last executing test programs: 3m31.772909897s ago: executing program 32 (id=13488): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7fe}, 0x10) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@getneigh={0x14, 0x1e, 0xe05, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x40000) 3m13.467294337s ago: executing program 5 (id=13740): setresuid(0xee00, 0xee01, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCDELRT(r0, 0x891c, &(0x7f0000000200)={0x0, {0x2, 0x4e23, @private=0xa010101}, {0x2, 0x4e24, @multicast2}, {0x2, 0x4e24, @loopback}, 0x320, 0x0, 0x0, 0x0, 0x5, 0x0, 0x8, 0x80f, 0x2}) 3m13.319345703s ago: executing program 5 (id=13742): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000080)=0x1, 0x0) ioctl$sock_bt_hci(r0, 0x800448d2, &(0x7f0000000080)) 3m13.067801641s ago: executing program 5 (id=13747): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001d00000020000180140002006e657464657673696d30000000000000080003"], 0x34}}, 0x0) 3m12.765844049s ago: executing program 5 (id=13753): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x12, &(0x7f0000000100), 0x1, 0x4c4, &(0x7f0000003700)="$eJzs209sFNUfAPDvbHdpCz9+9McPURB1EY2NxhYKCgcvGE08YGLEgx6bthCkUENrIoRISQweDYl349GrB6/qzXgy8YpHE0NCDBfA05rZnWn3b2nLtgvs55Ns+97sm3nvu/Pe7Nt5uwH0rXL6J4n4T0TciIgdtWxjgXLt393bl6fu3b48FYuVysm/k2q5O2k+k++3LcuMFiIKXyRNB6yZv3jp7OTs7MyFLD++cO6T8fmLl149c27y9MzpmfMTx44dOXzo6OsTr609qDb1pXHd2fv53L4973x0/d2pYr59KPtfH0e3lKPcrilVL3a7sh7bXpdOij1sCGsyEBHp6SpVx/+OGAgnD/pFpVKpDHZ+erHS7GrLFuCRlUSvWwD0Rv5Gn37+zR+bNPV4KNw6XvsAlMZ9N3vUnilGIStTavp8m1vsQv1DEfHh4j/fpI/YoPsQAAD1fjqezwQb5n+XD0TE7rpy/83WUEYi4n8RsTMi/h8RuyLiiazskxHxVNPxyxFRWaH+clO+df5TuPmgMa4knf+9ka1tNc7/8tlfjAxkue0R+YR55mD2moxGafDUmdmZQ/UHTRrXoH5+6/evOtVfrpv/pY+0/nwumLXjZrHpBt305MLkAweeuTUasbfYHH9STAOorQQMV//uiYi9azjuSF36zMvf7VvKlBrLtY+/ZdWsUt2ypWlrF5YqKt9GvFQ7/4vRcP6X25CsvD45PhSzMwfH015wsG0dv/527b1O9d/3/P/wZ/Mubx/98eSDhr3k1tWIrXX9P/L12+X4R5KIZGm9dn7tdVz748uOn2lW1/+vNOyT9v8tyQfVdN4lPptcWLhwKGJLcqJ1+8Tyvnk+L5/GP3qg/fjfme2TvhJPR0TaiZ+JiGcj4rms7fsj4vmIOLBC/L+8+cLH649/Y6XxT7e9/jWc/+X1+vkTeeLiahMDZ/ffuNfh4rG683+kmhrNtrS//iUNF43VNrALLyEAAAA89ApR/e5/YWwpXSiMjdXuAe2KrYXZufmFV07NfXp+uvYbgZEoFfI7XbX7waUkv/85UpefaMofzu4bfz0wXM2PTc3NTvc6eOhz26pjPmkZ/6m/BnrdOmDD+ckP9K+2479uOW339U1sDLCpvP9D/6ob/51+07LomzLweGr//l/a9HYAm6/d+L+yjn2AR0vFWIa+ZvxD/yrG+0vpworlgMeNcQ19afW/4l9PojLY/qmhaC0cQxvTjOE2dfUkkc6selL78Hr2yr/+1bFMFO53nGJDHxuM1jID0ZNzcXp31zt/JfuufLeb+v3K4zSfrm/AC7W51yEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICN8m8AAAD//2+z1xU=") syz_mount_image$fuse(0x0, &(0x7f00000002c0)='./bus\x00', 0x322020, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@uuid_off}]}) 3m12.247345454s ago: executing program 5 (id=13761): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf1, 0xba9f, &(0x7f0000000440)) r0 = epoll_create(0x9) fstat(r0, &(0x7f0000000040)) 3m11.609785876s ago: executing program 5 (id=13776): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x24, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_CLPDOI={0x8}]}, 0x24}}, 0x0) 3m11.305933621s ago: executing program 33 (id=13776): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x24, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_CLPDOI={0x8}]}, 0x24}}, 0x0) 2m33.008881077s ago: executing program 6 (id=14352): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001980)={0x9, {"a2e3ad084fc752f91b4d09094bf70e0dd038e7ff7fc6e5539b3241078b089b32373b6d1a0890e0878f0e1ac6e7049b074a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d346d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df0784c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d618e462071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af44863c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000510b00", 0x1000}}, 0x1006) 2m32.808285241s ago: executing program 6 (id=14357): setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0x400, @loopback, 0x1}, @in6={0xa, 0x4e20, 0xfffffff8, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x200}], 0x38) r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x141000, 0x0) pidfd_send_signal(r0, 0x3f, &(0x7f0000000080)={0x4003b, 0x8000, 0x7}, 0x0) 2m32.589110301s ago: executing program 6 (id=14362): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000100)=0xfffffff7, 0x4) sendmmsg$inet6(r0, &(0x7f0000000e40)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0xfffffffd, @local, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=[@pktinfo={{0x24, 0x29, 0x32, {@local}}}], 0x28, 0x7ffffff7}}], 0x1, 0x0) 2m32.393282402s ago: executing program 6 (id=14367): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000fcffffff0000000000000000850000004100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000004000002850000008600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 2m32.170602773s ago: executing program 6 (id=14373): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) mknod$loop(&(0x7f00000190c0)='./file0\x00', 0xfff, 0x0) 2m32.044825855s ago: executing program 6 (id=14376): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f0000000900)=ANY=[@ANYBLOB="180000000000000000000000090000006110000000000000620e00000000000095"], &(0x7f0000000180)='GPL\x00', 0xc, 0xd7, &(0x7f0000000700)=""/215}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x18, 0x5, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5}, 0x94) 2m16.930716612s ago: executing program 34 (id=14376): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f0000000900)=ANY=[@ANYBLOB="180000000000000000000000090000006110000000000000620e00000000000095"], &(0x7f0000000180)='GPL\x00', 0xc, 0xd7, &(0x7f0000000700)=""/215}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x18, 0x5, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5}, 0x94) 1m31.696789315s ago: executing program 1 (id=15429): ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0x40405515, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b4, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x8, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x6, 0xfffffffffffffbff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000, 0x0, 0x0, 0x2000000, 0xfffffffffffffffc, 0x100000000, 0x40, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x7ad, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0xf290, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8]}) r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000040)={r0, r0, r0}, 0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={'xxhash64-generic\x00'}}) 1m31.340234516s ago: executing program 1 (id=15439): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 1m31.023340876s ago: executing program 1 (id=15443): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000180)=[@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000200)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000040)={0x0, @in={{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x3}, 0x90) 1m30.079223263s ago: executing program 1 (id=15466): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0x8) 1m29.984679529s ago: executing program 1 (id=15469): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802, 0x0, 0x1, 0x7}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000005200010003000000000000000a"], 0x20}}, 0x0) 1m29.616277364s ago: executing program 1 (id=15477): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) 1m29.382554478s ago: executing program 35 (id=15477): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) 1m15.466018781s ago: executing program 4 (id=15694): unshare(0x8000000) r0 = semget(0x1, 0x4, 0x3c4) semtimedop(r0, &(0x7f0000000000)=[{0x1, 0x950, 0x3800}], 0x1, 0x0) 1m15.343603013s ago: executing program 4 (id=15697): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x58, r1, 0x1, 0x0, 0x0, {0x4}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wlan1\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, 0x58}}, 0x0) 1m15.257430736s ago: executing program 4 (id=15700): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000006c0)={0x48, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@ETHTOOL_A_FEATURES_WANTED={0x1c, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}]}]}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x818}, 0x20000004) 1m15.112680005s ago: executing program 4 (id=15703): syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0xcc04, &(0x7f0000000880)=ANY=[@ANYBLOB='dots,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c6e6f646f74732c646f74732c74696d655f6f66667365743d3078303030303030303030303030303264382c646f74732c646f74732c6e6f646f74732c6e6f646f74732c646f74732c646f74732c6e6f646f74732c6e6f646f74732c636865636b3d72656c617865642c666c7573682c64656275672c646f74732c73686f77657865632c6e6f646f74732c6572726f72733d636f6e74696e75652c646f74732c71756965742c003fa5bfd3e968f92d300444698c6f8d94d8b46ce3ce652bc8f6"], 0x1, 0x220, &(0x7f0000000440)="$eJzs3c1uElEUAOAzLS1gXHRnYmIyxoWuGvUJakxNjCQmNSx010RWnVXZQDftY/gKvoxP4QOYrrrQjKkzAy1QpA0/Qb9vw2HOPZd7mTDMhkMehe8PvkSjkcTGXuzFRRI7sRGVsxhVGzsCAKyPizyPH3nh9tXuAwBgHc3w/f9ryUsCABbsw8dP7161WvsHadqIOD/rtXvt4rHIv3nb2n+e/rEzrDrv9dqbg/yLdPTe4TK/FffK/MuiPh2ktyOivR3PnhT5y9zr9630en09Pk9Zd3NO+wcAAAAAAAAAAAAAAAAAAAAAgFV4FGllYn+f3d3RfLPMF8+u9Aca6d9Ti4dVe+Bhe6D8dBmbAgAAAAAAAAAAAAAAAAAAgDXT7Z8cHWZZ53gY1CNicGQn69QmjLk5SMqJZxo8U5DMaZ6JwUbcrbxZbjPLOt9+3q48Kd+iRWxnGDQnn9xZgqgtcmHLCNJ5TVivTvN4qhnJlPI8vwyufwqiDKq2GDeWb0fE9IU9Pbjrvi7yPM++Pj7u9iOfOnh4jagv7WoEAAAAAAAAAAAAAAAAAAD/tyu/+h7T2FzFigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg+br9k+pf/k+ODrOsc9ztzxycRsT9+Ovg6rW2orG6jQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBP+x0AAP//JtMcXQ==") mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x80, 0x0) mount$tmpfs(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x84022, &(0x7f0000000000)={[{@nr_inodes={'nr_inodes', 0x3d, [0x35]}}, {@size={'size', 0x3d, [0x6b]}}]}) 1m14.924417379s ago: executing program 4 (id=15708): setuid(0xee00) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000140), 0x4) 1m14.533836033s ago: executing program 4 (id=15715): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x24, r1, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x900}, 0x4000000) 1m14.218302696s ago: executing program 36 (id=15715): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x24, r1, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x900}, 0x4000000) 14.815186151s ago: executing program 8 (id=17094): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x18, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x10}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r0}, {}, {0x15, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 14.759018053s ago: executing program 8 (id=17095): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000090000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000004480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004260000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 14.690007563s ago: executing program 8 (id=17096): r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x3000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) 14.634004592s ago: executing program 8 (id=17097): syz_clone3(&(0x7f0000000640)={0x182841600, &(0x7f0000000180)=0xffffffffffffffff, 0x0, 0x0, {0x6}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") pidfd_getfd(r0, r0, 0x0) 14.543780135s ago: executing program 8 (id=17098): unshare(0xc000400) r0 = socket$unix(0x1, 0x1, 0x0) connect$unix(r0, 0x0, 0x0) 14.239037118s ago: executing program 8 (id=17099): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) semctl$IPC_INFO(0x0, 0x1, 0x3, 0x0) 14.01655118s ago: executing program 37 (id=17099): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) semctl$IPC_INFO(0x0, 0x1, 0x3, 0x0) 3.580363239s ago: executing program 2 (id=17260): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000040)=0x8) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000140)) 3.366648016s ago: executing program 2 (id=17264): r0 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x10, 0x0, 0x1300) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000001380)=@in6={0xa, 0x6e21, 0x0, @loopback, 0x1000000}, 0x80, 0x0}, 0x2004c849) 3.273013233s ago: executing program 2 (id=17267): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000005c00), r0) sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000005d00)={0x0, 0x0, &(0x7f0000005cc0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="11072bbd7000fedbdf250a000000080003009c"], 0x1c}, 0x1, 0xf0ffff, 0x0, 0x4000084}, 0x10) 3.186774857s ago: executing program 2 (id=17268): syz_usb_connect(0x5, 0x27, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xb7, 0x5c, 0x7f, 0x40, 0x547, 0x201, 0x1164, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa2, 0xcd, 0xd2}}]}}]}}, 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000240)={&(0x7f0000000200)=[{0xf, 0x1200, 0x1, &(0x7f0000000080)='4'}], 0x1}) 2.28972641s ago: executing program 0 (id=17281): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x0, 0x0, "3eccd8f9d20000000000001000000200"}) 2.249352326s ago: executing program 0 (id=17282): mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x8, 0x32, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x18, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8b, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0xc2}}, {}, [@alu={0x7, 0x0, 0x1, 0x6, 0x7, 0x0, 0x4}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x80010}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000000)='syzkaller\x00', 0xa, 0x1001, &(0x7f0000001cc0)=""/4097, 0x41100, 0x2f}, 0x94) 2.177310527s ago: executing program 0 (id=17283): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000240)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000480)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x20}, 0x5000) 2.142917857s ago: executing program 0 (id=17284): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000340)={0x1f, 0x0, 0x1}, 0x6) write(r0, &(0x7f0000000040)="05000000", 0x4) 2.06644455s ago: executing program 0 (id=17287): r0 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$USBDEVFS_FREE_STREAMS(r1, 0x8008551d, &(0x7f00000004c0)=ANY=[]) 1.881756012s ago: executing program 0 (id=17291): syz_usb_connect(0x5, 0x24, &(0x7f0000002040)=ANY=[@ANYBLOB="12010000fe76181004160780a6af011703010902120001000000000904"], 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0xfffffffffffffffd, 0x183003) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f00000011c0)=""/230) 1.548007526s ago: executing program 7 (id=17299): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0x14}, @NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0x88}, @NFTA_HASH_MODULUS={0x8}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x8c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) 1.514989526s ago: executing program 7 (id=17300): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)={0x34, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_REG_RULES={0x10, 0x22, 0x0, 0x1, [{0x4}, {0x4}, {0x4}]}, @NL80211_ATTR_DFS_REGION={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) 1.459822628s ago: executing program 7 (id=17301): syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) ioprio_set$pid(0x2, 0x0, 0x4007) 970.917688ms ago: executing program 9 (id=17305): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 970.4627ms ago: executing program 9 (id=17306): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x2, 0xa, 0xcc9, 0x5, 0x7, 0x5, 0x0, 0xefb, 0x1, 0x6, 0x1, 0x6, 0x101, 0x1000, 0x1a449, 0x800, 0x40000007, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x5, 0x0, 0xfffffff8]}) 919.116378ms ago: executing program 9 (id=17307): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000140)={0x3, 0x8001, 0x0, 0x400fe02, 0x1, "4ae23ae1179c12747512740bba94224cbad08f", 0x7, 0x2}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0xba) 857.401648ms ago: executing program 9 (id=17308): r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bc00d08e36655c00"}) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000300)=@urb_type_iso={0x0, {0x1, 0x1}, 0x10000, 0x3, 0x0, 0x0, 0x2, 0x1c0, 0x1, 0x10000, 0x1ff, 0x0, [{0x8, 0x9, 0x4}]}) 856.889872ms ago: executing program 9 (id=17309): socket$inet6_tcp(0xa, 0x1, 0x0) pselect6(0x40, &(0x7f0000001500)={0x0, 0x6, 0xffffffffffffffff, 0x3, 0x5, 0x80000, 0x3, 0x9}, 0x0, &(0x7f0000000080)={0x9, 0x0, 0x8, 0xf, 0x3, 0x2, 0x5, 0xfff}, &(0x7f00000015c0)={0x0, 0x3938700}, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) 751.591783ms ago: executing program 9 (id=17310): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000000000020700cb6f00000000000010902240001000090000904000001030000000921fcff000122030009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000580)=ANY=[@ANYBLOB="000c1c"], 0x0, 0x0, 0x0, 0x0}, 0x0) 679.682222ms ago: executing program 7 (id=17311): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380"], 0x44}}, 0x20008000) 633.561412ms ago: executing program 7 (id=17312): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8982, &(0x7f0000000100)={0x7, 'vlan0\x00', {0xe}, 0x9}) 596.944519ms ago: executing program 7 (id=17313): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x58, 0x5) 366.9366ms ago: executing program 3 (id=17315): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r0, &(0x7f0000000200), 0x0}, 0x20) 319.535542ms ago: executing program 3 (id=17316): keyctl$clear(0x3, 0xfffffffffffffffd) keyctl$set_reqkey_keyring(0xe, 0x4) request_key(&(0x7f0000000340)='user\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='q\xa9', 0x0) 258.421322ms ago: executing program 3 (id=17317): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') getdents64(r0, &(0x7f0000002080)=""/4108, 0x100c) getdents64(r0, 0x0, 0x0) 193.462952ms ago: executing program 3 (id=17318): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x3) mount(0x0, &(0x7f0000003c40)='./file0\x00', &(0x7f0000000040)='proc\x00', 0x0, 0x0) removexattr(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)=@known='system.posix_acl_access\x00') 111.348094ms ago: executing program 3 (id=17319): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}}) 111.247313ms ago: executing program 2 (id=17320): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)) ioctl$SG_IO(r0, 0x2285, &(0x7f00000002c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000640)="4651a226c504", 0x0, 0x5, 0x0, 0x1, 0x0}) 615.795µs ago: executing program 3 (id=17321): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) r0 = io_uring_setup(0x4, &(0x7f0000000040)={0x0, 0xb68c, 0x1c803, 0x82, 0x20002f7}) io_uring_enter(r0, 0x6250, 0x366, 0x30, 0x0, 0x0) 0s ago: executing program 