last executing test programs: 8.168485319s ago: executing program 0 (id=3898): r0 = syz_io_uring_setup(0x110, &(0x7f0000000200)={0x0, 0xfec9, 0x8, 0x5, 0x3d4}, &(0x7f0000000040), &(0x7f0000000140)) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, 0x0, 0x1) 7.877956074s ago: executing program 0 (id=3902): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000200)={@val={0xa}, @void, @eth={@multicast, @local, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0xc, 0x11, 0xff, @empty, @mcast2, {[], {0x4f19, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x3, 0x5, 0x100, @void}}}}}}}}}, 0x46) 7.712090347s ago: executing program 1 (id=3903): setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x2, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x500, 0x0, 0x54, 0xa, 0x21}, 0x9c) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socket$packet(0x11, 0x3, 0x300) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[], 0xffdd) 7.634090768s ago: executing program 3 (id=3904): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_ADD(r0, 0x0, 0x8800) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002", 0x29}], 0x1}, 0x0) 7.53008787s ago: executing program 0 (id=3905): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00'], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x0) 7.426130091s ago: executing program 3 (id=3906): syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) socket$pppl2tp(0x18, 0x1, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[], 0x38}}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan4\x00'}) sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="090000000800000004000000094000000a000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000003f71e6972d20df3aa81155093d8a9953aa4a3c427aa60a08692f8dd22994232d9619f08d818cb8106b77918d33fa558359c58ca93c6fd78b810ab2b68d36839e63d849afc284224cd8c766a9e6c9f555d7b41320dad88e84dee5fa4a0f49329201e687dc42a5b2fdfdce38886b300138eff8baa256edb83b936b8b2294aa496fe88e65bb632c1e1412e232affbd2ec9e81dfe4be721adcb18154bc2c9c0e6528f522583e5439a218d9ea9a656e7e40cbe0"], 0x48) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000080), 0x4) sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r3) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000140)=[{&(0x7f0000000080)="5800000014001923fc834b80040d8c560a067f020000000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd001a0010000100080c10000000000000000000", 0x58}], 0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="180000002400018000000000800000001100000004002f80"], 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) r8 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r8, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @local}, 0xc) sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100010000001300000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000000000d0001007564703a73797a3200000000"], 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0) ioctl$FS_IOC_GETFLAGS(r4, 0x80086601, &(0x7f0000000040)) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r10, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r10, &(0x7f0000000580)=ANY=[@ANYBLOB="5300030002"], 0x8) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r9) 3.240951039s ago: executing program 3 (id=3908): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000000)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) socket(0x1e, 0x4, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r3, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x0) 3.197858179s ago: executing program 0 (id=3910): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)=ANY=[], 0x78}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) syz_emit_ethernet(0x46, &(0x7f0000000180)={@local, @empty, @void, {@ipv6={0x86dd, @generic={0xc, 0x6, "370c89", 0x10, 0x2c, 0x0, @dev={0xfe, 0x80, '\x00', 0x24}, @mcast2, {[@hopopts={0x88, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x8}]}]}}}}}, 0x0) 3.196882039s ago: executing program 1 (id=3911): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r7) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r10, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x4}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x7}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.998148273s ago: executing program 2 (id=3912): syz_mount_image$exfat(&(0x7f0000000100), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000600)=ANY=[], 0x2, 0x1509, &(0x7f0000001c40)="$eJzs3Au0jtXWOPA511oPm8Sb5L7mmg9vclkkSS4JiSRJjiS5JSRJkoTEJrckJCH3JPeQ3EJyv99yT5IjSZKQkGT9h079nXM63+l83znn842z52+MZ+w19/vO+c5nz733+zxrjL2/7jCoSr2qleowM/xT8E8fUgEgBQD6AkAWAIgAoGTWklkBh0IGjan/3IuIf60Hpl7pDsSVJPNP22T+aZvMP22T+adtMv+0Teaftsn80zaZvxBp2dZpua6RI+0e/3v7/yD7///nyPv/f5DDRUd/vr7odR3/Gyky/7RN5p+2yfzTNpl/2ibzT9tk/v/hIoCKf+dhmX/aJvMXIi270vvPclzZ40p//wkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESBvOhcsMAPy6vtJ9CSGEEEIIIYQQ4l8npP/zKN2Va0QIIYQQQgghhBD/RggKNBiIIB2khxTIABnhKsgEV0NmyAIJuAaywrWQDa6D7JADckIuyA15IC9YIHDAEEM+yA9JuB4KwA1QEApBYSgCHopCMbgRisNNUAJuhpJwC5SCW6E0lIGyUA5ug/JwO1SAilAJ7oDKcCdUgapwF1SDu6E63AM14F6oCfdBLbgfasMfoA48AHXhQagHD0F9eBgaQENoBI2hyf8o/3noAi9AV+gGqdAdesCL0BN6QW/oA33hJegHL0N/eAUGwEAYBK/CYHgNhsDrMBSGwXB4A0bASBgFo2EMjIVx8CaMh7dgArwNE2ESTIYpMBWmwXR4B2bATJgF78JseA/mwFyYB/NhAbwPC2ERLIYPYAl8CEthGSyHFbASVsFqWANrYR2shw2wETbBZtgCW+Ej2AbbYQfshF2wG/bAx7AXPoF98Cnsh8/+Oj/L388/+1f5HREQUKFCgwbTYTpMwRTMiBkxE2bCzJgZE5jArJgVs2E2zI7ZMSfmxNyYG/NiXiQkZGTMh/kwiUksgAWwIBbEwlgYPXoshsWwON6EJbAElsSSWApLYWksg2WwHJbD8lgeK2AFrISVsDJWxipYBe/Cu/BurI7VsQbWwJpYE2thLayNtbEO1sG6WBfrYT2sj/WxATbARtgIm2ATbIpNsRk2wxbYAltiS2yFrbA1tsY22AbbYltsh+2wPbbHDtgBO2In7ITP4/P4Ar6A3bCy6o49sAf2xJ7YG/tgH3wJ++HL+DK+ggNwIA7CV/FVfA2H4BkcisNwOA7H8mokjsLRyGosjsNxOB7H4wScgBNxEk7CKTgVp+F0nI4zcCbOxHdxNr6H7+FcnIvzcQEuwIW4CBfjYlyCZ3EpLsPluAJX4ipciWtwLa7B9bgB1+Mm3IRbcAt+hB/hdtyOO3En7sbd+DF+jJ/gJzgA9+N+PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPIfn8Dyexwv4bO4v6+4utG4AqEuMMiqdSqdSVIrKqDKqTCqTyqwyq4RKqKwqq8qmsqnsKrvKqXKq3Cq3yqvyKlKkWMUqn8qnkiqpCqgCqqAqqAqrwsorr4qpYqq4Kq5KqBKqpLpFlVK3qtKqjGruy6lyqrxq4SuoiqqSqqQqqztVFVVVVVXVVDVVXVVXNVQNVVPVVLXU/aq26o698QF1aTL11ECsrwZhA9VQNVKN1Wv4iGqqhmAz1Vy1UI+pYTgUW6mmvrV6UrVRo7CtelqNxmdUezUWO6jnVEfVSXVWz6suqpnv+ut2p5qCPVUv1Vv1UTPwTnVpYlXUK2qAGqgGqVfVfHxNDVGvq6FqmBqu3lAj1Eg1So1WY9RYNU69qcart9QE9baaqCapyWqKmqqmqenqHTVDzVSz1LtqtnpPzVFz1Tw1Xy1Q76uFapFarD5QS9SHaqlapparFWqlWqVWqzVqrVqn1qsNaqPapDarLWqr+khtU9vVDrVT7VK71R71sdqrPlH71Kdqv/pMHVB/VAfV5+qQ+kIdVl+qI+ordVR9rY6pb9Rx9a06oU6qU+o7dVp9r86os+qc+kGdVz+qC+ondVEFBRq10lobHel0Or1O0Rl0Rn2VBn21zqyz6IS+RmfV1+ps+jqdXefQOXUunVvn0Xm11aSdZh3rfDq/TurrdQF9gy6oC+nCuoj2uqgupm/UxfVNuoS+WZfUt+hS+lZdWpfRZXU5fZsur2/XFXRFXUnfoSvrO3UVXVXfpavpu3V1fY+uoe/VNfV9upa+X9fWf9B19AO6rn5Q19MP6fr6Yd1AN9SNdGPdRD+im+pHdTPdXLfQj+mW+nHdSj+hW+sndRv9lG6rn9bt9DO6vX5Wd9DP6Y66k+6sf9IXddBddTedqrvrHvpF3VP30r11H91Xv6T76Zd1f/2KHqAH6kH6VT1Yv6aH6Nf1UD1MD9dv6BF6pB6lR+sxeqwep9/U4/VbeoJ+W0/Uk/RkPUVP1dN0718qzfoH8t/6G/n9f371LXqr/khv09v1Dr1T79K79R69R+/Ve/U+vU/v1/v1AX1AH9QH9SF9SB/Wh/URfUQf1Uf1MX1MH9fH9Ql9Uv+gv9On9ff6jD6rz+of9Hl9Xl/45WsABo0y2hgTmXQmvUkxGUxGc5XJZK42mU0WkzDXmKzmWpPNXGeymxwmp8llcps8Jq+xhowzbGKTz+Q3SXO9KWBuMAVNIVPYFDHeFDXFzI3/dP7v9dfENDFNTVPTzDQzLUwL09K0NK1MK9PatDZtTBvT1rQ17Uw70960Nx1MB9PRdDSdTWfTxXQxXU1Xk2pSTQ/zoulpepnepo/pa14y/Uw/09/0NwPMADPIDDKDzWAzxAwxQ81QM9wMNyPMCDPKjDJjzBgzzowz4814M8FMMBPNRDPZTDZTzVQz3Uw3M8wMM8vMMrPNbDPHzDHzzDyzwCwwC81Cs9gsNkvMErPULDPLzAqzwqwyq8was8asM+vMBrPBbDKbzFKz1Ww128w2s8PsMLvMLrPH7DF7zV6zz+wz+81+c8AcMAfNQXPIHDKHzWFzxBwxR81Rc8wcM8fNcXPCnDCnzClz2pw2Z8wZc86cM+fNeXPBXDAXzcVLl32RilRkIhOli9JFKVFKlDHKGGWKMkWZo8xRIkpEWaOsUbbouih7lCPKGeWKckd5olSwEUUu4iiO8kX5o2R0fVQguiEqGBWKCkdFIh8VjYpFN0bFo5uiEtHNUcnolqhUdGtUOioTlY3KRbdF5aPbowpRxahSdEdUObozqhJVje6KqkV3R9Wje6Ia0b1Rzei+qFZ0f1Q7+kNUJ3ogqhs9GNWLHorqRw9HDaKGUaOocdTkX1o/hDM5HvVdbTebarvbHvZF29P2sr1tH9vXvmT72Zdtf/uKHWAH2kH2VTvYvmaH2NftUDvMDrdv2BF2pB1lR9sxdqwdZ9+04+1bdoJ92060k+xkO8VOtdPsdPuOnWFn2ln2XTvbvmfn2Ll2np1vF9j37UK7yC62H9gl9kO71C6zy+0Ku9KusqvtGrvWrrPr7Qa70W6ym+0Wu9V+ZLfZ7XaH3Wl32d12j/3Y7rWf2H32U7vffmYP2D/ag/Zze8h+YQ/bL+0R+5U9ar+2x+w39rj91p6wJ+0p+509bb+3Z+xZe87+YM/bH+0F+5O9aMOli/tLb+9kyFA6SkcplEIZKSNlokyUmTJTghKUlbJSNspG2Sk75aSclJtyU17KS5cwMeWjfJSkJBWgAlSQClJhKkyePBWjYlScilMJKkElqSSVolJUmkpTWSpLt9FtdDvdThWpIt1Bd9CddCdVpapUjapRdapONagG1aSaVItqUW2qTXWoDtWlulSP6lF9qk8NqAE1okbUhJpQU2pKzagZtaAW1JJaUitqRa2pNbWhNtSW2lI7akftqT11oA7UkTpSZ+pMXagLdaWulEqp1IN6UE/qSb2pN/WlvtSP+lF/6k8DaAANokE0mAbTEBpCQ2kYDac3aASNpFE0msbQWBpH42g8jacJNIEm0kSaTJNpKk2l6TSdZtAMmkWzaDbNpjk0h+bRPFpAC2ghLaTFtJiW0BJaSktpOS2nlbSSVtNqWktraT2tp420kTbTZtpKW2kbbaMdtIN20S7aQ3toL+2lfbSP9tN+OkAH6CAdpEN0iA7TYTpCR+goHaVjdIyO03E6QSfoFJ2i03SaztAZOkfn6Dz9SBfoJ7pIgVKcgozuKpfJXe0yuywuxWVwl+IIAC7FOV0ul9vlcXmdddldjr+IyTlX0BVyhV0R511RV8zd+Ju4tCvjyrpy7jZX3t3uKvwmrubudtXdPa6Gu9dVdXf9RVzT3edquYdcbfewq+MaurqusavnHnL13cOugWvoGrnGrqV73LVyT7jW7knXxj31m3ihW+TWunVuvdvg9rpP3Dn3gzvqvnbn3Y+uq+vm+rqXXD/3suvvXnED3MDfxMPdG26EG+lGudFujBv7m3iym+KmumluunvHzXAzfxMvcO+72W6xm+Pmunlu/s/xpZ4Wuw/cEvehW+qWueVuhVvpVrnVbs3/73WF2+Q2uy1uj/vYbXPb3Q630+1yu3+OL53HPvep2+8+c0fcV+6g+9wdcsfcYfflz/Gl8zvmvnHH3bfuhDvpTrnv3Gn3vTvjzv58/pfO/Tv3k7voggNGVqzZcMTpOD2ncAbOyFdxJr6aM3MWTvA1nJWv5Wx8HWfnHJyTc3FuzsN52TKxY+aY83F+TvL1XIBv4IJciAtzEfZclIvxjVycb+ISfDOX5Fu4FN/KpbkMl+VyfBuX59u5AlfkSnwHVw6Bq3BVvour8d1cne/hGnwv1+T7uBbfz7X5D1yHH+C6/CDX44e4Pj/MDbghN+LG3IQf4ab8KDfj5tyCH+OW/Di34ie4NT/JbfgpbstPczt+htvzs9yBn+OO3Ik78/PchV/grtyNU7k79+AXuSf34t7ch/vyS9yPX+b+/AoP4IE8iF/lwfwaD+HXeSgP4+H8Bo/gkTyKR/MYHsvj+E0ez2/xBH6bJ/IknsxTeCpP4+n8Ds/gmTyL3+XZ/B7P4bk8j+fzAn6fF/IiXswf8BL+kJfyMl7OK3glr+LVvIbX8jpezxt4I2/izbyFt/JHvI238w7eybt4N+/hj3kvf8L7+FPez5/xAf4jH+TP+RB/wYf5Sz7CX/FR/pqP8Td8nL/lE3yST/F3fJq/5zN8ls/xD3yef+QL/BNf5MAQY6xiHZs4itPF6eOUOEOcMb4qzhRfHWeOs8SJ+Jo4a3xtnC2+Ls4e54hzxrni3HGeOG9sY4pdzHEc54vzx8n4+rhAfENcMC4UF46LxD4uGheLb4yLxzfFJeKb45LxLXGp+NYYUsvED91bLr4tLh/fHleIK8aV4jviyvGdcZW4anxXXC2+O64e3xPXiO+NS8T3xbXi++Pa8R/iOvEDcd34wbhe/FBcP344bhA3jBvFjeMm8SNx0/jRuFncPG4RPxa3jB+PW8VPxK3jJ+M28VO/+3hq3D3uEb8YvxiHcI/65T4xuTC5KLk4+UFySfLD5NLksuTy5IrkyuSq5OrkmuTa5Lrk+uSG5MbkpuTm5JZkCFXTg0evvPbGRz6dT+9TfAaf0V/lM/mrfWafxSf8NT6rv9Zn89f57D6Hz+lz+dw+j8/rrSfvPPvY5/P5fdJf7wv4G3xBX8gX9kW890V9Md/YN/FNfFP/qG/mm/sW/jH/mH/cP+6f8E/4J30b/5Rv65/27fwzvr1/1j/rn/MdfSff2T/vu/gXfFffzaf6VN/D9/A9fU/f2/f2fX1f38/38/19fz/AD/CD/CA/2A/2Q/wQP9QP9cP9cD/Cj/Cj/Cg/xo/x4/w4P96P9xP8BD/RT/ST/WQ/1U/10/10P8PP8LP8LD+74Gw/x8/x8/w8v8Av8Av9Qr/YL/ZL/BK/1C/1y/1yv9Kv9Kv9ar/Wr/Xr/Xq/0W/0m/1mv9Vv9dv8Nr/D7/C7/C6/x+/xe/1ev8/v8/v9fn/AH/AH/UF/yH/hD/sv/RH/lT/qv/bH/Df+uP/Wn/An/Sn/nT/tv/dn/Fl/zv/gz/sf/QX/k7/ogx+XeDMxPvFWYkLi7cTExKTE5MSUxNTEtMT0xDuJGYmZiVmJdxOzE+8l5iTmJuYl5icWJN5PLEwsSixOfJBYkvgwsTSxLLE8sSKxMrEqEUKebXHIF/KHZLg+FAg3hIKhUCgcigQfioZi4cZQPNwUSoSbQ8lwSygVbg2lQ5lQNjwcGoSGoVFoHJqER0LT8GhoFpqHFuGx0DI8HlqFJ0Lr8GRoE54KbcPToV14JrQPz4YO4bnQMXQKncPzoUt4IXQN3UJq6B56hBdDz9Ar9A59Qt/wUugXXg79wythQBgYBoVXw+DwWhgSXg9Dw7AwPLwRRoSRYVQYHcaEsWFceDOMD2+FCeHtMDFMCpPDlDA1TAvTwzthRpgZZoV3w+zwXpgT5oZ5YX5YEN4PC8OisDh8EJaED8PSsCwsDyvCyrAqrA5rwtqwLqwPG8LGsClsDlvC1vBR2Ba2hx1hZ9gVdoc94eOwN3wS9oVPw/7wWTgQ/hgOhs/DofBFOBy+DEfCV+Fo+DocC9+E4+HbcCKcDKfCd+F0+D6cCWfDufBDOB9+DBfCT+Gi/M2aEEIIIcQ/RP/O493/xufSAcCvt0Q9AODq7bkO/3XNjdn/tO6lcrdMAMCT3To88OtRuXJqauovz12qIco/FwASf1n/13gZtIDHoTU0h+J/s79eqtN5/p36yVsAMv5ZTgpcji/Xv+m/qP/IY8MXlorPZf079ecCFMx/OScDXI4v1y/xX9TP0fR3+s/w+TiAZn+Wkwkux5frF4NH4Slo/RfPFEIIIYQQQggh/qSXKtvu9+6fL92f5zaXc9LD5fj37s+FEEIIIYQQQghx5T3TqfMTj7Ru3bzdP7bAX/YF/ntZspDFf84iwy8/Ov9X+vk3La7kbyUhhBBCCCHEv8Pli/4r3YkQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCJF2/W/8O7ErfY5CCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCHElfb/AgAA//+wBDLo") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.idle_time\x00', 0x275a, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x8004587d, &(0x7f0000000080)={@id={0x2, 0x0, @b}}) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x8004587d, &(0x7f0000000080)) 2.997903153s ago: executing program 0 (id=3913): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8042) ioctl$SG_GET_SG_TABLESIZE(r0, 0x227f, &(0x7f0000000000)) 2.978944933s ago: executing program 3 (id=3914): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x800006}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x7fff, 0x267, 0x0, 0x25, 0x19dd, 0x9}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80003, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.873414904s ago: executing program 0 (id=3915): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000007c0)='usrquota') syz_usb_connect(0x0, 0x43, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009e23662030164200135b0102030109023100010000000009040000000202ff00080600000000000005240600000524"], 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff000085410500"], 0x38}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x12, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a0000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff"], 0x0, 0x9, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @cgroup_sock_addr=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) write$dsp(r4, &(0x7f0000000480)="586d545651449f25a50b982607d7718a3d3f7dfcff547a90fa09c284c5bf5a75112c07000000623d7662f559cf457c323c730d76c04d8a361ada67df45bf1e60212de638a13a61036f26331faba4af55c4ad53e12f3d658667d0e6c311ff067b6c4b2fd815078b2e4d2e4f2b66fea9992d8b76df02e1fd67e655494f053a85d39353567036abaf3a99cee1329993fc4332db3d09416c5820a0b60ef541c4869ca2b406fa4cfd658957dd27d4ce43eabf153857411a5bb2b48250407ae84800"/208, 0xd0) ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0) 2.702152727s ago: executing program 2 (id=3916): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb7e, &(0x7f0000000c40)="$eJzs3M1rVFcbAPDn3nwYNb6JL/LyWkoNtGChOBrFSl2py9ZFof0DDHEiIdcPkhRMcBHbhXRVC910UWgXpX9AoetstNBV6aaVFrqXShHdp9zJnWQwM0mqMx4/fj84c8/HZM7z5JK555C5E8BLa6x8yCP2R8S5LGKk6s8jYrBRG4pYWn3eg/vXJh/evzaZxcrKB39nkVV9zdfKquPuqjEUEb+cyeK/n2ycd25hcWaiKOqzVfvw/MUrh+cWFg9NX5y4UL9QvzR+YvzY8RPHjr99pGu5vrv35tmvxk/t+f7Mrauv3fj9yyxOxXA11ppHt4zFWKxUWvv7I2Ki25Ml0lflk7X0Zf0JAwIAYFN5yxrufzESfbG+eBuJW78mDQ4AAADoipW+WPsfFQAAAPCiyuz/AQAA4AXX/BzAg/vXJpsl7ScSnq57pyNitF3+/bHUOA7FQETsepBF622t2eqPPbGxiNj30+iPZYke3Ye8maXrEfH/dvlnjfxHG3dxb8w/j4hu3Jk99kj7ecr/VBfmT50/AC+n5dOrF7KN1798bf0Tba5//W2uXY8j9fWv8/pvPf++Duu/97c5R/3Ap593Gmtd/xXfvnq7nL88PlFS/8K96xGv9Hde/5T5Zx3yP7fNOQb++PmHTmNl/mW+zfK081/5JuJg2/3P+jfaZJt/P9HhqemiXj22nePG7e/2dZq/9fyXpZy/uRd4Gsrzv6tD/lud/yvbnGP5r4N/dhrbOv/87mD2YaM2WPVcnZifnx2PGMzObuw/unkszec0X6PM/83XN//7b5d/+Z6wVP0eyr3A9epYtj9+ZM5D773zxuPn31tl/ucf8/zf3OYcX382e7fTWOr8AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+5BExHFleW6vnea0WsTsi9sWuvLg8N//W1OWPLp0vxyJGYyCfmi7qRyJiZLWdle3xRn29ffSR9rGI2BsRX4zsbLRrk5eL86mTBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYM3uiBiOLK9FRB4RD0fyvFZLHRUAAADQdaOpAwAAAAB6zv4fAAAAXnz2/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTY3gPLd7KIWDq5s1FKg9XYQNLIgF7LUwcAJNOXOgAgmf7UAQDJ2OMD2RbjQx1HdnQ9FgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeXQf3L9/JImLp5M5GKQ1WYwNJIwN6LU8dAJBMX+oAgGT6UwcAJGOPD2RbjA91HNnR9VgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHYNN0qW1yIib9TzvFaL2BMRozGQTU0X9SMR8Z+I+G1kYEfZHk8dNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF03t7A4M1EU9VkVFRWVtUrqdyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFKYW1icmSiK+uxc6kgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA1OYWFmcmiqI+28NK6hwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEjnnwAAAP///JMJmQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x650ce4b086bd440f) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000440)={0x1, 0x1, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.684759338s ago: executing program 1 (id=3917): r0 = socket$inet6(0xa, 0x802, 0x88) sendto$inet6(r0, 0x0, 0x0, 0x20008844, 0x0, 0x0) fanotify_init(0x4, 0x400) syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f60"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x0) 2.491334811s ago: executing program 3 (id=3918): syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) socket$pppl2tp(0x18, 0x1, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[], 0x38}}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan4\x00'}) sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="090000000800000004000000094000000a000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000003f71e6972d20df3aa81155093d8a9953aa4a3c427aa60a08692f8dd22994232d9619f08d818cb8106b77918d33fa558359c58ca93c6fd78b810ab2b68d36839e63d849afc284224cd8c766a9e6c9f555d7b41320dad88e84dee5fa4a0f49329201e687dc42a5b2fdfdce38886b300138eff8baa256edb83b936b8b2294aa496fe88e65bb632c1e1412e232affbd2ec9e81dfe4be721adcb18154bc2c9c0e6528f522583e5439a218d9ea9a656e7e40cbe0"], 0x48) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000080), 0x4) sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r3) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000140)=[{&(0x7f0000000080)="5800000014001923fc834b80040d8c560a067f020000000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd001a0010000100080c10000000000000000000", 0x58}], 0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="180000002400018000000000800000001100000004002f80"], 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) r8 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r8, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @local}, 0xc) sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100010000001300000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000000000d0001007564703a73797a3200000000"], 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0) ioctl$FS_IOC_GETFLAGS(r4, 0x80086601, &(0x7f0000000040)) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r10, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r10, &(0x7f0000000580)=ANY=[@ANYBLOB="5300030002"], 0x8) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r9) 2.394121272s ago: executing program 2 (id=3919): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x24040040) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b70400000000000085"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x2}, 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x2c, r4, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}]}, 0x2c}}, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) ioctl$sock_netrom_SIOCADDRT(r6, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000)) r7 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000000)="cb182fc5fce9a5d18739d3144aa3d54257aaa88aba27981824f7915295e558edf48135300a75b59beca71f8b59e7261c1719b06171b986f9ce8f2b1050ddb978e5dae7d50b9e5b3dcce6a2fde67a08ed68d86de2ffc5ed943e843e8d87030387c50c40ad42bdf9eaf18102e68040d383c4d56964c9a70077414337a578f1d54ae672036278feff2c0fb602b8e3d982834211596005818769ecb84fca9b5097554bdd603f6addc8660b20ce77c2bd0069fd38056452f68f83a9b2b60bf507299402dca7f1c28ffe914b5e9f0d8a9c5728ff90af757c45a08a9e9b373a13e507e2d461010108", 0xe5) 