last executing test programs: 5m0.512803815s ago: executing program 2 (id=59): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7f, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) shmdt(0x0) 4m59.635767292s ago: executing program 2 (id=60): r0 = socket$nl_route(0x10, 0x3, 0x0) readahead(r0, 0xf31d, 0x2) 4m59.46654279s ago: executing program 2 (id=61): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) vmsplice(r1, 0x0, 0x0, 0x0) 4m59.083568226s ago: executing program 2 (id=65): syz_mount_image$minix(&(0x7f0000000080), &(0x7f00000001c0)='./file1\x00', 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="0049cef4df796851925f86c004000000e4cf62dc777d55387afc4a70d087ede499a199c4d7e87a07cdb3e45fc513a1f97b0b9047144790d8f3affa2044cbd987208cf1dcd4ec17f5138b1f4efbdc2a7be39782db000000000000002c2e5cf00c404f4a3246fb740282b4265c2c2c686173682c00181f302d7cd22530b02054463a3dd16b847ce0f9c3bd119a1498eb8cc1ae04dee8bfa77d492c96fd54cb0abb83366c6b4d4785b8103b6ea5ce14afc0ebaae0f62832e93c0cd17b2130111d313bea3d9ab4738453538e448d770b602e104974e6cd92f7d589103fde2331f870b425e8776f9e2152dec6551ec1f61ced64b19c9e56"], 0x5, 0x18e, &(0x7f0000002780)="$eJzs299ummAYx/EfCurcZtzcTpYdkOxgO5lOzf54tt3DbsAoM0ZcTe2JpknTi+gF9KwXV5P2BmoDERqxTRMrYPX7OeLHI/CivviQiADsLVu2DBmyvPCxUD6pGGkPCUBC5pJu5gD2U/bq3rXetQHATpv9kUaSLq+PO8pa0fbgrCTpd1DP5FZeMDuVPpiLupFXIdpfnEufg+2NF6sNSFkqhvXiStnb/5dPwfFf6pVeqyTvHuWN3i7q3XD7909th4C9YqgazUsrMvrXd51vYbb8XA9zzs+NSG6GOe/naufA7cZ1CgDWlHlk/mcj89+MzH8Az9d4Mh20Xdc53N4Fw5S2YBiT6SDJYeQkxX8sO8n30FY6H1xw15n692ejC+ZG9nNhPVRK+cIEIHa1o+GoNp5Mv/aH7Z7Tc/43fjVaP5rf6z9bNb/zz2up/wewO+5+9NMeCQAAAAAAAAAAAAAAWFdF79IeAgAAAICE+P///RvvE0tpnyMAAAAAAAAAAAAAAAAAAACwK24DAAD//3/aFdo=") open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) mount(&(0x7f00000004c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x40000008005, 0x0, 0x0, 0x19, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x202]}) 4m58.678698683s ago: executing program 2 (id=67): r0 = syz_io_uring_setup(0x254c, &(0x7f0000000000)={0x0, 0x7c87, 0x800, 0x0, 0x39}, &(0x7f0000000080), &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, 0x0, 0x1) 4m57.626849118s ago: executing program 2 (id=69): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) 4m57.182709817s ago: executing program 32 (id=69): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) 3m28.314131069s ago: executing program 1 (id=303): socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xd40, 0x82) getsockopt$inet_mreqn(r4, 0x0, 0x24, &(0x7f00000001c0)={@local, @broadcast, 0x0}, 0x0) openat$btrfs_control(0xffffff9c, &(0x7f00000002c0), 0x20642, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB, @ANYBLOB="010100"/14, @ANYRES32=r5, @ANYRES32, @ANYBLOB="050000000300000003000000010000000000000000000000008a58da2201000000f2e106be3411e0b756fc67067fc9cf"], 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)=0xd) ioctl$TCFLSH(r6, 0x540b, 0x0) 3m23.319986173s ago: executing program 1 (id=315): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$phonet(0x23, 0x2, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x8000000) socket$kcm(0x2, 0x1, 0x0) r2 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x1000000}}}}}, 0x0) 3m22.935815139s ago: executing program 1 (id=317): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r1) sendmsg$NLBL_MGMT_C_REMOVE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x14, r2, 0x1c77b3ffb7919603, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x24000000) 3m22.032922578s ago: executing program 1 (id=320): write(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2082) 3m20.985204563s ago: executing program 1 (id=324): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = socket(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r1, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r1, &(0x7f00000005c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000b4bffc)=0x8, 0x4) write(r1, &(0x7f0000000000)='\"', 0x1) recvmmsg(r1, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0) 3m18.212053251s ago: executing program 1 (id=329): r0 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x48) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = socket$inet_smc(0x2b, 0x1, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) listen(r2, 0x0) accept4(r2, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) 3m2.733426592s ago: executing program 33 (id=329): r0 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x48) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = socket$inet_smc(0x2b, 0x1, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) listen(r2, 0x0) accept4(r2, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) 17.659775626s ago: executing program 4 (id=757): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x2) r0 = getpid() ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x8000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f0000000000)={0x25000, 0x5000}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f0000000400000004000000120000"], 0x48) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r7}, &(0x7f00000006c0), &(0x7f0000000700)=r6}, 0x20) 17.081918361s ago: executing program 4 (id=759): syz_usb_connect$cdc_ncm(0x2, 0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a00000008241c00000008000905810300020000000904010000020d000009040101"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(0x3) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r4}, 0x10) r5 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x3cfa, 0x0, 0x2, 0x3b9}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r5, 0x47f6, 0x0, 0x2, 0x0, 0x0) 14.466449362s ago: executing program 6 (id=766): openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xd}, 0x18) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200006, 0x8, &(0x7f0000006680)) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r4, 0xc0a85352, &(0x7f0000000200)={{0x80, 0x4}, 'port1\x00', 0x89, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x200000, 0x0, 0x4875c99660ff2b28}) 13.445084236s ago: executing program 6 (id=767): openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000001140)='fdinfo/3\x00') socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, 0x0, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x2, 0x0, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000040'], 0x2a, 0x0) r4 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f0000000500)="14", 0x1, 0xfffffffffffffffd) keyctl$read(0xb, r4, &(0x7f0000000240)=""/112, 0x349b7f55) 13.415013467s ago: executing program 4 (id=768): r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0) read$hiddev(r0, 0x0, 0x0) 12.475851127s ago: executing program 6 (id=770): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x18, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7d}]}, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 12.475701417s ago: executing program 4 (id=771): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r1], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) 12.305762824s ago: executing program 4 (id=774): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet(0x2, 0x3, 0x9) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000080)={0x2000}) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x20, 0xff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2, 0x0, 0x93}, 0xe) ioctl$int_in(r2, 0x5452, &(0x7f0000000280)=0xffffffffffffffff) sendto$inet6(r2, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r2, 0x1) 12.273408776s ago: executing program 6 (id=775): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) 11.983042538s ago: executing program 6 (id=777): memfd_create(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="85000000070000004d0000000000000045000000000000009500000000"], 0x0, 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) r0 = socket(0x21, 0x3, 0xfffffffe) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000001c0)={0x4812, 0xfffffffc, 0x0, 0x3}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8) connect$unix(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = fsopen(&(0x7f00000000c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x1, 0x0) fchdir(r3) r4 = openat$cgroup_ro(r3, &(0x7f0000000280)='pids.events\x00', 0x275a, 0x0) mknodat(r3, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0) r5 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_restrict_self(r5, 0x0) truncate(&(0x7f0000000240)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000000080)={0x0, 0x1a, "b7c07183a41d22fcd91c796ea3a8144cf65f821361cb93e3d7d4"}, &(0x7f0000000100)=0x22) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000140)={r6, 0x26, "a048995ba5fe445019194df40e52cb4f1c841d8775fb5deee04c9e7749cbf61a124b7f850016"}, &(0x7f0000000240)=0x2e) socket$inet_mptcp(0x2, 0x1, 0x106) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 9.893771258s ago: executing program 0 (id=783): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080)) 9.885471728s ago: executing program 3 (id=784): openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xcb, 0x6f, 0xcf, 0x20, 0x13d8, 0x20, 0xf731, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x24, 0xe4, 0xd5}}]}}]}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0x1c, &(0x7f0000000d80)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000070000b7020000000000007b9a00fe00000000b6090000002000a80700000050000058bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffff55", @ANYBLOB='\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x11, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) close(0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @remote}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r1) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x810) socket$nl_route(0x10, 0x3, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) syz_open_dev$usbfs(0x0, 0x75, 0x109301) memfd_create(&(0x7f0000002240)='key_or_keyring:', 0x2) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) 9.571947771s ago: executing program 0 (id=786): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1, 0x100005, 0x5, 0x5, 0x1}, 0x50) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xfff1, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x58, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x38}, {0x4}}, @TCA_BPF_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x80000001, 0x4, 0x1, 0x5, 0x5, {0xfd, 0x1, 0x0, 0xd, 0x2}, {0x4, 0x0, 0xdef8, 0xfe4a, 0x40}, 0x8, 0x3, 0x3}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x1}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r4, &(0x7f0000000100), &(0x7f0000000180)=""/177}, 0x20) 7.378510705s ago: executing program 0 (id=788): ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f0000000dc0)={0x0, &(0x7f0000000200)}) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000280)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$9p_virtio(&(0x7f0000000340), 0x0, 0x0, 0x200000, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1) r3 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan1\x00'}) 5.84973093s ago: executing program 3 (id=791): socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) socket$vsock_stream(0x28, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2f}}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000500)=@gcm_128={{0x304}, "8763c1e5966c6af2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a0400b9", "12772541f8eb02bb"}, 0x28) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), r1) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000fbdbdf25010000000c00020000000000000000001c0007801800018008000100", @ANYBLOB="04"], 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r3, 0x0, 0x20000000002) 5.172639509s ago: executing program 5 (id=792): openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xd}, 0x18) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200006, 0x8, &(0x7f0000006680)) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r4, 0xc0a85352, &(0x7f0000000200)={{0x80, 0x4}, 'port1\x00', 0x89, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x200000, 0x0, 0x4875c99660ff2b28}) 5.168802619s ago: executing program 3 (id=793): openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x13}], 0x2) mount(&(0x7f0000000340)=@nullb, &(0x7f0000000380)='.\x00', &(0x7f0000000000)='exfat\x00', 0x401, 0x0) syz_io_uring_setup(0x28cb, 0x0, 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000040)={0x24, 0x14, 0x105, 0x70bd2b, 0x25dfdb7b, {0x2c}, [@INET_DIAG_REQ_BYTECODE={0xd, 0x1, "da880c4f7e37eb8685"}]}, 0x24}, 0x1, 0x0, 0x0, 0x8002}, 0x2005c840) 4.151195513s ago: executing program 5 (id=794): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0xa, 0xc}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0xffffffffffffff04, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) pipe(0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0xa0000, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f00000000c0)={0x4, r1}) r4 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) 3.683939932s ago: executing program 4 (id=795): r0 = syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x40003) ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x4161, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) prlimit64(0x0, 0xe, &(0x7f00000004c0)={0x7, 0x800000000000008a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) request_key(&(0x7f0000000040)='cifs.spnego\x00', &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000100)='ife\x00', 0xfffffffffffffffc) r4 = openat$cgroup_int(r1, &(0x7f0000000140)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) sendfile(r4, r4, 0x0, 0x10000008) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r5, 0x0, 0x0) clock_getres(0xfffffffffffffff1, 0x0) syz_usb_control_io$hid(r5, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00222200000096010006010003000000002a90a01700000000b3813e25030bdde84050b3"], 0x0}, 0x0) 2.933113014s ago: executing program 3 (id=796): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x34, r1, 0xb97534d5fe9704cf, 0x70bd2b, 0x25dfdbfe, {{0x12}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0xfffffff8, 0xfffffff5}}]}, 0x34}}, 0x0) 2.312832851s ago: executing program 3 (id=797): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a594"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$TCXONC(r1, 0x540a, 0x2) read(r1, 0x0, 0x0) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000)) r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x200) ioctl$TCXONC(r2, 0x540a, 0x2) ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0xff92, 0x0, 0x0, 0x80000000}) 1.304120184s ago: executing program 0 (id=798): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@ipv6_delroute={0x24, 0x19, 0x1, 0x70bd27, 0x0, {0xa, 0x0, 0x20, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3a00}, [@RTA_PRIORITY={0x8, 0x1e, 0x1}]}, 0x24}}, 0x0) 1.287407465s ago: executing program 5 (id=799): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000480)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x1fff, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) write(r0, &(0x7f0000000180)="83ff00000000000054aa4d5e8e655395f17502dafa86f416", 0x18) 1.017737196s ago: executing program 6 (id=800): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000001c0)=ANY=[], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0) userfaultfd(0x801) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000080)={r3, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237601a8ca5b07dcc141802c4dacf162e43ac61f7ad330000000000a04100", [0xfffffffffffffce8, 0xa]}}) ioctl$BLKRRPART(r2, 0x125f, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec85"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000c80)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x6051eb40cfe71a54, 0xe0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='rtc_irq_set_state\x00', r5, 0x0, 0x4000000}, 0x18) ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000440)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x1000, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x28, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000400), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, r5}, 0x94) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="340000003e0007012bbd700000000000017c000004", @ANYBLOB="080002807235ab62080007"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) 1.015122657s ago: executing program 0 (id=810): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x18) fcntl$setlease(r0, 0x400, 0x0) 939.88039ms ago: executing program 5 (id=801): timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) socket$inet6_sctp(0xa, 0x801, 0x84) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000280)=[{0x6, 0x7, 0xf2, 0x7fff0003}]}) membarrier(0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0, 0x0, 0x7fffffffefffffff}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x18, 0x7, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x80000000, 0x0, 0x0, 0x0, 0xc}, 0x94) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) r5 