2 (id=17322): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000000)=0x201, 0x4) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="240000004a00030000000000000000000a007800", @ANYBLOB='\x00\x00\x00\x00\b'], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) kernel console output (not intermixed with test programs): 869.097352][ T5924] usb 2-1: Using ep0 maxpacket: 8 [ 869.120609][ T5924] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 869.144894][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 869.171572][ T5924] usb 2-1: Product: syz [ 869.181699][ T5924] usb 2-1: Manufacturer: syz [ 869.191823][ T5924] usb 2-1: SerialNumber: syz [ 869.209832][ T5924] usb 2-1: config 0 descriptor?? [ 869.236061][ T5924] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244) [ 869.655392][ T5924] radio-usb-si4713 2-1:0.0: probe with driver radio-usb-si4713 failed with error -71 [ 869.694975][ T5924] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 869.697006][T16475] CUSE: unknown device info "€" [ 869.708767][T16475] CUSE: unknown device info "" [ 869.713977][T16475] CUSE: unknown device info "" [ 869.721325][ T5924] usb 2-1: USB disconnect, device number 33 [ 869.728367][T16475] CUSE: unknown device info "€" [ 869.738267][T16475] CUSE: zero length info key specified [ 870.248454][T16509] proc: Bad value for 'gid' [ 871.402753][T16578] pim6reg: entered allmulticast mode [ 871.434845][T16578] pim6reg: left allmulticast mode [ 871.853311][T16598] netlink: 'syz.0.14555': attribute type 30 has an invalid length. [ 872.478878][T16630] netlink: 'syz.0.14566': attribute type 3 has an invalid length. [ 873.198267][T16666] GUP no longer grows the stack in syz.0.14581 (16666): 200000005000-200000008000 (200000004000) [ 873.245395][T16666] CPU: 1 UID: 0 PID: 16666 Comm: syz.0.14581 Not tainted syzkaller #0 PREEMPT(full) [ 873.245424][T16666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 873.245437][T16666] Call Trace: [ 873.245447][T16666] [ 873.245457][T16666] dump_stack_lvl+0x189/0x250 [ 873.245491][T16666] ? __pfx_dump_stack_lvl+0x10/0x10 [ 873.245516][T16666] ? __pfx__printk+0x10/0x10 [ 873.245539][T16666] ? find_vma+0xe7/0x160 [ 873.245572][T16666] fixup_user_fault+0x661/0x720 [ 873.245607][T16666] fault_in_user_writeable+0x72/0xe0 [ 873.245631][T16666] futex_lock_pi+0x773/0xa90 [ 873.245666][T16666] ? __pfx_futex_lock_pi+0x10/0x10 [ 873.245723][T16666] ? __pfx_futex_wake_mark+0x10/0x10 [ 873.245761][T16666] ? __pfx_userfaultfd_unmap_complete+0x10/0x10 [ 873.245795][T16666] do_futex+0x292/0x420 [ 873.245828][T16666] ? __pfx_do_futex+0x10/0x10 [ 873.245853][T16666] ? __vm_munmap+0x2c1/0x380 [ 873.245889][T16666] __se_sys_futex+0x36f/0x400 [ 873.245919][T16666] ? __pfx___se_sys_futex+0x10/0x10 [ 873.245946][T16666] ? __x64_sys_futex+0x21/0xf0 [ 873.245970][T16666] do_syscall_64+0xfa/0xfa0 [ 873.245995][T16666] ? lockdep_hardirqs_on+0x9c/0x150 [ 873.246020][T16666] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 873.246039][T16666] ? clear_bhb_loop+0x60/0xb0 [ 873.246061][T16666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 873.246080][T16666] RIP: 0033:0x7f617558eec9 [ 873.246097][T16666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 873.246113][T16666] RSP: 002b:00007f617647d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 873.246133][T16666] RAX: ffffffffffffffda RBX: 00007f61757e5fa0 RCX: 00007f617558eec9 [ 873.246146][T16666] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000 [ 873.246159][T16666] RBP: 00007f6175611f91 R08: 0000000000000000 R09: 0000000000000000 [ 873.246173][T16666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 873.246187][T16666] R13: 00007f61757e6038 R14: 00007f61757e5fa0 R15: 00007ffd18e2b6d8 [ 873.246231][T16666] [ 873.460575][ C1] vkms_vblank_simulate: vblank timer overrun [ 873.810843][T16684] rdma_op ffff8880326a99f0 conn xmit_rdma 0000000000000000 [ 873.862715][T16683] sp0: Synchronizing with TNC [ 874.559324][T16729] tc_dump_action: action bad kind [ 874.704975][ T980] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 874.737262][T16741] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14602'. [ 874.754691][T16741] nbd: socks must be embedded in a SOCK_ITEM attr [ 874.867361][ T980] usb 5-1: Using ep0 maxpacket: 16 [ 874.881589][ T980] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 874.894933][ T980] usb 5-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00 [ 874.914993][ T5990] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 874.933695][ T980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 874.975170][ T980] usb 5-1: config 0 descriptor?? [ 875.095127][ T5990] usb 2-1: Using ep0 maxpacket: 16 [ 875.112800][ T5990] usb 2-1: config index 0 descriptor too short (expected 5412, got 36) [ 875.136973][ T5990] usb 2-1: config 248 has too many interfaces: 165, using maximum allowed: 32 [ 875.165826][ T5990] usb 2-1: config 248 has an invalid descriptor of length 0, skipping remainder of the config [ 875.195728][ T5990] usb 2-1: config 248 has 0 interfaces, different from the descriptor's value: 165 [ 875.239390][ T5990] usb 2-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 875.260520][ T5990] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 875.420022][ T980] sony 0003:1345:3008.0026: unknown main item tag 0x0 [ 875.457871][ T980] sony 0003:1345:3008.0026: unknown main item tag 0x0 [ 875.477610][ T980] sony 0003:1345:3008.0026: unknown main item tag 0x0 [ 875.485998][ T980] sony 0003:1345:3008.0026: unknown main item tag 0x0 [ 875.503594][ T5990] usb 2-1: string descriptor 0 read error: -71 [ 875.514438][ T980] sony 0003:1345:3008.0026: unknown main item tag 0x0 [ 875.536637][ T5990] usb 2-1: USB disconnect, device number 34 [ 875.553113][ T980] sony 0003:1345:3008.0026: unknown main item tag 0x0 [ 875.590312][ T980] sony 0003:1345:3008.0026: unknown main item tag 0x0 [ 875.598378][ T980] sony 0003:1345:3008.0026: unknown main item tag 0x0 [ 875.626138][ T980] sony 0003:1345:3008.0026: unknown main item tag 0x0 [ 875.643396][ T980] sony 0003:1345:3008.0026: unknown main item tag 0x0 [ 875.767412][ T980] sony 0003:1345:3008.0026: hiddev0,hidraw0: USB HID v80.00 Device [HID 1345:3008] on usb-dummy_hcd.4-1/input0 [ 875.808926][ T980] sony 0003:1345:3008.0026: failed to claim input [ 875.886919][ T980] usb 5-1: USB disconnect, device number 22 [ 876.011063][T16793] fido_id[16793]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 876.287917][ T5878] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 876.300036][ T5878] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 876.314982][ T5878] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 876.335164][ T5878] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 876.357408][ T5878] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 876.667897][ T1172] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 876.789928][ T30] audit: type=1326 audit(1892869091.468:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16861 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 876.829979][T16864] loop2: detected capacity change from 0 to 1024 [ 876.830982][T16864] EXT4-fs: Ignoring removed nomblk_io_submit option [ 876.845431][T16864] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 876.845457][T16864] EXT4-fs (loop2): Test dummy encryption mode enabled [ 876.845790][T16864] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (37511!=20869) [ 876.845871][T16864] EXT4-fs (loop2): group descriptors corrupted! [ 876.875800][ T30] audit: type=1326 audit(1892869091.468:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16861 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 876.875854][ T30] audit: type=1326 audit(1892869091.498:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16861 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 876.875893][ T30] audit: type=1326 audit(1892869091.498:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16861 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 876.875933][ T30] audit: type=1326 audit(1892869091.498:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16861 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 877.056727][ T1172] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 877.387409][ T1172] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 877.498114][T16904] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14641'. [ 877.619843][ T1172] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 877.666048][ T30] audit: type=1326 audit(1892869092.338:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16910 comm="syz.1.14644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcae38eec9 code=0x7ffc0000 [ 877.666105][ T30] audit: type=1326 audit(1892869092.338:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16910 comm="syz.1.14644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcae38eec9 code=0x7ffc0000 [ 877.696999][T16913] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 877.700741][ T30] audit: type=1326 audit(1892869092.378:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16910 comm="syz.1.14644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7efcae38eec9 code=0x7ffc0000 [ 877.700794][ T30] audit: type=1326 audit(1892869092.378:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16910 comm="syz.1.14644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcae38eec9 code=0x7ffc0000 [ 877.700826][ T30] audit: type=1326 audit(1892869092.378:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16910 comm="syz.1.14644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcae38eec9 code=0x7ffc0000 [ 877.857666][T16936] netlink: 24 bytes leftover after parsing attributes in process `syz.1.14647'. [ 878.027288][ C1] vkms_vblank_simulate: vblank timer overrun [ 878.275054][T16978] loop4: detected capacity change from 0 to 512 [ 878.321557][T16978] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.14653: bg 0: block 16: invalid block bitmap [ 878.402710][T16978] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 878.412221][ T5878] Bluetooth: hci4: command tx timeout [ 878.428401][T16978] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #13: comm syz.4.14653: attempt to clear invalid blocks 1669132790 len 1 [ 878.477022][T16978] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.14653: invalid indirect mapped block 4294967295 (level 1) [ 878.507242][ T1172] bridge_slave_1: left allmulticast mode [ 878.521712][T16978] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.14653: invalid indirect mapped block 4294967295 (level 2) [ 878.530373][ T1172] bridge_slave_1: left promiscuous mode [ 878.542870][ T1172] bridge0: port 2(bridge_slave_1) entered disabled state [ 878.576185][T16978] EXT4-fs (loop4): 1 truncate cleaned up [ 878.592502][ T1172] bridge_slave_0: left allmulticast mode [ 878.603036][ T1172] bridge_slave_0: left promiscuous mode [ 878.610543][ T1172] bridge0: port 1(bridge_slave_0) entered disabled state [ 878.660450][ T5931] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 878.668785][T16978] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 878.703280][T17068] netlink: 'syz.0.14658': attribute type 1 has an invalid length. [ 878.741916][T17068] netlink: 236 bytes leftover after parsing attributes in process `syz.0.14658'. [ 878.866796][ T5931] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 878.877614][ T5865] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 878.896682][ T5931] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 878.907482][ T5931] usb 2-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 878.917420][ T5931] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 878.930486][ T5931] usb 2-1: config 0 descriptor?? [ 879.372990][ T5931] steelseries 0003:1038:12B6.0027: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.1-1/input0 [ 879.559314][ T5931] steelseries 0003:1038:12B6.0027: hid_hw_raw_request() failed with -71 [ 879.589838][ T5931] usb 2-1: USB disconnect, device number 35 [ 880.008677][ T1172] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 880.026698][ T1172] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 880.038982][ T1172] bond0 (unregistering): Released all slaves [ 880.188001][T16825] chnl_net:caif_netlink_parms(): no params data found [ 880.484596][ T5878] Bluetooth: hci4: command tx timeout [ 881.493834][T16825] bridge0: port 1(bridge_slave_0) entered blocking state [ 881.512110][T16825] bridge0: port 1(bridge_slave_0) entered disabled state [ 881.556926][T16825] bridge_slave_0: entered allmulticast mode [ 881.573197][ T5931] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 881.605642][T16825] bridge_slave_0: entered promiscuous mode [ 881.627116][T16825] bridge0: port 2(bridge_slave_1) entered blocking state [ 881.644717][T16825] bridge0: port 2(bridge_slave_1) entered disabled state [ 881.652531][T16825] bridge_slave_1: entered allmulticast mode [ 881.679474][T16825] bridge_slave_1: entered promiscuous mode [ 881.755192][ T5931] usb 2-1: Using ep0 maxpacket: 16 [ 881.772284][ T5931] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 881.797644][ T5931] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 881.820419][ T5931] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 881.849803][ T5931] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 881.859460][ T5931] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 881.916313][ T5931] usb 2-1: config 0 descriptor?? [ 882.153064][T16825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 882.239676][ T1172] hsr_slave_0: left promiscuous mode [ 882.283883][ T1172] hsr_slave_1: left promiscuous mode [ 882.298017][ T1172] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 882.334536][ T1172] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 882.347596][ T1172] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 882.384867][ T1172] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 882.408622][ T5931] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0028/input/input99 [ 882.486556][ T1172] veth1_macvtap: left promiscuous mode [ 882.506601][ T5931] microsoft 0003:045E:07DA.0028: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 882.519486][ T1172] veth0_macvtap: left promiscuous mode [ 882.542354][ T1172] veth1_vlan: left promiscuous mode [ 882.549285][T17350] netlink: 'syz.2.14705': attribute type 1 has an invalid length. [ 882.558330][ T1172] veth0_vlan: left promiscuous mode [ 882.566294][ T5878] Bluetooth: hci4: command tx timeout [ 882.620343][ T5931] usb 2-1: USB disconnect, device number 36 [ 882.755305][T17375] netlink: 'syz.0.14708': attribute type 3 has an invalid length. [ 882.781128][T17375] netlink: 'syz.0.14708': attribute type 1 has an invalid length. [ 882.801914][T17375] netlink: 192 bytes leftover after parsing attributes in process `syz.0.14708'. [ 882.804145][T17357] fido_id[17357]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 882.823068][T17375] NCSI netlink: No device for ifindex 0 [ 883.397576][T17409] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14721'. [ 883.951665][ T1172] team0 (unregistering): Port device team_slave_1 removed [ 884.008401][ T1172] team0 (unregistering): Port device team_slave_0 removed [ 884.490353][T16825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 884.644580][ T5878] Bluetooth: hci4: command tx timeout [ 884.739445][T16825] team0: Port device team_slave_0 added [ 884.773391][T16825] team0: Port device team_slave_1 added [ 884.923721][T16825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 884.941329][T16825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 885.004798][T16825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 885.031108][T16825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 885.060674][T16825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 885.125972][T16825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 885.142655][T17511] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14737'. [ 885.352677][T16825] hsr_slave_0: entered promiscuous mode [ 885.376183][T16825] hsr_slave_1: entered promiscuous mode [ 885.383023][T16825] debugfs: 'hsr0' already exists in 'hsr' [ 885.394640][T16825] Cannot create hsr debugfs directory [ 885.503407][T17564] program syz.0.14741 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 886.213113][T16825] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 886.241462][T16825] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 886.278940][T16825] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 886.331649][T16825] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 886.588173][T16825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 886.605483][ T5990] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 886.635132][T16825] 8021q: adding VLAN 0 to HW filter on device team0 [ 886.668248][ T1172] bridge0: port 1(bridge_slave_0) entered blocking state [ 886.675856][ T1172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 886.738250][ T1172] bridge0: port 2(bridge_slave_1) entered blocking state [ 886.745478][ T1172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 886.777660][ T5990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 886.824261][ T5990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 886.868319][ T5990] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 886.878883][ T5990] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 886.891309][ T5990] usb 5-1: config 0 descriptor?? [ 887.240880][T16825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 887.513095][ T5990] hid-led 0003:27B8:01ED.0029: probe with driver hid-led failed with error -71 [ 887.555898][ T5990] usb 5-1: USB disconnect, device number 23 [ 888.098648][T16825] veth0_vlan: entered promiscuous mode [ 888.140445][T16825] veth1_vlan: entered promiscuous mode [ 888.210309][T17780] ALSA: mixer_oss: invalid OSS volume '' [ 888.263864][T16825] veth0_macvtap: entered promiscuous mode [ 888.297931][T16825] veth1_macvtap: entered promiscuous mode [ 888.378160][T16825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 888.427788][T16825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 888.437087][T17798] program syz.4.14780 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 888.449150][T17794] tipc: Enabling of bearer rejected, failed to enable media [ 888.487964][ T79] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.524633][ T79] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.570156][ T79] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.596874][ T79] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 