2.065517207s ago: executing program 2 (id=3920): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x800, 0x70bd29, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0xfff1, 0xfff2}, {0x1, 0xc}, {0xfff3, 0x8}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0x80000000}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44045}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000084) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.016461518s ago: executing program 3 (id=3921): setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x2, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x500, 0x0, 0x54, 0xa, 0x21}, 0x9c) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socket$packet(0x11, 0x3, 0x300) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) write$cgroup_devices(r1, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[], 0xffdd) 1.949493969s ago: executing program 2 (id=3922): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x1) 1.682767384s ago: executing program 2 (id=3923): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7f, 0x0, 0x5, 0x1, 0xc}, 0xb, 0x0, 0x8, 0x5, 0x5f82, 0x2, 0x9, 0xd, 0x8, 0x1, {0xffff1c72, 0x3, 0x1000, 0x101, 0x0, 0x5}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 660.71202ms ago: executing program 1 (id=3924): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000d0000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff00080003400000000c2c0000000b0a01010000000000000000070000000900020073797a3100000000090001"], 0xc0}}, 0x0) 414.483344ms ago: executing program 1 (id=3925): syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x400) syz_mount_image$udf(&(0x7f0000000500), &(0x7f0000000ac0)='./file0\x00', 0x2004008, &(0x7f0000000080)=ANY=[@ANYRES64=0x0], 0xfe, 0x4f5, &(0x7f00000005c0)="$eJzs3F1oJVcdAPD/mb03e5Mu7e3XdrUFgyIbW7sk2bS7GpGmXWOFoGCagj4oaT7W0HwsSSpN8aMgiqAg+KAFn/vQIrKKoPTJJx98VhH6Ij74KEEKPogoM5n7kextE3tzk83m94Pknjvzn7kzw/2fOefcmQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOLpz0wMj6Tj3goA4Ch9fvqLw6PO/wBwqjyn/w8AAKdFiiw+ESnG/7adLhbvd9SmllZfennm2mTnxfpTseSZIj7/q42MXh574skrVxuv7738YftAfGH6uYnBZ9ZWbqwvbGwszA/OrC7Nrc0vHHgN3S6/16PFARhcefGl+cXFjcHRS5d3zX65/vezd52vj18de2KuETtzbXJyui2mUn3fn34LPTw66YssfhUpXvvkL9JQRGTRfS7sU3f0Wn9U8vwrdmLm2mSxI8tLs6ub+czUSITK7pzoa+TIEeRiV4YiHs+3tU9G071qZDERKT4U2+ljEXGmkQePFT8M7r+CyhFsZAf5dl6JiGfjBOQs3KbORha/jRQr99Ti0eNLZ+AYVCKL70eKi5/eTo8V7YH8fJo3m6eeH/zc6uJaW2xK5Rn1pPcPjpK2CbexWmQxVLT4t9PHj3tjgCPVH1l8OVL8+U9fL8aVohiXvmf86lefGm4fYXpon/XksZciYvSAffJqY6wxXzY73H0CAAAAAAAAAACAO10tZfHzSPHNh2vF+2ebF8j/7r+FY94+oIdSFv+JFM//cru4Nb79uRRn2p7v0XTS7/3p7fb3155Zu7G1vnT9a5sd5w/UJl7Y2Fyfnes8O/qj1rouurDfcwygC9WUxYcjxcNTN1vfu3rKy+WtwK0v2uufan03a2nP3KLeuHvneTaNewi+MvnR9nLHr+z/cX9cvfxc9ygDQHdSyuIPkeKzL1wozqspBuKWNmgZdzZSvPOPR8q4rC8vNE7T9eJ/bXFpeWE4j/11pOj/XiM2itiBMvb+VuxIHvt0pPjxD3bH3lXGPtCKHc1jvxMpfv9a59gHW7GX89if5u2a6cFG7EBeeLCMPd+KvTS3tjzfswMMt7G8/f9GpFi+ezA1crnMl7KZfaYZ+/o3Wu39V/eu6F3a/N22/+tt014t66G8vlh860JR9xT1VaVzffWXSPGbfz9Sxu3UFX3l/HuL/6366s1I8cbbu2MbDwq5rxU7cuADCydAnv/nIsUft242c6PM/zID2/r/bfn/wbJ2aI0Z9Cb/722bVi8/9+zh7Dqcehtbr7w4u7y8sK6goKDQLBx3zQT0Wt7+fydS/Gz57WZ/t2z/n9t51+r//+tbrfb/+N4V9aj9f1/btPGyN1KtRNQ2V25UH4qobWy98vjSyuz1hesLq2PDI0+OjoyNjV6p9jU6961S18cK7jR5/n83Uqx96c3m+Pzu/n/n8b+BvSvqUf7f3zZtYFd/petdh1Mvz/+pSPGTf95s/o72XuN/jfG+oY/svDYfpt2j/H+gbVq9/Nxzh7PrAAAAAAAAAAAAcGJVUxY/ihR//WElNZ6NcZDrf295YEaPrv873zZt/ojuV+z6oAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8K6yyGItUrz11Hb6dj7hQsTF9lfgjvW/AAAA//8Qgywy") open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x0, 0x224}, 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x300, 0x1, &(0x7f0000000340)=[r1], &(0x7f0000000040), &(0x7f0000000200), &(0x7f0000000240), 0x0, 0x7f}) 0s ago: executing program 1 (id=3926): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x5, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x8, 0x2, [@TCA_MATCHALL_ACT={0x4}]}}, @TCA_RATE={0x6, 0x5, {0xab, 0x8e}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0) kernel console output (not intermixed with test programs): . [ 743.343895][T14174] tipc: Enabled bearer , priority 0 [ 743.352694][T14174] syzkaller0: entered promiscuous mode [ 743.359841][T14174] syzkaller0: entered allmulticast mode [ 743.406674][T14174] tipc: Resetting bearer [ 743.976258][T14173] tipc: Resetting bearer [ 744.064745][T14173] tipc: Disabling bearer [ 744.287635][T14186] tun0: tun_chr_ioctl cmd 2147767520 [ 744.738418][T14207] tipc: Enabled bearer , priority 0 [ 744.768368][T14201] tipc: Resetting bearer [ 744.878438][T14200] tipc: Disabling bearer [ 744.970015][T14210] IPVS: length: 146 != 8 [ 745.690160][T14221] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2864'. [ 745.766173][T14221] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2864'. [ 747.073009][ T8825] block nbd42: Possible stuck request ffff88804cde8000: control (read@0,4096B). Runtime 30 seconds [ 747.408643][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.573689][T14259] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2880'. [ 747.880916][T14266] netlink: 'syz.3.2884': attribute type 1 has an invalid length. [ 747.911769][T14266] netlink: 244 bytes leftover after parsing attributes in process `syz.3.2884'. [ 749.326937][ T10] block nbd43: Possible stuck request ffff88804ccf8000: control (read@0,1024B). Runtime 30 seconds [ 749.339574][ T10] block nbd43: Possible stuck request ffff88804ccf8200: control (read@1024,1024B). Runtime 30 seconds [ 749.351852][ T10] block nbd43: Possible stuck request ffff88804ccf8400: control (read@2048,1024B). Runtime 30 seconds [ 749.364140][ T10] block nbd43: Possible stuck request ffff88804ccf8600: control (read@3072,1024B). Runtime 30 seconds [ 749.428061][T14295] netlink: 'syz.1.2894': attribute type 1 has an invalid length. [ 749.454102][T14295] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2894'. [ 750.105787][T14283] netlink: 'syz.3.2889': attribute type 6 has an invalid length. [ 750.659116][ T8825] block nbd33: Possible stuck request ffff88807aec0000: control (read@0,4096B). Runtime 90 seconds [ 750.934279][T14315] netlink: 'syz.1.2902': attribute type 10 has an invalid length. [ 751.017852][T14317] tipc: Enabled bearer , priority 0 [ 751.064456][T14319] Bluetooth: MGMT ver 1.22 [ 751.067733][T14317] syzkaller0: entered promiscuous mode [ 751.074480][T14317] syzkaller0: entered allmulticast mode [ 751.079077][T14319] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2904'. [ 751.136845][T14317] tipc: Resetting bearer [ 751.147357][T14321] IPVS: length: 146 != 8 [ 751.203973][T14316] tipc: Resetting bearer [ 751.290824][T14316] tipc: Disabling bearer [ 751.827279][T14347] tun0: tun_chr_ioctl cmd 2147767520 [ 751.886733][ T10] block nbd34: Possible stuck request ffff8880677f8000: control (read@0,4096B). Runtime 90 seconds [ 752.194301][T14356] IPVS: length: 146 != 8 [ 752.339418][T14360] veth4: entered promiscuous mode [ 752.356990][T14360] veth4: entered allmulticast mode [ 752.574033][T14367] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2921'. [ 752.594555][T14367] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2921'. [ 752.639515][T14368] nbd51: detected capacity change from 0 to 127 [ 752.816594][T11045] block nbd51: Receive control failed (result -32) [ 754.453894][ T8825] block nbd46: Possible stuck request ffff888066c20000: control (read@0,4096B). Runtime 30 seconds [ 754.613286][T14404] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2933'. [ 754.717501][T14406] netlink: 'syz.3.2934': attribute type 1 has an invalid length. [ 754.731052][T14406] netlink: 244 bytes leftover after parsing attributes in process `syz.3.2934'. [ 755.554553][T14421] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2940'. [ 755.714389][T14421] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2940'. [ 756.816194][T14432] netlink: 'syz.1.2944': attribute type 13 has an invalid length. [ 757.039234][ T10] block nbd23: Possible stuck request ffff8880214f8000: control (read@0,1024B). Runtime 180 seconds [ 757.056000][ T10] block nbd23: Possible stuck request ffff8880214f8200: control (read@1024,3072B). Runtime 180 seconds [ 757.737154][T14432] bridge0: port 2(bridge_slave_1) entered disabled state [ 757.745414][T14432] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.320177][T14432] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 759.400743][T14432] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 759.993463][ T5158] udevd[5158]: worker [5786] /devices/virtual/block/nbd34 is taking a long time [ 760.003483][ T5158] udevd[5158]: worker [12313] /devices/virtual/block/nbd33 is taking a long time [ 760.022163][ T5158] udevd[5158]: worker [6102] /devices/virtual/block/nbd23 timeout; kill it [ 760.034263][ T5158] udevd[5158]: seq 13434 '/devices/virtual/block/nbd23' killed [ 760.046009][ T5158] udevd[5158]: worker [5802] /devices/virtual/block/nbd31 is taking a long time [ 760.091121][T14432] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 760.100988][T14432] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 760.110809][T14432] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 760.120612][T14432] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 760.847097][ T10] block nbd29: Possible stuck request ffff88807df48000: control (read@0,4096B). Runtime 150 seconds [ 760.859397][ T8825] block nbd31: Possible stuck request ffff88802bb40000: control (read@0,4096B). Runtime 120 seconds [ 761.086908][T14480] tipc: Enabling of bearer rejected, already enabled [ 761.458908][T14488] tun0: tun_chr_ioctl cmd 2147767520 [ 761.988730][T14494] tipc: Enabled bearer , priority 0 [ 762.024724][T14494] syzkaller0: entered promiscuous mode [ 762.031267][T14494] syzkaller0: entered allmulticast mode [ 762.052035][T14494] tipc: Resetting bearer [ 762.102864][T14493] tipc: Resetting bearer [ 762.203955][ T8825] block nbd39: Possible stuck request ffff888064b50000: control (read@0,1024B). Runtime 60 seconds [ 762.215830][ T8825] block nbd39: Possible stuck request ffff888064b50200: control (read@1024,1024B). Runtime 60 seconds [ 762.227958][ T8825] block nbd39: Possible stuck request ffff888064b50400: control (read@2048,1024B). Runtime 60 seconds [ 762.239931][ T8825] block nbd39: Possible stuck request ffff888064b50600: control (read@3072,1024B). Runtime 60 seconds [ 762.267101][T14493] tipc: Disabling bearer [ 762.635513][T14508] tipc: Enabling of bearer rejected, already enabled [ 762.795610][ T8825] block nbd47: Possible stuck request ffff888066fb8000: control (read@0,4096B). Runtime 30 seconds [ 762.864988][T14513] netlink: 'syz.0.2972': attribute type 10 has an invalid length. [ 762.880829][T14513] team0: Port device dummy0 added [ 762.891022][T14513] netlink: 'syz.0.2972': attribute type 10 has an invalid length. [ 762.927092][T14513] team0: Port device dummy0 removed [ 762.943748][T14513] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 763.147840][T14515] tun0: tun_chr_ioctl cmd 2147767520 [ 763.498297][T14528] tipc: Enabled bearer , priority 0 [ 763.529239][T14528] syzkaller0: entered promiscuous mode [ 763.557078][T14528] syzkaller0: entered allmulticast mode [ 763.619066][T14526] tipc: Resetting bearer [ 763.679258][T14526] tipc: Disabling bearer [ 763.931092][T14537] netlink: 'syz.3.2983': attribute type 10 has an invalid length. [ 763.986106][T14537] bond0: (slave dummy0): Releasing backup interface [ 764.003208][T14537] team0: Port device dummy0 added [ 764.693274][T14541] netlink: 'syz.3.2983': attribute type 10 has an invalid length. [ 764.852839][T14541] team0: Port device dummy0 removed [ 764.864195][T14541] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 764.894342][T14546] tipc: Enabling of bearer rejected, failed to enable media [ 765.173452][T14558] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2986'. [ 765.333922][ T10] block nbd40: Possible stuck request ffff8880637b8000: control (read@0,1024B). Runtime 60 seconds [ 765.346105][ T10] block nbd40: Possible stuck request ffff8880637b8200: control (read@1024,1024B). Runtime 60 seconds [ 765.358198][ T10] block nbd40: Possible stuck request ffff8880637b8400: control (read@2048,1024B). Runtime 60 seconds [ 765.369887][ T10] block nbd40: Possible stuck request ffff8880637b8600: control (read@3072,1024B). Runtime 60 seconds [ 766.217860][T14586] tipc: Enabling of bearer rejected, failed to enable media [ 766.433044][T14584] tipc: Enabling of bearer rejected, already enabled [ 766.670183][T14602] netlink: 212 bytes leftover after parsing attributes in process `syz.1.2999'. [ 767.115506][T14614] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3004'. [ 767.316848][T14620] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3006'. [ 767.323439][T14622] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3009'. [ 767.337054][T14622] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3009'. [ 767.366864][T14624] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3008'. [ 767.603069][T14631] tipc: Enabled bearer , priority 0 [ 767.622971][T14631] syzkaller0: entered promiscuous mode [ 767.633921][T14631] syzkaller0: entered allmulticast mode [ 767.679304][T14631] tipc: Resetting bearer [ 767.702612][T14628] tipc: Resetting bearer [ 767.781690][T14628] tipc: Disabling bearer [ 768.027307][T14644] netlink: 'syz.1.3017': attribute type 10 has an invalid length. [ 768.047966][T14644] bond0: (slave dummy0): Releasing backup interface [ 768.137559][T14644] team0: Port device dummy0 added [ 768.295998][T14648] netlink: 'syz.1.3017': attribute type 10 has an invalid length. [ 768.436817][T14648] team0: Port device dummy0 removed [ 768.696704][T14648] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 769.833783][ T8825] block nbd26: Possible stuck request ffff88807e928000: control (read@0,1024B). Runtime 180 seconds [ 770.066222][ T5794] Bluetooth: hci4: command 0x0406 tx timeout [ 770.646121][ T8825] block nbd26: Possible stuck request ffff88807e928200: control (read@1024,1024B). Runtime 180 seconds [ 770.657331][ T8825] block nbd26: Possible stuck request ffff88807e928400: control (read@2048,1024B). Runtime 180 seconds [ 770.669005][ T8825] block nbd26: Possible stuck request ffff88807e928600: control (read@3072,1024B). Runtime 180 seconds [ 770.898364][T14686] netlink: 212 bytes leftover after parsing attributes in process `syz.0.3030'. [ 770.931010][T14689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3032'. [ 771.064411][T14695] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3034'. [ 771.076778][T14693] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3035'. [ 771.188058][T14695] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 771.266870][T14695] bond1: (slave vcan1): Error -95 calling set_mac_address [ 771.969494][T14717] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3041'. [ 772.397037][T14712] nbd52: detected capacity change from 0 to 127 [ 772.416829][T14723] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3043'. [ 772.429548][T11045] block nbd52: Receive control failed (result -32) [ 773.118290][T14743] syzkaller0: entered promiscuous mode [ 773.123858][T14743] syzkaller0: entered allmulticast mode [ 773.245692][T14747] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3054'. [ 773.382721][T14751] netlink: 220 bytes leftover after parsing attributes in process `syz.2.3057'. [ 774.159249][T14784] syzkaller0: entered promiscuous mode [ 774.176735][T14784] syzkaller0: entered allmulticast mode [ 774.384718][T14776] tipc: Enabling of bearer rejected, already enabled [ 774.873612][T14797] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3074'. [ 774.990946][T14802] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3077'. [ 776.920824][T14860] __nla_validate_parse: 2 callbacks suppressed [ 776.920842][T14860] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3100'. [ 777.513417][ T55] block nbd42: Possible stuck request ffff88804cde8000: control (read@0,4096B). Runtime 60 seconds [ 778.214080][T14870] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 778.316430][T14880] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3109'. [ 778.355414][T14880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3109'. [ 778.735519][T14885] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3111'. [ 779.406594][ T10] block nbd43: Possible stuck request ffff88804ccf8000: control (read@0,1024B). Runtime 60 seconds [ 779.419118][ T10] block nbd43: Possible stuck request ffff88804ccf8200: control (read@1024,1024B). Runtime 60 seconds [ 779.431864][ T10] block nbd43: Possible stuck request ffff88804ccf8400: control (read@2048,1024B). Runtime 60 seconds [ 779.444545][ T10] block nbd43: Possible stuck request ffff88804ccf8600: control (read@3072,1024B). Runtime 60 seconds [ 779.465565][ T6937] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 779.651507][T14913] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3122'. [ 779.675748][ T6937] usb 1-1: Using ep0 maxpacket: 32 [ 779.688474][ T6937] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 779.719487][ T6937] usb 1-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13 [ 779.736339][ T6937] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 779.760791][ T6937] usb 1-1: Product: syz [ 779.774481][ T6937] usb 1-1: Manufacturer: syz [ 779.790452][ T6937] usb 1-1: SerialNumber: syz [ 779.812057][ T6937] usb 1-1: config 0 descriptor?? [ 779.834344][ T6937] rndis_wlan 1-1:0.0: skipping garbage [ 779.854136][ T6937] rndis_wlan: probe of 1-1:0.0 failed with error -22 [ 779.861882][ T54] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 779.872978][ T6937] rndis_host 1-1:0.0: skipping garbage [ 779.880885][ T6937] rndis_host: probe of 1-1:0.0 failed with error -22 [ 780.064492][ T54] usb 3-1: Using ep0 maxpacket: 32 [ 780.103256][ T54] usb 3-1: config 0 interface 0 has no altsetting 0 [ 780.125171][ T54] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 780.134297][ T54] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 780.164037][ T54] usb 3-1: Product: syz [ 780.174273][ T54] usb 3-1: Manufacturer: syz [ 780.184480][ T54] usb 3-1: SerialNumber: syz [ 780.212698][ T54] usb 3-1: config 0 descriptor?? [ 780.633421][ T54] gs_usb 3-1:0.0: Configuring for 3 interfaces [ 780.686416][ T55] block nbd33: Possible stuck request ffff88807aec0000: control (read@0,4096B). Runtime 120 seconds [ 781.105028][ T23] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 781.246299][ T54] gs_usb 3-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO) [ 781.281991][T14942] netlink: 208 bytes leftover after parsing attributes in process `syz.1.3134'. [ 781.320800][ T54] gs_usb: probe of 3-1:0.0 failed with error -71 [ 781.331171][ T23] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 781.349662][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 