd.1: disconnect device [ 261.054411][T10654] qrtr: Invalid version 0 [ 261.185287][ T5957] Bluetooth: hci0: command 0x0419 tx timeout [ 262.037837][T10664] loop5: detected capacity change from 0 to 7 [ 262.091171][T10664] Dev loop5: unable to read RDB block 7 [ 262.105360][T10664] loop5: AHDI p1 p2 p3 [ 262.112733][T10664] loop5: partition table partially beyond EOD, truncated [ 262.115291][T10664] loop5: p1 start 1601398130 is beyond EOD, truncated [ 262.117734][T10664] loop5: p2 start 1702059890 is beyond EOD, truncated [ 262.208112][T10668] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1357'. [ 262.368926][T10675] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1360'. [ 262.407285][T10677] MTD: Attempt to mount non-MTD device "/dev/sr0" [ 262.469023][T10678] netlink: 'syz.1.1361': attribute type 3 has an invalid length. [ 262.474951][T10678] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 262.540712][T10677] /dev/sr0: Can't open blockdev [ 262.626393][T10690] loop5: detected capacity change from 0 to 7 [ 262.630353][ T5948] Dev loop5: unable to read RDB block 7 [ 262.632857][ T5948] loop5: AHDI p1 p2 p3 [ 262.634753][ T5948] loop5: partition table partially beyond EOD, truncated [ 262.638001][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 262.640983][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 262.644820][T10690] Dev loop5: unable to read RDB block 7 [ 262.651311][T10690] loop5: AHDI p1 p2 p3 [ 262.652646][T10690] loop5: partition table partially beyond EOD, truncated [ 262.655501][T10690] loop5: p1 start 1601398130 is beyond EOD, truncated [ 262.657727][T10690] loop5: p2 start 1702059890 is beyond EOD, truncated [ 262.753030][ T40] kauditd_printk_skb: 299 callbacks suppressed [ 262.753041][ T40] audit: type=1326 audit(1768327696.446:1144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 262.771309][ T40] audit: type=1326 audit(1768327696.456:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709d598 code=0x7ffc0000 [ 262.779693][ T40] audit: type=1326 audit(1768327696.456:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 262.786555][ T40] audit: type=1326 audit(1768327696.456:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709d598 code=0x7ffc0000 [ 262.793445][ T40] audit: type=1326 audit(1768327696.456:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709d598 code=0x7ffc0000 [ 262.800356][ T40] audit: type=1326 audit(1768327696.456:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 262.807222][ T40] audit: type=1326 audit(1768327696.456:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 262.813925][ T40] audit: type=1326 audit(1768327696.456:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 262.821013][ T40] audit: type=1326 audit(1768327696.456:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf709d598 code=0x7ffc0000 [ 262.828104][ T40] audit: type=1326 audit(1768327696.456:1153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 262.894223][T10697] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1367'. [ 263.083255][T10702] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1369'. [ 263.145810][T10700] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 263.148577][T10700] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 263.156893][T10700] vhci_hcd vhci_hcd.0: Device attached [ 263.425387][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 263.428105][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 263.430810][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 263.434293][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 263.437042][ T61] usb 38-1: SetAddress Request (6) to port 0 [ 263.438957][ T61] usb 38-1: new SuperSpeed USB device number 6 using vhci_hcd [ 263.737027][T10719] lo speed is unknown, defaulting to 1000 [ 263.739657][T10719] lo speed is unknown, defaulting to 1000 [ 264.253947][T10731] loop5: detected capacity change from 0 to 7 [ 264.260489][ T5948] Dev loop5: unable to read RDB block 7 [ 264.262448][ T5948] loop5: AHDI p1 p2 p3 [ 264.265027][ T5948] loop5: partition table partially beyond EOD, truncated [ 264.275349][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 264.277984][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 264.310763][T10731] Dev loop5: unable to read RDB block 7 [ 264.313172][T10731] loop5: AHDI p1 p2 p3 [ 264.314961][T10731] loop5: partition table partially beyond EOD, truncated [ 264.318275][T10731] loop5: p1 start 1601398130 is beyond EOD, truncated [ 264.335954][T10731] loop5: p2 start 1702059890 is beyond EOD, truncated [ 264.421327][T10733] 0xfffffffffffffffd-0x00000001fff7 : "" [ 264.423798][T10733] mtd: partition "" is out of reach -- disabled [ 264.448989][T10733] ftl_cs: FTL header not found. [ 264.483096][T10737] __nla_validate_parse: 1 callbacks suppressed [ 264.483108][T10737] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1376'. [ 264.509812][T10740] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1378'. [ 264.535305][T10705] vhci_hcd: connection reset by peer [ 264.545572][ T7200] vhci_hcd vhci_hcd.0: stop threads [ 264.547674][ T7200] vhci_hcd vhci_hcd.0: release socket [ 264.549874][ T7200] vhci_hcd vhci_hcd.0: disconnect device [ 264.858462][T10758] loop5: detected capacity change from 0 to 7 [ 264.868262][ T5948] Dev loop5: unable