last executing test programs: 5.366261933s ago: executing program 4 (id=637): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001340)={&(0x7f0000001d80)=ANY=[@ANYBLOB="9feb01001800000000000000100000001000000002000000fc0800ff00000001"], 0x0, 0x2a, 0x0, 0x1, 0x400, 0x0, @void, @value}, 0x28) 4.413065123s ago: executing program 4 (id=638): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) write$bt_hci(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0101"], 0xc) 4.214121719s ago: executing program 4 (id=642): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000240)={&(0x7f0000ffe000/0x1000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/105, 0x69, 0x0, 0x0, 0x3d}, &(0x7f0000000280)=0x40) 4.090385469s ago: executing program 4 (id=643): ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) mprotect(&(0x7f0000913000/0x2000)=nil, 0x2000, 0x5000007) syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea0009058703", @ANYRES8], 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000500)=""/4096, 0x1000) 3.627791388s ago: executing program 1 (id=650): mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10041, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000740)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]}) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) mknodat$loop(r4, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000240), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) linkat(r5, &(0x7f0000000140)='./file1\x00', r5, &(0x7f00000002c0)='./file0\x00', 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) fsync(r6) 2.634094071s ago: executing program 1 (id=652): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10) r1 = gettid() r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r2, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000080)={0x335}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000400)) tkill(r1, 0x7) 2.505974762s ago: executing program 0 (id=653): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01dfffffff000000000021"], 0x20}}, 0x0) 2.494226443s ago: executing program 2 (id=654): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000240)={0xf000000, 0xfffffffc, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 2.354232484s ago: executing program 2 (id=656): openat$mice(0xffffff9c, &(0x7f0000000180), 0x101100) syz_open_procfs(0x0, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = socket$unix(0x1, 0x5, 0x0) r2 = dup2(r1, r0) close_range(r2, 0xffffffffffffffff, 0x0) 2.334654205s ago: executing program 0 (id=657): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c003d000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) syz_emit_vhci(&(0x7f00000004c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x23}, @l2cap_cid_signaling={{0x1f}, [@l2cap_conn_req={{0x2, 0x9, 0x4}, {0x9, 0x9}}, @l2cap_disconn_req={{0x6, 0x2, 0x4}, {0x1, 0xff8e}}, @l2cap_disconn_rsp={{0x7, 0x11, 0x4}, {0x75, 0xb0ff}}, @l2cap_move_chan_req={{0xe, 0x9, 0x3}, {0x7, 0xa3}}]}}, 0x28) r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x101641) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x90) 2.247709383s ago: executing program 1 (id=658): r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) writev(r0, &(0x7f0000000540)=[{&(0x7f0000000500)="0a068c5738b78a07d346d9fea8d46088962fe02823fbdcaf82c015f24dbc6bbaea", 0x21}], 0x1) 2.170202649s ago: executing program 0 (id=659): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[], 0x4b0}}, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000500)=0x8) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000240)={r2, 0x1, 0x9, 0xc93c, 0x6, 0xf}, 0x14) 2.169874s ago: executing program 2 (id=660): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x88}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 2.16754898s ago: executing program 3 (id=661): capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000140)) r0 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x18) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) 2.100034406s ago: executing program 0 (id=662): ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc080661a, &(0x7f0000000000)={@id={0x2, 0x0, @a}}) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000140)={r2}, 0x8) 2.099773245s ago: executing program 1 (id=663): mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10041, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000740)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]}) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) mknodat$loop(r4, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000240), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) linkat(r5, &(0x7f0000000140)='./file1\x00', r5, &(0x7f00000002c0)='./file0\x00', 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) fsync(r6) 2.083609247s ago: executing program 2 (id=664): r0 = syz_usb_connect(0x0, 0x3f, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000780)={0x34, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x20, 0x1, 0x1, 0x1}, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x5b03, 0x0) 1.890169693s ago: executing program 3 (id=665): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="7800000039000900000000000000000001000000040000000c"], 0x78}}, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r0, &(0x7f0000003440)=[{{&(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) 1.798275031s ago: executing program 0 (id=666): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000001a000100000000aa34ef417e2ab7cb81b70000000000020000001000c80000000000"], 0x1c}}, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f00000004c0)={{0x1, 0xffffffffffffffff, 0x0, 0x0, 0xee00, 0x1cb, 0x38f}, 0x0, 0x0, 0xb7, 0xda, 0x4, 0x2, 0x8, 0x2, 0x101a, 0xd7df}) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x11) ioctl$UI_SET_LEDBIT(r4, 0x40045569, 0x3) ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000100)={{}, 'syz0\x00'}) ioctl$UI_DEV_CREATE(r4, 0x5501) ioctl$UI_DEV_DESTROY(r4, 0x5502) ioctl$BLKROGET(r1, 0x125e, &(0x7f00000001c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB="540000001000010400"/19, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e00000020000280040012000500160002000000060018000008000005001700"], 0x54}}, 0x0) unshare(0x2040400) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000240)={0x10001b, 0xfa, 0x0, {r5}}, 0x20) r6 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x1c0, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x9c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x0, 0x0, 0x0, 0x5000000}}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0xfffffffc}}, @TCA_HTB_INIT={0x18}, @TCA_HTB_DIRECT_QLEN={0x8}, @TCA_HTB_INIT={0x18}, @TCA_HTB_INIT={0x18}, @TCA_HTB_INIT={0x18}]}}, @TCA_STAB={0xf8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x6, 0xa, 0xb8, 0x0, 0x8001, 0x8001, 0x6}}, {0x10, 0x2, [0x3, 0x4, 0xd, 0x681, 0x1, 0x8001]}}, {{0x1c, 0x1, {0x4, 0xc6, 0x5, 0xc, 0x2, 0x800, 0x5, 0x3}}, {0xa, 0x2, [0x8001, 0xff, 0x2]}}, {{0x1c, 0x1, {0x6, 0x8, 0x2, 0x2, 0x1, 0xf, 0xffff, 0x2}}, {0x8, 0x2, [0x6, 0x7]}}, {{0x1c, 0x1, {0x4, 0x32, 0x56e, 0x2, 0x1, 0x5, 0x7, 0x2}}, {0x8, 0x2, [0x4, 0x2]}}, {{0x1c, 0x1, {0xb, 0x7, 0xfffc, 0xa, 0x1, 0x1, 0xfffffff0, 0x6}}, {0x10, 0x2, [0x1, 0x2, 0x2, 0x2, 0x800, 0xe]}}, {{0x1c, 0x1, {0x3, 0x5, 0x4, 0x4, 0x2, 0x4, 0x8, 0x5}}, {0xe, 0x2, [0x2, 0xe4f, 0xcc, 0x6, 0x6]}}]}]}, 0x1c0}}, 0x0) 1.781069442s ago: executing program 3 (id=667): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r0, 0x6, 0x19, 0x0, 0x0) 1.025508685s ago: executing program 1 (id=668): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) r2 = dup(r1) syz_genetlink_get_family_id$team(&(0x7f0000000040), r2) 900.742765ms ago: executing program 1 (id=669): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c003d000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) syz_emit_vhci(&(0x7f00000004c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x23}, @l2cap_cid_signaling={{0x1f}, [@l2cap_conn_req={{0x2, 0x9, 0x4}, {0x9, 0x9}}, @l2cap_disconn_req={{0x6, 0x2, 0x4}, {0x1, 0xff8e}}, @l2cap_disconn_rsp={{0x7, 0x11, 0x4}, {0x75, 0xb0ff}}, @l2cap_move_chan_req={{0xe, 0x9, 0x3}, {0x7, 0xa3}}]}}, 0x28) r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x101641) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x90) 900.416176ms ago: executing program 2 (id=670): syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000e00)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0040ce91bae94d6591ac6d0100000000000000b5384050da"], 0x1, 0xd9b, &(0x7f0000001c40)="$eJzs3UtvXNUdAPBzx544LxqHmNpN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCV7bPGY//nukdO7bH4/n9pDtn7v2fe88587hz575OAoZWY/VxYWGqSunt229duj89+p+VKdOtHDOrj6N5bDGl1GzNl9J4WN7i2Fr62SfXL7enn+e0ShdTlarW9PTsvda8x1JKN9JMupPG03MfT9566YNnlt47dfPUpTdm7+5O6wEAYLjc/8G7P//L49+/fvK/vz27mMZa08v2+WIeP563+xertfGctP4HVG1p1TZeHAr5RvPQCPlGOuRrL6cZ8o12Kf9QWG6zS76xmvJH2qZ1ajcMsvX/8VVjbsN4ozE3t/affMWHI4equVeuLr1wrU8VBXbcp9N5F5/BYBi6YflEv9dAAGviccNNbsQ9Cw+mtbTR3sq/93Sj8/ywA/b686/8wSr/3ZvWOOycg/ppKu0q36PjeTweRxgN8231+1+WF49HNDcfguio23GEQTm+0K2eI3tcj+3qVv/4uTiovpLT8jqcDfH27098TwflPQY6u2//v8EwtMNyv1dAwL4Vz5tbzko8ntcX42M18cM18SM18aM18WM1cRhmv3v11+lWtf4/P/6n3+r+sLKf7aGcfmGL9Yn7I7dafk873Xax/Hg+Mexrs/8+8+kv7/w1nv//eTj//1z+LR3PK4iyvzDuV2+d+x8uDG50yfdwqM5DHfKvPp/YmK+aWF9OalvPbKrH1Mb5TnTLd2ZjvvGQ72jeFjkc6hu3T46G+cr2R1mvltdrNLS3GdpxKNSjvDMnc3o4tOdkt3aFHdmHQr5mHk6Fdk2Edj0S5vtiaFc1tbFdcf95qc9kmN7ski+8bZt+l+J7Ea/LeDSnb+b0nZy+n9OPOpQ7jMrnsdv5/+XzOZWa1QtXl648kcfL5/TuSHNsZfqFPa438OB6vf5nKm28/ud4a3qz0b5eOLE+vWpfL4yH6Re7TH8yj5ffsx+PHFmdPnf5p0s/2unGw5C79trrP3l+aenKLzzxxBNPWk/6vWYCdtv8qy//bP7aa6+fv/ry8y9eefHKKxee+O53nnzqqYX51a36+fZte+BgWf/R73dNAAAAAAAAAAAAgJ5VRzpPzun/ub/tqnI9ebk+PV4fz2Ao71v5NJT7GJTrP7vd16Vcv3lyD+rIztuLy4n63Uags3+6/6/BMLTD8rK7+AP7Q7/7/yv3PSzp8fN/P7kylGz3nt64voz3L4QHsd/7n1P+wer/r9X/Vc/rv9Bj1vj2yv39/SN/ays2ne61/Nj+ch/Yia2V/4dcfmnNY6m38pd/E8qPNyrt0R9D+Ud7LH9T+89sr/w/5fLLyzZ7rtfy12pcNTbWI+43LvcBjPuNiz+H9pd7+225/dvsqO12Lh+G2aD0M7lV+6D/zwdSllvWg3n13DpOV+6/Hfs72Gr9y32/y+/AI2H5Vc3vm/4/B1td/5/l8zev/084cD50/M9gGNpheXm5r12fDGu/K/tFv1//fm9D9rv8fr/+dWL/n/H/Uuz/M8Zj/58xHvv/jPHYv1aMx/4/4+sZ+/+M8cmw3Ng/6FRN/Es18dM18S/XxM/UxOP/txifqYmfrYlP18Qfrok/WhM/VxP/Wk38sZr44zXx2Zr4QffVnA5r+2GYxX4jff9heJTjP92+/xM1cWBwxX6d4/f76zVxYHCV8zx8v2EIVZ3v2BH3t5f9uG/m9J2cvp/Tj3atguyFb+T0mzn9Vk6/ndPzOZ3L6XxO9Q052H71j9Nnb1Xr5/mdCPFezyeN1wPE+8Rc6LE+8fjcVs9nneyxnN0qf5uXgwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMjMbq48LCVJXS27ffuvSvie/9cGXKdCvHzOrjaB5bTCk1U0pVHh8Ny7sxtpZ+9sn1y53SKl1cfSzj6dl7rXmPrcyfZtKdNJ6e+3jy1ksfPLP03qmbpy69MXt3d1oPAAAAw+F/AQAA//9EuOXH") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000016c0), 0x3af4701e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r3 = socket(0x200000100000011, 0x3, 0x0) sendfile(r3, r2, 0x0, 0x80004700) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0xf348, 0x9, 0x1f, 0x14, "9e959f16b6787b08aa26e66c4056a51695284854c282ec6bcfeef4fb0efcc1d8a6078ebe8e033fd5f0643902dd8f6fac274de9d940bba5e592bbd4ce85450d00", "f625c10e6e4c36c800dee96015e0fb7e904dc8df62a3a893ec00347f41be5a08", [0x2, 0x9]}) mount(0x0, &(0x7f00000001c0)='.\x00', 0x0, 0x10f4c2a, 0x0) 900.287616ms ago: executing program 3 (id=671): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x17, 0x6, 0x0, 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, &(0x7f0000000400), 0x4) sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f28000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000000075c0000000e0a01020000000000000000010000000900020073797a32000000000900010073797a30"], 0xec}}, 0x0) 577.579732ms ago: executing program 3 (id=672): r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = socket$inet6(0xa, 0x2, 0x3a) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e60, 0x0, @empty}, 0x1c) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e60, 0x0, @empty}, 0x1c) 468.814002ms ago: executing program 2 (id=673): syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000e00)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0040ce91bae94d6591ac6d0100000000000000b5384050da"], 0x1, 0xd9b, &(0x7f0000001c40)="$eJzs3UtvXNUdAPBzx544LxqHmNpN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCV7bPGY//nukdO7bH4/n9pDtn7v2fe88587hz575OAoZWY/VxYWGqSunt229duj89+p+VKdOtHDOrj6N5bDGl1GzNl9J4WN7i2Fr62SfXL7enn+e0ShdTlarW9PTsvda8x1JKN9JMupPG03MfT9566YNnlt47dfPUpTdm7+5O6wEAYLjc/8G7P//L49+/fvK/vz27mMZa08v2+WIeP563+xertfGctP4HVG1p1TZeHAr5RvPQCPlGOuRrL6cZ8o12Kf9QWG6zS76xmvJH2qZ1ajcMsvX/8VVjbsN4ozE3t/affMWHI4equVeuLr1wrU8VBXbcp9N5F5/BYBi6YflEv9dAAGviccNNbsQ9Cw+mtbTR3sq/93Sj8/ywA/b686/8wSr/3ZvWOOycg/ppKu0q36PjeTweRxgN8231+1+WF49HNDcfguio23GEQTm+0K2eI3tcj+3qVv/4uTiovpLT8jqcDfH27098TwflPQY6u2//v8EwtMNyv1dAwL4Vz5tbzko8ntcX42M18cM18SM18aM18WM1cRhmv3v11+lWtf4/P/6n3+r+sLKf7aGcfmGL9Yn7I7dafk873Xax/Hg+Mexrs/8+8+kv7/w1nv//eTj//1z+LR3PK4iyvzDuV2+d+x8uDG50yfdwqM5DHfKvPp/YmK+aWF9OalvPbKrH1Mb5TnTLd2ZjvvGQ72jeFjkc6hu3T46G+cr2R1mvltdrNLS3GdpxKNSjvDMnc3o4tOdkt3aFHdmHQr5mHk6Fdk2Edj0S5vtiaFc1tbFdcf95qc9kmN7ski+8bZt+l+J7Ea/LeDSnb+b0nZy+n9OPOpQ7jMrnsdv5/+XzOZWa1QtXl648kcfL5/TuSHNsZfqFPa438OB6vf5nKm28/ud4a3qz0b5eOLE+vWpfL4yH6Re7TH8yj5ffsx+PHFmdPnf5p0s/2unGw5C79trrP3l+aenKLzzxxBNPWk/6vWYCdtv8qy//bP7aa6+fv/ry8y9eefHKKxee+O53nnzqqYX51a36+fZte+BgWf/R73dNAAAAAAAAAAAAgJ5VRzpPzun/ub/tqnI9ebk+PV4fz2Ao71v5NJT7GJTrP7vd16Vcv3lyD+rIztuLy4n63Uags3+6/6/BMLTD8rK7+AP7Q7/7/yv3PSzp8fN/P7kylGz3nt64voz3L4QHsd/7n1P+wer/r9X/Vc/rv9Bj1vj2yv39/SN/ays2ne61/Nj+ch/Yia2V/4dcfmnNY6m38pd/E8qPNyrt0R9D+Ud7LH9T+89sr/w/5fLLyzZ7rtfy12pcNTbWI+43LvcBjPuNiz+H9pd7+225/dvsqO12Lh+G2aD0M7lV+6D/zwdSllvWg3n13DpOV+6/Hfs72Gr9y32/y+/AI2H5Vc3vm/4/B1td/5/l8zev/084cD50/M9gGNpheXm5r12fDGu/K/tFv1//fm9D9rv8fr/+dWL/n/H/Uuz/M8Zj/58xHvv/jPHYv1aMx/4/4+sZ+/+M8cmw3Ng/6FRN/Es18dM18S/XxM/UxOP/txifqYmfrYlP18Qfrok/WhM/VxP/Wk38sZr44zXx2Zr4QffVnA5r+2GYxX4jff9heJTjP92+/xM1cWBwxX6d4/f76zVxYHCV8zx8v2EIVZ3v2BH3t5f9uG/m9J2cvp/Tj3atguyFb+T0mzn9Vk6/ndPzOZ3L6XxO9Q052H71j9Nnb1Xr5/mdCPFezyeN1wPE+8Rc6LE+8fjcVs9nneyxnN0qf5uXgwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMjMbq48LCVJXS27ffuvSvie/9cGXKdCvHzOrjaB5bTCk1U0pVHh8Ny7sxtpZ+9sn1y53SKl1cfSzj6dl7rXmPrcyfZtKdNJ6e+3jy1ksfPLP03qmbpy69MXt3d1oPAAAAw+F/AQAA//9EuOXH") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000016c0), 0x3af4701e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r3 = socket(0x200000100000011, 0x3, 0x0) sendfile(r3, r2, 0x0, 0x80004700) syz_open_dev$loop(&(0x7f0000000180), 0x0, 0x22400) 366.38446ms ago: executing program 3 (id=674): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000107000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b70800c5e732d70c2ae9a9ed93d6ff00000000007b8af8ff00000000bfa200000000000100000000000000ffb703000008000000b70400000000000085000000010000009549d4c1184b11e05ee9d973c1af00a8e3f5deebcd3253d8e10252748700090953978e4889c9c6af9296764899115fccd47b2e729b4391d517e7712cb14f5c5b3002f95f53bdccb336fc1c8c1eb263a051515dc6a1e04f1b07"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 363.86967ms ago: executing program 0 (id=675): syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000001c0)=ANY=[@ANYBLOB="696f636861727365743d63703933322c706172746974696f6e3d30303030303030303030303030303030303030332c6769643d666f726765742c6769643d666f726765742c6e6f6164696e6963622c756e64656c6574652c7569643d666f726765742c00fb5ebc1bbec00aea8217b7375ace1f91cad4e856ac3ce827902dd91a9a936650ca99205dc1adee73bc464ab6ea2dad7091eea47594f5ef5227a72684b2ed98640aa52eba3e04c81c829036f312ecb1c7483575d32ed9eef652c6b7284dc45cecea6a0ae3a01c5cd7b60af90431eddc00"/225], 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk") creat(&(0x7f0000000040)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='utf8=0,nonumtail=0,iocharset=iso8859-14,check=strict,uni_xlate=1,shortname=lower,shoru~ame=winnt,flush,\x00'], 0x1, 0x216, &(0x7f0000000e00)="$eJzs3bFqU1EYB/CvttVSkHQQiiJ4xcUpNBX3FKkgBhQlg04Wm6IksWAg0A6tTr6EvoKOroKDuPoCIkgVXOzWQYjUGxtb0jZS01vM77fkg3v+95zvEnLIkJN7Z+vV+cXGwvr6WoyNDcVIMYqxMRQTcSyGI/UkAID/yUarFd9bqazXAgAcDvs/AAyeHvf/m4e4JACgz3z/B4DBc/vO3eszpdLsrSQZi6g/a5ab5fQ1vT6zEA+jFpWYilz8iGhtSeur10qzU8mmLxNRrq+286vN8vD2fCFyMdE9X0hS2/OjMd7OfxyPSkxHLk51z093zR+Pixf+mD8fufhwPxajFvOxme3kVwpJcuVGaUf+xK9xAAAAAAAAAAAAAAAAAAAAAADQD/lkS9fze/L53a6n+d7PB9p5Ps9InBnJtncAAAAAAAAAAAAAAAAAAAA4KhpLy9W5Wq3yeK/i0fuXb/cb02Mx1J73oPc5eHHy/Ofnu495+jfP598Wb85l+Vh6LN6tPTh9qTF5+aisZ2m5OrrXW+tbLqJPs7/KtPffXe87ePJFce71yqevvd45gw8jAAAAAAAAAAAAAAAAAAAYcJ0f/Wa9EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADITuf///tXZN0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8DAAA///UmKDH") mount$bind(0x0, &(0x7f0000001040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x808004, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000001900)='./bus\x00', 0x0, 0x21002, 0x0) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x4c02, &(0x7f0000000140)) openat(0xffffffffffffff9c, 0x0, 0x141842, 0x0) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x92603b, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) 246.25796ms ago: executing program 4 (id=676): r0 = socket$xdp(0x2c, 0x3, 0x0) mremap(&(0x7f0000186000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00000ad000/0x3000)=nil) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x201000, 