last executing test programs: 13.673039858s ago: executing program 1 (id=364): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r3, r5}, 0x10) r7 = socket$inet6(0xa, 0x2, 0x3a) r8 = dup(r7) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@fallback=r2, r5, 0x27, 0x2004, 0x0, @value=r6}, 0x20) bind$unix(r8, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x8, 0x3a, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @local, {[], @echo_reply={0x81, 0x0, 0x0, 0x200}}}}}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x4) r10 = socket$alg(0x26, 0x5, 0x0) bind$alg(r10, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58) socket$nl_netfilter(0x10, 0x3, 0xc) munlockall() 11.796760726s ago: executing program 3 (id=365): sendto(0xffffffffffffffff, &(0x7f0000000540)="0cc31a4098ddc80dadd3a0aa2bea9050d9f47bcde4cbb8170d3d61aabbdbd869e8a75ab95a3b8e8b960477dbbbbf5cb0fd4a98ea0032d054de676f19c5e1f84def57482d1b3eb94a2a1d3c0a733709610ece6cb54ae7f8c3ed385c3890244d348c9bcfb556ee478845ff23d8a9f2a492531e7c7ce719ef1983bdaf4008386323fc593be590321dbe51aa4ecabebf49ab7edb835efc0f722637337e20cc541399dc617deafa840b68f2b22e5f7c6afb3825871b966ab90a79a4d6d72f29a1e43abdf4d25f6352dfa26c576830c49b18ece887b47c37affa1c3f24fdb0e14151550796aaa09b4669e71d9f4255f63905467b709f7a7185347a078538e4443f0dad324393274e857979db0a9e3894857aacabc2f2ccd9457fda98a520e2b8c83085a206c8aea9dd18a0b66c87b3b61f95fafed84303436c7ae3782f714dc364c10102788b02d3aed05cb29fe974b75e7bf53dfd2554d7b700dcbf24a6fa021732b747a2c7d6d2a649e1ca523f91ba57da29e6e5050da7ec9466884aea64349e0c65b40bd78fe25622a5f854d351fd3282e85e37989b73e1a3b9fe874ad7131850117f285afe15040fd20cd9c861c95b2c1f9844ac1f8b3cd0a7f22269e235866434acb5f4d9d0b64301cd5b4e8c2da68caacd3f7dda0f325120ad99c05a55736067c87cceda7b850758e60ab8829b0dbfdc1ca8322e6716e643e00c2f665781461f08282a0aa366d9927036d685c3a721530dafe21e62906c5710c3214621d6374d9f5eef47eca1e5080e21832e6d639822a3bf99784f7b19e2dfaa7b8ba39dc5212c94585af38e7a50cbf6d619e3f1b8e4c17351203fa037ca4ce7ef32fd8b4387b8583ebd32a0c5aeb05fced1e492670cabc370aba18abe561e2bfcfa6d92c0c3d0419f5f4936772b6a0026a623914f09b04cf5d7c2b3ab010c676e9932f5807240a765b3d92d2bcdd63a91bd0f1c795fe0ecdda5e50ec8fd0a68115986168fb8bb67fa020ed3c416a716fb12d5d918b8522931dcf2bfd0c7bf7d9c56c490c9880309240d0c2cf1a3cafb647e1a9e1fde434cdbcae9eeac3f8c652a85d6aea69b3e9a922cb2727ed8f5", 0x309, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00]) read$FUSE(r0, &(0x7f0000003680)={0x2020}, 0x2020) 11.382829562s ago: executing program 1 (id=367): syz_usb_connect(0x5, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000002c0), 0x28e41, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000400)=0x17, 0x30) r5 = socket$inet6(0xa, 0x3, 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x3e}, @in=@rand_addr=0x64010100, 0x0, 0x3, 0x4e20, 0x4000, 0x2, 0x0, 0xa0, 0x67}, {0x0, 0x15000000000003, 0x0, 0xe, 0x7ffd, 0xffffffffffffffff, 0xfffffffffffffffe, 0xd3d}, {0x0, 0x4, 0x0, 0xfffffffffffffffa}, 0x0, 0x6e6bba, 0x1, 0x0, 0x1}, {{@in6=@loopback, 0x4d6, 0x3c}, 0x2, @in6=@private2={0xfc, 0x2, '\x00', 0xfe}, 0x0, 0x1, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0xe8) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x38011, r0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r6, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xc92}]}, &(0x7f0000000140)=0x10) r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r7, 0xab00, r8) ioctl$NBD_SET_FLAGS(r7, 0xab0a, 0xbdf) 11.261084624s ago: executing program 3 (id=369): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x20000040) 11.041467637s ago: executing program 3 (id=371): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) 8.685779592s ago: executing program 1 (id=375): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="240000001e005f0214f9f407000904001f0000000000000000000000080004000100000d", 0xfe3d) 8.307119257s ago: executing program 1 (id=376): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r2}, 0x10) r3 = memfd_create(&(0x7f00000000c0)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ', 0x6) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x1000000, 0x8010002}) 8.185514979s ago: executing program 0 (id=377): openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000001180), 0x0) 8.081160781s ago: executing program 2 (id=378): r0 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[], 0x78) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-512-generic\x00'}, 0x58) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r2, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}], 0x1, 0x48080) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x8) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e387b, 0x40, "08004e0626788a22b2fb12dab240794233a5bd", 0x4, 0x2}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r3, 0x5423, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000540)=0x9) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000180)=0x3) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000300)) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x9) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x7e) 6.927043188s ago: executing program 3 (id=379): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000000c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd27, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000002}, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x2, 0x4, 0x3}]}]}, 0xfc}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x80000001, 0x80000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x98, &(0x7f0000000000)=""/152}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b0000", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\x00\x00\x00'], 0x48) 6.72635736s ago: executing program 2 (id=380): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x20000040) 6.205371008s ago: executing program 2 (id=381): syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, 0x0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) write$P9_RSTATu(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="080200000200000005f8000000000000000000000000000000000000000000000000000000000000000000000000000000001b00046e6f6465767b65766f6f7e0539c60005000037d93a8b920000003800704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500002b595fcb14034354b9fd9ef196a51cd5157adc8103b494e11d00d299988014986ce982cfc26dd7c500f04cd85f2a70f5e9930e97a59a645500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe36f4fd1a4cc280e8e289da649a37002c016f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x239) 5.891788073s ago: executing program 0 (id=382): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, 0x0) r2 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r2, &(0x7f00000002c0)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r2, &(0x7f00000000c0), 0x2) read(r2, &(0x7f00000001c0)=""/93, 0x5d) write$USERIO_CMD_SEND_INTERRUPT(r2, &(0x7f0000000280)={0x2, 0xf2}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0xff}, 0x1) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r1, 0x0) ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x201, 0x8, 0x2, 0x0, 0x2}) readv(r1, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/246, 0xf6}], 0x1) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000400)=0xfffffffd) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xf}, {0xffff, 0xffff}, {0xfff4, 0x4}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x3}]}}]}, 0x38}}, 0x40044) r5 = socket(0x2, 0x3, 0xff) sendto$inet(r5, &(0x7f00000002c0)="b401fcc8cd1bb8b66f2e1c301f4c43f5996bbd0f", 0x14, 0xb00, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000040)={0x0, @in={{0x2, 0x4e23, @empty}}, [0x5, 0xb2, 0x1, 0xb, 0xf4, 0x1, 0x6, 0x5159, 0x1, 0x1, 0x8, 0x9900, 0x2, 0x6, 0x9f12]}, &(0x7f0000000140)=0x100) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000180)={r6, 0x5}, 0x8) r7 = syz_open_dev$dri(&(0x7f0000000200), 0x0, 0x600) ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r7, 0xc00464be, &(0x7f0000000300)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000480)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x3c}}, 0x4000) 5.658112117s ago: executing program 1 (id=383): syz_usb_connect(0x5, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000002c0), 0x28e41, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000400)=0x17, 0x30) r4 = socket$inet6(0xa, 0x3, 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x3e}, @in=@rand_addr=0x64010100, 0x0, 0x3, 0x4e20, 0x4000, 0x2, 0x0, 0xa0, 0x67}, {0x0, 0x15000000000003, 0x0, 0xe, 0x7ffd, 0xffffffffffffffff, 0xfffffffffffffffe, 0xd3d}, {0x0, 0x4, 0x0, 0xfffffffffffffffa}, 0x0, 0x6e6bba, 0x1, 0x0, 0x1}, {{@in6=@loopback, 0x4d6, 0x3c}, 0x2, @in6=@private2={0xfc, 0x2, '\x00', 0xfe}, 0x0, 0x1, 0x0, 0x0, 0x0, 0xff, 0x2}}, 0xe8) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x38011, r0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r5, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xc92}]}, &(0x7f0000000140)=0x10) r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r6, 0xab00, r7) ioctl$NBD_SET_FLAGS(r6, 0xab0a, 0xbdf) 5.361321291s ago: executing program 3 (id=384): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000440)='./bus\x00') write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x1000000000003, 0x3, 0x8000000000007, 0xaa, 0x3, 0x1, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000080), 0x7f03) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = timerfd_create(0x0, 0x0) r4 = syz_io_uring_setup(0x58f2, &(0x7f0000000140)={0x0, 0x0, 0x10100}, 0x0, &(0x7f0000000100)=0x0) r6 = open$dir(0x0, 0x80, 0x107) symlinkat(&(0x7f0000000280)='./file1\x00', r6, &(0x7f0000000340)='./bus\x00') syz_io_uring_submit(0x0, r5, 0x0) io_uring_enter(r4, 0x1f82, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r4, 0x2ba1, 0x9bb6, 0xb, &(0x7f0000000040)={[0xb]}, 0x8) ioctl$TFD_IOC_SET_TICKS(r3, 0x40085400, &(0x7f0000000080)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="1807000000000d000000000000000000851000000200000026000000feffff859500007b0000000095", @ANYRESHEX], &(0x7f0000000400)='GPL\x00', 0x2, 0x95, &(0x7f00000004c0)=""/149, 0x41100, 0x1}, 0x94) 5.190467073s ago: executing program 2 (id=385): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) ioprio_set$pid(0x2, 0x0, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000440)='./bus\x00') r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r3, 0x0, 0x0) sendfile(r3, r3, &(0x7f0000000080), 0x7f03) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) r5 = timerfd_create(0x0, 0x0) r6 = syz_io_uring_setup(0x58f2, &(0x7f0000000140)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) r9 = open$dir(0x0, 0x80, 0x107) symlinkat(&(0x7f0000000280)='./file1\x00', r9, &(0x7f0000000340)='./bus\x00') syz_io_uring_submit(r7, r8, 0x0) io_uring_enter(r6, 0x1f82, 0x0, 0x0, 0x0, 0x0) ioctl$TFD_IOC_SET_TICKS(r5, 0x40085400, &(0x7f0000000080)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="1807000000000d000000000000000000851000000200000026000000feffff859500007b0000000095", @ANYRESHEX], &(0x7f0000000400)='GPL\x00', 0x2, 0x95, &(0x7f00000004c0)=""/149, 0x41100, 0x1}, 0x94) 1.737498725s ago: executing program 0 (id=386): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x3b3c03, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) semget$private(0x0, 0x6, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) sendmmsg$inet(r1, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(0xffffffffffffffff, r2, 0xfffffffffffffc01, 0x0) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, &(0x7f0000000000)={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0002}}}, 0x14) connect$802154_dgram(r3, &(0x7f000000b900)={0x24, @none={0x0, 0xffff}}, 0x14) 1.735756755s ago: executing program 3 (id=387): creat(&(0x7f0000000040)='./file0\x00', 0x4b) r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x0, 0xcf6, 0x4c314356, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x2}}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, 0x0) setsockopt$MRT6_TABLE(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount$fuse(0x0, 0x0, 0x0, 0x2018081, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, 0x0, 0x0) listen(r5, 0x4000) close(r5) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) gettid() ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1) 1.596624087s ago: executing program 2 (id=388): syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000200)='./file0\x00', 0x10, &(0x7f0000000480)=ANY=[], 0x5, 