888.809302][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 888.841858][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 888.950942][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 888.978906][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 889.763363][T17879] comedi comedi3: pcm3724: I/O port conflict (0xc2,16) [ 889.881582][T17886] netlink: 24 bytes leftover after parsing attributes in process `syz.2.14803'. [ 890.229213][T17910] bpf: Bad value for 'gid' [ 890.330724][T17915] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 890.597027][T17932] netlink: 12 bytes leftover after parsing attributes in process `syz.4.14818'. [ 890.960705][T17956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14824'. [ 891.006311][T17956] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14824'. [ 891.469325][T17982] netlink: 52 bytes leftover after parsing attributes in process `syz.1.14832'. [ 891.549981][T17987] veth0_to_bond: entered allmulticast mode [ 892.074711][T18026] netlink: 48 bytes leftover after parsing attributes in process `syz.4.14844'. [ 893.013302][T18089] sp0: Synchronizing with TNC [ 894.376076][T18180] netlink: 'syz.0.14885': attribute type 4 has an invalid length. [ 894.818189][T18210] netlink: 8 bytes leftover after parsing attributes in process `syz.4.14892'. [ 894.828471][T18210] netlink: 4 bytes leftover after parsing attributes in process `syz.4.14892'. [ 894.867418][T18210] netlink: 'syz.4.14892': attribute type 14 has an invalid length. [ 895.736603][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 895.736621][ T30] audit: type=1326 audit(1892869110.418:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18284 comm="syz.2.14919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f874bf8eec9 code=0x7ffc0000 [ 895.811661][ T30] audit: type=1326 audit(1892869110.418:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18284 comm="syz.2.14919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f874bf8eec9 code=0x7ffc0000 [ 895.900785][ T30] audit: type=1326 audit(1892869110.468:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18284 comm="syz.2.14919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f874bf8eec9 code=0x7ffc0000 [ 895.957008][ T30] audit: type=1326 audit(1892869110.468:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18284 comm="syz.2.14919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f874bf8eec9 code=0x7ffc0000 [ 896.034095][ T30] audit: type=1326 audit(1892869110.468:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18284 comm="syz.2.14919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f874bf8eec9 code=0x7ffc0000 [ 896.136680][ T30] audit: type=1326 audit(1892869110.468:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18284 comm="syz.2.14919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=18 compat=0 ip=0x7f874bf8eec9 code=0x7ffc0000 [ 896.211402][ T30] audit: type=1326 audit(1892869110.468:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18284 comm="syz.2.14919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f874bf8eec9 code=0x7ffc0000 [ 896.308610][ T30] audit: type=1326 audit(1892869110.468:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18284 comm="syz.2.14919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f874bf8eec9 code=0x7ffc0000 [ 896.488127][T18330] block nbd4: not configured, cannot reconfigure [ 896.964915][T18363] netlink: 6 bytes leftover after parsing attributes in process `syz.7.14947'. [ 897.316366][T18373] loop4: detected capacity change from 0 to 4096 [ 897.341260][T18373] ntfs3: Unknown parameter 'noacl' [ 897.371099][T18373] netlink: 20 bytes leftover after parsing attributes in process `syz.4.14949'. [ 899.384614][ T5987] usb 2-1: new low-speed USB device number 37 using dummy_hcd [ 899.580351][ T5987] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 899.628059][ T5987] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 899.669588][ T5987] usb 2-1: New USB device found, idVendor=046d, idProduct=c52f, bcdDevice= 0.00 [ 899.683831][ T30] audit: type=1326 audit(1892869114.358:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18556 comm="syz.7.14998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff98518eec9 code=0x7ffc0000 [ 899.713379][ T5987] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 899.735051][ T30] audit: type=1326 audit(1892869114.388:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18556 comm="syz.7.14998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff98518eec9 code=0x7ffc0000 [ 899.760943][ T5987] usb 2-1: config 0 descriptor?? [ 900.252794][ T5987] logitech-djreceiver 0003:046D:C52F.002A: hidraw0: USB HID v0.00 Device [HID 046d:c52f] on usb-dummy_hcd.1-1/input0 [ 900.420497][ T5987] usb 2-1: USB disconnect, device number 37 [ 900.774908][ T5931] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 900.936737][ T5931] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 900.964375][ T5931] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 900.989942][ T5931] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 901.035618][ T5931] usb 5-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 901.056917][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 901.086576][ T5931] usb 5-1: config 0 descriptor?? [ 901.100564][T18635] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 901.375029][ T3289] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 901.537818][ T3289] usb 8-1: Using ep0 maxpacket: 16 [ 901.548137][ T5931] asus 0003:0B05:17E0.002B: item fetching failed at offset 2/3 [ 901.568785][ T3289] usb 8-1: unable to get BOS descriptor or descriptor too short [ 901.578048][ T5931] asus 0003:0B05:17E0.002B: Asus hid parse failed: -22 [ 901.595822][ T5931] asus 0003:0B05:17E0.002B: probe with driver asus failed with error -22 [ 901.613672][ T3289] usb 8-1: config 8 has an invalid interface number: 93 but max is 0 [ 901.632354][ T3289] usb 8-1: config 8 has no interface number 0 [ 901.649033][ T3289] usb 8-1: config 8 interface 93 altsetting 3 bulk endpoint 0xD has invalid maxpacket 64 [ 901.673638][ T3289] usb 8-1: config 8 interface 93 altsetting 3 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 901.699619][ T3289] usb 8-1: config 8 interface 93 altsetting 3 endpoint 0xA has invalid maxpacket 51373, setting to 64 [ 901.724320][ T3289] usb 8-1: config 8 interface 93 has no altsetting 0 [ 901.747522][ T3289] usb 8-1: New USB device found, idVendor=1199, idProduct=0027, bcdDevice=f6.bc [ 901.750334][ T4234] usb 5-1: USB disconnect, device number 24 [ 901.763077][ T3289] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 901.790779][ T3289] usb 8-1: Product: syz [ 901.790802][ T3289] usb 8-1: Manufacturer: syz [ 901.790819][ T3289] usb 8-1: SerialNumber: syz [ 901.800182][T18660] raw-gadget.3 gadget.7: fail, usb_ep_enable returned -22 [ 902.016256][ T3289] sierra 8-1:8.93: Sierra USB modem converter detected [ 902.041206][ T3289] usb 8-1: Sierra USB modem converter now attached to ttyUSB0 [ 902.058022][ T3289] usb 8-1: Sierra USB modem converter now attached to ttyUSB1 [ 902.088216][ T3289] usb 8-1: Sierra USB modem converter now attached to ttyUSB2 [ 902.147660][ T3289] usb 8-1: USB disconnect, device number 2 [ 902.215333][ T3289] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 902.220501][T18743] pim6reg527: entered allmulticast mode [ 902.233625][ T3289] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1 [ 902.256644][ T3289] sierra ttyUSB2: Sierra USB modem converter now disconnected from ttyUSB2 [ 902.268268][ T3289] sierra 8-1:8.93: device disconnected [ 902.727834][T18790] netlink: 28 bytes leftover after parsing attributes in process `syz.4.15028'. [ 903.059109][T18810] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 903.359419][T18827] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate. [ 903.657939][T18848] ALSA: seq fatal error: cannot create timer (-22) [ 904.376081][ T5987] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 904.557964][ T5987] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 904.582044][ T5987] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 904.606454][ T5987] usb 5-1: Product: syz [ 904.610660][ T5987] usb 5-1: Manufacturer: syz [ 904.620441][ T5987] usb 5-1: SerialNumber: syz [ 904.646988][ T5987] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 904.772716][ T5978] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 904.891588][T18934] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15074'. [ 905.708932][ T5931] usb 5-1: USB disconnect, device number 25 [ 905.857978][ T5978] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 905.884876][ T5978] ath9k_htc: Failed to initialize the device [ 905.912513][ T5931] usb 5-1: ath9k_htc: USB layer deinitialized [ 906.748462][T19067] netlink: 56 bytes leftover after parsing attributes in process `syz.7.15115'. [ 906.767221][T19071] loop1: detected capacity change from 0 to 128 [ 906.777192][T19071] EXT4-fs: Ignoring removed nomblk_io_submit option [ 906.819761][T19071] EXT4-fs (loop1): Test dummy encryption mode enabled [ 906.888981][T19071] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 906.905732][T19071] ext4 filesystem being mounted at /3118/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 906.929397][T19081] sctp: [Deprecated]: syz.7.15118 (pid 19081) Use of int in max_burst socket option. [ 906.929397][T19081] Use struct sctp_assoc_value instead [ 906.978975][T19071] EXT4-fs (loop1): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 ro. [ 907.001906][T19071] EXT4-fs (loop1): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w. [ 907.074156][ T5870] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 907.554440][T19122] loop4: detected capacity change from 0 to 1024 [ 907.766661][T19131] netlink: 60 bytes leftover after parsing attributes in process `syz.4.15131'. [ 907.777060][T19130] netlink: 60 bytes leftover after parsing attributes in process `syz.4.15131'. [ 908.187744][T19156] netlink: 60 bytes leftover after parsing attributes in process `syz.4.15138'. [ 908.754394][T19197] sch_fq: defrate 4294967295 ignored. [ 909.579181][T19266] netlink: 64 bytes leftover after parsing attributes in process `syz.4.15173'. [ 910.252464][T19317] sg_write: data in/out 49276/1 bytes for SCSI command 0x1c-- guessing data in; [ 910.252464][T19317] program syz.0.15193 not setting count and/or reply_len properly [ 910.846718][T19361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15205'. [ 911.922184][T19433] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 913.147840][T19523] netlink: 12 bytes leftover after parsing attributes in process `syz.4.15249'. [ 913.316064][ T5978] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 913.499637][ T5978] usb 8-1: config 0 has an invalid interface number: 127 but max is 1 [ 913.511337][ T5978] usb 8-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 225 [ 913.542804][ T5978] usb 8-1: config 0 has no interface number 1 [ 913.559249][ T5978] usb 8-1: config 0 interface 127 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 913.589957][ T5978] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 29 [ 913.622697][ T5978] usb 8-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 913.633384][ T5978] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 913.653307][ T5978] usb 8-1: Product: syz [ 913.664726][ T5978] usb 8-1: Manufacturer: syz [ 913.669547][ T5978] usb 8-1: SerialNumber: syz [ 913.698996][ T5978] usb 8-1: config 0 descriptor?? [ 913.725759][ T5978] usb-storage 8-1:0.127: USB Mass Storage device detected [ 913.745820][ T5978] usb-storage 8-1:0.127: Quirks match for vid 1908 pid 1315: 20000 [ 913.799690][ T5978] usb-storage 8-1:0.0: USB Mass Storage device detected [ 913.813073][ T5978] usb-storage 8-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 913.959094][ T5931] usb 8-1: USB disconnect, device number 3 [ 914.741792][T19656] loop4: detected capacity change from 0 to 128 [ 915.350481][T19684] xt_l2tp: unknown flags: 51 [ 915.770492][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 915.770510][ T30] audit: type=1326 audit(1892869130.448:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19709 comm="syz.4.15301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 915.820598][ T30] audit: type=1326 audit(1892869130.448:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19709 comm="syz.4.15301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 915.845074][ T30] audit: type=1326 audit(1892869130.488:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19709 comm="syz.4.15301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 915.912048][ T30] audit: type=1326 audit(1892869130.498:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19709 comm="syz.4.15301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 915.938133][ T30] audit: type=1326 audit(1892869130.498:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19709 comm="syz.4.15301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 916.006908][ T30] audit: type=1326 audit(1892869130.498:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19709 comm="syz.4.15301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 916.094668][ T30] audit: type=1326 audit(1892869130.498:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19709 comm="syz.4.15301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 916.162728][ T30] audit: type=1326 audit(1892869130.498:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19709 comm="syz.4.15301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 916.260137][T19736] can0: slcan on ptm0. [ 916.347495][T19734] can0 (unregistered): slcan off ptm0. [ 916.663420][T19784] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 916.663420][T19784] The task syz.7.15316 (19784) triggered the difference, watch for misbehavior. [ 918.228631][ T6027] printk: udevd: 11 output lines suppressed due to ratelimiting [ 918.965567][T19938] netlink: 92 bytes leftover after parsing attributes in process `syz.4.15379'. [ 918.985027][T19939] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false [ 919.003228][T19938] netlink: 24 bytes leftover after parsing attributes in process `syz.4.15379'. [ 919.012948][T19938] netlink: 24 bytes leftover after parsing attributes in process `syz.4.15379'. [ 919.298143][T19960] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144 [ 919.318175][T19965] loop2: detected capacity change from 0 to 128 [ 919.460750][T19971] netlink: 'syz.0.15393': attribute type 2 has an invalid length. [ 919.577410][T19981] tipc: Enabled bearer , priority 10 [ 920.042378][T20014] netlink: 88 bytes leftover after parsing attributes in process `syz.2.15412'. [ 920.623358][ T79] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 920.656847][ T3289] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 920.665578][ T79] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 920.848503][T20074] netlink: 'syz.7.15437': attribute type 5 has an invalid length. [ 920.929470][T20079] netlink: 116 bytes leftover after parsing attributes in process `syz.7.15440'. [ 921.164946][ T3289] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 921.446104][ T3289] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 921.860990][T20122] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 922.361455][T20153] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1340 [ 922.399498][ T30] audit: type=1326 audit(1892869137.078:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20154 comm="syz.2.15471" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f874bf8eec9 code=0x0 [ 922.595947][T12257] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 922.692254][T12257] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 922.795366][T12257] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 922.890248][T12257] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 923.376577][T20201] usb usb8: usbfs: process 20201 (syz.2.15488) did not claim interface 7 before use [ 923.410744][ T5861] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 923.443898][ T5861] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 923.455112][ T5861] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 923.463258][ T5861] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 923.471444][ T5861] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 923.918938][T20232] program syz.2.15501 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 924.036338][T12257] dvmrp0 (unregistering): left allmulticast mode [ 925.044875][ C0] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 925.305422][T12257] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 925.315699][T12257] bond0 (unregistering): Released all slaves [ 925.328673][T12257] bond1 (unregistering): Released all slaves [ 925.463180][T12257] bond2 (unregistering): Released all slaves [ 925.527214][ T5861] Bluetooth: hci3: command tx timeout [ 925.603681][T12257] bond3 (unregistering): Released all slaves [ 925.618522][T12257] bond4 (unregistering): Released all slaves [ 925.630030][T20261] Falling back ldisc for ttyS3. [ 925.637007][T20202] netlink: 16 bytes leftover after parsing attributes in process `syz.4.15489'. [ 925.780216][T12257] tipc: Disabling bearer [ 925.786692][T12257] tipc: Left network mode [ 926.672544][ T30] audit: type=1326 audit(1892869141.348:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20321 comm="syz.4.15526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 926.715695][ T30] audit: type=1326 audit(1892869141.348:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20321 comm="syz.4.15526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 926.752043][ T30] audit: type=1326 audit(1892869141.348:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20321 comm="syz.4.15526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 926.798911][ T30] audit: type=1326 audit(1892869141.348:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20321 comm="syz.4.15526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 926.821360][ C1] vkms_vblank_simulate: vblank timer overrun [ 926.858513][ T30] audit: type=1326 audit(1892869141.348:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20321 comm="syz.4.15526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 926.926353][ T30] audit: type=1326 audit(1892869141.388:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20321 comm="syz.4.15526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=326 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 926.976102][T20203] chnl_net:caif_netlink_parms(): no params data found [ 926.993214][ T30] audit: type=1326 audit(1892869141.388:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20321 comm="syz.4.15526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 927.036587][ T30] audit: type=1326 audit(1892869141.388:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20321 comm="syz.4.15526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031898eec9 code=0x7ffc0000 [ 927.152899][T20411] bridge1: entered promiscuous mode [ 927.161172][T20411] bridge1: entered allmulticast mode [ 927.172562][T20411] team0: Port device bridge1 added [ 927.221719][T20419] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15531'. [ 927.377604][T20203] bridge0: port 1(bridge_slave_0) entered blocking state [ 927.399149][T20203] bridge0: port 1(bridge_slave_0) entered disabled state [ 927.424933][T20203] bridge_slave_0: entered allmulticast mode [ 927.440477][T20203] bridge_slave_0: entered promiscuous mode [ 927.464075][T20203] bridge0: port 2(bridge_slave_1) entered blocking state [ 927.471788][T20203] bridge0: port 2(bridge_slave_1) entered disabled state [ 927.488988][T20203] bridge_slave_1: entered allmulticast mode [ 927.503028][T20203] bridge_slave_1: entered promiscuous mode [ 927.614744][ T5861] Bluetooth: hci3: command tx timeout [ 927.731410][T20203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 927.752439][T20203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 927.795731][T20517] btrfs: Unexpected value for 'norecovery' [ 928.066487][T20203] team0: Port device team_slave_0 added [ 928.156044][T20203] team0: Port device team_slave_1 added [ 928.477903][T20203] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 928.504166][T20203] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 928.531461][T20203] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 928.550371][T20615] program syz.7.15564 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 928.571065][T12257] hsr_slave_0: left promiscuous mode [ 928.605018][T12257] hsr_slave_1: left promiscuous mode [ 928.619836][T12257] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 928.640236][T12257] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 928.673132][T12257] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 928.694120][T12257] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 928.743052][T20619] loop7: detected capacity change from 0 to 4096 [ 928.755654][T12257] veth1_macvtap: left promiscuous mode [ 928.759717][T20619] EXT4-fs: Ignoring removed mblk_io_submit option [ 928.789262][T20619] EXT4-fs (loop7): Test dummy encryption mode enabled [ 928.789304][T12257] veth0_macvtap: left promiscuous mode [ 928.811488][T20612] syz.4.15563 (20612): drop_caches: 2 [ 928.817683][T20612] syz.4.15563 (20612): drop_caches: 2 [ 928.823917][T12257] veth1_vlan: left promiscuous mode [ 928.829829][T12257] veth0_vlan: left promiscuous mode [ 928.850898][T20619] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 929.023914][T16825] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 929.156923][T12257] pim6reg527 (unregistering): left allmulticast mode [ 929.697509][ T5861] Bluetooth: hci3: command tx timeout [ 929.911323][T12257] team0 (unregistering): Port device team_slave_1 removed [ 929.957439][T12257] team0 (unregistering): Port device C removed [ 930.417508][T20203] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 930.438979][T20203] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 930.477690][T20203] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 930.649754][T20203] hsr_slave_0: entered promiscuous mode [ 930.657706][T20203] hsr_slave_1: entered promiscuous mode [ 930.671673][T20203] debugfs: 'hsr0' already exists in 'hsr' [ 930.684553][T20203] Cannot create hsr debugfs directory [ 930.822144][T20713] netlink: 64 bytes leftover after parsing attributes in process `syz.7.15585'. [ 930.991849][T12257] IPVS: stop unused estimator thread 0... [ 931.293061][T20203] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 931.308748][T20203] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 931.327386][T20203] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 931.350663][T20203] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 931.620277][T20203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 931.669807][T20203] 8021q: adding VLAN 0 to HW filter on device team0 [ 931.700590][T12257] bridge0: port 1(bridge_slave_0) entered blocking state [ 931.707881][T12257] bridge0: port 1(bridge_slave_0) entered forwarding state [ 931.753585][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state [ 931.760824][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 931.774822][ T5861] Bluetooth: hci3: command tx timeout [ 931.832709][ T30] audit: type=1326 audit(1892869146.508:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20805 comm="syz.7.15600" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff98518eec9 code=0x0 [ 931.854674][ C1] vkms_vblank_simulate: vblank timer overrun [ 932.112716][T20203] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 932.492477][T20203] veth0_vlan: entered promiscuous mode [ 932.514433][T20203] veth1_vlan: entered promiscuous mode [ 932.560793][T20203] veth0_macvtap: entered promiscuous mode [ 932.574366][T20203] veth1_macvtap: entered promiscuous mode [ 932.598532][T20203] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 932.615903][T20203] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 932.635486][ T1137] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 932.651432][ T1137] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 932.670137][ T1137] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 932.690713][ T1137] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 932.779284][T20856] netlink: 'syz.7.15611': attribute type 5 has an invalid length. [ 932.835787][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 932.854700][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 932.909580][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 932.926362][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 933.647367][T20914] sp0: Synchronizing with TNC [ 934.017050][T20956] ipvlan2: entered promiscuous mode [ 934.067317][T20964] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15635'. [ 934.142330][T20966] netlink: 'syz.4.15636': attribute type 1 has an invalid length. [ 934.164778][ C0] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 934.944405][T21008] Bluetooth: MGMT ver 1.23 [ 935.617321][T21028] tipc: Enabling of bearer rejected, media not registered [ 935.730127][T21038] xt_policy: neither incoming nor outgoing policy selected [ 936.006628][T21054] netlink: 1348 bytes leftover after parsing attributes in process `syz.0.15671'. [ 936.071694][T21062] netlink: 20 bytes leftover after parsing attributes in process `syz.7.15675'. [ 936.168249][T21069] netlink: 'syz.2.15678': attribute type 1 has an invalid length. [ 936.194770][T21069] netlink: 228 bytes leftover after parsing attributes in process `syz.2.15678'. [ 936.203970][T21069] netlink: 16 bytes leftover after parsing attributes in process `syz.2.15678'. [ 936.348334][T21078] netlink: 24 bytes leftover after parsing attributes in process `syz.7.15682'. [ 936.364976][T21078] tipc: MTU too low for tipc bearer [ 937.132715][T21145] loop4: detected capacity change from 0 to 256 [ 937.483355][T21163] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 937.518564][T21163] overlayfs: missing 'lowerdir' [ 937.518910][ T5987] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 937.743781][ T5987] usb 8-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 937.777122][ T5987] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 937.793107][ T5987] usb 8-1: Product: syz [ 937.804781][ T5987] usb 8-1: Manufacturer: syz [ 937.815940][ T5987] usb 8-1: SerialNumber: syz [ 938.075566][T21187] netlink: 4 bytes leftover after parsing attributes in process `syz.0.15718'. [ 938.092237][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 938.119816][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 938.238212][T21191] netlink: 256 bytes leftover after parsing attributes in process `syz.0.15721'. [ 938.251629][T21191] netlink: 48 bytes leftover after parsing attributes in process `syz.0.15721'. [ 938.298519][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 938.310581][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 938.436480][ T5878] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 938.437063][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 938.457551][ T5878] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 938.464378][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 938.477835][ T5987] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000010. ret = -EPROTO [ 938.496581][ T5878] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 938.497261][ T5987] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 938.521484][ T5878] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 938.526306][ T5987] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 938.542309][ T5878] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 938.582914][ T12] tipc: Resetting bearer [ 938.584444][ T5987] lan78xx 8-1:1.0: probe with driver lan78xx failed with error -71 [ 938.608982][ T5987] usb 8-1: USB disconnect, device number 4 [ 938.621709][ T12] tipc: Disabling bearer [ 938.657936][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 938.677230][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 938.955078][ T12] bond0: left allmulticast mode [ 938.966317][ T12] bond_slave_0: left allmulticast mode [ 938.982028][ T12] bond_slave_1: left allmulticast mode [ 938.995205][ T12] bond0: left promiscuous mode [ 939.000026][ T12] bond_slave_0: left promiscuous mode [ 939.017394][ T12] bond_slave_1: left promiscuous mode [ 939.023245][ T12] bridge0: port 3(bond0) entered disabled state [ 939.119145][ T12] bridge_slave_1: left allmulticast mode [ 939.143032][ T12] bridge_slave_1: left promiscuous mode [ 939.155095][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 939.174550][ T12] bridge_slave_0: left allmulticast mode [ 939.190690][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 939.201901][T21252] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15735'. [ 939.213665][T21252] netlink: 12 bytes leftover after parsing attributes in process `syz.0.15735'. [ 939.222158][ T12] batman_adv: batadv0: Interface deactivated: gretap1 [ 939.222857][T21252] netlink: 'syz.0.15735': attribute type 7 has an invalid length. [ 939.510428][ T12] batman_adv: batadv0: Removing interface: gretap1 [ 939.532195][ T12] tipc: Disabling bearer [ 939.560197][ T12] dvmrp0 (unregistering): left allmulticast mode [ 939.893571][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 939.906103][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 939.917126][ T12] bond0 (unregistering): Released all slaves [ 939.937677][ T12] bond1 (unregistering): Released all slaves [ 939.952595][ T12] bond2 (unregistering): Released all slaves [ 940.097209][ T12] bond3 (unregistering): Released all slaves [ 940.109950][ T12] bond4 (unregistering): Released all slaves [ 940.247073][ T12] bond5 (unregistering): Released all slaves [ 940.265826][T21253] syz.2.15733 (21253) used obsolete PPPIOCDETACH ioctl [ 940.402982][ T12] tipc: Left network mode [ 940.645154][ T5878] Bluetooth: hci2: command tx timeout [ 940.892598][T21194] chnl_net:caif_netlink_parms(): no params data found [ 941.177728][ T12] hsr_slave_0: left promiscuous mode [ 941.184258][ T12] hsr_slave_1: left promiscuous mode [ 941.192669][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 941.200605][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 941.209989][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 941.218420][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 941.232139][ T12] veth1_vlan: left promiscuous mode [ 941.237596][ T12] veth0_vlan: left promiscuous mode [ 941.374980][ T12] pimreg3 (unregistering): left allmulticast mode [ 941.821694][ T12] team0 (unregistering): Port device team_slave_1 removed [ 941.915131][ T12] team0 (unregistering): Port device team_slave_0 removed [ 941.975893][T21464] vim2m vim2m.0: vidioc_s_fmt queue busy [ 942.310090][T21470] netlink: 8 bytes leftover after parsing attributes in process `syz.8.15760'. [ 942.723968][T21194] bridge0: port 1(bridge_slave_0) entered blocking state [ 942.731863][T21194] bridge0: port 1(bridge_slave_0) entered disabled state [ 942.739490][ T5878] Bluetooth: hci2: command tx timeout [ 942.739740][T21194] bridge_slave_0: entered allmulticast mode [ 942.754224][T21194] bridge_slave_0: entered promiscuous mode [ 942.763972][T21194] bridge0: port 2(bridge_slave_1) entered blocking state [ 942.771531][T21194] bridge0: port 2(bridge_slave_1) entered disabled state [ 942.779948][T21194] bridge_slave_1: entered allmulticast mode [ 942.788146][T21194] bridge_slave_1: entered promiscuous mode [ 942.917992][T21509] [U] t tz [ 942.951687][T21194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 942.981433][T21194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 943.081016][T21194] team0: Port device team_slave_0 added [ 943.117183][T21194] team0: Port device team_slave_1 added [ 943.209839][T21194] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 943.246051][T21194] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 943.275735][T21194] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 943.290171][T21194] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 943.300372][T21194] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 943.309466][T21577] netlink: 'syz.8.15770': attribute type 2 has an invalid length. [ 943.348820][T21194] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 943.388324][T21581] netlink: 8 bytes leftover after parsing attributes in process `syz.7.15771'. [ 943.398714][T21581] netlink: 4 bytes leftover after parsing attributes in process `syz.7.15771'. [ 943.410813][T21581] netlink: 'syz.7.15771': attribute type 3 has an invalid length. [ 943.470897][T21194] hsr_slave_0: entered promiscuous mode [ 943.479915][T21194] hsr_slave_1: entered promiscuous mode [ 943.493302][T21194] debugfs: 'hsr0' already exists in 'hsr' [ 943.499571][T21194] Cannot create hsr debugfs directory [ 944.073266][T21194] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 944.100627][T21194] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 944.148936][T21194] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 944.182602][T21194] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 944.448115][T21194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 944.517447][T21194] 8021q: adding VLAN 0 to HW filter on device team0 [ 944.553976][T12257] bridge0: port 1(bridge_slave_0) entered blocking state [ 944.561246][T12257] bridge0: port 1(bridge_slave_0) entered forwarding state [ 944.590695][T12257] bridge0: port 2(bridge_slave_1) entered blocking state [ 944.597964][T12257] bridge0: port 2(bridge_slave_1) entered forwarding state [ 944.812855][T21750] loop2: detected capacity change from 0 to 512 [ 944.828490][ T5878] Bluetooth: hci2: command tx timeout [ 944.845689][T21750] EXT4-fs: Ignoring removed mblk_io_submit option [ 944.876617][T21750] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 944.975792][T21750] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002] [ 944.984059][T21750] System zones: 1-12 [ 945.016938][T21750] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.15799: corrupted in-inode xattr: e_value size too large [ 945.108633][T21750] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.15799: couldn't read orphan inode 15 (err -117) [ 945.156993][T21750] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 945.191474][T21762] kernel profiling enabled (shift: 6) [ 945.203190][ T5990] kernel read not supported for file /input/mouse0 (pid: 5990 comm: kworker/0:7) [ 945.339492][ T5864] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 945.387625][T21194] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 945.864373][T21799] netlink: 8 bytes leftover after parsing attributes in process `syz.7.15815'. [ 945.889979][T21194] veth0_vlan: entered promiscuous mode [ 945.916589][T21799] netlink: 4 bytes leftover after parsing attributes in process `syz.7.15815'. [ 945.930518][T21799] netlink: 'syz.7.15815': attribute type 6 has an invalid length. [ 945.931439][T21194] veth1_vlan: entered promiscuous mode [ 945.949750][T21799] netlink: 'syz.7.15815': attribute type 5 has an invalid length. [ 946.030746][T21194] veth0_macvtap: entered promiscuous mode [ 946.042455][T21194] veth1_macvtap: entered promiscuous mode [ 946.076078][T21194] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 946.109798][T21194] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 946.152031][T12257] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 946.159542][T21814] netlink: 136 bytes leftover after parsing attributes in process `syz.7.15820'. [ 946.171243][T12257] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 946.187647][T12257] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 946.201021][T12257] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 946.204784][T21814] netlink: 4 bytes leftover after parsing attributes in process `syz.7.15820'. [ 946.323604][T12257] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 946.348743][T12257] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 946.417131][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 946.434561][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 946.544210][T21839] netlink: 4 bytes leftover after parsing attributes in process `syz.8.15828'. [ 946.590288][T21841] MTD: Couldn't look up 'memory.events': -15 [ 946.721334][T21852] netlink: 'syz.9.15831': attribute type 4 has an invalid length. [ 946.898527][ T5878] Bluetooth: hci2: command tx timeout [ 946.945271][T21870] netlink: 28 bytes leftover after parsing attributes in process `syz.7.15837'. [ 946.966303][T21870] netlink: 8 bytes leftover after parsing attributes in process `syz.7.15837'. [ 947.098743][T21874] loop9: detected capacity change from 0 to 2048 [ 947.155620][T21874] UDF-fs: error (device loop9): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 947.212127][T21874] UDF-fs: warning (device loop9): udf_load_vrs: No anchor found [ 947.229305][T21874] UDF-fs: Scanning with blocksize 512 failed [ 947.249804][T21874] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 947.355053][T21885] program syz.0.15842 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 947.627683][ T5978] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 