0x1000}, 0x20) epoll_create1(0x0) 0s ago: executing program 4 (id=677): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000940)={0x60, 0x21}) kernel console output (not intermixed with test programs): 0:50:50:50 [ 61.392575][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.400432][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.414219][ T3722] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.415685][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 61.430630][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 61.443985][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.773130][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.893485][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.094851][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.109510][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.130585][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.145288][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.157885][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.172075][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.188133][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.202426][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.223926][ T3640] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.239873][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 62.260577][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 62.280602][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 62.281235][ T3729] loop4: detected capacity change from 0 to 16 [ 62.325230][ T3640] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.343115][ T3729] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 62.376161][ T3640] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.430304][ T3640] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.444084][ T3640] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.838214][ T3648] Bluetooth: hci1: command tx timeout [ 62.843917][ T47] Bluetooth: hci4: command tx timeout [ 62.844166][ T3655] Bluetooth: hci0: command tx timeout [ 62.844333][ T3653] Bluetooth: hci3: command tx timeout [ 64.672693][ T3658] Bluetooth: hci2: command tx timeout [ 66.473500][ T3744] loop2: detected capacity change from 0 to 4096 [ 66.518052][ T3744] ======================================================= [ 66.518052][ T3744] WARNING: The mand mount option has been deprecated and [ 66.518052][ T3744] and is ignored by this kernel. Remove the mand [ 66.518052][ T3744] option from the mount to silence this warning. [ 66.518052][ T3744] ======================================================= [ 66.773430][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.815741][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.902037][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.908932][ T3758] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 66.916201][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.930907][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.960889][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.535827][ T3771] Bluetooth: MGMT ver 1.22 [ 67.606660][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 67.615674][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 67.706009][ T3772] hub 9-0:1.0: USB hub found [ 67.712877][ T3772] hub 9-0:1.0: 8 ports detected [ 68.247210][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 68.255592][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 68.263858][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 68.272152][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 68.280394][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 68.288690][ T0] NOHZ tick-stop error: local softirq work is pending, handler #38a!!! [ 68.337442][ T3653] Bluetooth: Wrong link type (-22) [ 68.383331][ T3744] overlayfs: upper fs does not support tmpfile. [ 68.429719][ T3744] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 68.443820][ T3754] loop0: detected capacity change from 0 to 32768 [ 68.462734][ T3744] overlayfs: failed to set xattr on upper [ 68.469158][ T3744] overlayfs: ...falling back to index=off,metacopy=off. [ 68.831447][ T3689] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 69.481501][ T3648] Bluetooth: hci0: command tx timeout [ 69.630937][ T3784] loop3: detected capacity change from 0 to 1024 [ 69.791605][ T3689] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 69.817104][ T3689] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 70.426211][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 70.445404][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 71.071358][ T3793] capability: warning: `syz.3.17' uses deprecated v2 capabilities in a way that may be insecure [ 73.091376][ T3793] hfsplus: xattr searching failed [ 74.396822][ T3648] Bluetooth: Wrong link type (-22) [ 74.408090][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 74.439219][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 74.473011][ T3653] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 74.497231][ T3653] Bluetooth: hci0: command tx timeout [ 74.557661][ T3781] hfsplus: b-tree write err: -5, ino 4 [ 74.612873][ T3689] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 74.629096][ T3689] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 74.640218][ T3689] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 74.653619][ T3689] usb 5-1: config 0 interface 0 has no altsetting 0 [ 74.671303][ C1] raw-gadget.0 gadget.4: ignoring, device is not running [ 74.711423][ T3689] usb 5-1: string descriptor 0 read error: -71 [ 74.726377][ T3800] loop2: detected capacity change from 0 to 8 [ 74.898943][ T3689] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 74.908385][ T3689] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 74.935962][ T3689] usb 5-1: config 0 descriptor?? [ 76.161313][ C0] sched: RT throttling activated [ 76.202917][ T125] cfg80211: failed to load regulatory.db [ 76.428782][ T3689] usb 5-1: can't set config #0, error -71 [ 76.441674][ T3648] Bluetooth: hci4: command tx timeout [ 76.507781][ T3689] usb 5-1: USB disconnect, device number 2 [ 76.991531][ T3690] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 77.641903][ T3690] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 77.656408][ T3690] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.688165][ T3690] usb 3-1: Product: syz [ 77.703775][ T3690] usb 3-1: Manufacturer: syz [ 77.718614][ T3690] usb 3-1: SerialNumber: syz [ 77.744649][ T3690] usb 3-1: config 0 descriptor?? [ 78.481417][ T3690] usb 3-1: Firmware version (0.0) predates our first public release. [ 79.150992][ T3653] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 79.159034][ T3653] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 79.167558][ T3653] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 79.177644][ T3658] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 79.186597][ T3653] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 79.193937][ T3690] usb 3-1: Please update to version 0.2 or newer [ 79.213222][ T3653] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 79.730360][ T3843] loop4: detected capacity change from 0 to 256 [ 79.797311][ T3690] usb 3-1: USB disconnect, device number 2 [ 79.837250][ T3093] udevd[3093]: worker [3661] terminated by signal 33 (Unknown signal 33) [ 79.861219][ T3093] udevd[3093]: worker [3661] failed while handling '/devices/platform/dummy_hcd.2/usb3/3-1/ieee802154/phy2/net/wpan2' [ 79.879150][ T3843] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 81.722551][ T3653] Bluetooth: hci4: command tx timeout [ 81.729352][ T3648] Bluetooth: hci5: command tx timeout [ 82.396108][ T3748] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.415197][ T3832] chnl_net:caif_netlink_parms(): no params data found [ 82.559675][ T3867] xt_hashlimit: Unknown mode mask 100000, kernel too old? [ 82.571919][ T3748] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.711177][ T3748] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.157055][ T3748] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.929550][ T3648] Bluetooth: hci5: command tx timeout [ 84.010497][ T3832] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.026323][ T3832] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.050184][ T3832] device bridge_slave_0 entered promiscuous mode [ 84.074371][ T3832] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.087183][ T3832] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.102744][ T3832] device bridge_slave_1 entered promiscuous mode [ 84.208101][ T3832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.275844][ T3832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.547369][ T3832] team0: Port device team_slave_0 added [ 84.607939][ T3832] team0: Port device team_slave_1 added [ 84.706202][ T3832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.727899][ T3832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.755416][ C0] vkms_vblank_simulate: vblank timer overrun [ 84.810230][ T3832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.873208][ T3832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.886012][ T3832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.939997][ T3832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.192581][ T3832] device hsr_slave_0 entered promiscuous mode [ 85.209940][ T3832] device hsr_slave_1 entered promiscuous mode [ 85.234055][ T3832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.264977][ T3832] Cannot create hsr debugfs directory [ 85.961630][ T3648] Bluetooth: hci5: command tx timeout [ 85.972274][ T3885] loop4: detected capacity change from 0 to 32768 [ 85.996954][ T3903] loop0: detected capacity change from 0 to 256 [ 86.022191][ T3885] XFS: ikeep mount option is deprecated. [ 86.040621][ T3903] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 86.056880][ T3748] device hsr_slave_0 left promiscuous mode [ 86.071998][ T3748] device hsr_slave_1 left promiscuous mode [ 86.098074][ T3748] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 86.141413][ T3748] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 86.170908][ T3885] XFS (loop4): DAX unsupported by block device. Turning off DAX. [ 86.193193][ T3885] XFS (loop4): Mounting V5 Filesystem [ 86.199720][ T3748] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 86.207536][ T3748] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 86.229967][ T3748] device bridge_slave_1 left promiscuous mode [ 86.240566][ T3748] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.456417][ T3748] device bridge_slave_0 left promiscuous mode [ 86.503533][ T3748] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.536813][ T3885] XFS (loop4): Ending clean mount [ 86.549662][ T3885] XFS (loop4): Quotacheck needed: Please wait. [ 86.723768][ T3748] device veth1_macvtap left promiscuous mode [ 86.736848][ T3885] XFS (loop4): Quotacheck: Done. [ 86.766013][ T3748] device veth0_macvtap left promiscuous mode [ 86.800189][ T3748] device veth1_vlan left promiscuous mode [ 86.808157][ T3748] device veth0_vlan left promiscuous mode [ 86.947280][ T3642] XFS (loop4): Unmounting Filesystem [ 88.041384][ T3648] Bluetooth: hci5: command tx timeout [ 88.752759][ T3944] xt_hashlimit: Unknown mode mask 100000, kernel too old? [ 88.927916][ T3748] team0 (unregistering): Port device team_slave_1 removed [ 88.994672][ T22] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 89.090163][ T3748] team0 (unregistering): Port device team_slave_0 removed [ 89.224890][ T22] usb 5-1: device descriptor read/64, error -71 [ 89.279723][ T3748] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 89.409314][ T3748] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 89.521462][ T22] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 89.735633][ T22] usb 5-1: device descriptor read/64, error -71 [ 89.861510][ T22] usb usb5-port1: attempt power cycle [ 90.391342][ T22] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 90.501478][ T22] usb 5-1: device descriptor read/8, error -71 [ 90.642922][ T3748] bond0 (unregistering): Released all slaves [ 90.790032][ T3946] bond0: option mode: unable to set because the bond device has slaves [ 90.801379][ T22] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 90.936030][ T22] usb 5-1: device descriptor read/8, error -71 [ 90.989068][ T3955] loop3: detected capacity change from 0 to 256 [ 91.076720][ T3955] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 91.089078][ T22] usb usb5-port1: unable to enumerate USB device [ 91.398660][ T3832] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.449735][ T3832] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.483013][ T3832] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.538671][ T3832] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.590984][ T3967] process 'syz.4.60' launched './file0' with NULL argv: empty string added [ 92.798815][ T3832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.994711][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 93.054435][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 93.113021][ T3832] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.168904][ T3982] loop4: detected capacity change from 0 to 2048 [ 93.175986][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.192919][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.260959][ T3748] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.268142][ T3748] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.347660][ T3988] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 93.452107][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.521897][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.552058][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.566735][ T3748] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.573933][ T3748] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.600913][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 93.663458][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 93.879856][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 93.945448][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.108308][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 95.111004][ T3648] Bluetooth: Wrong link type (-22) [ 95.319880][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 95.404596][ T3832] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 95.458190][ T3832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.512354][ T3642] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 8796093022222 [ 95.551354][ T3642] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [ 95.587539][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 95.632183][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 95.652385][ T3642] Remounting filesystem read-only [ 95.657441][ T3642] NILFS (loop4): error -5 truncating bmap (ino=16) [ 95.667487][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 95.681154][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 95.681818][ T3642] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 95.698747][ T4011] netlink: 36 bytes leftover after parsing attributes in process `syz.2.70'. [ 95.708851][ T3642] NILFS (loop4): discard dirty page: offset=0, ino=2 [ 95.716033][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 95.738376][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 95.772155][ T3642] NILFS (loop4): discard dirty block: blocknr=18, size=1024 [ 95.792336][ T4014] xt_hashlimit: Unknown mode mask 100000, kernel too old? [ 95.799543][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 95.825607][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 95.865152][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 95.888779][ T3642] NILFS (loop4): discard dirty page: offset=0, ino=6 [ 95.907038][ T3642] NILFS (loop4): discard dirty block: blocknr=35, size=1024 [ 95.953243][ T3642] NILFS (loop4): discard dirty block: blocknr=36, size=1024 [ 95.960561][ T3642] NILFS (loop4): discard dirty block: blocknr=37, size=1024 [ 96.006353][ T3642] NILFS (loop4): discard dirty block: blocknr=38, size=1024 [ 96.047106][ T3642] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 96.096574][ T3642] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 96.108989][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 96.118630][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 96.127497][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 96.135495][ T3832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.196876][ T3727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 96.211510][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 96.227540][ T3727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 96.230640][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 96.288903][ T3642] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 96.294673][ T3832] device veth0_vlan entered promiscuous mode [ 96.311595][ T3642] NILFS (loop4): discard dirty block: blocknr=42, size=1024 [ 96.332670][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 96.340939][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 96.349063][ T3642] NILFS (loop4): discard dirty block: blocknr=43, size=1024 [ 96.374740][ T3642] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 96.387482][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 96.397687][ T4022] loop3: detected capacity change from 0 to 8192 [ 96.408122][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 96.424372][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 96.434978][ T3642] NILFS (loop4): discard dirty page: offset=163840, ino=3 [ 96.461079][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 96.465684][ T3832] device veth1_vlan entered promiscuous mode [ 96.557363][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 96.703745][ T3642] NILFS (loop4): discard dirty block: blocknr=47, size=1024 [ 96.856875][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 96.961243][ T26] audit: type=1800 audit(1729337087.696:2): pid=4032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.72" name="bus" dev="loop3" ino=1048598 res=0 errno=0 [ 97.025565][ T3642] NILFS (loop4): discard dirty page: offset=196608, ino=3 [ 97.148900][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 97.166354][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 97.178169][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 97.189380][ T3642] NILFS (loop4): discard dirty block: blocknr=49, size=1024 [ 97.198660][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 97.208780][ T3642] NILFS (loop4): discard dirty page: offset=229376, ino=3 [ 97.234507][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 97.281213][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 97.299326][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 97.332327][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 97.353500][ T3832] device veth0_macvtap entered promiscuous mode [ 97.373981][ T3642] NILFS (loop4): discard dirty block: blocknr=50, size=1024 [ 97.382569][ T3832] device veth1_macvtap entered promiscuous mode [ 97.400143][ T3642] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 97.574622][ T3832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.796594][ T3832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.833185][ T3832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.880899][ T3832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.960688][ T3832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.973438][ T4044] loop4: detected capacity change from 0 to 256 [ 97.977681][ T3832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.989612][ T3832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.019509][ T4044] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 98.062353][ T3832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.124895][ T3832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.226794][ T3761] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 98.261511][ T3761] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 98.317250][ T3761] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 98.614326][ T4053] loop4: detected capacity change from 0 to 8 [ 98.820500][ T3761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 99.258967][ T3832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.290703][ T3832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.312810][ T3832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.333737][ T3832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.367174][ T3832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.386308][ T3832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.413632][ T3832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.434482][ T3832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.535698][ T3832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.560262][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 99.585032][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 99.619472][ T3832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.636328][ T3832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.662008][ T3832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.686919][ T3832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.842991][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.877975][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.927149][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 99.942577][ T3722] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.969140][ T3722] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.017525][ T3761] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 100.101458][ T4056] loop3: detected capacity change from 0 to 32768 [ 100.181788][ T4056] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.75 (4056) [ 100.361174][ T4056] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 100.472905][ T4056] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 100.501886][ T4056] BTRFS info (device loop3): using free space tree [ 101.336590][ T4067] loop4: detected capacity change from 0 to 32768 [ 101.356388][ T4067] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz.4.79 (4067) [ 101.387595][ T4063] loop0: detected capacity change from 0 to 32768 [ 101.407343][ T3632] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by udevd (3632) [ 101.532832][ T4056] BTRFS info (device loop3): enabling ssd optimizations [ 101.593278][ T4063] XFS (loop0): Mounting V5 Filesystem [ 101.740286][ T4063] XFS (loop0): Ending clean mount [ 101.785359][ T4063] XFS (loop0): Quotacheck needed: Please wait. [ 101.821399][ T3690] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 101.908377][ T4063] XFS (loop0): Quotacheck: Done. [ 102.029947][ T3643] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 102.381990][ T3690] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 102.654206][ T3690] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.692561][ T3690] usb 5-1: Product: syz [ 102.706869][ T3690] usb 5-1: Manufacturer: syz [ 102.731947][ T3690] usb 5-1: SerialNumber: syz [ 102.789584][ T3690] usb 5-1: config 0 descriptor?? [ 103.056219][ T3647] XFS (loop0): Unmounting Filesystem [ 103.193296][ T4099] loop1: detected capacity change from 0 to 32768 [ 103.221237][ T4099] XFS: ikeep mount option is deprecated. [ 103.296538][ T4099] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 103.320604][ T4099] XFS (loop1): Mounting V5 Filesystem [ 103.341624][ T3690] usb 5-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 103.357483][ T3690] usb 5-1: Firmware version (0.0) predates our first public release. [ 103.371381][ T3690] usb 5-1: Please update to version 0.2 or newer [ 103.467940][ T4099] XFS (loop1): Ending clean mount [ 103.475359][ T4159] loop0: detected capacity change from 0 to 256 [ 103.502917][ T4099] XFS (loop1): Quotacheck needed: Please wait. [ 103.511015][ T4159] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 103.574404][ T4099] XFS (loop1): Quotacheck: Done. [ 103.624534][ T3832] XFS (loop1): Unmounting Filesystem [ 103.662371][ T3690] usb 5-1: USB disconnect, device number 7 [ 105.218504][ T4178] Zero length message leads to an empty skb [ 105.562419][ T3653] Bluetooth: hci1: command 0x1003 tx timeout [ 105.562870][ T3648] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 107.650855][ T4199] loop1: detected capacity change from 0 to 256 [ 108.281354][ T4199] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 108.897400][ T4214] loop1: detected capacity change from 0 to 256 [ 109.487699][ T4191] loop2: detected capacity change from 0 to 32768 [ 109.494903][ T4191] XFS: ikeep mount option is deprecated. [ 110.012927][ T4223] loop4: detected capacity change from 0 to 8 [ 111.015455][ T4230] loop4: detected capacity change from 0 to 512 [ 111.243975][ T4230] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 111.431034][ T4230] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 111.556320][ T4230] EXT4-fs (loop4): 1 truncate cleaned up [ 111.581325][ T4230] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 111.895234][ T4244] overlayfs: conflicting options: nfs_export=on,index=off [ 112.039767][ T4247] syz.4.109 (pid 4247) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 113.323936][ T4251] loop1: detected capacity change from 0 to 256 [ 113.426074][ T3642] EXT4-fs (loop4): unmounting filesystem. [ 113.449038][ T4251] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 114.239398][ T4258] loop4: detected capacity change from 0 to 256 [ 114.324826][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 114.461571][ T4258] FAT-fs (loop4): Filesystem has been set read-only [ 114.496616][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 114.543101][ T4267] loop1: detected capacity change from 0 to 1024 [ 114.554628][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 114.637470][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.178063][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.252151][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.371684][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.380341][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.491350][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.521515][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.536771][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.555689][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.572347][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.591451][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.618176][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.640134][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.666053][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.691701][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.729567][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.765047][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.800827][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.829930][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.853423][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.862395][ T4258] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 116.871151][ T26] audit: type=1800 audit(1729337107.616:3): pid=4258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.116" name="file1" dev="loop4" ino=1048605 res=0 errno=0 [ 118.042179][ T4296] netlink: 32 bytes leftover after parsing attributes in process `syz.1.127'. [ 118.129712][ T4299] xt_hashlimit: Unknown mode mask 100000, kernel too old? [ 118.770844][ T4303] loop1: detected capacity change from 0 to 256 [ 118.988448][ T4280] loop2: detected capacity change from 0 to 32768 [ 119.002233][ T4303] FAT-fs (loop1): Directory bread(block 64) failed [ 119.023827][ T4303] FAT-fs (loop1): Directory bread(block 65) failed [ 119.030440][ T4303] FAT-fs (loop1): Directory bread(block 66) failed [ 119.071395][ T4303] FAT-fs (loop1): Directory bread(block 67) failed [ 119.098259][ T4303] FAT-fs (loop1): Directory bread(block 68) failed [ 119.110579][ T4303] FAT-fs (loop1): Directory bread(block 69) failed [ 119.136859][ T4303] FAT-fs (loop1): Directory bread(block 70) failed [ 119.157577][ T4303] FAT-fs (loop1): Directory bread(block 71) failed [ 119.219648][ T4303] FAT-fs (loop1): Directory bread(block 72) failed [ 119.227572][ T4303] FAT-fs (loop1): Directory bread(block 73) failed [ 119.239116][ T4280] XFS (loop2): Mounting V5 Filesystem [ 119.538022][ T4280] XFS (loop2): log mount failed [ 120.380137][ T4317] loop1: detected capacity change from 0 to 4096 [ 120.445256][ T4317] ntfs3: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿ18446744073709551615' [ 121.884788][ T4336] netlink: 'syz.0.138': attribute type 1 has an invalid length. [ 121.911853][ T4336] netlink: 'syz.0.138': attribute type 2 has an invalid length. [ 124.664883][ T4366] loop1: detected capacity change from 0 to 4096 [ 124.692137][ T4366] ntfs3: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿ18446744073709551615' [ 124.826732][ T3660] I/O error, dev loop1, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 125.994595][ T4374] device syzkaller0 entered promiscuous mode [ 126.382492][ T3653] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 126.391801][ T3653] Bluetooth: hci3: Injecting HCI hardware error event [ 126.407200][ T3653] Bluetooth: hci3: hardware error 0x00 [ 128.114343][ T4398] loop3: detected capacity change from 0 to 2048 [ 128.904519][ T3653] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 129.000460][ T4398] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 129.322726][ T4394] loop2: detected capacity change from 0 to 32768 [ 129.326536][ T4411] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 129.349774][ T4394] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.155 (4394) [ 129.368322][ T4411] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 62 with error 28 [ 129.396029][ T4411] EXT4-fs (loop3): This should not happen!! Data will be lost [ 129.396029][ T4411] [ 129.408050][ T4411] EXT4-fs (loop3): Total free blocks count 0 [ 129.414086][ T4411] EXT4-fs (loop3): Free/Dirty block details [ 129.420206][ T4411] EXT4-fs (loop3): free_blocks=2415919104 [ 129.426041][ T4411] EXT4-fs (loop3): dirty_blocks=64 [ 129.431877][ T4411] EXT4-fs (loop3): Block reservation details [ 129.437877][ T4411] EXT4-fs (loop3): i_reserved_data_blocks=4 [ 129.550100][ T4394] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 129.587244][ T4394] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 129.612596][ T4394] BTRFS info (device loop2): enabling auto defrag [ 129.619292][ T4394] BTRFS info (device loop2): doing ref verification [ 129.997488][ T4394] BTRFS info (device loop2): force clearing of disk cache [ 130.351462][ T4394] BTRFS info (device loop2): turning on sync discard [ 130.358202][ T4394] BTRFS info (device loop2): setting nodatacow, compression disabled [ 130.378110][ T4394] BTRFS info (device loop2): using free space tree [ 130.607531][ T4418] loop0: detected capacity change from 0 to 4096 [ 130.682278][ T4418] ntfs3: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿ18446744073709551615' [ 130.694579][ T4394] BTRFS error (device loop2): open_ctree failed [ 130.736325][ T3632] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 131.586641][ T26] audit: type=1326 audit(1729337122.336:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7a8f7dff9 code=0x7ffc0000 [ 131.945307][ T26] audit: type=1326 audit(1729337122.336:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fa7a8f7dff9 code=0x7ffc0000 [ 131.978107][ T26] audit: type=1326 audit(1729337122.336:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7a8f7dff9 code=0x7ffc0000 [ 132.024719][ T26] audit: type=1326 audit(1729337122.336:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fa7a8f7dff9 code=0x7ffc0000 [ 132.100898][ T26] audit: type=1326 audit(1729337122.336:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7a8f7dff9 code=0x7ffc0000 [ 132.144106][ T26] audit: type=1326 audit(1729337122.336:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fa7a8f7dff9 code=0x7ffc0000 [ 132.168241][ T26] audit: type=1326 audit(1729337122.336:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7a8f7dff9 code=0x7ffc0000 [ 132.191248][ T26] audit: type=1326 audit(1729337122.336:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7fa7a8f7dff9 code=0x7ffc0000 [ 132.213345][ C0] vkms_vblank_simulate: vblank timer overrun [ 132.326673][ T26] audit: type=1326 audit(1729337122.346:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7a8f7dff9 code=0x7ffc0000 [ 132.348867][ C0] vkms_vblank_simulate: vblank timer overrun [ 132.388347][ T26] audit: type=1326 audit(1729337122.346:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4438 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7a8f7dff9 code=0x7ffc0000 [ 132.639328][ T3653] Bluetooth: Wrong link type (-22) [ 132.647027][ T3653] Bluetooth: hci5: link tx timeout [ 132.686041][ T3653] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 134.221457][ T9] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28 [ 134.771482][ T3658] Bluetooth: hci5: command 0x0406 tx timeout [ 134.940695][ T9] EXT4-fs (loop3): This should not happen!! Data will be lost [ 134.940695][ T9] [ 134.950440][ T9] EXT4-fs (loop3): Total free blocks count 0 [ 134.956480][ T9] EXT4-fs (loop3): Free/Dirty block details [ 134.962472][ T9] EXT4-fs (loop3): free_blocks=2415919104 [ 134.974438][ T9] EXT4-fs (loop3): dirty_blocks=32 [ 134.982199][ T9] EXT4-fs (loop3): Block reservation details [ 134.988204][ T9] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 135.237058][ T3648] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 135.245878][ T3648] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 135.257180][ T3648] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 135.266113][ T3648] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 135.274565][ T3648] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 135.287810][ T3648] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 135.366483][ T22] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 135.617722][ T22] usb 3-1: Using ep0 maxpacket: 32 [ 135.821496][ T22] usb 3-1: config 0 has an invalid interface number: 111 but max is 0 [ 135.830354][ T22] usb 3-1: config 0 has no interface number 0 [ 135.838503][ T22] usb 3-1: config 0 interface 111 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 135.851004][ T22] usb 3-1: config 0 interface 111 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 136.416680][ T22] usb 3-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice=e2.53 [ 136.426098][ T22] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.434681][ T22] usb 3-1: Product: syz [ 136.438871][ T22] usb 3-1: Manufacturer: syz [ 136.443853][ T22] usb 3-1: SerialNumber: syz [ 136.451824][ T22] usb 3-1: config 0 descriptor?? [ 136.611766][ T22] usbtouchscreen: probe of 3-1:0.111 failed with error -12 [ 136.736822][ T4475] loop1: detected capacity change from 0 to 8 [ 137.220462][ T41] usb 3-1: USB disconnect, device number 3 [ 137.425383][ T3658] Bluetooth: hci1: command tx timeout [ 137.658810][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.665149][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.824372][ T3643] EXT4-fs (loop3): unmounting filesystem. [ 138.246713][ T3658] Bluetooth: Wrong link type (-22) [ 138.254115][ T3658] Bluetooth: hci4: link tx timeout [ 138.259609][ T3658] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 139.181533][ T3697] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 139.237267][ T4466] chnl_net:caif_netlink_parms(): no params data found [ 139.271358][ T22] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 139.377718][ T4466] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.390431][ T4466] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.401049][ T4466] device bridge_slave_0 entered promiscuous mode [ 139.414667][ T4466] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.423343][ T3697] usb 4-1: Using ep0 maxpacket: 16 [ 139.437365][ T4466] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.449000][ T4466] device bridge_slave_1 entered promiscuous mode [ 139.481371][ T3658] Bluetooth: hci1: command tx timeout [ 139.495441][ T4466] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.510416][ T4466] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 139.526776][ T22] usb 3-1: Using ep0 maxpacket: 8 [ 139.569643][ T4466] team0: Port device team_slave_0 added [ 139.579385][ T4466] team0: Port device team_slave_1 added [ 139.618616][ T4466] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 139.625924][ T4466] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.657550][ T4466] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 139.671799][ T4466] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 139.678902][ T4466] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.685928][ T22] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 139.707713][ T4466] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 139.730129][ T22] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 139.742054][ T22] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 139.752160][ T22] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 139.762525][ T22] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 139.775750][ T22] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 139.785068][ T3697] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 139.794392][ T3697] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.802501][ T22] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.810714][ T3697] usb 4-1: Product: syz [ 139.815907][ T3697] usb 4-1: Manufacturer: syz [ 139.830195][ T3697] usb 4-1: SerialNumber: syz [ 139.909777][ T3697] usb 4-1: config 0 descriptor?? [ 139.929552][ T4466] device hsr_slave_0 entered promiscuous mode [ 139.953876][ T3697] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 139.982172][ T4466] device hsr_slave_1 entered promiscuous mode [ 139.993667][ T4466] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 140.002152][ T4466] Cannot create hsr debugfs directory [ 140.746311][ T22] usb 3-1: GET_CAPABILITIES returned 0 [ 140.752368][ T22] usbtmc 3-1:16.0: can't read capabilities [ 140.829198][ T4466] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.906189][ T4466] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.921393][ T3658] Bluetooth: hci4: command 0x0406 tx timeout [ 140.921851][ T3631] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 140.986478][ T4466] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.059418][ T4466] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.081518][ T3689] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 141.149379][ T41] usb 3-1: USB disconnect, device number 4 [ 141.163975][ T4491] usbtmc 3-1:16.0: usb_control_msg returned -71 [ 141.175978][ T4506] usbtmc 3-1:16.0: send_request_dev_dep_msg_in returned -19 [ 141.186200][ T4507] usbtmc 3-1:16.0: usb_control_msg returned -19 [ 141.207009][ T4466] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 141.217028][ T4466] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 141.226642][ T4466] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 141.237625][ T4466] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 141.297796][ T4466] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.311749][ T3631] usb 1-1: too many endpoints for config 1 interface 0 altsetting 253: 132, using maximum allowed: 30 [ 141.316655][ T4466] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.332645][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 141.340027][ T3631] usb 1-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 132 [ 141.354662][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 141.359212][ T3631] usb 1-1: config 1 interface 0 has no altsetting 0 [ 141.371814][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 141.381459][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 141.389949][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.397107][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.406620][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 141.415714][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 141.425376][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.432583][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.440336][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 141.455855][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 141.464167][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 141.473748][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 141.486048][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 141.495503][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 141.506849][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 141.515926][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 141.528813][ T3857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 141.537447][ T3857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 141.552935][ T3857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 141.561594][ T3653] Bluetooth: hci1: command tx timeout [ 141.561813][ T3631] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 141.567546][ T3857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 141.587310][ T4466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 141.589110][ T3631] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.609611][ T3631] usb 1-1: Product: syz [ 141.614064][ T3631] usb 1-1: Manufacturer: syz [ 141.618786][ T3631] usb 1-1: SerialNumber: syz [ 141.701897][ T3689] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 141.710964][ T3689] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.719686][ T3689] usb 2-1: Product: syz [ 141.724651][ T3689] usb 2-1: Manufacturer: syz [ 141.729319][ T3689] usb 2-1: SerialNumber: syz [ 141.773803][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 141.781709][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 141.796345][ T4466] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 141.804928][ T3689] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 141.867195][ T3697] usb 4-1: Quatech SSU-100 USB to Serial Driver converter now attached to ttyUSB0 [ 142.065897][ T7] usb 4-1: USB disconnect, device number 2 [ 142.082094][ T7] ssu100 ttyUSB0: Quatech SSU-100 USB to Serial Driver converter now disconnected from ttyUSB0 [ 142.102569][ T7] ssu100 4-1:0.0: device disconnected [ 142.128113][ T4459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 142.138019][ T4459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 142.158937][ T4459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 142.167476][ T4459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 142.178857][ T4466] device veth0_vlan entered promiscuous mode [ 142.185926][ T4459] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 142.197648][ T4459] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 142.209763][ T4466] device veth1_vlan entered promiscuous mode [ 142.233395][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 142.242523][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 142.250437][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 142.259247][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 142.269674][ T4466] device veth0_macvtap entered promiscuous mode [ 142.279121][ T4466] device veth1_macvtap entered promiscuous mode [ 142.295638][ T4466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.307371][ T4466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.317769][ T3697] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 142.318591][ T4466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.336991][ T3631] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 142.338492][ T4466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.358952][ T4466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.369646][ T4466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.379647][ T4466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.390140][ T4466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.401738][ T4466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.412445][ T4466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.423565][ T4466] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 142.433497][ T4459] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 142.441755][ T4459] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 142.449745][ T4459] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 142.459180][ T4459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 142.471213][ T4466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.482957][ T3689] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 142.482971][ T4466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.482982][ T4466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.514662][ T4466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.525140][ T4466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.535817][ T4466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.545991][ T4466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.557515][ T4466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.567617][ T4466] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.578256][ T4466] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.589680][ T4466] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 142.600287][ T4466] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.610884][ T4466] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.620012][ T4466] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.629900][ T4466] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.650071][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 142.676755][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 142.750303][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.751644][ T3697] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 142.759431][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.787109][ T3697] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 142.801957][ T4459] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 142.807585][ T3697] usb 3-1: config 0 has no interface number 0 [ 142.818720][ T3697] usb 3-1: config 0 interface 52 has no altsetting 0 [ 142.822698][ T3722] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.834054][ T3722] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.845591][ T3857] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 142.991570][ T3697] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 143.005518][ T3697] usb 3-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 143.019744][ T3697] usb 3-1: Product: syz [ 143.027487][ T3697] usb 3-1: Manufacturer: syz [ 143.035338][ T3697] usb 3-1: SerialNumber: syz [ 143.047173][ T3690] usb 4-1: new low-speed USB device number 3 using dummy_hcd [ 143.054626][ T3697] usb 3-1: config 0 descriptor?? [ 143.103200][ T4505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.112865][ T4505] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.462882][ T3690] usb 4-1: New USB device found, idVendor=044e, idProduct=121e, bcdDevice= 0.00 [ 143.486665][ T3690] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.519005][ T4505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.637939][ T4505] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.646256][ T3653] Bluetooth: hci1: command tx timeout [ 143.782909][ T3697] usb 3-1: USB disconnect, device number 5 [ 143.811767][ T3689] usb 2-1: Service connection timeout for: 256 [ 143.817971][ T3689] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services [ 143.847590][ T41] usb 1-1: USB disconnect, device number 2 [ 143.865590][ T41] usblp0: removed [ 143.893644][ T3690] usb 4-1: config 0 descriptor?? [ 143.911074][ T3631] usb 2-1: USB disconnect, device number 2 [ 143.922635][ T3689] ath9k_htc: Failed to initialize the device [ 143.934804][ T3631] usb 2-1: ath9k_htc: USB layer deinitialized [ 144.271953][ T3690] usbhid 4-1:0.0: can't add hid device: -71 [ 144.294093][ T3690] usbhid: probe of 4-1:0.0 failed with error -71 [ 144.501574][ T3690] usb 4-1: USB disconnect, device number 3 [ 144.661981][ T4144] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 145.191454][ T4144] usb 5-1: Using ep0 maxpacket: 32 [ 145.311446][ T4144] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 145.334090][ T4144] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 145.343348][ T3690] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 145.351561][ T4144] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 145.362095][ T4144] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 145.373606][ T4144] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 145.383891][ T4144] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 145.441575][ T4144] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 145.450735][ T4144] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.488452][ T4144] usb 5-1: config 0 descriptor?? [ 145.551172][ T4554] loop2: detected capacity change from 0 to 256 [ 145.753664][ T4144] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 145.764682][ T3690] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 145.784731][ T3690] usb 4-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 145.814455][ T4144] usb 5-1: USB disconnect, device number 8 [ 145.827880][ T3690] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 145.847884][ T4144] usblp0: removed [ 145.868636][ T3690] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 145.887302][ T3690] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 146.001350][ T3689] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 146.011644][ T3690] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 146.025044][ T3690] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 146.036556][ T3690] usb 4-1: Product: syz [ 146.040827][ T3690] usb 4-1: Manufacturer: syz [ 146.102449][ T3690] cdc_wdm 4-1:1.0: skipping garbage [ 146.113067][ T3690] cdc_wdm 4-1:1.0: skipping garbage [ 146.139950][ T3690] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 146.174602][ T3690] cdc_wdm 4-1:1.0: Unknown control protocol [ 146.261393][ T3689] usb 3-1: Using ep0 maxpacket: 32 [ 146.353675][ T3750] usb 4-1: USB disconnect, device number 4 [ 146.401664][ T3689] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 146.433708][ T3689] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 146.458299][ T3689] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.464289][ T4144] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 146.502072][ T3689] usb 3-1: config 0 descriptor?? [ 146.521814][ T4559] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 146.751469][ T4144] usb 5-1: Using ep0 maxpacket: 32 [ 146.871936][ T4144] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 146.890766][ T4144] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 146.939999][ T4144] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 146.985565][ T4144] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 147.043857][ T4144] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 147.172556][ T4144] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 147.207945][ T4144] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 147.225701][ T4144] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.267582][ T3689] hub 3-1:0.0: bad descriptor, ignoring hub [ 147.273935][ T3689] hub: probe of 3-1:0.0 failed with error -5 [ 147.276178][ T4144] usb 5-1: config 0 descriptor?? [ 147.281621][ T3689] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 147.331440][ T4144] usb 5-1: can't set config #0, error -71 [ 147.342193][ T4144] usb 5-1: USB disconnect, device number 9 [ 147.451506][ T3631] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 147.661422][ T3750] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 147.721535][ T3631] usb 1-1: Using ep0 maxpacket: 32 [ 147.871787][ T3631] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 148.111352][ T4144] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 148.124554][ T3750] usb 4-1: device not accepting address 5, error -71 [ 148.231386][ T3631] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 148.410045][ T3631] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 148.419308][ T3631] usb 1-1: Product: syz [ 148.424076][ T3631] usb 1-1: Manufacturer: syz [ 148.428933][ T3631] usb 1-1: SerialNumber: syz [ 148.434472][ T4582] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.447303][ T3631] usb 1-1: config 0 descriptor?? [ 148.456187][ T4582] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.471681][ T4566] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 148.799249][ T4586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.808087][ T4586] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.879095][ T3631] usb 1-1: USB disconnect, device number 3 [ 148.881539][ T4144] usb 5-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac [ 148.895205][ T4144] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.908841][ T4144] usb 5-1: Product: syz [ 148.941974][ T4144] usb 5-1: Manufacturer: syz [ 148.946599][ T4144] usb 5-1: SerialNumber: syz [ 148.957041][ T4144] usb 5-1: config 0 descriptor?? [ 149.012971][ T4144] usb 5-1: interface 1 not found [ 149.352724][ T125] usb 5-1: USB disconnect, device number 10 [ 149.491479][ T4603] loop3: detected capacity change from 0 to 8 [ 149.614755][ T3631] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 150.015162][ T3631] usb 1-1: Using ep0 maxpacket: 32 [ 150.215458][ T3690] usb 3-1: USB disconnect, device number 6 [ 150.421376][ T3631] usb 1-1: device descriptor read/all, error -71 [ 150.761464][ T3690] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 151.421543][ T3690] usb 4-1: config 0 has no interfaces? [ 151.427233][ T3690] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 151.678244][ T3690] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.727210][ T3690] usb 4-1: config 0 descriptor?? [ 152.016563][ T4610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 152.041941][ T4610] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 152.092272][ T3697] usb 4-1: USB disconnect, device number 7 [ 152.290847][ T3653] Bluetooth: hci4: unexpected event for opcode 0x2012 [ 152.381427][ T3690] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 152.591361][ T3697] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 152.641409][ T3690] usb 5-1: Using ep0 maxpacket: 8 [ 152.761467][ T3690] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 152.769701][ T3690] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 152.779497][ T3690] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 152.789260][ T3690] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 152.791418][ T125] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 152.799179][ T3690] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 152.799222][ T3690] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 152.829304][ T3690] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.861301][ T3697] usb 4-1: Using ep0 maxpacket: 16 [ 152.891431][ T4142] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 152.991357][ T3697] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 153.002106][ T3697] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 153.101433][ T3690] usb 5-1: usb_control_msg returned -32 [ 153.107275][ T3690] usbtmc 5-1:16.0: can't read capabilities [ 153.131336][ T4142] usb 3-1: Using ep0 maxpacket: 16 [ 153.181544][ T3697] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40 [ 153.190810][ T125] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 153.198956][ T3631] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 153.206469][ T125] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 153.217016][ T3697] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.225131][ T3697] usb 4-1: Product: syz [ 153.229314][ T3697] usb 4-1: Manufacturer: syz [ 153.233978][ T125] usb 2-1: config 0 has no interface number 0 [ 153.240080][ T125] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 153.251372][ T3697] usb 4-1: SerialNumber: syz [ 153.251938][ T4142] usb 3-1: config 0 has an invalid interface number: 214 but max is 0 [ 153.258353][ T125] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 153.273737][ T4142] usb 3-1: config 0 has no interface number 0 [ 153.279173][ T125] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 153.285230][ T4142] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 153.301431][ T125] usb 2-1: config 0 interface 52 has no altsetting 0 [ 153.441664][ T3697] usb 4-1: 0:2 : does not exist [ 153.482029][ T125] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 153.501431][ T3631] usb 1-1: Using ep0 maxpacket: 32 [ 153.506823][ T125] usb 2-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 153.521422][ T125] usb 2-1: Product: syz [ 153.525608][ T125] usb 2-1: Manufacturer: syz [ 153.531193][ T125] usb 2-1: SerialNumber: syz [ 153.551147][ T125] usb 2-1: config 0 descriptor?? [ 153.591668][ T4142] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 153.600844][ T4142] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.608894][ T4142] usb 3-1: Product: syz [ 153.613130][ T4142] usb 3-1: Manufacturer: syz [ 153.617785][ T4142] usb 3-1: SerialNumber: syz [ 153.677930][ T4640] loop3: detected capacity change from 0 to 8 [ 153.777927][ T4142] usb 3-1: config 0 descriptor?? [ 154.353496][ T3631] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 154.412387][ T125] synaptics_usb 2-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 154.422545][ T3697] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5) [ 154.434740][ T125] synaptics_usb: probe of 2-1:0.52 failed with error -5 [ 154.444296][ T4641] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 154.551557][ T3631] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 154.560810][ T3631] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 154.562920][ T4142] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.214/input/input6 [ 154.569067][ T3631] usb 1-1: Product: syz [ 154.582812][ T3631] usb 1-1: Manufacturer: syz [ 154.588223][ T3631] usb 1-1: SerialNumber: syz [ 154.600952][ T3631] usb 1-1: config 0 descriptor?? [ 154.639224][ T125] usb 2-1: USB disconnect, device number 3 [ 154.645406][ T4635] raw-gadget.5 gadget.0: fail, usb_ep_enable returned -22 [ 154.652632][ T3697] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 154.769614][ T4142] usb 3-1: USB disconnect, device number 7 [ 154.872178][ T4635] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -90 [ 154.879795][ T4635] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -90 [ 154.887773][ T4635] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.897552][ T3697] usb 4-1: 5:0: cannot get min/max values for control 5 (id 5) [ 154.906121][ T4635] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 154.915286][ T4635] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.925504][ T4635] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 154.935371][ T3690] usb 1-1: USB disconnect, device number 6 [ 155.131376][ T3697] usb 4-1: 5:0: cannot get min/max values for control 8 (id 5) [ 155.230739][ T4648] loop1: detected capacity change from 0 to 256 [ 155.421383][ T3690] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 155.571862][ T3697] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 155.649950][ T4659] device pim6reg1 entered promiscuous mode [ 155.671325][ T3690] usb 1-1: Using ep0 maxpacket: 32 [ 155.747237][ T4142] usb 5-1: USB disconnect, device number 11 [ 155.791581][ T3690] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 155.832442][ T3697] usb 4-1: 5:0: cannot get min/max values for control 5 (id 5) [ 155.881337][ T3697] usb 4-1: USB disconnect, device number 8 [ 155.971542][ T3690] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 155.997019][ T3690] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 156.015439][ T3690] usb 1-1: Product: syz [ 156.034330][ T3690] usb 1-1: Manufacturer: syz [ 156.046426][ T3690] usb 1-1: SerialNumber: syz [ 156.075831][ T3690] usb 1-1: config 0 descriptor?? [ 156.111626][ T4635] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 156.230602][ T4144] usb 1-1: USB disconnect, device number 7 [ 156.361847][ T3653] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 156.370436][ T3653] Bluetooth: hci4: Injecting HCI hardware error event [ 156.379061][ T3648] Bluetooth: hci4: hardware error 0x00 [ 156.451393][ T4661] loop4: detected capacity change from 0 to 32768 [ 156.461744][ T4661] XFS: ikeep mount option is deprecated. [ 156.511825][ T4661] XFS (loop4): DAX unsupported by block device. Turning off DAX. [ 156.542441][ T4661] XFS (loop4): Mounting V5 Filesystem [ 156.591349][ T3697] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 156.709924][ T4683] loop2: detected capacity change from 0 to 256 [ 156.719467][ T4661] XFS (loop4): Ending clean mount [ 156.724714][ T4144] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 156.762753][ T4661] XFS (loop4): Quotacheck needed: Please wait. [ 156.834764][ T4661] XFS (loop4): Quotacheck: Done. [ 156.918388][ T4466] XFS (loop4): Unmounting Filesystem [ 156.951419][ T3631] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 156.961630][ T3697] usb 4-1: config 0 has an invalid interface number: 135 but max is 0 [ 156.972930][ T3697] usb 4-1: config 0 has no interface number 0 [ 156.976160][ T4144] usb 1-1: Using ep0 maxpacket: 8 [ 157.101456][ T4144] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 157.291497][ T3697] usb 4-1: New USB device found, idVendor=0830, idProduct=0080, bcdDevice=8c.e2 [ 157.396218][ T3697] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.493694][ T3697] usb 4-1: Product: syz [ 158.497988][ T3697] usb 4-1: Manufacturer: syz [ 158.502647][ T3697] usb 4-1: SerialNumber: syz [ 158.533139][ T3697] usb 4-1: config 0 descriptor?? [ 158.571628][ T3697] usb 4-1: can't set config #0, error -71 [ 158.621484][ T3697] usb 4-1: USB disconnect, device number 9 [ 158.641498][ T3631] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 158.661583][ T3631] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 158.689720][ T3631] usb 2-1: config 0 has no interface number 0 [ 158.721982][ T3631] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 158.734075][ T3648] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 158.737406][ T4144] usb 1-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 158.749657][ T4144] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.757993][ T4144] usb 1-1: Product: syz [ 158.763911][ T4144] usb 1-1: Manufacturer: syz [ 158.767861][ T3631] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 158.768601][ T4144] usb 1-1: SerialNumber: syz [ 158.785213][ T3631] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 158.788279][ T4144] usb 1-1: config 0 descriptor?? [ 158.803444][ T3631] usb 2-1: config 0 interface 52 has no altsetting 0 [ 158.846452][ T4144] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 158.961496][ T3631] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 158.980712][ T3631] usb 2-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 158.989542][ T3631] usb 2-1: Product: syz [ 159.001336][ T3631] usb 2-1: Manufacturer: syz [ 159.005982][ T3631] usb 2-1: SerialNumber: syz [ 159.022125][ T3631] usb 2-1: config 0 descriptor?? [ 159.091494][ T3750] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 159.291519][ T3631] usb 2-1: Can not set alternate setting to 1, error: -71 [ 159.305608][ T3631] synaptics_usb: probe of 2-1:0.52 failed with error -71 [ 159.343196][ T3631] usb 2-1: USB disconnect, device number 4 [ 159.351287][ T3750] usb 5-1: Using ep0 maxpacket: 8 [ 159.471469][ T3750] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 159.483678][ T3750] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 159.498846][ T3750] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 159.510561][ T3750] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 159.520990][ T3750] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 159.534501][ T3750] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 159.544723][ T3750] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.821507][ T3750] usb 5-1: usb_control_msg returned -32 [ 159.827144][ T3750] usbtmc 5-1:16.0: can't read capabilities [ 159.946739][ T4713] loop1: detected capacity change from 0 to 256 [ 159.991945][ T4645] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 160.691407][ T4723] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 160.872839][ T4142] usb 5-1: USB disconnect, device number 12 [ 160.954971][ T4722] loop1: detected capacity change from 0 to 32768 [ 160.993352][ T4722] XFS: ikeep mount option is deprecated. [ 161.075752][ T4722] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 161.084234][ T4722] XFS (loop1): Mounting V5 Filesystem [ 161.188026][ T4722] XFS (loop1): Ending clean mount [ 161.195224][ T4722] XFS (loop1): Quotacheck needed: Please wait. [ 161.248459][ T4722] XFS (loop1): Quotacheck: Done. [ 161.311382][ T3832] XFS (loop1): Unmounting Filesystem [ 161.391333][ T4144] gspca_zc3xx: reg_w_i err -71 [ 162.522456][ T4144] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 162.528793][ T4144] gspca_zc3xx: probe of 1-1:0.0 failed with error -71 [ 162.563730][ T4144] usb 1-1: USB disconnect, device number 8 [ 162.762627][ T4738] xt_hashlimit: Unknown mode mask 100000, kernel too old? [ 164.706342][ T4770] loop0: detected capacity change from 0 to 1024 [ 164.728430][ T4770] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 164.954841][ T4761] loop4: detected capacity change from 0 to 32768 [ 164.981997][ T4761] XFS: ikeep mount option is deprecated. [ 165.135910][ T4761] XFS (loop4): DAX unsupported by block device. Turning off DAX. [ 165.179811][ T4761] XFS (loop4): Mounting V5 Filesystem [ 165.330502][ T4761] XFS (loop4): Ending clean mount [ 165.353410][ T4761] XFS (loop4): Quotacheck needed: Please wait. [ 165.458269][ T4761] XFS (loop4): Quotacheck: Done. [ 165.616900][ T4466] XFS (loop4): Unmounting Filesystem [ 167.775057][ T4816] device sit0 entered promiscuous mode [ 168.472167][ T3631] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 168.912181][ T3631] usb 4-1: config 0 has an invalid interface number: 52 but max is 0 [ 168.971110][ T3631] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 169.192114][ T3631] usb 4-1: config 0 has no interface number 0 [ 169.198254][ T3631] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 169.209795][ T3631] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 169.220320][ T3631] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 169.235335][ T3631] usb 4-1: config 0 interface 52 has no altsetting 0 [ 169.265979][ T3648] Bluetooth: hci5: unexpected event for opcode 0x2012 [ 169.420781][ T3631] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 169.437755][ T3631] usb 4-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 169.466582][ T3631] usb 4-1: Product: syz [ 169.480971][ T3631] usb 4-1: Manufacturer: syz [ 169.496909][ T3631] usb 4-1: SerialNumber: syz [ 169.562343][ T3631] usb 4-1: config 0 descriptor?? [ 169.755345][ T4849] loop0: detected capacity change from 0 to 8 [ 170.429093][ T3631] usb 4-1: Can not set alternate setting to 1, error: -71 [ 170.436633][ T3631] synaptics_usb: probe of 4-1:0.52 failed with error -71 [ 170.456120][ T3631] usb 4-1: USB disconnect, device number 10 [ 170.598702][ T4851] bridge0: port 3(hsr_slave_1) entered blocking state [ 170.621023][ T4851] bridge0: port 3(hsr_slave_1) entered disabled state [ 171.027756][ T4864] loop3: detected capacity change from 0 to 256 [ 172.293030][ T4876] loop3: detected capacity change from 0 to 8 [ 172.451714][ T3697] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 172.721340][ T3697] usb 5-1: Using ep0 maxpacket: 8 [ 172.861468][ T3697] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 172.872782][ T3697] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 172.895525][ T3697] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 172.924147][ T3697] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 172.950779][ T3697] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 172.988001][ T3697] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 173.001391][ T3697] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.277451][ T3697] usb 5-1: usb_control_msg returned -32 [ 173.283194][ T3697] usbtmc 5-1:16.0: can't read capabilities [ 173.321600][ T3648] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 173.330341][ T3648] Bluetooth: hci5: Injecting HCI hardware error event [ 173.340998][ T3653] Bluetooth: hci5: hardware error 0x00 [ 173.904769][ T4910] loop3: detected capacity change from 0 to 256 [ 174.191381][ T4912] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 174.326664][ T4145] usb 5-1: USB disconnect, device number 13 [ 175.401587][ T3653] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 175.481389][ T3653] Bluetooth: hci1: command tx timeout [ 175.810468][ T4938] loop3: detected capacity change from 0 to 256 [ 175.943206][ T4934] loop4: detected capacity change from 0 to 4096 [ 175.985396][ T4934] ntfs3: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿ18446744073709551615' [ 176.190304][ T4946] loop2: detected capacity change from 0 to 8 [ 177.602402][ T4142] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 178.371475][ T4142] usb 3-1: Using ep0 maxpacket: 8 [ 178.491506][ T4142] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 178.505450][ T4142] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 178.525637][ T4142] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 178.555941][ T4142] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 178.691752][ T4142] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 178.705783][ T4142] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 178.721498][ T4142] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.835261][ T4973] loop0: detected capacity change from 0 to 1024 [ 179.144095][ T4974] loop3: detected capacity change from 0 to 8 [ 179.202991][ T4973] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 179.646377][ T4142] usb 3-1: usb_control_msg returned -32 [ 179.652362][ T4142] usbtmc 3-1:16.0: can't read capabilities [ 179.768622][ T4980] program syz.1.331 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 179.828782][ T4980] loop1: detected capacity change from 0 to 2048 [ 179.848908][ T4980] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 180.027397][ T4985] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 180.139469][ T4980] futex_wake_op: syz.1.331 tries to shift op by -1; fix this program [ 180.151995][ T4991] xt_hashlimit: Unknown mode mask 100000, kernel too old? [ 180.248239][ T26] audit: type=1326 audit(1729337170.996:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4983 comm="syz.0.333" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa7a8f7dff9 code=0x0 [ 180.681388][ T3658] Bluetooth: hci0: command tx timeout [ 181.157944][ T4999] loop3: detected capacity change from 0 to 8 [ 181.818865][ T4145] usb 3-1: USB disconnect, device number 8 [ 182.070275][ T5005] loop3: detected capacity change from 0 to 8 [ 184.388981][ T5024] loop3: detected capacity change from 0 to 8 [ 185.272337][ T5032] xt_hashlimit: Unknown mode mask 100000, kernel too old? [ 185.621567][ T3689] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 186.071850][ T3689] usb 4-1: Using ep0 maxpacket: 8 [ 186.144183][ T5043] loop0: detected capacity change from 0 to 8 [ 186.911417][ T3689] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 186.919684][ T3689] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 186.929767][ T5047] loop4: detected capacity change from 0 to 8 [ 186.963877][ T3689] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 187.011723][ T3689] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 187.037136][ T3689] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 187.060837][ T3689] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 187.081029][ T3689] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.351344][ T3689] usb 4-1: usb_control_msg returned -32 [ 187.358846][ T3689] usbtmc 4-1:16.0: can't read capabilities [ 187.367850][ T5058] program syz.0.356 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 187.478843][ T5059] loop0: detected capacity change from 0 to 2048 [ 187.514666][ T5059] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 187.579713][ T5063] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 187.674413][ T5059] futex_wake_op: syz.0.356 tries to shift op by -1; fix this program [ 188.241012][ T5072] input: syz0 as /devices/virtual/input/input8 [ 188.871111][ T5082] loop0: detected capacity change from 0 to 8 [ 189.618589][ T4142] usb 4-1: USB disconnect, device number 11 [ 190.047939][ T3631] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 190.622010][ T3631] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 190.659389][ T3631] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.761351][ T3631] usb 3-1: Product: syz [ 190.766562][ T3631] usb 3-1: Manufacturer: syz [ 190.774568][ T3631] usb 3-1: SerialNumber: syz [ 190.830771][ T3631] usb 3-1: config 0 descriptor?? [ 190.910007][ T5109] program syz.4.372 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 190.952024][ T5109] loop4: detected capacity change from 0 to 2048 [ 191.013795][ T5109] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 191.081799][ T5112] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 191.220866][ T5117] futex_wake_op: syz.4.372 tries to shift op by -1; fix this program [ 191.371827][ T3631] usb 3-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 191.379745][ T3631] usb 3-1: Firmware version (0.0) predates our first public release. [ 191.428734][ T5119] loop3: detected capacity change from 0 to 8 [ 191.487615][ T3631] usb 3-1: Please update to version 0.2 or newer [ 192.002785][ T3631] usb 3-1: USB disconnect, device number 9 [ 192.506168][ T5132] input: syz0 as /devices/virtual/input/input9 [ 192.521451][ T4142] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 192.762421][ T4142] usb 4-1: Using ep0 maxpacket: 8 [ 192.881562][ T4142] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 192.906066][ T4142] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 192.962898][ T4142] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 193.017194][ T4142] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 193.062914][ T4142] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 193.106547][ T4142] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 193.150314][ T4142] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.511452][ T4142] usb 4-1: usb_control_msg returned -32 [ 193.517072][ T4142] usbtmc 4-1:16.0: can't read capabilities [ 193.550236][ T5142] fuse: Bad value for 'fd' [ 194.731707][ T5159] loop2: detected capacity change from 0 to 8 [ 196.573280][ T3689] usb 4-1: USB disconnect, device number 12 [ 197.739385][ T5180] input: syz0 as /devices/virtual/input/input10 [ 198.170801][ T5192] program syz.4.397 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 198.290181][ T5192] loop4: detected capacity change from 0 to 2048 [ 198.552121][ T5192] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 199.242917][ T5202] loop1: detected capacity change from 0 to 8 [ 199.257292][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.275209][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.311020][ T5206] loop3: detected capacity change from 0 to 8 [ 200.833579][ T5204] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 200.956695][ T5207] futex_wake_op: syz.4.397 tries to shift op by -1; fix this program [ 201.532391][ T3750] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 201.942153][ T3750] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 201.978538][ T3750] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 202.155518][ T3750] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 202.257775][ T3750] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 202.301254][ T3750] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 202.357578][ T3750] usb 4-1: config 0 interface 0 has no altsetting 0 [ 202.541333][ T4142] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 202.591571][ T3750] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 202.601574][ T3750] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 202.632743][ T3750] usb 4-1: Product: syz [ 202.637096][ T3750] usb 4-1: Manufacturer: syz [ 202.641814][ T3750] usb 4-1: SerialNumber: syz [ 202.646677][ T5229] input: syz0 as /devices/virtual/input/input11 [ 202.654108][ T3750] usb 4-1: config 0 descriptor?? [ 202.681559][ T5214] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 202.700320][ T5233] device syzkaller0 entered promiscuous mode [ 202.712873][ T3750] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 202.731600][ T4142] usb 3-1: device descriptor read/64, error -71 [ 202.748306][ T3750] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 203.001805][ T4142] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 203.108974][ T3631] usb 4-1: USB disconnect, device number 13 [ 203.159442][ T3631] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 203.231387][ T4142] usb 3-1: device descriptor read/64, error -71 [ 203.351523][ T4142] usb usb3-port1: attempt power cycle [ 203.694216][ T5246] loop0: detected capacity change from 0 to 8 [ 203.851415][ T4142] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 203.971984][ T4142] usb 3-1: device descriptor read/8, error -71 [ 204.303286][ T4142] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 204.401490][ T4142] usb 3-1: device descriptor read/8, error -71 [ 204.521503][ T4142] usb usb3-port1: unable to enumerate USB device [ 206.494348][ T3658] Bluetooth: Wrong link type (-22) [ 206.499574][ T3658] Bluetooth: hci0: link tx timeout [ 206.506605][ T3658] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 206.514566][ T3658] Bluetooth: hci0: link tx timeout [ 206.519707][ T3658] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 207.685770][ T5274] program syz.3.425 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 207.766406][ T5274] loop3: detected capacity change from 0 to 2048 [ 207.791570][ T5274] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 207.825171][ T5277] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 207.909532][ T5280] futex_wake_op: syz.3.425 tries to shift op by -1; fix this program [ 208.611258][ T3658] Bluetooth: hci0: command tx timeout [ 208.934295][ T5284] loop1: detected capacity change from 0 to 4096 [ 208.976895][ T5284] ntfs3: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿ18446744073709551615' [ 209.903491][ T5295] loop4: detected capacity change from 0 to 8 [ 210.044848][ T5296] loop0: detected capacity change from 0 to 8 [ 214.181008][ T5318] input: syz0 as /devices/virtual/input/input12 [ 214.410865][ T5323] program syz.4.442 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 214.658935][ T5327] loop4: detected capacity change from 0 to 2048 [ 214.782674][ T5327] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 214.819272][ T5333] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 214.833681][ T125] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 214.854597][ T5335] loop1: detected capacity change from 0 to 1024 [ 214.961741][ T5335] EXT4-fs: Ignoring removed orlov option [ 214.995321][ T5335] EXT4-fs: Ignoring removed bh option [ 215.002082][ T5327] futex_wake_op: syz.4.442 tries to shift op by -1; fix this program [ 215.046446][ T5335] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 216.237316][ T5346] loop3: detected capacity change from 0 to 8 [ 216.765888][ T125] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 216.791277][ T125] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.809569][ T125] usb 1-1: Product: syz [ 216.839097][ T125] usb 1-1: Manufacturer: syz [ 216.884776][ T125] usb 1-1: SerialNumber: syz [ 216.893453][ T3658] Bluetooth: Wrong link type (-22) [ 216.900137][ T3658] Bluetooth: hci0: link tx timeout [ 216.906414][ T3658] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 216.917088][ T3658] Bluetooth: hci0: link tx timeout [ 216.923177][ T3658] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 217.274296][ T125] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 217.427503][ T5354] loop3: detected capacity change from 0 to 256 [ 217.473507][ T3832] EXT4-fs (loop1): unmounting filesystem. [ 217.579424][ T5354] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 217.620511][ T7] usb 1-1: USB disconnect, device number 9 [ 217.637405][ T125] usb 1-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed [ 217.666581][ T7] usb 1-1: ath9k_htc: USB layer deinitialized [ 217.702850][ T5356] netlink: 4 bytes leftover after parsing attributes in process `syz.2.452'. [ 218.113485][ T4145] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 218.462001][ T5369] netlink: 4 bytes leftover after parsing attributes in process `syz.1.455'. [ 220.272676][ T5396] loop4: detected capacity change from 0 to 8 [ 222.061543][ T4145] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 222.069805][ T4145] usb 4-1: can't read configurations, error -71 [ 222.201659][ T5402] program syz.3.464 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 222.246266][ T5402] loop3: detected capacity change from 0 to 2048 [ 222.301417][ T5402] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 222.345556][ T5412] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 222.431939][ T5415] futex_wake_op: syz.3.464 tries to shift op by -1; fix this program [ 222.561397][ T7] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 222.684024][ T4144] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 222.848982][ T5424] loop2: detected capacity change from 0 to 512 [ 222.858812][ T5424] ext4: Unknown parameter 'fsname' [ 222.902201][ T4144] usb 1-1: device descriptor read/64, error -71 [ 222.911798][ T3660] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 223.102261][ T7] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 223.129763][ T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.181362][ T4144] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 223.196395][ T7] usb 5-1: Product: syz [ 223.238172][ T7] usb 5-1: Manufacturer: syz [ 223.284462][ T7] usb 5-1: SerialNumber: syz [ 223.847381][ T4144] usb 1-1: device descriptor read/64, error -71 [ 223.902541][ T7] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 224.078005][ T5431] loop1: detected capacity change from 0 to 4096 [ 224.100058][ T5431] ntfs3: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿ18446744073709551615' [ 224.114713][ T4144] usb usb1-port1: attempt power cycle [ 225.001710][ T7] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 225.081404][ T4144] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 225.291941][ T3653] Bluetooth: Wrong link type (-22) [ 225.298432][ T3653] Bluetooth: hci0: link tx timeout [ 225.303790][ T3653] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 225.311886][ T3653] Bluetooth: hci0: link tx timeout [ 225.317291][ T3653] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 225.547798][ T5408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.632157][ T5408] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.827908][ T5408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.861679][ T4144] usb 1-1: device descriptor read/8, error -71 [ 225.868634][ T5408] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.903201][ T4434] usb 5-1: USB disconnect, device number 14 [ 226.041393][ T7] usb 5-1: Service connection timeout for: 256 [ 226.047598][ T7] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 226.073892][ T7] ath9k_htc: Failed to initialize the device [ 226.090459][ T4434] usb 5-1: ath9k_htc: USB layer deinitialized [ 226.548287][ T5467] program syz.2.484 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 227.232926][ T5472] loop2: detected capacity change from 0 to 2048 [ 227.338889][ T5472] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 227.390735][ T5482] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 228.775758][ T5472] futex_wake_op: syz.2.484 tries to shift op by -1; fix this program [ 229.861387][ T4144] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 230.302794][ T4144] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 230.322132][ T4144] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.330151][ T4144] usb 1-1: Product: syz [ 230.344252][ T5507] netlink: 12 bytes leftover after parsing attributes in process `syz.3.495'. [ 230.367793][ T4144] usb 1-1: Manufacturer: syz [ 230.383481][ T4144] usb 1-1: SerialNumber: syz [ 230.397652][ T4144] usb 1-1: config 0 descriptor?? [ 230.412144][ T5507] netlink: 12 bytes leftover after parsing attributes in process `syz.3.495'. [ 231.511357][ T4144] usb 1-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 231.519245][ T4144] usb 1-1: Firmware version (0.0) predates our first public release. [ 231.557066][ T4144] usb 1-1: Please update to version 0.2 or newer [ 232.685563][ T4144] usb 1-1: USB disconnect, device number 13 [ 232.979743][ T5542] xt_hashlimit: Unknown mode mask 100000, kernel too old? [ 233.811489][ T5550] program syz.0.509 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 233.913530][ T5550] loop0: detected capacity change from 0 to 2048 [ 233.924671][ T5555] tipc: Enabling of bearer rejected, failed to enable media [ 233.961560][ T5550] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 234.022193][ T5558] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 234.127885][ T5561] futex_wake_op: syz.0.509 tries to shift op by -1; fix this program [ 234.485140][ T3697] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 235.778396][ T3697] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.bb [ 235.807844][ T3697] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.859018][ T3697] usb 2-1: Product: syz [ 235.884335][ T3697] usb 2-1: Manufacturer: syz [ 235.918140][ T3697] usb 2-1: SerialNumber: syz [ 235.955518][ T3697] usb 2-1: config 0 descriptor?? [ 236.013196][ T3697] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 236.233274][ T5579] xt_hashlimit: Unknown mode mask 100000, kernel too old? [ 236.947082][ T3697] gspca_sunplus: reg_r err -71 [ 236.970246][ T3697] usb 2-1: USB disconnect, device number 5 [ 237.386479][ T4145] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 238.050529][ T4145] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 238.060544][ T4145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.070422][ T4145] usb 1-1: Product: syz [ 238.076459][ T4145] usb 1-1: Manufacturer: syz [ 238.081109][ T4145] usb 1-1: SerialNumber: syz [ 238.147220][ T4145] usb 1-1: config 0 descriptor?? [ 238.869377][ T5609] device vlan2 entered promiscuous mode [ 238.884297][ T5609] device batadv0 entered promiscuous mode [ 238.911012][ T5609] device batadv0 left promiscuous mode [ 239.001469][ T4145] usb 1-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 239.009326][ T4145] usb 1-1: Firmware version (0.0) predates our first public release. [ 239.029380][ T4145] usb 1-1: Please update to version 0.2 or newer [ 239.093894][ T5615] loop4: detected capacity change from 0 to 8 [ 239.830921][ T4145] usb 1-1: USB disconnect, device number 14 [ 240.605763][ T5643] overlayfs: failed to resolve './file1': -2 [ 242.372907][ T5659] netlink: 8 bytes leftover after parsing attributes in process `syz.2.544'. [ 242.384124][ T5659] netlink: 48 bytes leftover after parsing attributes in process `syz.2.544'. [ 242.565191][ T125] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 242.694538][ T5667] loop3: detected capacity change from 0 to 8 [ 242.731370][ T4434] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 242.971941][ T125] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 242.998666][ T125] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 243.096299][ T125] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 243.203334][ T125] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 243.305793][ T125] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 243.361592][ T4434] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 243.377857][ T4434] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.391030][ T125] usb 5-1: config 0 interface 0 has no altsetting 0 [ 243.400273][ T4434] usb 2-1: Product: syz [ 243.413339][ T4434] usb 2-1: Manufacturer: syz [ 243.417966][ T4434] usb 2-1: SerialNumber: syz [ 243.444570][ T4434] usb 2-1: config 0 descriptor?? [ 243.601570][ T125] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 243.624148][ T125] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 243.640458][ T125] usb 5-1: Product: syz [ 243.645877][ T125] usb 5-1: Manufacturer: syz [ 243.650601][ T125] usb 5-1: SerialNumber: syz [ 243.664354][ T125] usb 5-1: config 0 descriptor?? [ 243.686647][ T5652] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 243.702707][ T125] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 243.741484][ T125] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 244.124500][ T4434] usb 2-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 244.143094][ T4434] usb 2-1: Firmware version (0.0) predates our first public release. [ 244.167900][ T4434] usb 2-1: Please update to version 0.2 or newer [ 244.221177][ T4145] usb 5-1: USB disconnect, device number 15 [ 244.418647][ T4145] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 245.210571][ T4434] usb 2-1: USB disconnect, device number 6 [ 245.318434][ T5697] overlayfs: failed to resolve './file1': -2 [ 247.322275][ T5715] netlink: 4 bytes leftover after parsing attributes in process `syz.1.561'. [ 247.546236][ T4434] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 248.441510][ T5726] tmpfs: Bad value for 'mpol' [ 248.461149][ T5726] input: syz0 as /devices/virtual/input/input13 [ 248.750889][ T4434] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 248.760461][ T4434] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.772016][ T4434] usb 1-1: config 0 descriptor?? [ 250.346435][ T5747] overlayfs: failed to resolve './file1': -2 [ 250.526189][ T5746] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 250.951513][ T4434] pegasus: probe of 1-1:0.0 failed with error -121 [ 251.213010][ T4434] usb 1-1: USB disconnect, device number 15 [ 251.243415][ T3691] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 251.598919][ T5755] loop1: detected capacity change from 0 to 512 [ 251.658564][ T5755] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 251.675981][ T5755] ext4 filesystem being mounted at /125/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 251.715915][ T5761] input: syz0 as /devices/virtual/input/input14 [ 251.931431][ T3691] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 252.004955][ T3691] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 252.016173][ T3691] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 252.027434][ T3691] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 252.038500][ T3691] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 252.356920][ T3691] usb 4-1: config 0 interface 0 has no altsetting 0 [ 252.856211][ T5774] netlink: 'syz.4.576': attribute type 1 has an invalid length. [ 252.925205][ T3691] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 252.971317][ T3691] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 253.018215][ T3691] usb 4-1: Product: syz [ 253.030992][ T3691] usb 4-1: Manufacturer: syz [ 253.041434][ T3691] usb 4-1: SerialNumber: syz [ 255.088354][ T3691] usb 4-1: config 0 descriptor?? [ 255.152507][ T5787] netlink: 8 bytes leftover after parsing attributes in process `syz.2.581'. [ 255.188267][ T5787] netlink: 48 bytes leftover after parsing attributes in process `syz.2.581'. [ 255.321517][ T3691] usb 4-1: can't set config #0, error -71 [ 255.642527][ T5793] loop0: detected capacity change from 0 to 8 [ 255.698742][ T3691] usb 4-1: USB disconnect, device number 16 [ 256.164669][ T3832] EXT4-fs (loop1): unmounting filesystem. [ 256.242885][ T5805] loop3: detected capacity change from 0 to 512 [ 256.250956][ T5805] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 256.349517][ T5805] EXT4-fs (loop3): 1 orphan inode deleted [ 256.366429][ T5809] input: syz0 as /devices/virtual/input/input15 [ 256.383933][ T5805] EXT4-fs (loop3): 1 truncate cleaned up [ 256.389615][ T5805] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 256.439402][ T5805] EXT4-fs error (device loop3): ext4_search_dir:1549: inode #12: block 7: comm syz.3.589: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0 [ 256.494288][ T4145] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 256.509330][ T5805] EXT4-fs (loop3): Remounting filesystem read-only [ 256.623283][ T3643] EXT4-fs (loop3): unmounting filesystem. [ 256.651354][ T4434] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 256.762197][ T4145] usb 5-1: Using ep0 maxpacket: 8 [ 256.869092][ T5800] loop0: detected capacity change from 0 to 32768 [ 256.922155][ T5800] XFS (loop0): Mounting V5 Filesystem [ 256.955406][ T5800] XFS (loop0): Ending clean mount [ 256.969009][ T5800] XFS (loop0): Quotacheck needed: Please wait. [ 257.017260][ T5800] XFS (loop0): Quotacheck: Done. [ 257.041350][ T4145] usb 5-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62 [ 257.055096][ T4145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.064164][ T4145] usb 5-1: Product: syz [ 257.068318][ T4145] usb 5-1: Manufacturer: syz [ 257.071427][ T4434] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 257.073586][ T4145] usb 5-1: SerialNumber: syz [ 257.089317][ T4145] usb 5-1: config 0 descriptor?? [ 257.094466][ T3691] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 257.098357][ T4434] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 257.177230][ T4434] usb 2-1: config 0 has no interface number 0 [ 257.886491][ T3658] Bluetooth: hci1: command 0x0406 tx timeout [ 257.917172][ T4145] usb 5-1: selecting invalid altsetting 3 [ 257.931731][ T4434] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 257.934808][ T4145] comedi comedi0: could not set alternate setting 3 in high speed [ 257.962097][ T4434] usb 2-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 257.969351][ T4145] usbdux 5-1:0.0: driver 'usbdux' failed to auto-configure device. [ 257.983572][ T4434] usb 2-1: Product: syz [ 257.988562][ T4434] usb 2-1: Manufacturer: syz [ 257.994218][ T4145] usbdux: probe of 5-1:0.0 failed with error -22 [ 258.001600][ T4434] usb 2-1: SerialNumber: syz [ 258.008162][ T4145] usb 5-1: USB disconnect, device number 16 [ 258.042553][ T4434] usb 2-1: config 0 descriptor?? [ 258.056207][ T5830] loop2: detected capacity change from 0 to 4096 [ 258.064210][ T3647] XFS (loop0): Unmounting Filesystem [ 258.094115][ T4434] usb 2-1: selecting invalid altsetting 1 [ 258.107245][ T4434] usb 2-1: Can not set alternate setting to 1, error: -22 [ 258.116476][ T4434] synaptics_usb: probe of 2-1:0.52 failed with error -22 [ 258.231659][ T3691] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 258.247468][ T3691] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.266217][ T3691] usb 4-1: Product: syz [ 258.271552][ T3691] usb 4-1: Manufacturer: syz [ 258.281452][ T3691] usb 4-1: SerialNumber: syz [ 258.333786][ T3691] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 258.777891][ T5842] loop2: detected capacity change from 0 to 8 [ 258.811353][ T4141] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 259.071960][ T4145] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 259.201661][ T4141] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 259.259882][ T4141] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 259.398481][ T4141] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 259.438058][ T4141] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 259.445299][ T5844] vcan0: Master is either lo or non-ether device [ 259.457764][ T4141] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 259.477888][ T4141] usb 1-1: config 0 interface 0 has no altsetting 0 [ 259.528090][ T4142] usb 2-1: USB disconnect, device number 7 [ 259.604387][ T5848] loop2: detected capacity change from 0 to 512 [ 259.656177][ T5848] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 259.670348][ T4141] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 259.691806][ T5848] ext4 filesystem being mounted at /140/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 259.748193][ T4141] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 259.757999][ T5815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 259.797965][ T5855] input: syz0 as /devices/virtual/input/input16 [ 259.808003][ T4141] usb 1-1: Product: syz [ 259.827515][ T4141] usb 1-1: Manufacturer: syz [ 259.856167][ T4141] usb 1-1: SerialNumber: syz [ 259.886405][ T4141] usb 1-1: config 0 descriptor?? [ 259.897744][ T5815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 259.971541][ T5832] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 259.994973][ T4141] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 260.021117][ T4141] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 260.124835][ T5815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 260.143927][ T5815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 260.164167][ T4142] usb 4-1: USB disconnect, device number 17 [ 260.361677][ T4145] usb 4-1: Service connection timeout for: 256 [ 260.377065][ T4145] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services [ 260.417430][ T4145] ath9k_htc: Failed to initialize the device [ 260.456300][ T4142] usb 4-1: ath9k_htc: USB layer deinitialized [ 260.492049][ T3691] usb 1-1: USB disconnect, device number 16 [ 260.518573][ T3691] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 260.528968][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.535414][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.407531][ T5869] loop3: detected capacity change from 0 to 4096 [ 261.909067][ T3641] EXT4-fs (loop2): unmounting filesystem. [ 261.995114][ T26] audit: type=1800 audit(1729337252.746:15): pid=5875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.605" name="bus" dev="loop3" ino=33 res=0 errno=0 [ 262.496140][ T5886] loop0: detected capacity change from 0 to 8 [ 263.795850][ T5888] overlayfs: failed to resolve './file0': -2 [ 264.168126][ T5890] loop1: detected capacity change from 0 to 512 [ 264.211709][ T5890] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 264.285946][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x7 [ 264.294120][ T5429] hid-generic 0000:0000:0000.0001: ignoring exceeding usage max [ 264.304991][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.312719][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.339986][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.360045][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.375558][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.390829][ T5890] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 264.419975][ T5890] ext4 filesystem being mounted at /128/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 264.420655][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.441147][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.449335][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.457109][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.465471][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.473154][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.480802][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.584723][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.735565][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.821879][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.933588][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.953704][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.967850][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.985246][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 264.992989][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 265.000445][ T5429] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 265.013824][ T5429] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 265.069260][ T3832] EXT4-fs (loop1): unmounting filesystem. [ 265.155091][ T5909] netlink: 'syz.3.619': attribute type 4 has an invalid length. [ 265.507371][ T3631] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 265.985934][ T3631] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 266.012004][ T3631] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 266.100202][ T3631] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 266.169498][ T3631] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 266.224486][ T5923] loop3: detected capacity change from 0 to 2048 [ 266.243038][ T3631] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 266.263900][ T5923] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 266.278327][ T3631] usb 5-1: config 0 interface 0 has no altsetting 0 [ 266.330858][ T5923] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 266.429528][ T5930] input: syz0 as /devices/virtual/input/input17 [ 266.492629][ T3631] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 266.506506][ T3631] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 266.531135][ T3631] usb 5-1: Product: syz [ 266.541465][ T3631] usb 5-1: Manufacturer: syz [ 266.550562][ T3631] usb 5-1: SerialNumber: syz [ 266.562669][ T26] audit: type=1800 audit(1729337257.316:16): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.624" name="bus" dev="loop3" ino=1377 res=0 errno=0 [ 266.566954][ T3631] usb 5-1: config 0 descriptor?? [ 266.621603][ T5905] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 266.642882][ T3631] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 266.789470][ T5934] loop1: detected capacity change from 0 to 8 [ 266.919047][ T3631] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 267.310129][ T3631] usb 5-1: USB disconnect, device number 17 [ 267.332598][ T3631] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 267.342557][ T56] kworker/u4:4: attempt to access beyond end of device [ 267.342557][ T56] loop3: rw=1, sector=2048, nr_sectors = 1 limit=2048 [ 267.367407][ T56] Buffer I/O error on dev loop3, logical block 2048, lost async page write [ 267.377182][ T56] kworker/u4:4: attempt to access beyond end of device [ 267.377182][ T56] loop3: rw=1, sector=2048, nr_sectors = 1 limit=2048 [ 267.392159][ T56] Buffer I/O error on dev loop3, logical block 2048, lost async page write [ 267.400821][ T56] kworker/u4:4: attempt to access beyond end of device [ 267.400821][ T56] loop3: rw=1, sector=2048, nr_sectors = 1 limit=2048 [ 267.416088][ T56] Buffer I/O error on dev loop3, logical block 2048, lost async page write [ 267.425259][ T56] kworker/u4:4: attempt to access beyond end of device [ 267.425259][ T56] loop3: rw=1, sector=2048, nr_sectors = 1 limit=2048 [ 267.439903][ T56] Buffer I/O error on dev loop3, logical block 2048, lost async page write [ 267.448972][ T56] kworker/u4:4: attempt to access beyond end of device [ 267.448972][ T56] loop3: rw=1, sector=2048, nr_sectors = 1 limit=2048 [ 267.464497][ T56] Buffer I/O error on dev loop3, logical block 2048, lost async page write [ 267.487924][ T56] kworker/u4:4: attempt to access beyond end of device [ 267.487924][ T56] loop3: rw=1, sector=2049, nr_sectors = 1 limit=2048 [ 267.507959][ T56] Buffer I/O error on dev loop3, logical block 2049, lost async page write [ 267.516987][ T56] kworker/u4:4: attempt to access beyond end of device [ 267.516987][ T56] loop3: rw=1, sector=2049, nr_sectors = 1 limit=2048 [ 267.535041][ T56] Buffer I/O error on dev loop3, logical block 2049, lost async page write [ 267.551567][ T56] kworker/u4:4: attempt to access beyond end of device [ 267.551567][ T56] loop3: rw=1, sector=2049, nr_sectors = 1 limit=2048 [ 267.566799][ T56] Buffer I/O error on dev loop3, logical block 2049, lost async page write [ 267.575828][ T56] kworker/u4:4: attempt to access beyond end of device [ 267.575828][ T56] loop3: rw=1, sector=2049, nr_sectors = 1 limit=2048 [ 267.590563][ T56] Buffer I/O error on dev loop3, logical block 2049, lost async page write [ 267.604059][ T56] kworker/u4:4: attempt to access beyond end of device [ 267.604059][ T56] loop3: rw=1, sector=2049, nr_sectors = 1 limit=2048 [ 267.617800][ T56] Buffer I/O error on dev loop3, logical block 2049, lost async page write [ 267.631312][ T3691] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 267.891266][ T3691] usb 3-1: Using ep0 maxpacket: 8 [ 267.896440][ T5950] loop0: detected capacity change from 0 to 512 [ 267.934425][ T5950] EXT4-fs: Ignoring removed mblk_io_submit option [ 268.011522][ T3691] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 268.030096][ T3691] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 268.042826][ T5950] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 268.203758][ T3691] usb 3-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 268.908281][ T5950] EXT4-fs (loop0): 1 truncate cleaned up [ 268.914414][ T5950] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 268.968385][ T3691] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 268.977532][ T3691] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.032274][ T3691] usbtmc 3-1:16.0: bulk endpoints not found [ 269.052146][ T3647] EXT4-fs (loop0): unmounting filesystem. [ 269.236723][ T3691] usb 3-1: USB disconnect, device number 14 [ 269.301369][ T5979] input: syz0 as /devices/virtual/input/input18 [ 269.715017][ T1136] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 270.861365][ T1136] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 270.869884][ T1136] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 270.931507][ T1136] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 270.950278][ T6007] netlink: 12 bytes leftover after parsing attributes in process `syz.0.653'. [ 270.973405][ T1136] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 271.026925][ T1136] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 271.043947][ T6012] netlink: 8 bytes leftover after parsing attributes in process `syz.3.655'. [ 271.070351][ T1136] usb 5-1: config 0 interface 0 has no altsetting 0 [ 271.265063][ T1136] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 271.308009][ T1136] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 271.316757][ T1136] usb 5-1: Product: syz [ 271.320947][ T1136] usb 5-1: Manufacturer: syz [ 271.348910][ T1136] usb 5-1: SerialNumber: syz [ 271.386056][ T1136] usb 5-1: config 0 descriptor?? [ 271.402074][ T5984] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 271.428937][ T1136] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 271.513208][ T1136] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 272.464763][ T6037] input: syz0 as /devices/virtual/input/input19 [ 272.464976][ T3697] usb 5-1: USB disconnect, device number 18 [ 272.508083][ T3697] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 272.570285][ T6048] loop2: detected capacity change from 0 to 4096 [ 272.712190][ T6049] netlink: 8 bytes leftover after parsing attributes in process `syz.3.671'. [ 272.819771][ T6054] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 273.161006][ T6062] loop0: detected capacity change from 0 to 2048 [ 273.168175][ T6059] loop2: detected capacity change from 0 to 4096 [ 273.228455][ T6062] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 273.258161][ T6062] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 273.278209][ T6065] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 273.308977][ T6062] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 273.447078][ T6062] ================================================================== [ 273.447094][ T6062] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x5e9/0x7a0 [ 273.447141][ T6062] Write of size 4 at addr ffff88805a17b7f0 by task syz.0.675/6062 [ 273.447157][ T6062] [ 273.447167][ T6062] CPU: 0 PID: 6062 Comm: syz.0.675 Not tainted 6.1.113-syzkaller #0 [ 273.447188][ T6062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 273.447200][ T6062] Call Trace: [ 273.447206][ T6062] [ 273.447213][ T6062] dump_stack_lvl+0x1e3/0x2cb [ 273.447234][ T6062] ? nf_tcp_handle_invalid+0x642/0x642 [ 273.447252][ T6062] ? panic+0x764/0x764 [ 273.447275][ T6062] ? _printk+0xd1/0x111 [ 273.447295][ T6062] ? __virt_addr_valid+0x17f/0x530 [ 273.447321][ T6062] ? __virt_addr_valid+0x17f/0x530 [ 273.447347][ T6062] print_report+0x15f/0x4f0 [ 273.447373][ T6062] ? __virt_addr_valid+0x17f/0x530 [ 273.447399][ T6062] ? __virt_addr_valid+0x17f/0x530 [ 273.447422][ T6062] ? __virt_addr_valid+0x45b/0x530 [ 273.447447][ T6062] ? __phys_addr+0xb6/0x170 [ 273.447472][ T6062] ? udf_write_aext+0x5e9/0x7a0 [ 273.447497][ T6062] kasan_report+0x136/0x160 [ 273.447516][ T6062] ? udf_write_aext+0x5e9/0x7a0 [ 273.447544][ T6062] udf_write_aext+0x5e9/0x7a0 [ 273.447573][ T6062] udf_add_entry+0x17b7/0x3350 [ 273.447607][ T6062] ? rcu_is_watching+0x11/0xb0 [ 273.447629][ T6062] ? udf_add_nondir+0x5d0/0x5d0 [ 273.447656][ T6062] ? udf_new_inode+0xaf9/0xf10 [ 273.447691][ T6062] udf_mkdir+0x1a8/0xaa0 [ 273.447723][ T6062] ? udf_symlink+0x1690/0x1690 [ 273.447749][ T6062] ? from_kgid+0x1a3/0x730 [ 273.447773][ T6062] ? make_kgid+0x6f0/0x6f0 [ 273.447800][ T6062] ? inode_permission+0xf7/0x450 [ 273.447822][ T6062] ? bpf_lsm_inode_mkdir+0x5/0x10 [ 273.447841][ T6062] ? security_inode_mkdir+0xb4/0x100 [ 273.447881][ T6062] vfs_mkdir+0x3b6/0x590 [ 273.447909][ T6062] do_mkdirat+0x225/0x360 [ 273.447936][ T6062] ? vfs_mkdir+0x590/0x590 [ 273.447962][ T6062] ? getname_flags+0x1f9/0x4f0 [ 273.447986][ T6062] __x64_sys_mkdirat+0x85/0x90 [ 273.448012][ T6062] do_syscall_64+0x3b/0xb0 [ 273.448029][ T6062] ? clear_bhb_loop+0x45/0xa0 [ 273.448058][ T6062] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 273.448086][ T6062] RIP: 0033:0x7fa7a8f7c897 [ 273.448109][ T6062] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.448131][ T6062] RSP: 002b:00007fa7a9de0e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 273.448154][ T6062] RAX: ffffffffffffffda RBX: 00007fa7a9de0ef0 RCX: 00007fa7a8f7c897 [ 273.448170][ T6062] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 273.448185][ T6062] RBP: 0000000020000140 R08: 00000000200000c0 R09: 0000000000000000 [ 273.448199][ T6062] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000020000040 [ 273.448212][ T6062] R13: 00007fa7a9de0eb0 R14: 0000000000000000 R15: 0000000000000000 [ 273.448232][ T6062] [ 273.448240][ T6062] [ 273.448244][ T6062] Allocated by task 3781: [ 273.448252][ T6062] kasan_set_track+0x4b/0x70 [ 273.448281][ T6062] __kasan_kmalloc+0x97/0xb0 [ 273.448297][ T6062] __kmalloc_node_track_caller+0xb1/0x220 [ 273.448319][ T6062] __alloc_skb+0x135/0x670 [ 273.448345][ T6062] __netdev_alloc_skb+0xfb/0x500 [ 273.448381][ T6062] __ieee80211_beacon_get+0xc7d/0x2110 [ 273.448409][ T6062] ieee80211_beacon_get_tim+0xb1/0x5d0 [ 273.448434][ T6062] mac80211_hwsim_beacon_tx+0x1d2/0xaa0 [ 273.448455][ T6062] __iterate_interfaces+0x21e/0x4b0 [ 273.448472][ T6062] ieee80211_iterate_active_interfaces_atomic+0xd4/0x170 [ 273.448493][ T6062] mac80211_hwsim_beacon+0xd0/0x1e0 [ 273.448522][ T6062] __hrtimer_run_queues+0x5e5/0xe50 [ 273.448544][ T6062] hrtimer_run_softirq+0x196/0x2c0 [ 273.448575][ T6062] handle_softirqs+0x2ee/0xa40 [ 273.448600][ T6062] __irq_exit_rcu+0x157/0x240 [ 273.448626][ T6062] irq_exit_rcu+0x5/0x20 [ 273.448651][ T6062] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 273.448671][ T6062] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 273.448698][ T6062] [ 273.448702][ T6062] Freed by task 3781: [ 273.448710][ T6062] kasan_set_track+0x4b/0x70 [ 273.448735][ T6062] kasan_save_free_info+0x27/0x40 [ 273.448754][ T6062] ____kasan_slab_free+0xd6/0x120 [ 273.448770][ T6062] __kmem_cache_free+0x25c/0x3c0 [ 273.448790][ T6062] skb_release_data+0x5de/0x7a0 [ 273.448815][ T6062] consume_skb+0xa3/0x140 [ 273.448839][ T6062] mac80211_hwsim_beacon_tx+0x5f8/0xaa0 [ 273.448857][ T6062] __iterate_interfaces+0x21e/0x4b0 [ 273.448873][ T6062] ieee80211_iterate_active_interfaces_atomic+0xd4/0x170 [ 273.448910][ T6062] mac80211_hwsim_beacon+0xd0/0x1e0 [ 273.448938][ T6062] __hrtimer_run_queues+0x5e5/0xe50 [ 273.448960][ T6062] hrtimer_run_softirq+0x196/0x2c0 [ 273.448983][ T6062] handle_softirqs+0x2ee/0xa40 [ 273.449010][ T6062] __irq_exit_rcu+0x157/0x240 [ 273.449038][ T6062] irq_exit_rcu+0x5/0x20 [ 273.449064][ T6062] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 273.449085][ T6062] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 273.449122][ T6062] [ 273.449126][ T6062] The buggy address belongs to the object at ffff88805a17b400 [ 273.449126][ T6062] which belongs to the cache kmalloc-512 of size 512 [ 273.449141][ T6062] The buggy address is located 496 bytes to the right of [ 273.449141][ T6062] 512-byte region [ffff88805a17b400, ffff88805a17b600) [ 273.449159][ T6062] [ 273.449163][ T6062] The buggy address belongs to the physical page: [ 273.449176][ T6062] page:ffffea0001685e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5a178 [ 273.449196][ T6062] head:ffffea0001685e00 order:2 compound_mapcount:0 compound_pincount:0 [ 273.449214][ T6062] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 273.449245][ T6062] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888017c41c80 [ 273.449262][ T6062] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 273.449272][ T6062] page dumped because: kasan: bad access detected [ 273.449284][ T6062] page_owner tracks the page as allocated [ 273.449290][ T6062] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3642, tgid 3642 (syz-executor), ts 55322976013, free_ts 13825975329 [ 273.449322][ T6062] post_alloc_hook+0x18d/0x1b0 [ 273.449339][ T6062] get_page_from_freelist+0x322e/0x33b0 [ 273.449363][ T6062] __alloc_pages+0x28d/0x770 [ 273.449380][ T6062] alloc_slab_page+0x6a/0x150 [ 273.449403][ T6062] new_slab+0x84/0x2d0 [ 273.449425][ T6062] ___slab_alloc+0xc20/0x1270 [ 273.449446][ T6062] __kmem_cache_alloc_node+0x19f/0x260 [ 273.449468][ T6062] kmalloc_trace+0x26/0xe0 [ 273.449487][ T6062] __ipv6_dev_mc_inc+0x426/0xa80 [ 273.449514][ T6062] ipv6_add_dev+0xc9c/0x1180 [ 273.449535][ T6062] addrconf_notify+0x7a6/0xf60 [ 273.449553][ T6062] raw_notifier_call_chain+0xd0/0x170 [ 273.449573][ T6062] call_netdevice_notifiers+0x145/0x1b0 [ 273.449591][ T6062] register_netdevice+0x12f2/0x1720 [ 273.449615][ T6062] veth_newlink+0x7fc/0xc70 [ 273.449632][ T6062] rtnl_newlink+0x14e3/0x2050 [ 273.449657][ T6062] page last free stack trace: [ 273.449662][ T6062] free_unref_page_prepare+0xf63/0x1120 [ 273.449679][ T6062] free_unref_page+0x33/0x3e0 [ 273.449695][ T6062] free_contig_range+0x9a/0x150 [ 273.449715][ T6062] destroy_args+0xfe/0x997 [ 273.449738][ T6062] debug_vm_pgtable+0x416/0x46b [ 273.449759][ T6062] do_one_initcall+0x265/0x8f0 [ 273.449781][ T6062] do_initcall_level+0x157/0x207 [ 273.449798][ T6062] do_initcalls+0x49/0x86 [ 273.449814][ T6062] kernel_init_freeable+0x45c/0x60f [ 273.449830][ T6062] kernel_init+0x19/0x290 [ 273.449850][ T6062] ret_from_fork+0x1f/0x30 [ 273.449872][ T6062] [ 273.449876][ T6062] Memory state around the buggy address: [ 273.449884][ T6062] ffff88805a17b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 273.449896][ T6062] ffff88805a17b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 273.449908][ T6062] >ffff88805a17b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 273.449917][ T6062] ^ [ 273.449927][ T6062] ffff88805a17b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 273.449939][ T6062] ffff88805a17b880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 273.449949][ T6062] ================================================================== [ 273.472442][ T26] audit: type=1804 audit(1729337264.196:17): pid=6069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.675" name="/newroot/134/bus/bus" dev="loop0" ino=1367 res=1 errno=0 [ 273.497733][ T6062] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 273.497749][ T6062] CPU: 1 PID: 6062 Comm: syz.0.675 Not tainted 6.1.113-syzkaller #0 [ 273.497768][ T6062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 273.497778][ T6062] Call Trace: [ 273.497784][ T6062] [ 273.497791][ T6062] dump_stack_lvl+0x1e3/0x2cb [ 273.497819][ T6062] ? nf_tcp_handle_invalid+0x642/0x642 [ 273.497838][ T6062] ? panic+0x764/0x764 [ 273.497859][ T6062] ? preempt_schedule_common+0xa6/0xd0 [ 273.497881][ T6062] ? vscnprintf+0x59/0x80 [ 273.497905][ T6062] panic+0x318/0x764 [ 273.497924][ T6062] ? check_panic_on_warn+0x1d/0xa0 [ 273.497944][ T6062] ? memcpy_page_flushcache+0xfc/0xfc [ 273.497985][ T6062] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 273.498014][ T6062] ? _raw_spin_unlock+0x40/0x40 [ 273.498038][ T6062] ? print_report+0x4a3/0x4f0 [ 273.498073][ T6062] check_panic_on_warn+0x7e/0xa0 [ 273.498094][ T6062] ? udf_write_aext+0x5e9/0x7a0 [ 273.498134][ T6062] end_report+0x66/0x110 [ 273.498169][ T6062] kasan_report+0x143/0x160 [ 273.498188][ T6062] ? udf_write_aext+0x5e9/0x7a0 [ 273.498221][ T6062] udf_write_aext+0x5e9/0x7a0 [ 273.498252][ T6062] udf_add_entry+0x17b7/0x3350 [ 273.498290][ T6062] ? rcu_is_watching+0x11/0xb0 [ 273.498324][ T6062] ? udf_add_nondir+0x5d0/0x5d0 [ 273.498352][ T6062] ? udf_new_inode+0xaf9/0xf10 [ 273.498387][ T6062] udf_mkdir+0x1a8/0xaa0 [ 273.498419][ T6062] ? udf_symlink+0x1690/0x1690 [ 273.498446][ T6062] ? from_kgid+0x1a3/0x730 [ 273.498471][ T6062] ? make_kgid+0x6f0/0x6f0 [ 273.498499][ T6062] ? inode_permission+0xf7/0x450 [ 273.498522][ T6062] ? bpf_lsm_inode_mkdir+0x5/0x10 [ 273.498541][ T6062] ? security_inode_mkdir+0xb4/0x100 [ 273.498564][ T6062] vfs_mkdir+0x3b6/0x590 [ 273.498591][ T6062] do_mkdirat+0x225/0x360 [ 273.498618][ T6062] ? vfs_mkdir+0x590/0x590 [ 273.498642][ T6062] ? getname_flags+0x1f9/0x4f0 [ 273.498666][ T6062] __x64_sys_mkdirat+0x85/0x90 [ 273.498689][ T6062] do_syscall_64+0x3b/0xb0 [ 273.498706][ T6062] ? clear_bhb_loop+0x45/0xa0 [ 273.498736][ T6062] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 273.498764][ T6062] RIP: 0033:0x7fa7a8f7c897 [ 273.498780][ T6062] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.498798][ T6062] RSP: 002b:00007fa7a9de0e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 273.498820][ T6062] RAX: ffffffffffffffda RBX: 00007fa7a9de0ef0 RCX: 00007fa7a8f7c897 [ 273.498835][ T6062] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 273.498850][ T6062] RBP: 0000000020000140 R08: 00000000200000c0 R09: 0000000000000000 [ 273.498863][ T6062] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000020000040 [ 273.498877][ T6062] R13: 00007fa7a9de0eb0 R14: 0000000000000000 R15: 0000000000000000 [ 273.498898][ T6062] [ 273.499809][ T6062] Kernel Offset: disabled [ 274.595020][ T6062] Rebooting in 86400 seconds..