781.359347][ T54] usb 3-1: USB disconnect, device number 20 [ 781.377627][ T23] usb 4-1: config 0 descriptor?? [ 781.515563][T14945] netlink: 212 bytes leftover after parsing attributes in process `syz.1.3135'. [ 781.967305][ T10] block nbd34: Possible stuck request ffff8880677f8000: control (read@0,4096B). Runtime 120 seconds [ 782.000550][ T23] ath6kl: mismatched byte count 0 vs. expected 12 [ 782.025694][ T23] ath6kl: Failed to init ath6kl core: -22 [ 782.033064][ T23] ath6kl_usb: probe of 4-1:0.0 failed with error -22 [ 782.216388][ T23] usb 4-1: USB disconnect, device number 21 [ 782.632513][T14960] netlink: 'syz.2.3140': attribute type 6 has an invalid length. [ 782.680458][T14962] syzkaller0: entered promiscuous mode [ 782.687327][T14962] syzkaller0: entered allmulticast mode [ 782.874674][ T9676] usb 1-1: USB disconnect, device number 20 [ 782.889562][T14964] loop3: detected capacity change from 0 to 512 [ 782.907736][T14964] EXT4-fs: inline encryption not supported [ 782.935750][T14964] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 782.956989][T14964] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 783.006647][T14964] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 783.266055][T14964] EXT4-fs error (device loop3): __ext4_iget:5053: inode #11: block 2: comm syz.3.3142: invalid block [ 783.314014][T14964] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.3142: couldn't read orphan inode 11 (err -117) [ 783.331174][T14964] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 784.229008][T13027] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 784.526539][ T55] block nbd46: Possible stuck request ffff888066c20000: control (read@0,4096B). Runtime 60 seconds [ 784.888971][T14991] loop1: detected capacity change from 0 to 2048 [ 784.911301][ T23] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 784.974602][T14991] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 785.080158][T12781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 785.285743][ T23] usb 4-1: Using ep0 maxpacket: 16 [ 785.310364][ T23] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 785.598810][T15006] tmpfs: Cannot change global quota limit on remount [ 786.006305][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 786.014384][ T23] usb 4-1: Product: syz [ 786.028228][ T23] usb 4-1: Manufacturer: syz [ 786.032956][ T23] usb 4-1: SerialNumber: syz [ 786.042863][ T23] usb 4-1: config 0 descriptor?? [ 786.053286][ T23] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 786.627694][ T23] ssu100: probe of 4-1:0.0 failed with error -110 [ 786.946976][T15015] nbd: must specify at least one socket [ 787.086266][ T6145] block nbd23: Possible stuck request ffff8880214f8000: control (read@0,1024B). Runtime 210 seconds [ 787.097745][ T6145] block nbd23: Possible stuck request ffff8880214f8200: control (read@1024,3072B). Runtime 210 seconds [ 787.858336][ T9678] usb 4-1: USB disconnect, device number 22 [ 789.419271][T15048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3171'. [ 789.456084][T15048] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3171'. [ 789.498370][T15046] loop3: detected capacity change from 0 to 4096 [ 789.519710][T15048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3171'. [ 789.563964][T15048] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3171'. [ 789.818271][T15052] loop1: detected capacity change from 0 to 4096 [ 789.855746][T15052] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 790.159637][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.185584][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.203519][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.225730][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.233339][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.253908][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.264735][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.284486][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.304306][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.311988][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.328822][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.341526][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.350713][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.359083][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.376384][ T6937] hid-generic 00A0:0008:0003.0017: unknown main item tag 0x0 [ 790.393783][ T6937] hid-generic 00A0:0008:0003.0017: hidraw0: HID v0.05 Device [syz1] on syz0 [ 790.937934][ T55] block nbd31: Possible stuck request ffff88802bb40000: control (read@0,4096B). Runtime 150 seconds [ 791.224190][ T10] block nbd29: Possible stuck request ffff88807df48000: control (read@0,4096B). Runtime 180 seconds [ 791.602802][T15072] nbd53: detected capacity change from 0 to 127 [ 791.603595][T11045] block nbd53: Receive control failed (result -32) [ 791.731526][T15081] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3184'. [ 791.876377][T15087] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3186'. [ 791.897605][T15087] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3186'. [ 792.101871][T15095] loop1: detected capacity change from 0 to 1024 [ 792.147425][T15095] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 792.188535][ T28] audit: type=1800 audit(1753592665.902:3): pid=15095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3189" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 792.251720][T12781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 792.255670][ T5883] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 792.477786][ T5883] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 792.520983][ T5883] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 792.533235][ T5883] usb 3-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00 [ 792.543085][ T5883] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 792.557936][ T5883] usb 3-1: config 0 descriptor?? [ 792.563967][T15091] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 792.856285][ T8825] block nbd47: Possible stuck request ffff888066fb8000: control (read@0,4096B). Runtime 60 seconds [ 792.923991][ T8825] block nbd39: Possible stuck request ffff888064b50000: control (read@0,1024B). Runtime 90 seconds [ 792.936484][ T8825] block nbd39: Possible stuck request ffff888064b50200: control (read@1024,1024B). Runtime 90 seconds [ 792.948148][ T8825] block nbd39: Possible stuck request ffff888064b50400: control (read@2048,1024B). Runtime 90 seconds [ 792.959796][ T8825] block nbd39: Possible stuck request ffff888064b50600: control (read@3072,1024B). Runtime 90 seconds [ 793.037218][ T5883] lenovo 0003:17EF:6067.0018: unknown main item tag 0x1 [ 793.080168][ T5883] lenovo 0003:17EF:6067.0018: hidraw0: USB HID v0.00 Device [HID 17ef:6067] on usb-dummy_hcd.2-1/input0 [ 793.117367][T15116] nbd54: detected capacity change from 0 to 127 [ 793.217524][T15123] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3198'. [ 793.232936][ T9676] usb 3-1: USB disconnect, device number 21 [ 793.263340][T11045] block nbd54: Receive control failed (result -32) [ 793.316990][T15123] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3198'. [ 793.515466][ T5883] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 793.600520][T15133] can0: slcan on ttyS3. [ 793.687915][T15132] can0 (unregistered): slcan off ttyS3. [ 793.715683][ T5883] usb 1-1: Using ep0 maxpacket: 32 [ 793.726425][ T5883] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 793.734504][ T5883] usb 1-1: config 0 has no interface number 0 [ 793.755069][ T5883] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 793.772242][ T5883] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 793.806405][ T5883] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 793.839852][ T5883] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 793.859573][ T5883] usb 1-1: config 0 descriptor?? [ 794.007826][T15146] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3209'. [ 794.093808][T15147] bpf: Bad value for 'mode' [ 794.514224][ T5883] input: HID 28bd:0094 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.1/0003:28BD:0094.0019/input/input7 [ 794.679952][ T5883] uclogic 0003:28BD:0094.0019: input,hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.0-1/input1 [ 794.713755][ T5883] usb 1-1: USB disconnect, device number 21 [ 794.797750][T15144] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 794.806967][T15144] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 794.839859][T15144] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 794.847792][T15144] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 794.854287][T15144] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 794.873523][T15144] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 794.884428][T15144] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 794.893120][T15144] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 794.904331][T15144] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 795.195551][ T23] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 795.389667][ T23] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 795.406622][ T10] block nbd40: Possible stuck request ffff8880637b8000: control (read@0,1024B). Runtime 90 seconds [ 795.419003][ T10] block nbd40: Possible stuck request ffff8880637b8200: control (read@1024,1024B). Runtime 90 seconds [ 795.430774][ T23] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 795.430807][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 795.430828][ T23] usb 3-1: Product: syz [ 795.430851][ T23] usb 3-1: Manufacturer: syz [ 795.430866][ T23] usb 3-1: SerialNumber: syz [ 795.467114][ T10] block nbd40: Possible stuck request ffff8880637b8400: control (read@2048,1024B). Runtime 90 seconds [ 795.479311][ T10] block nbd40: Possible stuck request ffff8880637b8600: control (read@3072,1024B). Runtime 90 seconds [ 795.527582][T15172] __nla_validate_parse: 1 callbacks suppressed [ 795.527602][T15172] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3218'. [ 795.547069][T15172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3218'. [ 795.850567][T15179] nbd55: detected capacity change from 0 to 127 [ 795.864475][T11045] block nbd55: Receive control failed (result -32) [ 795.926065][ T9676] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 795.968983][T15182] tipc: Enabled bearer , priority 0 [ 796.028924][T15182] syzkaller0: entered promiscuous mode [ 796.034611][T15182] syzkaller0: entered allmulticast mode [ 796.116031][ T9676] usb 1-1: Using ep0 maxpacket: 32 [ 796.124597][ T9676] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 796.134114][T11045] Bluetooth: hci4: command 0x0406 tx timeout [ 796.141829][ T9676] usb 1-1: config 0 has no interface number 0 [ 796.151693][ T9676] usb 1-1: config 0 interface 184 has no altsetting 0 [ 796.164642][ T9676] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 796.175698][ T9676] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 796.184270][ T9676] usb 1-1: Product: syz [ 796.189608][ T9676] usb 1-1: Manufacturer: syz [ 796.194256][ T9676] usb 1-1: SerialNumber: syz [ 796.207189][ T9676] usb 1-1: config 0 descriptor?? [ 796.217436][ T9676] smsc75xx v1.0.0 [ 796.524442][ T23] cdc_ncm 3-1:1.0: bind() failure [ 796.534582][ T23] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 796.565816][ T23] cdc_ncm 3-1:1.1: bind() failure [ 796.731437][ T23] usb 3-1: USB disconnect, device number 22 [ 796.930886][ T5794] Bluetooth: hci2: command 0x0c1a tx timeout [ 796.938410][T11045] Bluetooth: hci3: command 0x0c1a tx timeout [ 797.044664][ T9676] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 797.056544][ T9676] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 797.081695][ T9676] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 797.094011][ T9676] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 797.106185][ T9676] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 797.117887][ T9676] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 797.128727][ T9676] smsc75xx: probe of 1-1:0.184 failed with error -71 [ 797.153561][ T9676] usb 1-1: USB disconnect, device number 22 [ 797.852239][T15189] loop0: detected capacity change from 0 to 4096 [ 797.882323][T15189] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 798.205893][T11045] Bluetooth: hci4: command 0x0406 tx timeout [ 799.005505][ T5794] Bluetooth: hci2: command 0x0c1a tx timeout [ 799.011744][T11045] Bluetooth: hci3: command 0x0c1a tx timeout [ 799.293690][T15198] netlink: 92 bytes leftover after parsing attributes in process `syz.0.3228'. [ 799.318052][T15198] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3228'. [ 799.328874][T15198] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3228'. [ 799.916781][T15183] tipc: Resetting bearer [ 799.931142][T15181] tipc: Resetting bearer [ 799.970707][T15181] tipc: Disabling bearer [ 800.010693][T15207] netlink: 'syz.1.3232': attribute type 10 has an invalid length. [ 800.047946][T15207] bond0: (slave dummy0): Releasing backup interface [ 800.087474][T15207] team0: Port device dummy0 added [ 800.113716][T15208] netlink: 'syz.1.3232': attribute type 10 has an invalid length. [ 800.169922][T15208] team0: Port device dummy0 removed [ 800.200876][T15208] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 800.222087][T15210] loop2: detected capacity change from 0 to 4096 [ 800.245423][T15210] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 800.258260][T15212] tipc: Enabled bearer , priority 0 [ 800.274135][T15212] syzkaller0: entered promiscuous mode [ 800.286201][T15212] syzkaller0: entered allmulticast mode [ 800.307122][T15210] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 800.339051][T15210] ntfs3: loop2: Failed to initialize $Extend/$ObjId. [ 800.358862][T15212] tipc: Resetting bearer [ 800.383500][T15211] tipc: Resetting bearer [ 800.407247][T15210] ntfs3: loop2: ino=5, "/" directory corrupted [ 800.457051][T15211] tipc: Disabling bearer [ 800.568537][T15219] loop2: detected capacity change from 0 to 64 [ 800.744435][T15224] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3240'. [ 800.826053][T15224] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3240'. [ 801.019067][T15229] tipc: Enabled bearer , priority 0 [ 801.087946][ T5794] Bluetooth: hci2: command 0x0c1a tx timeout [ 801.096277][ T5794] Bluetooth: hci3: command 0x0c1a tx timeout [ 801.128665][T15229] syzkaller0: entered promiscuous mode [ 801.134217][T15229] syzkaller0: entered allmulticast mode [ 801.172260][T15233] netlink: 'syz.1.3244': attribute type 10 has an invalid length. [ 801.182659][T15120] block nbd26: Possible stuck request ffff88807e928000: control (read@0,1024B). Runtime 210 seconds [ 801.195632][T15120] block nbd26: Possible stuck request ffff88807e928200: control (read@1024,1024B). Runtime 210 seconds [ 801.209609][T15120] block nbd26: Possible stuck request ffff88807e928400: control (read@2048,1024B). Runtime 210 seconds [ 801.221861][T15120] block nbd26: Possible stuck request ffff88807e928600: control (read@3072,1024B). Runtime 210 seconds [ 801.248985][T15233] bond0: (slave dummy0): Releasing backup interface [ 801.273007][T15233] team0: Port device dummy0 added [ 801.279828][T15236] netlink: 'syz.1.3244': attribute type 10 has an invalid length. [ 801.316885][T15236] team0: Port device dummy0 removed [ 801.327254][T15236] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 804.162856][ T5158] udevd[5158]: worker [5792] /devices/virtual/block/nbd42 is taking a long time [ 804.173907][ T5158] udevd[5158]: worker [6104] /devices/virtual/block/nbd26 timeout; kill it [ 804.183571][ T5158] udevd[5158]: seq 13542 '/devices/virtual/block/nbd26' killed [ 804.192156][ T5158] udevd[5158]: worker [12757] /devices/virtual/block/nbd39 is taking a long time [ 804.202280][ T5158] udevd[5158]: worker [13665] /devices/virtual/block/nbd43 is taking a long time [ 804.220181][ T5158] udevd[5158]: worker [13661] /devices/virtual/block/nbd46 is taking a long time [ 804.230661][ T5158] udevd[5158]: worker [12670] /devices/virtual/block/nbd47 is taking a long time [ 804.241398][ T5158] udevd[5158]: worker [12690] /devices/virtual/block/nbd40 is taking a long time [ 804.251942][ T5158] udevd[5158]: worker [5799] /devices/virtual/block/nbd29 timeout; kill it [ 804.272891][ T5158] udevd[5158]: seq 13679 '/devices/virtual/block/nbd29' killed [ 804.431073][T15234] tipc: Resetting bearer [ 804.440522][T15240] smc: net device bond0 applied user defined pnetid SYZ2 [ 804.455949][T15241] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3245'. [ 804.656727][T15241] smc: removing net device bond0 with user defined pnetid SYZ2 [ 804.667382][T15241] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 804.679023][T15241] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 804.691061][T15241] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 804.712244][T15241] bond0 (unregistering): Released all slaves [ 804.738080][T15242] netlink: 'syz.2.3243': attribute type 6 has an invalid length. [ 804.747387][T15228] tipc: Resetting bearer [ 804.779786][T15228] tipc: Disabling bearer [ 805.206310][T15252] nbd: must specify a size in bytes for the device [ 805.306442][T15251] tipc: Enabled bearer , priority 0 [ 805.337128][T15251] syzkaller0: entered promiscuous mode [ 805.342790][T15251] syzkaller0: entered allmulticast mode [ 805.492090][T15251] tipc: Resetting bearer [ 805.526515][T15250] tipc: Resetting bearer [ 805.587372][T15250] tipc: Disabling bearer [ 805.617602][T15260] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3252'. [ 805.696618][T15260] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3252'. [ 806.127033][T15276] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3259'. [ 806.148307][T15273] tipc: Enabled bearer , priority 0 [ 806.300797][T15273] syzkaller0: entered promiscuous mode [ 806.342195][T15273] syzkaller0: entered allmulticast mode [ 807.587949][T15120] block nbd42: Possible stuck request ffff88804cde8000: control (read@0,4096B). Runtime 90 seconds [ 808.861889][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.488346][ T10] block nbd43: Possible stuck request ffff88804ccf8000: control (read@0,1024B). Runtime 90 seconds [ 809.500093][ T10] block nbd43: Possible stuck request ffff88804ccf8200: control (read@1024,1024B). Runtime 90 seconds [ 809.511711][ T10] block nbd43: Possible stuck request ffff88804ccf8400: control (read@2048,1024B). Runtime 90 seconds [ 809.523880][ T10] block nbd43: Possible stuck request ffff88804ccf8600: control (read@3072,1024B). Runtime 90 seconds [ 810.766302][T15120] block nbd33: Possible stuck request ffff88807aec0000: control (read@0,4096B). Runtime 150 