last executing test programs: 9.451945528s ago: executing program 1 (id=1465): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000001680)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c"], 0x0}, 0x90) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r3, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[@rights={{0x10, 0x1, 0x1, [r2]}}], 0x10}, 0x0) recvmmsg$unix(r2, &(0x7f0000000f40)=[{{&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000180)=""/146, 0x92}], 0x1, &(0x7f0000000280)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0xc}}], 0xb0}}, {{&(0x7f0000000340), 0x6e, &(0x7f0000000440)=[{&(0x7f00000003c0)=""/111, 0x6f}], 0x1, &(0x7f0000000480)=[@rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}], 0xe4}}, {{&(0x7f0000000540)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000640)=""/28, 0x1c}, {&(0x7f0000000680)=""/18, 0x12}], 0x2, &(0x7f0000000700)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x78}}, {{&(0x7f0000000780), 0x6e, &(0x7f0000000e00)=[{0x0}, {&(0x7f00000008c0)=""/64, 0x40}, {&(0x7f0000000900)=""/99, 0x63}, {&(0x7f0000000980)=""/222, 0xde}, {&(0x7f0000000a80)=""/224, 0xe0}, {&(0x7f0000000b80)=""/4, 0x4}, {&(0x7f0000000bc0)=""/237, 0xed}, {&(0x7f0000000cc0)=""/60, 0x3c}, {&(0x7f0000000d00)=""/226, 0xe2}], 0x9, &(0x7f0000000e80)=[@cred={{0x18}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x9c}}], 0x4, 0x2, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000000)=[@timestamp, @sack_perm, @window, @mss, @window, @mss={0x2, 0x6}], 0x6) ioctl$SIOCPNENABLEPIPE(r4, 0x89ed, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000140)='highspeed\x00', 0xa) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x0, 0x0, 0xfffffffffffffd25) r6 = openat$dlm_monitor(0xffffff9c, &(0x7f0000001140), 0x80000, 0x0) ioctl$UI_SET_PHYS(r6, 0x4004556c, &(0x7f0000001180)='syz1\x00') ioctl$BTRFS_IOC_SNAP_DESTROY(r5, 0x5000940f, &(0x7f0000000140)={{r1}, "8ed48654bc2385bcee2e4d1358723609f3e3e7d90537aa844d277c6475600bf38ddcbd63408ed53f222a973afc26594fae51f64fc191d6b4a4e33b8ab7cd5d9fb0b66466ae034916daa5bde45b6db6f6dada6034a925dff7e1cd96448e060bd650cd39ddc7317e2ba938b7e406256940b1ccde6b0fd1d2eb32c8c88f3fa314d458351c81b13f34fe2db8a36eb1dc45b2da5aee457cc451926a430848aed8def63eb09d133c2ce6615596f2636747a2442e2106f7f56eed2c36e96861ab2b98f7897bc44b3dbe0693ac9329f1870f99b1015539acbb067c11955e241e8d86b20e04dfde951db1020bf1349c77c3e0ce3cc9ecbb87e3eb541ff9b147068e1917700d806962bfb3ef5a49fe1b6ffe833e7f91a63455933375118f365e168ead3e1032f03e7c372e2036e1b0f057329ccbbe5ada2687dde5f807dc9813d55987c1658610c577ec2a94fecdc75b89b5d58319e1900177c0fb633993357205d4312371c5815d73d5df3268ad4cc19def20771de929a186638b0318a241d78b580a2da0415b4e821b20702e9487245aafaddd60620a30f58b0aaf0f8d6dfce8b2e2e30a57cb3a85dbd977a19aa749dc23e4822ae40c9c0b95d9f6458ce2c78df27cef799b825766be98cd5d2d8cf5899d9f1750ae4e928ddbe7daaa6f210b4aa0e82b51ad54d6b61a7aa9294480cfd6883052bd68b6851927baf058a276566e2ce7bd43bad222b96e46c9e9dac6d30c415d992234c71acb66fed53ef2ccdb01a536ad9688e4046377d8680cd8d1afa40fc6457642b424d5f9be0ccbd4355bddd11b78564d6a1722ccf52614c73634fb3638565b83713d90d69d636c47e399d1e2526a12ed68e5bd9b45b85268e049ca770b3b1654ac5a63ab80637f9029b137fdfb1405f9a78de21539cb2643397bd3b1b259dcf137ab0f14f2d51411d012dc280c4d8e17c671dff8d4218ab44a52585669d9bde4b700e3aabad1586e30ebd7e22fbad3f81dea643d1405a07d44c6cdb25bbca1457aee66379084ff25f61b342db2737085cbd044cd0fe507631290bc26e59b05ac9b99527a6b0c136d4cc87daf6726916d06c9c1460d1c46ef95dabeb6ce2bec64c1ca18275c72ffd243287f38d955229ef91358896d9282d21bbe62103fe7aeecc290bf69f4e9fd6afdef3c2ac1d54a5620494187fbc9fe0071ac1fbe9f58424309f1fb0e20141fc50f3dc2144ea964dcecd3fd43c5f8ad6b6353985520d1fbb922bd79f010564789c6f7d877b61c6d0793299192ccb7442f8081e3d4c8b96ee0202e6ac70e40a8be570ed55b7217e0edb7af9839a9f1a2dc6c59c7b1ac252e1e183e31db5b0eb4bf274f268979da9f3e422bd5c3dd237fa52fcedbf75a4da4fd99a44df0402da7e255cf1fd7e0fcfdfc93fd0a87a8be19864a50cae20b13d57ab6c05b4e7d1e737560fa429f09f0f2d1e721742cf20ca7bbb629ec6131910a9d0a125f9b3d53a828b622cc3aa648c76ebc2788b1f4baa08cc7cdc61e502a04713087ee3f631801a3dd665e4b3c909503c278ab39121e2e7d39d3786d7d7e3e00db3971fc77546c7556dfd8067be2121466c26041d709efe6991c7e20ae71de2bf6b739fc1804ea794664f8ce02b759dfbd853551581c2f19386a069fbd2c5e212b69224f9f978c798b5e52ff4d1f06d8f742fa5fee2208dff352450db1ce9a512b4785369d163986763e3c191bbe129603d6d97693ae769509f2c731c5902f4b99a5d655265cb4a95666cbd60b5f464c8a7bb987bc6770e05e2881d131bcee35a8a311fc5cbdd0e9982678d72f992a9cec96b8306f07d3bdc7b851ab78c7d4a9d1cbcc2ffd4a7bd8a78d0b1b1c058a27876f4f74a0ded1ecef84d528f6478d415c235f1935f4e096a7fcfb7891c0b0cf427455fd256b7b1334998c44e7423d319c14f31746268b7a45b782df930eec44ca9d807f18bd44014f1496a7326747d4de7ee9bdb3d7db330e18545875d10fd73e4e41a78e9bd60637a97537b6b1a31b707dee293b56872c087595c87408837e6b6cf01d199d97fd25aa1cf2578f6210caf2511b730ee7181cb66693b715aa8624288b4b2e4b819cd90e935dea177835547cc7e9cddb373c8ce16a7d4e3297c3742a37a30c6a8c352a393a938f7a3f667bf443c7c86425c7ef3384f3e811aaa6e441ddbbeeff9a3d4360d724fc5db843da1d71143e24c7fb0dee42ca86170616d5a68ea9537cf0aaa682856568c10223cbd55f90a148c026bc0e5cb525f344213f66aa08d74e7b2ae672de068c673b668f9dc3d21c98e0db0e76389634d91325521140e523ede241a43119b4719eabf7562a38bdd2c0e5fb241c4f3ceffad503fc672fde775363a300d536a5837943405f2d8da4bf903fb36c96f4b2c84cb466941cb6014769d3c1ff81e31247b3095eb8dd6867728512eedcfeb198d46aa3c8d22b33292463f480349ad615049540a03e5e25a45018c5c701d1dd961544f635ba89ce1f06fcf470a7938127aaac54c32d977ad63a98e418947d3987b2965336a9765331e9d043191a344135c28263d5ee6a777ad12785107b7f79f2e30ff4bc1ab39404c2b5b9d0edd420075bb6639fbcacfcb50608254611715891c5af0d8d9f855d1bf712281e4f3de08e721428edc4506307c5a83813505f490da0b70327fc48ce32d9f056a8946022b15e0983e4f11e413e309ec689cfaf4d36bafcc63366a59ed99ca3acd57ff94545847c3c32275b8065d257e90b9ffb4dc765334985b4b42bb30f3aa4734df9dbdbf4067d517a8733fd28d2e419788160772034f7d4fc385c8025b687610372a5e4ff1b3f8247bce8e6000096039989f34ce6146d7fef7f05b33f261efd7077099447b96067b2a9b309758d28fde63c5bf6302d2ac02f1db49373d2950ac3b06f901715a61e29fa91c73fd1e85fcf81c7f84b6c0987fd79b6a5c552c45e1f0fdc640a5b444839e19d61dffaf246b257526e3af27ad8caf34f091f933d50804c05e80c04168881e24c25801dd91751d330c8a01cba0d2ea10b51065fe57b732784466b58fbde456e5d0d57a0eb6396d62aa9c96520588b80c794ba20496c0c5415b6f7bc1f9208c6363f215cca68e4dcaf6a39c89e7b98d26458b44d81d07d7e01d92fa099d9237786474bf016b2e986900fb5082bcf63ba6c56eb0a14884b9236d215cc2b4efe35f62f410bb1ab7e52af94ded51f3be9779a603a64a396d8cf2e77c62954ccac7d24c5437eda8a936529d1e0fb1ff48369aafa72494f287ec94fa3a9398ce29d9885271986c17208754944fbbadd79495c23b52b34521dfaa696cc8e8b0d47e6221d06be8b1ac630fda5f2a90191ffd20701a45ed36a99d9347ffc1a8fb5a76f44ca8aa204abd1cdb9d4b87e603bbffed51436f6c436f34b9209f34b03f2a878a51cdd798b7061fbed1a675560141592d9721fc21071d938b6dd855f2d04dc048835cd9de0665ade64e6db66044abf1765e22d514a7a19a6c46a227f61b562cbfbd92900ec61d22fc78ba29133c89621f1aa6038a299aa120c38ee1938ed1deda4f99df5b194e33899c8f0cedbff92f39d0e92d2eee031a5c39833111a07469769dc6db7246f4392269793aa0faf0980d7303400e7f128846e411ed85e4d997cb767d3cd5663c7aadf406fd7a10d881bfa19aadea1e7c5e5ad59485f3a3d2435324324b5c138eba6eef27de0fb0bfdc7ecd65c2ddd888a3d3991edab096843a88510773287d050d6352aaf2a444fe5c424d83e5c380e6f823d4aebcd257e64ba8f9d5408de240674138b5460548af0222f4be22f3dea9071d75124c39aa84ef6303b5119b45724318b251878d905cfd053915561da31e7a7e34cf2df7c8dcca2648a634a2b61ccecd78d0a3f3a6fe303d74de089e568d5f9b30df7fa8c110d047efe0201240530813db501533991789db539b4bd3f1ea0384d4fbfadee6e07592add30ee9d57c50e542ed1fbaf95a019fbc190bb39f4edc19400c63444e8d281071f7c24169adbae147ef626032db054e90e52dee2deaf5ae0b1563b03ef0cbd11295ab58f4c66179442381e7f75269cd0927e88595811bad465b9a735c7b87aebb11adb08671cf0670b72e9cafeecad538082c081af4e1925d8d4e9b627ec7d4a4bf1c41eaa16e4cb8145a6aa9ec8c1dd45c8895afb1eac0bdf19e06d9c71123f36096d49031a8d17c9fb2554997b55f7d49925844d3058b0883fa72e8174139add34590cacffa17b9bcb521b3b8ba1b69a8027811fad5ef5cad90e31e2e7891fb5c66cfa4763c3141b63570fa1a4e6779ec01373fd3ee75fc3142f58159501d283d695249afd051f28b6c4f7ad856d3c572f7a69b6fd8a7876ad33b112619bf325c17d1d0b24b54d3691fafcdb0ac32c68581ebec1ade8e602972f13211b544d86030472c6164822d080313b95e3a9cca4fc4896c1f129b0c8545226c60d90783d4aa2f89cea37526710c9563e4890ab1fb102cd30eb8b3185e3d036637aa314274ed92449592e5a95b075f73f43e796f52992ace390c43d14e17fe3cfd4fb0502fb89c146a20d9f88c014eb6b635de99c63e6f5d441541f0475048e984201666e0721f6d424668360b284f6134699ecd93a6c677b2e3ceb6669f1d17ff61b3e0ba25f4b8794c0ea4a2a2e99210517d401e403568ab83b1538defd005d98d422c9b8756a972ec90c773cee3428e5e99327e4b1c60b41e05112083251c350eaf89fa25adc35a3d41883b5e7a3951639e9d3aea7e5f305d8c244311d0c09df89c22e697c24ee42eb9de856d1c18cbed08e0143432213fe6498e27e6ea042ef0d87fd92999f5ccf465781c404e8c6df085109f88497e65d7f38199b54b228bf4fb02844c89ca9de000928ace7fee6b863b1670531b8d3a33adfb0d0b36404fd5410f1abb9df12fb2507753261f5096ba48d838a54e1d3017673582ff5dca4e54f0e03776c4e12c5a85f92ed3f027a459682e92f88d045ee493f574a68ace39190e4de9e58177e60fabe310d13909a41d4610794fd5b6a339f9f032a98ca0a34444dde6f2e077118cf05105e32977bb390a9bcee3cc39af0df514b1f6a6fa93c80c7c780f15dc5acbd7c1d65236edd65078479c6237a8994989ef192e7ca8b1e35eeaf40a8ef48b619f3259c40bfb0f057278341dd7962d5a2afb217afe6578e9053649668dd1f181e8d4ea6751c26b02b65b678fc4f9de648bc04b575164a62d22e13871690bb9babb5c913972fbcececb8084702894a91c502a158c0081a3a06e9b56b77f7cf1bc50b5fe20b4947aec9f80c3a417bd13cabed5bc858270299e4e1d82583f0cc0b53de832186332434916ebf06449c3a9df62e426323a37d1e5abdd0c254d12a7348deefcc41a7efca28850e714b3ca7429d0ea0b1f0e3649546d65c905643fd78d2285f1715032e671de1b1c4650348c538d37a15eccada7d19ffb0dde511e701733f03d0157eb642285a0133e86d8c029824e50f36a364f9a41227d812aa0e497ee3c91f2b08cfa2f337d3b39733a783cc52d2239d9e58841220e0f8ab74a82ce219eba14cd7cc4021b738165d741f006a309681f7396d10a8ca07115432f271fecc72ec580a2c834ba6dcbb6c0996945df0e6e71fa10f46ae1a21846bf1cc352eae5972194cc6eac9082df88e8bf634b4a789ce824e385535c78ba6da9d4b17932db25fb01f070bebeeda5dbd694e4b436c7ad7d3aef374e4b9b287a2ed7b3aa71fda2a62095be1d0c1c2017b27756553f8afa33146a444db1a30c8505e37"}) setns(r1, 0x24020000) syz_clone(0xd5ba2180, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) pread64(r7, &(0x7f0000000040)=""/229, 0xe5, 0x20000000) 8.366805243s ago: executing program 1 (id=1468): r0 = io_uring_setup(0x177f, &(0x7f0000000140)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000580)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x42, 0x0, "bd1c790806ed6dcd18899f9ea77ca9fb5184ff0ba54b7dfe784d2f6b7dcd9474d9b295588ac0b991d5c66461eca3f1ff5543acc6c970d0ad22d692e84d692972368e64c272da633a217b45fcc8b1ff3b"}, 0xd8) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340)=0x2, 0xa2) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000540), 0x3c) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f000000e0c0), 0x10010) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000200)=@gcm_256={{0x304}, "00e0f07600", "832b4d2434b35bca8c0b78d2afff6d70d2025c7f53123828322d5af0d5c6c3a5", '`\a-N', "298f0e6df9ae9b3d"}, 0x38) sendfile(r1, r2, &(0x7f0000000100)=0x8809, 0x100000000010012) close_range(r0, 0xffffffffffffffff, 0x0) 8.208422422s ago: executing program 3 (id=1471): syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x2040cc, &(0x7f0000000180)={[{@fat=@codepage={'codepage', 0x3d, '1255'}}, {@fat=@tz_utc}, {@nodots}, {@fat=@codepage={'codepage', 0x3d, '869'}}, {@dots}, {@dots}, {@fat=@nfs_nostale_ro}, {@nodots}, {@dots}, {@dots}, {@fat=@debug}, {@fat=@errors_remount}, {@dots}, {@nodots}, {@fat=@sys_immutable}, {@fat=@sys_immutable}, {@nodots}, {@nodots}, {@fat=@sys_immutable}, {@dots}, {@dots}, {@fat=@umask={'umask', 0x3d, 0x400}}, {@nodots}]}, 0xfd, 0x1c6, &(0x7f00000004c0)="$eJzs3bFu01AUBuATUxqHqRsSAskSC1MFPEERKhLCEhIoA0wgtSwNQqKLYWkfgwfkAVCnLMio2I2JYUgsxYbwfUuO8/vmnjvkJktu3tx+f3L04fTd15tfIk1HkRzEQcxHsRdJXDkPAGCbzMsyvpWVoXsBAPqxwuf/955bAgA27OWr188e5fnhiyxLIy7Oi2kxrR6r/MnT/PB+9tNeM+qiKKbXFvmDrP3d4TK/Hjfq/GE1PlvOd+Pe3Sq/zB4/z1v5OI42u3QAAAAAAAAAAAAAAAAAAAAAABjMnciu/PF8n/39dj6p8+rql/OBWuf37MStnfqyOR6oPOtjUQAAAAAAAAAAAAAAAAAAAPCPOf30+eTtbHb8sSnGEbH8zDrFqH7hTsOTSTW48+xrF0mPcyn6KrK/o41Zt3fB8W5EbKqxeVmWK93c7BHjQXYmAAAAAAAAAAAAAAAAAAD4/zQ/+v09S4doCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG0Pz/f4fiLCJWuHkx2WTQpQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDFfgQAAP//rfEycA==") r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) 7.923210883s ago: executing program 1 (id=1473): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) newfstatat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) write$binfmt_script(r0, &(0x7f0000000080)={'#! ', './file0'}, 0xb) 7.762549149s ago: executing program 3 (id=1475): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000240)) getpid() r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) mkdirat(0xffffffffffffff9c, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000600)={0x2020}, 0xffffffb5) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000001280), 0x12) write(r0, 0x0, 0x0) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0x40045542, &(0x7f0000000b00)) syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x110, 0xffffffffffffffff, 0x2000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) 7.553163904s ago: executing program 1 (id=1476): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) clock_adjtime(0x0, &(0x7f0000000100)={0x5cb, 0x0, 0x100000000000000}) ioctl$PPPOEIOCSFWD(0xffffffffffffffff, 0x4008b100, &(0x7f0000000040)={0x18, 0x2, {0x0, @link_local, 'macvtap0\x00'}}) r3 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) fcntl$setownex(r3, 0x6, &(0x7f0000000040)) open$dir(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000800)=[{{0x0, 0x0, &(0x7f0000000380)}}], 0x1, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000d80)=@filter={'filter\x00', 0x42, 0x4, 0x330, 0xffffffff, 0xa8, 0x0, 0xa8, 0xffffffff, 0xffffffff, 0x2c0, 0x2c0, 0x2c0, 0xffffffff, 0x4, 0x0, {[{{@ip={@local, @remote, 0x0, 0x0, 'syzkaller1\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xa8, 0x0, {0x88000000}}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff}, {0xffffffffffffffff}, {0xffffffffffffffff}}}}, {{@ip={@private, @rand_addr, 0x0, 0x0, 'bridge_slave_0\x00'}, 0x0, 0xd8, 0x100, 0x0, {0x122}, [@common=@unspec=@rateest={{0x68}, {'wlan1\x00', 'team_slave_1\x00'}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x90, 0xf0, 0x0, {}, [@common=@socket0={{0x20}}]}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x390) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000210001000000000000000000020000000000000000000000001c0000"], 0x28}}, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r6, 0x89f4, 0x0) 6.798156802s ago: executing program 3 (id=1478): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001340)="45f9e8e5af9f7e488a1619ea0cd4902570249f1e29b175dfa0d3ae9be1933b972b835f966d432045a33e064403006bdb8ef95b90e76baae34f74778049ff8fa4a59adf7623aaddb922b32dbbfda740b88a07e87eb2cd97c0393db1036a1ec8a376c919cdd0b40dbb899c07f1349c7a1113f57495c795bc7e38166a7bdef463457189549f4b13279fffd050bdfea3477a62d3edea8321a2e98c65330fe7199ca6bee7202aa5a5d56c4ed4c22dbb28cebcaec033c75eb78820ad1d8ceb6f90b569e165002e702e1a2066", 0xc9}], 0x1}}], 0x1, 0x0) sendto$inet(r0, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b0459", 0xfe6a, 0x40040, 0x0, 0xfffffffffffffe93) 6.181922634s ago: executing program 3 (id=1480): syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c0001000004000904000001c6cbea00"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 6.014940506s ago: executing program 0 (id=1482): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_NESTED_STATE(r2, 0x4008ae90, &(0x7f0000005580)={{0x0, 0x0, 0x80}}) 5.550895177s ago: executing program 0 (id=1484): syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f81000000"], 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r0, 0x541b, 0x0) 4.426103395s ago: executing program 3 (id=1489): syz_usb_connect(0x0, 0x6e, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000063c0ed20d2197311cda10000000109025c0001000000000904620300020600001011a0d2963eb23a7ae5f671445d18550a2406"], 0x0) 4.218321581s ago: executing program 2 (id=1490): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = socket(0xa, 0x2, 0x0) getsockopt$bt_BT_SECURITY(r0, 0x29, 0xb, 0x0, 0x20000000) 4.122806456s ago: executing program 2 (id=1491): socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b80000001900010000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000002"], 0xb8}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={0x0, 0xb8}}, 0x0) 4.11463684s ago: executing program 2 (id=1492): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nouid32}, {@minixdf}]}, 0x1, 