947.866510][ T5978] usb 8-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 947.879828][ T5978] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 947.906249][ T5978] usb 8-1: config 0 descriptor?? [ 947.924213][ T5978] cp210x 8-1:0.0: cp210x converter detected [ 948.023157][T21913] netlink: 256 bytes leftover after parsing attributes in process `syz.9.15851'. [ 948.053170][T21913] netlink: 72 bytes leftover after parsing attributes in process `syz.9.15851'. [ 948.494605][ T30] audit: type=1326 audit(1892869163.168:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21933 comm="syz.9.15862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 948.531473][ T5978] cp210x 8-1:0.0: failed to get vendor val 0x3711 size 2: -71 [ 948.558256][ T5978] cp210x 8-1:0.0: GPIO initialisation failed: -71 [ 948.577299][ T30] audit: type=1326 audit(1892869163.208:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21933 comm="syz.9.15862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 948.581706][ T5978] usb 8-1: cp210x converter now attached to ttyUSB0 [ 948.624086][ T30] audit: type=1326 audit(1892869163.208:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21933 comm="syz.9.15862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 948.664412][ T5978] usb 8-1: USB disconnect, device number 5 [ 948.686234][ T5978] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 948.709021][ T30] audit: type=1326 audit(1892869163.208:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21933 comm="syz.9.15862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 948.711391][ T5978] cp210x 8-1:0.0: device disconnected [ 948.867860][ T30] audit: type=1326 audit(1892869163.208:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21933 comm="syz.9.15862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 948.914922][ T30] audit: type=1326 audit(1892869163.218:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21933 comm="syz.9.15862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 948.950087][ T30] audit: type=1326 audit(1892869163.218:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21933 comm="syz.9.15862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 948.994612][ T5878] Bluetooth: hci2: command tx timeout [ 949.013386][ T5978] kernel write not supported for file /dsp (pid: 5978 comm: kworker/1:6) [ 949.034786][ T30] audit: type=1400 audit(1892869163.428:541): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=21952 comm="syz.9.15866" [ 949.219307][T21979] vimc link validate: Scaler:src:16x16 (0x33424752, 12, 0, 4, 0) RGB/YUV Capture:snk:16x16 (0x32314247, 8, 0, 0, 0) [ 949.793107][T22009] netlink: 36 bytes leftover after parsing attributes in process `syz.9.15887'. [ 949.832013][T22009] netlink: 'syz.9.15887': attribute type 10 has an invalid length. [ 950.013907][T22022] netlink: 4 bytes leftover after parsing attributes in process `syz.8.15894'. [ 950.526156][T22053] netlink: 'syz.0.15907': attribute type 21 has an invalid length. [ 950.534197][T22053] netlink: 156 bytes leftover after parsing attributes in process `syz.0.15907'. [ 950.705792][T22056] loop7: detected capacity change from 0 to 4096 [ 950.757412][T22056] ntfs3(loop7): Failed to initialize $Extend/$ObjId. [ 950.802088][T22055] ntfs3(loop7): ino=1e, "file1" attr_set_size [ 950.898487][T22072] netlink: 24 bytes leftover after parsing attributes in process `syz.9.15915'. [ 950.935628][T22076] netlink: 4436 bytes leftover after parsing attributes in process `syz.0.15917'. [ 950.973171][T22076] x_tables: ip_tables: osf.0 match: invalid size 48 (kernel) != (user) 4096 [ 951.195808][T22091] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 951.234902][T22094] Bluetooth: MGMT ver 1.23 [ 951.445214][ C0] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 951.683745][T22122] can0: slcan on ttyprintk. [ 951.765697][T22120] can0 (unregistered): slcan off ttyprintk. [ 952.543796][T22182] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 953.702227][T22250] loop2: detected capacity change from 0 to 1024 [ 954.394730][ T5978] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 954.557915][ T5978] usb 8-1: Using ep0 maxpacket: 16 [ 954.575602][ T5978] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 954.593691][ T5978] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 954.607430][ T5978] usb 8-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 954.620710][ T5978] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 954.632750][ T5978] usb 8-1: config 0 descriptor?? [ 954.772732][T22338] random: crng reseeded on system resumption [ 954.826318][ T980] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 954.860180][T22344] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 954.930836][T22349] tipc: Enabling of bearer rejected, failed to enable media [ 954.996653][ T980] usb 10-1: Using ep0 maxpacket: 32 [ 955.007589][ T980] usb 10-1: config index 0 descriptor too short (expected 35577, got 27) [ 955.017664][ T980] usb 10-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 955.017693][ T980] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 955.017716][ T980] usb 10-1: config 1 has no interface number 0 [ 955.043421][ T980] usb 10-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 955.043470][ T980] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 955.043517][ T980] usb 10-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 955.043542][ T980] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 955.064204][ T5978] hid_parser_main: 1242 callbacks suppressed [ 955.064229][ T5978] hid-multitouch 0003:1FD2:6007.002C: unknown main item tag 0x1 [ 955.079506][ T980] snd_usb_pod 10-1:1.1: Line 6 Pocket POD found [ 955.134264][ T5978] hid-multitouch 0003:1FD2:6007.002C: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.7-1/input0 [ 955.257896][ T5978] usb 8-1: USB disconnect, device number 6 [ 955.321192][ T980] snd_usb_pod 10-1:1.1: Line 6 Pocket POD now attached [ 955.335724][T22338] Restarting kernel threads ... [ 955.342243][T22338] Done restarting kernel threads. [ 955.805357][ T980] usb 10-1: USB disconnect, device number 2 [ 955.813248][ T980] snd_usb_pod 10-1:1.1: Line 6 Pocket POD now disconnected [ 956.098630][T22442] usb usb7: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 956.509574][T22471] netlink: 4 bytes leftover after parsing attributes in process `syz.2.16076'. [ 956.625416][ T980] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 956.784601][ T980] usb 10-1: Using ep0 maxpacket: 8 [ 956.798309][ T980] usb 10-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 956.817130][ T980] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 956.826356][ T980] usb 10-1: Product: syz [ 956.845854][ T980] usb 10-1: Manufacturer: syz [ 956.850781][ T980] usb 10-1: SerialNumber: syz [ 956.872015][ T980] usb 10-1: config 0 descriptor?? [ 956.890867][ T980] gspca_main: se401-2.14.0 probing 047d:5003 [ 956.966075][ T5878] Bluetooth: hci3: command tx timeout [ 957.298098][ T980] gspca_se401: Bayer format not supported! [ 957.505322][ T5987] usb 10-1: USB disconnect, device number 3 [ 958.117861][T22552] netlink: 11562 bytes leftover after parsing attributes in process `syz.2.16107'. [ 958.485703][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 959.849599][T22642] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 959.859591][T22642] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 959.867757][T22642] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 959.892557][T22642] comedi comedi3: 8255: I/O port conflict (0xfff,4) [ 959.909998][T22642] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 959.930245][T22642] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 959.946410][T22642] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 959.956327][T22642] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 959.962875][T22642] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 959.970648][T22647] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16149'. [ 960.248113][T22663] netlink: 56 bytes leftover after parsing attributes in process `syz.8.16155'. [ 960.262031][T22663] netlink: 8 bytes leftover after parsing attributes in process `syz.8.16155'. [ 960.380948][T22678] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (196632) [ 960.393813][T22678] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535 [ 960.535843][T22690] netlink: 5636 bytes leftover after parsing attributes in process `syz.2.16165'. [ 960.655561][T22696] loop2: detected capacity change from 0 to 128 [ 960.673879][T22696] ufs: You didn't specify the type of your ufs filesystem [ 960.673879][T22696] [ 960.673879][T22696] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 960.673879][T22696] [ 960.673879][T22696] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 960.711145][T22696] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2 [ 961.235569][T22731] netlink: 44 bytes leftover after parsing attributes in process `syz.0.16176'. [ 961.641266][T22734] loop2: detected capacity change from 0 to 32768 [ 961.662310][T22734] gfs2: fsid=norecovery: Trying to join cluster "lock_nolock", "norecovery" [ 961.671647][T22734] gfs2: fsid=norecovery: Now mounting FS (format 0)... [ 961.703182][T22734] syz.2.16177: attempt to access beyond end of device [ 961.703182][T22734] loop2: rw=12288, sector=18446744073709551608, nr_sectors = 8 limit=32768 [ 961.719197][T22734] gfs2: fsid=norecovery.s: fatal: filesystem consistency error - inode = 1 19, function = gfs2_jdesc_check, file = fs/gfs2/super.c, line = 119 [ 961.735085][T22734] gfs2: fsid=norecovery.s: G: s:SH n:2/13 f:aqo t:SH d:EX/0 a:0 v:0 r:2 m:20 p:2 [ 961.745151][T22734] gfs2: fsid=norecovery.s: H: s:SH f:eEcH e:0 p:22734 [syz.2.16177] init_journal+0x17f8/0x2260 [ 961.756434][T22734] gfs2: fsid=norecovery.s: I: n:1/19 t:8 f:0x00 d:0x00000200 s:8388608 p:0 [ 961.765326][T22734] gfs2: fsid=norecovery.s: about to withdraw this file system [ 961.772888][T22734] gfs2: fsid=norecovery.s: Journal recovery skipped for jid 0 until next mount. [ 961.782029][T22734] gfs2: fsid=norecovery.s: Glock dequeues delayed: 0 [ 961.788965][T22734] gfs2: fsid=norecovery.s: File system withdrawn [ 961.799838][T22734] CPU: 1 UID: 0 PID: 22734 Comm: syz.2.16177 Not tainted syzkaller #0 PREEMPT(full) [ 961.799868][T22734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 961.799883][T22734] Call Trace: [ 961.799892][T22734] [ 961.799902][T22734] dump_stack_lvl+0x189/0x250 [ 961.799935][T22734] ? __pfx_dump_stack_lvl+0x10/0x10 [ 961.799960][T22734] ? __pfx__printk+0x10/0x10 [ 961.799989][T22734] ? kobject_uevent_env+0x36b/0x8c0 [ 961.800030][T22734] gfs2_withdraw+0xb30/0x1430 [ 961.800073][T22734] ? __pfx_gfs2_withdraw+0x10/0x10 [ 961.800099][T22734] ? __pfx_wake_up_bit+0x10/0x10 [ 961.800125][T22734] ? __pfx_wake_bit_function+0x10/0x10 [ 961.800154][T22734] ? gfs2_consist_inode_i+0xf5/0x110 [ 961.800182][T22734] gfs2_jdesc_check+0x17d/0x2f0 [ 961.800215][T22734] check_journal_clean+0x158/0x310 [ 961.800241][T22734] ? __pfx_check_journal_clean+0x10/0x10 [ 961.800270][T22734] ? init_journal+0x17f8/0x2260 [ 961.800304][T22734] ? do_raw_spin_unlock+0x122/0x240 [ 961.800330][T22734] ? _raw_spin_unlock+0x28/0x50 [ 961.800355][T22734] ? gfs2_jdesc_find+0xab/0xc0 [ 961.800385][T22734] init_journal+0x17f8/0x2260 [ 961.800423][T22734] ? init_inodes+0xdb/0x320 [ 961.800453][T22734] ? __pfx_init_journal+0x10/0x10 [ 961.800477][T22734] ? vsnprintf+0xe11/0xf00 [ 961.800510][T22734] ? snprintf+0xda/0x120 [ 961.800534][T22734] ? init_inodes+0xdb/0x320 [ 961.800564][T22734] ? __pfx_snprintf+0x10/0x10 [ 961.800588][T22734] ? gfs2_glock_nq_num+0x13d/0x170 [ 961.800619][T22734] init_inodes+0xdb/0x320 [ 961.800647][T22734] gfs2_fill_super+0x1923/0x20d0 [ 961.800689][T22734] ? __pfx_gfs2_fill_super+0x10/0x10 [ 961.800719][T22734] ? init_locking+0xb8/0x210 [ 961.800741][T22734] ? sb_set_blocksize+0x104/0x180 [ 961.800774][T22734] ? setup_bdev_super+0x4c1/0x5b0 [ 961.800801][T22734] get_tree_bdev_flags+0x40e/0x4d0 [ 961.800822][T22734] ? __pfx_gfs2_fill_super+0x10/0x10 [ 961.800848][T22734] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 961.800868][T22734] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 961.800906][T22734] gfs2_get_tree+0x51/0x1e0 [ 961.800934][T22734] vfs_get_tree+0x92/0x2b0 [ 961.800958][T22734] do_new_mount+0x302/0x9e0 [ 961.800979][T22734] ? apparmor_capable+0x137/0x1b0 [ 961.801009][T22734] ? __pfx_do_new_mount+0x10/0x10 [ 961.801032][T22734] ? ns_capable+0x8a/0xf0 [ 961.801066][T22734] ? kmem_cache_free+0x19b/0x690 [ 961.801100][T22734] __se_sys_mount+0x313/0x410 [ 961.801131][T22734] ? __pfx___se_sys_mount+0x10/0x10 [ 961.801160][T22734] ? do_syscall_64+0xbe/0xfa0 [ 961.801186][T22734] ? __x64_sys_mount+0x20/0xc0 [ 961.801212][T22734] do_syscall_64+0xfa/0xfa0 [ 961.801239][T22734] ? lockdep_hardirqs_on+0x9c/0x150 [ 961.801266][T22734] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 961.801288][T22734] ? clear_bhb_loop+0x60/0xb0 [ 961.801313][T22734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 961.801333][T22734] RIP: 0033:0x7f874bf9066a [ 961.801353][T22734] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 961.801372][T22734] RSP: 002b:00007f874ce8ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 961.801395][T22734] RAX: ffffffffffffffda RBX: 00007f874ce8eef0 RCX: 00007f874bf9066a [ 961.801411][T22734] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007f874ce8eeb0 [ 961.801426][T22734] RBP: 0000200000000400 R08: 00007f874ce8eef0 R09: 0000000000200001 [ 961.801441][T22734] R10: 0000000000200001 R11: 0000000000000246 R12: 0000200000012500 [ 961.801456][T22734] R13: 00007f874ce8eeb0 R14: 00000000000125bb R15: 0000200000000180 [ 961.801492][T22734] [ 961.801501][T22734] gfs2: fsid=norecovery.s: Error checking journal for spectator mount. [ 962.304767][T22770] netlink: 'syz.0.16186': attribute type 29 has an invalid length. [ 962.313909][T22770] netlink: 'syz.0.16186': attribute type 29 has an invalid length. [ 962.445892][T22781] netlink: 92 bytes leftover after parsing attributes in process `syz.0.16190'. [ 962.458694][T22781] netlink: 24 bytes leftover after parsing attributes in process `syz.0.16190'. [ 962.509011][ T3286] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 962.674739][ T3286] usb 10-1: Using ep0 maxpacket: 32 [ 962.697631][ T3286] usb 10-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 962.711237][ T3286] usb 10-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 962.738720][ T3286] usb 10-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 962.752102][ T3286] usb 10-1: config 0 interface 0 has no altsetting 0 [ 962.760080][ T3286] usb 10-1: New USB device found, idVendor=0403, idProduct=97c1, bcdDevice= 0.00 [ 962.769534][ T3286] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 962.785482][ T3286] usb 10-1: config 0 descriptor?? [ 963.089514][T22824] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16207'. [ 963.203755][ T3286] hid-retrode 0003:0403:97C1.002D: global environment stack underflow [ 963.212208][ T3286] hid-retrode 0003:0403:97C1.002D: item 0 4 1 11 parsing failed [ 963.220841][ T3286] hid-retrode 0003:0403:97C1.002D: probe with driver hid-retrode failed with error -22 [ 963.431069][ T3286] usb 10-1: USB disconnect, device number 4 [ 963.490538][T22862] tipc: Invalid UDP bearer configuration [ 963.490666][T22862] tipc: Enabling of bearer rejected, failed to enable media [ 963.925995][T22895] macsec1: entered promiscuous mode [ 963.931968][T22895] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 963.942064][T22895] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 964.079831][T22913] trusted_key: encrypted_key: key user:syz not found [ 964.693452][T22960] Bluetooth: MGMT ver 1.23 [ 964.785514][T22965] xt_l2tp: missing protocol rule (udp|l2tpip) [ 965.892343][T23047] mac80211_hwsim hwsim37 wlan1: entered promiscuous mode [ 965.906528][T23047] macvtap1: entered promiscuous mode [ 965.916039][T23047] mac80211_hwsim hwsim37 wlan1: left promiscuous mode [ 966.450143][T23081] netlink: 4 bytes leftover after parsing attributes in process `syz.0.16308'. [ 967.661907][T23131] loop8: detected capacity change from 0 to 32768 [ 967.680364][T23131] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.16329 (23131) [ 967.721139][T23163] No buffer was provided with the request [ 967.735258][T23131] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 967.764919][T23131] BTRFS info (device loop8): using crc32c (crc32c-lib) checksum algorithm [ 967.815507][ T30] audit: type=1326 audit(1892869182.498:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23171 comm="syz.0.16345" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f617558eec9 code=0x0 [ 967.872146][T23131] BTRFS info (device loop8): rebuilding free space tree [ 967.899034][T23131] BTRFS info (device loop8): allowing degraded mounts [ 967.907104][T23131] BTRFS info (device loop8): enabling ssd optimizations [ 967.914327][T23131] BTRFS info (device loop8): enabling free space tree [ 967.922194][T23131] BTRFS info (device loop8): force clearing of disk cache [ 967.934348][T23131] BTRFS info (device loop8): use zstd compression, level 3 [ 967.942045][T23131] BTRFS info (device loop8): max_inline set to 0 [ 968.153056][T20203] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 969.121978][T23258] program syz.2.16374 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 969.586911][T23287] netlink: 24 bytes leftover after parsing attributes in process `syz.2.16388'. [ 970.004242][T23318] netdevsim netdevsim9: loading /lib/firmware/. failed with error -22 [ 970.018587][T23318] netdevsim netdevsim9: Direct firmware load for . failed with error -22 [ 970.034459][T23318] netdevsim netdevsim9: Falling back to sysfs fallback for: . [ 970.042025][T23322] netlink: 56 bytes leftover after parsing attributes in process `syz.8.16404'. [ 970.054382][T23322] netlink: 24 bytes leftover after parsing attributes in process `syz.8.16404'. [ 970.262886][T23337] netlink: 4 bytes leftover after parsing attributes in process `syz.7.16409'. [ 970.286277][T23337] netlink: 4 bytes leftover after parsing attributes in process `syz.7.16409'. [ 970.535112][T23361] netlink: 277 bytes leftover after parsing attributes in process `syz.7.16418'. [ 971.003407][T23397] ptrace attach of "./syz-executor exec"[23398] was attempted by "./syz-executor exec"[23397] [ 971.814941][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 971.823634][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 973.138968][ T30] audit: type=1326 audit(1892869187.818:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23451 comm="syz.9.16454" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5613d8eec9 code=0x0 [ 973.371923][T23473] netlink: 'syz.8.16462': attribute type 8 has an invalid length. [ 973.768582][T23507] netlink: 'syz.2.16476': attribute type 1 has an invalid length. [ 973.895917][T23515] genirq: Flags mismatch irq 4. 