seconds [ 810.779257][T15287] tipc: Resetting bearer [ 810.787655][T15270] tipc: Resetting bearer [ 810.817257][T15270] tipc: Disabling bearer [ 810.850457][T15297] tipc: Enabling of bearer rejected, failed to enable media [ 810.860597][T15288] netlink: 'syz.3.3260': attribute type 6 has an invalid length. [ 811.177895][ T5794] Bluetooth: hci0: Malformed Event: 0x02 [ 811.591623][T15333] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3271'. [ 811.736572][T15333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3271'. [ 811.779202][T15334] nbd: must specify at least one socket [ 811.887358][T15336] tipc: Enabled bearer , priority 0 [ 811.964182][T15336] syzkaller0: entered promiscuous mode [ 811.970645][T15336] syzkaller0: entered allmulticast mode [ 812.046245][ T10] block nbd34: Possible stuck request ffff8880677f8000: control (read@0,4096B). Runtime 150 seconds [ 814.632669][T15120] block nbd46: Possible stuck request ffff888066c20000: control (read@0,4096B). Runtime 90 seconds [ 815.386863][T15339] tipc: Resetting bearer [ 815.457071][T15343] tipc: Enabling of bearer rejected, failed to enable media [ 815.468129][T15335] tipc: Resetting bearer [ 815.535653][T15335] tipc: Disabling bearer [ 815.841770][T15362] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3278'. [ 815.877004][T15362] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3278'. [ 815.906764][T15362] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3278'. [ 815.932384][T15362] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3278'. [ 816.127246][T15369] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3281'. [ 816.172198][T15369] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3281'. [ 816.408360][T15377] tipc: Enabled bearer , priority 0 [ 816.464719][T15377] syzkaller0: entered promiscuous mode [ 816.502445][T15377] syzkaller0: entered allmulticast mode [ 816.581317][T15378] nbd: must specify at least one socket [ 816.686531][T15380] tipc: Resetting bearer [ 816.811973][T15376] tipc: Resetting bearer [ 816.853462][T15376] tipc: Disabling bearer [ 816.870339][T15382] tipc: Enabled bearer , priority 0 [ 816.966045][T15382] syzkaller0: entered promiscuous mode [ 816.980253][T15382] syzkaller0: entered allmulticast mode [ 817.176450][ T10] block nbd23: Possible stuck request ffff8880214f8000: control (read@0,1024B). Runtime 240 seconds [ 817.188620][ T10] block nbd23: Possible stuck request ffff8880214f8200: control (read@1024,3072B). Runtime 240 seconds [ 820.498258][ T5158] udevd[5158]: worker [5802] /devices/virtual/block/nbd31 timeout; kill it [ 820.516390][ T5158] udevd[5158]: seq 13898 '/devices/virtual/block/nbd31' killed [ 820.862424][T15382] tipc: Resetting bearer [ 820.936804][T15381] tipc: Resetting bearer [ 821.007044][T15120] block nbd31: Possible stuck request ffff88802bb40000: control (read@0,4096B). Runtime 180 seconds [ 821.034513][T15381] tipc: Disabling bearer [ 821.056046][T15397] netlink: 'syz.0.3288': attribute type 6 has an invalid length. [ 821.241649][T15409] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3292'. [ 821.288744][T15408] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3293'. [ 821.376167][T15408] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3293'. [ 821.646437][ T10] block nbd29: Possible stuck request ffff88807df48000: control (read@0,4096B). Runtime 210 seconds [ 822.292645][T15425] nbd: must specify at least one socket [ 822.472219][T15436] tipc: Enabled bearer , priority 0 [ 822.546439][T15436] syzkaller0: entered promiscuous mode [ 822.562028][T15436] syzkaller0: entered allmulticast mode [ 822.806145][T15443] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3304'. [ 822.927148][T15120] block nbd47: Possible stuck request ffff888066fb8000: control (read@0,4096B). Runtime 90 seconds [ 823.584273][T15120] block nbd39: Possible stuck request ffff888064b50000: control (read@0,1024B). Runtime 120 seconds [ 823.596429][T15120] block nbd39: Possible stuck request ffff888064b50200: control (read@1024,1024B). Runtime 120 seconds [ 823.608430][T15120] block nbd39: Possible stuck request ffff888064b50400: control (read@2048,1024B). Runtime 120 seconds [ 823.620429][T15120] block nbd39: Possible stuck request ffff888064b50600: control (read@3072,1024B). Runtime 120 seconds [ 825.490228][ T10] block nbd40: Possible stuck request ffff8880637b8000: control (read@0,1024B). Runtime 120 seconds [ 825.504372][ T10] block nbd40: Possible stuck request ffff8880637b8200: control (read@1024,1024B). Runtime 120 seconds [ 825.517116][ T10] block nbd40: Possible stuck request ffff8880637b8400: control (read@2048,1024B). Runtime 120 seconds [ 825.545936][ T10] block nbd40: Possible stuck request ffff8880637b8600: control (read@3072,1024B). Runtime 120 seconds [ 826.396117][T15437] tipc: Resetting bearer [ 826.422974][T15456] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3305'. [ 826.433879][T15435] tipc: Resetting bearer [ 826.499300][T15435] tipc: Disabling bearer [ 826.521733][T15453] netlink: 'syz.2.3303': attribute type 6 has an invalid length. [ 826.697886][T15470] netlink: 'syz.0.3310': attribute type 10 has an invalid length. [ 826.928256][T15474] nbd56: detected capacity change from 0 to 127 [ 827.001234][ T5794] block nbd56: Receive control failed (result -32) [ 827.150395][T15486] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3314'. [ 827.424547][T15491] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3315'. [ 827.568133][ T9677] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 827.706816][T15497] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3318'. [ 827.756038][ T9677] usb 2-1: Using ep0 maxpacket: 32 [ 827.771725][ T9677] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 827.809205][ T9677] usb 2-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13 [ 827.826130][ T9677] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 827.844716][ T9677] usb 2-1: Product: syz [ 827.851658][ T9677] usb 2-1: Manufacturer: syz [ 827.868844][ T9677] usb 2-1: SerialNumber: syz [ 827.879729][ T9677] usb 2-1: config 0 descriptor?? [ 827.911449][ T9677] rndis_wlan 2-1:0.0: skipping garbage [ 827.920017][ T9677] rndis_wlan: probe of 2-1:0.0 failed with error -22 [ 827.933753][ T9677] rndis_host 2-1:0.0: skipping garbage [ 827.941797][ T9677] rndis_host: probe of 2-1:0.0 failed with error -22 [ 828.612324][T15516] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3325'. [ 830.180689][T15542] loop2: detected capacity change from 0 to 4096 [ 830.202313][T15542] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 830.422297][T15551] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3335'. [ 830.583894][ T9677] usb 2-1: USB disconnect, device number 16 [ 831.641868][T15120] block nbd26: Possible stuck request ffff88807e928000: control (read@0,1024B). Runtime 240 seconds [ 831.654498][T15120] block nbd26: Possible stuck request ffff88807e928200: control (read@1024,1024B). Runtime 240 seconds [ 831.667297][T15120] block nbd26: Possible stuck request ffff88807e928400: control (read@2048,1024B). Runtime 240 seconds [ 831.684860][T15120] block nbd26: Possible stuck request ffff88807e928600: control (read@3072,1024B). Runtime 240 seconds [ 832.120920][T15581] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3345'. [ 832.186953][T15585] tipc: Enabling of bearer rejected, already enabled [ 832.406209][ T8] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 832.606740][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 832.638427][ T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 832.659351][ T8] usb 1-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13 [ 832.676725][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 832.703707][ T8] usb 1-1: Product: syz [ 832.720648][ T8] usb 1-1: Manufacturer: syz [ 832.740636][ T8] usb 1-1: SerialNumber: syz [ 832.781381][ T8] usb 1-1: config 0 descriptor?? [ 832.840236][ T8] rndis_wlan 1-1:0.0: skipping garbage [ 832.909676][ T8] rndis_wlan: probe of 1-1:0.0 failed with error -22 [ 832.936371][ T8] rndis_host 1-1:0.0: skipping garbage [ 832.943994][ T8] rndis_host: probe of 1-1:0.0 failed with error -22 [ 833.819487][T15607] nbd57: detected capacity change from 0 to 127 [ 833.838606][T15611] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3355'. [ 833.880684][T15611] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3355'. [ 833.891585][ T5794] block nbd57: Receive control failed (result -32) [ 834.116152][T15617] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3358'. [ 834.126443][T15617] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3358'. [ 834.150289][T15617] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3358'. [ 834.171017][T15617] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3358'. [ 834.321009][T15622] tipc: Enabling of bearer rejected, already enabled [ 834.658465][T15628] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3361'. [ 834.876329][T15636] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3365'. [ 834.899184][T15636] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3365'. [ 835.229520][T15645] nbd58: detected capacity change from 0 to 127 [ 835.276790][ T5794] block nbd58: Receive control failed (result -32) [ 835.517948][T15652] tipc: Enabling of bearer rejected, already enabled [ 835.890041][ T5883] usb 1-1: USB disconnect, device number 23 [ 836.396194][T15667] loop1: detected capacity change from 0 to 4096 [ 836.425567][T15667] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 836.534076][T15677] tipc: Enabling of bearer rejected, already enabled [ 836.610700][T15680] tmpfs: Cannot change global quota limit on remount [ 837.146229][ T9677] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 837.261859][T15692] __nla_validate_parse: 4 callbacks suppressed [ 837.261878][T15692] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3387'. [ 837.293637][T15692] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3387'. [ 837.336056][ T9677] usb 3-1: Using ep0 maxpacket: 32 [ 837.354200][ T9677] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 837.391406][ T9677] usb 3-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13 [ 837.406064][ T9677] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 837.424355][ T9677] usb 3-1: Product: syz [ 837.437666][ T9677] usb 3-1: Manufacturer: syz [ 837.442343][ T9677] usb 3-1: SerialNumber: syz [ 837.452925][ T9677] usb 3-1: config 0 descriptor?? [ 837.470922][ T9677] rndis_wlan 3-1:0.0: skipping garbage [ 837.490264][ T9677] rndis_wlan: probe of 3-1:0.0 failed with error -22 [ 837.490764][ T9677] rndis_host 3-1:0.0: skipping garbage [ 837.490939][ T9677] rndis_host: probe of 3-1:0.0 failed with error -22 [ 837.553025][T15700] loop1: detected capacity change from 0 to 4096 [ 837.560063][T15700] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 837.661218][T15120] block nbd42: Possible stuck request ffff88804cde8000: control (read@0,4096B). Runtime 120 seconds [ 837.700883][T15704] 8021q: adding VLAN 0 to HW filter on device bond0 [ 837.721477][T15704] bond0: (slave rose0): Enslaving as an active interface with an up link [ 838.237110][T15720] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3396'. [ 838.404599][T15727] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3398'. [ 838.449582][T15727] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3398'. [ 838.575830][ T54] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 838.772458][T15736] loop0: detected capacity change from 0 to 4096 [ 838.795507][ T54] usb 4-1: Using ep0 maxpacket: 16 [ 838.807232][ T54] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 838.822263][T15736] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 838.852493][ T54] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 838.901341][ T54] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 838.930389][ T54] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 838.986673][ T54] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 839.042572][ T54] usb 4-1: config 0 descriptor?? [ 839.485531][ T54] usbhid 4-1:0.0: can't add hid device: -71 [ 839.491671][ T54] usbhid: probe of 4-1:0.0 failed with error -71 [ 839.523407][ T54] usb 4-1: USB disconnect, device number 23 [ 839.567659][ T10] block nbd43: Possible stuck request ffff88804ccf8000: control (read@0,1024B). Runtime 120 seconds [ 839.579345][ T10] block nbd43: Possible stuck request ffff88804ccf8200: control (read@1024,1024B). Runtime 120 seconds [ 839.591282][ T10] block nbd43: Possible stuck request ffff88804ccf8400: control (read@2048,1024B). Runtime 120 seconds [ 839.603477][ T10] block nbd43: Possible stuck request ffff88804ccf8600: control (read@3072,1024B). Runtime 120 seconds [ 840.170622][T15769] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3409'. [ 840.207145][T15769] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3409'. [ 840.243517][T15771] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3408'. [ 840.276510][T15771] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3408'. [ 840.693106][T15776] loop1: detected capacity change from 0 to 4096 [ 840.698723][T15786] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3414'. [ 840.727494][T15776] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 840.820455][T15776] ntfs3: loop1: Failed to initialize $Extend/$Reparse. [ 840.869929][T15120] block nbd33: Possible stuck request ffff88807aec0000: control (read@0,4096B). Runtime 180 seconds [ 840.891056][T15789] nbd59: detected capacity change from 0 to 127 [ 840.954600][ T54] usb 3-1: USB disconnect, device number 23 [ 840.961490][ T5794] block nbd59: Receive control failed (result -32) [ 842.115929][ T9677] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 842.126800][ T10] block nbd34: Possible stuck request ffff8880677f8000: control (read@0,4096B). Runtime 180 seconds [ 842.230252][T15827] nbd60: detected capacity change from 0 to 127 [ 842.281650][ T5794] block nbd60: Receive control failed (result -32) [ 842.316193][ T9676] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 842.338144][ T9677] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 842.339196][T15834] tipc: Enabled bearer , priority 0 [ 842.359355][T15834] syzkaller0: entered promiscuous mode [ 842.366401][T15834] syzkaller0: entered allmulticast mode [ 842.371887][ T9677] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 842.404290][ T9677] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 842.428182][ T9677] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 842.436849][T15834] tipc: Resetting bearer [ 842.455707][T15833] tipc: Resetting bearer [ 842.468969][ T9677] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 842.488437][ T9677] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 842.502219][ T9677] usb 4-1: Manufacturer: syz [ 842.515045][T15833] tipc: Disabling bearer [ 842.523852][ T9677] usb 4-1: config 0 descriptor?? [ 842.529995][ T9676] usb 3-1: Using ep0 maxpacket: 32 [ 842.538202][ T9676] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 842.571006][ T9676] usb 3-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13 [ 842.581909][ T9676] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 842.601359][ T9676] usb 3-1: Product: syz [ 842.611194][ T9676] usb 3-1: Manufacturer: syz [ 842.619200][ T9676] usb 3-1: SerialNumber: syz [ 842.631366][ T9676] usb 3-1: config 0 descriptor?? [ 842.648322][ T9676] rndis_wlan 3-1:0.0: skipping garbage [ 842.670732][ T9676] rndis_wlan: probe of 3-1:0.0 failed with error -22 [ 842.679797][ T9676] rndis_host 3-1:0.0: skipping garbage [ 842.689933][ T9676] rndis_host: probe of 3-1:0.0 failed with error -22 [ 842.746720][T15839] __nla_validate_parse: 9 callbacks suppressed [ 842.746741][T15839] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3430'. [ 842.772882][T15839] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3430'. [ 842.792100][T15839] netlink: 'syz.0.3430': attribute type 13 has an invalid length. [ 842.820498][T15842] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3431'. [ 842.832360][T15842] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3431'. [ 842.973245][ T9677] usbhid 4-1:0.0: can't add hid device: -71 [ 842.988464][ T9677] usbhid: probe of 4-1:0.0 failed with error -71 [ 842.996603][T15844] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3432'. [ 843.010359][ T9677] usb 4-1: USB disconnect, device number 24 [ 843.018978][T15844] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3432'. [ 843.045741][T15846] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3433'. [ 843.073157][T15846] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3433'. [ 843.103750][T15846] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3433'. [ 843.121529][T15846] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3433'. [ 843.262919][T15850] loop6: detected capacity change from 0 to 7 [ 843.280248][T15850] Dev loop6: unable to read RDB block 7 [ 843.294211][T15850] loop6: unable to read partition table [ 843.310545][T15850] loop6: partition table beyond EOD, truncated [ 843.321282][T15850] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 844.296343][ T5794] Bluetooth: hci2: unexpected event for opcode 0x1004 [ 844.689856][T15120] block nbd46: Possible stuck request ffff888066c20000: control (read@0,4096B). Runtime 120 seconds [ 844.716198][ T5883] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 844.917601][ T5883] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 844.938643][ T5883] usb 4-1: config 0 has no interfaces? [ 844.958971][ T5883] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 844.990602][ T5883] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 845.017942][ T5883] usb 4-1: config 0 descriptor?? [ 845.243879][ T5883] usb 4-1: USB disconnect, device number 25 [ 845.992779][T15921] loop0: detected capacity change from 0 to 512 [ 846.001409][T15921] ======================================================= [ 846.001409][T15921] WARNING: The mand mount option has been deprecated and [ 846.001409][T15921] and is ignored by this kernel. Remove the mand [ 846.001409][T15921] option from the mount to silence this warning. [ 846.001409][T15921] ======================================================= [ 846.103532][T15921] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 846.113175][T15921] System zones: 0-2, 18-18, 34-34 [ 846.141615][ T54] usb 3-1: USB disconnect, device number 24 [ 846.194642][T15921] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.3468: bg 0: block 248: padding at end of block bitmap is not set [ 846.219245][T15921] Quota error (device loop0): write_blk: dquota write failed [ 846.230691][T15921] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 846.243296][T15921] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3468: Failed to acquire dquot type 1 [ 846.284639][T15921] EXT4-fs (loop0): 1 truncate cleaned up [ 846.301744][T15921] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 846.315590][T15921] ext4 filesystem being mounted at /302/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 846.401442][T12342] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 846.471463][T15931] loop2: detected capacity change from 0 to 256 [ 846.503605][T15931] exfat: Deprecated parameter 'utf8' [ 846.541330][T15931] exfat: Deprecated parameter 'namecase' [ 846.647737][T15931] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xeb475cb8, utbl_chksum : 0xe619d30d) [ 847.014332][ T23] IPVS: starting estimator thread 0... [ 847.063596][T15953] loop1: detected capacity change from 0 to 16 [ 847.086969][T15953] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 847.106083][T15948] IPVS: using max 19 ests per chain, 45600 per kthread [ 847.246815][ T10] block nbd23: Possible stuck request ffff8880214f8000: control (read@0,1024B). Runtime 270 seconds [ 847.259478][ T10] block nbd23: Possible stuck request ffff8880214f8200: control (read@1024,3072B). Runtime 270 seconds [ 847.396352][ T9677] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 847.595966][ T9677] usb 4-1: Using ep0 maxpacket: 32 [ 847.624267][ T9677] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 847.631074][ T9677] usb 4-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13 [ 847.631107][ T9677] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 847.631135][ T9677] usb 4-1: Product: syz [ 847.631151][ T9677] usb 4-1: Manufacturer: syz [ 847.631167][ T9677] usb 4-1: SerialNumber: syz [ 847.641542][ T9677] usb 4-1: config 0 descriptor?? [ 847.656071][ T9677] rndis_wlan 4-1:0.0: skipping garbage [ 847.656990][ T9677] rndis_wlan: probe of 4-1:0.0 failed with error -22 [ 847.657499][ T9677] rndis_host 4-1:0.0: skipping garbage [ 847.657668][ T9677] rndis_host: probe of 4-1:0.0 failed with error -22 [ 848.063150][T15980] __nla_validate_parse: 25 callbacks suppressed [ 848.063171][T15980] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3493'. [ 848.160108][T15980] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3493'. [ 848.377877][ T5794] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 848.387757][ T5794] Bluetooth: hci2: Injecting HCI hardware error event [ 848.406696][T11045] Bluetooth: hci2: hardware error 0x00 [ 848.475938][T15992] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3498'. [ 848.488303][T15992] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3498'. [ 848.715605][ T23] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 848.732705][T15998] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3501'. [ 848.871944][T16000] loop0: detected capacity change from 0 to 2048 [ 848.907200][T16000] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 848.925798][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 848.940602][T16000] NILFS (loop0): mounting unchecked fs [ 848.941647][ T23] usb 2-1: unable to get BOS descriptor or descriptor too short [ 848.963179][T16002] nbd61: detected capacity change from 0 to 127 [ 849.011544][ T23] usb 2-1: config 4 has an invalid interface number: 237 but max is 0 [ 849.030493][ T5794] block nbd61: Receive control failed (result -32) [ 849.037955][ T23] usb 2-1: config 4 has an invalid descriptor of length 204, skipping remainder of the config [ 849.037986][ T23] usb 2-1: config 4 has no interface number 0 [ 849.038043][ T23] usb 2-1: config 4 interface 237 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 849.053388][T16000] NILFS (loop0): recovery complete [ 849.081031][ T23] usb 2-1: New USB device found, idVendor=05ac, idProduct=0249, bcdDevice=c8.54 [ 849.114637][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 849.145581][ T23] usb 2-1: Product: syz [ 849.178067][ T23] usb 2-1: Manufacturer: syz [ 849.192207][T16006] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 849.204095][ T23] usb 2-1: SerialNumber: syz [ 849.466253][T16010] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3504'. [ 849.489954][ T23] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:4.237/input/input8 [ 849.500383][T16010] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3504'. [ 849.550913][ T5143] bcm5974 2-1:4.237: could not read from device [ 849.576502][ T5143] bcm5974 2-1:4.237: could not read from device [ 849.608089][ T23] usb 2-1: USB disconnect, device number 17 [ 849.633481][ T5143] bcm5974 2-1:4.237: could not read from device [ 849.746921][T16016] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3507'. [ 849.776816][T16016] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3507'. [ 850.225883][T16028] netlink: 'syz.0.3512': attribute type 10 has an invalid length. [ 850.356843][T16032] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3514'. [ 850.366679][ T23] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 850.446223][T11045] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 850.565575][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 850.573403][ T23] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 850.590442][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 850.623829][ T23] usb 2-1: config 0 descriptor?? [ 850.649277][ T23] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 851.087512][T15120] block nbd31: Possible stuck request ffff88802bb40000: control (read@0,4096B). Runtime 210 seconds [ 851.111909][ T9677] usb 4-1: USB disconnect, device number 26 [ 851.159832][T16030] syz.2.3513: vmalloc error: size 16777216, failed to allocated page array size 32768, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 851.181089][T16030] CPU: 1 PID: 16030 Comm: syz.2.3513 Not tainted 6.6.100-syzkaller #0 [ 851.189324][T16030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 851.199430][T16030] Call Trace: [ 851.202728][T16030] [ 851.205692][T16030] dump_stack_lvl+0x16c/0x230 [ 851.210428][T16030] ? show_regs_print_info+0x20/0x20 [ 851.215656][T16030] ? load_image+0x3b0/0x3b0 [ 851.220203][T16030] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 851.226649][T16030] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 851.233179][T16030] warn_alloc+0x210/0x300 [ 851.237545][T16030] ? zone_watermark_ok_safe+0x230/0x230 [ 851.243125][T16030] ? _raw_spin_unlock+0x28/0x40 [ 851.248001][T16030] ? memset_orig+0x4a/0xac [ 851.252460][T16030] __vmalloc_node_range+0x662/0x1320 [ 851.257793][T16030] ? __alloc_pages+0xa1/0x460 [ 851.262500][T16030] ? free_vm_area+0x50/0x50 [ 851.267036][T16030] ? packet_set_ring+0x715/0x23c0 [ 851.272083][T16030] vzalloc+0x79/0x90 [ 851.276024][T16030] ? packet_set_ring+0x715/0x23c0 [ 851.281089][T16030] packet_set_ring+0x715/0x23c0 [ 851.286135][T16030] ? packet_mmap+0x4e0/0x4e0 [ 851.290765][T16030] ? __lock_acquire+0x7c80/0x7c80 [ 851.295819][T16030] ? __local_bh_enable_ip+0x12e/0x1c0 [ 851.301241][T16030] ? lockdep_hardirqs_on+0x98/0x150 [ 851.306467][T16030] ? __might_fault+0xaa/0x120 [ 851.311172][T16030] ? __might_fault+0xc6/0x120 [ 851.315873][T16030] ? __might_fault+0xaa/0x120 [ 851.320580][T16030] ? _copy_from_user+0xa5/0xe0 [ 851.325375][T16030] packet_setsockopt+0xc58/0x12a0 [ 851.330437][T16030] ? packet_ioctl+0x340/0x340 [ 851.335160][T16030] ? aa_sk_perm+0x7fc/0x930 [ 851.339710][T16030] ? aa_af_perm+0x2b0/0x2b0 [ 851.344250][T16030] ? __fget_files+0x28/0x4d0 [ 851.348862][T16030] ? aa_sock_opt_perm+0x74/0x100 [ 851.353824][T16030] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 851.359393][T16030] ? security_socket_setsockopt+0x7e/0xa0 [ 851.365139][T16030] ? packet_ioctl+0x340/0x340 [ 851.369856][T16030] do_sock_setsockopt+0x175/0x1a0 [ 851.374912][T16030] ? __fdget+0x180/0x210 [ 851.379194][T16030] __x64_sys_setsockopt+0x184/0x200 [ 851.384428][T16030] do_syscall_64+0x55/0xb0 [ 851.388876][T16030] ? clear_bhb_loop+0x40/0x90 [ 851.393576][T16030] ? clear_bhb_loop+0x40/0x90 [ 851.398277][T16030] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 851.404200][T16030] RIP: 0033:0x7f7b0e18e9a9 [ 851.408648][T16030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 851.428287][T16030] RSP: 002b:00007f7b0f038038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 851.436730][T16030] RAX: ffffffffffffffda RBX: 00007f7b0e3b5fa0 RCX: 00007f7b0e18e9a9 [ 851.444729][T16030] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000003 [ 851.452733][T16030] RBP: 00007f7b0e210d69 R08: 000000000000001c R09: 0000000000000000 [ 851.460733][T16030] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 851.468728][T16030] R13: 0000000000000000 R14: 00007f7b0e3b5fa0 R15: 00007fff6c19ee08 [ 851.476737][T16030] [ 851.483131][T16030] Mem-Info: [ 851.487944][T16030] active_anon:10495 inactive_anon:0 isolated_anon:0 [ 851.487944][T16030] active_file:12753 inactive_file:40168 isolated_file:0 [ 851.487944][T16030] unevictable:768 dirty:13 writeback:0 [ 851.487944][T16030] slab_reclaimable:12530 slab_unreclaimable:125415 [ 851.487944][T16030] mapped:24687 shmem:3663 pagetables:669 [ 851.487944][T16030] sec_pagetables:0 bounce:0 [ 851.487944][T16030] kernel_misc_reclaimable:0 [ 851.487944][T16030] free:1283009 free_pcp:11467 free_cma:0 [ 851.533313][ C0] vkms_vblank_simulate: vblank timer overrun [ 851.543522][T16030] Node 0 active_anon:40680kB inactive_anon:0kB active_file:51012kB inactive_file:160472kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98748kB dirty:52kB writeback:0kB shmem:11716kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:14708kB pagetables:2676kB sec_pagetables:0kB all_unreclaimable? no [ 851.575756][ C0] vkms_vblank_simulate: vblank timer overrun [ 851.623994][T16030] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 851.673515][T16030] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 851.723467][T16030] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 851.726586][ T10] block nbd29: Possible stuck request ffff88807df48000: control (read@0,4096B). Runtime 240 seconds [ 851.750718][T16030] Node 0 DMA32 free:1227988kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:32836kB inactive_anon:0kB active_file:51012kB inactive_file:159140kB unevictable:1536kB writepending:52kB present:3129332kB managed:2589600kB mlocked:0kB bounce:0kB free_pcp:28536kB local_pcp:7304kB free_cma:0kB [ 851.781128][ C0] vkms_vblank_simulate: vblank timer overrun [ 851.794550][T16030] lowmem_reserve[]: 0 0 1 1 1 [ 851.800604][T16030] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1332kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 851.827773][ C0] vkms_vblank_simulate: vblank timer overrun [ 851.836608][T16030] lowmem_reserve[]: 0 0 0 0 0 [ 851.841493][T16030] Node 1 Normal free:3892380kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:23232kB local_pcp:8928kB free_cma:0kB [ 851.870990][ C0] vkms_vblank_simulate: vblank timer overrun [ 851.887890][T16030] lowmem_reserve[]: 0 0 0 0 0 [ 851.892713][T16030] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 851.906700][T16030] Node 0 DMA32: 483*4kB (UME) 185*8kB (UM) 25*16kB (M) 14*32kB (M) 124*64kB (M) 63*128kB (M) 26*256kB (ME) 20*512kB (UME) 17*1024kB (UME) 5*2048kB (M) 284*4096kB (M) = 1228068kB [ 851.926076][T16030] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 851.939198][T16030] Node 1 Normal: 237*4kB (UME) 39*8kB (UME) 35*16kB (UME) 76*32kB (UME) 20*64kB (UME) 6*128kB (UME) 2*256kB (UM) 1*512kB (U) 2*1024kB (UE) 2*2048kB (UE) 947*4096kB (M) = 3892380kB [ 851.958681][T16030] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 851.969147][T16030] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 851.979126][T16030] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 851.989603][T16030] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 852.011586][T16030] 54330 total pagecache pages [ 852.017441][T16030] 0 pages in swap cache [ 852.021848][T16030] Free swap = 124704kB [ 852.035737][T16030] Total swap = 124996kB [ 852.039979][T16030] 2097051 pages RAM [ 852.043831][T16030] 0 pages HighMem/MovableOnly [ 852.085881][T16030] 416137 pages reserved [ 852.090412][T16030] 0 pages cma reserved [ 852.105457][ T54] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 852.288186][ T54] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 852.305164][ T54] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 852.332659][ T54] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 852.345457][ T23] gspca_sonixj: i2c_w8 err -71 [ 852.363556][ T54] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 852.392933][ T54] usb 1-1: Manufacturer: syz [ 852.405490][ T23] sonixj: probe of 2-1:0.0 failed with error -71 [ 852.435880][ T23] usb 2-1: USB disconnect, device number 18 [ 852.443125][ T54] usb 1-1: config 0 descriptor?? [ 852.635816][ T54] rc_core: IR keymap rc-hauppauge not found [ 852.641805][ T54] Registered IR keymap rc-empty [ 852.677439][ T54] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 852.711142][ T54] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input9 [ 852.976680][ C1] igorplugusb 1-1:0.0: receive overflow, at least 30 lost [ 853.008797][T15120] block nbd47: Possible stuck request ffff888066fb8000: control (read@0,4096B). Runtime 120 seconds [ 853.043458][T16073] loop2: detected capacity change from 0 to 256 [ 853.070979][T16073] exfat: Deprecated parameter 'namecase' [ 853.095993][T16073] exfat: Deprecated parameter 'namecase' [ 853.124706][T16073] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xdf1a9a6c, utbl_chksum : 0xe619d30d) [ 853.186496][ T5883] usb 1-1: USB disconnect, device number 24 [ 853.420339][T16084] af_packet: tpacket_rcv: packet too big, clamped from 3394 to 4294967272. macoff=96 [ 853.470447][T16086] __nla_validate_parse: 11 callbacks suppressed [ 853.470466][T16086] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3533'. [ 853.490977][T16086] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3533'. [ 853.512665][T16086] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3533'. [ 853.526326][ T23] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 853.538733][T16086] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3533'. [ 853.646592][T15120] block nbd39: Possible stuck request ffff888064b50000: control (read@0,1024B). Runtime 150 seconds [ 853.657948][T15120] block nbd39: Possible stuck request ffff888064b50200: control (read@1024,1024B). Runtime 150 seconds [ 853.669159][T15120] block nbd39: Possible stuck request ffff888064b50400: control (read@2048,1024B). Runtime 150 seconds [ 853.680295][T15120] block nbd39: Possible stuck request ffff888064b50600: control (read@3072,1024B). Runtime 150 seconds [ 853.735346][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 853.742821][ T23] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 853.767711][ T23] usb 4-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13 [ 853.785882][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 853.795620][ T23] usb 4-1: Product: syz [ 853.799855][ T23] usb 4-1: Manufacturer: syz [ 853.804487][ T23] usb 4-1: SerialNumber: syz [ 853.846983][ T23] usb 4-1: config 0 descriptor?? [ 853.860834][ T23] rndis_wlan 4-1:0.0: skipping garbage [ 853.868600][T16093] syzkaller0: entered promiscuous mode [ 853.881101][ T23] rndis_wlan: probe of 4-1:0.0 failed with error -22 [ 853.890923][ T23] rndis_host 4-1:0.0: skipping garbage [ 853.905614][ T23] rndis_host: probe of 4-1:0.0 failed with error -22 [ 853.910071][T16094] loop1: detected capacity change from 0 to 512 [ 853.921725][T16093] syzkaller0: entered allmulticast mode [ 853.931813][T16094] EXT4-fs: Ignoring removed nobh option [ 853.969968][T16094] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 853.984526][T16094] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 853.996018][T16094] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.3536: Corrupt directory, running e2fsck is recommended [ 854.022512][T16094] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 854.037309][T16094] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.3536: corrupted in-inode xattr: invalid ea_ino [ 854.053742][T16094] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.3536: couldn't read orphan inode 15 (err -117) [ 854.069162][T16094] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 854.090548][T16094] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 854.103531][T16094] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 854.114599][T16094] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.3536: Corrupt directory, running e2fsck is recommended [ 854.213337][T12781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 854.423827][T16105] loop2: detected capacity change from 0 to 4096 [ 854.438781][T16109] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3540'. [ 854.451533][T16105] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 854.659724][T11045] Bluetooth: hci4: unexpected subevent 0x01 length: 232 > 18 [ 854.720821][T16114] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3544'. [ 854.730076][T16114] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3544'. [ 854.740051][T16114] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3544'. [ 854.749642][T16114] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3544'. [ 854.880140][T16121] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3547'. [ 855.075594][T16124] syzkaller0: entered promiscuous mode [ 855.095897][T16124] syzkaller0: entered allmulticast mode [ 855.565774][ T10] block nbd40: Possible stuck request ffff8880637b8000: control (read@0,1024B). Runtime 150 seconds [ 855.578455][ T10] block nbd40: Possible stuck request ffff8880637b8200: control (read@1024,1024B). Runtime 150 seconds [ 855.590841][ T10] block nbd40: Possible stuck request ffff8880637b8400: control (read@2048,1024B). Runtime 150 seconds [ 855.603236][ T10] block nbd40: Possible stuck request ffff8880637b8600: control (read@3072,1024B). Runtime 150 seconds [ 855.660043][T16138] loop0: detected capacity change from 0 to 4096 [ 855.673448][T16138] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 856.156552][T16147] nbd62: detected capacity change from 0 to 127 [ 856.268221][T11045] block nbd62: Receive control failed (result -32) [ 856.455687][ T54] usb 1-1: new low-speed USB device number 25 using dummy_hcd [ 856.638324][ T54] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 856.653695][T16160] syzkaller0: entered promiscuous mode [ 856.662917][T16160] syzkaller0: entered allmulticast mode [ 856.665807][ T54] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 856.696582][ T54] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x76, skipping [ 856.710787][ T54] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 856.730064][ T54] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 