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/net\x00') sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010c25bd7000ffdbdf251400000008001d00", @ANYRES32=r5, @ANYBLOB="08000300", @ANYRES32=r4], 0x24}, 0x1, 0x0, 0x0, 0x20040801}, 0x20000004) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r6}, &(0x7f0000000740), &(0x7f0000000780)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, 0x0, &(0x7f0000000140)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x5af703dbb2383689, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_udp(0xa, 0x2, 0x0) 853.492753ms ago: executing program 0 (id=802): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x1c0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_rdma(0x10, 0x3, 0x14) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0xc, 0x7, 0x0, 0x40000005, 0x1, 0x7, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r4, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42}, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x10) setsockopt$inet_mreq(r0, 0x0, 0x23, 0x0, 0x0) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r5, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setresgid(0xffffffffffffffff, 0xffffffffffffffff, 0xee00) setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000040)={@multicast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @info_reply={0x10, 0x0, 0x0, 0x3, 0xe}}}}}, 0x0) socket(0x10, 0x3, 0x0) 480.073189ms ago: executing program 5 (id=803): syz_init_net_socket$x25(0x9, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0xc3) socket$nl_route(0x10, 0x3, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x78}, 0x0) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000180)={0x0, 0x3e, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010028bd70000700000002000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) 226.71794ms ago: executing program 3 (id=804): openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xd}, 0x18) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200006, 0x8, &(0x7f0000006680)) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r4, 0xc0a85352, &(0x7f0000000200)={{0x80, 0x4}, 'port1\x00', 0x89, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x200000, 0x0, 0x4875c99660ff2b28}) 0s ago: executing program 5 (id=805): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r3 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20) connect$l2tp6(r3, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) sendmmsg$inet6(r3, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00) kernel console output (not intermixed with test programs): : veth0_to_batadv: link becomes ready [ 72.371916][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 72.380619][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 72.391460][ T4193] device veth0_vlan entered promiscuous mode [ 72.402541][ T4182] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.420162][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 72.430132][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 72.439079][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 72.448084][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 72.460824][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.469149][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.482357][ T4191] device veth0_macvtap entered promiscuous mode [ 72.498381][ T4182] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.507753][ T4182] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.516857][ T4182] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.525585][ T4182] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.543810][ T4193] device veth1_vlan entered promiscuous mode [ 72.552887][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 72.562369][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 72.577296][ T4185] device veth0_macvtap entered promiscuous mode [ 72.585434][ T4191] device veth1_macvtap entered promiscuous mode [ 72.615168][ T4190] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.624970][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 72.633856][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 72.653553][ T4185] device veth1_macvtap entered promiscuous mode [ 72.696940][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.708864][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.721291][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.731914][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 72.740648][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 72.749766][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 72.758691][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 72.778829][ T4193] device veth0_macvtap entered promiscuous mode [ 72.796586][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.821703][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.835443][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.862680][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.875557][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.888184][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.898864][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.910461][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.920970][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 72.932287][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 72.941410][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 72.952202][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 72.961732][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 72.973572][ T4191] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.989115][ T4191] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.000968][ T4191] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.013641][ T4191] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.030262][ T4193] device veth1_macvtap entered promiscuous mode [ 73.040917][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.052236][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.064497][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.075132][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.087222][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.111196][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 73.117296][ T4225] Bluetooth: hci1: command 0x040f tx timeout [ 73.121183][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.131372][ T4225] Bluetooth: hci0: command 0x040f tx timeout [ 73.135499][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.160984][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.173557][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.184342][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.195116][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.196932][ T4225] Bluetooth: hci4: command 0x040f tx timeout [ 73.206048][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.218653][ T4225] Bluetooth: hci2: command 0x040f tx timeout [ 73.222218][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.239142][ T4193] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.257723][ T4185] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.267282][ T4185] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.276376][ T4225] Bluetooth: hci3: command 0x040f tx timeout [ 73.276396][ T4185] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.294789][ T4185] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.316882][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.325582][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.337650][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.348895][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.360875][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.371391][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.382475][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.393367][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.405083][ T4193] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.432787][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.449067][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.458343][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 73.468174][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.479845][ T4193] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.489462][ T4193] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.498483][ T4193] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.500384][ T793] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.510049][ T4193] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.525305][ T793] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.556482][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 73.566264][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.575303][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.584332][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.592692][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.617964][ T4190] device veth0_vlan entered promiscuous mode [ 73.699628][ T4190] device veth1_vlan entered promiscuous mode [ 73.743223][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.752824][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.771256][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.780103][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.800574][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 73.809669][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 73.819256][ T4269] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.850454][ T793] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.861389][ T793] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.885106][ T4269] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.904679][ T4190] device veth0_macvtap entered promiscuous mode [ 73.919289][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 73.928146][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 73.938378][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.950896][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.980308][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.991888][ T4190] device veth1_macvtap entered promiscuous mode [ 73.996307][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.007657][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.030156][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.045713][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.109909][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.131837][ T793] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.141004][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.155501][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.155894][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.174533][ T793] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.184420][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.221016][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.245931][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.275936][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.293660][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.316726][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.337656][ T4301] loop1: detected capacity change from 0 to 764 [ 74.348388][ T4190] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.379396][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.391045][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.402898][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.420513][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.434084][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.444735][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.455271][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.466391][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.528575][ T4190] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.544022][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 74.698681][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 74.728212][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.746502][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.851587][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.881849][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.157265][ T4190] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.175870][ T4190] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.193618][ T4190] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.203034][ T13] Bluetooth: hci0: command 0x0419 tx timeout [ 75.216050][ T13] Bluetooth: hci1: command 0x0419 tx timeout [ 75.222182][ T4190] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.287044][ T1111] Bluetooth: hci2: command 0x0419 tx timeout [ 75.293423][ T1111] Bluetooth: hci4: command 0x0419 tx timeout [ 75.364931][ T7] Bluetooth: hci3: command 0x0419 tx timeout [ 75.516316][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 75.525898][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!! [ 75.535781][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!! [ 75.544756][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!! [ 75.554448][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!! [ 75.563372][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!! [ 75.572271][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!! [ 75.581184][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 75.590176][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 75.599227][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 77.160150][ T4306] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.215896][ T4306] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.230360][ T26] audit: type=1326 audit(1764701683.108:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4315 comm="syz.2.3" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fad5458d749 code=0x0 [ 77.534677][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.977321][ T4269] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.375088][ T4269] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.404349][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 78.530578][ T4328] tipc: Started in network mode [ 78.536237][ T4328] tipc: Node identity 066425ec82f1, cluster identity 4711 [ 78.544182][ T4328] tipc: Enabled bearer , priority 0 [ 78.559448][ T4328] tipc: Resetting bearer [ 78.580520][ T4326] tipc: Disabling bearer [ 79.155717][ T4348] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17'. [ 79.246829][ T4348] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17'. [ 80.279416][ T4346] loop4: detected capacity change from 0 to 32768 [ 80.536338][ T4368] sg_write: data in/out 8389597/42 bytes for SCSI command 0x0-- guessing data in; [ 80.536338][ T4368] program syz.3.22 not setting count and/or reply_len properly [ 80.632029][ T4371] Zero length message leads to an empty skb [ 81.146380][ T4346] XFS (loop4): Mounting V5 Filesystem [ 82.372800][ T4346] XFS (loop4): Ending clean mount [ 82.422812][ T4346] XFS (loop4): Quotacheck needed: Please wait. [ 82.875756][ T4346] XFS (loop4): Quotacheck: Done. [ 83.413234][ T4190] XFS (loop4): Unmounting Filesystem [ 83.518731][ T4402] loop3: detected capacity change from 0 to 512 [ 83.598632][ T4246] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 83.631970][ T4402] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 83.695999][ T4402] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 83.823839][ T4402] EXT4-fs (loop3): 1 truncate cleaned up [ 83.855989][ T4246] usb 2-1: Using ep0 maxpacket: 8 [ 83.869338][ T4402] EXT4-fs (loop3): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 83.981764][ T4246] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 84.005584][ T4246] usb 2-1: config 0 has no interface number 0 [ 84.179508][ T4246] usb 2-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 84.735895][ T4246] usb 2-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 84.755937][ T4246] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 84.769456][ T4246] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 84.778824][ T4246] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.844113][ T4246] usb 2-1: config 0 descriptor?? [ 84.915273][ T4246] ldusb 2-1:0.55: Interrupt in endpoint not found [ 85.131339][ T4420] loop3: detected capacity change from 0 to 1024 [ 85.171776][ T4420] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 85.174484][ T4246] usb 2-1: USB disconnect, device number 2 [ 85.307091][ T4420] EXT4-fs (loop3): mounted filesystem without journal. Opts: minixdf,bsddf,barrier=0x0000000000000009,commit=0x0000000000000005,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,noblock_validity,nomblk_io_submit,,errors=continue. Quota mode: none. [ 85.450135][ T26] audit: type=1800 audit(1764701691.328:3): pid=4420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.35" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 86.238797][ T4418] loop2: detected capacity change from 0 to 32768 [ 86.389281][ T4416] loop0: detected capacity change from 0 to 32768 [ 86.392811][ T4418] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 scanned by syz.2.36 (4418) [ 86.480557][ T4418] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 86.496386][ T4418] BTRFS info (device loop2): using free space tree [ 86.502956][ T4418] BTRFS info (device loop2): has skinny extents [ 86.648874][ T4416] XFS (loop0): Mounting V5 Filesystem [ 86.804577][ T1108] cfg80211: failed to load regulatory.db [ 87.505900][ T4418] BTRFS info (device loop2): enabling ssd optimizations [ 87.539268][ T4416] XFS (loop0): Ending clean mount [ 87.574122][ T4416] XFS (loop0): Quotacheck needed: Please wait. [ 87.839377][ T4416] XFS (loop0): Quotacheck: Done. [ 88.109586][ T4182] XFS (loop0): Unmounting Filesystem [ 88.159103][ T4429] loop1: detected capacity change from 0 to 32768 [ 88.753368][ T4474] tipc: Started in network mode [ 88.758611][ T4474] tipc: Node identity ae729318009a, cluster identity 4711 [ 88.786116][ T4474] tipc: Enabled bearer , priority 0 [ 88.817920][ T4478] device syzkaller0 entered promiscuous mode [ 88.911421][ T4429] XFS (loop1): Mounting V5 Filesystem [ 88.967496][ T4474] tipc: Resetting bearer [ 89.017566][ T4469] tipc: Resetting bearer [ 89.027699][ T4429] XFS (loop1): Ending clean mount [ 89.087055][ T4469] tipc: Disabling bearer [ 89.213488][ T4174] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 9 /dev/loop2 scanned by udevd (4174) [ 89.242065][ T4489] capability: warning: `syz.2.44' uses 32-bit capabilities (legacy support in use) [ 89.273948][ T4473] loop3: detected capacity change from 0 to 40427 [ 89.317195][ T4185] XFS (loop1): Unmounting Filesystem [ 89.326679][ T4473] ======================================================= [ 89.326679][ T4473] WARNING: The mand mount option has been deprecated and [ 89.326679][ T4473] and is ignored by this kernel. Remove the mand [ 89.326679][ T4473] option from the mount to silence this warning. [ 89.326679][ T4473] ======================================================= [ 89.533534][ T4473] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 89.583684][ T4473] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 90.333773][ T4473] F2FS-fs (loop3): invalid crc value [ 90.429594][ T4473] F2FS-fs (loop3): Found nat_bits in checkpoint [ 90.585159][ T4473] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 90.596472][ T4473] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 90.665889][ T4173] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 90.778147][ T4510] loop1: detected capacity change from 0 to 512 [ 90.862378][ T4510] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 90.892480][ T4510] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.918124][ T4173] usb 5-1: Using ep0 maxpacket: 8 [ 91.166390][ T4173] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 91.175225][ T4173] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 91.185401][ T4173] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 91.196561][ T4173] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 91.206772][ T4173] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 91.230026][ T4173] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 91.302815][ T4173] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.838692][ T4518] loop3: detected capacity change from 0 to 256 [ 91.904142][ T4498] loop0: detected capacity change from 0 to 40427 [ 91.931455][ T4521] loop2: detected capacity change from 0 to 512 [ 92.101170][ T4498] F2FS-fs (loop0): build fault injection attr: rate: 14, type: 0x1ffff [ 92.109695][ T4521] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 92.164816][ T4521] EXT4-fs (loop2): 1 truncate cleaned up [ 92.176612][ T4521] EXT4-fs (loop2): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 92.996612][ T4528] usbtmc 5-1:16.0: simple control status returned 4b [ 93.236080][ T4481] usb 5-1: USB disconnect, device number 2 [ 94.008716][ T4540] tipc: Started in network mode [ 94.052783][ T4540] tipc: Node identity 96d7adaf0ce2, cluster identity 4711 [ 94.112742][ T4540] tipc: Enabled bearer , priority 0 [ 94.170525][ T4542] device syzkaller0 entered promiscuous mode [ 94.251287][ T4533] loop1: detected capacity change from 0 to 32768 [ 94.273427][ T4540] tipc: Resetting bearer [ 94.290703][ T4533] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.54 (4533) [ 94.312367][ T4539] tipc: Resetting bearer [ 94.381505][ T4533] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 94.391569][ T4539] tipc: Disabling bearer [ 94.426965][ T4533] BTRFS info (device loop1): using free space tree [ 94.455966][ T4533] BTRFS info (device loop1): has skinny extents [ 95.371748][ T4533] BTRFS info (device loop1): enabling ssd optimizations [ 95.412735][ T4544] loop0: detected capacity change from 0 to 32768 [ 95.616610][ T4544] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 95.808395][ T4541] loop4: detected capacity change from 0 to 32768 [ 95.952964][ T4541] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz.4.57 (4541) [ 95.986958][ T4182] (syz-executor,4182,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 95.996326][ T4580] loop2: detected capacity change from 0 to 64 [ 96.038277][ T4182] ocfs2: Unmounting device (7,0) on (node local) [ 96.050295][ T4541] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 96.091554][ T4541] BTRFS info (device loop4): using free space tree [ 96.108783][ T4541] BTRFS info (device loop4): has skinny extents [ 96.220550][ T4580] loop_set_status: loop2 () has still dirty pages (nrpages=4) [ 96.289029][ T4597] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 96.620111][ T4541] BTRFS info (device loop4): enabling ssd optimizations [ 96.787031][ T4618] loop0: detected capacity change from 0 to 1024 [ 96.891580][ T4541] BTRFS info (device loop4): balance: start -d -m -s [ 97.104555][ T4541] BTRFS info (device loop4): relocating block group 6881280 flags data|metadata [ 97.171679][ T4541] BTRFS info (device loop4): balance: canceled [ 97.263482][ T4622] affs: No valid root block on device nullb0 [ 97.545239][ T4375] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.798663][ T4375] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.891157][ T4375] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.280216][ T4640] binder: 4627:4640 unknown command 1074553619 [ 98.286630][ T4640] binder: 4627:4640 ioctl c0306201 200000000540 returned -22 [ 99.084492][ T4375] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.329108][ T4647] loop4: detected capacity change from 0 to 262144 [ 100.407362][ T4646] netlink: 'syz.0.75': attribute type 21 has an invalid length. [ 100.415353][ T4646] netlink: 'syz.0.75': attribute type 1 has an invalid length. [ 100.423231][ T4646] netlink: 132 bytes leftover after parsing attributes in process `syz.0.75'. [ 100.436095][ T4647] F2FS-fs (loop4): Wrong secs_per_zone / total_sections (419430401, 27) [ 100.444519][ T4647] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 100.557336][ T4647] F2FS-fs (loop4): Found nat_bits in checkpoint [ 100.651128][ T4647] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 100.658798][ T4647] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 101.277141][ T4649] chnl_net:caif_netlink_parms(): no params data found [ 101.624018][ T4657] loop3: detected capacity change from 0 to 32768 [ 101.876108][ T4481] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 102.146053][ T4481] usb 2-1: Using ep0 maxpacket: 8 [ 102.280062][ T4481] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 102.324537][ T4481] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 102.349653][ T4657] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode. [ 102.398080][ T4481] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 102.545395][ T4481] usb 2-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 102.660119][ T4481] usb 2-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 102.729125][ T4481] usb 2-1: config 168 interface 0 has no altsetting 0 [ 102.769741][ T4637] Bluetooth: hci3: command 0x0409 tx timeout [ 102.818736][ T4481] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 102.832901][ T4193] ocfs2: Unmounting device (7,3) on (node local) [ 102.840797][ T4481] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 102.865466][ T4481] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 102.881666][ T4481] usb 2-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 102.894433][ T4481] usb 2-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 102.996008][ T4481] usb 2-1: config 168 interface 0 has no altsetting 0 [ 103.116333][ T4481] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 103.136487][ T4649] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.145964][ T4481] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 103.146732][ T4189] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 103.165205][ T4649] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.169997][ T4481] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 103.223152][ T4649] device bridge_slave_0 entered promiscuous mode [ 103.276083][ T4481] usb 2-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 103.287946][ T4649] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.295054][ T4649] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.315856][ T4637] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 103.347881][ T4481] usb 2-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 103.363026][ T4649] device bridge_slave_1 entered promiscuous mode [ 103.380187][ T4481] usb 2-1: config 168 interface 0 has no altsetting 0 [ 103.627490][ T4681] loop0: detected capacity change from 0 to 40427 [ 103.686894][ T4637] usb 5-1: Using ep0 maxpacket: 8 [ 103.718237][ T4681] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 103.726359][ T4681] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 103.743895][ T4681] F2FS-fs (loop0): invalid crc value [ 104.169954][ T4649] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.385495][ T4681] F2FS-fs (loop0): Found nat_bits in checkpoint [ 104.440325][ T4681] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 104.447592][ T4681] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 104.529811][ T4649] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.615911][ T4481] usb 2-1: string descriptor 0 read error: -71 [ 104.622602][ T4481] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 104.632406][ T4637] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 104.676576][ T4637] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 105.485547][ T4481] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.504691][ T4637] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 105.531210][ T26] audit: type=1800 audit(1764701710.658:4): pid=4696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.83" name="file1" dev="loop0" ino=10 res=0 errno=0 [ 105.646146][ T4481] usb 2-1: can't set config #168, error -71 [ 105.665510][ T4637] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 105.682328][ T4601] Bluetooth: hci3: command 0x041b tx timeout [ 105.733523][ T4481] usb 2-1: USB disconnect, device number 3 [ 105.825442][ T4637] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 105.858799][ T4637] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.945190][ T4637] usb 5-1: can't set config #16, error -71 [ 105.966447][ T4637] usb 5-1: USB disconnect, device number 3 [ 106.572865][ T4182] attempt to access beyond end of device [ 106.572865][ T4182] loop0: rw=2049, want=40968, limit=40427 [ 106.579316][ T4649] team0: Port device team_slave_0 added [ 106.618998][ T4375] tipc: Left network mode [ 106.654555][ T4649] team0: Port device team_slave_1 added [ 106.947736][ T4649] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.963071][ T4649] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.001950][ T4649] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.058614][ T4649] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.065616][ T4649] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.766520][ T4615] Bluetooth: hci3: command 0x040f tx timeout [ 107.913998][ T4649] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.067701][ T4649] device hsr_slave_0 entered promiscuous mode [ 108.116271][ T4649] device hsr_slave_1 entered promiscuous mode [ 108.143580][ T4649] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 108.163548][ T4649] Cannot create hsr debugfs directory [ 108.317488][ T4732] loop3: detected capacity change from 0 to 1024 [ 108.380654][ T4732] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 108.677476][ T4732] EXT4-fs (loop3): mounted filesystem without journal. Opts: minixdf,bsddf,barrier=0x0000000000000009,commit=0x0000000000000005,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,noblock_validity,nomblk_io_submit,,errors=continue. Quota mode: none. [ 108.726629][ T26] audit: type=1800 audit(1764701714.598:5): pid=4732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.93" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 109.311666][ T4720] loop4: detected capacity change from 0 to 32768 [ 109.316119][ T4743] syz.1.94 uses obsolete (PF_INET,SOCK_PACKET) [ 109.377444][ T4745] tipc: Started in network mode [ 109.379900][ T4720] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.90 (4720) [ 109.398231][ T4745] tipc: Node identity de446c777dc7, cluster identity 4711 [ 109.417127][ T4745] tipc: Enabled bearer , priority 0 [ 109.444672][ T4720] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 109.469630][ T4720] BTRFS info (device loop4): using free space tree [ 109.483336][ T4745] device syzkaller0 entered promiscuous mode [ 109.492214][ T4720] BTRFS info (device loop4): has skinny extents [ 109.547416][ T4745] tipc: Resetting bearer [ 109.591892][ T4649] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 109.824541][ T4739] tipc: Resetting bearer [ 110.682558][ T4292] tipc: Node number set to 2743299191 [ 110.722920][ T4173] Bluetooth: hci3: command 0x0419 tx timeout [ 110.789605][ T4720] BTRFS error (device loop4): open_ctree failed: -12 [ 110.820724][ T4739] tipc: Disabling bearer [ 110.868771][ T4649] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 111.663865][ T4649] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 111.690029][ T4649] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 112.147149][ T4375] device hsr_slave_0 left promiscuous mode [ 112.241838][ T4375] device hsr_slave_1 left promiscuous mode [ 112.604738][ T4375] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 112.646888][ T4375] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 112.717821][ T4375] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 112.725394][ T4375] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 112.768326][ T4375] device bridge_slave_1 left promiscuous mode [ 112.789243][ T4375] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.982882][ T4375] device bridge_slave_0 left promiscuous mode [ 113.004182][ T4375] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.044513][ T4375] device veth1_macvtap left promiscuous mode [ 113.058825][ T4375] device veth0_macvtap left promiscuous mode [ 113.108143][ T4790] loop3: detected capacity change from 0 to 32768 [ 113.640364][ T4790] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.99 (4790) [ 113.690552][ T4375] device veth1_vlan left promiscuous mode [ 113.718948][ T4375] device veth0_vlan left promiscuous mode [ 113.818312][ T4615] Bluetooth: hci3: command 0x0405 tx timeout [ 113.853726][ T4790] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 113.907068][ T4790] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 113.965912][ T4790] BTRFS info (device loop3): force zstd compression, level 3 [ 114.016801][ T4790] BTRFS info (device loop3): turning on sync discard [ 114.044858][ T4790] BTRFS info (device loop3): force clearing of disk cache [ 114.063068][ T4790] BTRFS info (device loop3): enabling disk space caching [ 114.437270][ T4790] BTRFS info (device loop3): turning off discard [ 114.522305][ T4790] BTRFS info (device loop3): disk space caching is enabled [ 114.604520][ T4790] BTRFS info (device loop3): has skinny extents [ 115.880723][ T4790] BTRFS error (device loop3): open_ctree failed: -12 [ 115.881214][ T4174] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by udevd (4174) [ 116.058860][ T4859] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 116.322897][ T4867] loop1: detected capacity change from 0 to 64 [ 116.358738][ T4867] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 116.421062][ T4375] team0 (unregistering): Port device team_slave_1 removed [ 116.453672][ T4375] team0 (unregistering): Port device team_slave_0 removed [ 116.493058][ T4375] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 116.554804][ T4375] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 117.181851][ T4375] bond0 (unregistering): Released all slaves [ 117.309814][ T4815] sch_fq: defrate 6 ignored. [ 117.439480][ T4865] tipc: Started in network mode [ 117.467357][ T4865] tipc: Node identity e2410f64850b, cluster identity 4711 [ 