0x504, &(0x7f0000001480)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9sCWE0KoEqJHkNqQuFEUO45ipzShh/TMFYlKnODIH8C5J+5cENy4lAMSPyJQg8TBaMaT1E3tJtokdhR/PtJo3ps3nu97cea9+Dn2C2BoXY2I3YgYi4h7ETGdHc9lW9xqb8l5z/ceLe3vPVrKRat155+5tDw5Fh2PSVzJrlmMiB9+N+InuVfjNrZ31har1cpmlp9t1jZmG9s7N1ZriyuVlcp6ubwwvzD3yc2Py2fW1vdqY1nqq8/+sPutnyXVmsqOdLbjLLWbXjiMkxiNiO+fR7ABGMnaMzboivC55CPi7Yh4P73/p2MkfTYBgMus1ZqO1nRnHgC47PLpHFguX8rmAqYiny+V2nN478RkvlpvNK/fr2+tL7fnymaikL+/Wq3MZXOFM1HIJfn5NP0iXz6SvxkRb0XEL8Yn0nxpqV5dHuQfPgAwxK4cGf//M94e/wGAS6446AoAAH1n/AeA4WP8B4DhY/wHgOHTHv8nBl0NAKCPvP4HgOFj/AeAofKD27eTrbWfff/18oPtrbX6gxvLlcZaqba1VFqqb26UVur1lfQ7e2rHXa9ar2/MfxRbD2e+vdFozja2d+7W6lvrzbvp93rfrRTSs3b70DIAoJe33nv651wyIn86kW7RsZZDYaA1A85bftAVAAZmZNAVAAbGal8wvE7xGt/0AFwSXZbofUmx2weEWq1W6/yqBJyza18y/w/DqmP+338Bw5Ax/w/Dy/w/DK9WK3fSNf/jpCcCABebOX6gx/v/b2f732ZvDvx4+egZT7o+bjfrXs6uggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHABHaz/W8rWAp+KfL5UingjImaikLu/Wq3MRcSbEfGn8cJ4kp8fcJ0BgNPK/y2Xrf91bfrDqZeK3r1ymByLiJ/+6s4vHy42m5t/jBjL/Wv84HjzSXa83P/aAwDHOxin033HC/nne4+WDrZ+1ufv34mIYjv+/t5Y7B/GH43RdF+MQkRM/juX5dtyHXMXp7H7OCK+2K39uZhK50DaK58ejZ/EfqOv8fMvxc+nZe198rP4whnUBYbN06T/udXt/svH1XTf/f4vpj3U6WX9X3Kppf20D3wR/6D/G+nR/109aYyPfv+9dmri1bLHEV8ejTiIvd/R/xzEz/WI/+EJ4//lK+++36us9euIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m85Rz/YeDf7x6fU3e5Ul7Z/sEb94TPu/fsL2/+Z/9370tdfE/+YH3eLn453XxE/GxG+cMP7i5O+KvcqS+Ms92n/c83/9hPGf/XXnlWXDAYDBaWzvrC1Wq5VNCYmLn0h+ZS9ANbomPutXrLHoXvTzD9r39JGiVuv1F/yse1GvHuMsZt2Ai+Dwpo+I/w66MgAAAAAAAAAAAAAAQFf9+MTSoNsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA5fX/AAAA//+YXdZi") epoll_create1(0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) 3.902033486s ago: executing program 0 (id=1493): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000900010076"], 0x48}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001800)=ANY=[@ANYBLOB="000400001300e9990000000000000000fc000000000000000000000000000000ac14140000000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008001f0001"], 0x400}}, 0x0) 3.803965402s ago: executing program 0 (id=1494): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_NESTED_STATE(r2, 0x4008ae90, &(0x7f0000005580)={{0x0, 0x0, 0x80}}) 3.726524662s ago: executing program 4 (id=1495): r0 = io_uring_setup(0x177f, &(0x7f0000000140)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000580)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x42, 0x0, "bd1c790806ed6dcd18899f9ea77ca9fb5184ff0ba54b7dfe784d2f6b7dcd9474d9b295588ac0b991d5c66461eca3f1ff5543acc6c970d0ad22d692e84d692972368e64c272da633a217b45fcc8b1ff3b"}, 0xd8) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340)=0x2, 0xa2) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f000000e0c0), 0x10010) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000200)=@gcm_256={{0x304}, "00e0f07600", "832b4d2434b35bca8c0b78d2afff6d70d2025c7f53123828322d5af0d5c6c3a5", '`\a-N', "298f0e6df9ae9b3d"}, 0x38) sendfile(r1, r2, &(0x7f0000000100)=0x8809, 0x100000000010012) close_range(r0, 0xffffffffffffffff, 0x0) 3.550704237s ago: executing program 2 (id=1496): openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = creat(0x0, 0x0) shutdown(0xffffffffffffffff, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_SET_UNIQUE(r0, 0x40106410, 0x0) r1 = syz_io_uring_setup(0x1114, &(0x7f0000000300), &(0x7f0000000480)=0x0, &(0x7f0000000440)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x8, 0x0, 0x7, 0x0, 0x0}) io_uring_enter(r1, 0x47fa, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r1, 0x18, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[0xffffffffffffffff]}, 0x1) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(0xffffffffffffffff, 0xc01864ba, &(0x7f0000001bc0)) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) 3.487674963s ago: executing program 0 (id=1497): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) syz_io_uring_setup(0x0, &(0x7f0000000380)={0x0, 0x0, 0x10100}, &(0x7f0000000100), 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_mount_image$fuse(0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group', @ANYRESOCT], 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x6, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x1, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3314c94970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}}) ioctl$vim2m_VIDIOC_STREAMON(r3, 0x40045612, &(0x7f0000000000)=0x1) 3.434214331s ago: executing program 4 (id=1498): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='ufshcd_uic_command\x00', r3}, 0x10) prctl$PR_SET_MM(0x41555856, 0xf7354000, &(0x7f0000ffa000/0x3000)=nil) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) socket(0x200000100000011, 0x3, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa03e, 0x0, &(0x7f0000006680)) r5 = syz_open_dev$radio(&(0x7f0000000400), 0x2, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r5, 0xc0405665, &(0x7f0000000080)) r6 = socket(0x0, 0x0, 0x0) quotactl$Q_GETFMT(0x0, 0x0, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_SET(r6, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000888}, 0x0) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="043e751d7029f063dd8e2d6bf7da99"], 0x24) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e06006220"], 0x9) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="f0cc888543d023ced356e3ec7b45e70d4284af6521ec7e357705923bd692bc4a0a242412d49c6e3afbd1de4202d92e22bfdd3cc40aa5a78cca7db1215c7d9d8d90ccd8f7b5cda9689be2d310f14fdc5210200ad666", @ANYRESOCT=0x0], 0x102) creat(0x0, 0x10) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xad, 0x0, &(0x7f0000000000)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) 2.251911684s ago: executing program 0 (id=1499): syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c0001000004000904000001c6cbea00"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 1.054157514s ago: executing program 2 (id=1500): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip_vs_stats\x00') socket$nl_route(0x10, 0x3, 0x0) lseek(r1, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$inet6(0xa, 0x6, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r2, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10) io_uring_enter(r0, 0x2752, 0xf15b, 0x0, &(0x7f0000000040)={[0xffffffff7fffffff]}, 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$kcm(0x29, 0x2, 0x0) sendmmsg$inet(r3, 0x0, 0x0, 0x0) r4 = io_uring_setup(0x4bec, &(0x7f0000000040)={0x0, 0x677c, 0x40}) close(r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000029000)={0xffffffffffffffff}) ioctl$int_in(r5, 0x5452, &(0x7f0000b28000)=0x3e) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0xfffffecc) 1.047969648s ago: executing program 4 (id=1501): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000000000008300004000000000000000fe"]) 946.243751ms ago: executing program 1 (id=1502): socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b80000001900010000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000002"], 0xb8}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={0x0, 0xb8}}, 0x0) 945.173666ms ago: executing program 3 (id=1503): syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f81000000"], 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r0, 0x541b, 0x0) 606.756854ms ago: executing program 1 (id=1504): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = gettid() futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x989680}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{}, &(0x7f0000000040), &(0x7f00000000c0)='%pB \x00'}, 0x20) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0xd94b, 0xb, 0x8, 0xa, 0xffffffffffffffff, 0xc6, '\x00', r2, 0xffffffffffffffff, 0x1, 0x5, 0x1, 0x2}, 0x48) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$key(0xf, 0x3, 0x2) socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$inet6(0xa, 0x3, 0xff) r5 = dup2(0xffffffffffffffff, r4) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f0000000800)={{{@in=@broadcast, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@remote}}, &(0x7f0000000280)=0xe8) sendmsg$nl_xfrm(r5, &(0x7f0000000740)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="78020000180008002dbd7000fcdbdf2564010101000000fe8000000000000000000000000000aa4e21137f4e2200080a0080003300"/64, @ANYRES32=0x0, @ANYRES32=r7, @ANYBLOB="64010101000000000000000000000000000004d33200000020010000000000000000000000000001000000000000000004000000000000005a0300000000000000040000000000000180000000000000040000000000000003000000000000000400000000000000020000000000000002000000000000000100000000000000f3a100000000000009000000700000002000000026bd7000073500000a000305c300000000000000070000000000000008001e0000000050e7001400736861332d3232342d63650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d8040000600000002abc5a32752d70f92d657b3c4cb9b65494aa4106115393ecdcaef5ae8e48b161e43109c3604ca97651633a5b6a6cdacda0ce9c532835d0eae09c56a07ff466e7cba06aa0047c8a5cddd2a5933375302b704aeaf98b0409f7a2d7b74d31eedcf01f564db3b57982e0a351acf28088f25cdef909b0b6866f9f464d9edfa2fcb438f08d651d6fb894b35623b8d50ee794053b12289038e1b30199590e0008"], 0x278}}, 0x40) ioctl$TIOCSBRK(r6, 0x5427) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x2) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000001080)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x64, 0x2}, @ramp}) r8 = syz_open_dev$evdev(&(0x7f00000000c0), 0x1, 0x842b01) write$char_usb(r8, &(0x7f0000000040)="e2", 0x2250) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000780)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x7, @remote, 0x5}, {0xa, 0x0, 0x100, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80000000}, 0xffffffffffffffff, 0xeca}}, 0x48) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCVHANGUP(r6, 0x5437, 0x0) 583.701655ms ago: executing program 4 (id=1505): prlimit64(0x0, 0x0, 0x0, 0x0) r0 = getpid() tkill(r0, 0x12) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[{@nfs_export_on}, {@metacopy_on}]}) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x0, 0x300) socket$inet(0x2, 0x4000000000000001, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={0x0, &(0x7f0000000540)=""/246, 0x42, 0xf6}, 0x20) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$netlink(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)=ANY=[@ANYBLOB="940100005a000d03"], 0x194}], 0x1}, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000001600)=""/60, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000008c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000600)=0x1) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2c, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x44, 0x0, 0x3, 0x0, [{@private}, {@multicast1}, {@remote}, {@dev}, {@broadcast}, {@empty}, {@multicast1}, {@private}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@dev={0xac, 0x14, 0x14, 0x26}}, {@remote}, {@multicast1}, {@private}, {@private=0xa010100}, {@broadcast}, {@multicast2, 0x7fffffff}]}, @noop, @noop, @noop]}}}}}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0xff, 0x8, 0x8}, 0x48) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="040e18050510"], 0xe) r4 = socket$inet6(0xa, 0x3, 0x40) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000000)={@private1, 0x0, r5}) write(0xffffffffffffffff, &(0x7f0000000000)='\"', 0x1) socket(0x1f, 0x3, 0x0) 236.656688ms ago: executing program 4 (id=1506): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x3c1, 0x3, 0x3c0, 0x248, 0x5802, 0x294, 0x248, 0x294, 0x368, 0x378, 0x378, 0x368, 0x378, 0x3, 0x0, {[{{@uncond, 0x0, 0x1e0, 0x220, 0x52020000, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@mcast1, @private1, @mcast1, @empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, @dev, @private0, @remote, @private0, @local, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private2, @rand_addr=' \x01\x00', @private0]}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "6823a8073abe74485b00370f703dfe28d67dfbb0108a1897279b2d90e4db"}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CLASSIFY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x420) 35.71475ms ago: executing program 4 (id=1507): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @local}, 0xc) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2}}}}}, 0x0) 0s ago: executing program 2 (id=1508): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000004000000000000000000190095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001840)={r0, r2, 0x25, 0x0, @val=@netfilter}, 0x40) syz_emit_ethernet(0xe, &(0x7f0000001540)={@empty, @remote, @void}, 0x0) kernel console output (not intermixed with test programs): ptor read/64, error -71 [ 472.777847][ T5153] usb usb5-port1: attempt power cycle [ 473.169786][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880653eb400: rx timeout, send abort [ 473.678477][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880653eb400: abort rx timeout. Force session deactivation [ 479.138166][ T9027] loop4: detected capacity change from 0 to 32768 [ 479.411998][ T9027] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=zstd,nojournal_transaction_names [ 479.427728][ T9027] invalid journal entry, version=1.7: mi_btree_bitmap type=usage in superblock: invalid journal entry usage: bad size, shutting down [ 479.441808][ T9027] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 0 [ 479.451253][ T9027] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 479.459585][ T9027] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 479.469137][ T9027] bcachefs (loop4): shutting down [ 479.498052][ T9027] bcachefs (loop4): shutdown complete [ 479.789816][ T5154] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 482.540300][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 482.687312][ T5154] usb 3-1: device descriptor read/64, error -71 [ 483.296981][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802bf09000: rx timeout, send abort [ 483.805332][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802bf09000: abort rx timeout. Force session deactivation [ 485.121470][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 485.164326][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 485.187385][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 485.434105][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 485.471780][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 485.487806][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.418547][ T9090] loop0: detected capacity change from 0 to 32768 [ 486.438565][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.446122][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.454151][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.462997][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.479237][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.486695][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.494384][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.518490][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.567312][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.574812][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.595174][ T9090] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=zstd,nojournal_transaction_names [ 486.610803][ T9090] invalid journal entry, version=1.7: mi_btree_bitmap type=usage in superblock: invalid journal entry usage: bad size, shutting down [ 486.624525][ T9090] bcachefs (loop0): inconsistency detected - emergency read only at journal seq 0 [ 486.633816][ T9090] bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed [ 486.641948][ T9090] bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 486.651524][ T9090] bcachefs (loop0): shutting down [ 486.668859][ T9090] bcachefs (loop0): shutdown complete [ 486.699024][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.706448][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.715221][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.722742][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.754479][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.762104][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.842723][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.911679][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.920317][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.930694][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 486.942164][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.046625][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.055044][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.066825][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.080578][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.088686][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.096140][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.236377][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.244041][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.252084][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.261013][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.268604][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.276137][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.290333][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.312758][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.327843][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.517875][ T5156] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 487.558987][ T5156] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz0 [ 490.735798][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880618d3800: rx timeout, send abort [ 491.244152][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880618d3800: abort rx timeout. Force session deactivation [ 491.861555][ T9127] netlink: 832 bytes leftover after parsing attributes in process `syz.3.1154'. [ 495.251626][ T9139] loop1: detected capacity change from 0 to 32768 [ 495.520770][ T9139] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=zstd,nojournal_transaction_names [ 495.536283][ T9139] invalid journal entry, version=1.7: mi_btree_bitmap type=usage in superblock: invalid journal entry usage: bad size, shutting down [ 495.550074][ T9139] bcachefs (loop1): inconsistency detected - emergency read only at journal