856.747930][T16154] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 856.770815][ T54] hub 1-1:1.0: bad descriptor, ignoring hub [ 856.803363][ T54] hub: probe of 1-1:1.0 failed with error -5 [ 856.815992][ T54] cdc_wdm 1-1:1.0: skipping garbage [ 856.821521][ T54] cdc_wdm 1-1:1.0: skipping garbage [ 856.827646][ T54] cdc_wdm: probe of 1-1:1.0 failed with error -22 [ 857.095889][ T54] usb 1-1: USB disconnect, device number 25 [ 857.137324][T16170] netlink: 'syz.1.3567': attribute type 10 has an invalid length. [ 857.336926][ T54] usb 4-1: USB disconnect, device number 27 [ 857.698615][T16180] loop1: detected capacity change from 0 to 512 [ 857.736364][T16171] netlink: 'syz.2.3565': attribute type 6 has an invalid length. [ 857.903491][T16184] nbd63: detected capacity change from 0 to 127 [ 858.030925][T11045] block nbd63: Receive control failed (result -32) [ 858.358315][T16194] loop3: detected capacity change from 0 to 4096 [ 858.382375][T16194] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 858.470827][T16196] netlink: 'syz.2.3576': attribute type 10 has an invalid length. [ 858.532424][T16196] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 858.930895][T11045] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 858.975547][ T23] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 859.045570][ T9678] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 859.165468][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 859.176648][ T23] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 859.198515][ T23] usb 3-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13 [ 859.215403][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 859.233803][ T23] usb 3-1: Product: syz [ 859.245416][ T23] usb 3-1: Manufacturer: syz [ 859.251060][ T9678] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 859.258708][ T23] usb 3-1: SerialNumber: syz [ 859.266811][ T9678] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 859.275690][ T9678] usb 4-1: Product: syz [ 859.279922][ T9678] usb 4-1: Manufacturer: syz [ 859.284550][ T9678] usb 4-1: SerialNumber: syz [ 859.294371][ T9678] usb 4-1: config 0 descriptor?? [ 859.298715][ T23] usb 3-1: config 0 descriptor?? [ 859.314097][ T9678] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 859.342096][ T23] rndis_wlan 3-1:0.0: skipping garbage [ 859.359180][ T23] rndis_wlan: probe of 3-1:0.0 failed with error -22 [ 859.392655][T16217] netlink: 'syz.1.3582': attribute type 6 has an invalid length. [ 859.395373][ T23] rndis_host 3-1:0.0: skipping garbage [ 859.435634][ T23] rndis_host: probe of 3-1:0.0 failed with error -22 [ 859.612937][T16213] sd 0:0:1:0: PR command failed: 1026 [ 859.625585][T16213] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 859.641191][T16213] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 859.775699][ T23] usb 4-1: USB disconnect, device number 28 [ 860.110778][T16222] __nla_validate_parse: 12 callbacks suppressed [ 860.110800][T16222] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3584'. [ 860.172369][T16222] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3584'. [ 860.371665][T16227] loop0: detected capacity change from 0 to 512 [ 860.470427][T16227] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 860.549470][T16227] ext4 filesystem being mounted at /344/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 860.561282][T16234] loop1: detected capacity change from 0 to 4096 [ 860.570262][T16231] netlink: 'syz.3.3587': attribute type 10 has an invalid length. [ 860.575087][T16234] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 860.673463][ T28] audit: type=1800 audit(1753592734.382:4): pid=16227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3586" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 860.731076][ T28] audit: type=1800 audit(1753592734.422:5): pid=16227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3586" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 860.863519][T12342] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 861.503482][T16252] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3595'. [ 861.523739][T16252] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3595'. [ 861.817570][ T54] usb 3-1: USB disconnect, device number 25 [ 861.984025][T15120] block nbd26: Possible stuck request ffff88807e928000: control (read@0,1024B). Runtime 270 seconds [ 861.996051][T15120] block nbd26: Possible stuck request ffff88807e928200: control (read@1024,1024B). Runtime 270 seconds [ 862.008045][T15120] block nbd26: Possible stuck request ffff88807e928400: control (read@2048,1024B). Runtime 270 seconds [ 862.019764][T15120] block nbd26: Possible stuck request ffff88807e928600: control (read@3072,1024B). Runtime 270 seconds [ 862.147062][T16246] netlink: 'syz.1.3594': attribute type 6 has an invalid length. [ 862.226206][T16260] netlink: 'syz.0.3598': attribute type 10 has an invalid length. [ 862.237010][T16262] random: crng reseeded on system resumption [ 862.351982][T16263] loop2: detected capacity change from 0 to 4096 [ 862.374096][T16263] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 862.724699][T16268] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 862.804068][T16270] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3603'. [ 862.806667][T16270] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3603'. [ 862.812480][T16272] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3604'. [ 862.813374][T16272] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3604'. [ 863.248665][T16281] nbd64: detected capacity change from 0 to 127 [ 863.286421][T11045] block nbd64: Receive control failed (result -32) [ 863.365980][ T9678] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 863.428260][T16291] netlink: 'syz.2.3609': attribute type 10 has an invalid length. [ 863.569991][ T9678] usb 4-1: Using ep0 maxpacket: 32 [ 863.588188][ T9678] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 863.609050][ T9678] usb 4-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13 [ 863.619665][ T9678] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 863.639297][ T9678] usb 4-1: Product: syz [ 863.648006][T11045] Bluetooth: hci4: unexpected event for opcode 0x2040 [ 863.653833][ T9678] usb 4-1: Manufacturer: syz [ 863.665703][ T9678] usb 4-1: SerialNumber: syz [ 863.688426][ T9678] usb 4-1: config 0 descriptor?? [ 863.723757][ T9678] rndis_wlan 4-1:0.0: skipping garbage [ 863.736939][ T9678] rndis_wlan: probe of 4-1:0.0 failed with error -22 [ 863.746108][T16299] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3613'. [ 863.762041][T16299] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3613'. [ 863.771056][ T9678] rndis_host 4-1:0.0: skipping garbage [ 863.771239][ T9678] rndis_host: probe of 4-1:0.0 failed with error -22 [ 863.786288][ T5883] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 863.871353][T16301] tipc: Enabled bearer , priority 0 [ 863.919921][T16301] syzkaller0: entered promiscuous mode [ 863.926066][T16301] syzkaller0: entered allmulticast mode [ 863.978622][ T5883] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 863.990686][ T5883] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 864.030083][ T5883] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 864.061386][ T5883] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 864.098512][ T5883] usb 3-1: config 0 descriptor?? [ 864.111929][ T5883] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 864.314078][T16294] random: crng reseeded on system resumption [ 866.578843][ T8] usb 3-1: USB disconnect, device number 26 [ 866.603889][ T23] usb 4-1: USB disconnect, device number 29 [ 867.736526][T15120] block nbd42: Possible stuck request ffff88804cde8000: control (read@0,4096B). Runtime 150 seconds [ 868.309821][T16302] tipc: Resetting bearer [ 868.326976][T16300] tipc: Resetting bearer [ 868.351327][T16300] tipc: Disabling bearer [ 868.610555][T16328] syzkaller0: entered promiscuous mode [ 868.616765][T16328] syzkaller0: entered allmulticast mode [ 868.730932][T16330] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3622'. [ 868.742285][T16330] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3622'. [ 868.753524][T16332] netlink: 'syz.0.3623': attribute type 10 has an invalid length. [ 868.766474][T16332] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3623'. [ 868.794406][T16332] team0: Port device geneve0 added [ 868.872437][T16334] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3624'. [ 868.895597][T16334] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3624'. [ 868.913227][T16334] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3624'. [ 868.937852][T16334] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3624'. [ 869.484451][T16342] loop2: detected capacity change from 0 to 64 [ 869.648419][ T10] block nbd43: Possible stuck request ffff88804ccf8000: control (read@0,1024B). Runtime 150 seconds [ 869.660667][ T10] block nbd43: Possible stuck request ffff88804ccf8200: control (read@1024,1024B). Runtime 150 seconds [ 869.661101][T16343] netlink: 'syz.1.3628': attribute type 10 has an invalid length. [ 869.672971][ T10] block nbd43: Possible stuck request ffff88804ccf8400: control (read@2048,1024B). Runtime 150 seconds [ 869.695931][ T10] block nbd43: Possible stuck request ffff88804ccf8600: control (read@3072,1024B). Runtime 150 seconds [ 869.898603][T11045] Bluetooth: hci4: unexpected event for opcode 0x2035 [ 869.946787][T16349] sch_tbf: burst 19872 is lower than device lo mtu (39799) ! [ 870.132637][T16354] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3633'. [ 870.173739][T16354] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3633'. [ 870.200324][T16356] syzkaller0: entered promiscuous mode [ 870.211075][T16356] syzkaller0: entered allmulticast mode [ 870.306549][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.636308][T16365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3636'. [ 870.702517][T16361] netlink: 'syz.0.3637': attribute type 10 has an invalid length. [ 870.928469][T15120] block nbd33: Possible stuck request ffff88807aec0000: control (read@0,4096B). Runtime 210 seconds [ 871.225522][T16372] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.245596][T16372] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.254557][T16372] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.297819][T16372] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.542505][T16382] tipc: Enabled bearer , priority 0 [ 871.603408][T16382] tipc: Resetting bearer [ 871.616184][T16385] tipc: Enabling of bearer rejected, already enabled [ 871.638430][T16381] tipc: Disabling bearer [ 871.817612][T16389] nbd65: detected capacity change from 0 to 127 [ 871.841576][T11045] block nbd65: Receive control failed (result -32) [ 871.850889][T16394] netlink: 'syz.0.3648': attribute type 10 has an invalid length. [ 872.382568][ T10] block nbd34: Possible stuck request ffff8880677f8000: control (read@0,4096B). Runtime 210 seconds [ 872.583255][T16403] syzkaller0: entered promiscuous mode [ 872.590493][T16403] syzkaller0: entered allmulticast mode [ 872.718484][T16408] ieee802154 phy0 wpan0: encryption failed: -22 [ 873.060980][T16419] loop2: detected capacity change from 0 to 64 [ 873.123883][T16418] tipc: Enabled bearer , priority 0 [ 873.570193][T16422] tipc: Resetting bearer [ 873.729214][T16416] tipc: Disabling bearer [ 873.965586][T11045] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 873.974591][T11045] Bluetooth: hci4: Injecting HCI hardware error event [ 873.984991][T11045] Bluetooth: hci4: hardware error 0x00 [ 874.013930][T16430] tmpfs: Cannot change global quota limit on remount [ 874.050138][T16425] nbd66: detected capacity change from 0 to 127 [ 875.015770][T15120] block nbd46: Possible stuck request ffff888066c20000: control (read@0,4096B). Runtime 150 seconds [ 875.035957][ T5794] block nbd66: Receive control failed (result -32) [ 875.076939][T16436] loop3: detected capacity change from 0 to 64 [ 876.061638][T11045] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 876.516226][T16457] syzkaller0: entered promiscuous mode [ 876.541339][T16457] syzkaller0: entered allmulticast mode [ 876.686623][T16441] netlink: 'syz.0.3665': attribute type 6 has an invalid length. [ 877.111552][T16462] syzkaller0: entered promiscuous mode [ 877.137913][T16462] syzkaller0: entered allmulticast mode [ 877.337493][ T10] block nbd23: Possible stuck request ffff8880214f8000: control (read@0,1024B). Runtime 300 seconds [ 877.349902][ T10] block nbd23: Possible stuck request ffff8880214f8200: control (read@1024,3072B). Runtime 300 seconds [ 877.367096][T16473] loop0: detected capacity change from 0 to 512 [ 877.425980][T16473] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.3676: iget: bad extended attribute block 1 [ 877.446133][T16473] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.3676: couldn't read orphan inode 15 (err -117) [ 877.474563][T16473] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 877.548953][T16478] __nla_validate_parse: 5 callbacks suppressed [ 877.548973][T16478] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3677'. [ 877.595903][T16473] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters [ 877.636222][T16478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3677'. [ 877.709356][T12342] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 877.776351][T16483] tipc: Enabled bearer , priority 0 [ 877.856758][T16482] syzkaller0: entered promiscuous mode [ 877.864004][T16482] syzkaller0: entered allmulticast mode [ 877.915681][T16486] netlink: 'syz.2.3682': attribute type 10 has an invalid length. [ 877.928044][T16486] bond0: (slave dummy0): Releasing backup interface [ 878.002795][T16486] team0: Port device dummy0 added [ 878.500478][T16496] tipc: Resetting bearer [ 878.717067][T16481] tipc: Resetting bearer [ 878.905525][T16481] tipc: Disabling bearer [ 879.176873][T16509] syzkaller0: entered promiscuous mode [ 879.182426][T16509] syzkaller0: entered allmulticast mode [ 879.480486][T16501] netlink: 'syz.2.3683': attribute type 6 has an invalid length. [ 879.685621][ T9678] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 879.726735][T16521] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3690'. [ 879.742318][T16523] netlink: 'syz.0.3691': attribute type 10 has an invalid length. [ 879.753197][T16523] bond0: (slave dummy0): Releasing backup interface [ 879.777028][T16523] team0: Port device dummy0 added [ 879.797392][T16521] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3690'. [ 879.877096][ T9678] usb 2-1: Using ep0 maxpacket: 16 [ 879.886423][ T9678] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 879.903594][ T9678] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 879.936134][ T9678] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 879.944471][ T9678] usb 2-1: Product: syz [ 879.975924][ T9678] usb 2-1: Manufacturer: syz [ 879.980626][ T9678] usb 2-1: SerialNumber: syz [ 880.012058][ T9678] usb 2-1: config 0 descriptor?? [ 880.051927][ T9678] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 880.321495][ T9678] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 881.205729][T15120] block nbd31: Possible stuck request ffff88802bb40000: control (read@0,4096B). Runtime 240 seconds [ 881.249624][ T9678] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 881.806201][ T10] block nbd29: Possible stuck request ffff88807df48000: control (read@0,4096B). Runtime 270 seconds [ 881.867699][ T9678] em28xx 2-1:0.0: failed to get i2c transfer status from bridge register (error=-5) [ 881.971453][T16547] syzkaller0: entered promiscuous mode [ 882.074674][T16547] syzkaller0: entered allmulticast mode [ 882.187239][T16550] loop0: detected capacity change from 0 to 1024 [ 882.207306][T16550] EXT4-fs (loop0): filesystem is read-only [ 882.234092][T16550] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 882.245915][T16550] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (11891!