117.487089][ T4865] tipc: Enabled bearer , priority 0 [ 117.510827][ T4865] tipc: Disabling bearer [ 118.473434][ T4649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.086620][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.112554][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.188365][ T4649] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.248500][ T4891] Cannot find set identified by id 0 to match [ 119.278238][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.432466][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.522850][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.530049][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.542132][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.563126][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.603434][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.610666][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.797491][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 119.816470][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.842868][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.919945][ T4377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 119.945274][ T4377] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.973013][ T4377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 120.005541][ T4377] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.025032][ T4377] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 120.077188][ T4878] loop1: detected capacity change from 0 to 32768 [ 120.151333][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.188562][ T4878] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 120.205124][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.222992][ T4878] BTRFS info (device loop1): using free space tree [ 120.246358][ T4878] BTRFS info (device loop1): has skinny extents [ 120.264678][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.299108][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.337255][ T4649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 121.777237][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 121.784764][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 121.831711][ T4649] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 121.887259][ T4878] BTRFS error (device loop1): open_ctree failed: -12 [ 122.136114][ T4942] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 122.456284][ T4956] tipc: Enabled bearer , priority 0 [ 122.497826][ T4956] device syzkaller0 entered promiscuous mode [ 122.516139][ T4942] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 122.537703][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 122.553503][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 122.561925][ T4942] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 122.594793][ T4956] tipc: Resetting bearer [ 122.605693][ T4942] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 122.646117][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 122.652123][ T4942] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.665027][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 122.686630][ T4942] usb 4-1: config 0 descriptor?? [ 122.697794][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 122.731841][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 122.739704][ T4942] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 122.755521][ T4955] tipc: Resetting bearer [ 122.797008][ T4955] tipc: Disabling bearer [ 122.819639][ T4649] device veth0_vlan entered promiscuous mode [ 122.867692][ T4649] device veth1_vlan entered promiscuous mode [ 123.013952][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 123.049889][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 123.075349][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 123.136340][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 123.162194][ T4649] device veth0_macvtap entered promiscuous mode [ 123.199658][ T4649] device veth1_macvtap entered promiscuous mode [ 123.310186][ T4649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.325272][ T4649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.347380][ T4979] vxcan1: tx drop: invalid da for name 0x0000000000000003 [ 123.385879][ T4649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.428328][ T4649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.445651][ T4649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.510769][ T4649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.533943][ T4649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.551651][ T4649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.649859][ T4649] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 123.755125][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 123.773051][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 124.019878][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 124.194556][ T4325] libceph: connect (1)[c::]:6789 error -101 [ 124.284912][ T4989] ceph: No mds server is up or the cluster is laggy [ 124.299877][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 124.308859][ T4325] libceph: mon0 (1)[c::]:6789 connect error [ 124.538995][ T4649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.569356][ T4649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.585661][ T4649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.602355][ T4649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.613778][ T4649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.626766][ T4649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.637197][ T4649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.648235][ T4649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.671772][ T4649] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.717317][ T4649] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.777387][ T4649] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.814635][ T4194] usb 4-1: USB disconnect, device number 2 [ 124.860845][ T4649] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.880094][ T4649] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.957753][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 125.178470][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 125.810414][ T5005] tipc: Enabled bearer , priority 0 [ 125.827278][ T5008] device syzkaller0 entered promiscuous mode [ 125.878505][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.931573][ T5005] tipc: Resetting bearer [ 126.065888][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.603082][ T5004] tipc: Resetting bearer [ 126.826879][ T5004] tipc: Disabling bearer [ 126.896059][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 128.184579][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.259539][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.341382][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 128.652142][ T4477] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 128.916066][ T4477] usb 2-1: Using ep0 maxpacket: 32 [ 129.066236][ T4477] usb 2-1: config 250 has an invalid interface number: 228 but max is 0 [ 129.379683][ T4477] usb 2-1: config 250 has no interface number 0 [ 129.446598][ T4477] usb 2-1: New USB device found, idVendor=041e, idProduct=4034, bcdDevice=ff.d7 [ 130.305196][ T4477] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.407990][ T4477] usb 2-1: can't set config #250, error -71 [ 130.456586][ T4477] usb 2-1: USB disconnect, device number 4 [ 130.501975][ T5047] 9pnet: p9_fd_create_tcp (5047): problem connecting socket to 127.0.0.1 [ 130.652837][ T5047] 9pnet: p9_fd_create_tcp (5047): problem connecting socket to 127.0.0.1 [ 130.844415][ T5047] 9pnet: p9_fd_create_tcp (5047): problem connecting socket to 127.0.0.1 [ 130.939301][ T5047] 9pnet: p9_fd_create_tcp (5047): problem connecting socket to 127.0.0.1 [ 131.026290][ T5047] 9pnet: p9_fd_create_tcp (5047): problem connecting socket to 127.0.0.1 [ 131.060346][ T5047] 9pnet: p9_fd_create_tcp (5047): problem connecting socket to 127.0.0.1 [ 131.081799][ T5047] 9pnet: p9_fd_create_tcp (5047): problem connecting socket to 127.0.0.1 [ 131.226363][ T5047] 9pnet: p9_fd_create_tcp (5047): problem connecting socket to 127.0.0.1 [ 131.341346][ T5047] 9pnet: p9_fd_create_tcp (5047): problem connecting socket to 127.0.0.1 [ 132.699304][ T5063] sctp: failed to load transform for md5: -2 [ 132.717997][ T5072] tipc: Enabled bearer , priority 0 [ 132.805604][ T5072] device syzkaller0 entered promiscuous mode [ 132.856529][ T5076] tipc: Resetting bearer [ 132.878636][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.884985][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.945498][ T5071] tipc: Resetting bearer [ 133.031141][ T5071] tipc: Disabling bearer [ 133.388553][ T5098] netlink: 104 bytes leftover after parsing attributes in process `syz.4.153'. [ 133.499259][ T5101] netlink: 28 bytes leftover after parsing attributes in process `syz.1.154'. [ 134.455996][ T4636] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 135.276146][ T4636] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.495890][ T4636] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.674226][ T4636] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 135.712184][ T4636] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 135.723888][ T4636] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.727194][ T5135] tipc: Enabled bearer , priority 0 [ 135.907468][ T5140] device syzkaller0 entered promiscuous mode [ 136.524449][ T4636] usb 5-1: config 0 descriptor?? [ 136.648849][ T5135] tipc: Resetting bearer [ 136.693984][ T5133] tipc: Resetting bearer [ 136.730400][ T5133] tipc: Disabling bearer [ 136.767221][ T4636] usbhid 5-1:0.0: can't add hid device: -71 [ 136.785982][ T4636] usbhid: probe of 5-1:0.0 failed with error -71 [ 136.820839][ T4636] usb 5-1: USB disconnect, device number 4 [ 137.721433][ T5157] block device autoloading is deprecated and will be removed. [ 138.108903][ T4609] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 138.116676][ T4857] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 138.406057][ T4609] usb 6-1: Using ep0 maxpacket: 16 [ 138.565985][ T4857] usb 1-1: unable to get BOS descriptor or descriptor too short [ 138.656294][ T4857] usb 1-1: not running at top speed; connect to a high speed hub [ 138.664227][ T4609] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 138.677919][ T5185] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 138.695715][ T4609] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 138.787474][ T4857] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 138.905935][ T4857] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 139.147487][ T4609] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 139.195424][ T4609] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.205845][ T4609] usb 6-1: Product: syz [ 139.216154][ T4609] usb 6-1: Manufacturer: syz [ 139.227924][ T4609] usb 6-1: SerialNumber: syz [ 139.288326][ T4857] usb 1-1: string descriptor 0 read error: -22 [ 139.295456][ T4857] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 139.333629][ T4857] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.567382][ T4609] usb 6-1: 0:2 : does not exist [ 140.573277][ T4609] usb 6-1: unit 5 not found! [ 140.611032][ T4857] usb 1-1: 0:2 : does not exist [ 140.646259][ T4609] usb 6-1: USB disconnect, device number 2 [ 140.764132][ T5201] tipc: Started in network mode [ 140.816008][ T5201] tipc: Node identity 967c392109fb, cluster identity 4711 [ 140.865597][ T5201] tipc: Enabled bearer , priority 0 [ 140.887760][ T5209] device syzkaller0 entered promiscuous mode [ 140.925077][ T5201] tipc: Resetting bearer [ 140.961153][ T5199] tipc: Resetting bearer [ 140.977859][ T5199] tipc: Disabling bearer [ 141.637250][ T4857] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 142.671198][ T4857] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 142.783071][ T4857] usb 1-1: USB disconnect, device number 2 [ 142.826829][ T4174] udevd[4174]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 142.905998][ T4616] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 143.158793][ T5240] netlink: 12 bytes leftover after parsing attributes in process `syz.5.187'. [ 143.165971][ T4616] usb 4-1: Using ep0 maxpacket: 32 [ 143.376211][ T4616] usb 4-1: unable to get BOS descriptor or descriptor too short [ 143.386380][ T5247] futex_wake_op: syz.4.188 tries to shift op by -1; fix this program [ 144.016121][ T4616] usb 4-1: config 128 has an invalid interface number: 127 but max is 3 [ 144.048807][ T4616] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 144.150337][ T4616] usb 4-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 144.220738][ T4616] usb 4-1: config 128 has no interface number 0 [ 144.380537][ T4616] usb 4-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 1828, setting to 1024 [ 145.076839][ T26] audit: type=1326 audit(1764701750.468:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5255 comm="syz.0.190" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffbbf750749 code=0x0 [ 146.115955][ T4616] usb 4-1: config 128 interface 127 has no altsetting 0 [ 146.266293][ T4616] usb 4-1: string descriptor 0 read error: -71 [ 146.272603][ T4616] usb 4-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 146.343735][ T5269] tipc: Enabled bearer , priority 0 [ 146.358728][ T4616] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.408949][ T5265] device syzkaller0 entered promiscuous mode [ 146.426774][ T4616] usb 4-1: can't set config #128, error -71 [ 146.454943][ T4616] usb 4-1: USB disconnect, device number 3 [ 146.516288][ T5266] tipc: Resetting bearer [ 146.607681][ T5262] tipc: Resetting bearer [ 146.655895][ T5262] tipc: Disabling bearer [ 146.711632][ T5278] loop0: detected capacity change from 0 to 64 [ 146.768337][ T5278] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 146.907115][ T5281] overlayfs: unrecognized mount option "uuid=null" or missing value [ 147.865907][ T4481] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 148.206474][ T4481] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 148.314480][ T4643] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 148.326829][ T4481] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 148.574960][ T4481] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 148.590497][ T4481] usb 2-1: config 0 interface 0 has no altsetting 0 [ 148.806539][ T4481] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 148.832640][ T4481] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 148.950154][ T4481] usb 2-1: config 0 interface 0 has no altsetting 0 [ 149.036269][ T4643] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 149.087133][ T4481] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.113430][ T4643] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 149.219496][ T4481] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.377104][ T4643] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 149.422752][ T4481] usb 2-1: config 0 interface 0 has no altsetting 0 [ 149.745088][ T4643] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.826475][ T4643] usb 1-1: config 0 descriptor?? [ 149.836006][ T4481] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.845135][ T4481] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.891907][ T4643] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 149.901611][ T4481] usb 2-1: config 0 interface 0 has no altsetting 0 [ 150.056389][ T4481] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 150.066253][ T4481] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 150.158160][ T4481] usb 2-1: config 0 interface 0 has no altsetting 0 [ 150.265963][ T4481] usb 2-1: unable to read config index 5 descriptor/start: -71 [ 150.294347][ T4481] usb 2-1: can't read configurations, error -71 [ 150.405898][ T4616] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 151.651859][ T4477] usb 1-1: USB disconnect, device number 3 [ 151.661649][ T5324] ceph: No mds server is up or the cluster is laggy [ 151.670681][ T4942] libceph: connect (1)[c::]:6789 error -101 [ 151.678528][ T4942] libceph: mon0 (1)[c::]:6789 connect error [ 151.705876][ T4616] usb 4-1: Using ep0 maxpacket: 8 [ 151.748596][ T5333] tipc: Enabled bearer , priority 0 [ 151.764179][ T5333] device syzkaller0 entered promiscuous mode [ 151.876972][ T5333] tipc: Resetting bearer [ 151.884850][ T5329] tipc: Resetting bearer [ 151.935891][ T4616] usb 4-1: string descriptor 0 read error: -71 [ 151.942255][ T4616] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 151.974832][ T5347] loop1: detected capacity change from 0 to 1024 [ 151.984721][ T4616] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.027081][ T4616] usb 4-1: config 0 descriptor?? [ 152.051757][ T5329] tipc: Disabling bearer [ 152.094977][ T4616] usb 4-1: can't set config #0, error -71 [ 152.622490][ T4616] usb 4-1: USB disconnect, device number 4 [ 152.656319][ T5347] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 153.319870][ T5347] EXT4-fs (loop1): mounted filesystem without journal. Opts: minixdf,bsddf,barrier=0x0000000000000009,commit=0x0000000000000005,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,noblock_validity,nomblk_io_submit,,errors=continue. Quota mode: none. [ 153.584839][ T26] audit: type=1800 audit(1764701759.458:7): pid=5347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.211" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 154.803806][ T5385] loop9: detected capacity change from 0 to 7 [ 154.839674][ T4174] Dev loop9: unable to read RDB block 7 [ 154.883773][ T4174] loop9: unable to read partition table [ 154.922858][ T4174] loop9: partition table beyond EOD, truncated [ 154.949606][ T5385] Dev loop9: unable to read RDB block 7 [ 154.968548][ T5385] loop9: unable to read partition table [ 155.095871][ T5385] loop9: partition table beyond EOD, truncated [ 155.112435][ T5385] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 159.853973][ T5446] gfs2: not a GFS2 filesystem [ 161.476092][ T4857] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 161.761426][ T4857] usb 4-1: Using ep0 maxpacket: 16 [ 161.916121][ T4857] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 162.596080][ T4857] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 162.605235][ T4857] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.806058][ T4857] usb 4-1: Product: syz [ 162.810692][ T4857] usb 4-1: Manufacturer: syz [ 162.816426][ T4857] usb 4-1: SerialNumber: syz [ 162.824079][ T4857] usb 4-1: config 0 descriptor?? [ 163.786156][ T4636] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 164.506031][ T4636] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 164.987152][ T4636] usb 2-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 165.080149][ T4636] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 165.682832][ T4636] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.706706][ T4612] usb 4-1: USB disconnect, device number 5 [ 165.860588][ T4636] snd-usb-audio: probe of 2-1:27.0 failed with error -2 [ 165.973686][ T4174] udevd[4174]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 166.036031][ T4636] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 166.070528][ T4643] usb 2-1: USB disconnect, device number 7 [ 166.267918][ T4636] usb 1-1: device descriptor read/64, error -71 [ 167.407134][ T4636] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 167.795872][ T4636] usb 1-1: device descriptor read/64, error -71 [ 167.948039][ T4636] usb usb1-port1: attempt power cycle [ 168.835190][ T5549] tipc: Enabled bearer , priority 0 [ 168.901087][ T5554] device syzkaller0 entered promiscuous mode [ 168.941010][ T5549] tipc: Resetting bearer [ 168.996339][ T5548] tipc: Resetting bearer [ 169.073627][ T5559] tmpfs: Bad value for 'mpol' [ 169.082508][ T5548] tipc: Disabling bearer [ 170.263174][ T4189] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 170.273199][ T4189] CPU: 0 PID: 4189 Comm: kworker/u5:4 Not tainted syzkaller #0 [ 170.280868][ T4189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 170.290947][ T4189] Workqueue: hci1 hci_rx_work [ 170.295684][ T4189] Call Trace: [ 170.298993][ T4189] [ 170.301939][ T4189] dump_stack_lvl+0x168/0x230 [ 170.306647][ T4189] ? show_regs_print_info+0x20/0x20 [ 170.311877][ T4189] ? load_image+0x3b0/0x3b0 [ 170.316420][ T4189] sysfs_create_dir_ns+0x252/0x280 [ 170.321560][ T4189] ? __lock_acquire+0x7c60/0x7c60 [ 170.326614][ T4189] ? sysfs_warn_dup+0xa0/0xa0 [ 170.331414][ T4189] ? le_conn_complete_evt+0xcbc/0x1590 [ 170.336900][ T4189] ? hci_event_packet+0xe05/0x12f0 [ 170.342037][ T4189] ? process_one_work+0x863/0x1000 [ 170.347176][ T4189] ? do_raw_spin_unlock+0x11d/0x230 [ 170.352413][ T4189] kobject_add_internal+0x662/0xd00 [ 170.357647][ T4189] kobject_add+0x152/0x210 [ 170.362080][ T4189] ? kobject_init+0x1d0/0x1d0 [ 170.366768][ T4189] ? klist_children_get+0x50/0x50 [ 170.371794][ T4189] ? get_device_parent+0x121/0x3f0 [ 170.377010][ T4189] device_add+0x483/0xfb0 [ 170.381366][ T4189] hci_conn_add_sysfs+0xd1/0x1e0 [ 170.386308][ T4189] le_conn_complete_evt+0xcbc/0x1590 [ 170.391625][ T4189] ? cs_le_create_conn+0x5e0/0x5e0 [ 170.396767][ T4189] ? __mutex_trylock_common+0x14f/0x250 [ 170.402340][ T4189] hci_le_meta_evt+0x289/0x3b80 [ 170.407197][ T4189] ? hci_event_packet+0x36d/0x12f0 [ 170.412399][ T4189] ? hci_event_packet+0x2e2/0x12f0 [ 170.417515][ T4189] ? __lock_acquire+0x7c60/0x7c60 [ 170.422550][ T4189] ? hci_remote_host_features_evt+0x280/0x280 [ 170.428707][ T4189] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 170.434372][ T4189] ? mark_lock+0x94/0x320 [ 170.438789][ T4189] ? mutex_unlock+0x10/0x10 [ 170.443383][ T4189] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 170.449394][ T4189] ? lock_chain_count+0x20/0x20 [ 170.454251][ T4189] ? __rwlock_init+0x140/0x140 [ 170.459019][ T4189] hci_event_packet+0xe05/0x12f0 [ 170.463960][ T4189] ? lockdep_hardirqs_on+0x94/0x140 [ 170.469164][ T4189] ? rcu_lock_release+0x20/0x20 [ 170.474022][ T4189] ? hci_send_to_monitor+0x9c/0x4a0 [ 170.479224][ T4189] hci_rx_work+0x255/0xa10 [ 170.483658][ T4189] process_one_work+0x863/0x1000 [ 170.488607][ T4189] ? worker_detach_from_pool+0x240/0x240 [ 170.494246][ T4189] ? lockdep_hardirqs_off+0x70/0x100 [ 170.499544][ T4189] ? _raw_spin_lock_irq+0xab/0xe0 [ 170.504571][ T4189] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 170.509947][ T4189] ? wq_worker_running+0x97/0x170 [ 170.514985][ T4189] worker_thread+0xaa8/0x12a0 [ 170.519688][ T4189] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 170.525620][ T4189] ? lockdep_hardirqs_on+0x94/0x140 [ 170.530843][ T4189] ? lockdep_hardirqs_on+0x94/0x140 [ 170.536061][ T4189] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 170.541975][ T4189] kthread+0x436/0x520 [ 170.546047][ T4189] ? rcu_lock_release+0x20/0x20 [ 170.550984][ T4189] ? kthread_blkcg+0xd0/0xd0 [ 170.555577][ T4189] ret_from_fork+0x1f/0x30 [ 170.560003][ T4189] [ 170.575896][ T4189] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 170.589320][ T4189] Bluetooth: hci1: failed to register connection device [ 170.677514][ T5587] netlink: 188 bytes leftover after parsing attributes in process `syz.0.261'. [ 173.458217][ T5604] netlink: 'syz.1.267': attribute type 2 has an invalid length. [ 173.745471][ T5617] tipc: Enabled bearer , priority 0 [ 174.004851][ T4325] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 174.529723][ T5622] device syzkaller0 entered promiscuous mode [ 174.638798][ T5617] tipc: Resetting bearer [ 174.645926][ T4325] usb 4-1: Using ep0 maxpacket: 16 [ 174.672484][ T5616] tipc: Resetting bearer [ 174.722713][ T5616] tipc: Disabling bearer [ 174.876702][ T4325] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 175.187101][ T4325] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 175.261016][ T4325] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.433666][ T4325] usb 4-1: Product: syz [ 175.707925][ T4325] usb 4-1: Manufacturer: syz [ 175.717668][ T4325] usb 4-1: SerialNumber: syz [ 175.731704][ T4325] usb 4-1: config 0 descriptor?? [ 176.209993][ T4643] usb 4-1: USB disconnect, device number 6 [ 176.825774][ C1] sched: RT throttling activated [ 178.443303][ T5663] kAFS: No cell specified [ 182.115902][ T5680] genirq: Flags mismatch irq 4. 00000000 (pcl812) vs. 00000000 (ttyS0) [ 183.814452][ T5696] netlink: 4 bytes leftover after parsing attributes in process `syz.3.291'. [ 184.799862][ T5707] process 'syz.4.293' launched './file1' with NULL argv: empty string added [ 186.826292][ T4481] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 187.075891][ T4481] usb 6-1: Using ep0 maxpacket: 16 [ 187.206146][ T4481] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 187.240790][ T4481] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 187.303190][ T4481] usb 6-1: config 0 interface 0 has no altsetting 0 [ 187.345479][ T4481] usb 6-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00 [ 187.377848][ T4481] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.452008][ T4481] usb 6-1: config 0 descriptor?? [ 188.956197][ T4481] usbhid 6-1:0.0: can't add hid device: -71 [ 188.966068][ T4481] usbhid: probe of 6-1:0.0 failed with error -71 [ 189.398217][ T4481] usb 6-1: USB disconnect, device number 3 [ 191.225131][ T5787] 9pnet: Insufficient options for proto=fd [ 191.314606][ T4477] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 191.477932][ T4636] Bluetooth: hci0: command 0x0406 tx timeout [ 191.484891][ T4636] Bluetooth: hci1: command 0x0406 tx timeout [ 191.580959][ T4636] Bluetooth: hci2: command 0x0406 tx timeout [ 191.615268][ T4636] Bluetooth: hci4: command 0x0406 tx timeout [ 192.786772][ T4477] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 192.797501][ T4477] usb 5-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 192.806232][ T4477] usb 5-1: Product: syz [ 192.810510][ T4477] usb 5-1: Manufacturer: syz [ 192.815101][ T4477] usb 5-1: SerialNumber: syz [ 192.824517][ T4477] usb 5-1: config 0 descriptor?? [ 192.927914][ T4477] ch341 5-1:0.0: ch341-uart converter detected [ 193.309247][ T5818] UBIFS error (pid: 5818): cannot open "./file0", error -22 [ 193.752868][ T4942] Bluetooth: hci4: command 0x0406 tx timeout [ 194.320704][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.327734][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.696029][ T4857] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 195.186130][ T4857] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 195.215421][ T4857] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 195.264554][ T4857] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.320815][ T4857] usb 6-1: config 0 descriptor?? [ 195.404146][ T4857] pwc: Askey VC010 type 2 USB webcam detected. [ 196.536026][ T4606] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 196.544010][ T4857] pwc: recv_control_msg error -32 req 02 val 2b00 [ 196.705994][ T4857] pwc: recv_control_msg error -32 req 02 val 2700 [ 196.801484][ T4477] usb 5-1: failed to send control message: -71 [ 196.802571][ T4857] pwc: recv_control_msg error -32 req 02 val 2c00 [ 196.808873][ T4477] ch341-uart: probe of ttyUSB0 failed with error -71 [ 196.821595][ T4477] usb 5-1: USB disconnect, device number 5 [ 196.885468][ T4477] ch341 5-1:0.0: device disconnected [ 197.026195][ T4857] pwc: recv_control_msg error -32 req 04 val 1000 [ 197.076322][ T4857] pwc: recv_control_msg error -32 req 04 val 1300 [ 197.116161][ T4857] pwc: recv_control_msg error -32 req 04 val 1400 [ 197.156274][ T4857] pwc: recv_control_msg error -32 req 02 val 2000 [ 197.196382][ T4857] pwc: recv_control_msg error -32 req 02 val 2100 [ 197.236190][ T4606] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 197.245535][ T4857] pwc: recv_control_msg error -32 req 04 val 1500 [ 197.259286][ T4606] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.283034][ T4606] usb 1-1: Product: syz [ 197.287463][ T4857] pwc: recv_control_msg error -32 req 02 val 2500 [ 197.302442][ T4606] usb 1-1: Manufacturer: syz [ 197.316726][ T4606] usb 1-1: SerialNumber: syz [ 197.355905][ T4857] pwc: recv_control_msg error -32 req 02 val 2400 [ 197.377874][ T4606] usb 1-1: config 0 descriptor?? [ 197.416355][ T4857] pwc: recv_control_msg error -32 req 02 val 2600 [ 197.438585][ T4606] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 007 [ 197.568583][ T4857] pwc: recv_control_msg error -32 req 02 val 2900 [ 198.496148][ T4857] pwc: recv_control_msg error -71 req 04 val 1100 [ 198.652523][ T4606] (null): failure reading functionality [ 200.353654][ T4857] pwc: recv_control_msg error -71 req 04 val 1200 [ 200.847503][ T4857] pwc: Registered as video103. [ 200.854351][ T4857] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input5 [ 201.026133][ T4606] i2c i2c-1: failure reading functionality [ 201.199380][ T4857] usb 6-1: USB disconnect, device number 4 [ 201.211456][ T4606] i2c i2c-1: connected i2c-tiny-usb device [ 202.146656][ T4189] Bluetooth: unknown link type 122 [ 202.248009][ T4606] usb 1-1: USB disconnect, device number 7 [ 203.678057][ T5899] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 203.685654][ T5899] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 203.713384][ T5899] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 204.142674][ T5919] genirq: Flags mismatch irq 4. 00000000 (pcl812) vs. 00000000 (ttyS0) [ 205.162595][ T4325] Bluetooth: hci4: command 0x0409 tx timeout [ 206.828144][ T5926] netlink: 'syz.5.343': attribute type 11 has an invalid length. [ 210.298736][ T5935] tmpfs: Unknown parameter 'quota' [ 211.437035][ T5944] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 211.449265][ T5944] SQUASHFS error: Failed to read block 0x0: -5 [ 212.215904][ T4636] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 212.686684][ T4636] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 212.708298][ T4636] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 212.722370][ T4636] usb 4-1: New USB device found, idVendor=056a, idProduct=0100, bcdDevice= 0.00 [ 212.734333][ T4636] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.801254][ T4636] usb 4-1: config 0 descriptor?? [ 212.846041][ T5939] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 213.231946][ T5959] netlink: 8 bytes leftover after parsing attributes in process `syz.4.355'. [ 213.370388][ T4636] wacom 0003:056A:0100.0001: item fetching failed at offset 5/7 [ 213.381766][ T4636] wacom 0003:056A:0100.0001: parse failed [ 213.393297][ T4636] wacom: probe of 0003:056A:0100.0001 failed with error -22 [ 213.620401][ T4636] usb 4-1: USB disconnect, device number 7 [ 214.699426][ T4321] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.772229][ T5971] netlink: 4 bytes leftover after parsing attributes in process `syz.4.360'. [ 214.854685][ T4321] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.133672][ T5977] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 215.146051][ T5977] SQUASHFS error: Failed to read block 0x0: -5 [ 215.868396][ T4604] Bluetooth: hci1: command 0x0409 tx timeout [ 216.074087][ T5976] Process accounting resumed [ 217.015514][ T4321] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.424969][ T4604] Bluetooth: hci1: command 0x041b tx timeout [ 218.601475][ T4321] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.996160][ T4321] tipc: Left network mode [ 219.032906][ T5956] chnl_net:caif_netlink_parms(): no params data found [ 219.504166][ T5956] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.535919][ T5956] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.580831][ T5956] device bridge_slave_0 entered promiscuous mode [ 219.607877][ T5956] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.645611][ T5956] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.667218][ T5956] device bridge_slave_1 entered promiscuous mode [ 219.862881][ T5956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.883031][ T4325] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 219.919620][ T5956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.154577][ T5956] team0: Port device team_slave_0 added [ 220.166046][ T4325] usb 5-1: Using ep0 maxpacket: 16 [ 220.257860][ T5956] team0: Port device team_slave_1 added [ 220.296229][ T4325] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30 [ 220.341485][ T4325] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 220.374366][ T4325] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129 [ 220.395548][ T4325] usb 5-1: New USB device found, idVendor=6666, idProduct=8801, bcdDevice= 0.00 [ 220.405217][ T4325] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.451649][ T4325] usb 5-1: config 0 descriptor?? [ 220.476651][ T4604] Bluetooth: hci1: command 0x040f tx timeout [ 220.510385][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 220.528863][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.529085][ T26] audit: type=1326 audit(1764701826.408:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6015 comm="syz.0.370" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffbbf750749 code=0x0 [ 220.576043][ T5956] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 220.649170][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 220.659277][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.703944][ T5956] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 220.891441][ T5956] device hsr_slave_0 entered promiscuous mode [ 220.928156][ T4325] smartjoyplus 0003:6666:8801.0002: global environment stack underflow [ 220.940134][ T5956] device hsr_slave_1 entered promiscuous mode [ 220.945868][ T4325] smartjoyplus 0003:6666:8801.0002: item 0 1 1 11 parsing failed [ 220.972613][ T5956] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 220.985661][ T4325] smartjoyplus 0003:6666:8801.0002: parse failed [ 220.992408][ T5956] Cannot create hsr debugfs directory [ 220.995459][ T4604] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 221.024789][ T4325] smartjoyplus: probe of 0003:6666:8801.0002 failed with error -22 [ 221.111107][ T6038] netlink: 20 bytes leftover after