to read RDB block 7 [ 264.870354][ T5948] loop5: AHDI p1 p2 p3 [ 264.870381][ T5948] loop5: partition table partially beyond EOD, truncated [ 264.870557][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 264.870575][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 264.897659][T10758] Dev loop5: unable to read RDB block 7 [ 264.900076][T10758] loop5: AHDI p1 p2 p3 [ 264.901863][T10758] loop5: partition table partially beyond EOD, truncated [ 264.905846][T10758] loop5: p1 start 1601398130 is beyond EOD, truncated [ 264.908792][T10758] loop5: p2 start 1702059890 is beyond EOD, truncated [ 264.980895][T10765] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 265.078763][T10768] lo speed is unknown, defaulting to 1000 [ 265.085500][T10768] lo speed is unknown, defaulting to 1000 [ 265.568253][T10769] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1381'. [ 265.700200][T10780] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1390'. [ 266.147579][T10801] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 266.556715][T10817] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1400'. [ 266.571788][T10817] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 266.685501][T10818] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 266.688468][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 266.795840][T10813] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 267.104873][T10825] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1403'. [ 267.146270][T10827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1404'. [ 267.157006][ T1119] sr 2:0:0:0: [sr0] tag#16 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 267.163285][ T1119] sr 2:0:0:0: [sr0] tag#16 Sense Key : Illegal Request [current] [ 267.168000][ T1119] sr 2:0:0:0: [sr0] tag#16 Add. Sense: Invalid command operation code [ 267.170654][ T1119] sr 2:0:0:0: [sr0] tag#16 CDB: Write(10) 2a 00 00 00 00 00 00 00 02 00 [ 267.184513][ T1119] blk_print_req_error: 138 callbacks suppressed [ 267.184524][ T1119] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2 [ 267.190581][ T1119] buffer_io_error: 310 callbacks suppressed [ 267.190590][ T1119] Buffer I/O error on dev sr0, logical block 0, lost async page write [ 267.229837][T10829] batman_adv: batadv0: Adding interface: gretap1 [ 267.232421][T10829] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 267.242925][T10829] batman_adv: batadv0: Interface activated: gretap1 [ 267.353752][T10835] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 267.495369][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 267.499007][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 267.502541][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 267.541999][T10853] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1412'. [ 267.631723][T10856] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1409'. [ 268.545356][ T61] usb 38-1: device descriptor read/8, error -110 [ 268.758777][T10883] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 268.935831][ T61] usb usb38-port1: attempt power cycle [ 269.181688][T10885] macvlan2: left promiscuous mode [ 269.221177][T10885] geneve3: left promiscuous mode [ 269.223684][T10885] geneve3: left allmulticast mode [ 269.270820][ T6969] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 256 - 0 [ 269.277836][ T978] lo speed is unknown, defaulting to 1000 [ 269.305012][ T978] syz0: Port: 1 Link DOWN [ 269.442492][T10888] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.447696][T10888] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 269.457567][T10893] loop5: detected capacity change from 0 to 7 [ 269.482887][ T5948] Dev loop5: unable to read RDB block 7 [ 269.485732][ T5948] loop5: AHDI p1 p2 p3 [ 269.487543][ T5948] loop5: partition table partially beyond EOD, truncated [ 269.496011][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 269.498326][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 269.505745][ T61] usb usb38-port1: unable to enumerate USB device [ 269.510941][T10893] Dev loop5: unable to read RDB block 7 [ 269.512886][T10893] loop5: AHDI p1 p2 p3 [ 269.514718][T10893] loop5: partition table partially beyond EOD, truncated [ 269.529862][T10893] loop5: p1 start 1601398130 is beyond EOD, truncated [ 269.532994][T10893] loop5: p2 start 1702059890 is beyond EOD, truncated [ 269.560212][T10889] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 269.578785][ T6969] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 256 - 0 [ 269.582634][ T6969] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 256 - 0 [ 269.658818][T10888] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.662294][T10888] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 269.900464][T10888] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.903854][T10888] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 270.038164][T10909] kvm: apic: phys broadcast and lowest prio [ 270.040753][T10909] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1427'. [ 270.043813][T10909] kvm: apic: phys broadcast and lowest prio [ 270.143625][T10888] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 270.147632][T10888] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 270.270840][ T83] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 256 - 0 [ 