seq 0 [ 495.559420][ T9139] bcachefs (loop1): bch2_fs_recovery(): error fsck_errors_not_fixed [ 495.567489][ T9139] bcachefs (loop1): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 495.577674][ T9139] bcachefs (loop1): shutting down [ 495.598915][ T9139] bcachefs (loop1): shutdown complete [ 496.197065][ T5111] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 496.210097][ T5111] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 496.477055][ T5111] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 496.681374][ T5111] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 496.699088][ T5111] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 496.709102][ T5111] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 496.898027][ T5103] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 496.937304][ T5103] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 496.951128][ T5103] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 496.960130][ T5103] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 496.968181][ T5103] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 496.975685][ T5103] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 498.977360][ T5103] Bluetooth: hci0: command tx timeout [ 499.047383][ T5103] Bluetooth: hci5: command tx timeout [ 500.040325][ T9182] cgroup: noprefix used incorrectly [ 500.135161][ T9151] chnl_net:caif_netlink_parms(): no params data found [ 500.637007][ T9154] chnl_net:caif_netlink_parms(): no params data found [ 500.673001][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807b951c00: rx timeout, send abort [ 500.729689][ T9151] bridge0: port 1(bridge_slave_0) entered blocking state [ 500.757366][ T9151] bridge0: port 1(bridge_slave_0) entered disabled state [ 500.764691][ T9151] bridge_slave_0: entered allmulticast mode [ 500.792726][ T9151] bridge_slave_0: entered promiscuous mode [ 500.922684][ T9151] bridge0: port 2(bridge_slave_1) entered blocking state [ 500.950445][ T9151] bridge0: port 2(bridge_slave_1) entered disabled state [ 500.998201][ T9151] bridge_slave_1: entered allmulticast mode [ 501.038719][ T5103] Bluetooth: hci0: command tx timeout [ 501.066418][ T9151] bridge_slave_1: entered promiscuous mode [ 501.118972][ T5103] Bluetooth: hci5: command tx timeout [ 501.181325][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807b951c00: abort rx timeout. Force session deactivation [ 501.360857][ T9151] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 503.117720][ T5103] Bluetooth: hci0: command tx timeout [ 503.178725][ T9151] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 503.207466][ T5103] Bluetooth: hci5: command tx timeout [ 503.338696][ T9154] bridge0: port 1(bridge_slave_0) entered blocking state [ 503.378474][ T9154] bridge0: port 1(bridge_slave_0) entered disabled state [ 503.385799][ T9154] bridge_slave_0: entered allmulticast mode [ 503.421287][ T9154] bridge_slave_0: entered promiscuous mode [ 503.453300][ T9154] bridge0: port 2(bridge_slave_1) entered blocking state [ 503.657441][ T9154] bridge0: port 2(bridge_slave_1) entered disabled state [ 503.709492][ T9154] bridge_slave_1: entered allmulticast mode [ 503.717140][ T9154] bridge_slave_1: entered promiscuous mode [ 504.450256][ T9151] team0: Port device team_slave_0 added [ 504.641081][ T9151] team0: Port device team_slave_1 added [ 504.673571][ T9154] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 504.721889][ T9154] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 505.139868][ T9151] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 505.146869][ T9151] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 505.197664][ T5103] Bluetooth: hci0: command tx timeout [ 505.263379][ T9151] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 505.277721][ T5103] Bluetooth: hci5: command tx timeout [ 505.348629][ T9154] team0: Port device team_slave_0 added [ 505.511255][ T9154] team0: Port device team_slave_1 added [ 505.579767][ T9151] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 505.586858][ T9151] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 505.657575][ T9151] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 505.770202][ T9154] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 505.780712][ T9154] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 505.844622][ T9154] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 506.013558][ T9154] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 506.037862][ T9154] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 506.114717][ T9154] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 506.172629][ T9151] hsr_slave_0: entered promiscuous mode [ 506.197414][ T29] kauditd_printk_skb: 44 callbacks suppressed [ 506.197436][ T29] audit: type=1326 audit(1720118152.251:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.3.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 506.198110][ T9151] hsr_slave_1: entered promiscuous mode [ 506.203718][ T29] audit: type=1326 audit(1720118152.261:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.3.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 506.262248][ T9151] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 506.270158][ T9151] Cannot create hsr debugfs directory [ 506.275753][ T9227] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1177'. [ 506.306291][ T29] audit: type=1326 audit(1720118152.291:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.3.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 506.407363][ T29] audit: type=1326 audit(1720118152.291:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.3.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 506.434799][ T5156] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 506.611863][ T29] audit: type=1326 audit(1720118152.301:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.3.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 506.639636][ T5156] usb 1-1: Using ep0 maxpacket: 8 [ 506.647370][ T25] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 506.698340][ T5156] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 506.713847][ T29] audit: type=1326 audit(1720118152.301:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.3.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 506.720615][ T9154] hsr_slave_0: entered promiscuous mode [ 506.742099][ T29] audit: type=1326 audit(1720118152.301:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.3.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 506.742155][ T29] audit: type=1326 audit(1720118152.301:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.3.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 506.742212][ T29] audit: type=1326 audit(1720118152.301:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.3.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 506.742262][ T29] audit: type=1326 audit(1720118152.301:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.3.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 506.857342][ T5156] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.865393][ T5156] usb 1-1: Product: syz [ 506.884116][ T5156] usb 1-1: Manufacturer: syz [ 507.089724][ T9154] hsr_slave_1: entered promiscuous mode [ 507.204983][ T9154] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 507.301969][ T9154] Cannot create hsr debugfs directory [ 507.366672][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 507.373170][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.491126][ T5156] usb 1-1: SerialNumber: syz [ 507.514001][ T5156] usb 1-1: config 0 descriptor?? [ 507.677525][ T25] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 507.700595][ T25] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 507.715917][ T25] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 507.769494][ T5156] dvb_usb_rtl28xxu 1-1:0.0: chip type detection failed -71 [ 507.776970][ T5156] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 507.787788][ T25] usb 4-1: config 1 has no interface number 0 [ 507.793969][ T25] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 507.830148][ T5156] usb 1-1: USB disconnect, device number 12 [ 507.857367][ T25] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 507.934093][ T25] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 508.020734][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.676939][ T9238] loop1: detected capacity change from 0 to 32768 [ 509.327374][ T25] usb 4-1: can't set config #1, error -71 [ 509.335118][ T25] usb 4-1: USB disconnect, device number 15 [ 509.557720][ T9244] cgroup: noprefix used incorrectly [ 509.868931][ T9151] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.074567][ T9151] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.100128][ T9251] loop0: detected capacity change from 0 to 256 [ 510.348446][ T9151] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.568538][ T9151] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.839961][ T9151] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 510.881746][ T9151] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 511.163027][ T9154] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.237643][ T9151] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 511.751917][ T9151] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 511.767295][ T5103] Bluetooth: hci4: command tx timeout [ 512.124642][ T9154] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.626355][ T9154] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.217330][ T29] kauditd_printk_skb: 54 callbacks suppressed [ 513.217350][ T29] audit: type=1326 audit(1720118159.271:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.0.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e0d75bd9 code=0x7ffc0000 [ 513.372705][ T29] audit: type=1326 audit(1720118159.271:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.0.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e0d75bd9 code=0x7ffc0000 [ 513.417829][ T29] audit: type=1326 audit(1720118159.331:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.0.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7fe0e0d75bd9 code=0x7ffc0000 [ 514.243834][ T5103] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 514.253374][ T5103] Bluetooth: hci4: Injecting HCI hardware error event [ 514.264420][ T5103] Bluetooth: hci4: hardware error 0x00 [ 514.409863][ T29] audit: type=1326 audit(1720118159.331:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.0.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e0d75bd9 code=0x7ffc0000 [ 514.541555][ T9154] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 514.597245][ T29] audit: type=1326 audit(1720118159.331:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.0.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe0e0d75bd9 code=0x7ffc0000 [ 514.648669][ T9273] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1190'. [ 514.702846][ T29] audit: type=1326 audit(1720118159.331:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.0.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e0d75bd9 code=0x7ffc0000 [ 514.754444][ T9151] 8021q: adding VLAN 0 to HW filter on device bond0 [ 514.791306][ T29] audit: type=1326 audit(1720118159.341:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.0.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe0e0d75bd9 code=0x7ffc0000 [ 514.816392][ T29] audit: type=1326 audit(1720118159.341:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.0.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e0d75bd9 code=0x7ffc0000 [ 514.843648][ T29] audit: type=1326 audit(1720118159.341:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.0.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe0e0d75bd9 code=0x7ffc0000 [ 514.866421][ T29] audit: type=1326 audit(1720118159.341:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.0.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e0d75bd9 code=0x7ffc0000 [ 514.904799][ T9151] 8021q: adding VLAN 0 to HW filter on device team0 [ 514.954312][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.961708][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 515.023531][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.030781][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.057328][ T5156] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 515.239684][ T5156] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 515.278733][ T9154] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 515.286046][ T5156] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 515.295685][ T5156] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 515.309184][ T9154] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 515.318772][ T5156] usb 1-1: config 1 has no interface number 0 [ 515.324923][ T5156] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 515.359374][ T9154] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 515.366517][ T5156] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 515.409780][ T9154] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 515.425489][ T5156] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 515.484534][ T5156] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.551314][ T5156] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 515.753630][ T9154] 8021q: adding VLAN 0 to HW filter on device bond0 [ 515.775517][ T9287] cgroup: noprefix used incorrectly [ 515.803967][ T9154] 8021q: adding VLAN 0 to HW filter on device team0 [ 515.875608][ T5100] Bluetooth: hci7: connection err: -111 [ 515.898142][ T5148] bridge0: port 1(bridge_slave_0) entered blocking state [ 515.905503][ T5148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 516.238752][ T1792] bridge0: port 2(bridge_slave_1) entered blocking state [ 516.245983][ T1792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 516.266762][ T5156] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 516.557674][ T5103] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 517.216506][ T9151] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 517.277545][ T7408] snd_usb_pod 1-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 518.217804][ T5153] usb 1-1: USB disconnect, device number 13 [ 518.225113][ T5153] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 520.143280][ T9316] loop0: detected capacity change from 0 to 32768 [ 522.575442][ T5103] Bluetooth: hci7: Controller not accepting commands anymore: ncmd = 0 [ 522.584544][ T5103] Bluetooth: hci7: Injecting HCI hardware error event [ 522.594791][ T5100] Bluetooth: hci7: hardware error 0x00 [ 522.990976][ T9154] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 523.315294][ T9151] veth0_vlan: entered promiscuous mode [ 523.375652][ T9151] veth1_vlan: entered promiscuous mode [ 523.425854][ T9154] veth0_vlan: entered promiscuous mode [ 523.505127][ T9154] veth1_vlan: entered promiscuous mode [ 523.547813][ T9325] cgroup: noprefix used incorrectly [ 523.693292][ T9151] veth0_macvtap: entered promiscuous mode [ 523.759651][ T9151] veth1_macvtap: entered promiscuous mode [ 523.788634][ T5103] Bluetooth: hci7: unexpected event for opcode 0x0000 [ 523.848352][ T9154] veth0_macvtap: entered promiscuous mode [ 523.887770][ T5103] Bluetooth: hci7: connection err: -111 [ 523.964777][ T9154] veth1_macvtap: entered promiscuous mode [ 524.008673][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 524.078347][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.107563][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 524.122741][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.142550][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 524.175321][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.203502][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 524.232315][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.368877][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 524.437257][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.506211][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 524.516969][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.537279][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 524.704287][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.724402][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 524.754743][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.773702][ T29] kauditd_printk_skb: 44 callbacks suppressed [ 524.773752][ T29] audit: type=1800 audit(1720118170.741:750): pid=9334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1205" name="bus" dev="overlay" ino=244 res=0 errno=0 [ 524.903476][ T5100] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 525.058659][ T9151] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 525.232487][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.287369][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.350412][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.377493][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.427366][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.441158][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.462150][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.481925][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.584384][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.627929][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.667582][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.720712][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.746010][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.756652][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.767507][ T9151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.778249][ T9151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.825923][ T9151] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 526.022572][ T9151] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.149139][ T9151] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.369337][ T9151] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.486781][ T9151] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.648542][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.677547][ T29] audit: type=1326 audit(1720118172.731:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 526.736256][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.746435][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.757094][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.767086][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.777722][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.787606][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.798186][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.812315][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.817375][ T29] audit: type=1326 audit(1720118172.811:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 526.822894][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.856295][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.866819][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.876846][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.893687][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.951761][ T29] audit: type=1326 audit(1720118172.831:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 527.089039][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 527.110365][ T29] audit: type=1326 audit(1720118172.831:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 527.158575][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.198036][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 527.237903][ T29] audit: type=1326 audit(1720118172.831:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 527.286091][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.309497][ T1792] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 527.471550][ T9154] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 527.669017][ T9342] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1208'. [ 527.687628][ T29] audit: type=1326 audit(1720118172.831:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 527.807518][ T29] audit: type=1326 audit(1720118172.831:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 527.907365][ T1792] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 527.920953][ T1792] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 527.951271][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.954298][ T29] audit: type=1326 audit(1720118172.831:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 527.985337][ T29] audit: type=1326 audit(1720118172.851:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 528.019756][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.030042][ T1792] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 528.050662][ T1792] usb 4-1: config 1 has no interface number 0 [ 528.056940][ T1792] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 528.067929][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.067952][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.067971][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.067986][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.068003][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.068019][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.068037][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.068052][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.068069][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.068085][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.068105][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.079633][ T1792] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 528.145954][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.186131][ T1792] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 528.270436][ T1792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.318477][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.353968][ T1792] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 528.359741][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.400818][ T9154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 528.428525][ T9154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 528.502920][ T9154] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 528.661942][ T9154] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.425510][ T9355] loop0: detected capacity change from 0 to 32768 [ 529.461798][ T9154] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.475027][ T9154] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 531.192877][ T9154] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 531.296306][ T1792] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached [ 531.332927][ T29] kauditd_printk_skb: 34 callbacks suppressed [ 531.332948][ T29] audit: type=1326 audit(1720118177.391:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f127bfa7bc5 code=0x7ffc0000 [ 531.529988][ T29] audit: type=1326 audit(1720118177.591:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 531.567332][ T29] audit: type=1326 audit(1720118177.591:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9341 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 531.679894][ T8] usb 4-1: USB disconnect, device number 16 [ 531.709056][ T8] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 531.742364][ T2887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 531.797456][ T2887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 531.967336][ T2887] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 531.995677][ T2887] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 532.532109][ T29] audit: type=1800 audit(1720118178.581:797): pid=9370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1216" name="bus" dev="overlay" ino=263 res=0 errno=0 [ 533.920585][ T2887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 533.968907][ T2887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 534.174260][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 534.206460][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 536.267910][ T9397] loop0: detected capacity change from 0 to 32768 [ 536.352161][ T29] audit: type=1326 audit(1720118181.711:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.4.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 536.854498][ T1792] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 537.027901][ T29] audit: type=1326 audit(1720118182.891:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.4.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 537.071828][ T29] audit: type=1326 audit(1720118183.031:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.4.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 537.096494][ T29] audit: type=1326 audit(1720118183.051:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.4.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 537.222298][ T9396] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1224'. [ 537.231569][ T29] audit: type=1326 audit(1720118183.071:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.4.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 537.276244][ T1792] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 537.327801][ T1792] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 537.330182][ T29] audit: type=1326 audit(1720118183.071:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.4.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 537.370681][ T1792] usb 3-1: config 0 descriptor?? [ 537.431397][ T29] audit: type=1326 audit(1720118183.071:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.4.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 537.527247][ T29] audit: type=1326 audit(1720118183.081:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.4.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 537.791346][ T29] audit: type=1326 audit(1720118183.091:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.4.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 537.846414][ T1157] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 537.861161][ T29] audit: type=1326 audit(1720118183.091:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.4.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 538.144699][ T1157] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 538.245440][ T1157] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 538.404717][ T1157] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 538.480054][ T1157] usb 5-1: config 1 has no interface number 0 [ 538.514036][ T1157] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 538.576922][ T1157] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 538.645959][ T1157] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 538.700402][ T1792] gs_usb 3-1:0.0: Configuring for 74 interfaces [ 538.707440][ T1792] gs_usb 3-1:0.0: Driver cannot handle more that 3 CAN interfaces [ 538.715590][ T1792] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22 [ 538.720610][ T1157] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.822960][ T1157] usb 5-1: can't set config #1, error -71 [ 538.848247][ T1157] usb 5-1: USB disconnect, device number 15 [ 540.851629][ T1157] usb 3-1: USB disconnect, device number 15 [ 543.107996][ T9444] loop2: detected capacity change from 0 to 256 [ 543.636546][ T29] kauditd_printk_skb: 48 callbacks suppressed [ 543.636566][ T29] audit: type=1800 audit(1720118189.691:856): pid=9451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1240" name="bus" dev="overlay" ino=275 res=0 errno=0 [ 543.921934][ T29] audit: type=1326 audit(1720118189.981:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9459 comm="syz.4.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 543.971429][ T9460] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1243'. [ 544.037117][ T29] audit: type=1326 audit(1720118189.981:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9459 comm="syz.4.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 544.101821][ T29] audit: type=1326 audit(1720118189.981:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9459 comm="syz.4.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 544.183011][ T29] audit: type=1326 audit(1720118189.981:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9459 comm="syz.4.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 544.282713][ T29] audit: type=1326 audit(1720118189.981:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9459 comm="syz.4.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 544.315748][ T46] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 544.369234][ T29] audit: type=1326 audit(1720118189.981:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9459 comm="syz.4.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 544.427286][ T29] audit: type=1326 audit(1720118189.991:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9459 comm="syz.4.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 544.481758][ T29] audit: type=1326 audit(1720118189.991:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9459 comm="syz.4.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 544.557440][ T46] usb 5-1: Using ep0 maxpacket: 32 [ 544.585504][ T46] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 544.612029][ T46] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 544.636628][ T29] audit: type=1326 audit(1720118189.991:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9459 comm="syz.4.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 544.706283][ T46] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 545.177435][ T5100] Bluetooth: hci0: command tx timeout [ 545.415444][ T5100] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 545.425493][ T5100] Bluetooth: hci0: Injecting HCI hardware error event [ 545.438347][ T5103] Bluetooth: hci0: hardware error 0x00 [ 546.197230][ T46] usb 5-1: config 1 has no interface number 0 [ 546.211857][ T46] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 546.226277][ T46] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 546.239591][ T46] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 546.249018][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.296109][ T46] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 546.534270][ T9480] netlink: 'syz.3.1248': attribute type 29 has an invalid length. [ 546.578583][ T9480] netlink: 'syz.3.1248': attribute type 29 has an invalid length. [ 546.654998][ T9480] netlink: 'syz.3.1248': attribute type 29 has an invalid length. [ 547.051024][ T46] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached [ 547.778586][ T9491] loop2: detected capacity change from 0 to 32768 [ 548.326765][ T5103] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 548.350531][ T7408] snd_usb_pod 5-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 548.528088][ T46] usb 5-1: USB disconnect, device number 16 [ 548.558567][ T46] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 551.604852][ T9527] loop2: detected capacity change from 0 to 512 [ 551.679988][ T9532] cgroup: noprefix used incorrectly [ 551.685333][ T9527] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 551.718733][ T9527] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 551.733251][ T29] kauditd_printk_skb: 62 callbacks suppressed [ 551.733271][ T29] audit: type=1800 audit(1720118197.791:928): pid=9529 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1264" name="bus" dev="overlay" ino=71 res=0 errno=0 [ 551.777618][ T9527] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.1265: Corrupt directory, running e2fsck is recommended [ 551.939682][ T9527] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 551.986310][ T9527] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz.2.1265: corrupted in-inode xattr: invalid ea_ino [ 552.074746][ T9527] EXT4-fs (loop2): Remounting filesystem read-only [ 552.129675][ T9527] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 552.908589][ T9541] loop0: detected capacity change from 0 to 32768 [ 553.077684][ T29] audit: type=1326 audit(1720118199.031:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9539 comm="syz.3.1268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 553.627342][ T29] audit: type=1326 audit(1720118199.081:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9539 comm="syz.3.1268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 553.741362][ T29] audit: type=1326 audit(1720118199.451:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9539 comm="syz.3.1268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 553.763989][ T29] audit: type=1326 audit(1720118199.451:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9539 comm="syz.3.1268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 554.610611][ T9540] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1268'. [ 554.639708][ T29] audit: type=1326 audit(1720118199.541:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9539 comm="syz.3.1268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 554.849782][ T29] audit: type=1326 audit(1720118199.541:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9539 comm="syz.3.1268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 555.068105][ T4875] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 555.106062][ T29] audit: type=1326 audit(1720118199.541:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9539 comm="syz.3.1268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 555.202294][ T29] audit: type=1326 audit(1720118199.541:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9539 comm="syz.3.1268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 555.225391][ T29] audit: type=1326 audit(1720118199.541:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9539 comm="syz.3.1268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f127bf75bd9 code=0x7ffc0000 [ 555.477502][ T4875] usb 4-1: Using ep0 maxpacket: 32 [ 555.492249][ T9556] netlink: 'syz.1.1273': attribute type 29 has an invalid length. [ 555.500417][ T4875] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 555.517205][ T4875] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 555.525848][ T4875] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 555.547272][ T4875] usb 4-1: config 1 has no interface number 0 [ 555.553554][ T4875] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 556.057074][ T9556] netlink: 'syz.1.1273': attribute type 29 has an invalid length. [ 556.439627][ T4875] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 556.452879][ T4875] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 556.458511][ T9559] netlink: 'syz.1.1273': attribute type 29 has an invalid length. [ 556.595054][ T4875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.616415][ T4875] usb 4-1: can't set config #1, error -71 [ 556.629730][ T4875] usb 4-1: USB disconnect, device number 17 [ 556.938130][ T9154] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 557.153656][ T9574] cgroup: noprefix