parsing attributes in process `syz.0.374'. [ 221.142885][ T4606] usb 5-1: USB disconnect, device number 6 [ 221.266020][ T4604] usb 4-1: Using ep0 maxpacket: 8 [ 221.476290][ T4604] usb 4-1: config 0 has no interfaces? [ 221.993026][ T4321] device hsr_slave_0 left promiscuous mode [ 222.007652][ T4604] usb 4-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 222.034311][ T4321] device hsr_slave_1 left promiscuous mode [ 222.041292][ T4604] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.073505][ T4604] usb 4-1: Product: syz [ 222.106431][ T4321] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 222.121836][ T4604] usb 4-1: Manufacturer: syz [ 222.138397][ T4604] usb 4-1: SerialNumber: syz [ 222.145472][ T4321] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 222.153829][ T4604] usb 4-1: config 0 descriptor?? [ 222.174697][ T4321] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 222.853927][ T4606] Bluetooth: hci1: command 0x0419 tx timeout [ 222.871005][ T4321] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 222.894431][ T4321] device bridge_slave_1 left promiscuous mode [ 223.584797][ T4321] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.615835][ T4321] device bridge_slave_0 left promiscuous mode [ 223.679017][ T4321] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.692320][ T4636] usb 4-1: USB disconnect, device number 8 [ 223.718217][ T6062] syz.0.379 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 223.740032][ T4321] device veth1_macvtap left promiscuous mode [ 223.795291][ T4321] device veth0_macvtap left promiscuous mode [ 223.821970][ T4321] device veth1_vlan left promiscuous mode [ 223.845472][ T4321] device veth0_vlan left promiscuous mode [ 224.269717][ T6073] ubi31: attaching mtd0 [ 224.337126][ T6073] ubi31: scanning is finished [ 224.342486][ T6073] ubi31: empty MTD device detected [ 225.072137][ T6073] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 226.112355][ T4321] team0 (unregistering): Port device team_slave_1 removed [ 226.171163][ T4321] team0 (unregistering): Port device team_slave_0 removed [ 226.237473][ T4321] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 226.245852][ T4481] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 226.302130][ T4321] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 226.615497][ T4321] bond0 (unregistering): Released all slaves [ 226.626073][ T4481] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 226.637462][ T4481] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 226.664725][ T4481] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 226.674716][ T4481] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.736686][ T6097] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 226.776128][ T6069] netlink: 666 bytes leftover after parsing attributes in process `syz.4.381'. [ 227.196117][ T6105] sp0: Synchronizing with TNC [ 227.376187][ T4604] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 227.418072][ T5956] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 227.464069][ T5956] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 227.553748][ T5956] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 227.572437][ T5956] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 227.655954][ T4604] usb 1-1: Using ep0 maxpacket: 32 [ 228.608768][ T4604] usb 1-1: config 0 has an invalid interface number: 196 but max is 0 [ 228.647560][ T4604] usb 1-1: config 0 has no interface number 0 [ 228.665860][ T4604] usb 1-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 228.702351][ T4604] usb 1-1: config 0 interface 196 has no altsetting 0 [ 228.747555][ T5956] 8021q: adding VLAN 0 to HW filter on device bond0 [ 228.801008][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.823077][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 228.891097][ T5956] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.916223][ T4604] usb 1-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 228.942983][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 228.976244][ T4604] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.995383][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.003978][ T4604] usb 1-1: Product: syz [ 229.025897][ T4604] usb 1-1: Manufacturer: syz [ 229.030988][ T793] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.038125][ T793] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.050698][ T4604] usb 1-1: SerialNumber: syz [ 229.076727][ T4604] usb 1-1: config 0 descriptor?? [ 229.104259][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.143782][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.153329][ T6106] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 229.209066][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 229.268537][ T793] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.275682][ T793] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.339807][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.360890][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.412366][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.478012][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.526957][ T793] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 229.559038][ T4623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.588230][ T4623] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 229.680041][ T4942] usb 6-1: USB disconnect, device number 5 [ 229.703734][ T4604] ipheth 1-1:0.196: Apple iPhone USB Ethernet device attached [ 229.711677][ T4623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 229.734600][ T4623] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 229.776202][ T4623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 229.785565][ T4623] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 229.801191][ T5956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 229.843106][ T4604] usb 1-1: USB disconnect, device number 8 [ 230.088035][ T4604] ipheth 1-1:0.196: Apple iPhone USB Ethernet now disconnected [ 230.683568][ T6161] netlink: 8 bytes leftover after parsing attributes in process `syz.4.398'. [ 231.101401][ T4623] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 231.119807][ T4623] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 231.365452][ T6174] netlink: 20 bytes leftover after parsing attributes in process `syz.4.402'. [ 231.453115][ T5956] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 231.805862][ T4481] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 232.376527][ T4481] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 232.460098][ T4481] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.618202][ T4481] usb 6-1: Product: syz [ 232.745873][ T4481] usb 6-1: Manufacturer: syz [ 232.753560][ T4481] usb 6-1: SerialNumber: syz [ 232.841940][ T4481] usb 6-1: config 0 descriptor?? [ 233.210534][ T4481] usb 6-1: USB disconnect, device number 6 [ 233.738153][ T6201] netlink: 32 bytes leftover after parsing attributes in process `syz.4.407'. [ 233.979292][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 234.333923][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 234.345061][ T6204] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 234.514861][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 234.537021][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 234.574139][ T5956] device veth0_vlan entered promiscuous mode [ 234.597805][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 234.651152][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 234.690732][ T5956] device veth1_vlan entered promiscuous mode [ 234.830286][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 234.875244][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 234.905631][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 234.946292][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 235.013032][ T5956] device veth0_macvtap entered promiscuous mode [ 235.056121][ T5956] device veth1_macvtap entered promiscuous mode [ 235.190947][ T6230] netlink: 'syz.5.415': attribute type 3 has an invalid length. [ 235.199535][ T6230] netlink: 'syz.5.415': attribute type 3 has an invalid length. [ 235.207601][ T6230] netlink: 'syz.5.415': attribute type 3 has an invalid length. [ 235.207721][ T6230] netlink: 'syz.5.415': attribute type 3 has an invalid length. [ 235.215824][ T6230] netlink: 'syz.5.415': attribute type 3 has an invalid length. [ 235.215878][ T6230] netlink: 'syz.5.415': attribute type 3 has an invalid length. [ 235.216611][ T6230] netlink: 'syz.5.415': attribute type 3 has an invalid length. [ 235.216785][ T6230] netlink: 'syz.5.415': attribute type 3 has an invalid length. [ 235.216913][ T6230] netlink: 'syz.5.415': attribute type 3 has an invalid length. [ 235.217072][ T6230] netlink: 'syz.5.415': attribute type 3 has an invalid length. [ 235.943272][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.943294][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.943306][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.943320][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.943341][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.943356][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.943369][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.943383][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.944709][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 235.948443][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.948463][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.948475][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.948489][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.948500][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.948513][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.948527][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.948540][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.949682][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 235.953128][ T5956] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.953164][ T5956] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.953193][ T5956] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.953223][ T5956] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.139090][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 236.198070][ T6238] xt_l2tp: v2 sid > 0xffff: 117440512 [ 236.379679][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 236.388833][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 236.397928][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 236.429044][ T6237] netlink: 168 bytes leftover after parsing attributes in process `syz.3.414'. [ 236.557459][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.582975][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.638894][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 236.655362][ T4269] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.671058][ T4269] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.692506][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 236.746619][ T6235] program syz.4.411 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 236.848610][ T6235] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 236.933307][ T6253] IPVS: set_ctl: invalid protocol: 59 100.1.1.1:20004 [ 237.515959][ T4643] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 239.131166][ T4643] usb 1-1: Using ep0 maxpacket: 16 [ 239.326670][ T4643] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 239.546920][ T4643] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 239.585812][ T4643] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.624496][ T4643] usb 1-1: Product: syz [ 239.636440][ T4643] usb 1-1: Manufacturer: syz [ 239.641097][ T4643] usb 1-1: SerialNumber: syz [ 239.696028][ T4643] usb 1-1: config 0 descriptor?? [ 239.768815][ T4643] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 239.798593][ T4643] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 240.238951][ T4942] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 240.372424][ T4942] Bluetooth: hci0: Injecting HCI hardware error event [ 240.506860][ T4643] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 240.864780][ T4189] Bluetooth: hci0: hardware error 0x00 [ 241.528732][ T4643] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 241.562337][ T4643] em28xx 1-1:0.0: board has no eeprom [ 242.195658][ T4643] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 242.203705][ T4643] em28xx 1-1:0.0: dvb set to bulk mode. [ 242.286511][ T4636] em28xx 1-1:0.0: Binding DVB extension [ 242.885981][ T4606] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 243.495329][ T6258] em28xx 1-1:0.0: writing to i2c device at 0xfffe failed (error=-5) [ 243.623781][ T4604] usb 1-1: USB disconnect, device number 9 [ 243.650352][ T4604] em28xx 1-1:0.0: Disconnecting em28xx [ 244.439065][ T4606] usb 7-1: New USB device found, idVendor=0f11, idProduct=2000, bcdDevice=61.d7 [ 244.482429][ T4606] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.549421][ T4636] em28xx 1-1:0.0: Registering input extension [ 244.563333][ T4606] usb 7-1: Product: syz [ 244.576853][ T4604] em28xx 1-1:0.0: Closing input extension [ 244.626426][ T4606] usb 7-1: Manufacturer: syz [ 244.631103][ T4606] usb 7-1: SerialNumber: syz [ 244.861407][ T4606] usb 7-1: config 0 descriptor?? [ 244.917792][ T4606] usb 7-1: can't set config #0, error -71 [ 244.935506][ T4604] em28xx 1-1:0.0: Freeing device [ 244.965646][ T4606] usb 7-1: USB disconnect, device number 2 [ 246.198023][ T6345] sctp: failed to load transform for md5: -4 [ 247.012617][ T6382] IPVS: set_ctl: invalid protocol: 59 100.1.1.1:20004 [ 247.738729][ T6386] tipc: Enabled bearer , priority 0 [ 247.832734][ T6390] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 247.844239][ T6390] SQUASHFS error: Failed to read block 0x0: -5 [ 248.372394][ T6386] device syzkaller0 entered promiscuous mode [ 248.737147][ T4643] tipc: Node number set to 2934477592 [ 249.002758][ T6395] tipc: Resetting bearer [ 249.045839][ T4643] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 249.171455][ T6395] tipc: Disabling bearer [ 249.305847][ T4643] usb 1-1: Using ep0 maxpacket: 32 [ 249.436144][ T4643] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 249.474845][ T4643] usb 1-1: config 0 has no interface number 0 [ 250.286201][ T4643] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 250.313865][ T4643] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.399134][ T4643] usb 1-1: Product: syz [ 250.773392][ T4643] usb 1-1: Manufacturer: syz [ 250.809255][ T4643] usb 1-1: SerialNumber: syz [ 250.829088][ T4643] usb 1-1: config 0 descriptor?? [ 250.907541][ T4643] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 250.927318][ T4643] usb 1-1: selecting invalid altsetting 1 [ 250.933104][ T4643] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 251.032329][ T4643] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 251.083657][ T4643] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 251.152692][ T4643] usb 1-1: media controller created [ 251.256164][ T4643] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 252.046020][ T4643] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 252.102585][ T4643] zl10353_read_register: readreg error (reg=127, ret==-71) [ 252.145992][ T4643] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 252.433189][ T6444] IPVS: set_ctl: invalid protocol: 59 100.1.1.1:20004 [ 252.745997][ T4643] usb 1-1: USB disconnect, device number 10 [ 256.290695][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.297077][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.560627][ T6454] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 256.571805][ T6454] SQUASHFS error: Failed to read block 0x0: -5 [ 257.178766][ T6464] tipc: Enabling of bearer rejected, failed to enable media [ 257.393086][ T6464] device syzkaller0 entered promiscuous mode [ 257.404492][ T6464] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 259.183023][ T6485] netlink: 8 bytes leftover after parsing attributes in process `syz.6.459'. [ 259.343048][ T4636] Bluetooth: hci3: command 0x0406 tx timeout [ 259.415815][ T7] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 259.776036][ T7] usb 4-1: config 0 has no interfaces? [ 259.856051][ T7] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 259.877988][ T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 259.895823][ T7] usb 4-1: SerialNumber: syz [ 259.909050][ T7] usb 4-1: config 0 descriptor?? [ 260.699039][ T7] usb 4-1: USB disconnect, device number 9 [ 261.190255][ T6503] Bluetooth: hci5: Frame reassembly failed (-84) [ 261.765850][ T7] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 262.156113][ T7] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 262.226974][ T7] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 262.295541][ T7] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 262.321378][ T7] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 262.386854][ T7] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 