last executing test programs: 9.700027301s ago: executing program 1 (id=2202): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000280)=ANY=[], 0x114}], 0x1, 0x0, 0x0, 0x10}, 0x20008045) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x220000, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) io_setup(0x281, &(0x7f0000000100)=0x0) memfd_create(&(0x7f0000002bc0)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\x99K\xcd\xab\x1a\x034btY\xdb\v\x86\xca<\x02R\xd6a\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7\x80\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8\x88\'\x06f\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51\tz\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xc4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\x97\xad\xef~\x15\xfd\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\\L\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf1\xad&\x86\xcb\xf3\xad\x9e[\x8b\xc0\xd6\x1e\xe4N\x92\xf2\x905\xe0\x13\x90\xaeQ\xed\xea\xad\x9b\xcc\x9f\xc0P\xff_\xaa\xb2L\xf5\x1f\xc1\xa4[\xe51\xcb B*\xaa\a\x003\xc9\xae\x1f\x8c\xcdm\xb8\xce\x01\xdb\xaa\x1c\xc35\x16#\x04\xb7W4\xfd\'\xbe\x922\xde\xd6\x18\xf7`\xff\xfe%\x06\x02\xc6\x81Jr\x10\x88G\xea+^LA\x96\xed\x1d\xe1V\xbd\xebbyq\xd6\xb3', 0x7) io_submit(r3, 0x1, &(0x7f0000000a00)=[0x0]) r4 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382) r5 = memfd_create(&(0x7f0000000b80)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcf\xdf\xe3b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9vm)\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\xff\xff\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xc8\x1b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-\x1e\xf4\xd1\x02Dt\xc0\x1c\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x03\xb0\xef\xc7\x8c\x9e\xed\a\n0x0], 0x1}) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x2, 0x103442) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r2, 0x0, r5, 0x2, 0x80000, 0x7ffffffe, 0x9, 0x5, 0xd15, 0x10, 0xffff8001, 0x807}) 6.158602686s ago: executing program 2 (id=2218): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000340)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}, 0x100000}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, 0x0, 0x0) 6.099776507s ago: executing program 1 (id=2219): bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40080c0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@gettaction={0x14, 0x32, 0x801, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x880e) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x1, 0x0, @pic={0x8, 0x7, 0x8, 0x14, 0x2, 0x1, 0xc5, 0x9, 0x28, 0x2, 0x1, 0x95, 0xb, 0x8, 0x8e, 0x4}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 5.21305077s ago: executing program 2 (id=2222): ftruncate(0xffffffffffffffff, 0xc17a) r0 = syz_clone(0x10100000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() r1 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x9) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ptrace$pokeuser(0x6, r3, 0x358, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000ac0)={0xfffffffc, 0x0, 0x0, 'queue1\x00', 0xfffffbfc}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="24000000190001000000000000c3b2000a0000000003c8000000000008000600ffff"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x0) r4 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$rfkill(r4, &(0x7f0000000040), 0x8) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r5, r4, 0x0, 0x23b) r6 = getpid() sched_setscheduler(r6, 0x0, &(0x7f0000000200)=0x4000001) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") 5.21228654s ago: executing program 3 (id=2223): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f00000001c0)={0x5b42}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x262200, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x4, 0x30}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$bt_hci(r5, &(0x7f0000000180)=ANY=[@ANYBLOB="011c9bf2a79c0800"], 0x8) mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close(r2) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) fcntl$setstatus(r2, 0x4, 0x2000) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r6, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x4, @local}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0}}], 0x30}, 0x0) 3.986508289s ago: executing program 3 (id=2225): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000001780)='/dev/comedi4\x00', 0x80000, 0x0) ioctl$COMEDI_INSNLIST(r0, 0x8010640b, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x4000000, 0x0, 0x0, 0x4, 0x200}]}) 3.572819855s ago: executing program 1 (id=2227): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_DEP_LINK_UP(r0, 0x0, 0x4000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000005c0), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000600)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_INTERFACE(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000640)={0x1c, r2, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004844}, 0x4000000) 3.572519646s ago: executing program 3 (id=2228): syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000240)=ANY=[], 0x10}, 0x1, 0x0, 0x0, 0x24000850}, 0x40040) r1 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000100), 0x4) bpf$BPF_GET_MAP_INFO(0x3, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008040) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="00940a37", 0x4) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x8, 0x7fffffffffffffff, 0x3, 0x3c7125e8, 0xffffffffffffffff, 0x10, 0x8}, &(0x7f0000000340)={0xe970, 0x9, 0x7fffffffffffffff, 0x8000, 0x8, 0x5, 0x40bd9b76, 0x10001}, &(0x7f00000003c0)={0x5, 0x0, 0x6b, 0x7fffffffffffffff, 0x2, 0xc, 0x2, 0x4000000000}, &(0x7f0000000400)={0x0, 0x989680}, &(0x7f00000005c0)={&(0x7f0000000580)={[0x7fff]}, 0x8}) sendto$unix(0xffffffffffffffff, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643", 0xd4, 0x800, 0x0, 0x0) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r3, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) read(r4, &(0x7f0000000040)=""/148, 0xffffff96) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) 3.551865436s ago: executing program 4 (id=2229): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x328000, 0x1000}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000000)='4', 0x1}], 0x1) 3.493354257s ago: executing program 3 (id=2230): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5) r1 = openat$cgroup_ro(r0, &(0x7f0000000500)='cgroup.stat\x00', 0x0, 0x0) preadv2(r1, &(0x7f0000000000)=[{&(0x7f0000000280)=""/96, 0x60}], 0x1, 0xa15, 0xf, 0x4) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x2000000000000005, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000000c0)={0x18, 0x1, 0x0, "bb1e00000000008000000000cf0500063475de71000077a16c80b6db943400"}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$TCSETS2(r5, 0x402c542b, &(0x7f0000000080)={0xfffe7527, 0x10000, 0xefc9, 0x7f9, 0xb2, "20ab9809006ea4a7446c180000cd681ec267a0", 0x7, 0x200008}) ioctl$TIOCL_PASTESEL(r5, 0x541c, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, 0x0) 3.481413087s ago: executing program 1 (id=2231): mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4020000) socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'xfrm0\x00'}) r0 = socket$kcm(0x10, 0x2, 0x10) syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)}], 0x1, 0x0, 0x0, 0x600}, 0x4) openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) socket(0x10, 0x3, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r2, &(0x7f0000000200), 0x12) bind$x25(r1, &(0x7f0000000080), 0x12) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000700)={'bond0\x00'}) 3.376929818s ago: executing program 4 (id=2232): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000340)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}, 0x100000}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, 0x0, 0x0) 3.372264469s ago: executing program 1 (id=2233): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.23458906s ago: executing program 0 (id=2234): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f00000001c0)={0x4376ea830d45549b, 0x0, [0xffffffffffffffff, 0x8d, 0x20000006, 0x7fff, 0x8c45, 0x3, 0xfffffffffffffffc, 0x800000]}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000140)="36d0e866b8970000000f23c80f21f866350c00a0000f23f89d0f326635000400000f302e8dcc0f23742e3b5753baf80466b8f494f78e66efbafc0c66b83ac80000666fda6509", 0x46}], 0x1, 0x12, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.429317313s ago: executing program 0 (id=2235): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea95ec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf81700cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be3827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f969369de47422604e2fc5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293b6c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b612272d40f522d8c98c879aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbe71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd46dbd61627a2e0a74b5e6aefb7eee403502734137ff47a57f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a125e3af1130d66a7b66837ae7e7123dde7404a067ad0a6a2d6bec9411b61cad4121be3c72ff3a04713042253d438e7becf8120de3895b8ce974958bde39cb8da3427a2e9e2de936431e67fed5ab5684db07de39083d8948cc4c8a2608100000000000000000000aecb8b0b7941088f971ce17427eec32a012295cc0cdd32955176b6ad5a4bb953e58ccfa9428f452cfb5a48a9fda26db3985c8be3c2f99827da074825b01c4a3a71fb59d5798100000000000000c76b05a45d2dd8c20d971e2f3e4369168f5cb83d6ff3a18733fec726034fbfa95624135bee374414b2c8c61f52357a520efd6a10aff244bc8a62ed367981fb4d5d77f7bc093958ff46527499957da4934cd4b370cf76f72dd05fa80cdfb68c836fd81be7a58532e041a87f9222f157610a4bcdc05b2a55308c8e7568b90f7a338557e816a16972aea79dff5becefa6f9c5ce6c58fb38da9e7532dc53cfdc2e789b76f7d32aca1bfea2aa62621b78dded30fc07171866bf3d552900000000a32dda61eeda1750e157c2d569b9d08f583c0ee28daec2e8bb85f3c8e91c4448096ee953def18dc73e55cb30f9cd069d8780b00eaba382f0c3ae391c30a5f1b0f36dd0c2193b791995d2890327a10d7abac76d1202f72e97f0105184d7aaaab8d3e29c9a8d263f076b55cf53c5bb9c0662a3d19a6722d7f83ae4331d3256f90af0857788b380ccc3b266c418e66d1d756d5df6423dd0cea67bc235d3776d22270fc19301ead09f156893e9"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r2}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x24, 0x60000000}, 0x2c) 2.428830623s ago: executing program 4 (id=2236): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000200)={0x1000000d}) openat$cuse(0xffffffffffffff9c, &(0x7f0000001300), 0x2, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40186f40, &(0x7f0000000440)=0x1f) 2.202285966s ago: executing program 0 (id=2237): openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001300), 0x2, 0x0) read$FUSE(r2, &(0x7f0000001340)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r2, &(0x7f0000003740)={0xb8, 0x0, r3, [{{0x7, 0x2, 0x2, 0x7, 0x3, 0x9, {0x2, 0xfffffffffffff430, 0x5, 0x7, 0x1, 0x66c, 0x4, 0x10000, 0x5, 0x4000, 0x8, 0x0, r4, 0xfffffffb, 0x4}}, {0x6, 0x1, 0xc, 0x9, '/dev/video#\x00'}}]}, 0xb8) 2.201730846s ago: executing program 2 (id=2238): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, 0x0, 0x0, 0x5}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000440)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x452c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86}}}}}}}, 0xfdef) 1.752994723s ago: executing program 1 (id=2239): syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x48400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10) getresgid(0x0, &(0x7f0000000180), &(0x7f00000016c0)) mknod(&(0x7f0000000540)='./file1\x00', 0x0, 0x0) stat(&(0x7f0000000100)='./file1\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r4) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f00000002c0)=ANY=[@ANYBLOB="b7000000010003c3bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff0000000065040200000000ff2d400500000000003400000001ed00007b030000000000001d440000000000007a0a00fe00ffffffdb03000000000000b5000000000000009500000000000000023bc065b78111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e51815548000000000000000275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc00eec36574a8f6456e2ccae25ea21714eca8cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2400000000000000800643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d64364c82770c8204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f4720082f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eaeb883418f562ae00003ea96d10f172c0374d6eed826407000000000000004a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d851680f6f2f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f4ca2195234648e0a1ca50db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145eb6dc5f6a9037d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba583fef3ec7932f5954f31a878e2fae6691df8b4b7ecd27ce82f7df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d6d0355f3be6135425f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd0000000069ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac4b32fd691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a000000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa84feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae630b8234fb46351f5d7d68f93d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db1829f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc00956d2227db60c0a461ed2b3ecfb16d19037c8c88c91dda1f904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d680aa1af102d97681656bf56ff0674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ff6d4c5dbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ae7c5f58af43866ca64750f43e583ca1ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800"/2562], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) 1.507423737s ago: executing program 4 (id=2240): syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000240)=ANY=[], 0x10}, 0x1, 0x0, 0x0, 0x24000850}, 0x40040) r1 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000100), 0x4) bpf$BPF_GET_MAP_INFO(0x3, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008040) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="00940a37", 0x4) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x8, 0x7fffffffffffffff, 0x3, 0x3c7125e8, 0xffffffffffffffff, 0x10, 0x8}, &(0x7f0000000340)={0xe970, 0x9, 0x7fffffffffffffff, 0x8000, 0x8, 0x5, 0x40bd9b76, 0x10001}, &(0x7f00000003c0)={0x5, 0x0, 0x6b, 0x7fffffffffffffff, 0x2, 0xc, 0x2, 0x4000000000}, &(0x7f0000000400)={0x0, 0x989680}, &(0x7f00000005c0)={&(0x7f0000000580)={[0x7fff]}, 0x8}) sendto$unix(0xffffffffffffffff, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643", 0xd4, 0x800, 0x0, 0x0) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r3, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) read(r4, &(0x7f0000000040)=""/148, 0xffffff96) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) 367.189105ms ago: executing program 0 (id=2241): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c000000ff05ffff01"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r1}, 0x10) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) 340.319675ms ago: executing program 4 (id=2242): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0b000000080000000c000000ffbfffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 260.905776ms ago: executing program 3 (id=2243): mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4020000) socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'xfrm0\x00'}) r0 = socket$kcm(0x10, 0x2, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x18, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)}], 0x1, 0x0, 0x0, 0x600}, 0x4) openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) socket(0x10, 0x3, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r2, &(0x7f0000000200), 0x12) bind$x25(r1, &(0x7f0000000080), 0x12) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000700)={'bond0\x00'}) 228.403116ms ago: executing program 0 (id=2244): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40010) 179.350207ms ago: executing program 3 (id=2245): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x30) symlink(0x0, &(0x7f0000000240)='./file0/file1\x00') syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000002c0)={0x0, 0xffffffffffffffff, 'id0\x00'}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x48000, 0x0) socket(0x10, 0x3, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000002, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r6, 0x4048ae9b, &(0x7f00000001c0)={0x70003, 0x0, [0x7, 0xb, 0x2, 0x9, 0x7, 0x6, 0x3000000002, 0xffffffffffffffed]}) 96.990838ms ago: executing program 4 (id=2246): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 0s ago: executing program 0 (id=2247): socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ife={0x2c, 0x3, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb) connect$ax25(r3, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) r4 