used incorrectly [ 558.546780][ T9581] loop2: detected capacity change from 0 to 32768 [ 559.937374][ T5103] Bluetooth: hci5: command tx timeout [ 561.842700][ T5103] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 561.852239][ T5103] Bluetooth: hci5: Injecting HCI hardware error event [ 561.862487][ T5103] Bluetooth: hci5: hardware error 0x00 [ 561.975072][ T9591] loop4: detected capacity change from 0 to 32768 [ 562.125621][ T9595] loop1: detected capacity change from 0 to 512 [ 562.245121][ T9595] EXT4-fs warning (device loop1): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 562.468512][ T9595] EXT4-fs warning (device loop1): dx_probe:880: Enable large directory feature to access it [ 562.993654][ T9591] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=zstd,nojournal_transaction_names [ 563.009237][ T9591] invalid journal entry, version=1.7: mi_btree_bitmap type=usage in superblock: invalid journal entry usage: bad size, shutting down [ 563.023066][ T9591] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 0 [ 563.032543][ T9591] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 563.042165][ T9591] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 563.051750][ T9591] bcachefs (loop4): shutting down [ 563.083205][ T9591] bcachefs (loop4): shutdown complete [ 563.095231][ T9595] EXT4-fs warning (device loop1): dx_probe:965: inode #2: comm syz.1.1287: Corrupt directory, running e2fsck is recommended [ 563.345787][ T9595] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 563.393123][ T9595] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2234: inode #15: comm syz.1.1287: corrupted in-inode xattr: invalid ea_ino [ 563.456006][ T9595] EXT4-fs (loop1): Remounting filesystem read-only [ 563.471747][ T9595] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 563.611371][ T9615] cgroup: noprefix used incorrectly [ 567.017007][ T5103] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 567.492494][ T8102] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 567.525658][ T9622] loop2: detected capacity change from 0 to 256 [ 568.047903][ T29] kauditd_printk_skb: 50 callbacks suppressed [ 568.047924][ T29] audit: type=1800 audit(1720118214.111:988): pid=9628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1294" name="bus" dev="overlay" ino=358 res=0 errno=0 [ 568.806667][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.813212][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 570.966568][ T9660] loop2: detected capacity change from 0 to 512 [ 571.185115][ T9660] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 571.198270][ T9664] cgroup: noprefix used incorrectly [ 571.211259][ T9660] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 571.222165][ T9660] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.1303: Corrupt directory, running e2fsck is recommended [ 572.302361][ T9660] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 572.358924][ T9666] loop4: detected capacity change from 0 to 32768 [ 572.372368][ T9660] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz.2.1303: corrupted in-inode xattr: invalid ea_ino [ 572.527906][ T9660] EXT4-fs (loop2): Remounting filesystem read-only [ 572.566766][ T9660] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 572.578607][ T9666] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=zstd,nojournal_transaction_names [ 572.599110][ T9666] invalid journal entry, version=1.7: mi_btree_bitmap type=usage in superblock: invalid journal entry usage: bad size, shutting down [ 572.612961][ T9666] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 0 [ 572.622352][ T9666] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 572.630571][ T9666] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 572.640188][ T9666] bcachefs (loop4): shutting down [ 572.661296][ T9666] bcachefs (loop4): shutdown complete [ 574.204154][ T9154] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 575.232647][ T9677] loop0: detected capacity change from 0 to 32768 [ 575.613026][ T9677] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 575.678146][ T9677] bcachefs (loop0): recovering from clean shutdown, journal seq 8 [ 575.717366][ T9677] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 575.717366][ T9677] running recovery passes: check_allocations [ 575.782539][ T9677] bcachefs (loop0): bch2_journal_reclaim_start(): error creating journal reclaim thread EINTR [ 575.807477][ T9677] bcachefs (loop0): bch2_fs_recovery(): error EINTR [ 575.814146][ T9677] bcachefs (loop0): bch2_fs_start(): error starting filesystem EINTR [ 575.840464][ T9677] bcachefs (loop0): shutting down [ 575.925889][ T9677] bcachefs (loop0): shutdown complete [ 576.416235][ T9716] cgroup: noprefix used incorrectly [ 577.980039][ T29] audit: type=1800 audit(1720118223.131:989): pid=9723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1316" name="bus" dev="overlay" ino=118 res=0 errno=0 [ 578.136204][ T9725] loop4: detected capacity change from 0 to 32768 [ 578.357967][ T9729] Invalid/unusable pipe [ 578.361343][ T9725] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=zstd,nojournal_transaction_names [ 578.377712][ T9725] invalid journal entry, version=1.7: mi_btree_bitmap type=usage in superblock: invalid journal entry usage: bad size, shutting down [ 578.392346][ T9725] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 0 [ 578.404596][ T9725] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 578.412897][ T9725] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 578.426687][ T9725] bcachefs (loop4): shutting down [ 578.447230][ T9725] bcachefs (loop4): shutdown complete [ 584.879997][ T9762] cgroup: noprefix used incorrectly [ 586.326011][ T9770] loop0: detected capacity change from 0 to 32768 [ 586.476509][ T9781] loop2: detected capacity change from 0 to 1024 [ 586.745132][ T9770] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=zstd,nojournal_transaction_names [ 586.784198][ T9770] invalid journal entry, version=1.7: mi_btree_bitmap type=usage in superblock: invalid journal entry usage: bad size, shutting down [ 586.800099][ T9770] bcachefs (loop0): inconsistency detected - emergency read only at journal seq 0 [ 586.809864][ T9770] bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed [ 586.820339][ T9770] bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 586.831770][ T9770] bcachefs (loop0): shutting down [ 586.945165][ T9770] bcachefs (loop0): shutdown complete [ 587.182811][ T9781] Invalid/unusable pipe [ 587.585329][ T9781] hfsplus: bad catalog entry type [ 587.986621][ T1087] hfsplus: b-tree write err: -5, ino 4 [ 588.887566][ T9807] loop2: detected capacity change from 0 to 512 [ 589.117799][ T9807] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 589.433259][ T9807] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 589.612121][ T9807] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.1340: Corrupt directory, running e2fsck is recommended [ 589.791748][ T9807] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 589.802612][ T9807] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz.2.1340: corrupted in-inode xattr: invalid ea_ino [ 589.822519][ T9807] EXT4-fs (loop2): Remounting filesystem read-only [ 589.832300][ T9807] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 593.893972][ T9154] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 594.233107][ T9820] cgroup: noprefix used incorrectly [ 594.431746][ T29] audit: type=1800 audit(1720118240.491:990): pid=9828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1341" name="bus" dev="overlay" ino=394 res=0 errno=0 [ 594.618392][ T5153] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 594.856912][ T5153] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 594.958026][ T5153] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.016754][ T5153] usb 3-1: config 0 descriptor?? [ 595.979862][ T9846] netlink: 'syz.3.1350': attribute type 29 has an invalid length. [ 596.020724][ T9846] netlink: 'syz.3.1350': attribute type 29 has an invalid length. [ 596.027540][ T9846] netlink: 'syz.3.1350': attribute type 29 has an invalid length. [ 596.137629][ T5153] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 597.588929][ T5153] gs_usb 3-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 597.625566][ T5153] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22 [ 597.686877][ T5153] usb 3-1: USB disconnect, device number 16 [ 602.829625][ T9868] cgroup: noprefix used incorrectly [ 604.413154][ T9883] netlink: 'syz.1.1361': attribute type 29 has an invalid length. [ 604.447733][ T9883] netlink: 'syz.1.1361': attribute type 29 has an invalid length. [ 604.522208][ T9883] netlink: 'syz.1.1361': attribute type 29 has an invalid length. [ 606.118383][ T9894] loop1: detected capacity change from 0 to 32768 [ 606.357840][ T5100] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 606.369981][ T5100] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 606.385038][ T5100] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 606.395013][ T5100] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 606.403392][ T5100] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 606.411172][ T5100] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 606.625405][ T9894] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=zstd,nojournal_transaction_names [ 606.642800][ T9894] invalid journal entry, version=1.7: mi_btree_bitmap type=usage in superblock: invalid journal entry usage: bad size, shutting down [ 606.656625][ T9894] bcachefs (loop1): inconsistency detected - emergency read only at journal seq 0 [ 606.665964][ T9894] bcachefs (loop1): bch2_fs_recovery(): error fsck_errors_not_fixed [ 606.674116][ T9894] bcachefs (loop1): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 606.687478][ T9894] bcachefs (loop1): shutting down [ 606.714740][ T9894] bcachefs (loop1): shutdown complete [ 606.991932][ T29] audit: type=1800 audit(1720118253.051:991): pid=9913 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1364" name="bus" dev="overlay" ino=214 res=0 errno=0 [ 607.012924][ T5183] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 607.331131][ T5183] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 607.477264][ T5183] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.520016][ T5183] usb 3-1: config 0 descriptor?? [ 607.577493][ T2835] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 607.894029][ T29] audit: type=1326 audit(1720118253.951:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9921 comm="syz.3.1369" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x0 [ 607.895883][ T2835] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.051359][ T2835] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.076821][ T5183] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 608.284590][ T2835] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.469388][ T5183] gs_usb 3-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 608.478298][ T5100] Bluetooth: hci2: command tx timeout [ 608.505654][ T9902] chnl_net:caif_netlink_parms(): no params data found [ 608.507658][ T5183] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22 [ 608.674003][ T46] usb 3-1: USB disconnect, device number 17 [ 608.847623][ T9931] loop1: detected capacity change from 0 to 256 [ 608.927468][ T2835] bridge_slave_1: left allmulticast mode [ 608.935403][ T2835] bridge_slave_1: left promiscuous mode [ 608.972009][ T2835] bridge0: port 2(bridge_slave_1) entered disabled state [ 609.066506][ T2835] bridge_slave_0: left allmulticast mode [ 609.076040][ T2835] bridge_slave_0: left promiscuous mode [ 609.086067][ T2835] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.831030][ T5100] Bluetooth: hci2: command tx timeout [ 610.890655][ T25] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 610.909846][ T9952] loop2: detected capacity change from 0 to 32768 [ 611.107406][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 611.128073][ T25] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 611.144370][ T9952] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=zstd,nojournal_transaction_names [ 611.159912][ T9952] invalid journal entry, version=1.7: mi_btree_bitmap type=usage in superblock: invalid journal entry usage: bad size, shutting down [ 611.167718][ T25] usb 5-1: config 0 has no interface number 0 [ 611.173679][ T9952] bcachefs (loop2): inconsistency detected - emergency read only at journal seq 0 [ 611.193519][ T9952] bcachefs (loop2): bch2_fs_recovery(): error fsck_errors_not_fixed [ 611.202014][ T9952] bcachefs (loop2): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 611.210591][ T25] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 611.211579][ T9952] bcachefs (loop2): shutting down [ 611.243709][ T9952] bcachefs (loop2): shutdown complete [ 611.253011][ T25] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 611.284162][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.341333][ T25] usb 5-1: config 0 descriptor?? [ 611.371373][ T25] iowarrior 5-1:0.1: no interrupt-in endpoint found [ 611.661844][ T25] usb 5-1: USB disconnect, device number 17 [ 611.734633][ T29] audit: type=1326 audit(1720118257.791:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9966 comm="syz.3.1382" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f127bf75bd9 code=0x0 [ 611.991515][ T2835] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 612.011839][ T2835] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 612.039433][ T2835] bond0 (unregistering): Released all slaves [ 612.157282][ T25] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 612.440588][ T9902] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.482470][ T9902] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.528610][ T9902] bridge_slave_0: entered allmulticast mode [ 612.558439][ T9902] bridge_slave_0: entered promiscuous mode [ 612.569310][ T25] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 612.581589][ T9902] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.588870][ T25] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 612.599328][ T9902] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.606476][ T25] usb 3-1: config 0 has no interfaces? [ 612.613694][ T9902] bridge_slave_1: entered allmulticast mode [ 612.623511][ T25] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 612.644207][ T9902] bridge_slave_1: entered promiscuous mode [ 612.656366][ T25] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 612.682887][ T25] usb 3-1: Product: syz [ 612.693790][ T25] usb 3-1: Manufacturer: syz [ 612.705587][ T25] usb 3-1: SerialNumber: syz [ 612.734058][ T25] usb 3-1: config 0 descriptor?? [ 612.803436][ T29] audit: type=1800 audit(1720118258.851:994): pid=9980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1384" name="bus" dev="overlay" ino=519 res=0 errno=0 [ 612.877559][ T5100] Bluetooth: hci2: command tx timeout [ 612.924301][ T9982] loop4: detected capacity change from 0 to 64 [ 612.971522][ T7408] usb 3-1: USB disconnect, device number 18 [ 613.096520][ T9902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 613.224412][ T2835] hsr_slave_0: left promiscuous mode [ 613.257857][ T2835] hsr_slave_1: left promiscuous mode [ 613.268183][ T2835] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 613.275687][ T2835] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 613.301828][ T2835] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 613.327392][ T2835] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 613.400784][ T2835] veth1_macvtap: left promiscuous mode [ 613.416638][ T2835] veth0_macvtap: left promiscuous mode [ 613.426015][ T2835] veth1_vlan: left promiscuous mode [ 613.437325][ T2835] veth0_vlan: left promiscuous mode [ 615.679303][ T5100] Bluetooth: hci2: command tx timeout [ 616.001735][ T5148] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 616.177339][ T5148] usb 3-1: Using ep0 maxpacket: 8 [ 616.283994][ T5148] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 616.308682][ T5148] usb 3-1: config 0 has no interface number 0 [ 616.335944][ T5148] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 616.395154][ T5148] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 616.417460][ T5148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.437962][ T5148] usb 3-1: config 0 descriptor?? [ 616.458649][ T5148] iowarrior 3-1:0.1: no interrupt-in endpoint found [ 616.610108][ T8] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 616.660219][ T5183] usb 3-1: USB disconnect, device number 19 [ 616.821832][ T8] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 616.831997][ T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 616.862793][ T8] usb 2-1: config 0 has no interfaces? [ 616.891527][ T8] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 616.902211][ T2835] team0 (unregistering): Port device team_slave_1 removed [ 616.910363][ T8] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 616.926111][ T8] usb 2-1: Product: syz [ 616.941216][ T8] usb 2-1: Manufacturer: syz [ 616.946100][ T8] usb 2-1: SerialNumber: syz [ 616.967365][ T8] usb 2-1: config 0 descriptor?? [ 617.055303][ T2835] team0 (unregistering): Port device team_slave_0 removed [ 617.195574][ T8] usb 2-1: USB disconnect, device number 17 [ 618.007551][ T29] audit: type=1800 audit(1720118264.061:995): pid=10033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1402" name="bus" dev="overlay" ino=271 