262.566161][ T7] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 262.654987][ T7] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 262.698336][ T7] usb 4-1: Product: syz [ 262.702746][ T7] usb 4-1: Manufacturer: syz [ 263.442441][ T4604] Bluetooth: hci5: command 0x1003 tx timeout [ 263.455946][ T4189] Bluetooth: hci5: sending frame failed (-49) [ 263.517067][ T7] cdc_wdm 4-1:1.0: skipping garbage [ 263.522337][ T7] cdc_wdm 4-1:1.0: skipping garbage [ 263.554899][ T7] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 263.765961][ T7] cdc_wdm 4-1:1.0: Unknown control protocol [ 265.568628][ T4857] Bluetooth: hci5: command 0x1001 tx timeout [ 265.575958][ T4189] Bluetooth: hci5: sending frame failed (-49) [ 265.846408][ T4857] usb 4-1: USB disconnect, device number 10 [ 267.978721][ T4604] Bluetooth: hci5: command 0x1009 tx timeout [ 268.031092][ T6545] crypto_alloc_aead failed rc=-2 [ 274.390384][ T6614] netlink: 12 bytes leftover after parsing attributes in process `syz.3.483'. [ 276.311686][ T6625] fuse: Bad value for 'fd' [ 282.376764][ T6665] mkiss: ax0: crc mode is auto. [ 283.490715][ T6674] blk_update_request: I/O error, dev loop13, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 283.502032][ T6674] SQUASHFS error: Failed to read block 0x0: -5 [ 284.259927][ T6673] tipc: Enabled bearer , priority 0 [ 284.346779][ T6677] device syzkaller0 entered promiscuous mode [ 284.446427][ T6672] tipc: Resetting bearer [ 284.573616][ T6672] tipc: Disabling bearer [ 288.813587][ T6721] binder: 6720:6721 ioctl c0306201 0 returned -14 [ 289.065219][ T6725] tipc: Enabled bearer , priority 0 [ 289.151281][ T6736] netlink: 28 bytes leftover after parsing attributes in process `syz.3.516'. [ 289.161012][ T6725] device syzkaller0 entered promiscuous mode [ 289.202484][ T6736] netlink: 20 bytes leftover after parsing attributes in process `syz.3.516'. [ 289.363705][ T6722] tipc: Resetting bearer [ 289.440813][ T6722] tipc: Disabling bearer [ 291.936545][ T6765] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 291.985987][ T4609] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 293.119970][ T6782] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 293.131926][ T6782] SQUASHFS error: Failed to read block 0x0: -5 [ 293.735837][ T4609] usb 6-1: unable to read config index 0 descriptor/all [ 293.765991][ T4609] usb 6-1: can't read configurations, error -71 [ 294.904950][ T6803] netlink: 8 bytes leftover after parsing attributes in process `syz.0.535'. [ 296.319962][ T6827] netlink: 28 bytes leftover after parsing attributes in process `syz.5.541'. [ 296.402053][ T6827] netlink: 12 bytes leftover after parsing attributes in process `syz.5.541'. [ 298.461864][ T6865] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 298.473626][ T6865] SQUASHFS error: Failed to read block 0x0: -5 [ 303.267407][ T6908] tipc: Enabled bearer , priority 0 [ 303.313373][ T6908] device syzkaller0 entered promiscuous mode [ 303.435367][ T6908] tipc: Resetting bearer [ 303.638389][ T6906] tipc: Resetting bearer [ 303.677935][ T6906] tipc: Disabling bearer [ 304.508608][ T6923] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 305.874636][ T6940] device batadv_slave_1 entered promiscuous mode [ 305.881980][ T6939] device batadv_slave_1 left promiscuous mode [ 309.339711][ T6970] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 309.351218][ T6970] SQUASHFS error: Failed to read block 0x0: -5 [ 312.009284][ T7008] exFAT-fs (nullb0): invalid boot record signature [ 312.016838][ T7008] exFAT-fs (nullb0): failed to read boot sector [ 312.023656][ T7008] exFAT-fs (nullb0): failed to recognize exfat type [ 312.146045][ T4616] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 313.777474][ T7016] netlink: 8 bytes leftover after parsing attributes in process `syz.3.582'. [ 313.985910][ T4616] usb 6-1: Using ep0 maxpacket: 16 [ 314.116018][ T4616] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 314.157771][ T4616] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 314.969665][ T7026] tipc: Enabling of bearer rejected, failed to enable media [ 315.069797][ T4616] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 315.097654][ T4616] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.187066][ T4616] usb 6-1: config 0 descriptor?? [ 315.267857][ T4616] usb 6-1: can't set config #0, error -71 [ 315.310801][ T4616] usb 6-1: USB disconnect, device number 9 [ 315.841266][ T7033] program syz.4.589 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 316.276005][ T4643] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 317.202416][ T7054] overlayfs: missing 'workdir' [ 317.209993][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.222683][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.786040][ T4643] usb 5-1: unable to read config index 0 descriptor/all [ 318.955928][ T4643] usb 5-1: can't read configurations, error -71 [ 319.038443][ T7073] blk_update_request: I/O error, dev loop13, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 319.050002][ T7073] SQUASHFS error: Failed to read block 0x0: -5 [ 320.361917][ T26] audit: type=1326 audit(2000000012.190:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7090 comm="syz.0.584" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffbbf750749 code=0x0 [ 320.533472][ T7096] netlink: 277 bytes leftover after parsing attributes in process `syz.5.604'. [ 320.877876][ T4606] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 321.135811][ T4606] usb 6-1: Using ep0 maxpacket: 32 [ 321.185915][ T4325] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 321.255982][ T4606] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 321.270033][ T4606] usb 6-1: config 0 has no interface number 0 [ 321.455940][ T4325] usb 7-1: Using ep0 maxpacket: 16 [ 321.586404][ T4325] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 321.916343][ T4325] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 321.996096][ T4325] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.005201][ T4325] usb 7-1: Product: syz [ 322.009619][ T4325] usb 7-1: Manufacturer: syz [ 322.017093][ T4325] usb 7-1: SerialNumber: syz [ 322.281590][ T4325] usb 7-1: config 0 descriptor?? [ 322.479360][ T4325] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 322.488689][ T4325] em28xx 7-1:0.0: DVB interface 0 found: bulk [ 322.632887][ T4606] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 322.659740][ T4606] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.690500][ T4606] usb 6-1: Product: syz [ 322.700982][ T4606] usb 6-1: Manufacturer: syz [ 322.712611][ T4606] usb 6-1: SerialNumber: syz [ 322.765281][ T4606] usb 6-1: config 0 descriptor?? [ 322.937385][ T4606] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 323.775916][ T4325] em28xx 7-1:0.0: chip ID is em2765 [ 324.090416][ T7138] ip6_vti0 speed is unknown, defaulting to 1000 [ 324.136770][ T7138] ip6_vti0 speed is unknown, defaulting to 1000 [ 324.160291][ T7138] ip6_vti0 speed is unknown, defaulting to 1000 [ 324.700034][ T7138] infiniband syz2: set active [ 324.705078][ T7138] infiniband syz2: added ip6_vti0 [ 324.719599][ T7138] infiniband syz2: Couldn't open port 1 [ 324.743064][ T4481] ip6_vti0 speed is unknown, defaulting to 1000 [ 324.767350][ T7138] RDS/IB: syz2: added [ 324.772206][ T7138] smc: adding ib device syz2 with port count 1 [ 324.778765][ T7138] smc: ib device syz2 port 1 has pnetid [ 324.799709][ T7138] ip6_vti0 speed is unknown, defaulting to 1000 [ 324.876327][ T7138] ip6_vti0 speed is unknown, defaulting to 1000 [ 324.947752][ T7138] ip6_vti0 speed is unknown, defaulting to 1000 [ 325.017810][ T7138] ip6_vti0 speed is unknown, defaulting to 1000 [ 325.088606][ T7138] ip6_vti0 speed is unknown, defaulting to 1000 [ 325.224341][ T4325] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 325.240316][ T4643] ip6_vti0 speed is unknown, defaulting to 1000 [ 325.281846][ T4325] em28xx 7-1:0.0: board has no eeprom [ 325.316337][ T4606] usb 6-1: qt2_attach - failed to power on unit: -71 [ 325.846519][ T4606] quatech2: probe of 6-1:0.51 failed with error -71 [ 325.912960][ T4606] usb 6-1: USB disconnect, device number 10 [ 326.005882][ T4325] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 326.063568][ T4325] em28xx 7-1:0.0: dvb set to bulk mode. [ 326.252434][ T4325] usb 7-1: USB disconnect, device number 3 [ 326.280842][ T4606] em28xx 7-1:0.0: Binding DVB extension [ 326.305846][ T4325] em28xx 7-1:0.0: Disconnecting em28xx [ 326.708766][ T26] audit: type=1804 audit(2000000018.540:10): pid=7153 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.619" name="/newroot/85/file1" dev="fuse" ino=1 res=1 errno=0 [ 326.878471][ T4606] em28xx 7-1:0.0: Registering input extension [ 326.891058][ T4325] em28xx 7-1:0.0: Closing input extension [ 327.069931][ T7166] netlink: 24 bytes leftover after parsing attributes in process `syz.5.624'. [ 327.946912][ T4325] em28xx 7-1:0.0: Freeing device [ 330.946137][ T4606] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 331.186105][ T4606] usb 4-1: Using ep0 maxpacket: 16 [ 331.525858][ T4606] usb 4-1: device descriptor read/all, error -71 [ 331.644861][ T7188] x_tables: ip_tables: HMARK.0 target: invalid size 64 (kernel) != (user) 72 [ 331.648110][ T4481] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 331.855784][ T4481] usb 6-1: device descriptor read/64, error -71 [ 332.135873][ T4481] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 332.249917][ T7203] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 332.261833][ T7203] SQUASHFS error: Failed to read block 0x0: -5 [ 333.232930][ T7207] Dead loop on virtual device ip6_vti0, fix it urgently! [ 335.620779][ T7229] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 336.312031][ T7248] capability: warning: `syz.0.649' uses deprecated v2 capabilities in a way that may be insecure [ 338.841605][ T7266] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 339.342740][ T7266] syz.0.654 (7266) used greatest stack depth: 20512 bytes left [ 347.558144][ T7324] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input8 [ 347.580115][ T7329] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 347.596865][ T7328] netlink: 12 bytes leftover after parsing attributes in process `syz.6.673'. [ 347.605985][ T7330] smc: removing ib device syz2 [ 350.995949][ T4606] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 351.269185][ T4606] usb 5-1: Using ep0 maxpacket: 16 [ 351.276980][ T7369] netlink: 830 bytes leftover after parsing attributes in process `syz.5.684'. [ 351.325864][ T7369] device bond_slave_0 entered promiscuous mode [ 351.333001][ T7369] device bond_slave_1 entered promiscuous mode [ 351.421431][ T4606] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 351.431141][ T4606] usb 5-1: config 0 has no interface number 0 [ 351.613027][ T4606] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 351.629709][ T4606] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.648323][ T4606] usb 5-1: Product: syz [ 351.652541][ T4606] usb 5-1: Manufacturer: syz [ 351.699009][ T4606] usb 5-1: SerialNumber: syz [ 351.717230][ T4606] usb 5-1: config 0 descriptor?? [ 351.957121][ T4606] hub 5-1:0.132: bad descriptor, ignoring hub [ 351.963326][ T4606] hub: probe of 5-1:0.132 failed with error -5 [ 352.732215][ T7382] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4 [ 352.741698][ T7382] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4 [ 352.751343][ T7382] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 352.763676][ T26] audit: type=1800 audit(2000000044.560:11): pid=7382 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.688" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 353.322764][ T7382] syz.3.688 (7382) used greatest stack depth: 20296 bytes left [ 353.353250][ T4606] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.132/input/input9 [ 353.498774][ T4606] usb 5-1: USB disconnect, device number 9 [ 354.215933][ T7] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 354.455831][ T7] usb 4-1: Using ep0 maxpacket: 32 [ 354.485943][ T4609] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 354.581478][ T7] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 354.599006][ T7] usb 4-1: config 0 has no interface number 0 [ 354.755933][ T7] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 354.796204][ T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.825835][ T4609] usb 6-1: Using ep0 maxpacket: 16 [ 355.005766][ T7] usb 4-1: Product: syz [ 355.010207][ T7] usb 4-1: Manufacturer: syz [ 355.015052][ T7] usb 4-1: SerialNumber: syz [ 355.662073][ T7] usb 4-1: config 0 descriptor?? [ 355.846120][ T4609] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 355.860729][ T7] smsc95xx v2.0.0 [ 355.881972][ T7416] netlink: 28 bytes leftover after parsing attributes in process `syz.0.700'. [ 355.939871][ T4609] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 355.950139][ T4609] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 355.963620][ T4609] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 355.972957][ T4609] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.134372][ T4609] usb 6-1: config 0 descriptor?? [ 356.807098][ T7] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 356.845011][ T7] smsc95xx: probe of 4-1:0.67 failed with error -71 [ 356.855849][ T4609] usb 6-1: can't set config #0, error -71 [ 356.881703][ T7] usb 4-1: USB disconnect, device number 13 [ 356.897125][ T4609] usb 6-1: USB disconnect, device number 13 [ 357.971283][ T4609] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 358.690502][ T4609] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 358.705938][ T4609] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 358.715108][ T4609] usb 7-1: Product: syz [ 358.719546][ T4609] usb 7-1: Manufacturer: syz [ 358.724449][ T4609] usb 7-1: SerialNumber: syz [ 358.748500][ T4609] usb 7-1: config 0 descriptor?? [ 359.205974][ T7] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 359.746821][ T4194] usb 7-1: USB disconnect, device number 4 [ 359.806708][ T7456] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 359.889614][ T7] usb 1-1: Using ep0 maxpacket: 32 [ 360.036283][ T7] usb 1-1: config 11 has an invalid interface number: 96 but max is 0 [ 360.053335][ T7] usb 1-1: config 11 has no interface number 0 [ 360.059718][ T7] usb 1-1: config 11 interface 96 has no altsetting 0 [ 360.231041][ T7] usb 1-1: New USB device found, idVendor=2040, idProduct=9950, bcdDevice=c9.a7 [ 360.409074][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.782481][ T7] usb 1-1: Product: syz [ 360.796236][ T7] usb 1-1: Manufacturer: syz [ 360.818321][ T7] usb 1-1: SerialNumber: syz [ 361.545921][ T7] dvb-usb: found a 'Hauppauge Nova-T 500 Dual DVB-T' in warm state. [ 362.389702][ T7] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 362.426053][ T7] dvbdev: DVB: registering new adapter (Hauppauge Nova-T 500 Dual DVB-T) [ 362.436890][ T7] usb 1-1: media controller created [ 362.461586][ T7] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 362.502556][ T7489] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 362.815946][ T7494] (syz.6.722,7494,1):ocfs2_fill_super:991 ERROR: superblock probe failed! [ 362.824597][ T7494] (syz.6.722,7494,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 363.555947][ T7] dvb-usb: no frontend was attached by 'Hauppauge Nova-T 500 Dual DVB-T' [ 363.689171][ T7] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 363.716090][ T7] dvbdev: DVB: registering new adapter (Hauppauge Nova-T 500 Dual DVB-T) [ 363.731316][ T7] usb 1-1: media controller created [ 363.843297][ T7] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 364.200492][ T7] dvb-usb: no frontend was attached by 'Hauppauge Nova-T 500 Dual DVB-T' [ 364.675962][ T7] rc_core: IR keymap rc-dib0700-rc5 not found [ 364.684588][ T7] Registered IR keymap rc-empty [ 364.714923][ T7] dvb-usb: could not initialize remote control. [ 364.789145][ T7] dvb-usb: Hauppauge Nova-T 500 Dual DVB-T successfully initialized and connected. [ 364.869017][ T7] usb 1-1: USB disconnect, device number 11 [ 365.507324][ T4188] Bluetooth: hci1: link tx timeout [ 365.513289][ T4188] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 365.595629][ T7] dvb-usb: Hauppauge Nova-T 500 Dual DVB-T successfully deinitialized and disconnected. [ 365.877183][ T4606] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 366.125772][ T7] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 366.134727][ T7514] syz.6.730 (7514) used greatest stack depth: 16512 bytes left [ 366.435859][ T4606] usb 4-1: config 0 interface 0 has no altsetting 0 [ 366.442626][ T4606] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 366.516679][ T4606] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.570427][ T4606] usb 4-1: config 0 descriptor?? [ 366.591352][ T26] audit: type=1326 audit(2000000058.420:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7524 comm="syz.6.733" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbe1c056749 code=0x0 [ 366.805998][ T7] usb 1-1: device not accepting address 12, error -71 [ 367.336397][ T7] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 367.426468][ T4606] usbhid 4-1:0.0: can't add hid device: -71 [ 367.585563][ T4606] usbhid: probe of 4-1:0.0 failed with error -71 [ 367.598607][ T4481] Bluetooth: hci1: command 0x0406 tx timeout [ 367.609654][ T4606] usb 4-1: USB disconnect, device number 14 [ 369.488603][ T7] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30 [ 370.747007][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 370.772662][ T7] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196 [ 370.786073][ T7] usb 1-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 370.796255][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.810200][ T7] usb 1-1: config 0 descriptor?? [ 370.866094][ T7] usb 1-1: can't set config #0, error -71 [ 370.885413][ T7] usb 1-1: USB disconnect, device number 13 [ 371.118494][ T7566] misc userio: No port type given on /dev/userio [ 371.225819][ T4636] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 371.315872][ T7] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 371.495744][ T4636] usb 7-1: Using ep0 maxpacket: 32 [ 371.626016][ T4636] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 371.745984][ T7] usb 1-1: config 2 has an invalid interface number: 240 but max is 0 [ 371.754369][ T7] usb 1-1: config 2 has no interface number 0 [ 371.786235][ T7] usb 1-1: config 2 interface 240 has no altsetting 0 [ 371.854344][ T4636] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 371.876118][ T4636] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 371.884340][ T4636] usb 7-1: Product: syz [ 371.991724][ T4636] usb 7-1: Manufacturer: syz [ 371.997092][ T4636] usb 7-1: SerialNumber: syz [ 372.004342][ T4636] usb 7-1: config 0 descriptor?? [ 372.026836][ T7] usb 1-1: New USB device found, idVendor=04e6, idProduct=0006, bcdDevice= 1.00 [ 372.039405][ T7555] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 372.085956][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.094146][ T7] usb 1-1: Product: syz [ 372.101516][ T7] usb 1-1: Manufacturer: syz [ 372.107379][ T7] usb 1-1: SerialNumber: syz [ 372.207683][ T7] usb-storage 1-1:2.240: USB Mass Storage device detected [ 372.696411][ T4606] usb 7-1: USB disconnect, device number 5 [ 372.751595][ T7] usb-storage 1-1:2.240: Quirks match for vid 04e6 pid 0006: 1 [ 373.025980][ T7] usb 1-1: USB disconnect, device number 14 [ 376.431464][ T7608] loop3: detected capacity change from 0 to 7 [ 376.449658][ T4174] Dev loop3: unable to read RDB block 7 [ 376.455570][ T4174] loop3: unable to read partition table [ 377.268024][ T4174] loop3: partition table beyond EOD, truncated [ 377.303672][ T7608] Dev loop3: unable to read RDB block 7 [ 377.335974][ T7608] loop3: unable to read partition table [ 377.386363][ T7608] loop3: partition table beyond EOD, truncated [ 377.425753][ T7608] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 377.439540][ T3560] Dev loop3: unable to read RDB block 7 [ 377.445180][ T3560] loop3: unable to read partition table [ 377.493934][ T3560] loop3: partition table beyond EOD, truncated [ 378.632013][ T4325] libceph: connect (1)[c::]:6789 error -101 [ 378.653037][ T4325] libceph: mon0 (1)[c::]:6789 connect error [ 378.653411][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.687935][ T7623] ceph: No mds server is up or the cluster is laggy [ 379.179926][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.255855][ T4643] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 379.715485][ T7640] blk_update_request: I/O error, dev loop13, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 379.727114][ T7640] SQUASHFS error: Failed to read block 0x0: -5 [ 379.786020][ T4643] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 380.515935][ T4643] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 380.663415][ T4643] usb 5-1: config 1 has no interface number 0 [ 380.711779][ T4643] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 381.525777][ T4643] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 381.537071][ T4643] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 381.585803][ T4643] usb 5-1: string descriptor 0 read error: -71 [ 381.592121][ T4643] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 381.656994][ T4643] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.825998][ T4643] usb 5-1: can't set config #1, error -71 [ 381.835596][ T4643] usb 5-1: USB disconnect, device number 10 [ 382.749295][ T7664] netlink: 4 bytes leftover after parsing attributes in process `syz.0.773'. [ 385.479074][ T7704] netlink: 7 bytes leftover after parsing attributes in process `syz.5.785'. [ 385.491261][ T7704] netlink: 40 bytes leftover after parsing attributes in process `syz.5.785'. [ 386.640469][ T7706] netlink: 76 bytes leftover after parsing attributes in process `syz.0.786'. [ 387.664313][ T7710] validate_nla: 44 callbacks suppressed [ 387.664327][ T7710] netlink: 'syz.5.787': attribute type 21 has an invalid length. [ 387.683355][ T7710] netlink: 164 bytes leftover after parsing attributes in process `syz.5.787'. [ 387.695859][ T4194] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 387.985743][ T4194] usb 4-1: Using ep0 maxpacket: 32 [ 388.117312][ T4194] usb 4-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 389.014665][ T4194] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.184543][ T4194] usb 4-1: config 0 descriptor?? [ 389.237858][ T4194] usb 4-1: can't set config #0, error -71 [ 389.296139][ T4194] usb 4-1: USB disconnect, device number 15 [ 389.317325][ T7725] netlink: 12 bytes leftover after parsing attributes in process `syz.3.791'. [ 389.666266][ T4188] block nbd0: Receive control failed (result -1) [ 390.232358][ T7736] exFAT-fs (nullb0): invalid boot record signature [ 390.239161][ T7736] exFAT-fs (nullb0): failed to read boot sector [ 390.245518][ T7736] exFAT-fs (nullb0): failed to recognize exfat type [ 392.949618][ T7752] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 392.961103][ T7752] SQUASHFS error: Failed to read block 0x0: -5 [ 394.079655][ T7760] loop5: detected capacity change from 0 to 7 [ 394.113620][ T7760] Dev loop5: unable to read RDB block 7 [ 394.137947][ T7760] loop5: unable to read partition table [ 394.159112][ T7760] loop5: partition table beyond EOD, truncated [ 394.165866][ T4194] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 394.195937][ T4174] Dev loop5: unable to read RDB block 7 [ 394.201627][ T4174] loop5: unable to read partition table [ 394.208047][ T7760] loop_reread_partitions: partition scan of loop5 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 394.231643][ T4174] loop5: partition table beyond EOD, truncated [ 394.317570][ T7763] netlink: 28 bytes leftover after parsing attributes in process `syz.6.800'. [ 394.456142][ T4194] usb 5-1: Using ep0 maxpacket: 16 [ 394.515771][ T3560] Dev loop5: unable to read RDB block 7 [ 394.526471][ T3560] loop5: unable to read partition table [ 394.551192][ T3560] loop5: partition table beyond EOD, truncated [ 394.576599][ T4194] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.615891][ T4194] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 394.685044][ T4194] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 394.706179][ T7771] block nbd0: NBD_DISCONNECT [ 394.743200][ T7771] block nbd0: Send disconnect failed -104 [ 394.757454][ T7771] block nbd0: shutting down sockets [ 394.808183][ T4194] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 394.853321][ T4194] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.038323][ T4194] usb 5-1: config 0 descriptor?? [ 395.046498][ T7759] [ 395.048890][ T7759] ====================================================== [ 395.056016][ T7759] WARNING: possible circular locking dependency detected [ 395.063057][ T7759] syzkaller #0 Not tainted [ 395.067475][ T7759] ------------------------------------------------------ [ 395.074494][ T7759] syz.6.800/7759 is trying to acquire lock: [ 395.080386][ T7759] ffff88801fad0938 ((wq_completion)loop5){+.+.}-{0:0}, at: flush_workqueue+0x126/0x1380 [ 395.090132][ T7759] [ 395.090132][ T7759] but task is already holding lock: [ 395.097496][ T7759] ffff8881477fc468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90 [ 395.106288][ T7759] [ 395.106288][ T7759] which lock already depends on the new lock. [ 395.106288][ T7759] [ 395.116794][ T7759] [ 395.116794][ T7759] the existing dependency chain (in reverse order) is: [ 395.125894][ T7759] [ 395.125894][ T7759] -> #6 (&lo->lo_mutex){+.+.}-{3:3}: [ 395.133392][ T7759] __mutex_lock_common+0x1eb/0x2390 [ 395.139119][ T7759] mutex_lock_killable_nested+0x17/0x20 [ 395.145196][ T7759] lo_open+0x6a/0x100 [ 395.149708][ T7759] blkdev_get_whole+0x90/0x390 [ 395.155001][ T7759] blkdev_get_by_dev+0x2d0/0xa60 [ 395.160659][ T7759] blkdev_open+0x12d/0x2c0 [ 395.165603][ T7759] do_dentry_open+0x7ff/0xf80 [ 395.171005][ T7759] path_openat+0x2682/0x2f30 [ 395.176128][ T7759] do_filp_open+0x1b3/0x3e0 [ 395.181169][ T7759] do_sys_openat2+0x142/0x4a0 [ 395.186550][ T7759] __x64_sys_openat+0x135/0x160 [ 395.192011][ T7759] do_syscall_64+0x4c/0xa0 [ 395.196958][ T7759] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 395.203380][ T7759] [ 395.203380][ T7759] -> #5 (&disk->open_mutex){+.+.}-{3:3}: [ 395.211284][ T7759] __mutex_lock_common+0x1eb/0x2390 [ 395.217106][ T7759] mutex_lock_nested+0x17/0x20 [ 395.222405][ T7759] blkdev_get_by_dev+0x157/0xa60 [ 395.227894][ T7759] swsusp_check+0x9b/0x2a0 [ 395.232842][ T7759] software_resume+0xc6/0x3b0 [ 395.238046][ T7759] resume_store+0xe4/0x130 [ 395.242987][ T7759] kernfs_fop_write_iter+0x379/0x4c0 [ 395.248793][ T7759] vfs_write+0x712/0xd00 [ 395.253573][ T7759] ksys_write+0x14d/0x250 [ 395.258439][ T7759] do_syscall_64+0x4c/0xa0 [ 395.263380][ T7759] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 395.269800][ T7759] [ 395.269800][ T7759] -> #4 (system_transition_mutex/1){+.+.}-{3:3}: [ 395.278317][ T7759] __mutex_lock_common+0x1eb/0x2390 [ 395.284071][ T7759] mutex_lock_nested+0x17/0x20 [ 395.289367][ T7759] software_resume+0x7c/0x3b0 [ 395.294565][ T7759] resume_store+0xe4/0x130 [ 395.299523][ T7759] kernfs_fop_write_iter+0x379/0x4c0 [ 395.305358][ T7759] vfs_write+0x712/0xd00 [ 395.310117][ T7759] ksys_write+0x14d/0x250 [ 395.314969][ T7759] do_syscall_64+0x4c/0xa0 [ 395.319916][ T7759] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 395.326418][ T7759] [ 395.326418][ T7759] -> #3 (&of->mutex){+.+.}-{3:3}: [ 395.333624][ T7759] __mutex_lock_common+0x1eb/0x2390 [ 395.339368][ T7759] mutex_lock_nested+0x17/0x20 [ 395.344674][ T7759] kernfs_seq_start+0x51/0x3c0 [ 395.350050][ T7759] seq_read_iter+0x3c4/0xd50 [ 395.355156][ T7759] vfs_read+0x725/0xcf0 [ 395.359828][ T7759] ksys_read+0x14d/0x250 [ 395.364607][ T7759] do_syscall_64+0x4c/0xa0 [ 395.369543][ T7759] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 395.375962][ T7759] [ 395.375962][ T7759] -> #2 (&p->lock){+.+.}-{3:3}: [ 395.382991][ T7759] __mutex_lock_common+0x1eb/0x2390 [ 395.388710][ T7759] mutex_lock_nested+0x17/0x20 [ 395.393987][ T7759] seq_read_iter+0xad/0xd50 [ 395.399008][ T7759] do_iter_readv_writev+0x497/0x600 [ 395.404814][ T7759] do_iter_read+0x20b/0x7c0 [ 395.409834][ T7759] loop_process_work+0x18dc/0x2480 [ 395.415460][ T7759] process_one_work+0x863/0x1000 [ 395.420914][ T7759] worker_thread+0xaa8/0x12a0 [ 395.426127][ T7759] kthread+0x436/0x520 [ 395.430737][ T7759] ret_from_fork+0x1f/0x30 [ 395.435689][ T7759] [ 395.435689][ T7759] -> #1 ((work_completion)(&worker->work)){+.+.}-{0:0}: [ 395.444826][ T7759] process_one_work+0x7bf/0x1000 [ 395.450287][ T7759] worker_thread+0xaa8/0x12a0 [ 395.455481][ T7759] kthread+0x436/0x520 [ 395.460078][ T7759] ret_from_fork+0x1f/0x30 [ 395.465029][ T7759] [ 395.465029][ T7759] -> #0 ((wq_completion)loop5){+.+.}-{0:0}: [ 395.473261][ T7759] __lock_acquire+0x2c33/0x7c60 [ 395.478886][ T7759] lock_acquire+0x197/0x3f0 [ 395.483928][ T7759] flush_workqueue+0x142/0x1380 [ 395.489315][ T7759] drain_workqueue+0xcf/0x380 [ 395.494514][ T7759] destroy_workqueue+0x7b/0xb20 [ 395.499890][ T7759] __loop_clr_fd+0x234/0xb90 [ 395.505015][ T7759] blkdev_put+0x53f/0x7d0 [ 395.509907][ T7759] blkdev_close+0x76/0xa0 [ 395.514763][ T7759] __fput+0x234/0x930 [ 395.519265][ T7759] task_work_run+0x125/0x1a0 [ 395.524378][ T7759] exit_to_user_mode_loop+0x10f/0x130 [ 395.530415][ T7759] exit_to_user_mode_prepare+0xee/0x180 [ 395.536492][ T7759] syscall_exit_to_user_mode+0x16/0x40 [ 395.542479][ T7759] do_syscall_64+0x58/0xa0 [ 395.547422][ T7759] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 395.553920][ T7759] [ 395.553920][ T7759] other info that might help us debug this: [ 395.553920][ T7759] [ 395.564247][ T7759] Chain exists of: [ 395.564247][ T7759] (wq_completion)loop5 --> &disk->open_mutex --> &lo->lo_mutex [ 395.564247][ T7759] [ 395.577720][ T7759] Possible unsafe locking scenario: [ 395.577720][ T7759] [ 395.585285][ T7759] CPU0 CPU1 [ 395.590644][ T7759] ---- ---- [ 395.596010][ T7759] lock(&lo->lo_mutex); [ 395.600253][ T7759] lock(&disk->open_mutex); [ 395.607363][ T7759] lock(&lo->lo_mutex); [ 395.614121][ T7759] lock((wq_completion)loop5); [ 395.618968][ T7759] [ 395.618968][ T7759] *** DEADLOCK *** [ 395.618968][ T7759] [ 395.627127][ T7759] 2 locks held by syz.6.800/7759: [ 395.632150][ T7759] #0: ffff88801ff03d18 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xf9/0x7d0 [ 395.641563][ T7759] #1: ffff8881477fc468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90 [ 395.650784][ T7759] [ 395.650784][ T7759] stack backtrace: [ 395.656669][ T7759] CPU: 0 PID: 7759 Comm: syz.6.800 Not tainted syzkaller #0 [ 395.663952][ T7759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 395.674012][ T7759] Call Trace: [ 395.677315][ T7759] [ 395.680258][ T7759] dump_stack_lvl+0x168/0x230 [ 395.684953][ T7759] ? load_image+0x3b0/0x3b0 [ 395.689510][ T7759] ? show_regs_print_info+0x20/0x20 [ 395.694730][ T7759] ? print_circular_bug+0x12b/0x1a0 [ 395.699935][ T7759] check_noncircular+0x274/0x310 [ 395.704889][ T7759] ? add_chain_block+0x940/0x940 [ 395.709826][ T7759] ? lockdep_lock+0xdc/0x1e0 [ 395.714426][ T7759] ? mark_lock+0x94/0x320 [ 395.718763][ T7759] __lock_acquire+0x2c33/0x7c60 [ 395.723627][ T7759] ? __lock_acquire+0x13ad/0x7c60 [ 395.728805][ T7759] ? verify_lock_unused+0x140/0x140 [ 395.734013][ T7759] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 395.739999][ T7759] ? verify_lock_unused+0x140/0x140 [ 395.745204][ T7759] ? verify_lock_unused+0x140/0x140 [ 395.750404][ T7759] ? memset+0x1e/0x40 [ 395.754400][ T7759] lock_acquire+0x197/0x3f0 [ 395.758902][ T7759] ? flush_workqueue+0x126/0x1380 [ 395.763935][ T7759] ? finish_task_switch+0x1e4/0x640 [ 395.769134][ T7759] ? __mutex_trylock_common+0x14f/0x250 [ 395.774675][ T7759] ? read_lock_is_recursive+0x10/0x10 [ 395.780050][ T7759] ? __init_swait_queue_head+0xa5/0x150 [ 395.785600][ T7759] flush_workqueue+0x142/0x1380 [ 395.790446][ T7759] ? flush_workqueue+0x126/0x1380 [ 395.795466][ T7759] ? __lock_acquire+0x7c60/0x7c60 [ 395.800491][ T7759] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 395.805863][ T7759] ? rcu_work_rcufn+0x110/0x110 [ 395.810711][ T7759] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 395.816371][ T7759] ? finish_wait+0xc0/0x1d0 [ 395.820874][ T7759] drain_workqueue+0xcf/0x380 [ 395.825561][ T7759] destroy_workqueue+0x7b/0xb20 [ 395.830435][ T7759] __loop_clr_fd+0x234/0xb90 [ 395.835053][ T7759] ? lo_release+0x172/0x1f0 [ 395.839566][ T7759] ? lo_open+0x100/0x100 [ 395.843812][ T7759] blkdev_put+0x53f/0x7d0 [ 395.848145][ T7759] blkdev_close+0x76/0xa0 [ 395.852472][ T7759] ? blkdev_open+0x2c0/0x2c0 [ 395.857055][ T7759] __fput+0x234/0x930 [ 395.861034][ T7759] task_work_run+0x125/0x1a0 [ 395.865619][ T7759] exit_to_user_mode_loop+0x10f/0x130 [ 395.871001][ T7759] exit_to_user_mode_prepare+0xee/0x180 [ 395.876549][ T7759] syscall_exit_to_user_mode+0x16/0x40 [ 395.882010][ T7759] do_syscall_64+0x58/0xa0 [ 395.886425][ T7759] ? clear_bhb_loop+0x30/0x80 [ 395.891095][ T7759] ? clear_bhb_loop+0x30/0x80 [ 395.895779][ T7759] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 395.901704][ T7759] RIP: 0033:0x7fbe1c056749 [ 395.906126][ T7759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 395.925753][ T7759] RSP: 002b:00007fff8fd37af8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 395.934172][ T7759] RAX: 0000000000000000 RBX: 00007fbe1c2aeda0 RCX: 00007fbe1c056749 [ 395.942150][ T7759] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 395.950149][ T7759] RBP: 00007fbe1c2aeda0 R08: 000000000000cfb4 R09: 000000158fd37def [ 395.958117][ T7759] R10: 00007fbe1c2aecb0 R11: 0000000000000246 R12: 000000000006065d [ 395.966083][ T7759] R13: 00007fbe1c2ad090 R14: ffffffffffffffff R15: 00007fff8fd37c10 [ 395.974149][ T7759] [ 395.977221][ C0] vkms_vblank_simulate: vblank timer overrun [ 396.081831][ T4194] usb 5-1: can't set config #0, error -71 [ 396.154059][ T4194] usb 5-1: USB disconnect, device number 11