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={0xffffffffffffffff}, 0x106, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r5, 0x0, 0x3}}, 0x20) kernel console output (not intermixed with test programs): eth0_vlan entered promiscuous mode [ 57.077695][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 57.087822][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.096375][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.111498][ T4183] device veth1_macvtap entered promiscuous mode [ 57.121965][ T4192] device veth0_macvtap entered promiscuous mode [ 57.148591][ T4192] device veth1_macvtap entered promiscuous mode [ 57.158891][ T4184] device veth1_vlan entered promiscuous mode [ 57.172901][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.180928][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 57.189379][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 57.197757][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 57.206781][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.214776][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 57.223342][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.248338][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.279658][ T4185] device veth0_vlan entered promiscuous mode [ 57.288318][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.297049][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.306380][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 57.315623][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.338081][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.349516][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.360793][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.372459][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.384945][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.392679][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.400823][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 57.410631][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.419505][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.428643][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.437391][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.445848][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.454229][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.463114][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.475752][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 57.486388][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.496953][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.505187][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.514545][ T4184] device veth0_macvtap entered promiscuous mode [ 57.522922][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.533582][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.545853][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.553857][ T4185] device veth1_vlan entered promiscuous mode [ 57.563440][ T4183] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.572567][ T4183] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.581858][ T4183] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.591229][ T4183] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.605643][ T4184] device veth1_macvtap entered promiscuous mode [ 57.613113][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 57.621434][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 57.630166][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.639308][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.649093][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.658907][ T4189] device veth0_vlan entered promiscuous mode [ 57.678806][ T4192] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.687713][ T4192] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.696763][ T4192] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.706265][ T4192] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.737008][ T4189] device veth1_vlan entered promiscuous mode [ 57.760811][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 57.770802][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 57.807281][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.819813][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.830097][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.843963][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.857691][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.888226][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.907909][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.916631][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.925946][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.934670][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.943163][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.957031][ T4189] device veth0_macvtap entered promiscuous mode [ 57.976786][ T4185] device veth0_macvtap entered promiscuous mode [ 57.989488][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.000375][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.014035][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.025202][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.037124][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.046516][ T4189] device veth1_macvtap entered promiscuous mode [ 58.065639][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 58.077252][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 58.085911][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 58.093894][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 58.103155][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.116557][ T4185] device veth1_macvtap entered promiscuous mode [ 58.124259][ T4184] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.133744][ T4184] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.142821][ T4184] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.151866][ T4184] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.177466][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.186252][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.192658][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.204555][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.215817][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.226544][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.236800][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.247993][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.259199][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.292808][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 58.303072][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 58.311566][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 58.322050][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 58.337474][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.348039][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.358799][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.369531][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.380108][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.390741][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.402093][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.411008][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.422297][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.432544][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.443178][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.453620][ T4295] Bluetooth: hci2: command 0x040f tx timeout [ 58.453650][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.471357][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.481473][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.492759][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.503732][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.519677][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.531093][ T4263] Bluetooth: hci3: command 0x040f tx timeout [ 58.531386][ T4295] Bluetooth: hci4: command 0x040f tx timeout [ 58.545743][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.545903][ T4263] Bluetooth: hci1: command 0x040f tx timeout [ 58.555676][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.555693][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.555701][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.555712][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.555722][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.555733][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.557043][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.569027][ T4263] Bluetooth: hci0: command 0x040f tx timeout [ 58.638332][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 58.648234][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.658882][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 58.667819][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 58.676916][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 58.686338][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.697608][ T4185] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.706886][ T4185] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.716520][ T4185] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.725454][ T4185] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.746845][ T4189] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.757777][ T4189] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.766630][ T4189] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.775424][ T4189] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.798273][ T468] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.809235][ T468] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.822948][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 58.879327][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.890099][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.901609][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.960593][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.983319][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.009416][ T1273] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.031125][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.032294][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 59.047496][ T1273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.056050][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.059438][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 59.097685][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 59.208737][ T1273] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.255626][ T1273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.329475][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 59.534221][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 59.544830][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 59.553980][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 59.563006][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 59.572099][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 59.636674][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 59.738950][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 59.841112][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 59.945017][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 59.986833][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 60.014962][ T4303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.022975][ T4303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.031495][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.057399][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.058455][ T1273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.073637][ T1273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.087606][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.098759][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.107379][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.582414][ T4295] Bluetooth: hci2: command 0x0419 tx timeout [ 61.157662][ T4295] Bluetooth: hci1: command 0x0419 tx timeout [ 61.163760][ T4295] Bluetooth: hci3: command 0x0419 tx timeout [ 61.174544][ T4295] Bluetooth: hci4: command 0x0419 tx timeout [ 61.180644][ T4295] Bluetooth: hci0: command 0x0419 tx timeout [ 62.096505][ T4317] loop2: detected capacity change from 0 to 2048 [ 62.123763][ T4321] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8'. [ 62.369749][ T4321] netlink: 'syz.4.8': attribute type 12 has an invalid length. [ 62.397002][ T4321] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8'. [ 62.428115][ T4328] 9pnet_virtio: no channels available for device syz [ 62.560350][ T4321] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 62.569417][ T4321] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 62.578162][ T4321] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 62.586928][ T4321] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 62.640055][ T4321] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8'. [ 62.657893][ T4321] netlink: 'syz.4.8': attribute type 12 has an invalid length. [ 62.774606][ T4321] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8'. [ 62.856025][ T4321] Zero length message leads to an empty skb [ 64.218764][ T4327] team0 (unregistering): Port device team_slave_0 removed [ 64.260666][ T4350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11'. [ 64.311962][ T4327] team0 (unregistering): Port device team_slave_1 removed [ 67.471810][ T4364] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 68.019964][ T4373] process 'syz.0.19' launched './file0' with NULL argv: empty string added [ 68.103530][ T4361] syz.3.15 (4361): drop_caches: 2 [ 70.377191][ T4406] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 70.559153][ T4406] kvm: pic: non byte read [ 70.586992][ T4406] kvm: pic: level sensitive irq not supported [ 70.589389][ T4406] kvm: pic: non byte read [ 70.677009][ T1346] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 70.874444][ T1346] usb 4-1: device descriptor read/64, error -71 [ 71.152877][ T1346] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 71.320599][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.328260][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.824544][ T1346] usb 4-1: device descriptor read/64, error -71 [ 72.006893][ T1346] usb usb4-port1: attempt power cycle [ 72.714494][ T1346] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 73.369334][ T4421] syz.0.31 (4421): drop_caches: 2 [ 73.426569][ T4427] loop0: detected capacity change from 0 to 2048 [ 73.609264][ T1346] usb 4-1: device not accepting address 4, error -71 [ 74.408423][ T4433] overlayfs: unrecognized mount option "verity=on" or missing value [ 76.079830][ T4444] autofs4:pid:4444:autofs_fill_super: called with bogus options [ 77.074644][ T4442] sched: RT throttling activated [ 77.100370][ T1110] cfg80211: failed to load regulatory.db [ 77.165525][ T4448] lo speed is unknown, defaulting to 1000 [ 77.171447][ T4448] lo speed is unknown, defaulting to 1000 [ 77.178641][ T4448] lo speed is unknown, defaulting to 1000 [ 77.186795][ T4448] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 77.197719][ T4448] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 77.465123][ T4448] lo speed is unknown, defaulting to 1000 [ 77.471839][ T4448] lo speed is unknown, defaulting to 1000 [ 77.478263][ T4448] lo speed is unknown, defaulting to 1000 [ 77.484618][ T4448] lo speed is unknown, defaulting to 1000 [ 77.490999][ T4448] lo speed is unknown, defaulting to 1000 [ 78.611067][ T4458] loop4: detected capacity change from 0 to 64 [ 78.697148][ T4460] netlink: 128 bytes leftover after parsing attributes in process `syz.0.41'. [ 78.788053][ T4458] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop4 [ 78.896833][ T4458] loop4: detected capacity change from 0 to 1024 [ 79.008081][ T4458] hfsplus: unable to parse mount options [ 79.257063][ T4478] loop2: detected capacity change from 0 to 2048 [ 79.482155][ T4482] loop3: detected capacity change from 0 to 64 [ 80.119537][ T4482] ======================================================= [ 80.119537][ T4482] WARNING: The mand mount option has been deprecated and [ 80.119537][ T4482] and is ignored by this kernel. Remove the mand [ 80.119537][ T4482] option from the mount to silence this warning. [ 80.119537][ T4482] ======================================================= [ 80.164540][ T4482] hfs: unable to parse mount options [ 80.565415][ T4485] syz.1.49 uses obsolete (PF_INET,SOCK_PACKET) [ 81.380819][ T4495] loop3: detected capacity change from 0 to 64 [ 81.425205][ T4495] hfs: unable to parse mount options [ 83.696405][ T4517] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 83.751034][ T4519] autofs4:pid:4519:autofs_fill_super: called with bogus options [ 85.289163][ T4531] loop4: detected capacity change from 0 to 64 [ 85.669556][ T4531] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop4 [ 86.022825][ T4494] wlan1: Trigger new scan to find an IBSS to join [ 86.066449][ T4539] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 86.073124][ T4539] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 86.092695][ T4539] vhci_hcd vhci_hcd.0: Device attached [ 86.124528][ T4541] vhci_hcd: connection closed [ 86.131840][ T144] vhci_hcd: stop threads [ 86.159475][ T144] vhci_hcd: release socket [ 86.163965][ T144] vhci_hcd: disconnect device [ 87.502991][ T4554] loop0: detected capacity change from 0 to 2048 [ 88.321124][ T4562] netlink: 16 bytes leftover after parsing attributes in process `syz.3.71'. [ 90.776377][ T4423] wlan1: Trigger new scan to find an IBSS to join [ 91.090446][ T4590] loop1: detected capacity change from 0 to 64 [ 91.234904][ T4590] hfs: unable to parse mount options [ 91.566120][ T4591] autofs4:pid:4591:autofs_fill_super: called with bogus options [ 92.594146][ T4606] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 92.600669][ T4606] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 92.612575][ T4606] vhci_hcd vhci_hcd.0: Device attached [ 92.631198][ T4607] vhci_hcd: connection closed [ 92.632540][ T9] vhci_hcd: stop threads [ 92.641834][ T9] vhci_hcd: release socket [ 92.641869][ T9] vhci_hcd: disconnect device [ 92.708251][ T4423] wlan1: Creating new IBSS network, BSSID 62:4b:d3:2a:c9:63 [ 92.792576][ T4614] netlink: 'syz.1.82': attribute type 3 has an invalid length. [ 93.914490][ T4295] Bluetooth: hci3: command 0x0405 tx timeout [ 98.114488][ T7] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 98.954435][ T7] usb 2-1: Using ep0 maxpacket: 16 [ 99.094711][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.116760][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.143574][ T7] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 99.201465][ T7] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 99.225842][ T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.355775][ T7] usb 2-1: config 0 descriptor?? [ 100.108403][ T7] HID 045e:07da: Invalid code 65791 type 1 [ 100.163478][ T7] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0001/input/input5 [ 100.218128][ T7] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 100.379862][ T7] usb 2-1: USB disconnect, device number 2 [ 101.136231][ T4663] fido_id[4663]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 101.731210][ T26] audit: type=1326 audit(1752901940.832:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4673 comm="syz.3.99" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8bc27b99a9 code=0x0 [ 102.602426][ T4682] block nbd1: shutting down sockets [ 108.797917][ T4732] loop2: detected capacity change from 0 to 7 [ 111.112355][ T4732] Dev loop2: unable to read RDB block 7 [ 111.123440][ T4732] loop2: AHDI p2 p3 [ 111.235506][ T4732] loop2: partition table partially beyond EOD, truncated [ 111.349362][ T4732] loop2: p3 start 335544320 is beyond EOD, truncated [ 114.106926][ T4767] delete_channel: no stack [ 115.258219][ T4775] syz.4.129 (4775) used greatest stack depth: 20832 bytes left [ 119.434051][ T4832] autofs4:pid:4832:autofs_fill_super: called with bogus options [ 120.387576][ T4846] loop2: detected capacity change from 0 to 7 [ 120.404143][ T4189] Dev loop2: unable to read RDB block 7 [ 120.410263][ T4189] loop2: AHDI p2 p3 [ 120.414520][ T4189] loop2: partition table partially beyond EOD, truncated [ 120.424220][ T4189] loop2: p3 start 335544320 is beyond EOD, truncated [ 121.132291][ T4846] Dev loop2: unable to read RDB block 7 [ 121.138266][ T4846] loop2: AHDI p2 p3 [ 121.142177][ T4846] loop2: partition table partially beyond EOD, truncated [ 121.151851][ T4846] loop2: p3 start 335544320 is beyond EOD, truncated [ 122.717248][ T144] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 123.004471][ T4876] netlink: 24 bytes leftover after parsing attributes in process `syz.4.163'. [ 123.700358][ T4886] loop3: detected capacity change from 0 to 64 [ 123.774423][ T4887] syz.1.166 (4887): drop_caches: 2 [ 123.785550][ T4887] syz.1.166 (4887): drop_caches: 2 [ 123.948861][ T4886] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop3 [ 125.677968][ T4886] loop3: detected capacity change from 0 to 1024 [ 125.802099][ T4886] hfsplus: unable to parse mount options [ 126.717722][ T4904] delete_channel: no stack [ 129.496494][ T4942] comedi comedi3: comedi_parport: a I/O base address must be specified [ 130.749963][ T4954] loop1: detected capacity change from 0 to 64 [ 131.300272][ T4954] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop1 [ 131.995430][ T4954] loop1: detected capacity change from 0 to 1024 [ 132.355600][ T4954] hfsplus: unable to parse mount options [ 132.401337][ T4973] loop2: detected capacity change from 0 to 7 [ 132.436052][ T3561] Dev loop2: unable to read RDB block 7 [ 132.441645][ T3561] loop2: AHDI p2 p3 [ 132.449243][ T3561] loop2: partition table partially beyond EOD, truncated [ 132.462110][ T3561] loop2: p3 start 335544320 is beyond EOD, truncated [ 132.475542][ T3561] Dev loop2: unable to read RDB block 7 [ 132.482257][ T3561] loop2: AHDI p2 p3 [ 132.486631][ T3561] loop2: partition table partially beyond EOD, truncated [ 132.502891][ T3561] loop2: p3 start 335544320 is beyond EOD, truncated [ 132.594558][ T4973] Dev loop2: unable to read RDB block 7 [ 132.604596][ T4973] loop2: AHDI p2 p3 [ 132.614086][ T4973] loop2: partition table partially beyond EOD, truncated [ 132.623376][ T4973] loop2: p3 start 335544320 is beyond EOD, truncated [ 133.287643][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.296201][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.567601][ T4988] ax25_connect(): syz.1.195 uses autobind, please contact jreuter@yaina.de [ 135.686242][ T5001] syz.0.201 (5001): drop_caches: 2 [ 135.693559][ T5001] syz.0.201 (5001): drop_caches: 2 [ 137.753017][ T5017] loop1: detected capacity change from 0 to 64 [ 138.105031][ T5017] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop1 [ 140.689603][ T5022] delete_channel: no stack [ 141.300687][ T5054] loop4: detected capacity change from 0 to 64 [ 142.052074][ T5047] loop0: detected capacity change from 0 to 4096 [ 142.166977][ T5054] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop4 [ 142.285699][ T5054] loop4: detected capacity change from 0 to 1024 [ 142.365463][ T5054] hfsplus: unable to parse mount options [ 142.449103][ T5066] overlayfs: unrecognized mount option "verity=on" or missing value [ 146.534062][ T5090] syz.3.227 (5090): drop_caches: 2 [ 146.541784][ T5090] syz.3.227 (5090): drop_caches: 2 [ 148.447958][ T5109] loop2: detected capacity change from 0 to 64 [ 148.461744][ T5110] overlayfs: unrecognized mount option "verity=on" or missing value [ 148.629278][ T5109] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop2 [ 150.609996][ T5132] loop4: detected capacity change from 0 to 2048 [ 153.163435][ T5154] fuse: Bad value for 'group_id' [ 153.948287][ T154] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 157.751836][ T5191] device vti0 entered promiscuous mode [ 161.220327][ T26] audit: type=1326 audit(1752902000.322:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5220 comm="syz.3.262" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8bc27b99a9 code=0x0 [ 162.515940][ T5238] loop2: detected capacity change from 0 to 64 [ 162.573629][ T5238] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop2 [ 168.700885][ T5266] delete_channel: no stack [ 168.714501][ T5291] netlink: 16 bytes leftover after parsing attributes in process `syz.2.282'. [ 168.768753][ T5290] loop4: detected capacity change from 0 to 64 [ 169.084566][ T5290] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop4 [ 172.317176][ T5315] autofs4:pid:5315:autofs_fill_super: called with bogus options [ 174.443466][ T5323] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 174.450000][ T5323] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 174.474209][ T5323] vhci_hcd vhci_hcd.0: Device attached [ 174.494574][ T5324] vhci_hcd: connection closed [ 174.499610][ T4277] vhci_hcd: stop threads [ 174.535625][ T4277] vhci_hcd: release socket [ 174.540085][ T4277] vhci_hcd: disconnect device [ 175.065540][ T5337] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 175.180162][ T5339] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.205119][ T5339] bond0: (slave rose0): Enslaving as an active interface with an up link [ 175.213899][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 175.344403][ T4298] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 175.545330][ T5350] overlayfs: unrecognized mount option "verity=on" or missing value [ 176.367666][ T4174] Bluetooth: hci1: command 0x0406 tx timeout [ 176.395223][ T4313] Bluetooth: hci0: command 0x0406 tx timeout [ 176.412209][ T4174] Bluetooth: hci4: command 0x0406 tx timeout [ 176.449631][ T4174] Bluetooth: hci2: command 0x0406 tx timeout [ 176.456455][ T4298] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 176.496571][ T4298] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 176.989161][ T4298] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 177.032740][ T4298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 177.041658][ T4298] usb 4-1: SerialNumber: syz [ 177.105479][ T4298] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 177.218055][ T5363] loop4: detected capacity change from 0 to 64 [ 177.222383][ T4298] cdc_acm: probe of 4-1:1.0 failed with error -12 [ 177.334666][ T5372] afs: Unknown parameter '€' [ 177.663985][ T4313] usb 4-1: USB disconnect, device number 6 [ 177.672371][ T5363] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop4 [ 178.684243][ T5363] loop4: detected capacity change from 0 to 1024 [ 178.710828][ T5363] hfsplus: unable to parse mount options [ 179.901078][ T5407] ax25_connect(): syz.0.310 uses autobind, please contact jreuter@yaina.de [ 179.915905][ T5399] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 179.922434][ T5399] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 179.930234][ T5399] vhci_hcd vhci_hcd.0: Device attached [ 179.965266][ T5405] vhci_hcd: connection closed [ 179.965636][ T4310] vhci_hcd: stop threads [ 179.985068][ T5414] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 180.001286][ T4310] vhci_hcd: release socket [ 180.021667][ T4310] vhci_hcd: disconnect device [ 180.311265][ T5418] overlayfs: unrecognized mount option "verity=on" or missing value [ 183.095343][ T5440] afs: Unknown parameter '€' [ 184.523955][ T5451] loop3: detected capacity change from 0 to 64 [ 184.687828][ T5451] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop3 [ 184.794657][ T4665] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 185.185095][ T4665] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 185.254957][ T4665] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 185.514788][ T4665] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 185.605078][ T4665] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 185.613101][ T4665] usb 1-1: SerialNumber: syz [ 186.411266][ T4310] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 186.634526][ T5469] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 186.641066][ T5469] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 186.649087][ T5469] vhci_hcd vhci_hcd.0: Device attached [ 187.556556][ T4665] usb 1-1: can't set config #1, error -71 [ 187.566741][ T4665] usb 1-1: USB disconnect, device number 2 [ 187.609872][ T5476] fuse: Unknown parameter 'grou00000000000000000000' [ 188.229106][ T21] usb 35-1: new high-speed USB device number 2 using vhci_hcd [ 189.394819][ T5489] afs: Unknown parameter '€' [ 190.878263][ T5470] vhci_hcd: connection reset by peer [ 190.904561][ T4358] vhci_hcd: stop threads [ 190.909096][ T4358] vhci_hcd: release socket [ 190.919833][ T4358] vhci_hcd: disconnect device [ 192.897729][ T5524] fuse: Unknown parameter 'grou00000000000000000000' [ 193.184489][ T4665] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 194.259888][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.330761][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.557623][ T4665] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 194.570670][ T4665] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 194.657715][ T4665] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 194.669262][ T4665] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 194.681138][ T4665] usb 4-1: SerialNumber: syz [ 194.760317][ T5541] afs: Unknown parameter 'dy' [ 194.769500][ T4665] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 194.791286][ T4665] cdc_acm: probe of 4-1:1.0 failed with error -12 [ 194.972080][ T4665] usb 4-1: USB disconnect, device number 7 [ 195.634513][ T21] vhci_hcd: vhci_device speed not set [ 196.153427][ T5547] overlayfs: unrecognized mount option "verity=on" or missing value [ 197.050763][ T26] audit: type=1326 audit(1752902036.152:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5551 comm="syz.3.348" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8bc27b99a9 code=0x0 [ 198.487610][ T5571] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 200.510171][ T5592] loop2: detected capacity change from 0 to 7 [ 200.880904][ T4174] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 202.096414][ T5592] Dev loop2: unable to read RDB block 7 [ 202.190579][ T5592] loop2: unable to read partition table [ 202.215291][ T5592] loop2: partition table beyond EOD, truncated [ 202.277421][ T5597] fuse: Unknown parameter 'group_i00000000000000000000' [ 202.285385][ T5592] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 204.344450][ T4174] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 204.352297][ T4174] usb 4-1: can't read configurations, error -71 [ 204.493107][ T26] audit: type=1326 audit(1752902043.592:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5622 comm="syz.4.366" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff59c7ec9a9 code=0x0 [ 205.850528][ T5644] syz.2.369 (5644): drop_caches: 2 [ 205.881870][ T5644] syz.2.369 (5644): drop_caches: 2 [ 206.856357][ T5649] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 206.863043][ T5649] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 206.874455][ T5649] vhci_hcd vhci_hcd.0: Device attached [ 207.008587][ T5652] fuse: Unknown parameter 'group_i00000000000000000000' [ 207.154643][ T4665] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 207.525270][ T5650] vhci_hcd: connection reset by peer [ 207.532485][ T4494] vhci_hcd: stop threads [ 207.539555][ T4494] vhci_hcd: release socket [ 207.598535][ T4494] vhci_hcd: disconnect device [ 208.552795][ T5670] loop2: detected capacity change from 0 to 64 [ 208.669346][ T5670] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop2 [ 209.465204][ T5670] loop2: detected capacity change from 0 to 1024 [ 209.585071][ T5670] hfsplus: unable to parse mount options [ 211.659987][ T26] audit: type=1326 audit(1752902050.762:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.2.381" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5d966c19a9 code=0x0 [ 211.744745][ T4295] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 211.883545][ T5694] fuse: Unknown parameter 'group_i00000000000000000000' [ 211.896587][ T5695] overlayfs: unrecognized mount option "verity=on" or missing value [ 212.275109][ T4665] vhci_hcd: vhci_device speed not set [ 212.634636][ T4295] usb 4-1: unable to read config index 0 descriptor/all [ 212.758497][ T4295] usb 4-1: can't read configurations, error -71 [ 212.987851][ T5704] loop3: detected capacity change from 0 to 4096 [ 213.730625][ T5707] delete_channel: no stack [ 215.502882][ T5727] loop4: detected capacity change from 0 to 64 [ 215.583273][ T5730] syz.2.393 (5730): drop_caches: 2 [ 215.597905][ T5730] syz.2.393 (5730): drop_caches: 2 [ 215.648445][ T5727] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop4 [ 215.811252][ T5733] fuse: Unknown parameter 'group_id00000000000000000000' [ 215.956002][ T5736] loop2: detected capacity change from 0 to 7 [ 215.975292][ T5736] Dev loop2: unable to read RDB block 7 [ 216.000783][ T5736] loop2: AHDI p2 [ 216.019388][ T5736] loop2: partition table partially beyond EOD, truncated [ 216.213966][ T5742] overlayfs: unrecognized mount option "verity=on" or missing value [ 216.554457][ T4313] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 218.214622][ T4313] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 218.402295][ T4313] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 218.615345][ T4313] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 218.680248][ T4313] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 218.821134][ T4313] usb 5-1: SerialNumber: syz [ 218.962388][ T4313] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 219.020370][ T4313] cdc_acm: probe of 5-1:1.0 failed with error -12 [ 219.229992][ T4313] usb 5-1: USB disconnect, device number 2 [ 219.328875][ T26] audit: type=1326 audit(1752902058.432:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5752 comm="syz.3.400" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8bc27b99a9 code=0x0 [ 221.303416][ T5762] delete_channel: no stack [ 221.310133][ T4394] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 221.493347][ T5773] syz.4.405 (5773): drop_caches: 2 [ 221.502084][ T5773] syz.4.405 (5773): drop_caches: 2 [ 222.222354][ T5774] loop0: detected capacity change from 0 to 64 [ 222.330410][ T5774] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop0 [ 222.411196][ T5779] loop2: detected capacity change from 0 to 2048 [ 222.463768][ T5772] loop0: detected capacity change from 0 to 1024 [ 222.474547][ T5782] overlayfs: unrecognized mount option "verity=on" or missing value [ 222.505749][ T5772] hfsplus: unable to parse mount options [ 223.048583][ T5789] fuse: Unknown parameter 'group_id00000000000000000000' [ 223.424605][ T7] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 224.814698][ T7] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 224.881021][ T7] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 225.794404][ T7] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 225.794457][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 225.794474][ T7] usb 1-1: SerialNumber: syz [ 225.868964][ T7] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 225.869126][ T7] cdc_acm: probe of 1-1:1.0 failed with error -12 [ 225.880138][ T5806] loop2: detected capacity change from 0 to 7 [ 225.882632][ T5806] Dev loop2: unable to read RDB block 7 [ 225.882660][ T5806] loop2: AHDI p2 [ 225.882672][ T5806] loop2: partition table partially beyond EOD, truncated [ 227.044143][ T21] usb 1-1: USB disconnect, device number 3 [ 227.086873][ T26] audit: type=1326 audit(1752902066.192:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5818 comm="syz.4.419" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff59c7ec9a9 code=0x0 [ 227.293618][ T5824] syz.2.420 (5824): drop_caches: 2 [ 227.304959][ T5824] syz.2.420 (5824): drop_caches: 2 [ 228.079402][ T5829] loop2: detected capacity change from 0 to 64 [ 228.199944][ T5831] overlayfs: unrecognized mount option "verity=on" or missing value [ 228.224630][ T5829] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop2 [ 229.033921][ T5829] loop2: detected capacity change from 0 to 1024 [ 229.316578][ T5829] hfsplus: unable to parse mount options [ 231.172926][ T5861] device vti0 entered promiscuous mode [ 231.247985][ T5859] loop3: detected capacity change from 0 to 2048 [ 231.410293][ T5868] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 231.416842][ T5868] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 231.425195][ T5868] vhci_hcd vhci_hcd.0: Device attached [ 231.704620][ T5796] usb 41-1: new high-speed USB device number 3 using vhci_hcd [ 232.441697][ T5869] vhci_hcd: connection reset by peer [ 232.449118][ T4337] vhci_hcd: stop threads [ 232.456122][ T4337] vhci_hcd: release socket [ 232.977052][ T4337] vhci_hcd: disconnect device [ 233.054913][ T5872] syz.2.433 (5872): drop_caches: 2 [ 233.062569][ T5872] syz.2.433 (5872): drop_caches: 2 [ 233.320233][ T5878] fuse: Bad value for 'user_id' [ 235.863273][ T5906] loop0: detected capacity change from 0 to 64 [ 235.882855][ T5906] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop0 [ 236.125806][ T5906] loop0: detected capacity change from 0 to 1024 [ 236.217139][ T5916] autofs4:pid:5916:autofs_fill_super: called with bogus options [ 236.744493][ T5906] hfsplus: unable to parse mount options [ 236.832400][ T5918] syz.2.447 (5918): drop_caches: 2 [ 236.848035][ T5918] syz.2.447 (5918): drop_caches: 2 [ 237.294869][ T5911] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 237.301423][ T5911] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 237.697875][ T5911] vhci_hcd vhci_hcd.0: Device attached [ 237.704513][ T5925] fuse: Bad value for 'user_id' [ 237.787859][ T5921] vhci_hcd: connection reset by peer [ 237.800538][ T468] vhci_hcd: stop threads [ 237.805190][ T468] vhci_hcd: release socket [ 237.838718][ T468] vhci_hcd: disconnect device [ 237.908515][ T5796] vhci_hcd: vhci_device speed not set [ 239.161428][ T26] audit: type=1326 audit(1752902078.262:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5946 comm="syz.2.457" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5d966c19a9 code=0x0 [ 239.516662][ T5957] autofs4:pid:5957:autofs_fill_super: called with bogus options [ 240.565176][ T5967] fuse: Bad value for 'fd' [ 242.169595][ T5976] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 242.176220][ T5976] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 242.372276][ T5976] vhci_hcd vhci_hcd.0: Device attached [ 242.424598][ T5977] vhci_hcd: connection closed [ 242.424777][ T468] vhci_hcd: stop threads [ 242.434069][ T468] vhci_hcd: release socket [ 242.559615][ T468] vhci_hcd: disconnect device [ 243.298038][ T4229] usb 35-1: new high-speed USB device number 3 using vhci_hcd [ 243.314332][ T4229] usb 35-1: enqueue for inactive port 0 [ 243.394670][ T4229] vhci_hcd: vhci_device speed not set [ 247.464828][ T4174] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 248.247168][ T4174] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 248.258266][ T4174] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 249.479995][ T4174] usb 3-1: string descriptor 0 read error: -71 [ 249.488360][ T4174] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 249.503947][ T4174] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 249.554580][ T4174] usb 3-1: can't set config #1, error -71 [ 249.635265][ T4174] usb 3-1: USB disconnect, device number 2 [ 250.001850][ T6041] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 250.008561][ T6041] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 250.060387][ T6038] loop0: detected capacity change from 0 to 4096 [ 250.114454][ T6041] vhci_hcd vhci_hcd.0: Device attached [ 250.246077][ T6048] syz.3.485 (6048): drop_caches: 2 [ 250.271401][ T6048] syz.3.485 (6048): drop_caches: 2 [ 250.934374][ T5796] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 251.026219][ T6042] vhci_hcd: connection reset by peer [ 251.032452][ T4337] vhci_hcd: stop threads [ 251.055675][ T4337] vhci_hcd: release socket [ 251.085865][ T4337] vhci_hcd: disconnect device [ 251.237016][ T6057] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 252.177023][ T6060] overlayfs: unrecognized mount option "verity=on" or missing value [ 252.348554][ T4494] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 255.637239][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.643782][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.534385][ T5796] vhci_hcd: vhci_device speed not set [ 257.643611][ T6102] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 257.650252][ T6102] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 257.698611][ T6102] vhci_hcd vhci_hcd.0: Device attached [ 257.720580][ T6106] vhci_hcd: connection closed [ 257.724535][ T4329] vhci_hcd: stop threads [ 257.733573][ T4329] vhci_hcd: release socket [ 257.756821][ T4329] vhci_hcd: disconnect device [ 258.073243][ T6114] loop2: detected capacity change from 0 to 2048 [ 258.474289][ C1] hrtimer: interrupt took 48631 ns [ 260.122381][ T6143] loop4: detected capacity change from 0 to 64 [ 260.685536][ T6143] hfs: unable to parse mount options [ 260.793262][ T6141] device vti0 entered promiscuous mode [ 261.614461][ T6154] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 261.621195][ T6154] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 261.640903][ T6154] vhci_hcd vhci_hcd.0: Device attached [ 261.904420][ T4174] usb 35-1: new high-speed USB device number 4 using vhci_hcd [ 262.256610][ T6156] vhci_hcd: connection reset by peer [ 262.343626][ T6163] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 262.361037][ T6163] ubi31: attaching mtd0 [ 262.375129][ T6163] ubi31: scanning is finished [ 262.380031][ T6163] ubi31: empty MTD device detected [ 262.666012][ T4494] vhci_hcd: stop threads [ 262.670339][ T4494] vhci_hcd: release socket [ 262.777455][ T6163] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 262.865170][ T4494] vhci_hcd: disconnect device [ 264.573040][ T6183] loop1: detected capacity change from 0 to 64 [ 264.796724][ T6183] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop1 [ 265.692101][ T6183] loop1: detected capacity change from 0 to 1024 [ 265.754022][ T6183] hfsplus: unable to parse mount options [ 266.048691][ T6205] loop2: detected capacity change from 0 to 64 [ 267.145262][ T4174] vhci_hcd: vhci_device speed not set [ 267.315805][ T6205] hfs: unable to parse mount options [ 268.741831][ T6223] loop2: detected capacity change from 0 to 2048 [ 268.884384][ T4228] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 269.254561][ T4228] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 269.264870][ T4228] usb 4-1: config 0 has no interface number 0 [ 269.276296][ T4228] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 269.292939][ T4228] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.315133][ T4228] usb 4-1: config 0 descriptor?? [ 269.367528][ T4228] usb 4-1: selecting invalid altsetting 1 [ 269.381806][ T4228] dvb_ttusb_budget: ttusb_init_controller: error [ 269.410484][ T4228] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 269.705645][ T4228] DVB: Unable to find symbol cx22700_attach() [ 271.100911][ T4228] DVB: Unable to find symbol tda10046_attach() [ 271.126136][ T4228] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 271.182964][ T4228] usb 4-1: USB disconnect, device number 12 [ 271.190191][ T6246] loop0: detected capacity change from 0 to 64 [ 271.269014][ T6246] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop0 [ 271.384421][ T6246] loop0: detected capacity change from 0 to 1024 [ 271.440816][ T6246] hfsplus: unable to parse mount options [ 274.094071][ T6276] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 274.919667][ T6284] syz.2.546 (6284): drop_caches: 2 [ 274.948748][ T6284] syz.2.546 (6284): drop_caches: 2 [ 275.853540][ T6292] overlayfs: unrecognized mount option "verity=on" or missing value [ 276.803256][ T6297] ubi31: attaching mtd0 [ 276.810320][ T6297] ubi31: scanning is finished [ 277.757313][ T6297] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 277.894903][ T7] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 278.274499][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 278.300625][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 278.325438][ T7] usb 5-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00 [ 278.351589][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.374159][ T7] usb 5-1: config 0 descriptor?? [ 279.709642][ T7] hid-generic 0003:0C70:F00B.0002: unknown main item tag 0x0 [ 279.717774][ T7] hid-generic 0003:0C70:F00B.0002: item fetching failed at offset 5/7 [ 279.895516][ T7] hid-generic: probe of 0003:0C70:F00B.0002 failed with error -22 [ 279.942881][ T7] usb 5-1: USB disconnect, device number 3 [ 280.174963][ T6326] syz.2.559 (6326): drop_caches: 2 [ 280.850364][ T6326] syz.2.559 (6326): drop_caches: 2 [ 281.050047][ T6332] overlayfs: unrecognized mount option "verity=on" or missing value [ 283.752353][ T6362] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 284.983247][ T4394] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 285.070699][ T6347] netlink: 48 bytes leftover after parsing attributes in process `syz.4.567'. [ 285.160196][ T6373] fuse: Bad value for 'rootmode' [ 285.639437][ T6368] lo speed is unknown, defaulting to 1000 [ 286.030059][ T6380] overlayfs: unrecognized mount option "verity=on" or missing value [ 286.057795][ T6369] lo speed is unknown, defaulting to 1000 [ 286.914140][ T6397] netlink: 'syz.4.579': attribute type 3 has an invalid length. [ 288.279602][ T6407] fuse: Bad value for 'rootmode' [ 288.343259][ T6410] overlayfs: unrecognized mount option "verity=on" or missing value [ 288.603694][ T6414] overlayfs: conflicting options: userxattr,redirect_dir=on [ 290.366426][ T6444] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 290.379360][ T6444] ubi31: attaching mtd0 [ 290.917405][ T6444] ubi31: scanning is finished [ 290.939694][ T6444] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 290.947380][ T6444] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 290.954753][ T6444] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 290.962137][ T6444] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 290.969623][ T6444] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 290.976533][ T6444] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 290.984609][ T6444] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3614748853 [ 290.994727][ T6444] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 291.064285][ T6446] ubi31: background thread "ubi_bgt31d" started, PID 6446 [ 291.110279][ T6451] fuse: Bad value for 'rootmode' [ 291.607838][ T6461] loop1: detected capacity change from 0 to 64 [ 292.001996][ T6461] hfs: unable to parse mount options [ 292.384179][ T6463] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 294.689302][ T6492] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 294.708581][ T6492] ubi: mtd0 is already attached to ubi31 [ 298.125065][ T4263] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 298.193611][ T4263] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 298.201954][ T4263] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 298.242048][ T4263] hid-generic 0003:0004:0000.0003: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 298.385647][ T6519] fido_id[6519]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 298.642554][ T6526] overlayfs: unrecognized mount option "verity=on" or missing value [ 299.089280][ T6540] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 299.100605][ T6540] ubi: mtd0 is already attached to ubi31 [ 303.114403][ T5796] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 305.354797][ T5796] usb 5-1: New USB device found, idVendor=1934, idProduct=0706, bcdDevice=e2.9e [ 305.372887][ T5796] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.381413][ T5796] usb 5-1: Product: syz [ 305.386127][ T5796] usb 5-1: Manufacturer: syz [ 305.391178][ T5796] usb 5-1: SerialNumber: syz [ 305.409255][ T5796] usb 5-1: config 0 descriptor?? [ 305.457473][ T5796] f81232 5-1:0.0: f81232 converter detected [ 305.492337][ T5796] usb 5-1: f81232 converter now attached to ttyUSB0 [ 305.595739][ T1110] usb 5-1: USB disconnect, device number 4 [ 305.629889][ T1110] f81232 ttyUSB0: f81232 converter now disconnected from ttyUSB0 [ 305.694398][ T1107] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 305.821014][ T1110] f81232 5-1:0.0: device disconnected [ 306.458433][ T6581] delete_channel: no stack [ 306.484367][ T1107] usb 4-1: Using ep0 maxpacket: 8 [ 306.604559][ T1107] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 306.628298][ T1107] usb 4-1: config 0 has no interface number 0 [ 306.890088][ T1107] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 307.050186][ T1107] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 307.063297][ T1107] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 307.078805][ T1107] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 307.088490][ T1107] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.110747][ T1107] usb 4-1: config 0 descriptor?? [ 307.170698][ T1107] ldusb 4-1:0.55: Interrupt in endpoint not found [ 307.831589][ T1107] usb 4-1: USB disconnect, device number 13 [ 308.045358][ T26] audit: type=1326 audit(1752902147.152:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6602 comm="syz.4.648" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff59c7ec9a9 code=0x0 [ 309.096954][ T4228] Bluetooth: hci3: command 0x0406 tx timeout [ 310.606287][ T6619] overlayfs: unrecognized mount option "verity=on" or missing value [ 310.680191][ T6622] fuse: Unknown parameter 'user_i00000000000000000000' [ 311.711682][ T6640] loop4: detected capacity change from 0 to 64 [ 311.751376][ T6640] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop4 [ 312.881163][ T6651] overlayfs: unrecognized mount option "verity=on" or missing value [ 313.429877][ T6657] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 313.439097][ T6657] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0 [ 313.934327][ T4228] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 314.394408][ T4228] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 314.408062][ T4228] usb 3-1: config 0 has no interface number 0 [ 314.452680][ T4228] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 314.483641][ T4228] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.555139][ T4228] usb 3-1: config 0 descriptor?? [ 314.595530][ T4228] usb 3-1: selecting invalid altsetting 1 [ 314.636852][ T4228] dvb_ttusb_budget: ttusb_init_controller: error [ 314.654346][ T4228] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 315.069525][ T6678] netlink: 220 bytes leftover after parsing attributes in process `syz.3.672'. [ 315.153840][ T6681] loop4: detected capacity change from 0 to 64 [ 315.211131][ T4228] DVB: Unable to find symbol cx22700_attach() [ 315.262960][ T4228] DVB: Unable to find symbol tda10046_attach() [ 315.269487][ T4228] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 315.280548][ T6681] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop4 [ 315.310879][ T4228] usb 3-1: USB disconnect, device number 3 [ 315.453854][ T6681] loop4: detected capacity change from 0 to 1024 [ 315.515998][ T6681] hfsplus: unable to parse mount options [ 315.914023][ T6692] syz.0.676 (6692): drop_caches: 2 [ 315.922160][ T6692] syz.0.676 (6692): drop_caches: 2 [ 316.551231][ T4310] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 316.831427][ T6699] overlayfs: unrecognized mount option "verity=on" or missing value [ 317.116841][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.326585][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.116882][ T6718] netlink: 16 bytes leftover after parsing attributes in process `syz.4.685'. [ 318.171045][ T6718] netlink: 5 bytes leftover after parsing attributes in process `syz.4.685'. [ 318.306631][ T6723] netlink: 'syz.0.686': attribute type 10 has an invalid length. [ 318.658426][ T6723] device veth1_macvtap left promiscuous mode [ 321.039916][ T6754] overlayfs: unrecognized mount option "verity=on" or missing value [ 322.701167][ T6775] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 322.718652][ T6775] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 322.734770][ T6775] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 323.130307][ T6775] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 324.566629][ T6775] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 324.677215][ C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 324.687569][ C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 324.756469][ C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 324.766680][ C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 324.776830][ C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 324.786935][ C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 324.916311][ C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 324.926476][ C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 324.936662][ C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 324.946817][ C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 324.981596][ T6775] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 325.027438][ T6775] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 325.082400][ T6797] overlayfs: unrecognized mount option "verity=on" or missing value [ 326.661034][ T6817] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 326.672970][ T6817] ubi: mtd0 is already attached to ubi31 [ 330.944504][ T6861] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 330.955972][ T6861] ubi: mtd0 is already attached to ubi31 [ 332.286827][ T6878] syz.3.734 (6878): drop_caches: 2 [ 332.296867][ T6878] syz.3.734 (6878): drop_caches: 2 [ 332.664457][ T1107] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 333.321556][ T6887] syz.2.737 (6887): drop_caches: 2 [ 333.336306][ T6887] syz.2.737 (6887): drop_caches: 2 [ 333.404819][ T1107] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 333.684015][ T1107] usb 1-1: config 0 has no interface number 0 [ 333.706145][ T1107] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 333.748194][ T1107] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.801320][ T1107] usb 1-1: config 0 descriptor?? [ 333.855708][ T1107] usb 1-1: selecting invalid altsetting 1 [ 333.868164][ T1107] dvb_ttusb_budget: ttusb_init_controller: error [ 333.883822][ T1107] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 333.930214][ T6895] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 334.248345][ T1107] DVB: Unable to find symbol cx22700_attach() [ 334.456134][ T1107] DVB: Unable to find symbol tda10046_attach() [ 334.469000][ T1107] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 334.559153][ T1107] usb 1-1: USB disconnect, device number 4 [ 335.427036][ T6912] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 335.438616][ T6912] ubi: mtd0 is already attached to ubi31 [ 337.769927][ T6931] loop1: detected capacity change from 0 to 64 [ 337.832630][ T6931] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop1 [ 337.897238][ T6931] loop1: detected capacity change from 0 to 1024 [ 337.908951][ T6931] hfsplus: unable to parse mount options [ 338.281117][ T6938] ubi: mtd0 is already attached to ubi31 [ 339.550245][ T6941] delete_channel: no stack [ 339.653350][ T6955] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 339.664736][ T6955] ubi: mtd0 is already attached to ubi31 [ 340.469654][ T6965] netlink: 16 bytes leftover after parsing attributes in process `syz.4.761'. [ 341.271957][ T6969] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 343.175905][ T6995] ubi: mtd0 is already attached to ubi31 [ 343.964306][ T1110] Bluetooth: hci3: command 0x0405 tx timeout [ 347.054334][ T21] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 348.981600][ T4337] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 349.672559][ T7047] ax25_connect(): syz.0.780 uses autobind, please contact jreuter@yaina.de [ 349.684498][ T7047] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 351.661153][ T7071] ax25_connect(): syz.0.785 uses autobind, please contact jreuter@yaina.de [ 351.994500][ T1107] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 354.244440][ T1107] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 354.274357][ T1107] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 354.319765][ T7077] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 354.374502][ T1107] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 354.424364][ T1107] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 354.441509][ T1107] usb 3-1: SerialNumber: syz [ 354.496036][ T1107] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 354.514516][ T1107] cdc_acm: probe of 3-1:1.0 failed with error -12 [ 355.111624][ T1107] usb 3-1: USB disconnect, device number 4 [ 357.772567][ T7106] ubi: mtd0 is already attached to ubi31 [ 358.523310][ T7109] ax25_connect(): syz.0.796 uses autobind, please contact jreuter@yaina.de [ 358.535172][ T7109] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 361.733366][ T7148] loop0: detected capacity change from 0 to 64 [ 361.993863][ T7148] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop0 [ 362.424983][ T7148] loop0: detected capacity change from 0 to 1024 [ 362.460364][ T7161] ax25_connect(): syz.4.812 uses autobind, please contact jreuter@yaina.de [ 362.474721][ T7161] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 362.563569][ T7148] hfsplus: unable to parse mount options [ 363.874563][ T1110] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 364.434370][ T1110] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 364.442519][ T1110] usb 2-1: config 0 has no interface number 0 [ 364.463890][ T1110] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 364.474365][ T1110] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.498748][ T1110] usb 2-1: config 0 descriptor?? [ 364.550685][ T1110] usb 2-1: selecting invalid altsetting 1 [ 364.562353][ T1110] dvb_ttusb_budget: ttusb_init_controller: error [ 364.667145][ T1110] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 365.667045][ T7188] fuse: Unknown parameter '0x0000000000000004' [ 365.945207][ T1110] DVB: Unable to find symbol cx22700_attach() [ 366.657547][ T1110] DVB: Unable to find symbol tda10046_attach() [ 366.663738][ T1110] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 366.750583][ T1110] usb 2-1: USB disconnect, device number 3 [ 366.877645][ T4504] udevd[4504]: setting owner of /dev/bus/usb/002/003 to uid=0, gid=0 failed: No such file or directory [ 366.959335][ T7208] ax25_connect(): syz.0.825 uses autobind, please contact jreuter@yaina.de [ 366.989558][ T7208] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 368.477973][ T7220] loop4: detected capacity change from 0 to 64 [ 368.651747][ T7220] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop4 [ 369.468674][ T7220] loop4: detected capacity change from 0 to 1024 [ 369.476928][ T7230] overlayfs: missing 'lowerdir' [ 369.585183][ T7220] hfsplus: unable to parse mount options [ 370.071218][ T7246] ubi: mtd0 is already attached to ubi31 [ 370.819040][ T7255] fuse: Unknown parameter '0x0000000000000004' [ 373.101382][ T7274] overlayfs: missing 'workdir' [ 374.724938][ T4228] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 375.074297][ T4228] usb 1-1: Using ep0 maxpacket: 32 [ 376.224533][ T4228] usb 1-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 376.244044][ T4228] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.583208][ T4228] usb 1-1: config 0 descriptor?? [ 376.653917][ T4228] gspca_main: sq930x-2.14.0 probing 041e:403c [ 377.382042][ T4228] gspca_sq930x: reg_r 001f failed -71 [ 377.403831][ T4228] sq930x: probe of 1-1:0.0 failed with error -71 [ 377.439728][ T4228] usb 1-1: USB disconnect, device number 5 [ 377.622713][ T7316] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2 [ 377.632122][ T7316] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0 [ 378.413031][ T7313] overlayfs: missing 'workdir' [ 378.517703][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.524135][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.613967][ T7319] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem [ 380.508049][ T7328] device vlan2 entered promiscuous mode [ 380.514040][ T7328] device bond0 entered promiscuous mode [ 380.519747][ T7328] device bond_slave_0 entered promiscuous mode [ 380.526166][ T7328] device bond_slave_1 entered promiscuous mode [ 381.215545][ T7349] fuse: Unknown parameter 'fd0x0000000000000004' [ 381.536105][ T4777] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 382.215183][ T7355] binder: BINDER_SET_CONTEXT_MGR already set [ 382.267848][ T7355] binder: 7353:7355 ioctl 4018620d 200000000040 returned -16 [ 382.342216][ T7360] syz.1.868 (7360): drop_caches: 2 [ 382.410738][ T7360] syz.1.868 (7360): drop_caches: 2 [ 383.081176][ T7372] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 383.090321][ T7372] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0 [ 384.551703][ T7379] trusted_key: encrypted_key: master key parameter '00N004093' is invalid [ 385.452280][ T7383] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 386.713081][ T7408] orangefs_mount: mount request failed with -4 [ 386.854499][ T7407] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 388.584352][ T4298] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 388.865059][ T4298] usb 4-1: Using ep0 maxpacket: 8 [ 389.002745][ T7433] netlink: 20 bytes leftover after parsing attributes in process `syz.1.886'. [ 389.022403][ T4298] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 389.035660][ T4298] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 389.047971][ T4298] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 389.079745][ T4298] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 389.096289][ T7436] loop0: detected capacity change from 0 to 64 [ 389.102578][ T4298] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 389.122170][ T4298] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 389.131419][ T7436] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop0 [ 389.166395][ T4298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.206562][ T7436] loop0: detected capacity change from 0 to 1024 [ 389.221032][ T7436] hfsplus: unable to parse mount options [ 389.753108][ T4298] usb 4-1: usb_control_msg returned -71 [ 389.762411][ T4298] usbtmc 4-1:16.0: can't read capabilities [ 389.824313][ T4228] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 389.843448][ T4298] usb 4-1: USB disconnect, device number 15 [ 390.160607][ T4228] usb 2-1: Using ep0 maxpacket: 32 [ 390.296148][ T4228] usb 2-1: config 0 has no interfaces? [ 390.498304][ T7444] delete_channel: no stack [ 390.524389][ T4228] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 390.533539][ T4228] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 390.558337][ T4228] usb 2-1: Product: syz [ 390.562530][ T4228] usb 2-1: Manufacturer: syz [ 390.585916][ T4228] usb 2-1: SerialNumber: syz [ 390.608415][ T4228] usb 2-1: config 0 descriptor?? [ 391.294372][ T4298] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 391.484310][ T7] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 391.794654][ T4228] usb 2-1: USB disconnect, device number 4 [ 391.854555][ T7] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 392.066895][ T7] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 392.534393][ T7] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 392.663196][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 392.715061][ T7] usb 1-1: SerialNumber: syz [ 392.857371][ T7] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 392.883084][ T7] cdc_acm: probe of 1-1:1.0 failed with error -12 [ 393.408569][ T4228] usb 1-1: USB disconnect, device number 6 [ 393.474394][ T4298] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 393.492056][ T4298] usb 4-1: config 0 has no interface number 0 [ 393.499819][ T4298] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 393.515893][ T4298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.540562][ T4298] usb 4-1: config 0 descriptor?? [ 393.584798][ T4298] usb 4-1: can't set config #0, error -71 [ 393.601566][ T4298] usb 4-1: USB disconnect, device number 16 [ 393.640099][ T7487] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 393.846614][ T7487] ax25_connect(): syz.4.901 uses autobind, please contact jreuter@yaina.de [ 394.657181][ T7487] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 395.222428][ T7493] delete_channel: no stack [ 395.272752][ T7499] syz.4.906 (7499): drop_caches: 2 [ 395.281501][ T7499] syz.4.906 (7499): drop_caches: 2 [ 397.465318][ T7449] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 399.224820][ T7449] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 399.246645][ T7449] usb 1-1: config 0 has no interface number 0 [ 399.254450][ T7449] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 399.254538][ T7449] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.268941][ T7449] usb 1-1: config 0 descriptor?? [ 399.318481][ T7449] usb 1-1: selecting invalid altsetting 1 [ 399.318671][ T7449] dvb_ttusb_budget: ttusb_init_controller: error [ 399.318685][ T7449] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 400.072109][ T7449] DVB: Unable to find symbol cx22700_attach() [ 400.096050][ T7449] DVB: Unable to find symbol tda10046_attach() [ 400.145131][ T7449] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 400.182768][ T7449] usb 1-1: USB disconnect, device number 7 [ 400.265325][ T7541] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 400.997940][ T7548] delete_channel: no stack [ 402.599857][ T7] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 403.460853][ T7] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 403.492584][ T7582] delete_channel: no stack [ 403.500813][ T7] usb 1-1: config 0 has no interface number 0 [ 403.510759][ T7] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 403.520500][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.541810][ T7] usb 1-1: config 0 descriptor?? [ 403.816206][ T7] usb 1-1: selecting invalid altsetting 1 [ 403.840308][ T7] dvb_ttusb_budget: ttusb_init_controller: error [ 403.884520][ T7] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 403.899507][ T7593] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 403.909016][ T7593] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0 [ 404.160204][ T7596] overlayfs: failed to resolve './file0': -2 [ 404.291322][ T7] DVB: Unable to find symbol cx22700_attach() [ 404.354037][ T7] DVB: Unable to find symbol tda10046_attach() [ 404.397575][ T7] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 404.559219][ T7] usb 1-1: USB disconnect, device number 8 [ 406.860087][ T7625] ubi: mtd0 is already attached to ubi31 [ 407.490201][ T7634] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 407.549642][ T7636] syz.3.945 (7636): drop_caches: 2 [ 407.557998][ T7636] syz.3.945 (7636): drop_caches: 2 [ 407.994742][ T7638] overlayfs: failed to resolve './file0': -2 [ 408.401083][ T7653] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 408.407638][ T7653] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 408.416289][ T7653] vhci_hcd vhci_hcd.0: Device attached [ 408.457140][ T7654] vhci_hcd: connection closed [ 408.458054][ T4358] vhci_hcd: stop threads [ 408.500911][ T7652] netlink: 8 bytes leftover after parsing attributes in process `syz.4.950'. [ 408.510704][ T4298] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 408.523864][ T4358] vhci_hcd: release socket [ 408.570838][ T4358] vhci_hcd: disconnect device [ 408.634599][ T7449] vhci_hcd: vhci_device speed not set [ 408.739593][ T7652] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.747128][ T7652] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.814278][ T4298] usb 4-1: Using ep0 maxpacket: 8 [ 408.964837][ T4298] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 408.985379][ T4298] usb 4-1: config 0 has no interface number 0 [ 409.030049][ T4298] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 409.086349][ T4298] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 409.126906][ T4298] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 409.182007][ T4298] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 409.207932][ T4298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.308257][ T4298] usb 4-1: config 0 descriptor?? [ 409.413488][ T4298] ldusb 4-1:0.55: Interrupt in endpoint not found [ 409.738908][ T4228] usb 4-1: USB disconnect, device number 17 [ 410.130223][ T7670] ubi: mtd0 is already attached to ubi31 [ 411.002810][ T7681] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 411.011927][ T7681] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0 [ 411.837696][ T7684] netlink: 'syz.2.958': attribute type 1 has an invalid length. [ 411.877143][ T7684] netlink: 'syz.2.958': attribute type 2 has an invalid length. [ 411.907073][ T7687] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 411.913605][ T7687] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 411.921352][ T7687] vhci_hcd vhci_hcd.0: Device attached [ 412.234218][ T7697] overlayfs: failed to resolve './file0': -2 [ 412.504528][ T4228] usb 39-1: new high-speed USB device number 2 using vhci_hcd [ 412.703012][ T7692] vhci_hcd: connection reset by peer [ 412.713597][ T4277] vhci_hcd: stop threads [ 412.752947][ T4277] vhci_hcd: release socket [ 412.773272][ T4277] vhci_hcd: disconnect device [ 413.994272][ T7722] ubi: mtd0 is already attached to ubi31 [ 414.539523][ T13] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 414.550430][ T7723] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 414.614454][ T4229] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 414.804771][ T13] usb 3-1: Using ep0 maxpacket: 16 [ 414.935001][ T13] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 415.034424][ T4229] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 415.582559][ T7731] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2 [ 415.591713][ T7731] netdevsim netdevsim0: Falling back to sysfs fallback for: ./file0 [ 415.630011][ T4229] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 415.640847][ T4229] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 415.650239][ T4229] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 415.984345][ T13] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 416.014026][ T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.063484][ T13] usb 3-1: Product: syz [ 416.080881][ T13] usb 3-1: Manufacturer: syz [ 416.145135][ T4229] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 416.161305][ T4229] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 416.175848][ T4229] usb 5-1: Product: syz [ 416.180296][ T4229] usb 5-1: Manufacturer: syz [ 416.396888][ T13] usb 3-1: SerialNumber: syz [ 416.413364][ T13] usb 3-1: config 0 descriptor?? [ 416.415265][ T4229] cdc_wdm 5-1:1.0: skipping garbage [ 416.434450][ T4229] cdc_wdm 5-1:1.0: skipping garbage [ 416.712173][ T4229] cdc_wdm: probe of 5-1:1.0 failed with error -22 [ 416.749469][ T4229] usb 5-1: USB disconnect, device number 5 [ 416.890624][ T13] usb 3-1: USB disconnect, device number 5 [ 417.086369][ T7756] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 417.092902][ T7756] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 417.100637][ T7756] vhci_hcd vhci_hcd.0: Device attached [ 417.109289][ T7757] vhci_hcd: connection closed [ 417.109774][ T4494] vhci_hcd: stop threads [ 417.121159][ T4494] vhci_hcd: release socket [ 417.133160][ T4494] vhci_hcd: disconnect device [ 417.454359][ T7767] ubi: mtd0 is already attached to ubi31 [ 418.131839][ T4228] vhci_hcd: vhci_device speed not set [ 421.282122][ T7807] overlayfs: overlapping lowerdir path [ 421.691273][ T7812] ax25_connect(): syz.3.994 uses autobind, please contact jreuter@yaina.de [ 423.230272][ T7837] ubi: mtd0 is already attached to ubi31 [ 423.951072][ T26] audit: type=1326 audit(1752902263.052:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7838 comm="syz.3.1002" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8bc27b99a9 code=0x0 [ 424.402997][ T7854] ax25_connect(): syz.1.1006 uses autobind, please contact jreuter@yaina.de [ 425.653337][ T7871] ubi: mtd0 is already attached to ubi31 [ 426.590183][ T7887] ubi: mtd0 is already attached to ubi31 [ 427.143627][ T7885] ax25_connect(): syz.2.1017 uses autobind, please contact jreuter@yaina.de [ 427.571405][ T26] audit: type=1326 audit(1752902266.672:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7895 comm="syz.0.1020" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f75bcc5e9a9 code=0x0 [ 429.567988][ T7912] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1025'. [ 430.225513][ T7920] ax25_connect(): syz.1.1028 uses autobind, please contact jreuter@yaina.de [ 430.768552][ T7926] ubi: mtd0 is already attached to ubi31 [ 432.461287][ T1273] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 432.641588][ T7938] loop1: detected capacity change from 0 to 64 [ 432.738686][ T7938] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop1 [ 433.720884][ T7938] loop1: detected capacity change from 0 to 1024 [ 433.806138][ T7938] hfsplus: unable to parse mount options [ 434.149396][ T7952] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1038'. [ 435.673193][ T7971] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 435.754223][ T7974] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2 [ 435.763344][ T7974] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0 [ 435.874514][ T1107] Bluetooth: hci3: command 0x0405 tx timeout [ 438.057447][ T7994] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1050'. [ 439.958162][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.964844][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.117298][ T8016] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 440.126464][ T8016] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0 [ 442.802969][ T8030] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1062'. [ 446.191487][ T8041] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 446.198202][ T8041] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 446.271882][ T8056] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 446.480832][ T8042] vhci_hcd: connection closed [ 446.482531][ T8041] vhci_hcd vhci_hcd.0: Device attached [ 446.493051][ T468] vhci_hcd: stop threads [ 446.497509][ T468] vhci_hcd: release socket [ 446.501914][ T468] vhci_hcd: disconnect device [ 448.121828][ T8079] ip6erspan0: tun_chr_ioctl cmd 1074025675 [ 448.127840][ T8079] ip6erspan0: persist enabled [ 448.165705][ T8077] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1074'. [ 448.613176][ T8085] loop1: detected capacity change from 0 to 64 [ 448.689421][ T8085] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop1 [ 450.973862][ T8103] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 450.981616][ T8103] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 450.993404][ T8104] vhci_hcd: connection closed [ 450.996795][ T8103] vhci_hcd vhci_hcd.0: Device attached [ 451.009981][ T4329] vhci_hcd: stop threads [ 451.018024][ T4329] vhci_hcd: release socket [ 451.022464][ T4329] vhci_hcd: disconnect device [ 453.650195][ T8128] batman_adv: batadv0: Adding interface: dummy0 [ 453.747041][ T8128] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 453.967526][ T8129] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1087'. [ 453.975087][ T8128] batman_adv: batadv0: Interface activated: dummy0 [ 454.023095][ T8141] batadv0: mtu less than device minimum [ 454.045672][ T8141] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 454.058499][ T8141] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 454.070840][ T8141] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 454.083205][ T8141] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 454.095553][ T8141] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 454.108011][ T8141] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 454.120393][ T8141] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 454.132741][ T8141] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 454.144292][ T8141] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 456.038433][ T8151] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 456.044975][ T8151] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 456.052842][ T8151] vhci_hcd vhci_hcd.0: Device attached [ 456.202726][ T8152] vhci_hcd: connection closed [ 456.210991][ T4337] vhci_hcd: stop threads [ 456.232559][ T4337] vhci_hcd: release socket [ 456.364730][ T4337] vhci_hcd: disconnect device [ 463.484028][ T8237] binder: 8236:8237 unknown command 0 [ 463.521665][ T8237] binder: 8236:8237 ioctl c0306201 200000000080 returned -22 [ 464.274679][ T468] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 466.646470][ T8262] autofs4:pid:8262:autofs_fill_super: called with bogus options [ 468.991045][ T8317] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2 [ 469.000210][ T8317] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0 [ 472.625388][ T8355] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 472.634281][ T8355] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0 [ 473.270855][ T8365] overlayfs: failed to resolve './file0': -2 [ 478.365215][ T4228] Bluetooth: hci5: command 0x1003 tx timeout [ 478.395115][ T8424] Bluetooth: hci5: sending frame failed (-49) [ 480.510063][ T1110] Bluetooth: hci5: command 0x1001 tx timeout [ 480.516297][ T8424] Bluetooth: hci5: sending frame failed (-49) [ 481.674683][ T8461] ubi: mtd0 is already attached to ubi31 [ 482.208059][ T1110] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 482.824843][ T1110] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 483.143880][ T1110] usb 2-1: config 0 has no interface number 0 [ 483.152786][ T1110] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 483.181164][ T1110] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.240546][ T1110] usb 2-1: config 0 descriptor?? [ 483.250828][ T4228] Bluetooth: hci5: command 0x1009 tx timeout [ 483.459734][ T1110] usb 2-1: selecting invalid altsetting 1 [ 483.466063][ T1110] dvb_ttusb_budget: ttusb_init_controller: error [ 483.473311][ T1110] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 483.566941][ T1110] DVB: Unable to find symbol cx22700_attach() [ 484.531029][ T1110] DVB: Unable to find symbol tda10046_attach() [ 485.359553][ T1110] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 485.375197][ T1110] usb 2-1: USB disconnect, device number 5 [ 485.429944][ T8512] binder: 8511:8512 unknown command 0 [ 485.437574][ T8512] binder: 8511:8512 ioctl c0306201 200000000080 returned -22 [ 486.539876][ T8526] ubi: mtd0 is already attached to ubi31 [ 488.173002][ T8558] ax25_connect(): syz.0.1209 uses autobind, please contact jreuter@yaina.de [ 490.264668][ T8586] ubi: mtd0 is already attached to ubi31 [ 494.377821][ T8640] ubi: mtd0 is already attached to ubi31 [ 497.644227][ T4329] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 497.911055][ T8668] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 499.542504][ T8687] ubi: mtd0 is already attached to ubi31 [ 499.866585][ T8699] ubi: mtd0 is already attached to ubi31 [ 501.407058][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.413523][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.118867][ T8731] binder: 8730:8731 unknown command 0 [ 503.124496][ T8731] binder: 8730:8731 ioctl c0306201 200000000080 returned -22 [ 503.939485][ T8734] ubi: mtd0 is already attached to ubi31 [ 504.237507][ T8742] ubi: mtd0 is already attached to ubi31 [ 507.753120][ T8766] sg_write: process 835 (syz.3.1273) changed security contexts after opening file descriptor, this is not allowed. [ 508.811905][ T8781] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1277'. [ 508.863363][ T8781] net_ratelimit: 10 callbacks suppressed [ 508.863379][ T8781] netlink: set zone limit has 8 unknown bytes [ 509.342246][ T8785] ubi: mtd0 is already attached to ubi31 [ 509.653767][ T8790] overlayfs: unrecognized mount option "verity=on" or missing value [ 513.091212][ T8818] overlayfs: failed to resolve './file1': -2 [ 514.225346][ T8832] tipc: Started in network mode [ 514.230617][ T8832] tipc: Node identity 4, cluster identity 4711 [ 514.264228][ T8832] tipc: Node number set to 4 [ 515.395341][ T8855] ubi: mtd0 is already attached to ubi31 [ 520.470970][ T8895] ubi: mtd0 is already attached to ubi31 [ 520.962378][ T4198] Bluetooth: hci3: Ignoring connect complete event for invalid link type [ 525.051696][ T8936] device vti0 entered promiscuous mode [ 525.768941][ T8957] ubi: mtd0 is already attached to ubi31 [ 528.661775][ T8984] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 528.670857][ T8984] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0 [ 530.195729][ T4329] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 533.760404][ T9024] overlayfs: unrecognized mount option "verity=on" or missing value [ 534.340857][ T9034] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2 [ 534.350151][ T9034] netdevsim netdevsim0: Falling back to sysfs fallback for: ./file0 [ 534.814990][ T9045] ubi: mtd0 is already attached to ubi31 [ 537.458715][ T9062] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 539.036884][ T9080] overlayfs: unrecognized mount option "verity=on" or missing value [ 540.594626][ T9093] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 540.603488][ T9093] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0 [ 543.274203][ T9134] ax25_connect(): syz.0.1376 uses autobind, please contact jreuter@yaina.de [ 546.289136][ T9158] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 546.298288][ T9158] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0 [ 547.699903][ T9167] 9pnet_virtio: no channels available for device syz [ 548.584229][ T9171] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 549.154560][ T9200] ax25_connect(): syz.1.1392 uses autobind, please contact jreuter@yaina.de [ 550.207834][ T9213] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 550.217057][ T9213] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0 [ 550.361321][ T9219] netlink: 'syz.0.1402': attribute type 72 has an invalid length. [ 551.488466][ T9237] device vti0 entered promiscuous mode [ 551.594352][ T9233] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 551.627352][ T9233] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 552.068450][ T9244] ax25_connect(): syz.1.1409 uses autobind, please contact jreuter@yaina.de [ 553.076205][ T9254] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1413'. [ 553.228275][ T9261] ubi: mtd0 is already attached to ubi31 [ 553.237731][ T9262] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 553.246671][ T9262] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0 [ 555.684052][ T9285] ax25_connect(): syz.3.1422 uses autobind, please contact jreuter@yaina.de [ 556.177006][ T9289] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1425'. [ 556.395550][ T9298] syz.4.1426 (9298): drop_caches: 2 [ 556.419399][ T9298] syz.4.1426 (9298): drop_caches: 2 [ 558.350380][ T9315] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2 [ 558.359326][ T9315] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0 [ 560.817895][ T9338] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1437'. [ 562.023177][ T9355] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 562.032389][ T9355] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0 [ 562.777143][ T1273] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 562.795800][ T9357] kvm: emulating exchange as write [ 562.838396][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.844944][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.772931][ T9377] ax25_connect(): syz.0.1447 uses autobind, please contact jreuter@yaina.de [ 565.075865][ T26] audit: type=1326 audit(1752902404.182:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9391 comm="syz.4.1453" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff59c7ec9a9 code=0x0 [ 565.893540][ T9403] syz.0.1457 (9403): drop_caches: 2 [ 565.916111][ T9403] syz.0.1457 (9403): drop_caches: 2 [ 566.774204][ T5796] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 567.265579][ T5796] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 567.474324][ T5796] usb 4-1: config 0 has no interface number 0 [ 567.497418][ T5796] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 568.334192][ T5796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 568.362185][ T5796] usb 4-1: config 0 descriptor?? [ 568.424252][ T5796] usb 4-1: can't set config #0, error -71 [ 568.434075][ T5796] usb 4-1: USB disconnect, device number 18 [ 568.668274][ T9428] ax25_connect(): syz.2.1462 uses autobind, please contact jreuter@yaina.de [ 571.195089][ T9450] ubi: mtd0 is already attached to ubi31 [ 572.474217][ T21] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 572.889796][ T21] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 573.703013][ T21] usb 2-1: config 0 has no interface number 0 [ 573.709658][ T21] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 573.719206][ T21] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.741003][ T21] usb 2-1: config 0 descriptor?? [ 573.795938][ T21] usb 2-1: selecting invalid altsetting 1 [ 573.801787][ T21] dvb_ttusb_budget: ttusb_init_controller: error [ 573.808541][ T21] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 573.859062][ T21] DVB: Unable to find symbol cx22700_attach() [ 574.913841][ T9478] ax25_connect(): syz.3.1476 uses autobind, please contact jreuter@yaina.de [ 575.123727][ T21] DVB: Unable to find symbol tda10046_attach() [ 575.140563][ T21] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 575.473382][ T4198] Bluetooth: hci4: hardware error 0x08 [ 576.164204][ T21] usb 2-1: USB disconnect, device number 6 [ 576.502556][ T9505] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 576.511980][ T9505] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 576.519615][ T9505] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 576.530065][ T9505] device bridge_slave_0 left promiscuous mode [ 576.537266][ T9505] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.346369][ T9505] device bridge_slave_1 left promiscuous mode [ 577.424556][ T9505] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.510940][ T9505] bond0: (slave bond_slave_0): Releasing backup interface [ 577.572414][ T9505] bond0: (slave bond_slave_1): Releasing backup interface [ 577.662095][ T9525] ubi: mtd0 is already attached to ubi31 [ 578.006003][ T9528] ax25_connect(): syz.4.1490 uses autobind, please contact jreuter@yaina.de [ 578.371563][ T9505] team0: Port device team_slave_0 removed [ 578.547902][ T9505] team0: Port device team_slave_1 removed [ 578.644602][ T9505] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 578.652030][ T9505] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 578.828160][ T9505] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 578.855649][ T9505] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 579.360188][ T9507] netlink: 'syz.3.1484': attribute type 10 has an invalid length. [ 579.397406][ T9505] syz.3.1484 (9505) used greatest stack depth: 20032 bytes left [ 579.468283][ T9507] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 579.974222][ T21] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 580.580824][ T9555] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 580.625053][ T9555] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0 [ 581.284501][ T21] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 581.302236][ T21] usb 3-1: config 0 has no interface number 0 [ 581.423123][ T21] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 581.471239][ T21] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.585210][ T21] usb 3-1: config 0 descriptor?? [ 581.631653][ T21] usb 3-1: selecting invalid altsetting 1 [ 582.453254][ T21] dvb_ttusb_budget: ttusb_init_controller: error [ 582.459966][ T21] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 582.711298][ T21] DVB: Unable to find symbol cx22700_attach() [ 582.888529][ T21] DVB: Unable to find symbol tda10046_attach() [ 582.895682][ T21] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 582.944722][ T21] usb 3-1: USB disconnect, device number 6 [ 582.965243][ T4228] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 583.264375][ T4228] usb 2-1: Using ep0 maxpacket: 16 [ 583.410061][ T4228] usb 2-1: config 0 has no interfaces? [ 583.449161][ T4228] usb 2-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88 [ 583.485280][ T4228] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.520725][ T4228] usb 2-1: config 0 descriptor?? [ 583.897071][ T4228] usb 2-1: USB disconnect, device number 7 [ 584.975649][ T9610] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 584.985053][ T9610] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0 [ 588.030860][ T9641] syz.4.1521 (9641): drop_caches: 2 [ 588.046472][ T9641] syz.4.1521 (9641): drop_caches: 2 [ 589.229571][ T9657] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 589.238638][ T9657] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0 [ 589.508459][ T9661] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 589.545859][ T9661] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 589.897151][ T9667] ubi: mtd0 is already attached to ubi31 [ 591.139734][ T9688] syz.2.1534 (9688): drop_caches: 2 [ 591.147668][ T9688] syz.2.1534 (9688): drop_caches: 2 [ 594.858278][ T154] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 595.950824][ T9725] overlayfs: missing 'lowerdir' [ 597.287979][ T9738] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 597.473273][ T9742] syz.3.1548 (9742): drop_caches: 2 [ 597.480816][ T9742] syz.3.1548 (9742): drop_caches: 2 [ 598.572898][ T9755] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 598.581925][ T9755] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0 [ 599.395374][ T9769] block device autoloading is deprecated and will be removed. [ 599.594175][ T21] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 599.728914][ T9781] overlayfs: missing 'lowerdir' [ 599.904340][ T21] usb 4-1: Using ep0 maxpacket: 32 [ 600.443182][ T21] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 600.624310][ T21] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 600.672385][ T21] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 600.684222][ T21] usb 4-1: Product: syz [ 600.688496][ T21] usb 4-1: Manufacturer: syz [ 600.694468][ T21] usb 4-1: SerialNumber: syz [ 600.712895][ T21] usb 4-1: config 0 descriptor?? [ 600.744427][ T9761] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 600.879544][ T9798] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 601.675398][ T9794] ubi: mtd0 is already attached to ubi31 [ 601.688826][ T21] usb 4-1: USB disconnect, device number 19 [ 601.846155][ T9810] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 601.855053][ T9810] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0 [ 603.240576][ T9817] netlink: 'syz.3.1569': attribute type 1 has an invalid length. [ 603.360157][ T9821] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 603.479867][ T9817] device veth3 entered promiscuous mode [ 603.788631][ T9835] overlayfs: missing 'lowerdir' [ 606.436831][ T9862] syz.0.1580 (9862): drop_caches: 2 [ 606.449353][ T9862] syz.0.1580 (9862): drop_caches: 2 [ 608.038355][ T9870] autofs4:pid:9870:autofs_fill_super: called with bogus options [ 608.206862][ T9891] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 608.260823][ T9893] genirq: Flags mismatch irq 4. 00000000 (pcl812) vs. 00000000 (ttyS0) [ 608.423968][ T9904] overlayfs: missing 'lowerdir' [ 611.928442][ T9942] syz.0.1593 (9942): drop_caches: 2 [ 611.941586][ T9942] syz.0.1593 (9942): drop_caches: 2 [ 613.071035][ T9947] autofs4:pid:9947:autofs_fill_super: called with bogus options [ 617.120597][T10007] autofs4:pid:10007:autofs_fill_super: called with bogus options [ 617.727131][ T4243] Bluetooth: hci5: command 0x1003 tx timeout [ 617.734581][ T8424] Bluetooth: hci5: sending frame failed (-49) [ 619.008381][T10030] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 619.852642][ T5796] Bluetooth: hci5: command 0x1001 tx timeout [ 619.859229][ T8424] Bluetooth: hci5: sending frame failed (-49) [ 622.141939][ T5796] Bluetooth: hci5: command 0x1009 tx timeout [ 623.202350][T10061] Failed to get privilege flags for destination (handle=0x2:0x4000d56d) [ 623.312909][T10069] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 623.322407][T10069] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0 [ 623.504228][ T5796] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 623.576001][ T4243] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 623.834222][ T4243] usb 3-1: Using ep0 maxpacket: 32 [ 623.864392][ T5796] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 623.872511][ T5796] usb 1-1: config 0 has no interface number 0 [ 623.881891][ T5796] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 623.891011][ T5796] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.903821][ T5796] usb 1-1: config 0 descriptor?? [ 623.945619][ T5796] usb 1-1: selecting invalid altsetting 1 [ 623.951498][ T5796] dvb_ttusb_budget: ttusb_init_controller: error [ 623.961308][ T4243] usb 3-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 623.970897][ T5796] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 623.979457][ T4243] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.994830][ T4243] usb 3-1: config 0 descriptor?? [ 624.018021][ T5796] DVB: Unable to find symbol cx22700_attach() [ 624.046129][ T4243] as10x_usb: device has been detected [ 624.051749][ T4243] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 624.067300][ T5796] DVB: Unable to find symbol tda10046_attach() [ 624.073465][ T5796] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 624.090455][ T4243] usb 3-1: DVB: registering adapter 2 frontend 0 (nBox DVB-T Dongle)... [ 624.271578][ T4243] as10x_usb: error during firmware upload part1 [ 624.279925][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.280010][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.297052][ T4243] Registered device nBox DVB-T Dongle [ 624.299611][ T4243] usb 3-1: USB disconnect, device number 7 [ 624.354335][ T5796] usb 1-1: USB disconnect, device number 9 [ 624.727841][ T9708] udevd[9708]: setting owner of /dev/dvb/adapter2/frontend0 to uid=0, gid=28 failed: No such file or directory [ 624.946772][ T4243] Unregistered device nBox DVB-T Dongle [ 624.961429][ T4243] as10x_usb: device has been disconnected [ 626.840708][T10100] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 627.025384][T10104] APIC base relocation is unsupported by KVM [ 627.251832][T10092] autofs4:pid:10092:autofs_fill_super: called with bogus options [ 628.220912][T10120] syz.2.1651 (10120): drop_caches: 2 [ 628.229197][T10120] syz.2.1651 (10120): drop_caches: 2 [ 630.681910][T10147] ax25_connect(): syz.4.1658 uses autobind, please contact jreuter@yaina.de [ 630.695755][ T4174] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 631.336226][ T4174] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 631.348081][ T4174] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 631.371113][ T4174] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 631.444605][ T4174] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 631.728205][T10135] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 632.042550][ T7] usb 2-1: USB disconnect, device number 8 [ 633.398414][T10153] autofs4:pid:10153:autofs_fill_super: called with bogus options [ 634.697807][T10188] ax25_connect(): syz.4.1671 uses autobind, please contact jreuter@yaina.de [ 635.918536][T10203] block nbd2: shutting down sockets [ 636.260117][T10210] lo speed is unknown, defaulting to 1000 [ 636.278758][ T26] audit: type=1326 audit(1752902475.382:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10206 comm="syz.4.1678" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff59c7ec9a9 code=0x0 [ 636.361001][T10219] ax25_connect(): syz.3.1682 uses autobind, please contact jreuter@yaina.de [ 636.395228][T10219] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 636.656150][T10226] ubi: mtd0 is already attached to ubi31 [ 636.743840][T10227] ax25_connect(): syz.1.1684 uses autobind, please contact jreuter@yaina.de [ 637.020449][T10231] capability: warning: `syz.3.1686' uses 32-bit capabilities (legacy support in use) [ 638.796700][T10230] autofs4:pid:10230:autofs_fill_super: called with bogus options [ 639.168540][T10254] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1693'. [ 640.408558][ T26] audit: type=1326 audit(1752902479.512:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10268 comm="syz.2.1698" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5d966c19a9 code=0x0 [ 640.434424][T10267] ax25_connect(): syz.4.1697 uses autobind, please contact jreuter@yaina.de [ 640.464509][T10267] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 641.909528][T10301] ubi: mtd0 is already attached to ubi31 [ 642.508797][T10286] autofs4:pid:10286:autofs_fill_super: called with bogus options [ 642.605168][T10311] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 643.132938][T10316] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2 [ 643.141902][T10316] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0 [ 643.805753][T10330] ax25_connect(): syz.0.1711 uses autobind, please contact jreuter@yaina.de [ 645.311064][T10352] ubi: mtd0 is already attached to ubi31 [ 645.618738][T10351] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 647.596733][T10370] autofs4:pid:10370:autofs_fill_super: called with bogus options [ 648.122869][T10409] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 648.208282][T10413] ubi: mtd0 is already attached to ubi31 [ 650.572871][T10461] ax25_connect(): syz.0.1744 uses autobind, please contact jreuter@yaina.de [ 650.827783][T10452] autofs4:pid:10452:autofs_fill_super: called with bogus options [ 652.136794][T10481] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 653.907347][T10499] ubi: mtd0 is already attached to ubi31 [ 656.405358][T10503] autofs4:pid:10503:autofs_fill_super: called with bogus options [ 656.813981][T10530] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 656.914650][ T4494] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 662.993832][T10643] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 663.002844][T10643] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0 [ 664.810439][T10662] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1805'. [ 664.823024][T10662] netlink: 'syz.1.1805': attribute type 7 has an invalid length. [ 664.839067][T10662] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1805'. [ 665.006194][T10662] device erspan0 entered promiscuous mode [ 665.026342][T10662] device batadv_slave_1 entered promiscuous mode [ 665.035813][ T4494] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 666.016022][T10689] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 666.025036][T10689] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0 [ 666.909443][ T26] audit: type=1326 audit(1752902506.012:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10705 comm="syz.3.1819" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8bc27b99a9 code=0x0 [ 669.273503][T10741] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 671.021681][T10766] device syzkaller1 entered promiscuous mode [ 674.102252][ T4243] Bluetooth: hci5: command 0x1003 tx timeout [ 674.108718][ T8424] Bluetooth: hci5: sending frame failed (-49) [ 674.254914][T10812] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 674.317903][T10816] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 676.221292][ T7] Bluetooth: hci5: command 0x1001 tx timeout [ 676.295813][T10809] Bluetooth: hci5: sending frame failed (-49) [ 676.550626][T10842] ubi: mtd0 is already attached to ubi31 [ 677.332598][ T26] audit: type=1326 audit(1752902516.432:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10843 comm="syz.0.1863" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f75bcc5e9a9 code=0x0 [ 677.661979][T10858] xt_hashlimit: size too large, truncated to 1048576 [ 678.100327][T10864] [U] ^R [ 678.354287][ T4243] Bluetooth: hci5: command 0x1009 tx timeout [ 680.839937][T10892] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 682.017358][ T26] audit: type=1326 audit(1752902521.122:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.3.1878" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8bc27b99a9 code=0x0 [ 684.615900][T10920] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.831870][T10920] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.128001][T10920] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.459983][T10920] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.716270][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.723242][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.335522][T10920] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.390718][T10920] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.473609][T10920] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.550433][T10920] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.904824][T10956] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 687.469869][T10962] device syzkaller1 entered promiscuous mode [ 688.416067][T10972] overlayfs: unrecognized mount option "verity=on" or missing value [ 689.106354][ T154] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 689.408224][T10987] 9pnet_virtio: no channels available for device syz [ 689.442993][T10988] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 689.529121][T10988] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 689.836498][T10988] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 689.943909][T10988] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.677816][T10988] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.755198][T10988] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.808047][T10988] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.658350][T10988] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.343219][T11073] binder: 11072:11073 unknown command 0 [ 694.382543][T11073] binder: 11072:11073 ioctl c0306201 200000000080 returned -22 [ 694.966146][T11073] binder: BINDER_SET_CONTEXT_MGR already set [ 694.992474][T11073] binder: 11072:11073 ioctl 4018620d 200000000040 returned -16 [ 695.026234][T11085] binder: 11072:11085 ioctl c0306201 200000000180 returned -14 [ 696.214665][T11103] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 696.222979][T11103] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 696.292352][T11113] input: syz1 as /devices/virtual/input/input20 [ 698.006654][T11166] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2 [ 698.015724][T11166] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0 [ 699.218358][T11198] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1968'. [ 699.243221][T11198] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 705.697213][T11271] autofs4:pid:11271:autofs_fill_super: called with bogus options [ 705.828416][T11286] xt_hashlimit: size too large, truncated to 1048576 [ 708.161181][T11330] overlayfs: unrecognized mount option "verity=require" or missing value [ 710.219744][T11340] autofs4:pid:11340:autofs_fill_super: called with bogus options [ 711.705016][T11375] xt_hashlimit: size too large, truncated to 1048576 [ 711.750660][T11378] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 711.759632][T11378] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0 [ 711.783738][ T8424] Bluetooth: Wrong link type (-22) [ 713.200299][T11391] autofs4:pid:11391:autofs_fill_super: called with bogus options [ 715.803480][T11420] overlayfs: unrecognized mount option "verity=on" or missing value [ 718.347727][T11437] ax25_connect(): syz.4.2039 uses autobind, please contact jreuter@yaina.de [ 718.489824][T11448] tmpfs: Unknown parameter 'usrquota' [ 720.088297][T11473] overlayfs: unrecognized mount option "verity=on" or missing value [ 720.263386][T11469] syz.1.2049 (11469): drop_caches: 2 [ 720.426299][T11477] ax25_connect(): syz.4.2051 uses autobind, please contact jreuter@yaina.de [ 722.239296][ T4358] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 722.386281][T11512] ubi: mtd0 is already attached to ubi31 [ 723.435456][T11521] ax25_connect(): syz.4.2062 uses autobind, please contact jreuter@yaina.de [ 724.206140][T11537] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 724.384922][T11533] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 724.406321][T11533] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 724.409172][T11536] block device autoloading is deprecated and will be removed. [ 726.103302][T11560] 9pnet_virtio: no channels available for device syz [ 727.258580][T11572] ax25_connect(): syz.1.2080 uses autobind, please contact jreuter@yaina.de [ 727.390498][T11577] ubi: mtd0 is already attached to ubi31 [ 729.778587][T11604] overlayfs: unrecognized mount option "verity=on" or missing value [ 731.138613][T11631] Bluetooth: hci0: invalid len left 7, exp >= 41 [ 732.433981][T11644] ax25_connect(): syz.3.2096 uses autobind, please contact jreuter@yaina.de [ 733.029912][T11653] overlayfs: unrecognized mount option "verity=on" or missing value [ 735.796519][T11683] ax25_connect(): syz.1.2114 uses autobind, please contact jreuter@yaina.de [ 736.492867][T11705] capability: warning: `syz.0.2118' uses deprecated v2 capabilities in a way that may be insecure [ 736.585444][T11709] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2119'. [ 736.609884][T11709] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 736.631062][T11709] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 736.802700][T11709] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 736.834404][T11709] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 738.328292][T11730] overlayfs: unrecognized mount option "verity=on" or missing value [ 738.352111][T11733] ax25_connect(): syz.1.2127 uses autobind, please contact jreuter@yaina.de [ 738.456298][T11726] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 738.468644][T11726] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 738.718242][ T4394] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 739.522088][T11768] overlayfs: unrecognized mount option "verity=on" or missing value [ 740.745696][ T4394] nci: nci_rx_work: unknown MT 0x7 [ 741.368124][ T1110] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 741.405317][T11815] overlayfs: unrecognized mount option "verity=on" or missing value [ 742.275100][ T1110] usb 1-1: Using ep0 maxpacket: 8 [ 742.559420][ T1110] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 742.573820][ T1110] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 742.583657][ T1110] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 742.593951][ T1110] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 742.614103][ T1110] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 742.704102][ T1110] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 743.391862][T11840] lo speed is unknown, defaulting to 1000 [ 743.493662][T11820] syz.1.2156 (11820): drop_caches: 2 [ 743.574278][ T1110] usb 1-1: GET_CAPABILITIES returned 0 [ 743.580366][ T1110] usbtmc 1-1:16.0: can't read capabilities [ 743.811036][T11851] overlayfs: unrecognized mount option "verity=on" or missing value [ 743.824138][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.834759][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.843965][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.853063][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.862166][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.871362][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.880458][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.889645][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.900930][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.910095][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.919213][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.928384][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.937711][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.946843][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.956022][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.965207][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 743.993569][ T4229] usb 1-1: USB disconnect, device number 10 [ 745.096353][T11865] ubi: mtd0 is already attached to ubi31 [ 745.832902][T11880] overlayfs: unrecognized mount option "verity=on" or missing value [ 745.874376][ T7] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 746.298591][ T7] usb 3-1: Using ep0 maxpacket: 8 [ 746.425388][ T7] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 746.457431][ T7] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 746.696366][ T7] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 746.732830][ T7] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 746.848838][ T7] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 747.159126][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.165864][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.324527][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 747.694340][ T7] usb 3-1: GET_CAPABILITIES returned 0 [ 747.700122][ T7] usbtmc 3-1:16.0: can't read capabilities [ 747.759982][T11920] overlayfs: unrecognized mount option "verity=on" or missing value [ 747.974158][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 748.481093][ T7] usb 3-1: USB disconnect, device number 8 [ 748.804836][T11941] overlayfs: failed to clone lowerpath [ 750.565332][T11963] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144 [ 750.876330][T11971] ubi: mtd0 is already attached to ubi31 [ 751.780719][T11974] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 751.789959][T11974] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0 [ 753.449780][T11999] sp0: Synchronizing with TNC [ 755.205417][ T4494] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 756.115667][T12042] overlayfs: failed to clone lowerpath [ 756.220358][T12048] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 756.228812][T12048] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 756.237205][T12048] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 756.245533][T12048] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 756.339528][T12048] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 756.348104][T12048] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 756.356862][T12048] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 756.365357][T12048] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 759.492126][T12084] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 759.511673][T12084] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 759.578664][T12084] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 759.627359][T12089] [ 759.629979][T12089] ============================= [ 759.670058][T12089] WARNING: suspicious RCU usage [ 759.826846][T12089] 5.15.189-syzkaller #0 Not tainted [ 759.832499][T12089] ----------------------------- [ 759.844211][T12089] kernel/events/callchain.c:161 suspicious rcu_dereference_check() usage! [ 759.855877][T12089] [ 759.855877][T12089] other info that might help us debug this: [ 759.855877][T12089] [ 759.860571][T12084] bond0: (slave wlan1): Releasing backup interface [ 759.872174][T12089] [ 759.872174][T12089] rcu_scheduler_active = 2, debug_locks = 1 [ 759.885429][T12089] 1 lock held by syz.4.2246/12089: [ 759.936463][T12084] bond1: (slave ip6gretap1): Releasing backup interface [ 759.946059][T12098] ax25_connect(): syz.0.2247 uses autobind, please contact jreuter@yaina.de [ 759.986516][T12089] #0: ffffffff8c11c4e0 (rcu_read_lock_trace){....}-{0:0}, at: rcu_lock_acquire+0x9/0x30 [ 760.011848][T12089] [ 760.011848][T12089] stack backtrace: [ 760.029607][T12089] CPU: 1 PID: 12089 Comm: syz.4.2246 Not tainted 5.15.189-syzkaller #0 [ 760.037874][T12089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 760.048035][T12089] Call Trace: [ 760.051315][T12089] [ 760.054247][T12089] dump_stack_lvl+0x168/0x230 [ 760.058934][T12089] ? load_image+0x3b0/0x3b0 [ 760.063438][T12089] ? show_regs_print_info+0x20/0x20 [ 760.068648][T12089] ? lockdep_rcu_suspicious+0x110/0x180 [ 760.074196][T12089] get_callchain_entry+0x2a5/0x3b0 [ 760.079307][T12089] get_perf_callchain+0x9f/0x480 [ 760.084247][T12089] ? put_callchain_entry+0xb0/0xb0 [ 760.089352][T12089] ? futex_wait_queue_me+0x2d8/0x440 [ 760.094725][T12089] ? mark_lock+0x94/0x320 [ 760.099058][T12089] ? verify_lock_unused+0x140/0x140 [ 760.104251][T12089] ? __lock_acquire+0x13ad/0x7c60 [ 760.109362][T12089] __bpf_get_stack+0x2cb/0x4f0 [ 760.114134][T12089] ? stack_map_get_build_id_offset+0x860/0x860 [ 760.120293][T12089] ? bpf_prog_d43750871481577d+0x3d/0x594 [ 760.126015][T12089] bpf_get_stack_raw_tp+0x189/0x1c0 [ 760.131223][T12089] bpf_prog_d43750871481577d+0x3d/0x594 [ 760.136775][T12089] bpf_prog_run_pin_on_cpu+0xa4/0x140 [ 760.142149][T12089] bpf_prog_test_run_syscall+0x354/0x4e0 [ 760.147875][T12089] ? sock_gen_cookie+0x60/0x60 [ 760.152692][T12089] ? sock_gen_cookie+0x60/0x60 [ 760.157453][T12089] bpf_prog_test_run+0x31e/0x390 [ 760.162520][T12089] __sys_bpf+0x535/0x670 [ 760.166852][T12089] ? bpf_link_show_fdinfo+0x340/0x340 [ 760.172328][T12089] ? vtime_user_exit+0x2dc/0x400 [ 760.177269][T12089] __x64_sys_bpf+0x78/0x90 [ 760.181696][T12089] do_syscall_64+0x4c/0xa0 [ 760.186125][T12089] ? clear_bhb_loop+0x30/0x80 [ 760.190802][T12089] ? clear_bhb_loop+0x30/0x80 [ 760.195474][T12089] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 760.201375][T12089] RIP: 0033:0x7ff59c7ec9a9 [ 760.205787][T12089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 760.225389][T12089] RSP: 002b:00007ff59a654038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 760.233896][T12089] RAX: ffffffffffffffda RBX: 00007ff59ca13fa0 RCX: 00007ff59c7ec9a9 [ 760.241869][T12089] RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a [ 760.249928][T12089] RBP: 00007ff59c86ed69 R08: 0000000000000000 R09: 0000000000000000 [ 760.257950][T12089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 760.265921][T12089] R13: 0000000000000000 R14: 00007ff59ca13fa0 R15: 00007ffc94ed1cc8 [ 760.274710][T12089] [ 760.302618][T12089] [ 760.333519][T12089] ============================= [ 760.346137][T12089] WARNING: suspicious RCU usage [ 760.361652][T12089] 5.15.189-syzkaller #0 Not tainted [ 760.367428][T12089] ----------------------------- [ 760.372538][T12089] include/linux/perf_event.h:1274 suspicious rcu_dereference_check() usage! [ 760.382723][T12089] [ 760.382723][T12089] other info that might help us debug this: [ 760.382723][T12089] [ 760.393305][T12089] [ 760.393305][T12089] rcu_scheduler_active = 2, debug_locks = 1 [ 760.402996][T12089] 1 lock held by syz.4.2246/12089: [ 760.408368][T12089] #0: ffffffff8c11c4e0 (rcu_read_lock_trace){....}-{0:0}, at: rcu_lock_acquire+0x9/0x30 [ 760.418731][T12089] [ 760.418731][T12089] stack backtrace: [ 760.424744][T12089] CPU: 1 PID: 12089 Comm: syz.4.2246 Not tainted 5.15.189-syzkaller #0 [ 760.433073][T12089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 760.443904][T12089] Call Trace: [ 760.447209][T12089] [ 760.450146][T12089] dump_stack_lvl+0x168/0x230 [ 760.455010][T12089] ? load_image+0x3b0/0x3b0 [ 760.459521][T12089] ? show_regs_print_info+0x20/0x20 [ 760.464731][T12089] ? lockdep_rcu_suspicious+0x110/0x180 [ 760.470283][T12089] perf_callchain_kernel+0x39f/0x650 [ 760.475872][T12089] ? load_image+0x3b0/0x3b0 [ 760.480398][T12089] ? show_regs_print_info+0x20/0x20 [ 760.485679][T12089] ? arch_perf_update_userpage+0x3b0/0x3b0 [ 760.491501][T12089] ? get_callchain_entry+0x181/0x3b0 [ 760.496773][T12089] get_perf_callchain+0x376/0x480 [ 760.501787][T12089] ? put_callchain_entry+0xb0/0xb0 [ 760.506968][T12089] ? futex_wait_queue_me+0x2d8/0x440 [ 760.512239][T12089] ? mark_lock+0x94/0x320 [ 760.516557][T12089] ? verify_lock_unused+0x140/0x140 [ 760.521735][T12089] ? __lock_acquire+0x13ad/0x7c60 [ 760.526742][T12089] __bpf_get_stack+0x2cb/0x4f0 [ 760.531641][T12089] ? stack_map_get_build_id_offset+0x860/0x860 [ 760.537804][T12089] ? bpf_prog_d43750871481577d+0x3d/0x594 [ 760.543522][T12089] bpf_get_stack_raw_tp+0x189/0x1c0 [ 760.548804][T12089] bpf_prog_d43750871481577d+0x3d/0x594 [ 760.554343][T12089] bpf_prog_run_pin_on_cpu+0xa4/0x140 [ 760.559704][T12089] bpf_prog_test_run_syscall+0x354/0x4e0 [ 760.565324][T12089] ? sock_gen_cookie+0x60/0x60 [ 760.570076][T12089] ? sock_gen_cookie+0x60/0x60 [ 760.574820][T12089] bpf_prog_test_run+0x31e/0x390 [ 760.579752][T12089] __sys_bpf+0x535/0x670 [ 760.583978][T12089] ? bpf_link_show_fdinfo+0x340/0x340 [ 760.589343][T12089] ? vtime_user_exit+0x2dc/0x400 [ 760.594267][T12089] __x64_sys_bpf+0x78/0x90 [ 760.598669][T12089] do_syscall_64+0x4c/0xa0 [ 760.603079][T12089] ? clear_bhb_loop+0x30/0x80 [ 760.607735][T12089] ? clear_bhb_loop+0x30/0x80 [ 760.612394][T12089] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 760.618290][T12089] RIP: 0033:0x7ff59c7ec9a9 [ 760.622701][T12089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 760.642380][T12089] RSP: 002b:00007ff59a654038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 760.650792][T12089] RAX: ffffffffffffffda RBX: 00007ff59ca13fa0 RCX: 00007ff59c7ec9a9 [ 760.658930][T12089] RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a [ 760.666934][T12089] RBP: 00007ff59c86ed69 R08: 0000000000000000 R09: 0000000000000000 [ 760.674907][T12089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 760.682973][T12089] R13: 0000000000000000 R14: 00007ff59ca13fa0 R15: 00007ffc94ed1cc8 [ 760.690945][T12089]