270.273864][ T83] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 270.288589][ T83] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 256 - 0 [ 270.291164][ T83] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 270.293975][ T83] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 256 - 0 [ 270.297773][ T83] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 270.307817][ T7202] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 256 - 0 [ 270.317099][ T7202] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 270.545793][ T6009] net_ratelimit: 3 callbacks suppressed [ 270.545806][ T6009] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 270.622038][T10921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 270.625526][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 271.877773][T10939] overlay: filesystem on ./file0 is read-only [ 271.883702][T10939] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1435'. [ 272.102156][T10942] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1437'. [ 272.183113][ T40] kauditd_printk_skb: 112 callbacks suppressed [ 272.183173][ T40] audit: type=1326 audit(1768327705.876:1266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.0.1439" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 272.194850][ T40] audit: type=1326 audit(1768327705.886:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.0.1439" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 272.203472][ T40] audit: type=1326 audit(1768327705.886:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.0.1439" exe="/syz-executor" sig=0 arch=40000003 syscall=355 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 272.212001][ T40] audit: type=1326 audit(1768327705.886:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.0.1439" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 272.221292][ T40] audit: type=1326 audit(1768327705.886:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.0.1439" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 272.232227][ T40] audit: type=1326 audit(1768327705.886:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.0.1439" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 272.253355][ T40] audit: type=1326 audit(1768327705.886:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.0.1439" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 272.265293][ T40] audit: type=1326 audit(1768327705.886:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.0.1439" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 272.272558][ T40] audit: type=1326 audit(1768327705.886:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.0.1439" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 272.280379][ T40] audit: type=1326 audit(1768327705.886:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.0.1439" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf709d579 code=0x7ffc0000 [ 272.755307][ T6010] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 272.905287][ T6010] usb 5-1: Using ep0 maxpacket: 32 [ 272.908430][ T6010] usb 5-1: config 0 has an invalid interface number: 19 but max is 0 [ 272.911154][ T6010] usb 5-1: config 0 has no interface number 0 [ 272.913175][ T6010] usb 5-1: config 0 interface 19 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 16 [ 272.921699][ T6010] usb 5-1: New USB device found, idVendor=04a4, idProduct=0014, bcdDevice=c9.57 [ 272.924671][ T6010] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.927622][ T6010] usb 5-1: Product: syz [ 272.929153][ T6010] usb 5-1: Manufacturer: syz [ 272.930712][ T6010] usb 5-1: SerialNumber: syz [ 272.934681][ T6010] usb 5-1: config 0 descriptor?? [ 272.937546][T10955] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 273.203931][T10970] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1445'. [ 273.221794][ T6010] usb 5-1: USB disconnect, device number 9 [ 273.385691][T10970] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 273.759254][T10973] Cannot find add_set index 3 as target [ 274.117649][T10988] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1446'. [ 274.136041][T10988] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 274.240189][T10992] can0: slcan on ptm0. [ 274.379053][T10991] can0 (unregistered): slcan off ptm0. [ 274.944015][T11018] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 275.051940][T11025] lo speed is unknown, defaulting to 1000 [ 275.175482][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.178457][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.181155][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.183832][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.235291][ T63] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 275.330534][T11031] loop5: detected capacity change from 0 to 7 [ 275.333492][ T5948] Dev loop5: unable to read RDB block 7 [ 275.335478][ T5948] loop5: AHDI p1 p2 p3 [ 275.336871][ T5948] loop5: partition table partially beyond EOD, truncated [ 275.339213][ T5948] loop5: p1 start 1601398130 is beyond EOD, truncated [ 275.341363][ T5948] loop5: p2 start 1702059890 is beyond EOD, truncated [ 275.349019][T11031] Dev loop5: unable to read RDB block 7 [ 275.351075][T11031] loop5: AHDI p1 p2 p3 [ 275.352596][T11031] loop5: partition table partially beyond EOD, truncated [ 275.355109][T11031] loop5: p1 start 1601398130 is beyond EOD, truncated [ 275.358398][T11031] loop5: p2 start 1702059890 is beyond EOD, truncated [ 275.365377][ T63] usb 6-1: device descriptor read/64, error -71 [ 275.605353][ T63] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 275.735326][ T63] usb 6-1: device descriptor read/64, error -71 [ 275.845615][ T63] usb usb6-port1: attempt power cycle [ 275.959091][T11043] trusted_key: syz.0.1467 sent an empty control message without MSG_MORE. [ 276.185251][ T63] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 276.207167][ T63] usb 6-1: device descriptor read/8, error -71 [ 276.445311][ T63] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 276.465828][ T63] usb 6-1: device descriptor read/8, error -71 [ 276.482540][T11046] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 276.577171][ T63] usb usb6-port1: unable to enumerate USB device [ 276.965347][T11043] comedi comedi0: reset error (fatal) [ 277.996368][T11076] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1476'. [ 278.496064][T11073] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 278.620108][T11075] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 279.569279][T11086] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 279.625585][T11093] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1483'. [ 279.877479][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 279.877491][ T40] audit: type=1326 audit(1768327713.576:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11097 comm="syz.2.1485" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 279.888945][ T40] audit: type=1326 audit(1768327713.576:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11097 comm="syz.2.1485" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 279.900012][ T40] audit: type=1326 audit(1768327713.576:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11097 comm="syz.2.1485" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 279.934320][T11100] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1486'. [ 279.975651][ T40] audit: type=1326 audit(1768327713.576:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11097 comm="syz.2.1485" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 279.976898][ T5957] Bluetooth: hci0: command 0x0419 tx timeout [ 279.983955][ T40] audit: type=1326 audit(1768327713.576:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11097 comm="syz.2.1485" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 279.996272][ T40] audit: type=1326 audit(1768327713.576:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11097 comm="syz.2.1485" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 280.005587][ T40] audit: type=1326 audit(1768327713.576:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11097 comm="syz.2.1485" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 280.013855][ T40] audit: type=1326 audit(1768327713.576:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11097 comm="syz.2.1485" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 280.105603][T11111] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1487'. [ 280.125532][ T40] audit: type=1326 audit(1768327713.576:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11097 comm="syz.2.1485" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 280.132634][ T40] audit: type=1326 audit(1768327713.576:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11097 comm="syz.2.1485" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 280.157841][T11109] tipc: Enabled bearer , priority 0 [ 280.161803][T11109] syzkaller0: entered promiscuous mode [ 280.163585][T11109] syzkaller0: entered allmulticast mode [ 280.170345][T11109] tipc: Resetting bearer [ 280.178033][ T6009] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 280.208421][T11114] loop5: detected capacity change from 0 to 7 [ 280.210914][T11114] Dev loop5: unable to read RDB block 7 [ 280.215427][T11114] loop5: AHDI p1 p2 p3 [ 280.216861][T11114] loop5: partition table partially beyond EOD, truncated [ 280.219193][T11114] loop5: p1 start 1601398130 is beyond EOD, truncated [ 280.221336][T11114] loop5: p2 start 1702059890 is beyond EOD, truncated [ 280.287347][T11121] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 280.299445][T11122] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1490'. [ 280.436813][T11130] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1496'. [ 280.484519][T11132] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1497'. [ 280.536871][T11135] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1498'. [ 280.605359][ T63] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 280.695436][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 280.699032][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 280.702571][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 280.706162][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 280.757187][ T63] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 280.761285][ T63] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 280.764972][ T63] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 280.768981][ T63] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.780360][ T63] usb 5-1: config 0 descriptor?? [ 280.792227][ T63] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 