00200000 (pcl816) vs. 00200080 (ttyS0) [ 974.146445][T23537] RDS: rds_bind could not find a transport for ::c00d:0:20:0, load rds_tcp or rds_rdma? [ 974.500697][T23540] loop2: detected capacity change from 0 to 32768 [ 974.518407][T23540] btrfs: Deprecated parameter 'usebackuproot' [ 974.534360][T23540] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 974.563033][T23540] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.16489 (23540) [ 974.608197][T23540] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 974.622778][T23540] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 974.631914][T23540] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 974.709105][ T12] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 974.735583][T23540] BTRFS error (device loop2): failed to load root extent [ 974.748676][T23540] BTRFS warning (device loop2): try to load backup roots slot 1 [ 974.758111][ T50] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 974.784967][T23584] bridge0: entered promiscuous mode [ 974.794583][T23540] BTRFS warning (device loop2): couldn't read tree root [ 974.801694][T23540] BTRFS warning (device loop2): try to load backup roots slot 2 [ 974.802311][T23584] bridge0: entered allmulticast mode [ 974.823417][T12257] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 974.842619][T23540] BTRFS warning (device loop2): couldn't read tree root [ 974.864569][T23540] BTRFS warning (device loop2): try to load backup roots slot 3 [ 974.872663][ T12] BTRFS warning (device loop2): checksum verify failed on logical 5242880 mirror 1 wanted 0xc0857788 found 0xa1ba5d6e level 0 [ 974.896213][T23540] BTRFS warning (device loop2): couldn't read tree root [ 974.950497][T23540] BTRFS error (device loop2): open_ctree failed: -5 [ 975.209376][T23582] loop9: detected capacity change from 0 to 32768 [ 975.236293][T23582] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.16501 (23582) [ 975.305488][T23582] BTRFS info (device loop9): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 975.327128][T23582] BTRFS info (device loop9): using crc32c (crc32c-lib) checksum algorithm [ 975.422433][T23582] BTRFS info (device loop9): rebuilding free space tree [ 975.462374][T23582] BTRFS info (device loop9): allowing degraded mounts [ 975.480500][T23582] BTRFS info (device loop9): enabling ssd optimizations [ 975.494591][T23582] BTRFS info (device loop9): enabling free space tree [ 975.501622][T23582] BTRFS info (device loop9): force clearing of disk cache [ 975.509054][T23582] BTRFS info (device loop9): use zstd compression, level 3 [ 975.516494][T23582] BTRFS info (device loop9): max_inline set to 0 [ 975.649866][T21194] BTRFS info (device loop9): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 975.875078][T23645] netlink: 12 bytes leftover after parsing attributes in process `syz.8.16520'. [ 975.890948][T23645] netlink: 12 bytes leftover after parsing attributes in process `syz.8.16520'. [ 976.177740][T23662] netlink: 36 bytes leftover after parsing attributes in process `syz.9.16528'. [ 977.153403][T23701] loop8: detected capacity change from 0 to 32768 [ 977.198327][T23701] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.16546 (23701) [ 977.249340][T23701] BTRFS info (device loop8): first mount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409 [ 977.281045][T23701] BTRFS info (device loop8): using xxhash64 (xxhash64-generic) checksum algorithm [ 977.481464][T23701] BTRFS info (device loop8): enabling ssd optimizations [ 977.509703][T23701] BTRFS info (device loop8): enabling free space tree [ 977.523813][T23743] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16557'. [ 977.844235][T20203] BTRFS info (device loop8): last unmount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409 [ 978.077148][T23765] syz_tun: entered allmulticast mode [ 978.133952][T23765] pimreg: entered allmulticast mode [ 978.417255][T23779] netlink: 256 bytes leftover after parsing attributes in process `syz.7.16571'. [ 978.436703][T23779] netlink: 56 bytes leftover after parsing attributes in process `syz.7.16571'. [ 978.587210][T23791] loop7: detected capacity change from 0 to 164 [ 978.598648][T23791] ISOFS: unable to read i-node block [ 978.610395][T23791] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 978.660997][ T30] audit: type=1326 audit(1892869193.328:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23754 comm="syz.0.16562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f617558eec9 code=0x7fc00000 [ 978.827877][T23802] rtc_cmos 00:00: Alarms can be up to one day in the future [ 979.041410][T23821] mkiss: ax0: crc mode is auto. [ 979.080250][T23831] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16590'. [ 979.114872][ T5978] rtc_cmos 00:00: Alarms can be up to one day in the future [ 979.149764][ T5978] rtc_cmos 00:00: Alarms can be up to one day in the future [ 979.174916][ T5978] rtc_cmos 00:00: Alarms can be up to one day in the future [ 979.182471][ T5978] rtc_cmos 00:00: Alarms can be up to one day in the future [ 979.215899][ T5978] rtc rtc0: __rtc_set_alarm: err=-22 [ 979.590440][T23870] cifs: Bad value for 'port' [ 979.631566][T23869] sp0: Synchronizing with TNC [ 979.658719][T23867] [U] è [ 979.702143][T23881] loop7: detected capacity change from 0 to 512 [ 979.722988][T23881] EXT4-fs: inline encryption not supported [ 979.745073][T23881] EXT4-fs: Ignoring removed mblk_io_submit option [ 979.784829][T23881] EXT4-fs error (device loop7): ext4_orphan_get:1392: comm syz.7.16609: inode #13: comm syz.7.16609: iget: illegal inode # [ 979.820361][T23881] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.16609: couldn't read orphan inode 13 (err -117) [ 979.840286][T23881] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 979.989773][T23900] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 979.997714][T23900] @0Ù: renamed from bond_slave_1 (while UP) [ 980.088740][ C1] vkms_vblank_simulate: vblank timer overrun [ 980.130238][T16825] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 980.238929][T23918] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16626'. [ 980.256943][T23918] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16626'. [ 980.272007][T23918] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16626'. [ 980.474308][T23939] netlink: 'syz.7.16633': attribute type 1 has an invalid length. [ 980.634609][ T3286] usb 10-1: new full-speed USB device number 5 using dummy_hcd [ 980.703800][T23956] program syz.8.16641 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 980.796312][ T3286] usb 10-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 980.809981][ T3286] usb 10-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 980.820421][ T3286] usb 10-1: config 0 interface 0 has no altsetting 0 [ 980.829902][ T3286] usb 10-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00 [ 980.839514][ T3286] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 980.852905][ T3286] usb 10-1: config 0 descriptor?? [ 981.266718][ T3286] lenovo 0003:17EF:6067.002E: unknown main item tag 0x0 [ 981.273972][ T3286] lenovo 0003:17EF:6067.002E: unknown main item tag 0x0 [ 981.282943][ T3286] lenovo 0003:17EF:6067.002E: hidraw0: USB HID v0.00 Device [HID 17ef:6067] on usb-dummy_hcd.9-1/input0 [ 981.469720][ T5978] usb 10-1: USB disconnect, device number 5 [ 982.172916][T24011] bpf: Bad value for 'uid' [ 982.444247][T24023] netlink: 152 bytes leftover after parsing attributes in process `syz.9.16661'. [ 982.453951][T24023] tipc: Enabling of bearer rejected, failed to enable media [ 983.600008][T24103] vivid-001: disconnect [ 983.616234][T24102] vivid-001: reconnect [ 984.084802][ C0] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 984.226340][T24151] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:1802x2160 (0x30314142, 8, 0, 0, 0) [ 984.616511][T24181] xt_socket: unknown flags 0x50 [ 984.726718][ T5990] kernel write not supported for file /uinput (pid: 5990 comm: kworker/0:7) [ 985.561060][T24256] mkiss: ax0: crc mode is auto. [ 985.733541][T24273] netlink: 76 bytes leftover after parsing attributes in process `syz.9.16763'. [ 986.042585][T24294] netlink: 4 bytes leftover after parsing attributes in process `syz.7.16771'. [ 986.239751][T24307] team0: Device gtp0 is of different type [ 986.386739][T24319] netlink: 20 bytes leftover after parsing attributes in process `syz.8.16778'. [ 986.673568][T24341] trusted_key: encrypted_key: hex blob is missing [ 987.100207][T24373] fuse: Bad value for 'group_id' [ 987.124991][T24373] fuse: Bad value for 'group_id' [ 987.468929][T24394] netlink: 256 bytes leftover after parsing attributes in process `syz.0.16814'. [ 987.495278][T24394] unsupported nlmsg_type 40 [ 987.857726][T24422] mkiss: ax0: crc mode is auto. [ 987.952079][T24438] netlink: 'syz.8.16832': attribute type 46 has an invalid length. [ 988.290856][T24463] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16841'. [ 988.374577][ T4234] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 988.375925][T24472] netlink: 8 bytes leftover after parsing attributes in process `syz.8.16847'. [ 988.544575][ T4234] usb 10-1: Using ep0 maxpacket: 8 [ 988.556986][ T4234] usb 10-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30 [ 988.595005][ T4234] usb 10-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 988.608177][T24484] comedi: valid board names for 8255 driver are: [ 988.624208][ T4234] usb 10-1: config 0 interface 0 has no altsetting 0 [ 988.629230][T24484] 8255 [ 988.634161][T24484] comedi: valid board names for vmk80xx driver are: [ 988.641301][ T4234] usb 10-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00 [ 988.641334][ T4234] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 988.662841][T24484] vmk80xx [ 988.663546][ T4234] usb 10-1: config 0 descriptor?? [ 988.667197][T24484] comedi: valid board names for usbduxsigma driver are: [ 988.667212][T24484] usbduxsigma [ 988.667221][T24484] comedi: valid board names for usbduxfast driver are: [ 988.667233][T24484] usbduxfast [ 988.667242][T24484] comedi: valid board names for usbdux driver are: [ 988.667254][T24484] usbdux [ 988.667263][T24484] comedi: valid board names for ni6501 driver are: [ 988.667273][T24484] ni6501 [ 988.667283][T24484] comedi: valid board names for dt9812 driver are: [ 988.667294][T24484] dt9812 [ 988.667303][T24484] comedi: valid board names for ni_labpc_cs driver are: [ 988.667315][T24484] ni_labpc_cs [ 988.667324][T24484] comedi: valid board names for ni_daq_700 driver are: [ 988.667335][T24484] ni_daq_700 [ 988.667344][T24484] comedi: valid board names for labpc_pci driver are: [ 988.667353][T24484] labpc_pci [ 988.667424][T24484] comedi: valid board names for adl_pci9118 driver are: [ 988.667436][T24484] pci9118dg [ 988.667445][T24484] pci9118hg [ 988.667454][T24484] pci9118hr [ 988.667463][T24484] comedi: valid board names for 8255_pci driver are: [ 988.667474][T24484] 8255_pci [ 988.667484][T24484] comedi: valid board names for s526 driver are: [ 988.667495][T24484] s526 [ 988.667504][T24484] comedi: valid board names for multiq3 driver are: [ 988.667515][T24484] multiq3 [ 988.667524][T24484] comedi: valid board names for pcmuio driver are: [ 988.667536][T24484] pcmuio48 [ 988.667544][T24484] pcmuio96 [ 988.667553][T24484] comedi: valid board names for pcmmio driver are: [ 988.667564][T24484] pcmmio [ 988.667573][T24484] comedi: valid board names for pcmda12 driver are: [ 988.667585][T24484] pcmda12 [ 988.667593][T24484] comedi: valid board names for pcmad driver are: [ 988.667604][T24484] pcmad12 [ 988.667613][T24484] pcmad16 [ 988.667622][T24484] comedi: valid board names for ni_labpc driver are: [ 988.667632][T24484] lab-pc-1200 [ 988.667642][T24484] lab-pc-1200ai [ 988.667650][T24484] lab-pc+ [ 988.667659][T24484] comedi: valid board names for atmio16 driver are: [ 988.667670][T24484] atmio16 [ 988.667678][T24484] atmio16d [ 988.667688][T24484] comedi: valid board names for ni_at_ao driver are: [ 988.667699][T24484] at-ao-6 [ 988.667708][T24484] at-ao-10 [ 988.667716][T24484] comedi: valid board names for ni_at_a2150 driver are: [ 988.667728][T24484] ni_at_a2150 [ 988.667745][T24484] comedi: valid board names for adq12b driver are: [ 988.667757][T24484] adq12b [ 988.667766][T24484] comedi: valid board names for mpc624 driver are: [ 988.667777][T24484] mpc624 [ 988.667786][T24484] comedi: valid board names for c6xdigio driver are: [ 988.667798][T24484] c6xdigio [ 988.667807][T24484] comedi: valid board names for aio_iiro_16 driver are: [ 988.667819][T24484] aio_iiro_16 [ 988.667828][T24484] comedi: valid board names for aio_aio12_8 driver are: [ 988.667839][T24484] aio_aio12_8 [ 988.667849][T24484] aio_ai12_8 [ 988.667857][T24484] aio_ao12_4 [ 988.667867][T24484] comedi: valid board names for fl512 driver are: [ 988.667878][T24484] fl512 [ 988.667887][T24484] comedi: valid board names for dmm32at driver are: [ 988.667898][T24484] dmm32at [ 988.667907][T24484] comedi: valid board names for dt282x driver are: [ 988.667918][T24484] dt2821 [ 988.667927][T24484] dt2821-f [ 988.667936][T24484] dt2821-g [ 988.667945][T24484] dt2823 [ 988.667954][T24484] dt2824-pgh [ 988.667962][T24484] dt2824-pgl [ 988.667972][T24484] dt2825 [ 988.667980][T24484] dt2827 [ 988.667988][T24484] dt2828 [ 988.667997][T24484] dt2829 [ 988.668005][T24484] dt21-ez [ 988.668014][T24484] dt23-ez [ 988.668023][T24484] dt24-ez [ 988.668032][T24484] dt24-ez-pgl [ 988.668041][T24484] comedi: valid board names for dt2817 driver are: [ 988.668053][T24484] dt2817 [ 988.668061][T24484] comedi: valid board names for dt2815 driver are: [ 988.668073][T24484] dt2815 [ 988.668081][T24484] comedi: valid board names for dt2814 driver are: [ 988.668093][T24484] dt2814 [ 988.668101][T24484] comedi: valid board names for dt2811 driver are: [ 988.668113][T24484] dt2811-pgh [ 988.668122][T24484] dt2811-pgl [ 988.668130][T24484] comedi: valid board names for dt2801 driver are: [ 988.668142][T24484] dt2801 [ 988.668151][T24484] comedi: valid board names for das6402 driver are: [ 988.668161][T24484] das6402-12 [ 988.668170][T24484] das6402-16 [ 988.668180][T24484] comedi: valid board names for das1800 driver are: [ 988.668191][T24484] das-1701st [ 988.668201][T24484] das-1701st-da [ 988.668208][T24484] das-1702st [ 988.668217][T24484] das-1702st-da [ 988.668226][T24484] das-1702hr [ 988.668288][T24484] das-1702hr-da [ 988.668298][T24484] das-1701ao [ 988.668307][T24484] das-1702ao [ 988.668317][T24484] das-1801st [ 988.668325][T24484] das-1801st-da [ 988.668335][T24484] das-1802st [ 988.668343][T24484] das-1802st-da [ 988.668352][T24484] das-1802hr [ 988.668362][T24484] das-1802hr-da [ 988.668371][T24484] das-1801hc [ 988.668380][T24484] das-1802hc [ 988.668389][T24484] das-1801ao [ 988.668398][T24484] das-1802ao [ 988.668407][T24484] comedi: valid board names for das800 driver are: [ 988.668418][T24484] das-800 [ 988.668427][T24484] cio-das800 [ 988.668436][T24484] das-801 [ 988.668444][T24484] cio-das801 [ 988.668453][T24484] das-802 [ 988.855810][T24498] (syz.0.16856,24498,1):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 988.858625][T24484] cio-das802 [ 988.861839][T24498] (syz.0.16856,24498,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 988.868277][T24484] cio-das802/16 [ 988.868291][T24484] comedi: valid board names for isa-das08 driver are: [ 988.868303][T24484] isa-das08 [ 988.868311][T24484] das08-pgm [ 988.868319][T24484] das08-pgh [ 988.868326][T24484] das08-pgl [ 988.868334][T24484] das08-aoh [ 988.868342][T24484] das08-aol [ 988.868349][T24484] das08-aom [ 988.868357][T24484] das08/jr-ao [ 988.868365][T24484] das08jr-16-ao [ 988.868373][T24484] pc104-das08 [ 989.102752][ T4234] gt683r_led 0003:1770:FF00.002F: unknown main item tag 0x1 [ 989.105325][T24484] das08jr/16 [ 989.122833][ T4234] gt683r_led 0003:1770:FF00.002F: item fetching failed at offset 3/5 [ 989.125535][T24484] comedi: valid board names for das16m1 driver are: [ 989.125553][T24484] das16m1 [ 989.125563][T24484] comedi: valid board names for dac02 driver are: [ 989.125575][T24484] dac02 [ 989.125584][T24484] comedi: valid board names for rti802 driver are: [ 989.125595][T24484] rti802 [ 989.125604][T24484] comedi: valid board names for rti800 driver are: [ 989.125615][T24484] rti800 [ 989.125624][T24484] rti815 [ 989.125632][T24484] comedi: valid board names for pcm3724 driver are: [ 989.125644][T24484] pcm3724 [ 989.125652][T24484] comedi: valid board names for pcl818 driver are: [ 989.125675][T24484] pcl818l [ 989.125684][T24484] pcl818h [ 989.125693][T24484] pcl818hd [ 989.125702][T24484] pcl818hg [ 989.125710][T24484] pcl818 [ 989.125718][T24484] pcl718 [ 989.125727][T24484] pcm3718 [ 989.125736][T24484] comedi: valid board names for pcl816 driver are: [ 989.125747][T24484] pcl816 [ 989.125756][T24484] pcl814b [ 989.125765][T24484] comedi: valid board names for pcl812 driver are: [ 989.125776][T24484] pcl812 [ 989.125785][T24484] pcl812pg [ 989.125794][T24484] acl8112pg [ 989.125802][T24484] acl8112dg [ 989.125811][T24484] acl8112hg [ 989.125820][T24484] a821pgl [ 989.125828][T24484] a821pglnda [ 989.125838][T24484] a821pgh [ 989.125846][T24484] a822pgl [ 989.125853][T24484] a822pgh [ 989.125860][T24484] a823pgl [ 989.125869][T24484] a823pgh [ 989.151489][ T4234] gt683r_led 0003:1770:FF00.002F: hid parsing failed [ 989.192154][T24484] pcl813 [ 989.235302][ T4234] gt683r_led 0003:1770:FF00.002F: probe with driver gt683r_led failed with error -22 [ 989.257208][T24484] pcl813b [ 989.257224][T24484] acl8113 [ 989.257233][T24484] iso813 [ 989.257242][T24484] acl8216 [ 989.322998][ T4234] usb 10-1: USB disconnect, device number 6 [ 989.328152][T24484] a826pg [ 989.453760][T24484] comedi: valid board names for pcl730 driver are: [ 989.460569][T24484] pcl730 [ 989.464041][T24484] iso730 [ 989.467091][T24484] acl7130 [ 989.470333][T24484] pcm3730 [ 989.473373][T24484] pcl725 [ 989.476515][T24484] p8r8dio [ 989.479540][T24484] acl7225b [ 989.483198][T24484] p16r16dio [ 989.493958][T24484] pcl733 [ 989.504156][T24484] pcl734 [ 989.518544][T24484] opmm-1616-xt [ 989.531414][T24484] pearl-mm-p [ 989.539442][T24484] ir104-pbf [ 989.542838][T24484] comedi: valid board names for pcl726 driver are: [ 989.550767][T24484] pcl726 [ 989.553870][T24484] pcl727 [ 989.561834][T24484] pcl728 [ 989.568075][T24484] acl6126 [ 989.571178][T24484] acl6128 [ 989.574207][T24484] comedi: valid board names for pcl724 driver are: [ 989.589514][T24484] pcl724 [ 989.592607][T24484] pcl722 [ 989.596294][T24484] pcl731 [ 989.599326][T24484] acl7122 [ 989.602427][T24484] acl7124 [ 989.606281][T24484] pet48dio [ 989.609407][T24484] pcmio48 [ 989.612437][T24484] onyx-mm-dio [ 989.616621][T24484] comedi: valid board names for pcl711 driver are: [ 989.623187][T24484] pcl711 [ 989.626927][T24484] pcl711b [ 989.629979][T24484] acl8112hg [ 989.633205][T24484] acl8112dg [ 989.637093][T24484] comedi: valid board names for amplc_pc263 driver are: [ 989.644037][T24484] pc263 [ 989.648417][T24484] comedi: valid board names for amplc_pc236 driver are: [ 989.655783][T24484] pc36at [ 989.658888][T24484] comedi: valid board names for amplc_dio200 driver are: [ 989.668485][T24484] pc212e [ 989.671606][T24484] pc214e [ 989.675026][T24484] pc215e [ 989.678009][T24484] pc218e [ 989.680941][T24484] pc272e [ 989.684054][T24484] comedi: valid board names for comedi_parport driver are: [ 989.693443][T24484] comedi_parport [ 989.698164][T24484] comedi: valid board names for comedi_test driver are: [ 989.705598][T24484] comedi_test [ 989.709139][T24484] comedi: valid board names for comedi_bond driver are: [ 989.716498][T24484] comedi_bond [ 989.844908][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 990.089331][T24560] program syz.9.16879 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 990.133171][T24562] netlink: 8 bytes leftover after parsing attributes in process `syz.9.16880'. [ 990.330015][T24574] netlink: 268 bytes leftover after parsing attributes in process `syz.9.16886'. [ 990.931240][T24587] loop8: detected capacity change from 0 to 64 [ 991.643734][T24634] netlink: 'syz.8.16912': attribute type 10 has an invalid length. [ 991.659309][T24634] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 991.670851][T24634] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 992.204596][ T5990] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 992.211295][T24675] usb usb2: usbfs: process 24675 (syz.7.16927) did not claim interface 6 before use [ 992.355750][ T5990] usb 10-1: Using ep0 maxpacket: 8 [ 992.374837][ T5990] usb 10-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 992.388191][ T5990] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 992.399494][T24685] netlink: 36 bytes leftover after parsing attributes in process `syz.7.16932'. [ 992.408493][ T5990] usb 10-1: Product: syz [ 992.412785][ T5990] usb 10-1: Manufacturer: syz [ 992.425330][ T5990] usb 10-1: SerialNumber: syz [ 992.435716][ T5990] usb 10-1: config 0 descriptor?? [ 992.448506][ T5990] gspca_main: se401-2.14.0 probing 047d:5003 [ 992.710414][T24708] veth0_to_bond: entered allmulticast mode [ 992.870460][ T5990] gspca_se401: Wrong descriptor type [ 992.970526][T24728] usb usb8: usbfs: process 24728 (syz.0.16949) did not claim interface 12 before use [ 993.087631][ T5987] usb 10-1: USB disconnect, device number 7 [ 994.037306][T24809] nbd: must specify at least one socket [ 994.120189][T24814] netlink: 'syz.2.16984': attribute type 1 has an invalid length. [ 994.137169][T24814] netlink: 140 bytes leftover after parsing attributes in process `syz.2.16984'. [ 994.178558][T24814] netlink: 96 bytes leftover after parsing attributes in process `syz.2.16984'. [ 994.787111][T24864] netlink: 44 bytes leftover after parsing attributes in process `syz.0.17007'. [ 994.935145][T24873] netlink: 'syz.0.17013': attribute type 2 has an invalid length. [ 994.944328][T24874] netlink: 36 bytes leftover after parsing attributes in process `syz.7.17012'. [ 994.953309][T24873] netlink: 64 bytes leftover after parsing attributes in process `syz.0.17013'. [ 994.961152][T24874] netlink: 8 bytes leftover after parsing attributes in process `syz.7.17012'. [ 995.692636][T24931] netlink: 68 bytes leftover after parsing attributes in process `syz.7.17039'. [ 996.300880][T24978] new mount options do not match the existing superblock, will be ignored [ 996.301543][T24979] netlink: 4 bytes leftover after parsing attributes in process `syz.7.17060'. [ 996.346839][T24978] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 996.888117][T25023] netlink: 44 bytes leftover after parsing attributes in process `syz.0.17078'. [ 997.136676][ T5987] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 997.161998][T25046] Process accounting resumed [ 997.296473][ T5987] usb 10-1: Using ep0 maxpacket: 16 [ 997.304776][ T5987] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 997.316681][ T5987] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 997.326997][ T5987] usb 10-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 997.336417][ T5987] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 997.347568][ T5987] usb 10-1: config 0 descriptor?? [ 997.555672][T25068] loop8: detected capacity change from 0 to 1024 [ 997.563055][T25068] EXT4-fs: Ignoring removed orlov option [ 997.568831][T25068] EXT4-fs: Ignoring removed nomblk_io_submit option [ 997.602843][T25068] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 997.696622][T25069] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 997.769901][ T5987] ntrig 0003:1B96:0008.0030: unbalanced delimiter at end of report description [ 997.783568][ T5987] ntrig 0003:1B96:0008.0030: parse failed [ 997.790155][ T5987] ntrig 0003:1B96:0008.0030: probe with driver ntrig failed with error -22 [ 997.999705][ T5978] usb 10-1: USB disconnect, device number 8 [ 998.043041][ T1137] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 998.122678][ T1137] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 998.170122][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 998.230485][ T1137] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 998.342712][ T1137] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 998.636788][ T1137] bridge_slave_1: left allmulticast mode [ 998.654600][ T1137] bridge_slave_1: left promiscuous mode [ 998.660433][ T1137] bridge0: port 2(bridge_slave_1) entered disabled state [ 998.694417][ T1137] bridge_slave_0: left allmulticast mode [ 998.709185][ T1137] bridge_slave_0: left promiscuous mode [ 998.719670][ T1137] bridge0: port 1(bridge_slave_0) entered disabled state [ 998.726986][ T6047] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 998.739656][ T6047] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 998.749392][ T6047] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 998.757522][ T6047] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 998.765228][ T6047] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 999.301849][ T1137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 999.312734][ T1137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 999.324258][ T1137] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 999.337444][ T1137] bond0 (unregistering): Released all slaves [ 999.380450][T25124] bond1: entered promiscuous mode [ 999.388908][T25124] 8021q: adding VLAN 0 to HW filter on device bond1 [ 999.412380][T25124] bond0: (slave bond1): Enslaving as an active interface with an up link [ 1000.245000][ T5861] Bluetooth: hci4: command 0x0406 tx timeout [ 1000.673955][ T1137] hsr_slave_0: left promiscuous mode [ 1000.721805][ T1137] hsr_slave_1: left promiscuous mode [ 1000.732268][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1000.759838][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1000.804702][ T5878] Bluetooth: hci3: command tx timeout [ 1000.814179][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1000.822136][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1000.933424][ T1137] veth1_macvtap: left promiscuous mode [ 1000.949360][ T1137] veth0_macvtap: left promiscuous mode [ 1000.956416][ T1137] veth1_vlan: left promiscuous mode [ 1000.961767][ T1137] veth0_vlan: left promiscuous mode [ 1001.500133][T25387] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1001.509023][ T5978] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 1001.699560][ T5978] usb 10-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1001.710103][ T5978] usb 10-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 1001.723312][ T5978] usb 10-1: Product: syz [ 1001.727912][ T5978] usb 10-1: Manufacturer: syz [ 1001.732718][ T5978] usb 10-1: SerialNumber: syz [ 1001.741178][ T5978] usb 10-1: config 0 descriptor?? [ 1001.749787][ T5978] ch341 10-1:0.0: ch341-uart converter detected [ 1002.084127][ T1137] team0 (unregistering): Port device team_slave_1 removed [ 1002.139308][ T1137] team0 (unregistering): Port device team_slave_0 removed [ 1002.357671][ T5978] usb 10-1: failed to send control message: -71 [ 1002.366792][ T5978] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 1002.382092][ T5978] usb 10-1: USB disconnect, device number 9 [ 1002.391814][ T5978] ch341 10-1:0.0: device disconnected [ 1002.708495][T25125] chnl_net:caif_netlink_parms(): no params data found [ 1002.888685][ T5878] Bluetooth: hci3: command tx timeout [ 1003.211504][T25495] netlink: 64 bytes leftover after parsing attributes in process `syz.9.17177'. [ 1003.235514][T25125] bridge0: port 1(bridge_slave_0) entered blocking state [ 1003.242817][T25125] bridge0: port 1(bridge_slave_0) entered disabled state [ 1003.268306][T25125] bridge_slave_0: entered allmulticast mode [ 1003.290479][T25125] bridge_slave_0: entered promiscuous mode [ 1003.332311][T25125] bridge0: port 2(bridge_slave_1) entered blocking state [ 1003.352419][T25125] bridge0: port 2(bridge_slave_1) entered disabled state [ 1003.361177][T25125] bridge_slave_1: entered allmulticast mode [ 1003.370707][T25125] bridge_slave_1: entered promiscuous mode [ 1003.481565][T25125] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1003.492623][T25530] program syz.9.17180 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1003.497240][T25125] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1003.592708][T25125] team0: Port device team_slave_0 added [ 1003.608235][T25125] team0: Port device team_slave_1 added [ 1003.731028][T25125] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1003.741155][T25125] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1003.768376][T25125] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1003.791074][T25125] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1003.798281][T25125] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1003.825870][T25125] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1003.926896][T25125] hsr_slave_0: entered promiscuous mode [ 1003.946331][T25125] hsr_slave_1: entered promiscuous mode [ 1003.967655][T25125] debugfs: 'hsr0' already exists in 'hsr' [ 1003.973461][T25125] Cannot create hsr debugfs directory [ 1004.333471][ T30] audit: type=1326 audit(1892869219.008:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25692 comm="syz.7.17192" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff98518eec9 code=0x0 [ 1004.964690][ T5878] Bluetooth: hci3: command tx timeout [ 1005.187659][T25125] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1005.237227][T25125] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1005.244809][ T5987] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 1005.270035][T25125] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1005.279272][T25753] comedi comedi1: bad chanlist[0]=0x00000004 chan=4 range length=1 [ 1005.307698][T25125] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1005.416209][ T5987] usb 10-1: Using ep0 maxpacket: 8 [ 1005.424941][ T5987] usb 10-1: config 179 has an invalid interface number: 65 but max is 0 [ 1005.433362][ T5987] usb 10-1: config 179 has no interface number 0 [ 1005.452201][ T5987] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1005.483361][ T5987] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1005.494033][ T30] audit: type=1326 audit(1892869220.168:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25764 comm="syz.7.17201" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7ff985185d67 code=0x0 [ 1005.509216][T25125] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1005.523611][ T5987] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1005.551842][ T5987] usb 10-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1005.600528][T25125] 8021q: adding VLAN 0 to HW filter on device team0 [ 1005.607571][ T5987] usb 10-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1005.635444][ T5987] usb 10-1: config 179 interface 65 has no altsetting 0 [ 1005.658664][T11903] bridge0: port 1(bridge_slave_0) entered blocking state [ 1005.665940][T11903] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1005.676350][ T5987] usb 10-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1005.689937][T11903] bridge0: port 2(bridge_slave_1) entered blocking state [ 1005.697190][T11903] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1005.705474][ T5987] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1005.728158][ T5987] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:179.65/input/input105 [ 1005.929607][ T5987] usb 10-1: USB disconnect, device number 10 [ 1006.062677][T25816] netlink: 28 bytes leftover after parsing attributes in process `syz.2.17208'. [ 1006.071978][T25816] netlink: 104 bytes leftover after parsing attributes in process `syz.2.17208'. [ 1006.081991][T25125] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1006.146268][T25818] netlink: 196 bytes leftover after parsing attributes in process `syz.2.17209'. [ 1006.153854][T25125] veth0_vlan: entered promiscuous mode [ 1006.176128][T25125] veth1_vlan: entered promiscuous mode [ 1006.232606][T25125] veth0_macvtap: entered promiscuous mode [ 1006.250625][T25125] veth1_macvtap: entered promiscuous mode [ 1006.283842][T25125] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1006.317279][T25125] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1006.371595][ T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1006.397548][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1006.411348][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1006.452706][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1006.608466][ T30] audit: type=1326 audit(1892869221.288:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25839 comm="syz.9.17217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 1006.644059][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1006.666552][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1006.687833][ T30] audit: type=1326 audit(1892869221.338:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25839 comm="syz.9.17217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 1006.733512][ T30] audit: type=1326 audit(1892869221.338:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25839 comm="syz.9.17217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 1006.755916][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1006.755948][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1006.834968][ T30] audit: type=1326 audit(1892869221.338:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25839 comm="syz.9.17217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 1006.893380][ T30] audit: type=1326 audit(1892869221.338:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25839 comm="syz.9.17217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 1006.965430][ T30] audit: type=1326 audit(1892869221.348:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25839 comm="syz.9.17217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 1007.003086][ T30] audit: type=1326 audit(1892869221.348:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25839 comm="syz.9.17217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5613d8eec9 code=0x7ffc0000 [ 1007.045549][ T5878] Bluetooth: hci3: command tx timeout [ 1007.055219][T25879] syz_tun: entered promiscuous mode [ 1007.065799][T25879] macsec1: entered allmulticast mode [ 1007.083463][T25879] syz_tun: left promiscuous mode [ 1007.370532][T25877] loop7: detected capacity change from 0 to 32768 [ 1007.390295][T25877] btrfs: Deprecated parameter 'usebackuproot' [ 1007.406385][T25877] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1007.427467][T25877] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.17224 (25877) [ 1007.460512][T25877] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1007.478347][T25901] usb usb8: usbfs: process 25901 (syz.2.17234) did not claim interface 0 before use [ 1007.488224][T25877] BTRFS info (device loop7): using crc32c (crc32c-lib) checksum algorithm [ 1007.497391][T25877] BTRFS warning (device loop7): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 1007.574001][ T12] BTRFS warning (device loop7): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 1007.595880][T25877] BTRFS error (device loop7): failed to load root extent [ 1007.603339][T25877] BTRFS warning (device loop7): try to load backup roots slot 1 [ 1007.616424][ T1137] BTRFS warning (device loop7): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 1007.632451][T25877] BTRFS warning (device loop7): couldn't read tree root [ 1007.640049][T25877] BTRFS warning (device loop7): try to load backup roots slot 2 [ 1007.651567][ T1137] BTRFS error (device loop7): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 1007.663252][T25877] BTRFS warning (device loop7): couldn't read tree root [ 1007.672749][T25877] BTRFS warning (device loop7): try to load backup roots slot 3 [ 1007.681739][ T1137] BTRFS warning (device loop7): checksum verify failed on logical 5242880 mirror 1 wanted 0xc0857788 found 0xa1ba5d6e level 0 [ 1007.701165][T25877] BTRFS warning (device loop7): couldn't read tree root [ 1007.753151][T25877] BTRFS error (device loop7): open_ctree failed: -5 [ 1008.625715][T25972] netlink: 'syz.9.17257': attribute type 3 has an invalid length. [ 1009.169472][T26007] Bluetooth: MGMT ver 1.23 [ 1009.605044][ T5990] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 1009.711684][T26029] netlink: 24 bytes leftover after parsing attributes in process `syz.0.17277'. [ 1009.766261][ T5990] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1009.778502][ T5990] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1009.789133][ T5990] usb 10-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1009.798535][ T5990] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1009.809608][ T5990] usb 10-1: config 0 descriptor?? [ 1009.811201][T26033] program syz.0.17279 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1010.237648][ T5990] cp2112 0003:10C4:EA90.0031: unknown main item tag 0x0 [ 1010.261331][T26055] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 1010.263783][ T5990] cp2112 0003:10C4:EA90.0031: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.9-1/input0 [ 1010.436334][ T5990] cp2112 0003:10C4:EA90.0031: error requesting version [ 1010.447911][ T5990] cp2112 0003:10C4:EA90.0031: probe with driver cp2112 failed with error -71 [ 1010.464136][ T5990] usb 10-1: USB disconnect, device number 11 [ 1010.504829][ T4234] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1010.664634][ T4234] usb 4-1: Using ep0 maxpacket: 16 [ 1010.674435][ T4234] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1010.686354][ T4234] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1010.699635][ T4234] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1010.708669][ T4234] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 1010.718633][ T4234] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1010.731657][ T4234] usb 4-1: Product: syz [ 1010.738327][ T4234] usb 4-1: Manufacturer: syz [ 1010.743016][ T4234] usb 4-1: SerialNumber: syz [ 1010.751698][ T4234] usb 4-1: config 0 descriptor?? [ 1010.973115][ T4234] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input107 [ 1011.199399][ T5990] usb 4-1: USB disconnect, device number 19 [ 1011.233839][T26134] genirq: Flags mismatch irq 4. 