res=0 errno=0 [ 618.557174][ C1] DEBUG: waiting rtnl_mutex for 544 jiffies. [ 618.563262][ C1] task:kworker/1:0 state:D stack:22920 pid:25 tgid:25 ppid:2 flags:0x00004000 [ 618.573644][ C1] Workqueue: events linkwatch_event [ 618.578981][ C1] Call Trace: [ 618.582317][ C1] [ 618.585302][ C1] __schedule+0x1800/0x4a60 [ 618.589945][ C1] ? __pfx___schedule+0x10/0x10 [ 618.594859][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 618.601205][ C1] ? __pfx_lock_release+0x10/0x10 [ 618.606304][ C1] ? kick_pool+0x1bd/0x620 [ 618.610843][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 618.616095][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 618.621501][ C1] ? schedule+0x90/0x320 [ 618.625812][ C1] schedule+0x14b/0x320 [ 618.630106][ C1] schedule_preempt_disabled+0x13/0x30 [ 618.635756][ C1] __mutex_lock+0x6a4/0xd70 [ 618.640366][ C1] ? __mutex_lock+0x527/0xd70 [ 618.645110][ C1] ? linkwatch_event+0xe/0x60 [ 618.649988][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 618.655089][ C1] ? get_rtnl_holder+0x144/0x190 [ 618.660137][ C1] ? process_scheduled_works+0x945/0x1830 [ 618.665916][ C1] linkwatch_event+0xe/0x60 [ 618.670519][ C1] process_scheduled_works+0xa2c/0x1830 [ 618.676154][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 618.682339][ C1] ? assign_work+0x364/0x3d0 [ 618.686988][ C1] worker_thread+0x86d/0xd40 [ 618.691694][ C1] ? __kthread_parkme+0x169/0x1d0 [ 618.696772][ C1] ? __pfx_worker_thread+0x10/0x10 [ 618.701981][ C1] kthread+0x2f0/0x390 [ 618.706100][ C1] ? __pfx_worker_thread+0x10/0x10 [ 618.711302][ C1] ? __pfx_kthread+0x10/0x10 [ 618.716004][ C1] ret_from_fork+0x4b/0x80 [ 618.720522][ C1] ? __pfx_kthread+0x10/0x10 [ 618.725165][ C1] ret_from_fork_asm+0x1a/0x30 [ 618.730053][ C1] [ 618.733108][ C1] DEBUG: waiting rtnl_mutex for 558 jiffies. [ 618.739158][ C1] task:syz-executor state:D stack:21024 pid:9902 tgid:9902 ppid:9859 flags:0x00000000 [ 618.749410][ C1] Call Trace: [ 618.752722][ C1] [ 618.755683][ C1] __schedule+0x1800/0x4a60 [ 618.760299][ C1] ? __pfx___schedule+0x10/0x10 [ 618.765197][ C1] ? __pfx_lock_release+0x10/0x10 [ 618.770312][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 618.775836][ C1] ? schedule+0x90/0x320 [ 618.780170][ C1] schedule+0x14b/0x320 [ 618.784376][ C1] schedule_preempt_disabled+0x13/0x30 [ 618.789968][ C1] __mutex_lock+0x6a4/0xd70 [ 618.794608][ C1] ? __mutex_lock+0x527/0xd70 [ 618.799375][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 618.804710][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 618.809858][ C1] ? get_rtnl_holder+0x144/0x190 [ 618.814850][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 618.819992][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 618.825249][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 618.830798][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 618.836140][ C1] ? __pfx_validate_chain+0x10/0x10 [ 618.841435][ C1] ? __pfx_validate_chain+0x10/0x10 [ 618.846858][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 618.851907][ C1] ? mark_lock+0x9a/0x360 [ 618.856285][ C1] ? __pfx_validate_chain+0x10/0x10 [ 618.861579][ C1] ? __lock_acquire+0x1359/0x2000 [ 618.866682][ C1] ? mark_lock+0x9a/0x360 [ 618.871117][ C1] ? __lock_acquire+0x1359/0x2000 [ 618.876214][ C1] netlink_rcv_skb+0x1e3/0x430 [ 618.881072][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 618.886585][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 618.892004][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 618.897279][ C1] netlink_unicast+0x7f0/0x990 [ 618.902107][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 618.907481][ C1] ? __virt_addr_valid+0x183/0x530 [ 618.912646][ C1] ? __check_object_size+0x49c/0x900 [ 618.918017][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 618.923176][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 618.928042][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 618.933454][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 618.939525][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 618.944504][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 618.949991][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 618.955513][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 618.960938][ C1] __sock_sendmsg+0x221/0x270 [ 618.965681][ C1] __sys_sendto+0x3a4/0x4f0 [ 618.970333][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 618.975442][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 618.981524][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 618.987954][ C1] __x64_sys_sendto+0xde/0x100 [ 618.992765][ C1] do_syscall_64+0xf3/0x230 [ 618.997344][ C1] ? clear_bhb_loop+0x35/0x90 [ 619.002077][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.008068][ C1] RIP: 0033:0x7f4c2a97796c [ 619.012537][ C1] RSP: 002b:00007ffc612ab540 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 619.021041][ C1] RAX: ffffffffffffffda RBX: 00007f4c2b634620 RCX: 00007f4c2a97796c [ 619.029101][ C1] RDX: 0000000000000028 RSI: 00007f4c2b634670 RDI: 0000000000000003 [ 619.037170][ C1] RBP: 0000000000000000 R08: 00007ffc612ab594 R09: 000000000000000c [ 619.045185][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 619.053270][ C1] R13: 0000000000000000 R14: 00007f4c2b634670 R15: 0000000000000000 [ 619.061367][ C1] [ 619.064433][ C1] DEBUG: holding rtnl_mutex for 589 jiffies. [ 619.070488][ C1] task:kworker/u8:9 state:R running task stack:21008 pid:2835 tgid:2835 ppid:2 flags:0x00004008 [ 619.082351][ C1] Workqueue: netns cleanup_net [ 619.087204][ C1] Call Trace: [ 619.090696][ C1] [ 619.093570][ C1] sched_show_task+0x506/0x6d0 [ 619.098775][ C1] ? report_rtnl_holders+0x29e/0x3f0 [ 619.104127][ C1] ? __pfx__printk+0x10/0x10 [ 619.108817][ C1] ? __pfx_sched_show_task+0x10/0x10 [ 619.114231][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 619.120387][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 619.126943][ C1] report_rtnl_holders+0x320/0x3f0 [ 619.132526][ C1] call_timer_fn+0x18e/0x650 [ 619.137212][ C1] ? call_timer_fn+0xc0/0x650 [ 619.141952][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 619.147687][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 619.152846][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 619.158577][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 619.164256][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 619.170065][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 619.175320][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 619.180650][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 619.186343][ C1] __run_timer_base+0x66a/0x8e0 [ 619.191295][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 619.196724][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 619.203152][ C1] run_timer_softirq+0xb7/0x170 [ 619.208088][ C1] handle_softirqs+0x2c4/0x970 [ 619.212904][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 619.217759][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 619.223092][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 619.228382][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 619.233024][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 619.238321][ C1] irq_exit_rcu+0x9/0x30 [ 619.242600][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 619.248335][ C1] [ 619.251499][ C1] [ 619.254470][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 619.260589][ C1] RIP: 0010:finish_task_switch+0x1ea/0x870 [ 619.266454][ C1] Code: c9 50 e8 a9 b9 0b 00 48 83 c4 08 4c 89 f7 e8 dd 38 00 00 0f 1f 44 00 00 4c 89 f7 e8 30 59 38 0a e8 1b 88 37 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc [ 619.286169][ C1] RSP: 0018:ffffc900097371e8 EFLAGS: 00000282 [ 619.292410][ C1] RAX: 2c3838fec6c41300 RBX: ffff88802b425a00 RCX: ffffffff816fddda [ 619.300583][ C1] RDX: dffffc0000000000 RSI: ffffffff8bcac900 RDI: ffffffff8c207f20 [ 619.308641][ C1] RBP: ffffc90009737230 R08: ffffffff9301078f R09: 1ffffffff26020f1 [ 619.316673][ C1] R10: dffffc0000000000 R11: fffffbfff26020f2 R12: 1ffff110172a7ef3 [ 619.324762][ C1] R13: dffffc0000000000 R14: ffff8880b953ea00 R15: ffff8880b953f798 [ 619.332853][ C1] ? mark_lock+0x9a/0x360 [ 619.337281][ C1] ? finish_task_switch+0x1e5/0x870 [ 619.342547][ C1] __schedule+0x1808/0x4a60 [ 619.347116][ C1] ? __pfx_qdisc_free_cb+0x10/0x10 [ 619.352327][ C1] ? stack_depot_save_flags+0x29/0x830 [ 619.357927][ C1] ? __pfx___schedule+0x10/0x10 [ 619.362830][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 619.368909][ C1] ? unregister_netdevice_many_notify+0x9c7/0x1d20 [ 619.375465][ C1] ? default_device_exit_batch+0xa0f/0xa90 [ 619.381391][ C1] ? preempt_schedule_irq+0xf0/0x1c0 [ 619.386745][ C1] preempt_schedule_irq+0xfb/0x1c0 [ 619.391961][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 619.397787][ C1] irqentry_exit+0x5e/0x90 [ 619.402261][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 619.408344][ C1] RIP: 0010:lockdep_unregister_key+0x56d/0x610 [ 619.414554][ C1] Code: ff 92 48 c7 c6 10 bc 6f 81 e8 8f 04 0a 00 e8 fa 18 0a 00 e9 e5 fb ff ff e8 c0 62 21 0a 41 f7 c7 00 02 00 00 74 d0 fb 45 84 f6 <75> cf eb e0 90 0f 0b 90 45 31 f6 e9 62 ff ff ff 90 0f 0b 90 e9 a1 [ 619.434438][ C1] RSP: 0018:ffffc900097375c0 EFLAGS: 00000246 [ 619.440603][ C1] RAX: dffffc0000000000 RBX: 1ffff920012e6ec0 RCX: ffffffff947f4803 [ 619.448668][ C1] RDX: 0000000000000001 RSI: ffffffff8bcad5e0 RDI: ffffffff8c207f20 [ 619.456719][ C1] RBP: ffffc90009737698 R08: ffffffff92ffe777 R09: 1ffffffff25ffcee [ 619.464813][ C1] R10: dffffc0000000000 R11: fffffbfff25ffcef R12: ffffc90009737600 [ 619.472903][ C1] R13: 1ffff920012e6ebc R14: 0000000000000000 R15: 0000000000000a03 [ 619.480986][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 619.487036][ C1] ? rcu_is_watching+0x15/0xb0 [ 619.491917][ C1] ? qdisc_reset+0x3bf/0x5b0 [ 619.496565][ C1] __qdisc_destroy+0x165/0x410 [ 619.501443][ C1] dev_shutdown+0x9b/0x440 [ 619.505937][ C1] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 619.512430][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 619.519313][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 619.525272][ C1] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 619.531542][ C1] default_device_exit_batch+0xa0f/0xa90 [ 619.537288][ C1] ? __pfx___might_resched+0x10/0x10 [ 619.542621][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 619.548894][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 619.554336][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 619.560625][ C1] cleanup_net+0x89d/0xcc0 [ 619.565198][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 619.570308][ C1] ? process_scheduled_works+0x945/0x1830 [ 619.576085][ C1] process_scheduled_works+0xa2c/0x1830 [ 619.581859][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 619.587948][ C1] ? assign_work+0x364/0x3d0 [ 619.592593][ C1] worker_thread+0x86d/0xd40 [ 619.597370][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 619.603322][ C1] ? __kthread_parkme+0x169/0x1d0 [ 619.608726][ C1] ? __pfx_worker_thread+0x10/0x10 [ 619.613926][ C1] kthread+0x2f0/0x390 [ 619.618115][ C1] ? __pfx_worker_thread+0x10/0x10 [ 619.623279][ C1] ? __pfx_kthread+0x10/0x10 [ 619.628002][ C1] ret_from_fork+0x4b/0x80 [ 619.632501][ C1] ? __pfx_kthread+0x10/0x10 [ 619.637198][ C1] ret_from_fork_asm+0x1a/0x30 [ 619.642123][ C1] [ 619.645182][ C1] [ 619.645182][ C1] Showing all locks held in the system: [ 619.652980][ C1] 3 locks held by kworker/1:0/25: [ 619.658086][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 619.669214][ C1] #1: ffffc900001f7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 619.680327][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 619.689458][ C1] 2 locks held by kworker/u8:4/62: [ 619.694897][ C1] 6 locks held by kworker/u8:9/2835: [ 619.700268][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 619.711284][ C1] #1: ffffc90009737d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 619.721957][ C1] #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 619.731482][ C1] #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 619.741626][ C1] #4: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 619.751853][ C1] #5: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 619.761831][ C1] 2 locks held by getty/4855: [ 619.766534][ C1] #0: ffff88802a98e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 619.776427][ C1] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 619.786675][ C1] 6 locks held by syz.3.268/5974: [ 619.791788][ C1] 1 lock held by syz-executor/9151: [ 619.797019][ C1] #0: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 619.808081][ C1] 1 lock held by syz-executor/9902: [ 619.813313][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 619.823045][ C1] 1 lock held by syz.3.1397/10016: [ 619.828237][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 619.837686][ C1] 4 locks held by kvm-nx-lpage-re/10039: [ 619.843348][ C1] #0: ffffffff8e3639e8 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_attach_task_all+0x27/0xe0 [ 619.853317][ C1] #1: ffffffff8e1cf9f0 (cpu_hotplug_lock){++++}-{0:0}, at: cgroup_attach_lock+0x11/0x40 [ 619.863280][ C1] #2: ffffffff8e363bd0 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: cgroup_attach_task_all+0x31/0xe0 [ 619.874295][ C1] #3: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 619.885316][ C1] [ 619.887700][ C1] ============================================= [ 619.887700][ C1] [ 620.957459][ C1] DEBUG: waiting rtnl_mutex for 784 jiffies. [ 620.963523][ C1] task:kworker/1:0 state:D stack:22920 pid:25 tgid:25 ppid:2 flags:0x00004000 [ 620.973781][ C1] Workqueue: events linkwatch_event [ 620.979081][ C1] Call Trace: [ 620.982383][ C1] [ 620.985343][ C1] __schedule+0x1800/0x4a60 [ 620.989949][ C1] ? __pfx___schedule+0x10/0x10 [ 620.994845][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 621.000913][ C1] ? __pfx_lock_release+0x10/0x10 [ 621.005989][ C1] ? kick_pool+0x1bd/0x620 [ 621.010516][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 621.015774][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 621.021074][ C1] ? schedule+0x90/0x320 [ 621.025367][ C1] schedule+0x14b/0x320 [ 621.029757][ C1] schedule_preempt_disabled+0x13/0x30 [ 621.035291][ C1] __mutex_lock+0x6a4/0xd70 [ 621.039910][ C1] ? __mutex_lock+0x527/0xd70 [ 621.044644][ C1] ? linkwatch_event+0xe/0x60 [ 621.049456][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 621.054557][ C1] ? get_rtnl_holder+0x144/0x190 [ 621.059595][ C1] ? process_scheduled_works+0x945/0x1830 [ 621.065364][ C1] linkwatch_event+0xe/0x60 [ 621.069958][ C1] process_scheduled_works+0xa2c/0x1830 [ 621.075672][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 621.081982][ C1] ? assign_work+0x364/0x3d0 [ 621.086649][ C1] worker_thread+0x86d/0xd40 [ 621.091364][ C1] ? __kthread_parkme+0x169/0x1d0 [ 621.096670][ C1] ? __pfx_worker_thread+0x10/0x10 [ 621.101883][ C1] kthread+0x2f0/0x390 [ 621.106263][ C1] ? __pfx_worker_thread+0x10/0x10 [ 621.111460][ C1] ? __pfx_kthread+0x10/0x10 [ 621.116101][ C1] ret_from_fork+0x4b/0x80 [ 621.120611][ C1] ? __pfx_kthread+0x10/0x10 [ 621.125283][ C1] ret_from_fork_asm+0x1a/0x30 [ 621.130165][ C1] [ 621.133218][ C1] DEBUG: waiting rtnl_mutex for 798 jiffies. [ 621.139264][ C1] task:syz-executor state:D stack:21024 pid:9902 tgid:9902 ppid:9859 flags:0x00000000 [ 621.149528][ C1] Call Trace: [ 621.152839][ C1] [ 621.155805][ C1] __schedule+0x1800/0x4a60 [ 621.160423][ C1] ? __pfx___schedule+0x10/0x10 [ 621.165759][ C1] ? __pfx_lock_release+0x10/0x10 [ 621.170881][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 621.176414][ C1] ? schedule+0x90/0x320 [ 621.180748][ C1] schedule+0x14b/0x320 [ 621.185132][ C1] schedule_preempt_disabled+0x13/0x30 [ 621.190685][ C1] __mutex_lock+0x6a4/0xd70 [ 621.195313][ C1] ? __mutex_lock+0x527/0xd70 [ 621.200172][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 621.205561][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 621.210711][ C1] ? get_rtnl_holder+0x144/0x190 [ 621.215706][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 621.220829][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 621.226087][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 621.232433][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 621.237906][ C1] ? __pfx_validate_chain+0x10/0x10 [ 621.239757][T10051] loop4: detected capacity change from 0 to 32768 [ 621.243272][ C1] ? __pfx_validate_chain+0x10/0x10 [ 621.255095][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 621.260162][ C1] ? mark_lock+0x9a/0x360 [ 621.264554][ C1] ? __pfx_validate_chain+0x10/0x10 [ 621.269912][ C1] ? __lock_acquire+0x1359/0x2000 [ 621.275012][ C1] ? mark_lock+0x9a/0x360 [ 621.279427][ C1] ? __lock_acquire+0x1359/0x2000 [ 621.284526][ C1] netlink_rcv_skb+0x1e3/0x430 [ 621.289410][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 621.294947][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 621.300376][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 621.305721][ C1] netlink_unicast+0x7f0/0x990 [ 621.310607][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 621.316040][ C1] ? __virt_addr_valid+0x183/0x530 [ 621.321264][ C1] ? __check_object_size+0x49c/0x900 [ 621.326605][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 621.328855][ T5183] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 621.331852][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 621.339927][ T5152] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 