280.798176][ T63] dvb-usb: bulk message failed: -22 (3/0) [ 280.808044][ T63] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 280.812985][ T63] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 280.817344][ T63] usb 5-1: media controller created [ 280.825551][ T63] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 280.877263][ T63] dvb-usb: bulk message failed: -22 (6/0) [ 280.880896][ T63] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 280.889666][ T63] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb5/5-1/input/input9 [ 280.909468][ T63] dvb-usb: schedule remote query interval to 150 msecs. [ 280.912133][ T63] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 280.989945][T11127] dvb-usb: bulk message failed: -22 (4/0) [ 281.066940][ T24] dvb-usb: bulk message failed: -22 (1/0) [ 281.069699][ T24] dvb-usb: error while querying for an remote control event. [ 281.226879][ T24] dvb-usb: bulk message failed: -22 (1/0) [ 281.228845][ T24] dvb-usb: error while querying for an remote control event. [ 281.252831][ T978] libceph: connect (1)[c::]:6789 error -101 [ 281.268344][T11144] ceph: No mds server is up or the cluster is laggy [ 281.292674][ T978] libceph: mon0 (1)[c::]:6789 connect error [ 281.300608][ T6028] tipc: Node number set to 729783801 [ 281.426613][ T6028] dvb-usb: bulk message failed: -22 (1/0) [ 281.453937][ T6028] dvb-usb: error while querying for an remote control event. [ 281.593454][T11151] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 281.625262][ T978] dvb-usb: bulk message failed: -22 (1/0) [ 281.627361][ T978] dvb-usb: error while querying for an remote control event. [ 281.640330][T11157] 9p: Bad value for 'rfdno' [ 281.732214][T11168] tipc: Enabling of bearer rejected, failed to enable media [ 281.755852][T11173] Bluetooth: MGMT ver 1.23 [ 281.785289][ T978] dvb-usb: bulk message failed: -22 (1/0) [ 281.787568][ T978] dvb-usb: error while querying for an remote control event. [ 281.933424][T11190] sch_tbf: peakrate 1 is lower than or equals to rate 5 ! [ 281.946460][ T6028] dvb-usb: bulk message failed: -22 (1/0) [ 281.951390][ T6028] dvb-usb: error while querying for an remote control event. [ 281.973024][T11193] bridge0: port 3(team0) entered blocking state [ 281.975873][T11192] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1514'. [ 281.979001][T11193] bridge0: port 3(team0) entered disabled state [ 281.981257][T11192] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1514'. [ 281.984335][T11193] team0: entered allmulticast mode [ 281.986865][T11193] team_slave_0: entered allmulticast mode [ 281.988765][T11193] team_slave_1: entered allmulticast mode [ 281.991645][T11193] geneve0: entered allmulticast mode [ 281.994551][T11193] team0: entered promiscuous mode [ 281.996440][T11193] team_slave_0: entered promiscuous mode [ 281.998327][T11193] team_slave_1: entered promiscuous mode [ 282.000213][T11193] geneve0: entered promiscuous mode [ 282.002486][T11193] bridge0: port 3(team0) entered blocking state [ 282.004913][T11193] bridge0: port 3(team0) entered forwarding state [ 282.019308][T11192] bridge1: entered promiscuous mode [ 282.021582][T11192] bridge1: entered allmulticast mode [ 282.055337][ T5957] Bluetooth: hci0: command 0x0419 tx timeout [ 282.115477][ T6028] dvb-usb: bulk message failed: -22 (1/0) [ 282.117730][ T6028] dvb-usb: error while querying for an remote control event. [ 282.277812][ T6028] dvb-usb: bulk message failed: -22 (1/0) [ 282.279935][ T6028] dvb-usb: error while querying for an remote control event. [ 282.435386][ T6028] dvb-usb: bulk message failed: -22 (1/0) [ 282.437862][ T6028] dvb-usb: error while querying for an remote control event. [ 282.595279][ T6028] dvb-usb: bulk message failed: -22 (1/0) [ 282.597417][ T6028] dvb-usb: error while querying for an remote control event. [ 282.854849][ T6028] dvb-usb: bulk message failed: -22 (1/0) [ 282.857080][ T6028] dvb-usb: error while querying for an remote control event. [ 283.015283][ T6028] dvb-usb: bulk message failed: -22 (1/0) [ 283.018906][ T6028] dvb-usb: error while querying for an remote control event. [ 283.169144][T11231] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1521'. [ 283.175429][ T6028] dvb-usb: bulk message failed: -22 (1/0) [ 283.180694][ T6028] dvb-usb: error while querying for an remote control event. [ 283.397490][ T6028] dvb-usb: bulk message failed: -22 (1/0) [ 283.399419][ T6028] dvb-usb: error while querying for an remote control event. [ 283.420438][ T6028] usb 5-1: USB disconnect, device number 10 [ 283.453498][ T6028] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 284.135333][ T5957] Bluetooth: hci0: command 0x0419 tx timeout [ 284.585328][ T63] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 284.736956][ T63] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 284.740676][ T63] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 284.744804][ T63] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 284.748402][ T63] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.755892][ T63] usb 5-1: config 0 descriptor?? [ 284.767093][ T63] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 284.828837][T11270] kAFS: unable to lookup cell '' [ 284.964454][ T63] usb 5-1: USB disconnect, device number 11 [ 