0xa5a, &(0x7f0000001b40)="$eJzs3U1sHFcBAOA3a6/z22ZTHGrS0CYU2vJTu3FM+ImAVM2FqKm4Vaq4RElaIpyASCVI1UOSEzdaVeHK76mX8qNK5IKinrhUopG49FQ4cCAKUiUO0JC48vq99e7zbmbt2J6s9/uk2bdv3tt9b3ZnZmdn5r0XgKFVaz7OzEwUIVy+8saRfz32zy0hXBlfzNFoPo62xeohhCLGR7P3+2BkIbz14asnuoVFmG4+pnh47kbrtdtCCBfC3nA1NMLuy9def3f62WMXj17a996bh66vzdIDAMBw+c7VQzO7/v7Xh3Z+9NbDh8Om1vx0fN6I8e3xuP9wPPBPx/+10Bkv2qZ2Y1m+0TjVsnwjXfK1l1PP8o32KH8se996j3ybSsofaZvXbblhkKX1uBGK2mRHvFabnFz4Tx6a/+vHismzp2dfPFdRRYFV959HQgh7Taahny42N4jq67Gu09yOqvdAAAvy64VLXMjPLNyd1ruN9lf+jadr3V8Pq2C913/lD1b5v71oj8Pq2ahrU1qutB1tj/G26whnQpf7l/Ltby5/42z7T++XX4+o91nPXtcRBuX6Qq96jqxzPVaqV/3z9WKj+kYM0+fwzSy9ffvJv9NB+Y6B7v7r/L/JNLTTkuPbO8jvlQE2tvy+ubkopef39eXpm0rSN5ekbylJ39qRa2n6tpLXwzD748s/C68Vi//z8//0yz0fns6z3RfD+5dZn/x85HLLH7tDbD3Kd4zEIPnT8edPffXkC9cW7v8vWuv/7bi+743xRtyarsYM6Xxhfl69de9/o7OcWo98D2T1ua9L/ubz8c58xfji+4S2/cySekx0vm5Hr3x7OvM1snxb4rQ5q29+fLI1e106/kj71fR5jWbLW8+WYyyrR9qv7IxhXg9YibQ+9rr/P62fE6FevHh69tRTMZ7W07+M1DfNz99fXtTvVrvuwN3pt/3PROhs/7O9Nb9ea98v7FicX7TvFxrZ/Oke8w/EePqd+97Ilub8yRM/mD252gsPQ+7c+Ve+f3x29tSPPPHEE09aT6reMwFrberlMz+cOnf+lSdPnzn+0qmXTp09cPDggenpg187MDPVPK6faj+6BzaSxR/9qmsCAAAAAAAAAAAA9OvHR49c+9s7X3l/of3/Yvu/1P4/3fmb2v//tFho615rmx+6jAOY2gHu7JLezJN1sDqW5avH6RNZfcezcnZlr/tkDFvj+MX2/6m4vF/XVJ8Hs/l5/70pX9adwJL+UsayXkfy8QI/E8NLMfx1gAoVW7rPjmFZ/9ZpXU/9UyyjX4ruBVOJ9L2lLyX1Y5Laf/fq1ynt/3euQx1ZfevRnLDqZQS6+/cQ9//dPHZZw/f/zf3VL+Pm3mmbqq6bqfppbs4oHsC9oerxP9N5zxSe/fO3N89PKduNpzv3l3n/pXA37vXxJ5W/scb/bI1/19f+7+bS0RMaKyv3f7+4/n5bsWF3v/vffPlTP9DjeQl3PhP90Xz5NxcX5fHQX/lzv8rKzy8I9elmXP70+W/ts/wly7+nrKTzb3eb+/9YfvrYnni03/IXalzUOuuRnzdO1//y88bJrWz5T650+Vc4UOPtWD4Ms0EZZ3a5+hj/t6ls/N8lVnn8317y+zC+HONpR5juc8hHOFlm/VuR9DuwK3v/ouT3zfi/g+3rMSzbHtL4v2l9bHSJ19ri9S6f7Ubd18Cg+uDevf63+ENVfV1M/X5f1dfDtIxpbm5ubU9olai0cCr//Kv+n1B1+VV//mXy8X/zY/h8/N88PR//N0/Px//N0/Px9fL0rVl6/nnm4//m6Q9m75uPDzyR/cHO0z9V8vrdJekPlaTvKUn/dEn6vpL0h0vSHylJf6Ak/dGS9M+WpH+uJP2xkvQnStI/X5K+0aX2KMO6/DDM8vZ5tn8YHql9ba/tf7wkHRhcP39r/zMv/OG7jYX2/2Ot8yHpOt7hGK/H/84/ifH8undoi8+nvRPj/8jS7/XzHTBM8v4z8t/3x0vSgcGV7vOyfcMQKrq3k+i336pex/kMli/E8Isx/FIMn4zhZAynYrg/htPrVD/WxjO/f/vQa8Xi//0dWXq/95Pn7YHyfqIO9Fmf/PzAcu/Hz/vxW667LX+FzcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqU2s+zsxMFCFcvvLGkeePnZ6an/OtVo5G83G0LVZvvS6Ep2I4EsNfxie3Pnz1RHt4O4ZFmA5FKFrzw3M3WiVtCyFcCHvD1dAIuy9fe/3d6WePXTx6ad97bx66vnafAAAAAGx8HwcAAP//V88c0Q==") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x91}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x86443, 0x0) rename(&(0x7f0000000100)='./bus\x00', &(0x7f0000000180)='./file1\x00') unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) 1.593716917s ago: executing program 1 (id=389): gettid() prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb}, 0x38) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) r1 = socket$packet(0x11, 0x2, 0x300) syz_open_dev$video4linux(&(0x7f00000001c0), 0x2, 0x40080) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(r2, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1) sendto$inet6(r2, 0x0, 0xfffffffffffffe33, 0x200c8084, &(0x7f0000000080)={0xa, 0x4e20, 0x800000, @empty, 0x9}, 0x1c) recvmmsg(r2, &(0x7f0000002480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2000, 0x0) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000000040)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendto$packet(r1, &(0x7f0000000400)="205ae946", 0x4, 0x20008801, &(0x7f00000002c0)={0x11, 0x88a8, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14) 622.782401ms ago: executing program 0 (id=390): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0xca000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000004000000"]) 161.579918ms ago: executing program 0 (id=391): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x1030002}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r4, 0x0) 30.39654ms ago: executing program 0 (id=392): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r2, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c) 0s ago: executing program 2 (id=393): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000000c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd27, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000002}, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x2, 0x4, 0x3}]}]}, 0xfc}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x80000001, 0x80000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x98, &(0x7f0000000000)=""/152}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b0000", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\x00\x00\x00'], 0x48) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.164' (ED25519) to the list of known hosts. [ 81.612461][ T5780] cgroup: Unknown subsys name 'net' [ 81.777147][ T5780] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.556232][ T5780] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.744701][ T5797] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.754036][ T5797] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.762626][ T5797] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.771340][ T5797] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.779249][ T5797] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.788250][ T5797] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.811408][ T5802] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.828854][ T5806] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.837949][ T5806] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.845694][ T5802] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.846119][ T5807] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.860715][ T5797] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.862970][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.868903][ T5807] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.883286][ T5807] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.887711][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.898972][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.903877][ T5807] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.915450][ T5804] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.923106][ T5804] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.927304][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.931905][ T5804] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.938073][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.948435][ T5804] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.466033][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 86.523585][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 86.626220][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 86.714397][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 86.742745][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.750279][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.758552][ T5790] bridge_slave_0: entered allmulticast mode [ 86.765688][ T5790] bridge_slave_0: entered promiscuous mode [ 86.792236][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.799490][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.806721][ T5791] bridge_slave_0: entered allmulticast mode [ 86.814193][ T5791] bridge_slave_0: entered promiscuous mode [ 86.834752][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.842738][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.850438][ T5790] bridge_slave_1: entered allmulticast mode [ 86.857908][ T5790] bridge_slave_1: entered promiscuous mode [ 86.883974][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.891287][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.898618][ T5791] bridge_slave_1: entered allmulticast mode [ 86.905655][ T5791] bridge_slave_1: entered promiscuous mode [ 86.969538][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.976698][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.984200][ T5792] bridge_slave_0: entered allmulticast mode [ 86.992161][ T5792] bridge_slave_0: entered promiscuous mode [ 87.032727][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.042241][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.050929][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.058181][ T5792] bridge_slave_1: entered allmulticast mode [ 87.065167][ T5792] bridge_slave_1: entered promiscuous mode [ 87.075155][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.104619][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.141832][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.204476][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.240563][ T5790] team0: Port device team_slave_0 added [ 87.247324][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.254586][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.262809][ T5789] bridge_slave_0: entered allmulticast mode [ 87.270649][ T5789] bridge_slave_0: entered promiscuous mode [ 87.279600][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.286790][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.294899][ T5789] bridge_slave_1: entered allmulticast mode [ 87.302815][ T5789] bridge_slave_1: entered promiscuous mode [ 87.313584][ T5791] team0: Port device team_slave_0 added [ 87.322950][ T5791] team0: Port device team_slave_1 added [ 87.332011][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.358121][ T5790] team0: Port device team_slave_1 added [ 87.527905][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.534920][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.562687][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.578570][ T5792] team0: Port device team_slave_0 added [ 87.587682][ T5792] team0: Port device team_slave_1 added [ 87.594369][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.602210][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.635374][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.649508][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.656507][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.683020][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.697797][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.710586][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.735475][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.742892][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.769311][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.820656][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.827778][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.854222][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.897884][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.904884][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.931224][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.942841][ T5804] Bluetooth: hci1: command tx timeout [ 87.972032][ T5789] team0: Port device team_slave_0 added [ 87.983933][ T5790] hsr_slave_0: entered promiscuous mode [ 87.991308][ T5790] hsr_slave_1: entered promiscuous mode [ 88.007301][ T5804] Bluetooth: hci0: command tx timeout [ 88.012080][ T5802] Bluetooth: hci2: command tx timeout [ 88.012935][ T5801] Bluetooth: hci3: command tx timeout [ 88.041170][ T5789] team0: Port device team_slave_1 added [ 88.064906][ T5792] hsr_slave_0: entered promiscuous mode [ 88.071676][ T5792] hsr_slave_1: entered promiscuous mode [ 88.079373][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.087463][ T5792] Cannot create hsr debugfs directory [ 88.173770][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.180836][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.207473][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.221418][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.228574][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.254690][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.271479][ T5791] hsr_slave_0: entered promiscuous mode [ 88.278226][ T5791] hsr_slave_1: entered promiscuous mode [ 88.284481][ T5791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.292416][ T5791] Cannot create hsr debugfs directory [ 88.383168][ T5789] hsr_slave_0: entered promiscuous mode [ 88.389898][ T5789] hsr_slave_1: entered promiscuous mode [ 88.396087][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.404392][ T5789] Cannot create hsr debugfs directory [ 88.779285][ T5790] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.797840][ T5790] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.808885][ T5790] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.822845][ T5790] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.899397][ T5792] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.916597][ T5792] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.951213][ T5792] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.961555][ T5792] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.013650][ T5789] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.034127][ T5789] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.065943][ T5789] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.084308][ T5789] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.219907][ T5791] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.235497][ T5791] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.260028][ T5791] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.276296][ T5791] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.299860][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.356044][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.400188][ T1013] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.407644][ T1013] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.423300][ T1013] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.430554][ T1013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.505732][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.536514][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.583372][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.620942][ T5790] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.637083][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.644283][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.660426][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.674042][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.681281][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.704178][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.719804][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.727064][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.760280][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.767498][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.841349][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.921496][ T5789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.945125][ T1013] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.952311][ T1013] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.994414][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.001679][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.022725][ T5801] Bluetooth: hci1: command tx timeout [ 90.037680][ T5872] modprobe (5872) used greatest stack depth: 20784 bytes left [ 90.087619][ T5801] Bluetooth: hci3: command tx timeout [ 90.088880][ T5802] Bluetooth: hci2: command tx timeout [ 90.099139][ T5804] Bluetooth: hci0: command tx timeout [ 90.209172][ T5791] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 90.226293][ T5791] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.353943][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.376386][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.534596][ T5789] veth0_vlan: entered promiscuous mode [ 90.543375][ T5790] veth0_vlan: entered promiscuous mode [ 90.582114][ T5789] veth1_vlan: entered promiscuous mode [ 90.621907][ T5790] veth1_vlan: entered promiscuous mode [ 90.656646][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.705481][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.736818][ T5789] veth0_macvtap: entered promiscuous mode [ 90.761284][ T5790] veth0_macvtap: entered promiscuous mode [ 90.773480][ T5789] veth1_macvtap: entered promiscuous mode [ 90.796821][ T5790] veth1_macvtap: entered promiscuous mode [ 90.863131][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.876250][ T5792] veth0_vlan: entered promiscuous mode [ 90.896904][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.910446][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.923012][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.935052][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.945841][ T5791] veth0_vlan: entered promiscuous mode [ 90.964560][ T5791] veth1_vlan: entered promiscuous mode [ 90.981422][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.993147][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.011257][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.026506][ T5790] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.035912][ T5790] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.045238][ T5790] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.056076][ T5790] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.082075][ T5789] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.091269][ T5789] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.100509][ T5789] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.109748][ T5789] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.135359][ T5792] veth1_vlan: entered promiscuous mode [ 91.215498][ T5791] veth0_macvtap: entered promiscuous mode [ 91.274166][ T5791] veth1_macvtap: entered promiscuous mode [ 91.299126][ T5792] veth0_macvtap: entered promiscuous mode [ 91.358566][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.366770][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.382502][ T5792] veth1_macvtap: entered promiscuous mode [ 91.451779][ T1013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.461863][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.470932][ T1013] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.481567][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.500791][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.511470][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.521853][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.533614][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.545653][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.573281][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.591765][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.602995][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.615299][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.625568][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.636452][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.649800][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.691505][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.703688][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.713680][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.726213][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.738820][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.752841][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.763786][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.775508][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.786323][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.796526][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.807553][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.819680][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.835284][ T2902] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.840820][ T5791] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.858446][ T2902] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.862518][ T5791] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.875207][ T5791] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.884007][ T5791] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.906760][ T5792] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.916024][ T5792] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.930182][ T5792] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.940079][ T5792] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.087666][ T5804] Bluetooth: hci1: command tx timeout [ 92.168039][ T5804] Bluetooth: hci0: command tx timeout [ 92.168077][ T5802] Bluetooth: hci2: command tx timeout [ 92.174439][ T5801] Bluetooth: hci3: command tx timeout [ 92.317257][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.326832][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.370226][ T27] cfg80211: failed to load regulatory.db [ 92.405332][ T5896] syz.2.3[5896]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.954147][ T1013] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.966598][ T1013] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.014401][ T28] audit: type=1804 audit(1751631077.999:2): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.5" name="/newroot/1/file1" dev="fuse" ino=1 res=1 errno=0 [ 93.069504][ T28] audit: type=1800 audit(1751631078.029:3): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5" name="/" dev="fuse" ino=1 res=0 errno=0 [ 93.100641][ T28] audit: type=1804 audit(1751631078.029:4): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.5" name="/newroot/1/file1" dev="fuse" ino=1 res=1 errno=0 [ 93.121954][ T28] audit: type=1804 audit(1751631078.029:5): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.5" name="/newroot/1/file1" dev="fuse" ino=1 res=1 errno=0 [ 93.160394][ T28] audit: type=1800 audit(1751631078.029:6): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5" name="/" dev="fuse" ino=1 res=0 errno=0 [ 93.190586][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.202323][ T2902] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.227500][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.236511][ T2902] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.185711][ T5804] Bluetooth: hci1: command tx timeout [ 94.247417][ T5804] Bluetooth: hci0: command tx timeout [ 94.247444][ T5801] Bluetooth: hci3: command tx timeout [ 94.247479][ T5801] Bluetooth: hci2: command tx timeout [ 94.308127][ T5901] af_packet: tpacket_rcv: packet too big, clamped from 4 to 4294967272. macoff=96 [ 95.607804][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.922557][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.933109][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.573161][ T5938] loop0: detected capacity change from 0 to 512 [ 96.598806][ T5940] 9pnet_fd: Insufficient options for proto=fd [ 96.668405][ T5799] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 97.043811][ T5948] netlink: 'syz.2.20': attribute type 12 has an invalid length. [ 97.290870][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 97.300623][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 97.393211][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 97.457685][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 97.495666][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 97.537340][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 97.767502][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 98.480395][ T5951] netlink: 28 bytes leftover after parsing attributes in process `syz.0.19'. [ 98.496299][ T5951] netlink: 28 bytes leftover after parsing attributes in process `syz.0.19'. [ 99.443007][ T5966] 9pnet_fd: Insufficient options for proto=fd [ 102.739831][ T6003] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 104.623012][ T5794] libceph: connect (1)[c::]:6789 error -101 [ 104.757848][ T6017] ceph: No mds server is up or the cluster is laggy [ 104.817859][ T5794] libceph: mon0 (1)[c::]:6789 connect error [ 104.838140][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 105.253786][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 105.283118][ T9] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 105.297839][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.305934][ T9] usb 1-1: Product: syz [ 105.310854][ T9] usb 1-1: Manufacturer: syz [ 105.315629][ T9] usb 1-1: SerialNumber: syz [ 105.431198][ T9] usb 1-1: config 0 descriptor?? [ 105.926894][ T9] gspca_main: sq930x-2.14.0 probing 2770:930c [ 106.496057][ T9] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 106.503002][ T6037] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.583032][ T6028] loop1: detected capacity change from 0 to 32768 [ 106.594810][ T6028] ======================================================= [ 106.594810][ T6028] WARNING: The mand mount option has been deprecated and [ 106.594810][ T6028] and is ignored by this kernel. Remove the mand [ 106.594810][ T6028] option from the mount to silence this warning. [ 106.594810][ T6028] ======================================================= [ 106.794028][ T6028] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 107.477399][ T9] gspca_sq930x: Unknown sensor [ 107.484098][ T9] sq930x: probe of 1-1:0.0 failed with error -22 [ 107.637333][ T1194] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 107.715397][ T9] usb 1-1: USB disconnect, device number 2 [ 107.936415][ T6051] loop2: detected capacity change from 0 to 512 [ 107.999320][ T1194] usb 2-1: config 0 has no interfaces? [ 