621.344227][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 621.357195][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 621.363239][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 621.368280][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 621.373618][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 621.379189][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 621.384519][ C1] __sock_sendmsg+0x221/0x270 [ 621.389327][ C1] __sys_sendto+0x3a4/0x4f0 [ 621.393898][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 621.399110][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 621.405234][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 621.411694][ C1] __x64_sys_sendto+0xde/0x100 [ 621.416522][ C1] do_syscall_64+0xf3/0x230 [ 621.421228][ C1] ? clear_bhb_loop+0x35/0x90 [ 621.425978][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.432006][ C1] RIP: 0033:0x7f4c2a97796c [ 621.436472][ C1] RSP: 002b:00007ffc612ab540 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 621.445000][ C1] RAX: ffffffffffffffda RBX: 00007f4c2b634620 RCX: 00007f4c2a97796c [ 621.453079][ C1] RDX: 0000000000000028 RSI: 00007f4c2b634670 RDI: 0000000000000003 [ 621.461152][ C1] RBP: 0000000000000000 R08: 00007ffc612ab594 R09: 000000000000000c [ 621.469217][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 621.477264][ C1] R13: 0000000000000000 R14: 00007f4c2b634670 R15: 0000000000000000 [ 621.485297][ C1] [ 621.488400][ C1] DEBUG: holding rtnl_mutex for 832 jiffies. [ 621.494402][ C1] task:kworker/u8:9 state:D stack:21008 pid:2835 tgid:2835 ppid:2 flags:0x00004000 [ 621.504767][ C1] Workqueue: netns cleanup_net [ 621.509659][ C1] Call Trace: [ 621.512980][ C1] [ 621.515946][ C1] __schedule+0x1800/0x4a60 [ 621.520575][ C1] ? __pfx___schedule+0x10/0x10 [ 621.525601][ C1] ? __pfx_lock_release+0x10/0x10 [ 621.530739][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 621.536349][ C1] ? kthread_data+0x52/0xd0 [ 621.541210][ C1] ? schedule+0x90/0x320 [ 621.545502][ C1] ? wq_worker_sleeping+0x66/0x240 [ 621.550737][ C1] ? schedule+0x90/0x320 [ 621.555493][ C1] schedule+0x14b/0x320 [ 621.559771][ C1] schedule_preempt_disabled+0x13/0x30 [ 621.565286][ C1] __mutex_lock+0x6a4/0xd70 [ 621.570004][ C1] ? __mutex_lock+0x527/0xd70 [ 621.574759][ C1] ? synchronize_rcu_expedited+0x451/0x830 [ 621.577502][ T5183] usb 3-1: Using ep0 maxpacket: 8 [ 621.580655][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 621.590754][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 621.596004][ C1] synchronize_rcu_expedited+0x451/0x830 [ 621.600969][ T5152] usb 2-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 621.601730][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 621.611620][ T5183] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 621.616903][ C1] ? __pfx___might_resched+0x10/0x10 [ 621.630395][ C1] ? call_rcu+0x731/0xa70 [ 621.634782][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 621.640187][ C1] synchronize_rcu+0x11b/0x360 [ 621.645447][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 621.647197][ T5152] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.651212][ C1] lockdep_unregister_key+0x556/0x610 [ 621.665150][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 621.670190][ T5183] usb 3-1: config 0 has no interface number 0 [ 621.671126][ C1] ? rcu_is_watching+0x15/0xb0 [ 621.681985][ C1] ? qdisc_reset+0x3bf/0x5b0 [ 621.686626][ C1] __qdisc_destroy+0x165/0x410 [ 621.691501][ C1] dev_shutdown+0x9b/0x440 [ 621.695975][ C1] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 621.698745][ T5183] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 621.703019][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 621.719665][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 621.725634][ C1] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 621.731907][ C1] default_device_exit_batch+0xa0f/0xa90 [ 621.737720][ C1] ? __pfx___might_resched+0x10/0x10 [ 621.743083][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 621.747513][ T5183] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 621.749331][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 621.763719][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 621.770014][ C1] cleanup_net+0x89d/0xcc0 [ 621.774491][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 621.779528][ C1] ? process_scheduled_works+0x945/0x1830 [ 621.781694][ T5183] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.785271][ C1] process_scheduled_works+0xa2c/0x1830 [ 621.795519][ T5152] usb 2-1: config 0 descriptor?? [ 621.798925][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 621.798976][ C1] ? assign_work+0x364/0x3d0 [ 621.799013][ C1] worker_thread+0x86d/0xd40 [ 621.819405][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 621.825358][ C1] ? __kthread_parkme+0x169/0x1d0 [ 621.830493][ C1] ? __pfx_worker_thread+0x10/0x10 [ 621.835658][ C1] kthread+0x2f0/0x390 [ 621.839879][ C1] ? __pfx_worker_thread+0x10/0x10 [ 621.845077][ C1] ? __pfx_kthread+0x10/0x10 [ 621.849791][ C1] ret_from_fork+0x4b/0x80 [ 621.854254][ C1] ? __pfx_kthread+0x10/0x10 [ 621.858933][ C1] ret_from_fork_asm+0x1a/0x30 [ 621.863771][ C1] [ 621.866822][ C1] [ 621.866822][ C1] Showing all locks held in the system: [ 621.871777][ T5183] usb 3-1: config 0 descriptor?? [ 621.874588][ C1] 3 locks held by kworker/1:0/25: [ 621.884615][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 621.895732][ C1] #1: ffffc900001f7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 621.906896][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 621.916020][ C1] 3 locks held by kworker/u8:6/1087: [ 621.921315][ T5183] iowarrior 3-1:0.1: no interrupt-in endpoint found [ 621.928067][ C1] 5 locks held by kworker/u8:9/2835: [ 621.933397][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 621.944435][ C1] #1: ffffc90009737d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 621.955137][ C1] #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 621.964716][ C1] #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 621.974884][ C1] #4: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 621.986184][ C1] 2 locks held by getty/4855: [ 621.990931][ C1] #0: ffff88802a98e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 622.000843][ C1] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 622.011098][ C1] 5 locks held by kworker/0:5/5152: [ 622.016335][ C1] #0: ffff88801cee1d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 622.027795][ C1] #1: ffffc90003b7fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 622.039778][ C1] #2: ffff888023634190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 622.048805][ C1] #3: ffff888066cc5190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 622.058163][ C1] #4: ffff888021e75160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 622.067528][ C1] 3 locks held by syz.3.268/5974: [ 622.072603][ C1] 1 lock held by syz-executor/9902: [ 622.078372][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 622.088174][ C1] 4 locks held by udevd/9915: [ 622.093008][ C1] #0: ffff8880680bec30 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60 [ 622.101977][ C1] #1: ffff888078e40888 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0 [ 622.111527][ C1] #2: ffff88805c1cc3c8 (kn->active#5){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0 [ 622.121139][ C1] #3: ffff888066cc5190 (&dev->mutex){....}-{3:3}, at: uevent_show+0x17d/0x340 [ 622.130268][ C1] 1 lock held by syz.3.1397/10016: [ 622.135425][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 622.144884][ C1] 3 locks held by syz.4.1406/10049: [ 622.150162][ C1] #0: ffff88805bb28580 (&u->iolock){+.+.}-{3:3}, at: __unix_dgram_recvmsg+0x246/0x12f0 [ 622.160060][ C1] #1: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 622.162769][ T5183] usb 3-1: USB disconnect, device number 20 [ 622.170364][ C1] #2: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 622.170460][ C1] 3 locks held by syz.4.1406/10051: [ 622.170476][ C1] #0: ffff888068a808e8 (&c->sb_lock){+.+.}-{3:3}, at: bch2_fs_alloc+0xd40/0x20a0 [ 622.170548][ C1] #1: ffff888068a84988 (&c->mark_lock){++++}-{0:0}, at: bch2_sb_replicas_to_cpu_replicas+0x1e0/0x2e0 [ 622.170624][ C1] #2: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 622.170711][ C1] 1 lock held by syz.1.1408/10045: [ 622.170727][ C1] #0: ffff888061950198 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17c/0x3d0 [ 622.170805][ C1] 2 locks held by syz.1.1408/10046: [ 622.170820][ C1] #0: ffff888061950198 (&mm->mmap_lock){++++}-{3:3}, at: do_madvise+0x481/0x4590 [ 622.252709][ C1] #1: ffffffff8e3f02a8 (lock#3){+.+.}-{3:3}, at: __lru_add_drain_all+0x66/0x560 [ 622.262282][ C1] [ 622.264656][ C1] ============================================= [ 622.264656][ C1] [ 622.605742][T10051] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=zstd,nojournal_transaction_names [ 622.621397][T10051] invalid journal entry, version=1.7: mi_btree_bitmap type=usage in superblock: invalid journal entry usage: bad size, shutting down [ 622.635310][T10051] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 0 [ 622.644915][T10051] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 622.653220][T10051] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 622.666959][T10051] bcachefs (loop4): shutting down [ 622.688399][T10051] bcachefs (loop4): shutdown complete [ 622.879436][ T5152] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 622.979425][ T9902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 623.282815][ T5152] gs_usb 2-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 623.297581][ T5152] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -22 [ 623.420093][ T9902] team0: Port device team_slave_0 added [ 623.457614][T10065] netlink: 832 bytes leftover after parsing attributes in process `syz.4.1411'. [ 623.512058][ T25] usb 2-1: USB disconnect, device number 18 [ 623.535222][ T9902] team0: Port device team_slave_1 added [ 623.689918][ T9902] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 623.708913][T10069] loop4: detected capacity change from 0 to 128 [ 623.717287][ T9902] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 623.768344][ T9902] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 623.824064][ T9902] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 623.831325][ T5152] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 623.854786][ T9902] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 623.927898][ T9902] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 624.038589][ T5152] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 624.067295][ T5152] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 624.141532][ T5152] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 624.161711][ T5152] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 624.204914][ T5152] usb 3-1: Product: syz [ 624.209543][ T5152] usb 3-1: Manufacturer: syz [ 624.224517][ T5152] usb 3-1: SerialNumber: syz [ 624.289822][ T5152] usb 3-1: config 0 descriptor?? [ 624.311131][ T5152] ldusb 3-1:0.0: Interrupt in endpoint not found [ 624.369396][ T9902] hsr_slave_0: entered promiscuous mode [ 624.409560][ T29] audit: type=1800 audit(1720118270.471:996): pid=10078 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1415" name="bus" dev="overlay" ino=509 res=0 errno=0 [ 624.431264][ T9902] hsr_slave_1: entered promiscuous mode [ 624.449462][ T9902] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 624.459947][ T9902] Cannot create hsr debugfs directory [ 624.522256][ T5152] usb 3-1: USB disconnect, device number 21 [ 624.980266][ T5148] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 625.208595][ T5148] usb 2-1: Using ep0 maxpacket: 8 [ 625.231816][ T5148] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 625.277588][ T5148] usb 2-1: config 0 has no interface number 0 [ 625.315160][ T5148] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 626.465420][T10088] loop4: detected capacity change from 0 to 32768 [ 626.487320][ T5148] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 626.496489][ T5148] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.539688][ T5148] usb 2-1: config 0 descriptor?? [ 626.559133][ T5148] iowarrior 2-1:0.1: no interrupt-in endpoint found [ 626.736694][T10088] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=zstd,nojournal_transaction_names [ 626.758054][T10088] invalid journal entry, version=1.7: mi_btree_bitmap type=usage in superblock: invalid journal entry usage: bad size, shutting down [ 626.771895][T10088] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 0 [ 626.781249][T10088] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 626.789361][T10088] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 626.800261][T10088] bcachefs (loop4): shutting down [ 626.820768][T10088] bcachefs (loop4): shutdown complete [ 626.836525][ T5152] usb 2-1: USB disconnect, device number 19 [ 627.086921][T10101] netlink: 832 bytes leftover after parsing attributes in process `syz.2.1423'. [ 627.129670][ T9902] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 627.312661][ T9902] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 627.343441][ T9902] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 627.496180][ T9902] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 627.602275][T10107] loop4: detected capacity change from 0 to 256 [ 628.106768][ T9902] 8021q: adding VLAN 0 to HW filter on device bond0 [ 628.158673][ T9902] 8021q: adding VLAN 0 to HW filter on device team0 [ 628.201150][ T7408] bridge0: port 1(bridge_slave_0) entered blocking state [ 628.208432][ T7408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 628.244802][ T1792] bridge0: port 2(bridge_slave_1) entered blocking state [ 628.252147][ T1792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 628.328848][ T5148] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 628.478932][T10128] netlink: 832 bytes leftover after parsing attributes in process `syz.1.1433'. [ 628.519335][ T5148] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 628.531025][ T5148] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 628.555071][ T5148] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 628.574689][ T5148] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 628.599157][ T5148] usb 3-1: Product: syz [ 628.606955][ T5148] usb 3-1: Manufacturer: syz [ 628.613918][ T5148] usb 3-1: SerialNumber: syz [ 628.629759][ T5148] usb 3-1: config 0 descriptor?? [ 628.653096][ T5148] ldusb 3-1:0.0: Interrupt in endpoint not found [ 628.872799][ T5152] usb 3-1: USB disconnect, device number 22 [ 628.921309][ T9902] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 629.007363][ T5183] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 629.081589][ T9902] veth0_vlan: entered promiscuous mode [ 629.220289][ T5183] usb 2-1: Using ep0 maxpacket: 8 [ 629.239343][ T9902] veth1_vlan: entered promiscuous mode [ 629.278753][ T5183] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 629.286830][ T5183] usb 2-1: config 0 has no interface number 0 [ 629.362283][ T5183] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 629.439123][ T5183] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 630.349235][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 630.355604][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.433546][ T9902] veth0_macvtap: entered promiscuous mode [ 630.530542][ T9902] veth1_macvtap: entered promiscuous mode [ 630.643709][ T5183] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.665290][ T5183] usb 2-1: config 0 descriptor?? [ 630.683042][ T5183] iowarrior 2-1:0.1: no interrupt-in endpoint found [ 630.703671][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 630.753047][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 630.789868][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 630.816073][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 630.850745][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 630.916519][ T5183] usb 2-1: USB disconnect, device number 20 [ 630.922960][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 630.992321][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 631.027171][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.055954][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 631.089674][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.117666][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 631.147630][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.190259][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 631.217244][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.248579][ T29] audit: type=1800 audit(1720118277.301:997): pid=10145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1437" name="bus" dev="overlay" ino=258 res=0 errno=0 [ 631.287324][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 631.319510][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.352641][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 631.397515][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.433794][ T9902] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 631.560880][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 631.647588][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.676719][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 631.727794][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.757317][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 