285.471965][T11281] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1533'. [ 285.479958][T11281] bridge3: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 285.508412][ T24] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 285.705288][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 285.710076][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 285.714678][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 285.725379][ T24] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 285.729108][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.740562][ T24] usb 5-1: config 0 descriptor?? [ 285.749796][ T24] ldusb 5-1:0.0: Interrupt in endpoint not found [ 285.753410][ T24] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 285.959494][ T24] usb 5-1: USB disconnect, device number 12 [ 286.465315][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 286.468059][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 286.470660][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 286.473291][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 286.481412][T11292] bond0: entered promiscuous mode [ 286.482998][T11292] bond_slave_0: entered promiscuous mode [ 286.484929][T11292] bond_slave_1: entered promiscuous mode [ 286.488370][T11292] batadv0: entered promiscuous mode [ 286.490489][T11292] debugfs: 'hsr1' already exists in 'hsr' [ 286.492257][T11292] Cannot create hsr debugfs directory [ 286.494172][T11292] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 286.511547][T11292] bond0: left promiscuous mode [ 286.513122][T11292] bond_slave_0: left promiscuous mode [ 286.515000][T11292] bond_slave_1: left promiscuous mode [ 286.519557][T11292] batadv0: left promiscuous mode [ 286.732664][T11304] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1541'. [ 287.098070][T11314] capability: warning: `syz.3.1537' uses 32-bit capabilities (legacy support in use) [ 287.189788][T11313] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 287.191873][T11313] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 287.194564][T11313] vhci_hcd vhci_hcd.0: Device attached [ 287.223640][T11315] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1537'. [ 287.460318][T11316] vhci_hcd: connection closed [ 287.460635][ T7206] vhci_hcd vhci_hcd.3: stop threads [ 287.463804][ T7206] vhci_hcd vhci_hcd.3: release socket [ 287.466767][ T7206] vhci_hcd vhci_hcd.3: disconnect device [ 287.475281][ T5944] usb 44-1: enqueue for inactive port 0 [ 287.888289][T11346] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1550'. [ 287.996337][ T5944] usb usb44-port1: attempt power cycle [ 288.604609][T11372] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 288.608399][T11372] block device autoloading is deprecated and will be removed. [ 288.614629][T11372] loop0: detected capacity change from 0 to 2560 [ 288.620268][ T5948] Buffer I/O error on dev loop0, logical block 0, async page read [ 288.623081][ T5948] Buffer I/O error on dev loop0, logical block 0, async page read [ 288.627062][ T5948] Buffer I/O error on dev loop0, logical block 0, async page read [ 288.632010][ T5948] Buffer I/O error on dev loop0, logical block 0, async page read [ 288.634700][ T5948] Buffer I/O error on dev loop0, logical block 0, async page read [ 288.651372][T11372] IPVS: Scheduler module ip_vs_sip not found [ 289.414613][ T5944] usb usb44-port1: unable to enumerate USB device [ 289.475568][T11382] netlink: 'syz.3.1560': attribute type 2 has an invalid length. [ 289.477796][T11382] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1560'. [ 289.561422][T11386] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1562'. [ 289.608488][T11388] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 289.611011][T11388] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 289.643860][T11388] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 289.647969][T11388] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 289.656883][T11388] batman_adv: batadv0: Interface deactivated: gretap1 [ 289.659150][T11388] batman_adv: batadv0: Removing interface: gretap1 [ 289.736760][ T6009] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 289.792632][T11393] [ 289.793746][T11393] ====================================================== [ 289.796716][T11393] WARNING: possible circular locking dependency detected [ 289.799672][T11393] syzkaller #0 Tainted: G L [ 289.802302][T11393] ------------------------------------------------------ [ 289.805244][T11393] syz.0.1564/11393 is trying to acquire lock: [ 289.807834][T11393] ffff888054943868 (&pipe->mutex){+.+.}-{4:4}, at: anon_pipe_write+0x15d/0x1bd0 [ 289.811663][T11393] [ 289.811663][T11393] but task is already holding lock: [ 289.814742][T11393] ffff888024e5c948 (&sbi->pipe_mutex){+.+.}-{4:4}, at: autofs_notify_daemon+0x4a6/0xd60 [ 289.818899][T11393] [ 289.818899][T11393] which lock already depends on the new lock. [ 289.818899][T11393] [ 289.823237][T11393] [ 289.823237][T11393] the existing dependency chain (in reverse order) is: [ 289.827071][T11393] [ 289.827071][T11393] -> #3 (&sbi->pipe_mutex){+.+.