00200000 (pcl818) vs. 00200080 (ttyS0) [ 1011.518625][T26149] netlink: 20 bytes leftover after parsing attributes in process `syz.7.17311'. [ 1011.674776][ T5990] usb 10-1: new high-speed USB device number 12 using dummy_hcd [ 1011.825786][ T5990] usb 10-1: Using ep0 maxpacket: 32 [ 1011.837319][ T5990] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1011.863582][ T5990] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1011.883993][ T5990] usb 10-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00 [ 1011.894683][ T5990] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1011.914662][ T5990] usb 10-1: config 0 descriptor?? [ 1012.131918][T26153] ================================================================== [ 1012.140046][T26153] BUG: KASAN: slab-use-after-free in move_to_new_folio+0x145/0x490 [ 1012.147972][T26153] Read of size 8 at addr ffff888058eb6e08 by task syz.7.17313/26153 [ 1012.155964][T26153] [ 1012.158312][T26153] CPU: 1 UID: 0 PID: 26153 Comm: syz.7.17313 Not tainted syzkaller #0 PREEMPT(full) [ 1012.158342][T26153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1012.158356][T26153] Call Trace: [ 1012.158367][T26153] [ 1012.158376][T26153] dump_stack_lvl+0x189/0x250 [ 1012.158408][T26153] ? rcu_is_watching+0x15/0xb0 [ 1012.158426][T26153] ? __kasan_check_byte+0x12/0x40 [ 1012.158452][T26153] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1012.158474][T26153] ? rcu_is_watching+0x15/0xb0 [ 1012.158492][T26153] ? lock_release+0x4b/0x3e0 [ 1012.158521][T26153] ? __virt_addr_valid+0x1c8/0x5c0 [ 1012.158545][T26153] ? __virt_addr_valid+0x4a5/0x5c0 [ 1012.158567][T26153] print_report+0xca/0x240 [ 1012.158598][T26153] ? move_to_new_folio+0x145/0x490 [ 1012.158624][T26153] kasan_report+0x118/0x150 [ 1012.158648][T26153] ? move_to_new_folio+0x145/0x490 [ 1012.158678][T26153] kasan_check_range+0x2b0/0x2c0 [ 1012.158703][T26153] move_to_new_folio+0x145/0x490 [ 1012.158734][T26153] migrate_pages_batch+0x1d5f/0x35e0 [ 1012.158770][T26153] ? __pfx_compaction_free+0x10/0x10 [ 1012.158794][T26153] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1012.158827][T26153] ? __lock_acquire+0xab9/0xd20 [ 1012.158851][T26153] ? css_rstat_updated+0x23a/0x4f0 [ 1012.158883][T26153] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1012.158905][T26153] ? __pfx_compaction_free+0x10/0x10 [ 1012.158926][T26153] migrate_pages+0x1bcc/0x2930 [ 1012.158955][T26153] ? __pfx_compaction_free+0x10/0x10 [ 1012.158973][T26153] ? __pfx_compaction_alloc+0x10/0x10 [ 1012.158993][T26153] ? __pfx___might_resched+0x10/0x10 [ 1012.159020][T26153] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 1012.159045][T26153] ? __pfx_migrate_pages+0x10/0x10 [ 1012.159068][T26153] ? rcu_is_watching+0x15/0xb0 [ 1012.159084][T26153] ? isolate_migratepages_block+0x394f/0x4160 [ 1012.159126][T26153] compact_zone+0x23e1/0x4ab0 [ 1012.159166][T26153] ? __pfx_compact_zone+0x10/0x10 [ 1012.159201][T26153] sysctl_compaction_handler+0x3a4/0x7b0 [ 1012.159226][T26153] ? __pfx_sysctl_compaction_handler+0x10/0x10 [ 1012.159261][T26153] ? trace_kmalloc+0x1f/0xd0 [ 1012.159280][T26153] ? __kvmalloc_node_noprof+0x5ed/0x910 [ 1012.159308][T26153] ? proc_sys_call_handler+0x3cf/0x700 [ 1012.159330][T26153] proc_sys_call_handler+0x4cb/0x700 [ 1012.159351][T26153] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1012.159371][T26153] ? __asan_memset+0x22/0x50 [ 1012.159400][T26153] iter_file_splice_write+0x975/0x10e0 [ 1012.159434][T26153] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1012.159455][T26153] ? rcu_read_lock_any_held+0xb3/0x120 [ 1012.159479][T26153] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1012.159499][T26153] direct_splice_actor+0x101/0x160 [ 1012.159521][T26153] splice_direct_to_actor+0x5a8/0xcc0 [ 1012.159549][T26153] ? __pfx_direct_splice_actor+0x10/0x10 [ 1012.159578][T26153] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1012.159602][T26153] do_splice_direct+0x181/0x270 [ 1012.159625][T26153] ? __pfx_do_splice_direct+0x10/0x10 [ 1012.159647][T26153] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1012.159681][T26153] ? rw_verify_area+0x255/0x4d0 [ 1012.159700][T26153] do_sendfile+0x4da/0x7e0 [ 1012.159729][T26153] ? __pfx_do_sendfile+0x10/0x10 [ 1012.159760][T26153] __se_sys_sendfile64+0xd9/0x190 [ 1012.159784][T26153] ? __pfx___se_sys_futex+0x10/0x10 [ 1012.159807][T26153] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 1012.159837][T26153] ? do_syscall_64+0xbe/0xfa0 [ 1012.159866][T26153] do_syscall_64+0xfa/0xfa0 [ 1012.159890][T26153] ? lockdep_hardirqs_on+0x9c/0x150 [ 1012.159913][T26153] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1012.159932][T26153] ? clear_bhb_loop+0x60/0xb0 [ 1012.159953][T26153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1012.159971][T26153] RIP: 0033:0x7ff98518eec9 [ 1012.159991][T26153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1012.160009][T26153] RSP: 002b:00007ff9833f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1012.160032][T26153] RAX: ffffffffffffffda RBX: 00007ff9853e5fa0 RCX: 00007ff98518eec9 [ 1012.160046][T26153] RDX: 00002000000000c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 1012.160061][T26153] RBP: 00007ff985211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1012.160074][T26153] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1012.160087][T26153] R13: 00007ff9853e6038 R14: 00007ff9853e5fa0 R15: 00007ffca5138688 [ 1012.160117][T26153] [ 1012.160126][T26153] [ 1012.585036][T26153] Allocated by task 22734: [ 1012.589434][T26153] kasan_save_track+0x3e/0x80 [ 1012.594118][T26153] __kasan_slab_alloc+0x6c/0x80 [ 1012.598960][T26153] kmem_cache_alloc_noprof+0x367/0x6e0 [ 1012.604415][T26153] gfs2_glock_get+0x263/0xec0 [ 1012.609090][T26153] gfs2_inode_lookup+0x215/0xb10 [ 1012.614019][T26153] gfs2_dir_search+0x168/0x220 [ 1012.618770][T26153] gfs2_lookupi+0x3d9/0x5a0 [ 1012.623270][T26153] init_journal+0x54a/0x2260 [ 1012.627940][T26153] init_inodes+0xdb/0x320 [ 1012.632695][T26153] gfs2_fill_super+0x1923/0x20d0 [ 1012.637627][T26153] get_tree_bdev_flags+0x40e/0x4d0 [ 1012.642736][T26153] gfs2_get_tree+0x51/0x1e0 [ 1012.647232][T26153] vfs_get_tree+0x92/0x2b0 [ 1012.651637][T26153] do_new_mount+0x302/0x9e0 [ 1012.656214][T26153] __se_sys_mount+0x313/0x410 [ 1012.660883][T26153] do_syscall_64+0xfa/0xfa0 [ 1012.665384][T26153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1012.671265][T26153] [ 1012.673573][T26153] Freed by task 22734: [ 1012.677653][T26153] kasan_save_track+0x3e/0x80 [ 1012.682365][T26153] __kasan_save_free_info+0x46/0x50 [ 1012.687571][T26153] __kasan_slab_free+0x5c/0x80 [ 1012.692346][T26153] kmem_cache_free+0x19b/0x690 [ 1012.697100][T26153] rcu_core+0xcab/0x1770 [ 1012.701436][T26153] handle_softirqs+0x286/0x870 [ 1012.706206][T26153] __irq_exit_rcu+0xca/0x1f0 [ 1012.710793][T26153] irq_exit_rcu+0x9/0x30 [ 1012.715028][T26153] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1012.720665][T26153] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1012.726662][T26153] [ 1012.728981][T26153] Last potentially related work creation: [ 1012.734686][T26153] kasan_save_stack+0x3e/0x60 [ 1012.739804][T26153] kasan_record_aux_stack+0xbd/0xd0 [ 1012.745004][T26153] call_rcu+0x157/0x9c0 [ 1012.749255][T26153] __gfs2_glock_free+0xb44/0xc90 [ 1012.754198][T26153] gfs2_glock_free+0x3c/0xa0 [ 1012.758818][T26153] process_scheduled_works+0xae1/0x17b0 [ 1012.765245][T26153] worker_thread+0x8a0/0xda0 [ 1012.770099][T26153] kthread+0x711/0x8a0 [ 1012.774169][T26153] ret_from_fork+0x4bc/0x870 [ 1012.778769][T26153] ret_from_fork_asm+0x1a/0x30 [ 1012.783569][T26153] [ 1012.785881][T26153] Second to last potentially related work creation: [ 1012.792548][T26153] kasan_save_stack+0x3e/0x60 [ 1012.797219][T26153] kasan_record_aux_stack+0xbd/0xd0 [ 1012.802420][T26153] insert_work+0x3d/0x330 [ 1012.806811][T26153] __queue_work+0xcd2/0xfb0 [ 1012.811488][T26153] queue_delayed_work_on+0x18b/0x280 [ 1012.817132][T26153] clear_glock+0x116/0x220 [ 1012.821636][T26153] glock_hash_walk+0x109/0x1c0 [ 1012.826555][T26153] gfs2_gl_hash_clear+0xfd/0x660 [ 1012.831576][T26153] gfs2_fill_super+0x18af/0x20d0 [ 1012.836688][T26153] get_tree_bdev_flags+0x40e/0x4d0 [ 1012.842054][T26153] gfs2_get_tree+0x51/0x1e0 [ 1012.846553][T26153] vfs_get_tree+0x92/0x2b0 [ 1012.851043][T26153] do_new_mount+0x302/0x9e0 [ 1012.855626][T26153] __se_sys_mount+0x313/0x410 [ 1012.860822][T26153] do_syscall_64+0xfa/0xfa0 [ 1012.865609][T26153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1012.871564][T26153] [ 1012.873882][T26153] The buggy address belongs to the object at ffff888058eb6a40 [ 1012.873882][T26153] which belongs to the cache gfs2_glock(aspace) of size 1224 [ 1012.888733][T26153] The buggy address is located 968 bytes inside of [ 1012.888733][T26153] freed 1224-byte region [ffff888058eb6a40, ffff888058eb6f08) [ 1012.902727][T26153] [ 1012.905070][T26153] The buggy address belongs to the physical page: [ 1012.911558][T26153] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888058eb4000 pfn:0x58eb4 [ 1012.921738][T26153] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1012.930267][T26153] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1012.937996][T26153] page_type: f5(slab) [ 1012.942494][T26153] raw: 00fff00000000040 ffff888020776500 dead000000000122 0000000000000000 [ 1012.951155][T26153] raw: ffff888058eb4000 00000000800c0007 00000000f5000000 0000000000000000 [ 1012.959835][T26153] head: 00fff00000000040 ffff888020776500 dead000000000122 0000000000000000 [ 1012.968684][T26153] head: ffff888058eb4000 00000000800c0007 00000000f5000000 0000000000000000 [ 1012.977438][T26153] head: 00fff00000000002 ffffea000163ad01 00000000ffffffff 00000000ffffffff [ 1012.986281][T26153] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1012.994940][T26153] page dumped because: kasan: bad access detected [ 1013.001343][T26153] page_owner tracks the page as allocated [ 1013.007218][T26153] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8005, tgid 8004 (syz.1.873), ts 165716917576, free_ts 165399027351 [ 1013.027782][T26153] post_alloc_hook+0x240/0x2a0 [ 1013.032540][T26153] get_page_from_freelist+0x2365/0x2440 [ 1013.038073][T26153] __alloc_frozen_pages_noprof+0x181/0x370 [ 1013.043878][T26153] alloc_pages_mpol+0x232/0x4a0 [ 1013.048721][T26153] allocate_slab+0x96/0x3a0 [ 1013.053254][T26153] ___slab_alloc+0xe94/0x1920 [ 1013.057936][T26153] __slab_alloc+0x65/0x100 [ 1013.062382][T26153] kmem_cache_alloc_noprof+0x3f9/0x6e0 [ 1013.067858][T26153] gfs2_glock_get+0x263/0xec0 [ 1013.072627][T26153] gfs2_inode_lookup+0x215/0xb10 [ 1013.077653][T26153] init_sb+0xa30/0x12c0 [ 1013.081799][T26153] gfs2_fill_super+0x15ef/0x20d0 [ 1013.086759][T26153] get_tree_bdev_flags+0x40e/0x4d0 [ 1013.091961][T26153] gfs2_get_tree+0x51/0x1e0 [ 1013.096473][T26153] vfs_get_tree+0x92/0x2b0 [ 1013.100886][T26153] do_new_mount+0x302/0x9e0 [ 1013.105385][T26153] page last free pid 1155 tgid 1155 stack trace: [ 1013.111697][T26153] __free_frozen_pages+0xbc4/0xd30 [ 1013.116825][T26153] free_large_kmalloc+0x13a/0x1f0 [ 1013.122014][T26153] bch2_trans_put+0xb8b/0x1220 [ 1013.126772][T26153] btree_interior_update_work+0x2172/0x27d0 [ 1013.132659][T26153] process_scheduled_works+0xae1/0x17b0 [ 1013.138205][T26153] worker_thread+0x8a0/0xda0 [ 1013.142793][T26153] kthread+0x711/0x8a0 [ 1013.146849][T26153] ret_from_fork+0x4bc/0x870 [ 1013.151434][T26153] ret_from_fork_asm+0x1a/0x30 [ 1013.156192][T26153] [ 1013.158503][T26153] Memory state around the buggy address: [ 1013.164263][T26153] ffff888058eb6d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1013.172485][T26153] ffff888058eb6d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1013.180531][T26153] >ffff888058eb6e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1013.188597][T26153] ^ [ 1013.192917][T26153] ffff888058eb6e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1013.200964][T26153] ffff888058eb6f00: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1013.209017][T26153] ================================================================== [ 1013.217252][ C1] vkms_vblank_simulate: vblank timer overrun [ 1013.240212][ T5990] aquacomputer_d5next 0003:0C70:F0B6.0032: unknown main item tag 0x0 [ 1013.250203][ T5990] aquacomputer_d5next 0003:0C70:F0B6.0032: unknown main item tag 0x0 [ 1013.261060][T26153] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1013.261085][T26153] CPU: 1 UID: 0 PID: 26153 Comm: syz.7.17313 Not tainted syzkaller #0 PREEMPT(full) [ 1013.261112][T26153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1013.261127][T26153] Call Trace: [ 1013.261137][T26153] [ 1013.261148][T26153] dump_stack_lvl+0x99/0x250 [ 1013.261179][T26153] ? __asan_memcpy+0x40/0x70 [ 1013.261212][T26153] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1013.261236][T26153] ? __pfx__printk+0x10/0x10 [ 1013.261271][T26153] vpanic+0x237/0x6d0 [ 1013.261294][T26153] ? __pfx_vpanic+0x10/0x10 [ 1013.261321][T26153] ? preempt_schedule+0xae/0xc0 [ 1013.261349][T26153] ? __pfx_preempt_schedule+0x10/0x10 [ 1013.261380][T26153] panic+0xb9/0xc0 [ 1013.261401][T26153] ? __pfx_panic+0x10/0x10 [ 1013.261425][T26153] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 1013.261457][T26153] ? move_to_new_folio+0x145/0x490 [ 1013.261486][T26153] check_panic_on_warn+0x89/0xb0 [ 1013.261512][T26153] ? move_to_new_folio+0x145/0x490 [ 1013.261539][T26153] end_report+0x78/0x160 [ 1013.365727][T26153] kasan_report+0x129/0x150 [ 1013.370230][T26153] ? move_to_new_folio+0x145/0x490 [ 1013.375511][T26153] kasan_check_range+0x2b0/0x2c0 [ 1013.380442][T26153] move_to_new_folio+0x145/0x490 [ 1013.385381][T26153] migrate_pages_batch+0x1d5f/0x35e0 [ 1013.390670][T26153] ? __pfx_compaction_free+0x10/0x10 [ 1013.396381][T26153] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1013.402011][T26153] ? __lock_acquire+0xab9/0xd20 [ 1013.406856][T26153] ? css_rstat_updated+0x23a/0x4f0 [ 1013.411970][T26153] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1013.417335][T26153] ? __pfx_compaction_free+0x10/0x10 [ 1013.422617][T26153] migrate_pages+0x1bcc/0x2930 [ 1013.427381][T26153] ? __pfx_compaction_free+0x10/0x10 [ 1013.432761][T26153] ? __pfx_compaction_alloc+0x10/0x10 [ 1013.438121][T26153] ? __pfx___might_resched+0x10/0x10 [ 1013.443402][T26153] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 1013.449552][T26153] ? __pfx_migrate_pages+0x10/0x10 [ 1013.454666][T26153] ? rcu_is_watching+0x15/0xb0 [ 1013.459516][T26153] ? isolate_migratepages_block+0x394f/0x4160 [ 1013.465606][T26153] compact_zone+0x23e1/0x4ab0 [ 1013.470345][T26153] ? __pfx_compact_zone+0x10/0x10 [ 1013.475379][T26153] sysctl_compaction_handler+0x3a4/0x7b0 [ 1013.481128][T26153] ? __pfx_sysctl_compaction_handler+0x10/0x10 [ 1013.487382][T26153] ? trace_kmalloc+0x1f/0xd0 [ 1013.491971][T26153] ? __kvmalloc_node_noprof+0x5ed/0x910 [ 1013.497860][T26153] ? proc_sys_call_handler+0x3cf/0x700 [ 1013.503343][T26153] proc_sys_call_handler+0x4cb/0x700 [ 1013.508626][T26153] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1013.514544][T26153] ? __asan_memset+0x22/0x50 [ 1013.519138][T26153] iter_file_splice_write+0x975/0x10e0 [ 1013.524690][T26153] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1013.530620][T26153] ? rcu_read_lock_any_held+0xb3/0x120 [ 1013.536087][T26153] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1013.541976][T26153] direct_splice_actor+0x101/0x160 [ 1013.547148][T26153] splice_direct_to_actor+0x5a8/0xcc0 [ 1013.552535][T26153] ? __pfx_direct_splice_actor+0x10/0x10 [ 1013.558347][T26153] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1013.564333][T26153] do_splice_direct+0x181/0x270 [ 1013.569215][T26153] ? __pfx_do_splice_direct+0x10/0x10 [ 1013.574594][T26153] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1013.580609][T26153] ? rw_verify_area+0x255/0x4d0 [ 1013.585559][T26153] do_sendfile+0x4da/0x7e0 [ 1013.590029][T26153] ? __pfx_do_sendfile+0x10/0x10 [ 1013.595162][T26153] __se_sys_sendfile64+0xd9/0x190 [ 1013.600275][T26153] ? __pfx___se_sys_futex+0x10/0x10 [ 1013.605471][T26153] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 1013.611100][T26153] ? do_syscall_64+0xbe/0xfa0 [ 1013.615777][T26153] do_syscall_64+0xfa/0xfa0 [ 1013.620286][T26153] ? lockdep_hardirqs_on+0x9c/0x150 [ 1013.625485][T26153] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1013.631629][T26153] ? clear_bhb_loop+0x60/0xb0 [ 1013.636485][T26153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1013.642500][T26153] RIP: 0033:0x7ff98518eec9 [ 1013.646918][T26153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1013.666624][T26153] RSP: 002b:00007ff9833f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1013.675134][T26153] RAX: ffffffffffffffda RBX: 00007ff9853e5fa0 RCX: 00007ff98518eec9 [ 1013.683356][T26153] RDX: 00002000000000c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 1013.691319][T26153] RBP: 00007ff985211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1013.699290][T26153] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1013.707271][T26153] R13: 00007ff9853e6038 R14: 00007ff9853e5fa0 R15: 00007ffca5138688 [ 1013.715338][T26153] [ 1013.718669][T26153] Kernel Offset: disabled [ 1013.722995][T26153] Rebooting in 86400 seconds..