631.779626][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 631.803123][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 631.826126][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.013350][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 632.091341][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.146701][T10152] sctp: failed to load transform for md5: -2 [ 632.202143][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 632.272753][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.285217][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 632.295925][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.307222][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 632.335290][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.345309][ T9902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 632.355842][ T9902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.369195][ T9902] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 632.426325][ T9902] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.446327][ T9902] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.460916][ T9902] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.480022][ T9902] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.814684][ T2470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 632.853665][ T2470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 632.928335][T10168] netlink: 832 bytes leftover after parsing attributes in process `syz.1.1443'. [ 632.983080][ T2835] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 633.050335][ T2835] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 633.279751][T10178] loop0: detected capacity change from 0 to 128 [ 633.559871][ T5153] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 633.779445][ T5153] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 633.793790][ T5153] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 633.831806][ T5153] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 633.852139][ T5153] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 633.857433][ T1792] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 633.869888][ T5153] usb 4-1: Product: syz [ 633.878719][ T5153] usb 4-1: Manufacturer: syz [ 633.889075][ T5153] usb 4-1: SerialNumber: syz [ 633.904748][ T5153] usb 4-1: config 0 descriptor?? [ 633.931120][ T5153] ldusb 4-1:0.0: Interrupt in endpoint not found [ 634.068565][ T1792] usb 3-1: Using ep0 maxpacket: 8 [ 634.090177][ T1792] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 634.117913][ T1792] usb 3-1: config 0 has no interface number 0 [ 634.145897][ T1792] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 634.155220][ T5153] usb 4-1: USB disconnect, device number 18 [ 634.183352][ T1792] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 634.213642][ T1792] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.249205][ T1792] usb 3-1: config 0 descriptor?? [ 634.271766][ T1792] iowarrior 3-1:0.1: no interrupt-in endpoint found [ 634.482757][ T7408] usb 3-1: USB disconnect, device number 23 [ 634.734963][T10199] syzkaller0: entered allmulticast mode [ 635.018794][T10201] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1452'. [ 635.031030][T10204] netlink: 832 bytes leftover after parsing attributes in process `syz.3.1454'. [ 636.738511][T10216] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 636.939375][T10216] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 636.957210][T10216] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 636.980353][T10216] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 637.010288][T10216] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 637.027274][T10216] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 637.035795][T10216] usb 3-1: Product: syz [ 637.048170][T10216] usb 3-1: Manufacturer: syz [ 637.057230][T10216] usb 3-1: SerialNumber: syz [ 637.068457][T10216] usb 3-1: config 0 descriptor?? [ 637.080132][T10216] ldusb 3-1:0.0: Interrupt in endpoint not found [ 637.147379][ T5152] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 637.307418][ T5153] usb 3-1: USB disconnect, device number 24 [ 637.358237][ T5152] usb 5-1: Using ep0 maxpacket: 8 [ 637.403299][ T5152] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 637.417217][ T5152] usb 5-1: config 0 has no interface number 0 [ 637.427551][ T5152] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 637.449520][ T5152] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 637.471941][ T5152] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.494360][ T5152] usb 5-1: config 0 descriptor?? [ 637.510859][ T5152] iowarrior 5-1:0.1: no interrupt-in endpoint found [ 637.731676][ T5152] usb 5-1: USB disconnect, device number 18 [ 637.851579][T10245] netlink: 832 bytes leftover after parsing attributes in process `syz.3.1467'. [ 638.313768][T10215] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 638.538434][T10215] usb 3-1: Using ep0 maxpacket: 32 [ 638.548088][ T29] audit: type=1326 audit(1720118284.611:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.4.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 638.580169][T10215] usb 3-1: config 0 has an invalid interface number: 98 but max is 0 [ 638.588395][T10215] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 638.611167][T10215] usb 3-1: config 0 has no interface number 0 [ 638.626516][T10215] usb 3-1: config 0 interface 98 has no altsetting 0 [ 638.680619][T10263] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1474'. [ 638.736587][T10215] usb 3-1: New USB device found, idVendor=19d2, idProduct=1173, bcdDevice=a1.cd [ 638.746595][ T29] audit: type=1326 audit(1720118284.611:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.4.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 638.854340][T10215] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.941542][T10215] usb 3-1: config 0 descriptor?? [ 638.978679][ T29] audit: type=1326 audit(1720118284.611:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.4.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 639.015517][T10215] cdc_ether 3-1:0.98: skipping garbage [ 639.047452][T10215] usb 3-1: bad CDC descriptors [ 639.123867][ T29] audit: type=1326 audit(1720118284.611:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.4.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 639.149271][ T25] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 639.281531][T10216] usb 3-1: USB disconnect, device number 25 [ 639.312467][ T29] audit: type=1326 audit(1720118284.611:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.4.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 639.393193][ T29] audit: type=1326 audit(1720118284.611:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.4.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 639.429787][ T25] usb 5-1: config index 0 descriptor too short (expected 249, got 27) [ 639.459800][ T25] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 639.462811][ T29] audit: type=1326 audit(1720118284.611:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.4.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 639.491127][ T25] usb 5-1: config 0 has no interfaces? [ 639.507363][ T25] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 639.520871][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.570397][ T25] usb 5-1: config 0 descriptor?? [ 639.576340][ T29] audit: type=1326 audit(1720118284.611:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.4.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 639.649303][ T29] audit: type=1326 audit(1720118284.611:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.4.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 639.734858][ T29] audit: type=1326 audit(1720118284.611:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.4.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf1d75bd9 code=0x7ffc0000 [ 640.052264][T10271] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1476'. [ 640.293211][T10283] netlink: 832 bytes leftover after parsing attributes in process `syz.2.1481'. [ 640.428851][ T5183] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 640.630479][ T5183] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 640.660345][ T5183] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 640.701472][ T5183] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 640.745397][ T5183] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 640.767201][ T5183] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 640.801495][ T5183] usb 4-1: Product: syz [ 640.816454][ T5183] usb 4-1: Manufacturer: syz [ 640.825052][ T5183] usb 4-1: SerialNumber: syz [ 640.843735][ T5183] usb 4-1: config 0 descriptor?? [ 640.862738][ T5183] ldusb 4-1:0.0: Interrupt in endpoint not found [ 640.987967][ T5152] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 641.121924][T10216] usb 4-1: USB disconnect, device number 19 [ 641.177450][ T5152] usb 1-1: Using ep0 maxpacket: 8 [ 641.186741][ T5152] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 641.220318][ T5152] usb 1-1: config 0 has no interface number 0 [ 641.239708][ T5152] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 641.266694][ T5152] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 641.307679][ T5152] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.338028][ T5152] usb 1-1: config 0 descriptor?? [ 641.357487][ T5152] iowarrior 1-1:0.1: no interrupt-in endpoint found [ 641.464055][ T5183] usb 5-1: USB disconnect, device number 19 [ 641.571890][T10216] usb 1-1: USB disconnect, device number 14 [ 642.077410][ T25] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 642.163353][T10309] loop2: detected capacity change from 0 to 512 [ 642.288140][ T25] usb 4-1: Using ep0 maxpacket: 32 [ 642.299812][T10309] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 642.341186][T10314] netlink: 832 bytes leftover after parsing attributes in process `syz.0.1493'. [ 642.352585][ T25] usb 4-1: config 0 has an invalid interface number: 98 but max is 0 [ 642.386346][T10309] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 642.414199][ T25] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 642.449234][ T25] usb 4-1: config 0 has no interface number 0 [ 642.455392][ T25] usb 4-1: config 0 interface 98 has no altsetting 0 [ 642.527435][ T25] usb 4-1: New USB device found, idVendor=19d2, idProduct=1173, bcdDevice=a1.cd [ 642.536546][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.614614][ T25] usb 4-1: config 0 descriptor?? [ 642.627735][ T9154] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 642.642477][ T25] cdc_ether 4-1:0.98: skipping garbage [ 642.671089][ T25] usb 4-1: bad CDC descriptors [ 643.188509][T10329] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 645.199008][ T1157] usb 4-1: USB disconnect, device number 20 [ 645.407296][ T5152] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 645.650127][ T5152] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 645.682926][ T5152] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 645.718011][ T5152] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 645.767441][T10216] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 645.784358][ T5152] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 645.824087][ T5152] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 645.857286][ T5152] usb 1-1: Product: syz [ 645.872018][ T5152] usb 1-1: Manufacturer: syz [ 645.890987][ T5152] usb 1-1: SerialNumber: syz [ 645.937921][ T5152] usb 1-1: config 0 descriptor?? [ 645.967080][ T5152] ldusb 1-1:0.0: Interrupt in endpoint not found [ 645.997384][T10216] usb 4-1: Using ep0 maxpacket: 8 [ 646.080838][T10216] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 646.127289][T10216] usb 4-1: config 0 has no interface number 0 [ 646.143751][T10216] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 646.213006][T10216] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 646.233186][T10215] usb 1-1: USB disconnect, device number 15 [ 646.252281][T10216] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.306308][T10216] usb 4-1: config 0 descriptor?? [ 646.352504][T10216] iowarrior 4-1:0.1: no interrupt-in endpoint found [ 646.912102][T10362] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000007: 0000 [#1] PREEMPT SMP KASAN PTI [ 646.912140][T10362] KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] [ 646.912163][T10362] CPU: 0 UID: 0 PID: 10362 Comm: syz.2.1508 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 646.912184][T10362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 646.912195][T10362] RIP: 0010:xdp_do_redirect+0x63/0xb40 [ 646.912225][T10362] Code: c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 9c 38 90 f8 4c 8b 23 4d 8d 74 24 38 4c 89 f3 48 c1 eb 03 <42> 0f b6 04 2b 84 c0 0f 85 fc 07 00 00 41 8b 2e 89 ee 83 e6 02 31 [ 646.912239][T10362] RSP: 0018:ffffc90004d57828 EFLAGS: 00010202 [ 646.912254][T10362] RAX: 1ffff110051c3e40 RBX: 0000000000000007 RCX: 0000000000040000 [ 646.912269][T10362] RDX: ffffc9000fe59000 RSI: 000000000000022b RDI: 000000000000022c [ 646.912285][T10362] RBP: ffffc90004d579b0 R08: 0000000000000005 R09: ffffffff866bc849 [ 646.912301][T10362] R10: 0000000000000005 R11: ffff888028e1da00 R12: 0000000000000000 [ 646.912316][T10362] R13: dffffc0000000000 R14: 0000000000000038 R15: ffffc90004d57af0 [ 646.912335][T10362] FS: 00007f501bbde6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 646.912356][T10362] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 646.912500][T10362] CR2: 000000110c31db2c CR3: 000000007d71e000 CR4: 00000000003506f0 [ 646.912517][T10362] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 646.912527][T10362] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 646.912538][T10362] Call Trace: [ 646.912546][T10362] [ 646.912554][T10362] ? __die_body+0x88/0xe0 [ 646.912581][T10362] ? die_addr+0x108/0x140 [ 646.912607][T10362] ? exc_general_protection+0x3dd/0x5d0 [ 646.912638][T10362] ? asm_exc_general_protection+0x26/0x30 [ 646.912660][T10362] ? tun_xdp_act+0x89/0xb70 [ 646.912678][T10362] ? xdp_do_redirect+0x63/0xb40 [ 646.912702][T10362] ? xdp_do_redirect+0x2e/0xb40 [ 646.912730][T10362] tun_xdp_act+0xe9/0xb70 [ 646.912749][T10362] ? tun_get_user+0x84c/0x4560 [ 646.912765][T10362] ? __pfx___cant_migrate+0x10/0x10 [ 646.912785][T10362] ? __pfx_tun_xdp_act+0x10/0x10 [ 646.912825][T10362] tun_get_user+0x346d/0x4560 [ 646.912843][T10362] ? tun_get_user+0x84c/0x4560 [ 646.912866][T10362] ? __pfx_tun_get_user+0x10/0x10 [ 646.912886][T10362] ? tun_get+0x1e/0x2f0 [ 646.912909][T10362] ? tun_get+0x1e/0x2f0 [ 646.912924][T10362] ? tun_get+0x27d/0x2f0 [ 646.912940][T10362] tun_chr_write_iter+0x113/0x1f0 [ 646.912958][T10362] vfs_write+0xa72/0xc90 [ 646.912975][T10362] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 646.912992][T10362] ? __pfx_vfs_write+0x10/0x10 [ 646.913017][T10362] ksys_write+0x1a0/0x2c0 [ 646.913034][T10362] ? __pfx_ksys_write+0x10/0x10 [ 646.913049][T10362] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 646.913074][T10362] ? do_syscall_64+0xb6/0x230 [ 646.913090][T10362] do_syscall_64+0xf3/0x230 [ 646.913105][T10362] ? clear_bhb_loop+0x35/0x90 [ 646.913126][T10362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 646.913145][T10362] RIP: 0033:0x7f501c17475f [ 646.913159][T10362] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 646.913173][T10362] RSP: 002b:00007f501bbde010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 646.913190][T10362] RAX: ffffffffffffffda RBX: 00007f501c304038 RCX: 00007f501c17475f [ 646.913203][T10362] RDX: 000000000000000e RSI: 0000000020001540 RDI: 00000000000000c8 [ 646.913213][T10362] RBP: 00007f501c1e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 646.913224][T10362] R10: 000000000000000e R11: 0000000000000293 R12: 0000000000000000 [ 646.913234][T10362] R13: 000000000000006e R14: 00007f501c304038 R15: 00007ffda66ab3d8 [ 646.913253][T10362] [ 646.913258][T10362] Modules linked in: [ 646.913290][T10362] ---[ end trace 0000000000000000 ]--- [ 647.296722][T10362] RIP: 0010:xdp_do_redirect+0x63/0xb40 [ 647.302372][T10362] Code: c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 9c 38 90 f8 4c 8b 23 4d 8d 74 24 38 4c 89 f3 48 c1 eb 03 <42> 0f b6 04 2b 84 c0 0f 85 fc 07 00 00 41 8b 2e 89 ee 83 e6 02 31 [ 647.322157][T10362] RSP: 0018:ffffc90004d57828 EFLAGS: 00010202 [ 647.328399][T10362] RAX: 1ffff110051c3e40 RBX: 0000000000000007 RCX: 0000000000040000 [ 647.336465][T10362] RDX: ffffc9000fe59000 RSI: 000000000000022b RDI: 000000000000022c [ 647.344600][T10362] RBP: ffffc90004d579b0 R08: 0000000000000005 R09: ffffffff866bc849 [ 647.352735][T10362] R10: 0000000000000005 R11: ffff888028e1da00 R12: 0000000000000000 [ 647.360846][T10362] R13: dffffc0000000000 R14: 0000000000000038 R15: ffffc90004d57af0 [ 647.368972][T10362] FS: 00007f501bbde6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 647.378039][T10362] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 647.384720][T10362] CR2: 000000110c31db2c CR3: 000000007d71e000 CR4: 00000000003506f0 [ 647.392855][T10362] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 647.400977][T10362] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 647.409103][T10362] Kernel panic - not syncing: Fatal exception in interrupt [ 647.416625][T10362] Kernel Offset: disabled [ 647.420955][T10362] Rebooting in 86400 seconds..