}-{4:4}: [ 289.830363][T11393] __mutex_lock+0x1aa/0x1ca0 [ 289.832564][T11393] autofs_notify_daemon+0x4a6/0xd60 [ 289.834985][T11393] autofs_wait+0x10f3/0x1ac0 [ 289.837183][T11393] autofs_mount_wait+0x132/0x3c0 [ 289.839507][T11393] autofs_d_automount+0x4b2/0x960 [ 289.841860][T11393] __traverse_mounts+0x1b9/0x830 [ 289.844133][T11393] step_into_slowpath+0x772/0xf50 [ 289.846551][T11393] path_lookupat+0x627/0xc40 [ 289.848766][T11393] filename_lookup+0x224/0x5f0 [ 289.851005][T11393] kern_path+0x35/0x50 [ 289.853009][T11393] lookup_bdev+0xd8/0x280 [ 289.855087][T11393] resume_store+0x1d6/0x490 [ 289.857294][T11393] kobj_attr_store+0x58/0x80 [ 289.859495][T11393] sysfs_kf_write+0xf2/0x150 [ 289.861682][T11393] kernfs_fop_write_iter+0x3af/0x570 [ 289.864238][T11393] vfs_write+0x7d3/0x11d0 [ 289.866342][T11393] ksys_write+0x12a/0x250 [ 289.868464][T11393] __do_fast_syscall_32+0xe8/0x680 [ 289.870854][T11393] do_fast_syscall_32+0x32/0x80 [ 289.873129][T11393] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 289.876043][T11393] [ 289.876043][T11393] -> #2 (&of->mutex){+.+.}-{4:4}: [ 289.879137][T11393] __mutex_lock+0x1aa/0x1ca0 [ 289.881356][T11393] kernfs_seq_start+0x4f/0x2a0 [ 289.883653][T11393] seq_read_iter+0x2c1/0x12d0 [ 289.885910][T11393] kernfs_fop_read_iter+0x46c/0x610 [ 289.888388][T11393] copy_splice_read+0x618/0xc20 [ 289.890684][T11393] do_splice_read+0x285/0x370 [ 289.892909][T11393] splice_file_to_pipe+0x109/0x120 [ 289.895287][T11393] do_sendfile+0x400/0xe50 [ 289.897441][T11393] __ia32_compat_sys_sendfile+0x1e5/0x220 [ 289.900155][T11393] __do_fast_syscall_32+0xe8/0x680 [ 289.902541][T11393] do_fast_syscall_32+0x32/0x80 [ 289.904833][T11393] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 289.907785][T11393] [ 289.907785][T11393] -> #1 (&p->lock){+.+.}-{4:4}: [ 289.910753][T11393] __mutex_lock+0x1aa/0x1ca0 [ 289.912951][T11393] seq_read_iter+0xe1/0x12d0 [ 289.915145][T11393] kernfs_fop_read_iter+0x46c/0x610 [ 289.917596][T11393] copy_splice_read+0x618/0xc20 [ 289.919915][T11393] do_splice_read+0x285/0x370 [ 289.922140][T11393] splice_file_to_pipe+0x109/0x120 [ 289.924545][T11393] do_sendfile+0x400/0xe50 [ 289.926676][T11393] __ia32_compat_sys_sendfile+0x1e5/0x220 [ 289.929276][T11393] __do_fast_syscall_32+0xe8/0x680 [ 289.931585][T11393] do_fast_syscall_32+0x32/0x80 [ 289.933784][T11393] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 289.936645][T11393] [ 289.936645][T11393] -> #0 (&pipe->mutex){+.+.}-{4:4}: [ 289.939736][T11393] __lock_acquire+0x1669/0x2890 [ 289.941990][T11393] lock_acquire+0x179/0x330 [ 289.944191][T11393] __mutex_lock+0x1aa/0x1ca0 [ 289.946370][T11393] anon_pipe_write+0x15d/0x1bd0 [ 289.948709][T11393] __kernel_write_iter+0x720/0xb10 [ 289.951149][T11393] __kernel_write+0xf5/0x140 [ 289.953365][T11393] autofs_notify_daemon+0x4db/0xd60 [ 289.955805][T11393] autofs_wait+0x10f3/0x1ac0 [ 289.958057][T11393] autofs_mount_wait+0x132/0x3c0 [ 289.960414][T11393] autofs_d_automount+0x4b2/0x960 [ 289.962779][T11393] __traverse_mounts+0x1b9/0x830 [ 289.965116][T11393] step_into_slowpath+0x772/0xf50 [ 289.967556][T11393] path_lookupat+0x627/0xc40 [ 289.969805][T11393] filename_lookup+0x224/0x5f0 [ 289.972081][T11393] kern_path+0x35/0x50 [ 289.974080][T11393] lookup_bdev+0xd8/0x280 [ 289.976184][T11393] resume_store+0x1d6/0x490 [ 289.978408][T11393] kobj_attr_store+0x58/0x80 [ 289.980662][T11393] sysfs_kf_write+0xf2/0x150 [ 289.982880][T11393] kernfs_fop_write_iter+0x3af/0x570 [ 289.985406][T11393] vfs_write+0x7d3/0x11d0 [ 289.985456][ T978] IPVS: starting estimator thread 0... [ 289.987572][T11393] ksys_write+0x12a/0x250 [ 289.987603][T11393] __do_fast_syscall_32+0xe8/0x680 [ 289.993977][T11393] do_fast_syscall_32+0x32/0x80 [ 289.996286][T11393] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 289.999200][T11393] [ 289.999200][T11393] other info that might help us debug this: [ 289.999200][T11393] [ 290.003379][T11393] Chain exists of: [ 290.003379][T11393] &pipe->mutex --> &of->mutex --> &sbi->pipe_mutex [ 290.003379][T11393] [ 290.007830][T11393] Possible unsafe locking scenario: [ 290.007830][T11393] [ 290.010918][T11393] CPU0 CPU1 [ 290.013214][T11393] ---- ---- [ 290.015506][T11393] lock(&sbi->pipe_mutex); [ 290.017493][T11393] lock(&of->mutex); [ 290.020152][T11393] lock(&sbi->pipe_mutex); [ 290.023134][T11393] lock(&pipe->mutex); [ 290.024940][T11393] [ 290.024940][T11393] *** DEADLOCK *** [ 290.024940][T11393] [ 290.028393][T11393] 5 locks held by syz.0.1564/11393: [ 290.030580][T11393] #0: ffff88802118e2b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 290.034433][T11393] #1: ffff888027838420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 290.038263][T11393] #2: ffff88802892b088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 290.042381][T11393] #3: ffff888040ec00f8 (kn->active#73){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 290.046558][T11393] #4: ffff888024e5c948 (&sbi->pipe_mutex){+.+.