108.004898][ T1194] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 108.007228][ T6051] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 108.065263][ T1194] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.085726][ T6051] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 108.106503][ T1194] usb 2-1: config 0 descriptor?? [ 108.277113][ T6051] EXT4-fs (loop2): 1 truncate cleaned up [ 108.284727][ T6051] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.419521][ T9] usb 2-1: USB disconnect, device number 2 [ 108.497707][ T6061] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 108.538433][ T5792] ocfs2: Unmounting device (7,1) on (node local) [ 108.858116][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.631612][ T6059] loop0: detected capacity change from 0 to 32768 [ 109.693889][ T6059] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 109.747678][ T6059] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 109.923150][ T6059] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 109.958124][ T5891] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 109.965223][ T5891] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 110.137400][ T5891] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 172ms [ 110.143962][ T6081] loop1: detected capacity change from 0 to 512 [ 110.150187][ T5891] gfs2: fsid=syz:syz.0: jid=0: Done [ 110.157691][ T6059] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 110.262076][ T6081] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.343204][ T6081] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.536778][ T6080] loop2: detected capacity change from 0 to 32768 [ 110.608867][ T6080] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.56 (6080) [ 110.687726][ T6080] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 110.727233][ T6080] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 110.767086][ T6080] BTRFS info (device loop2): turning on sync discard [ 110.773887][ T6080] BTRFS info (device loop2): disabling tree log [ 110.808273][ T6080] BTRFS info (device loop2): metadata ratio 5 [ 110.814435][ T6080] BTRFS info (device loop2): using free space tree [ 110.952960][ T6080] BTRFS info (device loop2): enabling ssd optimizations [ 111.287191][ T6064] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 111.287342][ T5801] Bluetooth: hci1: command 0x0c1a tx timeout [ 111.662032][ T5789] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 111.803251][ T6064] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 111.870270][ T6064] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 111.897792][ T6064] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 111.925963][ T6064] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 111.964941][ T6064] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 111.979805][ T6064] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 112.005260][ T6064] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 112.090639][ T6064] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 112.204949][ T6064] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 112.258853][ T6064] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 112.394506][ T6064] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 112.635853][ T5799] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop2 scanned by udevd (5799) [ 113.237147][ T5891] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 113.287551][ T5792] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.368381][ T5801] Bluetooth: hci1: command 0x0c1a tx timeout [ 113.504645][ T6102] loop0: detected capacity change from 0 to 32768 [ 113.623140][ T6112] Zero length message leads to an empty skb [ 113.652848][ T5891] usb 3-1: Using ep0 maxpacket: 8 [ 113.892756][ T5891] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 113.947444][ T5801] Bluetooth: hci3: command 0x0c1a tx timeout [ 114.008500][ T5801] Bluetooth: hci2: command 0x0c1a tx timeout [ 114.246254][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.254638][ T5801] Bluetooth: hci0: command 0x0c1a tx timeout [ 114.334040][ T5891] usb 3-1: Product: syz [ 114.360654][ T5891] usb 3-1: Manufacturer: syz [ 114.365431][ T5891] usb 3-1: SerialNumber: syz [ 114.591995][ T5891] usb 3-1: config 0 descriptor?? [ 114.617660][ T5891] gspca_main: sq930x-2.14.0 probing 2770:930c [ 115.320919][ T5891] gspca_sq930x: reg_r 001f failed -110 [ 115.452929][ T5801] Bluetooth: hci1: command 0x0c1a tx timeout [ 115.467509][ T5891] sq930x: probe of 3-1:0.0 failed with error -110 [ 115.745850][ T6123] loop1: detected capacity change from 0 to 2048 [ 115.796673][ T6123] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 115.872262][ T5803] udevd[5803]: incorrect nilfs2 checksum on /dev/loop1 [ 115.928083][ T6127] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 116.017448][ T5801] Bluetooth: hci3: command 0x0c1a tx timeout [ 116.101439][ T5801] Bluetooth: hci2: command 0x0c1a tx timeout [ 116.347075][ T5801] Bluetooth: hci0: command 0x0c1a tx timeout [ 117.197146][ T28] audit: type=1800 audit(1751631102.159:7): pid=6123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.63" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 117.388467][ T5792] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 3044605952 [ 117.415049][ T5792] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [ 117.450386][ T5792] Remounting filesystem read-only [ 117.471665][ T5792] NILFS (loop1): error -5 truncating bmap (ino=15) [ 117.502365][ T5792] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 117.640512][ T5792] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 117.647877][ T5792] NILFS (loop1): discard dirty block: blocknr=36, size=1024 [ 117.655213][ T5792] NILFS (loop1): discard dirty block: blocknr=37, size=1024 [ 117.673080][ T5792] NILFS (loop1): discard dirty block: blocknr=38, size=1024 [ 118.088674][ T5801] Bluetooth: hci3: command 0x0c1a tx timeout [ 118.168086][ T5801] Bluetooth: hci2: command 0x0c1a tx timeout [ 118.407137][ T5801] Bluetooth: hci0: command 0x0c1a tx timeout [ 118.714814][ T9] usb 3-1: USB disconnect, device number 2 [ 118.991924][ T6138] loop0: detected capacity change from 0 to 32768 [ 119.014800][ T6136] loop3: detected capacity change from 0 to 32768 [ 119.034419][ T6136] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.66 (6136) [ 119.045811][ T6138] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 119.068617][ T6136] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 119.083105][ T6136] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 119.092341][ T6136] BTRFS info (device loop3): enabling ssd optimizations [ 119.099600][ T6136] BTRFS info (device loop3): using spread ssd allocation scheme [ 119.109057][ T6136] BTRFS info (device loop3): using free space tree [ 119.130047][ T6138] XFS (loop0): Ending clean mount [ 119.141738][ T6169] netlink: 36 bytes leftover after parsing attributes in process `syz.2.69'. [ 119.152533][ T6136] BTRFS info (device loop3): auto enabling async discard [ 119.286486][ T785] XFS (loop0): Metadata CRC error detected at xfs_rmapbt_read_verify+0x42/0xd0, xfs_rmapbt block 0x14 [ 119.305351][ T785] XFS (loop0): Unmount and run xfs_repair [ 119.313201][ T785] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 119.327510][ T785] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 119.336576][ T785] 00000010: 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 80 ................ [ 119.347999][ T785] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 119.362639][ T785] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 119.374149][ T785] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 119.387885][ T785] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 119.396885][ T785] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 119.409935][ T785] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 119.422500][ T58] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x14 len 4 error 74 [ 119.460120][ T58] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x182e/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598). Shutting down filesystem. [ 119.502325][ T58] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 119.550954][ T5790] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 119.576522][ T5791] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 122.087133][ C0] llc_process_tmr_ev: timer called on closed connection [ 123.191376][ T28] audit: type=1804 audit(1751631108.179:8): pid=6214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.77" name="/newroot/20/file1" dev="fuse" ino=1 res=1 errno=0 [ 123.346609][ T28] audit: type=1800 audit(1751631108.329:9): pid=6214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.77" name="/" dev="fuse" ino=1 res=0 errno=0 [ 123.437028][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 123.470285][ T6224] syz.0.83 uses obsolete (PF_INET,SOCK_PACKET) [ 123.584195][ T6221] loop1: detected capacity change from 0 to 32768 [ 123.592434][ T6221] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.82 (6221) [ 123.620596][ T6221] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 123.631094][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 123.636327][ T6221] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 123.645729][ T6221] BTRFS info (device loop1): turning on flush-on-commit [ 123.655075][ T6221] BTRFS info (device loop1): doing ref verification [ 123.662650][ T6221] BTRFS info (device loop1): doing ref verification [ 123.670977][ T6221] BTRFS info (device loop1): force clearing of disk cache [ 123.678717][ T9] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 123.689488][ T6221] BTRFS info (device loop1): enabling disk space caching [ 123.699848][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.708088][ T6221] BTRFS info (device loop1): enabling free space tree [ 123.716156][ T9] usb 4-1: Product: syz [ 123.720675][ T9] usb 4-1: Manufacturer: syz [ 123.725338][ T9] usb 4-1: SerialNumber: syz [ 123.730118][ T6221] BTRFS info (device loop1): enabling ssd optimizations [ 123.737149][ T6221] BTRFS info (device loop1): using spread ssd allocation scheme [ 123.744872][ T6221] BTRFS info (device loop1): max_inline at 4096 [ 123.751308][ T6221] BTRFS info (device loop1): using free space tree [ 123.754004][ T9] usb 4-1: config 0 descriptor?? [ 123.766279][ T9] gspca_main: sq930x-2.14.0 probing 2770:930c [ 123.867852][ T6221] BTRFS info (device loop1): auto enabling async discard [ 123.880304][ T6221] BTRFS info (device loop1): rebuilding free space tree [ 124.335689][ T6221] BTRFS info (device loop1): balance: start -s [ 124.660302][ T6221] BTRFS info (device loop1): left=0, need=98304, flags=2 [ 124.991666][ T6221] BTRFS info (device loop1): space_info SYSTEM has 0 free, is not full [ 125.000896][ T6221] BTRFS info (device loop1): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 125.014779][ T6221] BTRFS info (device loop1): global_block_rsv: size 1441792 reserved 1441792 [ 125.024207][ T6221] BTRFS info (device loop1): trans_block_rsv: size 0 reserved 0 [ 125.032046][ T6221] BTRFS info (device loop1): chunk_block_rsv: size 0 reserved 0 [ 125.039789][ T6221] BTRFS info (device loop1): delayed_block_rsv: size 0 reserved 0 [ 125.048939][ T6221] BTRFS info (device loop1): delayed_refs_rsv: size 0 reserved 0 [ 125.241787][ T6221] BTRFS info (device loop1): relocating block group 1048576 flags system [ 125.338458][ T6221] BTRFS info (device loop1): balance: canceled [ 125.593463][ T5792] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 126.414658][ T9] gspca_sq930x: reg_w 0305 fd00 failed -110 [ 127.986998][ T9] gspca_sq930x: Unknown sensor [ 127.998332][ T9] sq930x: probe of 4-1:0.0 failed with error -22 [ 128.009704][ T6267] loop2: detected capacity change from 0 to 2048 [ 128.027504][ T6267] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 128.059388][ T9] usb 4-1: USB disconnect, device number 2 [ 128.114987][ T6270] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 128.151815][ T28] audit: type=1800 audit(1751631113.139:10): pid=6267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.93" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 128.294759][ T6275] loop1: detected capacity change from 0 to 2048 [ 128.305380][ T6275] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 128.335909][ T6279] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 128.480767][ T6283] loop1: detected capacity change from 0 to 512 [ 128.508384][ T6283] EXT4-fs: Ignoring removed oldalloc option [ 128.531141][ T6283] EXT4-fs (loop1): 1 truncate cleaned up [ 128.552346][ T6283] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.614085][ T5792] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.997231][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 129.027092][ T785] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 129.187266][ T785] usb 4-1: device descriptor read/64, error -71 [ 129.208114][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 129.250168][ T9] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 129.271174][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.279300][ T9] usb 2-1: Product: syz [ 129.283721][ T9] usb 2-1: Manufacturer: syz [ 129.288562][ T9] usb 2-1: SerialNumber: syz [ 129.300266][ T9] usb 2-1: config 0 descriptor?? [ 129.309861][ T9] gspca_main: sq930x-2.14.0 probing 2770:930c [ 129.673355][ T785] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 130.317086][ T9] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 130.410125][ T785] usb 4-1: device descriptor read/64, error -71 [ 130.538262][ T785] usb usb4-port1: attempt power cycle [ 130.977325][ T785] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 131.026456][ T785] usb 4-1: device descriptor read/8, error -71 [ 131.287139][ T9] gspca_sq930x: Unknown sensor [ 131.307144][ T9] sq930x: probe of 2-1:0.0 failed with error -22 [ 131.331281][ T9] usb 2-1: USB disconnect, device number 3 [ 131.337013][ T785] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 131.385781][ T785] usb 4-1: device descriptor read/8, error -71 [ 131.691785][ T785] usb usb4-port1: unable to enumerate USB device [ 133.011485][ T5891] libceph: connect (1)[c::]:6789 error -101 [ 133.027279][ T5891] libceph: mon0 (1)[c::]:6789 connect error [ 133.344639][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.354700][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.573354][ T6340] ceph: No mds server is up or the cluster is laggy [ 134.027892][ T6320] loop1: detected capacity change from 0 to 32768 [ 134.045959][ T6320] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 134.055722][ T6320] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 134.161680][ T6320] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 134.167054][ T5794] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 134.174361][ T9] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 134.187087][ T5891] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 134.187101][ T9] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 134.274000][ T9] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 86ms [ 134.285315][ T9] gfs2: fsid=syz:syz.0: jid=0: Done [ 134.297195][ T6320] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 134.325259][ T6320] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 134.417842][ T5891] usb 1-1: Using ep0 maxpacket: 8 [ 134.454357][ T5891] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 134.465563][ T5794] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 134.485161][ T5794] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.493746][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.502608][ T5794] usb 4-1: Product: syz [ 134.512179][ T5891] usb 1-1: Product: syz [ 134.519353][ T5794] usb 4-1: Manufacturer: syz [ 134.524888][ T5891] usb 1-1: Manufacturer: syz [ 134.534717][ T5794] usb 4-1: SerialNumber: syz [ 134.539500][ T5891] usb 1-1: SerialNumber: syz [ 134.552183][ T5794] usb 4-1: config 0 descriptor?? [ 134.558703][ T5891] usb 1-1: config 0 descriptor?? [ 134.580993][ T5891] gspca_main: sq930x-2.14.0 probing 2770:930c [ 134.591549][ T5794] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 135.117634][ T5794] gspca_sunplus: reg_r err -110 [ 136.424643][ T5891] gspca_sq930x: reg_w 0305 fd00 failed -110 [ 136.932815][ T6370] loop2: detected capacity change from 0 to 2048 [ 136.941546][ T6370] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 136.965846][ T6373] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 137.018735][ T28] audit: type=1800 audit(1751631121.999:11): pid=6370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.120" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 137.093030][ T5789] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 3044605952 [ 137.114037][ T5789] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [ 137.126443][ T5789] Remounting filesystem read-only [ 137.135045][ T5789] NILFS (loop2): error -5 truncating bmap (ino=15) [ 137.145930][ T5789] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 137.155370][ T5789] NILFS (loop2): discard dirty block: blocknr=0, size=1024 [ 137.165828][ T5789] NILFS (loop2): discard dirty block: blocknr=36, size=1024 [ 137.175939][ T5789] NILFS (loop2): discard dirty block: blocknr=37, size=1024 [ 137.186132][ T5789] NILFS (loop2): discard dirty block: blocknr=38, size=1024 [ 137.518340][ T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 137.876868][ T9] usb 3-1: device descriptor read/64, error -71 [ 137.932702][ T6367] block nbd3: shutting down sockets [ 138.050343][ T1194] usb 4-1: USB disconnect, device number 7 [ 138.578422][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 138.747132][ T9] usb 3-1: device descriptor read/64, error -71 [ 138.868865][ T9] usb usb3-port1: attempt power cycle [ 139.047147][ T6388] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 139.081768][ T5891] gspca_sq930x: Unknown sensor [ 139.205246][ T5891] sq930x: probe of 1-1:0.0 failed with error -22 [ 139.226711][ T5891] usb 1-1: USB disconnect, device number 3 [ 139.367213][ T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 139.481404][ T9] usb 3-1: device descriptor read/8, error -71 [ 141.765699][ T1194] libceph: connect (1)[c::]:6789 error -101 [ 141.856451][ T1194] libceph: mon0 (1)[c::]:6789 connect error [ 142.103951][ T6419] ceph: No mds server is up or the cluster is laggy [ 142.347375][ T5794] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 143.422150][ T6433] loop0: detected capacity change from 0 to 2048 [ 143.445523][ T6433] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 143.468678][ T5794] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 143.478755][ T5794] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.487583][ T5794] usb 4-1: Product: syz [ 143.492008][ T5794] usb 4-1: Manufacturer: syz [ 143.496850][ T5794] usb 4-1: SerialNumber: syz [ 143.511935][ T6435] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 143.518213][ T5794] usb 4-1: config 0 descriptor?? [ 143.561826][ T28] audit: type=1800 audit(1751631128.549:12): pid=6433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.139" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 143.637533][ T6439] netlink: 36 bytes leftover after parsing attributes in process `syz.2.141'. [ 143.691124][ T5791] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 3044605952 [ 143.732994][ T5791] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 143.786814][ T5791] Remounting filesystem read-only [ 143.801647][ T5791] NILFS (loop0): error -5 truncating bmap (ino=15) [ 143.828212][ T5791] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 143.838644][ T5794] usb 4-1: can't set config #0, error -71 [ 143.846724][ T5794] usb 4-1: USB disconnect, device number 8 [ 145.617575][ T5791] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 145.625381][ T5791] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 145.667090][ T5791] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 145.697333][ T5791] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 147.547782][ T6471] netlink: 36 bytes leftover after parsing attributes in process `syz.3.152'. [ 147.579165][ T6469] loop2: detected capacity change from 0 to 512 [ 147.618185][ T6469] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.635474][ T6469] ext4 filesystem being mounted at /38/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.662138][ T6469] netlink: 4 bytes leftover after parsing attributes in process `syz.2.151'. [ 150.421894][ T6475] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 150.512307][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.001736][ T6504] netlink: 36 bytes leftover after parsing attributes in process `syz.2.161'. [ 152.927695][ T6498] loop3: detected capacity change from 0 to 32768 [ 152.953091][ T6498] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.159 (6498) [ 152.999352][ T6498] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 153.010045][ T6498] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 153.018870][ T6498] BTRFS info (device loop3): enabling disk space caching [ 153.032097][ T6498] BTRFS info (device loop3): doing ref verification [ 153.039008][ T6498] BTRFS info (device loop3): use zlib compression, level 3 [ 153.046372][ T6498] BTRFS info (device loop3): force clearing of disk cache [ 153.057133][ T6498] BTRFS info (device loop3): setting nodatacow, compression disabled [ 153.071403][ T6498] BTRFS info (device loop3): doing ref verification [ 153.080636][ T6498] BTRFS info (device loop3): disk space caching is enabled [ 153.243661][ T6498] BTRFS info (device loop3): enabling ssd optimizations [ 153.271631][ T6498] BTRFS info (device loop3): auto enabling async discard [ 153.305629][ T6498] BTRFS info (device loop3): rebuilding free space tree [ 153.360638][ T6498] BTRFS info (device loop3): disabling free space tree [ 153.379941][ T6498] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 153.403424][ T6498] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 154.223751][ T5790] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 154.658957][ T6512] loop0: detected capacity change from 0 to 32768 [ 154.862804][ T6512] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10 [ 155.862868][ T6548] netlink: 36 bytes leftover after parsing attributes in process `syz.2.171'. [ 157.019216][ T6559] loop2: detected capacity change from 0 to 2048 [ 157.029166][ T6559] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 157.270001][ T6566] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 158.044071][ T6573] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 3044605952 [ 158.101524][ T6573] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [ 158.117067][ T28] audit: type=1800 audit(1751631143.019:13): pid=6559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.176" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 158.196275][ T6573] Remounting filesystem read-only [ 158.222306][ T6573] NILFS (loop2): error -5 truncating bmap (ino=15) [ 158.318242][ T5789] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 158.326580][ T5789] NILFS (loop2): discard dirty block: blocknr=0, size=1024 [ 158.348240][ T5789] NILFS (loop2): discard dirty block: blocknr=36, size=1024 [ 158.355610][ T5789] NILFS (loop2): discard dirty block: blocknr=37, size=1024 [ 158.367034][ T5789] NILFS (loop2): discard dirty block: blocknr=38, size=1024 [ 159.458519][ T6586] loop2: detected capacity change from 0 to 4096 [ 160.622952][ T6600] loop2: detected capacity change from 0 to 2048 [ 160.637258][ T6600] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 160.857195][ T6605] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 160.907706][ T28] audit: type=1800 audit(1751631145.889:14): pid=6600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.186" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 162.187180][ T27] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 162.490930][ T27] usb 2-1: no configurations [ 162.589331][ T27] usb 2-1: can't read configurations, error -22 [ 162.887238][ T27] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 163.289221][ T27] usb 2-1: no configurations [ 163.294563][ T27] usb 2-1: can't read configurations, error -22 [ 163.301186][ T27] usb usb2-port1: attempt power cycle [ 163.758498][ T27] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 163.989781][ T27] usb 2-1: no configurations [ 164.019286][ T27] usb 2-1: can't read configurations, error -22 [ 164.197190][ T27] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 164.233995][ T6633] (null): rxe_set_mtu: Set mtu to 256 [ 164.253347][ T6633] vcan0 speed is unknown, defaulting to 1000 [ 164.264017][ T6633] vcan0 speed is unknown, defaulting to 1000 [ 164.271242][ T27] usb 2-1: no configurations [ 164.274991][ T6633] vcan0 speed is unknown, defaulting to 1000 [ 164.276044][ T27] usb 2-1: can't read configurations, error -22 [ 164.334884][ T27] usb usb2-port1: unable to enumerate USB device [ 165.200932][ T8] vcan0 speed is unknown, defaulting to 1000 [ 165.211883][ T6633] infiniband syz1: set active [ 165.228275][ T6633] infiniband syz1: added vcan0 [ 165.285568][ T6633] syz1: rxe_create_cq: returned err = -12 [ 165.295214][ T6633] infiniband syz1: Couldn't create ib_mad CQ [ 165.327432][ T6633] infiniband syz1: Couldn't open port 1 [ 165.484754][ T6642] vcan0 speed is unknown, defaulting to 1000 [ 165.519557][ T6633] RDS/IB: syz1: added [ 165.524561][ T6633] smc: adding ib device syz1 with port count 1 [ 165.585985][ T6633] smc: ib device syz1 port 1 has pnetid [ 165.595959][ T5794] vcan0 speed is unknown, defaulting to 1000 [ 166.828770][ T6633] vcan0 speed is unknown, defaulting to 1000 [ 167.357742][ T6633] vcan0 speed is unknown, defaulting to 1000 [ 167.728836][ T6633] vcan0 speed is unknown, defaulting to 1000 [ 167.788994][ T785] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 168.009893][ T6633] vcan0 speed is unknown, defaulting to 1000 [ 168.033632][ T785] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 168.067248][ T785] usb 1-1: config 0 has no interfaces? [ 168.078086][ T785] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 168.100528][ T785] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.110656][ T785] usb 1-1: Product: syz [ 168.114877][ T785] usb 1-1: Manufacturer: syz [ 168.130956][ T785] usb 1-1: SerialNumber: syz [ 168.155763][ T785] usb 1-1: config 0 descriptor?? [ 170.046305][ T6685] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 170.588155][ T6694] netlink: 36 bytes leftover after parsing attributes in process `syz.1.213'. [ 170.632074][ T5866] usb 1-1: USB disconnect, device number 4 [ 171.992035][ T6703] overlayfs: missing 'workdir' [ 174.207367][ T5866] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 174.415665][ T6729] netlink: 36 bytes leftover after parsing attributes in process `syz.1.225'. [ 174.431026][ T5866] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 174.456969][ T5866] usb 1-1: config 0 has no interfaces? [ 174.470093][ T5866] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 174.486312][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.509793][ T5866] usb 1-1: Product: syz [ 174.514042][ T5866] usb 1-1: Manufacturer: syz [ 174.527090][ T5866] usb 1-1: SerialNumber: syz [ 174.552681][ T5866] usb 1-1: config 0 descriptor?? [ 174.997996][ T6734] overlayfs: missing 'lowerdir' [ 176.923768][ T6750] overlayfs: missing 'workdir' [ 177.828295][ T8] usb 1-1: USB disconnect, device number 5 [ 178.151269][ T6759] overlayfs: missing 'lowerdir' [ 178.811175][ T6761] netlink: 36 bytes leftover after parsing attributes in process `syz.3.234'. [ 178.945184][ T6758] loop1: detected capacity change from 0 to 2048 [ 179.000304][ T6758] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 179.049554][ T6762] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 179.135763][ T6765] loop0: detected capacity change from 0 to 2048 [ 179.151044][ T6765] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 179.188364][ T6767] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 179.219156][ T5792] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 3044605952 [ 179.237014][ T28] audit: type=1800 audit(1751631164.219:15): pid=6765 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.235" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 179.244404][ T6765] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 3044605952 [ 179.265959][ T6765] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 179.267013][ T5792] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [ 179.307894][ T6765] Remounting filesystem read-only [ 179.317322][ T6765] NILFS (loop0): error -5 truncating bmap (ino=15) [ 179.340603][ T5792] Remounting filesystem read-only [ 179.350495][ T5792] NILFS (loop1): error -5 truncating bmap (ino=15) [ 179.398401][ T5792] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 179.405164][ T5792] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 179.443143][ T5792] NILFS (loop1): discard dirty block: blocknr=36, size=1024 [ 179.474589][ T5792] NILFS (loop1): discard dirty block: blocknr=37, size=1024 [ 179.503971][ T5792] NILFS (loop1): discard dirty block: blocknr=38, size=1024 [ 179.504391][ T5791] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 179.531807][ T5791] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 179.546580][ T5792] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 179.557712][ T5791] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 179.575994][ T5792] NILFS (loop1): discard dirty block: blocknr=42, size=1024 [ 179.586983][ T5791] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 179.597048][ T5792] NILFS (loop1): discard dirty block: blocknr=43, size=1024 [ 179.597053][ T5791] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 179.597106][ T5792] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 179.732818][ T5792] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 179.757066][ T5792] NILFS (loop1): discard dirty page: offset=196608, ino=3 [ 179.764272][ T5792] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 179.802657][ T6770] 9pnet_fd: Insufficient options for proto=fd [ 179.819116][ T5792] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 179.834070][ T5792] NILFS (loop1): discard dirty block: blocknr=49, size=1024 [ 179.848564][ T5792] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 180.400463][ T6786] overlayfs: missing 'lowerdir' [ 181.341823][ T6792] "syz.2.244" (6792) uses obsolete ecb(arc4) skcipher [ 181.638654][ T6797] overlayfs: missing 'lowerdir' [ 182.367261][ T6794] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 182.403613][ T6794] CIFS: Unable to determine destination address [ 183.724946][ T6802] loop0: detected capacity change from 0 to 2048 [ 183.748392][ T6806] 9pnet_fd: Insufficient options for proto=fd [ 183.807146][ T6802] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 184.692890][ T6813] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 184.921772][ T28] audit: type=1800 audit(1751631169.909:16): pid=6802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.246" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 185.019381][ T6821] overlayfs: missing 'lowerdir' [ 186.246829][ T6839] overlayfs: missing 'lowerdir' [ 187.678505][ T6848] 9pnet_fd: Insufficient options for proto=fd [ 189.456602][ T6871] overlayfs: missing 'lowerdir' [ 192.200857][ T6886] 9pnet_fd: Insufficient options for proto=fd [ 193.596356][ T6906] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 193.605303][ T6906] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 194.301721][ T6909] loop2: detected capacity change from 0 to 2048 [ 194.417118][ T6909] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 194.459478][ T6915] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 194.549015][ T28] audit: type=1800 audit(1751631179.539:17): pid=6909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.274" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 194.567671][ T6916] loop3: detected capacity change from 0 to 2048 [ 194.605838][ T6916] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 194.868400][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.875202][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.102507][ T6925] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 195.152615][ T28] audit: type=1800 audit(1751631180.139:18): pid=6916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.276" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 195.338017][ T6916] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 3044605952 [ 195.348370][ T6916] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 195.363096][ T6916] Remounting filesystem read-only [ 195.382183][ T6916] NILFS (loop3): error -5 truncating bmap (ino=15) [ 195.470693][ T5790] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 195.477722][ T5790] NILFS (loop3): discard dirty block: blocknr=0, size=1024 [ 195.494348][ T5790] NILFS (loop3): discard dirty block: blocknr=36, size=1024 [ 195.517083][ T5790] NILFS (loop3): discard dirty block: blocknr=37, size=1024 [ 195.538279][ T5790] NILFS (loop3): discard dirty block: blocknr=38, size=1024 [ 195.756147][ T6932] loop1: detected capacity change from 0 to 2048 [ 195.812361][ T6932] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 196.677226][ T6939] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 196.775403][ T6943] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 196.784364][ T6943] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 197.223798][ T28] audit: type=1800 audit(1751631182.209:19): pid=6932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.283" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 197.262101][ T6932] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 3044605952 [ 197.276078][ T6934] 9pnet_fd: Insufficient options for proto=fd [ 197.295747][ T6932] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [ 197.343788][ T6932] Remounting filesystem read-only [ 197.363280][ T6932] NILFS (loop1): error -5 truncating bmap (ino=15) [ 197.624270][ T5792] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 198.347015][ T5792] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 198.442199][ T5792] NILFS (loop1): discard dirty block: blocknr=36, size=1024 [ 198.541819][ T5792] NILFS (loop1): discard dirty block: blocknr=37, size=1024 [ 198.578187][ T5792] NILFS (loop1): discard dirty block: blocknr=38, size=1024 [ 198.608234][ T6958] loop0: detected capacity change from 0 to 2048 [ 198.659208][ T6958] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 198.724114][ T6961] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 198.896994][ T28] audit: type=1800 audit(1751631183.879:20): pid=6958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.289" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 199.097734][ T6968] overlayfs: missing 'lowerdir' [ 199.874397][ T6970] loop0: detected capacity change from 0 to 2048 [ 199.904366][ T6970] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 199.940010][ T6973] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 199.996352][ T28] audit: type=1800 audit(1751631184.979:21): pid=6970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.292" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 200.037461][ T6975] fuse: Bad value for 'fd' [ 200.045369][ T6970] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 3044605952 [ 200.073425][ T6970] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 200.109536][ T6970] Remounting filesystem read-only [ 200.118448][ T6970] NILFS (loop0): error -5 truncating bmap (ino=15) [ 200.462030][ T5791] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 200.704838][ T5791] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 200.746975][ T5791] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 200.767484][ T5791] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 200.797213][ T5791] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 202.039408][ T6990] "syz.0.296" (6990) uses obsolete ecb(arc4) skcipher [ 202.466398][ T6994] CIFS: Unable to determine destination address [ 205.931910][ T7024] loop3: detected capacity change from 0 to 2048 [ 206.587331][ T7024] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 206.678329][ T7026] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 206.778255][ T7028] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 3044605952 [ 206.787162][ T7028] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 206.796401][ T28] audit: type=1800 audit(1751631191.759:22): pid=7024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.307" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 206.838903][ T7028] Remounting filesystem read-only [ 206.852894][ T7028] NILFS (loop3): error -5 truncating bmap (ino=15) [ 206.965438][ T5790] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 207.012887][ T5790] NILFS (loop3): discard dirty block: blocknr=0, size=1024 [ 207.043261][ T5790] NILFS (loop3): discard dirty block: blocknr=36, size=1024 [ 207.054382][ T5790] NILFS (loop3): discard dirty block: blocknr=37, size=1024 [ 207.107042][ T5794] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 207.119623][ T5790] NILFS (loop3): discard dirty block: blocknr=38, size=1024 [ 207.153569][ T7031] "syz.2.310" (7031) uses obsolete ecb(arc4) skcipher [ 208.088896][ T7041] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 208.163266][ T7038] CIFS: Unable to determine destination address [ 208.287314][ T5794] usb 1-1: Using ep0 maxpacket: 8 [ 208.393022][ T5794] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 208.413467][ T5794] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.423110][ T5794] usb 1-1: Product: syz [ 208.427507][ T5794] usb 1-1: Manufacturer: syz [ 208.432262][ T5794] usb 1-1: SerialNumber: syz [ 208.568554][ T5794] usb 1-1: config 0 descriptor?? [ 208.664382][ T5794] gspca_main: sq930x-2.14.0 probing 2770:930c [ 208.851100][ T7046] random: crng reseeded on system resumption [ 209.357324][ T5794] gspca_sq930x: ucbus_write failed -110 [ 209.532816][ T7056] overlayfs: missing 'lowerdir' [ 210.574921][ T7050] 9pnet_fd: Insufficient options for proto=fd [ 211.477095][ T5794] gspca_sq930x: Unknown sensor [ 211.482022][ T5794] sq930x: probe of 1-1:0.0 failed with error -22 [ 211.540346][ T5794] usb 1-1: USB disconnect, device number 6 [ 211.691442][ T7073] loop1: detected capacity change from 0 to 2048 [ 211.734709][ T7073] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 211.975115][ T7079] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 212.691479][ T7081] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 212.925248][ T28] audit: type=1800 audit(1751631197.909:23): pid=7073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.320" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 215.312726][ T7092] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 215.321644][ T7092] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 215.429185][ T7094] overlayfs: missing 'lowerdir' [ 216.808027][ T7100] netlink: 36 bytes leftover after parsing attributes in process `syz.1.327'. [ 216.940265][ T7102] loop0: detected capacity change from 0 to 2048 [ 216.954878][ T7102] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 216.984958][ T7105] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 217.014519][ T28] audit: type=1800 audit(1751631201.999:24): pid=7102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.329" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 217.024255][ T7102] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 3044605952 [ 217.057309][ T7102] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 217.085803][ T7102] Remounting filesystem read-only [ 217.092211][ T7102] NILFS (loop0): error -5 truncating bmap (ino=15) [ 217.150188][ T5791] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 217.157446][ T5791] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 217.165138][ T5791] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 217.175398][ T5791] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 217.183817][ T5791] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 217.384377][ T7109] random: crng reseeded on system resumption [ 217.825636][ T7113] CIFS: Unable to determine destination address [ 219.093256][ T7119] loop3: detected capacity change from 0 to 2048 [ 219.120859][ T7119] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 219.382328][ T7126] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 219.391226][ T7126] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 219.895856][ T7128] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 219.972211][ T28] audit: type=1800 audit(1751631204.959:25): pid=7119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.335" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 220.017801][ T7119] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 3044605952 [ 220.044424][ T7119] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 220.079593][ T7119] Remounting filesystem read-only [ 220.113855][ T7119] NILFS (loop3): error -5 truncating bmap (ino=15) [ 220.175978][ T5790] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 220.193348][ T5790] NILFS (loop3): discard dirty block: blocknr=0, size=1024 [ 220.203808][ T5790] NILFS (loop3): discard dirty block: blocknr=36, size=1024 [ 220.217084][ T5790] NILFS (loop3): discard dirty block: blocknr=37, size=1024 [ 220.224466][ T5790] NILFS (loop3): discard dirty block: blocknr=38, size=1024 [ 220.296118][ T7143] loop3: detected capacity change from 0 to 2048 [ 220.307215][ T7143] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 220.325368][ T7144] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 220.383681][ T28] audit: type=1800 audit(1751631205.369:26): pid=7143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.340" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 220.390516][ T7143] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 3044605952 [ 220.418366][ T7143] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 220.427768][ T5891] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 220.432160][ T7143] Remounting filesystem read-only [ 220.442984][ T7143] NILFS (loop3): error -5 truncating bmap (ino=15) [ 220.529840][ T5790] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 220.536764][ T5790] NILFS (loop3): discard dirty block: blocknr=0, size=1024 [ 220.544177][ T5790] NILFS (loop3): discard dirty block: blocknr=36, size=1024 [ 220.554496][ T5790] NILFS (loop3): discard dirty block: blocknr=37, size=1024 [ 220.567161][ T5790] NILFS (loop3): discard dirty block: blocknr=38, size=1024 [ 220.617030][ T5891] usb 1-1: Using ep0 maxpacket: 8 [ 220.635078][ T5891] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 220.650480][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.661582][ T5891] usb 1-1: Product: syz [ 220.666044][ T5891] usb 1-1: Manufacturer: syz [ 220.671082][ T5891] usb 1-1: SerialNumber: syz [ 220.685785][ T5891] usb 1-1: config 0 descriptor?? [ 220.695528][ T5891] gspca_main: sq930x-2.14.0 probing 2770:930c [ 220.959933][ T5891] gspca_sq930x: reg_r 001f failed -32 [ 221.065338][ T5891] sq930x: probe of 1-1:0.0 failed with error -32 [ 221.454278][ T7155] CIFS: Unable to determine destination address [ 221.975219][ T5866] usb 1-1: USB disconnect, device number 7 [ 222.512210][ T7162] loop3: detected capacity change from 0 to 2048 [ 222.527932][ T7162] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 222.604725][ T7164] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 222.733919][ T28] audit: type=1800 audit(1751631207.719:27): pid=7162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.347" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 223.530692][ T7173] loop1: detected capacity change from 0 to 2048 [ 223.639370][ T7173] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 223.837563][ T7179] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 223.900770][ T7178] 9pnet_fd: Insufficient options for proto=fd [ 223.918111][ T8] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 223.961152][ T28] audit: type=1800 audit(1751631208.939:28): pid=7173 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.351" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 224.020975][ T7173] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 3044605952 [ 224.041473][ T7173] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [ 224.082634][ T7173] Remounting filesystem read-only [ 224.085499][ T7184] CIFS: Unable to determine destination address [ 224.103695][ T7173] NILFS (loop1): error -5 truncating bmap (ino=15) [ 224.304509][ T8] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 224.464954][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.527224][ T8] usb 4-1: Product: syz [ 224.658276][ T5792] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 224.671679][ T5792] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 224.679673][ T5792] NILFS (loop1): discard dirty block: blocknr=36, size=1024 [ 224.784633][ T8] usb 4-1: Manufacturer: syz [ 224.789354][ T8] usb 4-1: SerialNumber: syz [ 224.797067][ T8] usb 4-1: config 0 descriptor?? [ 224.807905][ T8] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 224.817031][ T5792] NILFS (loop1): discard dirty block: blocknr=37, size=1024 [ 224.827062][ T5792] NILFS (loop1): discard dirty block: blocknr=38, size=1024 [ 225.057669][ T7168] block nbd3: shutting down sockets [ 225.065076][ T8] gspca_sunplus: reg_r err -71 [ 225.099006][ T8] usb 4-1: USB disconnect, device number 9 [ 225.744420][ T7203] loop3: detected capacity change from 0 to 2048 [ 225.772307][ T7203] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 225.796698][ T7204] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 225.872143][ T28] audit: type=1800 audit(1751631210.849:29): pid=7203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.359" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 226.216786][ T7208] loop3: detected capacity change from 0 to 128 [ 226.310572][ T28] audit: type=1800 audit(1751631211.299:30): pid=7208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.361" name="file2" dev="loop3" ino=1048592 res=0 errno=0 [ 226.355995][ T7208] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 226.378786][ T7208] FAT-fs (loop3): Filesystem has been set read-only [ 226.385736][ T7208] syz.3.361: attempt to access beyond end of device [ 226.385736][ T7208] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 226.565621][ T7208] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 226.574179][ T7208] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 226.598217][ T7208] syz.3.361: attempt to access beyond end of device [ 226.598217][ T7208] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 226.628904][ T7208] syz.3.361: attempt to access beyond end of device [ 226.628904][ T7208] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 226.649482][ T7208] syz.3.361: attempt to access beyond end of device [ 226.649482][ T7208] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 226.664414][ T7208] syz.3.361: attempt to access beyond end of device [ 226.664414][ T7208] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 226.680193][ T7208] syz.3.361: attempt to access beyond end of device [ 226.680193][ T7208] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 226.714638][ T7208] syz.3.361: attempt to access beyond end of device [ 226.714638][ T7208] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 226.964616][ T7208] syz.3.361: attempt to access beyond end of device [ 226.964616][ T7208] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 227.308517][ T7208] syz.3.361: attempt to access beyond end of device [ 227.308517][ T7208] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 229.823068][ T7233] loop2: detected capacity change from 0 to 2048 [ 229.833125][ T7233] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 229.858717][ T7237] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 229.883058][ T28] audit: type=1800 audit(1751631214.869:31): pid=7233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.368" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 229.915654][ T7233] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 3044605952 [ 229.924413][ T7233] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [ 229.941417][ T7233] Remounting filesystem read-only [ 229.946527][ T7233] NILFS (loop2): error -5 truncating bmap (ino=15) [ 229.993119][ T5789] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 230.000265][ T5866] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 230.015410][ T5789] NILFS (loop2): discard dirty block: blocknr=0, size=1024 [ 230.033140][ T5789] NILFS (loop2): discard dirty block: blocknr=36, size=1024 [ 230.043456][ T5789] NILFS (loop2): discard dirty block: blocknr=37, size=1024 [ 230.056112][ T5789] NILFS (loop2): discard dirty block: blocknr=38, size=1024 [ 230.173262][ T7244] loop2: detected capacity change from 0 to 2048 [ 230.181895][ T7244] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 230.199693][ T7246] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 230.217005][ T5866] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 230.229573][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.237114][ T28] audit: type=1800 audit(1751631215.219:32): pid=7244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.372" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 230.240921][ T5866] usb 2-1: Product: syz [ 230.262623][ T5866] usb 2-1: Manufacturer: syz [ 230.267498][ T5866] usb 2-1: SerialNumber: syz [ 230.275356][ T5866] usb 2-1: config 0 descriptor?? [ 230.284297][ T7244] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 3044605952 [ 230.294759][ T7244] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [ 230.306501][ T5866] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 230.326817][ T7244] Remounting filesystem read-only [ 230.334513][ T7244] NILFS (loop2): error -5 truncating bmap (ino=15) [ 230.383036][ T5789] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 230.390268][ T5789] NILFS (loop2): discard dirty block: blocknr=0, size=1024 [ 230.398002][ T5789] NILFS (loop2): discard dirty block: blocknr=36, size=1024 [ 230.417685][ T5789] NILFS (loop2): discard dirty block: blocknr=37, size=1024 [ 230.445711][ T5789] NILFS (loop2): discard dirty block: blocknr=38, size=1024 [ 230.538184][ T7228] block nbd1: shutting down sockets [ 230.547197][ T5866] gspca_sunplus: reg_r err -71 [ 230.559900][ T5866] usb 2-1: USB disconnect, device number 8 [ 232.004886][ T7253] overlayfs: failed to resolve './file0': -2 [ 232.461538][ T7257] ceph: No mds server is up or the cluster is laggy [ 232.499711][ T27] libceph: connect (1)[c::]:6789 error -101 [ 232.505832][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 233.268424][ T7274] random: crng reseeded on system resumption [ 235.637025][ T1194] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 235.869639][ T1194] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 235.887184][ T1194] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.896039][ T1194] usb 2-1: Product: syz [ 235.904731][ T1194] usb 2-1: Manufacturer: syz [ 235.910746][ T1194] usb 2-1: SerialNumber: syz [ 239.170902][ T1194] usb 2-1: config 0 descriptor?? [ 239.181042][ T1194] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 239.395502][ T1194] gspca_sunplus: reg_r err -71 [ 239.433695][ T1194] usb 2-1: USB disconnect, device number 9 [ 240.414688][ T7305] loop2: detected capacity change from 0 to 2048 [ 240.486137][ T7305] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 240.609052][ T7312] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 240.741524][ T28] audit: type=1800 audit(1751631225.729:33): pid=7305 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.388" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 240.773589][ T7313] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 3044605952 [ 240.804013][ T7313] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [ 240.838207][ T7313] Remounting filesystem read-only [ 240.848391][ T7313] NILFS (loop2): error -5 truncating bmap (ino=15) [ 241.000617][ T5789] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 241.008696][ T5789] NILFS (loop2): discard dirty block: blocknr=0, size=1024 [ 241.016166][ T5789] NILFS (loop2): discard dirty block: blocknr=36, size=1024 [ 241.031591][ T5789] NILFS (loop2): discard dirty block: blocknr=37, size=1024 [ 241.049381][ T5789] NILFS (loop2): discard dirty block: blocknr=38, size=1024 [ 241.112098][ T7318] ================================================================== [ 241.120230][ T7318] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x391/0x990 [ 241.127924][ T7318] Read of size 1 at addr ffff88805dba0830 by task syz.0.392/7318 [ 241.135682][ T7318] [ 241.138064][ T7318] CPU: 0 PID: 7318 Comm: syz.0.392 Not tainted 6.6.95-syzkaller #0 [ 241.145990][ T7318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 241.156103][ T7318] Call Trace: [ 241.159423][ T7318] [ 241.162390][ T7318] dump_stack_lvl+0x16c/0x230 [ 241.167121][ T7318] ? __lock_acquire+0x7c80/0x7c80 [ 241.172186][ T7318] ? show_regs_print_info+0x20/0x20 [ 241.177437][ T7318] ? load_image+0x3b0/0x3b0 [ 241.181999][ T7318] ? __virt_addr_valid+0x469/0x540 [ 241.187156][ T7318] print_report+0xac/0x230 [ 241.191621][ T7318] ? rose_get_neigh+0x391/0x990 [ 241.196518][ T7318] kasan_report+0x117/0x150 [ 241.201074][ T7318] ? rose_get_neigh+0x391/0x990 [ 241.205970][ T7318] rose_get_neigh+0x391/0x990 [ 241.210705][ T7318] rose_connect+0x417/0x10a0 [ 241.215360][ T7318] ? aa_sk_perm+0x7fc/0x930 [ 241.219903][ T7318] ? rose_bind+0x7c0/0x7c0 [ 241.224369][ T7318] ? aa_af_perm+0x200/0x2b0 [ 241.228908][ T7318] ? tomoyo_socket_connect_permission+0x164/0x290 [ 241.235374][ T7318] ? __might_fault+0xaa/0x120 [ 241.240105][ T7318] ? bpf_lsm_socket_connect+0x9/0x10 [ 241.245453][ T7318] ? security_socket_connect+0x80/0xa0 [ 241.251000][ T7318] ? rose_bind+0x7c0/0x7c0 [ 241.255467][ T7318] __sys_connect+0x397/0x420 [ 241.260116][ T7318] ? __sys_connect_file+0x180/0x180 [ 241.265380][ T7318] __x64_sys_connect+0x7a/0x90 [ 241.270210][ T7318] do_syscall_64+0x55/0xb0 [ 241.274679][ T7318] ? clear_bhb_loop+0x40/0x90 [ 241.279412][ T7318] ? clear_bhb_loop+0x40/0x90 [ 241.284139][ T7318] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 241.290082][ T7318] RIP: 0033:0x7f9e7d98e929 [ 241.294546][ T7318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.314203][ T7318] RSP: 002b:00007f9e7d7ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 241.322659][ T7318] RAX: ffffffffffffffda RBX: 00007f9e7dbb5fa0 RCX: 00007f9e7d98e929 [ 241.330681][ T7318] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000008 [ 241.338699][ T7318] RBP: 00007f9e7da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 241.346722][ T7318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.354745][ T7318] R13: 0000000000000000 R14: 00007f9e7dbb5fa0 R15: 00007ffdb74ed998 [ 241.362777][ T7318] [ 241.365830][ T7318] [ 241.368196][ T7318] Allocated by task 6273: [ 241.372565][ T7318] kasan_set_track+0x4e/0x70 [ 241.377207][ T7318] __kasan_kmalloc+0x8f/0xa0 [ 241.381851][ T7318] rose_add_node+0x23a/0xdd0 [ 241.386492][ T7318] rose_rt_ioctl+0xa42/0xfb0 [ 241.391110][ T7318] rose_ioctl+0x3cf/0x8b0 [ 241.395478][ T7318] sock_do_ioctl+0xd7/0x2f0 [ 241.400000][ T7318] sock_ioctl+0x623/0x7a0 [ 241.404341][ T7318] __se_sys_ioctl+0xfd/0x170 [ 241.408955][ T7318] do_syscall_64+0x55/0xb0 [ 241.413395][ T7318] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 241.419310][ T7318] [ 241.421646][ T7318] Freed by task 7318: [ 241.425633][ T7318] kasan_set_track+0x4e/0x70 [ 241.430245][ T7318] kasan_save_free_info+0x2e/0x50 [ 241.435292][ T7318] ____kasan_slab_free+0x126/0x1e0 [ 241.440426][ T7318] slab_free_freelist_hook+0x130/0x1b0 [ 241.445902][ T7318] __kmem_cache_free+0xba/0x1f0 [ 241.450767][ T7318] rose_rt_device_down+0x66d/0x6c0 [ 241.455901][ T7318] rose_device_event+0x604/0x690 [ 241.460860][ T7318] notifier_call_chain+0x197/0x390 [ 241.466008][ T7318] __dev_notify_flags+0x18e/0x2e0 [ 241.471059][ T7318] dev_change_flags+0xe8/0x1a0 [ 241.475851][ T7318] dev_ifsioc+0x6a7/0xe20 [ 241.480200][ T7318] dev_ioctl+0x7e2/0x1170 [ 241.484554][ T7318] sock_do_ioctl+0x226/0x2f0 [ 241.489163][ T7318] sock_ioctl+0x623/0x7a0 [ 241.493508][ T7318] __se_sys_ioctl+0xfd/0x170 [ 241.498126][ T7318] do_syscall_64+0x55/0xb0 [ 241.502564][ T7318] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 241.508479][ T7318] [ 241.510821][ T7318] The buggy address belongs to the object at ffff88805dba0800 [ 241.510821][ T7318] which belongs to the cache kmalloc-512 of size 512 [ 241.524893][ T7318] The buggy address is located 48 bytes inside of [ 241.524893][ T7318] freed 512-byte region [ffff88805dba0800, ffff88805dba0a00) [ 241.538657][ T7318] [ 241.540996][ T7318] The buggy address belongs to the physical page: [ 241.547434][ T7318] page:ffffea000176e800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5dba0 [ 241.557667][ T7318] head:ffffea000176e800 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 241.566634][ T7318] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 241.574650][ T7318] page_type: 0xffffffff() [ 241.579007][ T7318] raw: 00fff00000000840 ffff888017841c80 dead000000000100 dead000000000122 [ 241.587625][ T7318] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 241.596657][ T7318] page dumped because: kasan: bad access detected [ 241.603121][ T7318] page_owner tracks the page as allocated [ 241.608851][ T7318] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5161, tgid 5161 (udevd), ts 92335729110, free_ts 92313030524 [ 241.631014][ T7318] post_alloc_hook+0x1cd/0x210 [ 241.635819][ T7318] get_page_from_freelist+0x195c/0x19f0 [ 241.641400][ T7318] __alloc_pages+0x1e3/0x460 [ 241.646009][ T7318] alloc_slab_page+0x5d/0x170 [ 241.650707][ T7318] new_slab+0x87/0x2e0 [ 241.654790][ T7318] ___slab_alloc+0xc6d/0x12f0 [ 241.659482][ T7318] __kmem_cache_alloc_node+0x1a2/0x260 [ 241.664959][ T7318] kmalloc_trace+0x2a/0xe0 [ 241.669387][ T7318] kernfs_fop_open+0x3f5/0xcc0 [ 241.674162][ T7318] do_dentry_open+0x8c6/0x1500 [ 241.678951][ T7318] path_openat+0x274b/0x3190 [ 241.683556][ T7318] do_filp_open+0x1c5/0x3d0 [ 241.688076][ T7318] do_sys_openat2+0x12c/0x1c0 [ 241.692771][ T7318] __x64_sys_openat+0x139/0x160 [ 241.697642][ T7318] do_syscall_64+0x55/0xb0 [ 241.702086][ T7318] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 241.708000][ T7318] page last free stack trace: [ 241.712679][ T7318] free_unref_page_prepare+0x7ce/0x8e0 [ 241.718160][ T7318] free_unref_page+0x32/0x2e0 [ 241.722850][ T7318] __stack_depot_save+0x572/0x630 [ 241.727894][ T7318] kasan_set_track+0x5f/0x70 [ 241.732512][ T7318] __kasan_slab_alloc+0x6c/0x80 [ 241.737383][ T7318] slab_post_alloc_hook+0x6e/0x4d0 [ 241.742520][ T7318] kmem_cache_alloc+0x11e/0x2e0 [ 241.747383][ T7318] debug_objects_fill_pool+0x407/0x6b0 [ 241.752869][ T7318] debug_object_activate+0x36/0x4b0 [ 241.758092][ T7318] insert_work+0x35/0x310 [ 241.762444][ T7318] __queue_work+0xc39/0x1020 [ 241.767046][ T7318] queue_work_on+0x121/0x1e0 [ 241.771649][ T7318] ieee80211_ibss_join+0xa6e/0xea0 [ 241.776791][ T7318] __cfg80211_join_ibss+0x668/0xad0 [ 241.782022][ T7318] nl80211_join_ibss+0xc9d/0xf90 [ 241.786983][ T7318] genl_family_rcv_msg_doit+0x209/0x2f0 [ 241.792558][ T7318] [ 241.794895][ T7318] Memory state around the buggy address: [ 241.800532][ T7318] ffff88805dba0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 241.808608][ T7318] ffff88805dba0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 241.816690][ T7318] >ffff88805dba0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 241.824758][ T7318] ^ [ 241.830397][ T7318] ffff88805dba0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 241.838473][ T7318] ffff88805dba0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 241.846547][ T7318] ================================================================== [ 241.854914][ T7318] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 241.862150][ T7318] CPU: 0 PID: 7318 Comm: syz.0.392 Not tainted 6.6.95-syzkaller #0 [ 241.870079][ T7318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 241.880176][ T7318] Call Trace: [ 241.883489][ T7318] [ 241.886449][ T7318] dump_stack_lvl+0x16c/0x230 [ 241.891177][ T7318] ? show_regs_print_info+0x20/0x20 [ 241.896420][ T7318] ? load_image+0x3b0/0x3b0 [ 241.900971][ T7318] panic+0x2c0/0x710 [ 241.904905][ T7318] ? bpf_jit_dump+0xd0/0xd0 [ 241.909447][ T7318] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 241.915379][ T7318] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 241.921312][ T7318] ? _raw_spin_unlock+0x40/0x40 [ 241.926195][ T7318] ? print_memory_metadata+0x314/0x400 [ 241.931716][ T7318] ? rose_get_neigh+0x391/0x990 [ 241.936625][ T7318] check_panic_on_warn+0x84/0xa0 [ 241.941612][ T7318] ? rose_get_neigh+0x391/0x990 [ 241.946509][ T7318] end_report+0x6f/0x140 [ 241.950803][ T7318] kasan_report+0x128/0x150 [ 241.955359][ T7318] ? rose_get_neigh+0x391/0x990 [ 241.960267][ T7318] rose_get_neigh+0x391/0x990 [ 241.965000][ T7318] rose_connect+0x417/0x10a0 [ 241.969641][ T7318] ? aa_sk_perm+0x7fc/0x930 [ 241.974185][ T7318] ? rose_bind+0x7c0/0x7c0 [ 241.978642][ T7318] ? aa_af_perm+0x200/0x2b0 [ 241.983180][ T7318] ? tomoyo_socket_connect_permission+0x164/0x290 [ 241.989643][ T7318] ? __might_fault+0xaa/0x120 [ 241.994380][ T7318] ? bpf_lsm_socket_connect+0x9/0x10 [ 241.999717][ T7318] ? security_socket_connect+0x80/0xa0 [ 242.005218][ T7318] ? rose_bind+0x7c0/0x7c0 [ 242.009681][ T7318] __sys_connect+0x397/0x420 [ 242.014331][ T7318] ? __sys_connect_file+0x180/0x180 [ 242.019637][ T7318] __x64_sys_connect+0x7a/0x90 [ 242.024474][ T7318] do_syscall_64+0x55/0xb0 [ 242.028940][ T7318] ? clear_bhb_loop+0x40/0x90 [ 242.033682][ T7318] ? clear_bhb_loop+0x40/0x90 [ 242.038400][ T7318] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 242.044342][ T7318] RIP: 0033:0x7f9e7d98e929 [ 242.048802][ T7318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.068462][ T7318] RSP: 002b:00007f9e7d7ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 242.076924][ T7318] RAX: ffffffffffffffda RBX: 00007f9e7dbb5fa0 RCX: 00007f9e7d98e929 [ 242.084932][ T7318] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000008 [ 242.092941][ T7318] RBP: 00007f9e7da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 242.100950][ T7318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 242.108960][ T7318] R13: 0000000000000000 R14: 00007f9e7dbb5fa0 R15: 00007ffdb74ed998 [ 242.116989][ T7318] [ 242.120336][ T7318] Kernel Offset: disabled [ 242.124670][ T7318] Rebooting in 86400 seconds..