=20869) [ 882.257808][T16550] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 882.269908][T16550] EXT4-fs error (device loop0): ext4_get_journal_inode:5805: comm syz.0.3698: inode #1: comm syz.0.3698: iget: illegal inode # [ 882.304432][T16550] EXT4-fs (loop0): no journal found [ 882.310463][T16550] EXT4-fs (loop0): can't get journal size [ 882.617691][T16550] EXT4-fs error (device loop0): __ext4_fill_super:5502: inode #2: comm syz.0.3698: iget: special inode unallocated [ 882.640028][T16550] EXT4-fs (loop0): get root inode failed [ 882.646700][T16550] EXT4-fs (loop0): mount failed [ 883.110863][ T9678] em28xx 2-1:0.0: board has no eeprom [ 883.178234][T15120] block nbd47: Possible stuck request ffff888066fb8000: control (read@0,4096B). Runtime 150 seconds [ 883.255527][ T9678] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 883.279202][ T9678] em28xx 2-1:0.0: dvb set to bulk mode. [ 883.304081][T16556] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3702'. [ 883.317265][T16558] netlink: 'syz.2.3701': attribute type 10 has an invalid length. [ 883.347507][ T8] em28xx 2-1:0.0: Binding DVB extension [ 883.376400][ T9678] usb 2-1: USB disconnect, device number 19 [ 883.383452][ T9678] em28xx 2-1:0.0: Disconnecting em28xx [ 883.457549][T16556] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3702'. [ 883.513977][ T8] em28xx 2-1:0.0: Registering input extension [ 883.556202][ T9678] em28xx 2-1:0.0: Closing input extension [ 883.662211][ T9678] em28xx 2-1:0.0: Freeing device [ 883.876132][T15120] block nbd39: Possible stuck request ffff888064b50000: control (read@0,1024B). Runtime 180 seconds [ 883.887821][T15120] block nbd39: Possible stuck request ffff888064b50200: control (read@1024,1024B). Runtime 180 seconds [ 883.899624][T15120] block nbd39: Possible stuck request ffff888064b50400: control (read@2048,1024B). Runtime 180 seconds [ 883.911404][T15120] block nbd39: Possible stuck request ffff888064b50600: control (read@3072,1024B). Runtime 180 seconds [ 884.745514][ T6937] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 884.856117][ T8] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 884.907621][T16589] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3714'. [ 884.927035][T16589] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3714'. [ 884.939808][ T6937] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 884.963597][ T6937] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 885.008918][ T6937] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 885.021550][ T6937] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 885.031573][ T6937] usb 1-1: Manufacturer: syz [ 885.039796][T16587] nbd67: detected capacity change from 0 to 127 [ 885.060208][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 885.073796][T16594] netlink: 'syz.2.3715': attribute type 10 has an invalid length. [ 885.074516][ T6937] usb 1-1: config 0 descriptor?? [ 885.084492][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 885.111375][ T8] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 885.121900][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 885.133750][ T8] usb 2-1: config 0 descriptor?? [ 885.149268][T11045] block nbd67: Receive control failed (result -32) [ 885.358675][ T6937] rc_core: IR keymap rc-hauppauge not found [ 885.375463][ T6937] Registered IR keymap rc-empty [ 885.388629][ T6937] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 885.417418][ T6937] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input11 [ 885.647123][ T10] block nbd40: Possible stuck request ffff8880637b8000: control (read@0,1024B). Runtime 180 seconds [ 885.659825][ T10] block nbd40: Possible stuck request ffff8880637b8200: control (read@1024,1024B). Runtime 180 seconds [ 885.672306][ T10] block nbd40: Possible stuck request ffff8880637b8400: control (read@2048,1024B). Runtime 180 seconds [ 885.685040][ T10] block nbd40: Possible stuck request ffff8880637b8600: control (read@3072,1024B). Runtime 180 seconds [ 885.926696][ T9677] usb 1-1: USB disconnect, device number 26 [ 886.259597][ T8] uclogic 0003:256C:006D.001A: interface is invalid, ignoring [ 886.403413][ T8] usb 2-1: USB disconnect, device number 20 [ 887.076263][T16627] netlink: 'syz.1.3726': attribute type 10 has an invalid length. [ 887.143473][T16627] team0: Port device dummy0 added [ 887.298341][T16630] nbd68: detected capacity change from 0 to 127 [ 887.334249][T11045] block nbd68: Receive control failed (result -32) [ 887.611357][T16620] netlink: 'syz.2.3724': attribute type 6 has an invalid length. [ 887.947435][T16646] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3731'. [ 888.543060][T16658] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3736'. [ 888.637604][T11045] Bluetooth: hci0: unknown advertising packet type: 0x70 [ 888.637745][T11045] Bluetooth: hci0: Dropping invalid advertising data [ 888.653792][T11045] Bluetooth: hci0: Malformed LE Event: 0x02 [ 888.763626][T16665] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3740'. [ 888.764316][T16666] loop0: detected capacity change from 0 to 256 [ 888.827055][T16666] exfat: Unknown parameter 'zero_size_dir' [ 889.052155][T16672] syzkaller0: entered promiscuous mode [ 889.065423][T16673] loop2: detected capacity change from 0 to 128 [ 889.078878][T16672] syzkaller0: entered allmulticast mode [ 889.099166][T16673] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 889.117674][T16677] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3745'. [ 889.162837][T16677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3745'. [ 889.294129][ T12] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 889.524024][T16686] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3749'. [ 889.746643][T16693] loop3: detected capacity change from 0 to 512 [ 889.757704][T16693] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 889.867883][T16698] netlink: 'syz.1.3755': attribute type 10 has an invalid length. [ 890.187096][T16705] syzkaller0: entered promiscuous mode [ 890.192659][T16705] syzkaller0: entered allmulticast mode [ 890.269950][T16710] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3761'. [ 890.630743][T16721] netlink: 'syz.3.3765': attribute type 10 has an invalid length. [ 890.642329][T16721] bond0: (slave dummy0): Releasing backup interface [ 890.668091][T16721] team0: Port device dummy0 added [ 890.696484][ T5839] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 890.905488][ T5839] usb 2-1: Using ep0 maxpacket: 32 [ 890.919166][ T5839] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 890.953394][ T5839] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 890.975742][ T5839] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xB7, skipping [ 890.990063][ T5839] usb 2-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 891.002982][ T5839] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 891.035343][ T5839] usb 2-1: Product: syz [ 891.040589][ T5839] usb 2-1: Manufacturer: syz [ 891.047206][T16728] nbd69: detected capacity change from 0 to 127 [ 891.053581][ T5839] usb 2-1: SerialNumber: syz [ 891.061991][ T5839] usb 2-1: config 0 descriptor?? [ 891.070445][T16715] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 891.124680][T11045] block nbd69: Receive control failed (result -32) [ 891.294590][T16741] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3771'. [ 891.297160][ T5839] usb 2-1: USB disconnect, device number 21 [ 891.378395][T16739] tipc: Enabled bearer , priority 0 [ 891.408803][T16739] syzkaller0: entered promiscuous mode [ 891.421094][T16739] syzkaller0: entered allmulticast mode [ 891.433135][T16743] syzkaller0: entered promiscuous mode [ 891.439860][T16743] syzkaller0: entered allmulticast mode [ 891.490020][T16745] netlink: 'syz.2.3774': attribute type 10 has an invalid length. [ 891.515855][T16739] tipc: Resetting bearer [ 891.532223][T16737] tipc: Resetting bearer [ 891.588876][T16737] tipc: Disabling bearer [ 891.726121][T16750] loop3: detected capacity change from 0 to 1024 [ 891.893823][ T48] hfsplus: b-tree write err: -5, ino 4 [ 892.056240][T15120] block nbd26: Possible stuck request ffff88807e928000: control (read@0,1024B). Runtime 300 seconds [ 892.068242][T15120] block nbd26: Possible stuck request ffff88807e928200: control (read@1024,1024B). Runtime 300 seconds [ 892.080457][T15120] block nbd26: Possible stuck request ffff88807e928400: control (read@2048,1024B). Runtime 300 seconds [ 892.092653][T15120] block nbd26: Possible stuck request ffff88807e928600: control (read@3072,1024B). Runtime 300 seconds [ 892.279722][T16760] nbd70: detected capacity change from 0 to 127 [ 892.311709][T16767] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3782'. [ 892.341049][T11045] block nbd70: Receive control failed (result -32) [ 892.538980][T16769] loop3: detected capacity change from 0 to 4096 [ 892.547929][T16769] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 892.574627][T16771] netlink: 'syz.1.3784': attribute type 10 has an invalid length. [ 892.618379][T16769] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 892.637880][T16769] ntfs3: loop3: Failed to initialize $Extend/$ObjId. [ 892.658212][T16773] tipc: Enabled bearer , priority 0 [ 892.674387][T16773] syzkaller0: entered promiscuous mode [ 892.681674][T16773] syzkaller0: entered allmulticast mode [ 892.702358][T16769] ntfs3: loop3: ino=5, "/" directory corrupted [ 892.854489][T16773] tipc: Resetting bearer [ 892.886921][T16772] tipc: Resetting bearer [ 892.938228][ T8] hid-generic 0000:0000:0000.001B: unknown main item tag 0x0 [ 892.962728][T16772] tipc: Disabling bearer [ 892.976572][ T8] hid-generic 0000:0000:0000.001B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 893.210040][T16787] TCP: TCP_TX_DELAY enabled [ 893.260944][T16789] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3792'. [ 893.383851][T16791] loop1: detected capacity change from 0 to 4096 [ 893.410125][T16791] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 893.487980][T16793] netlink: 'syz.2.3794': attribute type 10 has an invalid length. [ 893.508989][T16795] loop0: detected capacity change from 0 to 512 [ 893.600248][T16795] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 893.614521][T16795] ext4 filesystem being mounted at /387/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 893.675744][T16795] Quota error (device loop0): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 893.692758][T16795] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 893.703146][T16795] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3796: Failed to acquire dquot type 0 [ 893.769522][ T28] audit: type=1326 audit(1753592767.482:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16803 comm="syz.1.3797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c28f8e9a9 code=0x7ffc0000 [ 893.818666][T12342] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 893.825509][ T28] audit: type=1326 audit(1753592767.482:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16803 comm="syz.1.3797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c28f8e9a9 code=0x7ffc0000 [ 893.960165][ T28] audit: type=1326 audit(1753592767.482:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16803 comm="syz.1.3797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f9c28f8e9a9 code=0x7ffc0000 [ 893.989375][ T28] audit: type=1326 audit(1753592767.482:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16803 comm="syz.1.3797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c28f8e9a9 code=0x7ffc0000 [ 894.014320][ T28] audit: type=1326 audit(1753592767.482:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16803 comm="syz.1.3797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c28f8e9a9 code=0x7ffc0000 [ 894.038821][ T28] audit: type=1326 audit(1753592767.482:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16803 comm="syz.1.3797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7f9c28f8e9a9 code=0x7ffc0000 [ 894.062903][ T28] audit: type=1326 audit(1753592767.482:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16803 comm="syz.1.3797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c28f8e9a9 code=0x7ffc0000 [ 894.417980][T16812] loop2: detected capacity change from 0 to 4096 [ 894.433721][T16812] ntfs3: loop2: ino=3, Correct links count -> 2. [ 894.447692][T16815] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3804'. [ 894.450216][T16816] loop0: detected capacity change from 0 to 128 [ 894.471716][T16816] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 894.506861][T16816] ext4 filesystem being mounted at /390/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 894.574303][T16820] loop1: detected capacity change from 0 to 132 [ 894.699014][T12342] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 894.976521][ T9676] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 895.172249][ T9676] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 895.203446][ T9676] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 895.226113][ T9676] usb 2-1: Product: syz [ 895.230362][ T9676] usb 2-1: Manufacturer: syz [ 895.252045][ T9676] usb 2-1: SerialNumber: syz [ 895.276474][ T9676] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 895.356808][ T9677] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 895.367288][ T8] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 895.468335][T16839] syzkaller0: entered promiscuous mode [ 895.473951][T16839] syzkaller0: entered allmulticast mode [ 895.566121][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 895.574566][ T8] usb 4-1: config 1 has an invalid interface number: 76 but max is 0 [ 895.596049][ T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 895.613691][ T5839] usb 2-1: USB disconnect, device number 22 [ 895.633918][ T8] usb 4-1: config 1 has no interface number 0 [ 895.641854][ T8] usb 4-1: config 1 interface 76 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 24 [ 895.667710][ T8] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 895.678253][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 895.695871][ T8] usb 4-1: SerialNumber: syz [ 895.926269][ T8] hub 4-1:1.76: bad descriptor, ignoring hub [ 895.947041][ T8] hub: probe of 4-1:1.76 failed with error -5 [ 896.213726][ T8] usb 4-1: reset high-speed USB device number 30 using dummy_hcd [ 896.450480][ T9677] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 896.477786][ T9677] ath9k_htc: Failed to initialize the device [ 896.500340][ T5839] usb 2-1: ath9k_htc: USB layer deinitialized [ 896.618013][T16848] nbd71: detected capacity change from 0 to 127 [ 896.797525][ T8] usb 4-1: USB disconnect, device number 30 [ 897.135595][T11045] block nbd71: Receive control failed (result -32) [ 897.815955][T15120] block nbd42: Possible stuck request ffff88804cde8000: control (read@0,4096B). Runtime 180 seconds [ 899.726100][ T10] block nbd43: Possible stuck request ffff88804ccf8000: control (read@0,1024B). Runtime 180 seconds [ 899.738926][ T10] block nbd43: Possible stuck request ffff88804ccf8200: control (read@1024,1024B). Runtime 180 seconds [ 899.751267][ T10] block nbd43: Possible stuck request ffff88804ccf8400: control (read@2048,1024B). Runtime 180 seconds [ 899.763596][ T10] block nbd43: Possible stuck request ffff88804ccf8600: control (read@3072,1024B). Runtime 180 seconds [ 899.766651][T16870] netlink: 'syz.0.3823': attribute type 10 has an invalid length. [ 900.114115][T16859] netlink: 'syz.2.3818': attribute type 6 has an invalid length. [ 900.588356][T16886] syzkaller0: entered promiscuous mode [ 900.621584][T16886] syzkaller0: entered allmulticast mode [ 901.022308][T15120] block nbd33: Possible stuck request ffff88807aec0000: control (read@0,4096B). Runtime 240 seconds [ 902.947611][ T10] block nbd34: Possible stuck request ffff8880677f8000: control (read@0,4096B). Runtime 240 seconds [ 903.882242][ T5158] udevd[5158]: worker [5786] /devices/virtual/block/nbd34 timeout; kill it [ 903.895952][ T5158] udevd[5158]: seq 14498 '/devices/virtual/block/nbd34' killed [ 903.903766][ T5158] udevd[5158]: worker [5792] /devices/virtual/block/nbd42 timeout; kill it [ 903.922878][ T5158] udevd[5158]: seq 16330 '/devices/virtual/block/nbd42' killed [ 903.935340][ T5158] udevd[5158]: worker [12313] /devices/virtual/block/nbd33 timeout; kill it [ 903.944352][ T5158] udevd[5158]: seq 14469 '/devices/virtual/block/nbd33' killed [ 903.960923][ T5158] udevd[5158]: worker [12757] /devices/virtual/block/nbd39 timeout; kill it [ 903.976787][ T5158] udevd[5158]: seq 15727 '/devices/virtual/block/nbd39' killed [ 903.984493][ T5158] udevd[5158]: worker [13665] /devices/virtual/block/nbd43 timeout; kill it [ 903.994935][ T5158] udevd[5158]: seq 16340 '/devices/virtual/block/nbd43' killed [ 904.764676][T16897] netlink: 'syz.0.3832': attribute type 10 has an invalid length. [ 904.806315][T16909] tipc: Enabled bearer , priority 0 [ 904.827529][T16910] syzkaller0: entered promiscuous mode [ 904.833084][T16910] syzkaller0: entered allmulticast mode [ 904.886780][T16920] tipc: Resetting bearer [ 904.927083][T16907] tipc: Resetting bearer [ 904.984544][T16907] tipc: Disabling bearer [ 905.179364][T16932] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3841'. [ 905.240237][T16936] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0) [ 905.285670][T16932] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3841'. [ 905.496297][T15120] block nbd46: Possible stuck request ffff888066c20000: control (read@0,4096B). Runtime 180 seconds [ 905.546218][T16945] loop1: detected capacity change from 0 to 1024 [ 905.638734][T16945] hfsplus: bad catalog entry type [ 905.862293][T16954] loop1: detected capacity change from 0 to 128 [ 905.890589][T16929] netlink: 'syz.3.3838': attribute type 6 has an invalid length. [ 906.096120][T16957] syzkaller0: entered promiscuous mode [ 906.108812][T16957] syzkaller0: entered allmulticast mode [ 906.415817][ T9676] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 906.508376][T16964] nbd72: detected capacity change from 0 to 127 [ 906.570136][T11045] block nbd72: Receive control failed (result -32) [ 906.607115][ T9676] usb 2-1: Using ep0 maxpacket: 32 [ 906.634623][ T9676] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 906.715434][ T9676] usb 2-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13 [ 906.724580][ T9676] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 906.754185][ T9676] usb 2-1: Product: syz [ 906.771097][ T9676] usb 2-1: Manufacturer: syz [ 906.778646][ T9676] usb 2-1: SerialNumber: syz [ 906.794653][ T9676] usb 2-1: config 0 descriptor?? [ 906.811926][ T9676] rndis_wlan 2-1:0.0: skipping garbage [ 906.823850][ T9676] rndis_wlan: probe of 2-1:0.0 failed with error -22 [ 906.832447][ T9676] rndis_host 2-1:0.0: skipping garbage [ 906.839347][ T9676] rndis_host: probe of 2-1:0.0 failed with error -22 [ 907.120419][T16984] tipc: Enabling of bearer rejected, already enabled [ 907.408560][ T10] block nbd23: Possible stuck request ffff8880214f8000: control (read@0,1024B). Runtime 330 seconds [ 907.421827][ T10] block nbd23: Possible stuck request ffff8880214f8200: control (read@1024,3072B). Runtime 330 seconds [ 907.548010][T16993] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3861'. [ 907.708519][T16996] syzkaller0: entered promiscuous mode [ 907.714082][T16996] syzkaller0: entered allmulticast mode [ 908.400085][T17008] loop2: detected capacity change from 0 to 512 [ 908.913763][T17017] tipc: Enabling of bearer rejected, already enabled [ 909.411808][T17028] netlink: 'syz.3.3876': attribute type 10 has an invalid length. [ 909.835984][T11045] Bluetooth: hci3: unexpected event for opcode 0x0413 [ 909.921142][T17030] netlink: 'syz.0.3877': attribute type 6 has an invalid length. [ 909.948677][T17040] loop2: detected capacity change from 0 to 1024 [ 909.963063][T17040] EXT4-fs: Ignoring removed orlov option [ 909.988645][T17040] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 910.013497][ T28] audit: type=1800 audit(1753592783.722:13): pid=17040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3880" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 910.146866][T13445] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 910.304149][ T23] usb 2-1: USB disconnect, device number 23 [ 910.361872][T17047] loop2: detected capacity change from 0 to 128 [ 910.395769][T17047] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 910.456283][T17047] ext4 filesystem being mounted at /270/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 910.687389][T13445] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 910.793478][T17054] netlink: 'syz.2.3886': attribute type 10 has an invalid length. [ 910.910510][T17060] loop2: detected capacity change from 0 to 512 [ 910.932216][T17060] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.3887: casefold flag without casefold feature [ 910.947964][T17060] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.3887: couldn't read orphan inode 15 (err -117) [ 910.967725][T17060] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 911.046749][T13445] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 911.112471][T17063] loop3: detected capacity change from 0 to 1024 [ 911.153591][T17063] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 911.248988][T15120] block nbd31: Possible stuck request ffff88802bb40000: control (read@0,4096B). Runtime 270 seconds [ 911.420693][T13027] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 911.616141][T17081] netlink: 'syz.1.3895': attribute type 10 has an invalid length. [ 911.658588][T17083] tipc: Enabling of bearer rejected, already enabled [ 911.755965][ T8] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 911.765887][T17086] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3896'. [ 911.886422][ T10] block nbd29: Possible stuck request ffff88807df48000: control (read@0,4096B). Runtime 300 seconds [ 911.956447][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 911.967666][ T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 911.989611][ T8] usb 3-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13 [ 912.005466][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 912.023843][ T8] usb 3-1: Product: syz [ 912.033797][ T8] usb 3-1: Manufacturer: syz [ 912.046704][ T8] usb 3-1: SerialNumber: syz [ 912.060186][ T8] usb 3-1: config 0 descriptor?? [ 912.090774][ T8] rndis_wlan 3-1:0.0: skipping garbage [ 912.096781][ T8] rndis_wlan: probe of 3-1:0.0 failed with error -22 [ 912.097367][ T8] rndis_host 3-1:0.0: skipping garbage [ 912.097535][ T8] rndis_host: probe of 3-1:0.0 failed with error -22 [ 912.519754][T17101] syzkaller0: entered promiscuous mode [ 912.538645][T17101] syzkaller0: entered allmulticast mode [ 912.628349][T17104] netlink: 'syz.3.3904': attribute type 10 has an invalid length. [ 913.806132][T15120] block nbd47: Possible stuck request ffff888066fb8000: control (read@0,4096B). Runtime 180 seconds [ 914.459514][T15120] block nbd39: Possible stuck request ffff888064b50000: control (read@0,1024B). Runtime 210 seconds [ 914.471072][T15120] block nbd39: Possible stuck request ffff888064b50200: control (read@1024,1024B). Runtime 210 seconds [ 914.482728][T15120] block nbd39: Possible stuck request ffff888064b50400: control (read@2048,1024B). Runtime 210 seconds [ 914.712349][T15120] block nbd39: Possible stuck request ffff888064b50600: control (read@3072,1024B). Runtime 210 seconds [ 915.088879][ T5839] usb 3-1: USB disconnect, device number 27 [ 915.742385][ T10] block nbd40: Possible stuck request ffff8880637b8000: control (read@0,1024B). Runtime 210 seconds [ 915.754635][ T10] block nbd40: Possible stuck request ffff8880637b8200: control (read@1024,1024B). Runtime 210 seconds [ 915.766669][ T10] block nbd40: Possible stuck request ffff8880637b8400: control (read@2048,1024B). Runtime 210 seconds [ 915.778428][ T10] block nbd40: Possible stuck request ffff8880637b8600: control (read@3072,1024B). Runtime 210 seconds [ 916.804465][T17106] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3905'. [ 916.817842][T17113] tipc: Enabling of bearer rejected, already enabled [ 917.079302][T17127] syzkaller0: entered promiscuous mode [ 917.104524][T17127] syzkaller0: entered allmulticast mode [ 917.211698][T17133] loop2: detected capacity change from 0 to 256 [ 917.231837][T17133] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 917.243224][T17133] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 917.280777][T17133] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 917.369123][T17135] tipc: Enabling of bearer rejected, failed to enable media [ 917.386336][T17135] syzkaller0: entered promiscuous mode [ 917.391878][T17135] syzkaller0: entered allmulticast mode [ 917.559090][T17140] loop2: detected capacity change from 0 to 4096 [ 917.568526][T17140] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 917.583723][T17140] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 917.622032][T17140] fs-verity: sha256 using implementation "sha256-avx2" [ 917.632264][ T8] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 917.738737][T13445] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 917.785838][ T5839] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 917.841123][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 917.841457][T17148] tipc: Enabling of bearer rejected, already enabled [ 917.858491][ T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 917.890808][ T8] usb 1-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13 [ 917.901956][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 917.911394][ T8] usb 1-1: Product: syz [ 917.916923][ T8] usb 1-1: Manufacturer: syz [ 917.921677][ T8] usb 1-1: SerialNumber: syz [ 917.931016][ T8] usb 1-1: config 0 descriptor?? [ 917.941181][ T8] rndis_wlan 1-1:0.0: skipping garbage [ 917.963856][ T8] rndis_wlan: probe of 1-1:0.0 failed with error -22 [ 917.974223][ T8] rndis_host 1-1:0.0: skipping garbage [ 917.981258][ T8] rndis_host: probe of 1-1:0.0 failed with error -22 [ 917.997538][ T5839] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 918.037069][ T5839] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 918.069405][ T5839] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 918.080368][ T5839] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 918.100000][ T5839] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 918.121466][T17153] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3920'. [ 918.149626][T17142] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 918.193059][ T5839] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 918.538752][T17155] syzkaller0: entered promiscuous mode [ 918.550281][T17155] syzkaller0: entered allmulticast mode [ 918.760692][ T8] usb 2-1: USB disconnect, device number 24 [ 919.761196][T17172] loop1: detected capacity change from 0 to 256 [ 919.787669][T17172] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 919.800204][T17172] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 919.824471][T17172] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 919.860588][T17172] UDF-fs: Scanning with blocksize 512 failed [ 919.887430][T17172] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 919.904412][T17172] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 920.051087][ T28] audit: type=1804 audit(1753592793.762:14): pid=17173 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3925" name="/newroot/424/file0/bus" dev="loop1" ino=77 res=1 errno=0 [ 920.850702][ T29] INFO: task udevd:6102 blocked for more than 143 seconds. [ 920.859041][ T29] Not tainted 6.6.100-syzkaller #0 [ 920.865390][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 920.874473][ T29] task:udevd state:D stack:23568 pid:6102 ppid:5158 flags:0x00004006 [ 920.886344][ T29] Call Trace: [ 920.889691][ T29] [ 920.892663][ T29] __schedule+0x14d2/0x44d0 [ 920.898094][ T29] ? asan.module_dtor+0x20/0x20 [ 920.903701][ T29] ? mark_lock+0x94/0x320 [ 920.909128][ T29] ? lock_chain_count+0x20/0x20 [ 920.914177][ T29] ? _raw_spin_lock_irq+0xaf/0xe0 [ 920.919840][ T29] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 920.926218][ T29] schedule+0xbd/0x170 [ 920.930534][ T29] io_schedule+0x80/0xd0 [ 920.935538][ T29] folio_wait_bit_common+0x6eb/0xf70 [ 920.941107][ T29] ? folio_wait_bit+0x30/0x30 [ 920.946802][ T29] ? _compound_head+0x120/0x120 [ 920.951936][ T29] ? filemap_add_folio+0x192/0x3c0 [ 920.957777][ T29] ? __filemap_get_folio+0x70a/0xbc0 [ 920.963310][ T29] ? blkdev_writepage+0x30/0x30 [ 920.969047][ T29] do_read_cache_folio+0x1c0/0x7e0 [ 920.974477][ T29] ? blkdev_writepage+0x30/0x30 [ 920.980121][ T29] read_part_sector+0xd2/0x350 [ 920.985858][ T29] adfspart_check_POWERTEC+0x8d/0xf00 [ 920.991449][ T29] ? adfspart_check_ADFS+0x660/0x660 [ 920.997487][ T29] ? put_partition+0x350/0x350 [ 921.002465][ T29] ? alloc_pages+0x4dc/0x740 [ 921.008831][ T29] bdev_disk_changed+0x73a/0x1410 [ 921.014112][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 921.019913][ T29] ? iput+0x347/0x920 [ 921.024078][ T29] blkdev_get_whole+0x30d/0x390 [ 921.030015][ T29] blkdev_get_by_dev+0x279/0x600 [ 921.035812][ T29] blkdev_open+0x152/0x360 [ 921.040550][ T29] ? blkdev_mmap+0x1b0/0x1b0 [ 921.045932][ T29] do_dentry_open+0x8c6/0x1500 [ 921.051020][ T29] path_openat+0x274b/0x3190 [ 921.056591][ T29] ? __kasan_slab_alloc+0x6c/0x80 [ 921.061922][ T29] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 921.067814][ T9676] usb 1-1: USB disconnect, device number 27 [ 921.068961][ T29] ? verify_lock_unused+0x140/0x140 [ 921.080108][ T29] ? do_filp_open+0x3d0/0x3d0 [ 921.094761][ T29] ? __virt_addr_valid+0x18c/0x540 [ 921.103500][ T29] do_filp_open+0x1c5/0x3d0 [ 921.113902][ T29] ? vfs_tmpfile+0x490/0x490 [ 921.123859][ T29] ? _raw_spin_unlock+0x28/0x40 [ 921.134177][ T29] ? alloc_fd+0x58f/0x630 [ 921.143957][ T29] do_sys_openat2+0x12c/0x1c0 [ 921.152846][ T29] ? do_sys_open+0xe0/0xe0 [ 921.161091][ T29] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 921.185392][ T29] ? lock_chain_count+0x20/0x20 [ 921.190347][ T29] __x64_sys_openat+0x139/0x160 [ 921.205362][ T29] do_syscall_64+0x55/0xb0 [ 921.210646][ T29] ? clear_bhb_loop+0x40/0x90 [ 921.227836][ T29] ? clear_bhb_loop+0x40/0x90 [ 921.232591][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 921.254263][ T29] RIP: 0033:0x7f72e80a7407 [ 921.259391][ T29] RSP: 002b:00007ffdd799c040 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 921.268476][ T29] RAX: ffffffffffffffda RBX: 00007f72e8834880 RCX: 00007f72e80a7407 [ 921.277102][ T29] RDX: 00000000000a0800 RSI: 000055a1af88a7b0 RDI: ffffffffffffff9c [ 921.285736][ T29] RBP: 000055a1af872910 R08: 0000000000000000 R09: 0000000000000000 [ 921.293743][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 000055a1af895750 [ 921.302485][ T29] R13: 000055a1af88a420 R14: 0000000000000000 R15: 000055a1af895750 [ 921.311200][ T29] [ 921.327165][ T29] [ 921.327165][ T29] Showing all locks held in the system: [ 921.335036][ T29] 3 locks held by kworker/u4:1/12: [ 921.340351][ T29] #0: ffff888017871538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 921.352316][ T29] #1: ffffc90000117d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 921.380615][ T29] #2: ffffffff8dfbb188 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 921.394739][ T29] 1 lock held by khungtaskd/29: [ 921.399702][ T29] #0: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 921.410257][ T29] 2 locks held by kworker/1:2/54: [ 921.420333][ T29] #0: ffff888017872538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 921.434333][ T29] #1: ffffc90000bf7d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 921.452716][ T29] 2 locks held by getty/5549: [ 921.457990][ T29] #0: ffff888031fd00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 921.468485][ T29] #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x425/0x1380 [ 921.479287][ T29] 1 lock held by udevd/5786: [ 921.483934][ T29] #0: ffff8880268cd4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 921.495880][ T29] 1 lock held by udevd/5792: [ 921.500571][ T29] #0: ffff88805d1824c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 921.511317][ T29] 1 lock held by udevd/5799: [ 921.516648][ T29] #0: ffff88807f3cc4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xff/0x760 [ 921.531090][ T29] 1 lock held by udevd/5802: [ 921.539266][ T29] #0: ffff88807b5874c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 921.553703][ T29] 1 lock held by udevd/6102: [ 921.558994][ T29] #0: ffff88805a3be4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 921.569900][ T29] 1 lock held by udevd/6104: [ 921.574528][ T29] #0: ffff88807c20b4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 921.585272][ T29] 1 lock held by udevd/12313: [ 921.589982][ T29] #0: ffff88807b6654c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 921.603447][ T29] 1 lock held by udevd/12670: [ 921.610824][ T29] #0: ffff8880761024c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 921.625790][ T29] 1 lock held by udevd/12690: [ 921.630571][ T29] #0: ffff888058f4b4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 921.647078][ T29] 1 lock held by udevd/12757: [ 921.651847][ T29] #0: ffff88801b3d44c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 921.662745][ T29] 1 lock held by udevd/13661: [ 921.668214][ T29] #0: ffff8880232884c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 921.678865][ T29] 1 lock held by udevd/13665: [ 921.683582][ T29] #0: ffff88805a3b84c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 921.693797][ T29] 2 locks held by syz.3.3921/17154: [ 921.699095][ T29] #0: ffffffff8dfbb188 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 [ 921.708142][ T29] #1: ffffffff8cd35b78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x360/0x830 [ 921.719577][ T29] 1 lock held by syz.2.3923/17159: [ 921.725363][ T29] #0: ffffffff8dfbb188 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 [ 921.734440][ T29] 1 lock held by syz.2.3923/17160: [ 921.748738][ T29] #0: ffffffff8dfbb188 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 [ 921.758373][ T29] 3 locks held by syz.2.3923/17161: [ 921.763609][ T29] #0: ffffffff8e01ff90 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 921.772392][ T29] #1: ffffffff8e01fda8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x10e/0x790 [ 921.782149][ T29] #2: ffffffff8dfbb188 (rtnl_mutex){+.+.}-{3:3}, at: tipc_nl_compat_doit+0x1fe/0x5e0 [ 921.792323][ T29] 1 lock held by syz.2.3923/17163: [ 921.798086][ T29] #0: ffffffff8dfbb188 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x7d2/0x1170 [ 921.807696][ T29] 1 lock held by syz.2.3923/17165: [ 921.812845][ T29] #0: ffffffff8dfbb188 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 [ 921.822507][ T29] 1 lock held by syz.2.3923/17167: [ 921.828875][ T29] #0: ffffffff8dfbb188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10 [ 921.839027][ T29] 1 lock held by syz.2.3923/17168: [ 921.844174][ T29] #0: ffffffff8dfbb188 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x7d2/0x1170 [ 921.853630][ T29] 1 lock held by syz.1.3926/17175: [ 921.859395][ T29] #0: ffffffff8dfbb188 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x3b9/0x1fd0 [ 921.869561][ T29] 1 lock held by syz.1.3926/17178: [ 921.874753][ T29] #0: ffffffff8dfbb188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10 [ 921.899781][ T29] [ 921.902166][ T29] ============================================= [ 921.902166][ T29] [ 921.924765][ T29] NMI backtrace for cpu 1 [ 921.929179][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted 6.6.100-syzkaller #0 [ 921.937124][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 921.947231][ T29] Call Trace: [ 921.950544][ T29] [ 921.953498][ T29] dump_stack_lvl+0x16c/0x230 [ 921.958208][ T29] ? preempt_count_add+0x91/0x1a0 [ 921.963282][ T29] ? show_regs_print_info+0x20/0x20 [ 921.968509][ T29] ? load_image+0x3b0/0x3b0 [ 921.973314][ T29] nmi_cpu_backtrace+0x39b/0x3d0 [ 921.978285][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 921.984597][ T29] ? _printk+0xd0/0x110 [ 921.988840][ T29] ? load_image+0x3b0/0x3b0 [ 921.993394][ T29] ? load_image+0x3b0/0x3b0 [ 921.997953][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 922.004053][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 922.010103][ T29] watchdog+0xf41/0xf80 [ 922.014291][ T29] ? watchdog+0x1e1/0xf80 [ 922.018655][ T29] kthread+0x2fa/0x390 [ 922.022744][ T29] ? hungtask_pm_notify+0x90/0x90 [ 922.027795][ T29] ? kthread_blkcg+0xd0/0xd0 [ 922.032436][ T29] ret_from_fork+0x48/0x80 [ 922.036879][ T29] ? kthread_blkcg+0xd0/0xd0 [ 922.041487][ T29] ret_from_fork_asm+0x11/0x20 [ 922.046294][ T29] [ 922.049354][ C1] vkms_vblank_simulate: vblank timer overrun [ 922.056730][ T29] Sending NMI from CPU 1 to CPUs 0: [ 922.062023][ C0] NMI backtrace for cpu 0 [ 922.062040][ C0] CPU: 0 PID: 6450 Comm: kworker/u4:11 Not tainted 6.6.100-syzkaller #0 [ 922.062059][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 922.062070][ C0] Workqueue: bat_events batadv_nc_worker [ 922.062097][ C0] RIP: 0010:lock_release+0x15c/0x8b0 [ 922.062119][ C0] Code: 00 9c 8f 84 24 a0 00 00 00 48 8b 84 24 a0 00 00 00 48 89 44 24 50 fa 48 c7 c7 20 c7 aa 8a e8 3b a3 05 09 65 ff 05 bc fe 9a 7e 44 24 5c 01 00 00 00 48 c7 c0 5c b2 4a 8e 48 c1 e8 03 42 0f b6 [ 922.062134][ C0] RSP: 0018:ffffc9000ffffa40 EFLAGS: 00000002 [ 922.062148][ C0] RAX: 0000000000000000 RBX: ffff8880768b8adc RCX: 9d56c46f774dbd00 [ 922.062160][ C0] RDX: 0000000000000000 RSI: ffffffff8aaac720 RDI: ffffffff8afc6700 [ 922.062172][ C0] RBP: ffffc9000ffffb50 R08: ffffffff8e4a7daf R09: 1ffffffff1c94fb5 [ 922.062184][ C0] R10: dffffc0000000000 R11: fffffbfff1c94fb6 R12: ffffffff8a357732 [ 922.062197][ C0] R13: dffffc0000000000 R14: ffff8880768b8000 R15: 1ffff92001ffff54 [ 922.062209][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 922.062223][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 922.062235][ C0] CR2: 000055556df8e5c8 CR3: 0000000074c2c000 CR4: 00000000003506f0 [ 922.062250][ C0] Call Trace: [ 922.062256][ C0] [ 922.062266][ C0] ? batadv_nc_worker+0xd2/0x610 [ 922.062287][ C0] ? __lock_acquire+0x7c80/0x7c80 [ 922.062306][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 922.062325][ C0] ? batadv_nc_worker+0xd2/0x610 [ 922.062346][ C0] ? batadv_nc_worker+0xd2/0x610 [ 922.062365][ C0] batadv_nc_worker+0x291/0x610 [ 922.062387][ C0] ? process_scheduled_works+0x957/0x15b0 [ 922.062414][ C0] process_scheduled_works+0xa45/0x15b0 [ 922.062447][ C0] ? assign_work+0x400/0x400 [ 922.062469][ C0] ? assign_work+0x39e/0x400 [ 922.062490][ C0] worker_thread+0xa55/0xfc0 [ 922.062510][ C0] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 922.062537][ C0] ? _raw_spin_unlock+0x40/0x40 [ 922.062560][ C0] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 922.062594][ C0] kthread+0x2fa/0x390 [ 922.062609][ C0] ? pr_cont_work+0x560/0x560 [ 922.062628][ C0] ? kthread_blkcg+0xd0/0xd0 [ 922.062647][ C0] ret_from_fork+0x48/0x80 [ 922.062666][ C0] ? kthread_blkcg+0xd0/0xd0 [ 922.062681][ C0] ret_from_fork_asm+0x11/0x20 [ 922.062710][ C0] [ 922.063276][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 922.301919][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted 6.6.100-syzkaller #0 [ 922.309845][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 922.319934][ T29] Call Trace: [ 922.323245][ T29] [ 922.326220][ T29] dump_stack_lvl+0x16c/0x230 [ 922.330947][ T29] ? show_regs_print_info+0x20/0x20 [ 922.336176][ T29] ? load_image+0x3b0/0x3b0 [ 922.340741][ T29] panic+0x2c0/0x710 [ 922.344676][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 922.350346][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 922.354879][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 922.360473][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 922.366683][ T29] watchdog+0xf80/0xf80 [ 922.370878][ T29] ? watchdog+0x1e1/0xf80 [ 922.375276][ T29] kthread+0x2fa/0x390 [ 922.379379][ T29] ? hungtask_pm_notify+0x90/0x90 [ 922.384456][ T29] ? kthread_blkcg+0xd0/0xd0 [ 922.389087][ T29] ret_from_fork+0x48/0x80 [ 922.393547][ T29] ? kthread_blkcg+0xd0/0xd0 [ 922.398163][ T29] ret_from_fork_asm+0x11/0x20 [ 922.402972][ T29] [ 922.406295][ T29] Kernel Offset: disabled [ 922.410630][ T29] Rebooting in 86400 seconds..