}-{4:4}, at: autofs_notify_daemon+0x4a6/0xd60 [ 290.050897][T11393] [ 290.050897][T11393] stack backtrace: [ 290.053424][T11393] CPU: 3 UID: 0 PID: 11393 Comm: syz.0.1564 Tainted: G L syzkaller #0 PREEMPT(full) [ 290.053452][T11393] Tainted: [L]=SOFTLOCKUP [ 290.053459][T11393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 290.053472][T11393] Call Trace: [ 290.053481][T11393] [ 290.053489][T11393] dump_stack_lvl+0x116/0x1f0 [ 290.053524][T11393] print_circular_bug+0x275/0x340 [ 290.053556][T11393] check_noncircular+0x146/0x160 [ 290.053587][T11393] __lock_acquire+0x1669/0x2890 [ 290.053609][T11393] lock_acquire+0x179/0x330 [ 290.053626][T11393] ? anon_pipe_write+0x15d/0x1bd0 [ 290.053656][T11393] ? __pfx___might_resched+0x10/0x10 [ 290.053685][T11393] __mutex_lock+0x1aa/0x1ca0 [ 290.053703][T11393] ? anon_pipe_write+0x15d/0x1bd0 [ 290.053737][T11393] ? __perf_event_task_sched_in+0x27a/0xa10 [ 290.053759][T11393] ? anon_pipe_write+0x15d/0x1bd0 [ 290.053788][T11393] ? __pfx___mutex_lock+0x10/0x10 [ 290.053808][T11393] ? finish_task_switch.isra.0+0x207/0xbd0 [ 290.053838][T11393] ? rcu_is_watching+0x12/0xc0 [ 290.053866][T11393] ? trace_sched_exit_tp+0xd1/0x110 [ 290.053893][T11393] ? anon_pipe_write+0x15d/0x1bd0 [ 290.053919][T11393] anon_pipe_write+0x15d/0x1bd0 [ 290.053950][T11393] ? __pfx_anon_pipe_write+0x10/0x10 [ 290.053976][T11393] ? __pfx___schedule+0x10/0x10 [ 290.054004][T11393] ? preempt_schedule_thunk+0x16/0x30 [ 290.054025][T11393] ? __pfx_anon_pipe_write+0x10/0x10 [ 290.054051][T11393] __kernel_write_iter+0x720/0xb10 [ 290.054078][T11393] ? __pfx___kernel_write_iter+0x10/0x10 [ 290.054104][T11393] ? __mutex_lock+0x669/0x1ca0 [ 290.054121][T11393] ? find_held_lock+0x2b/0x80 [ 290.054145][T11393] ? autofs_notify_daemon+0x45a/0xd60 [ 290.054168][T11393] ? do_raw_spin_unlock+0x172/0x230 [ 290.054190][T11393] __kernel_write+0xf5/0x140 [ 290.054216][T11393] ? __pfx___kernel_write+0x10/0x10 [ 290.054241][T11393] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 290.054265][T11393] autofs_notify_daemon+0x4db/0xd60 [ 290.054287][T11393] ? __pfx_autofs_notify_daemon+0x10/0x10 [ 290.054309][T11393] ? kernfs_fop_write_iter+0x3af/0x570 [ 290.054335][T11393] ? vfs_write+0x7d3/0x11d0 [ 290.054359][T11393] ? ksys_write+0x12a/0x250 [ 290.054394][T11393] ? lockdep_init_map_type+0x5c/0x270 [ 290.054413][T11393] ? lockdep_init_map_type+0x5c/0x270 [ 290.054434][T11393] autofs_wait+0x10f3/0x1ac0 [ 290.054457][T11393] ? __pfx_autofs_wait+0x10/0x10 [ 290.054479][T11393] ? __pfx___schedule+0x10/0x10 [ 290.054502][T11393] ? find_held_lock+0x2b/0x80 [ 290.054525][T11393] ? path_has_submounts+0xcf/0x120 [ 290.054548][T11393] ? preempt_schedule_thunk+0x16/0x30 [ 290.054567][T11393] ? preempt_schedule_common+0x44/0xc0 [ 290.054595][T11393] autofs_mount_wait+0x132/0x3c0 [ 290.054616][T11393] autofs_d_automount+0x4b2/0x960 [ 290.054638][T11393] __traverse_mounts+0x1b9/0x830 [ 290.054659][T11393] step_into_slowpath+0x772/0xf50 [ 290.054684][T11393] ? __up_read+0x2d1/0x700 [ 290.054704][T11393] ? __pfx_step_into_slowpath+0x10/0x10 [ 290.054728][T11393] ? lookup_slow+0x40/0x70 [ 290.054759][T11393] path_lookupat+0x627/0xc40 [ 290.054785][T11393] filename_lookup+0x224/0x5f0 [ 290.054813][T11393] ? __pfx_filename_lookup+0x10/0x10 [ 290.054847][T11393] ? getname_kernel+0x52/0x370 [ 290.054866][T11393] ? __asan_memcpy+0x3c/0x60 [ 290.054887][T11393] kern_path+0x35/0x50 [ 290.054910][T11393] lookup_bdev+0xd8/0x280 [ 290.054928][T11393] ? __pfx_lookup_bdev+0x10/0x10 [ 290.054948][T11393] ? __asan_memcpy+0x3c/0x60 [ 290.054975][T11393] resume_store+0x1d6/0x490 [ 290.054998][T11393] ? __pfx_resume_store+0x10/0x10 [ 290.055023][T11393] ? find_held_lock+0x2b/0x80 [ 290.055048][T11393] ? __pfx_resume_store+0x10/0x10 [ 290.055069][T11393] kobj_attr_store+0x58/0x80 [ 290.055086][T11393] ? __pfx_kobj_attr_store+0x10/0x10 [ 290.055101][T11393] sysfs_kf_write+0xf2/0x150 [ 290.055122][T11393] kernfs_fop_write_iter+0x3af/0x570 [ 290.055146][T11393] ? __pfx_sysfs_kf_write+0x10/0x10 [ 290.055162][T11393] vfs_write+0x7d3/0x11d0 [ 290.055185][T11393] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 290.055207][T11393] ? __pfx_vfs_write+0x10/0x10 [ 290.055223][T11393] ? find_held_lock+0x2b/0x80 [ 290.055240][T11393] ksys_write+0x12a/0x250 [ 290.055255][T11393] ? __pfx_ksys_write+0x10/0x10 [ 290.055273][T11393] __do_fast_syscall_32+0xe8/0x680 [ 290.055285][T11393] do_fast_syscall_32+0x32/0x80 [ 290.055295][T11393] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 290.055310][T11393] RIP: 0023:0xf709d579 [ 290.055320][T11393] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 290.055332][T11393] RSP: 002b:00000000f546c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 290.055344][T11393] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000040 [ 290.055351][T11393] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000000 [ 290.055357][T11393] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 290.055364][T11393] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 290.055371][T11393] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 290.055380][T11393] [ 290.075334][T11394] IPVS: using max 37 ests per chain, 88800 per kthread [ 290.084680][T11393] PM: Image not found (code -22) [ 291.575348][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 291.578867][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 291.582247][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 291.585754][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 297.335423][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 297.339013][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 297.342469][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 297.346021][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 299.335551][ T6009] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog