last executing test programs: 51.234359433s ago: executing program 0 (id=143): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f00000001c0)={0xd, @output}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="3400e90002060500000000000000f50000000000"], 0x34}}, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c00018006000600800a00000405028000"], 0x528}}, 0xc000) sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x30, 0x1405, 0x8, 0x70bd2d, 0x25dfdbfc, "", [{{0x8, 0x1, 0x1}, {0x8, 0x3, 0xfe}}, {{0x8, 0x1, 0x1}, {0x8, 0x3, 0x2}}]}, 0x30}, 0x1, 0x0, 0x0, 0x84}, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES32, @ANYRESHEX], 0x30}}, 0x40040) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x2, 0x0, 0x0, 0xb3550aa4ba8783c0}, 0x9c) sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0), 0x492492492492627, 0x0) 47.011010609s ago: executing program 0 (id=152): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_UNREGISTER(r1, 0xc018aa06, &(0x7f0000000040)={&(0x7f0000fec000/0x2000)=nil, 0x2000}) 45.700031458s ago: executing program 0 (id=156): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x4, 0x3, 0xfffffffe) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x7, 0x4, 0x18, 0xa042, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001080)={r4, 0x0, 0x0}, 0x20) write(r3, &(0x7f0000000100), 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0xfff, 0x402) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r5, 0xc040564a, &(0x7f0000000040)={0x0, 0x0, 0x3011, 0x0, 0x0, 0x0, 0x0, 0x1}) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(r6, 0x0, 0x0) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r7, 0x84, 0x81, &(0x7f0000000100)="1a0000000200", 0x6) syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) sendto$inet6(r7, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r7, 0x84, 0x23, &(0x7f00000001c0)={0x0, 0x1ff}, 0x8) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000002180)=ANY=[@ANYBLOB="38010000100033060000000000000000ac1414bb000000000000000000000000ff02000000000000000000000000000100"/64, @ANYBLOB], 0x138}}, 0x0) 44.558925861s ago: executing program 0 (id=161): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r5}, 0x18) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) socket$netlink(0x10, 0x3, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224\x00'}, 0x58) accept4(r6, 0x0, 0x0, 0x0) ioctl$SG_EMULATED_HOST(r1, 0x2283, &(0x7f0000000000)) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000680)=ANY=[@ANYRES16=r7, @ANYBLOB="0008fdfffffffcdbdf2501000000080001007063690011000200303030303a30303a31302e30000000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080001007063690011000200303030303a30303a31302e3000000000080001007063690011000200303030303a30303a31302e30000000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0xa8}, 0x1, 0x0, 0x0, 0x41}, 0x20004841) sendmsg$DEVLINK_CMD_TRAP_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x81}, 0x4000040) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000580), r8) sendmsg$IEEE802154_LIST_PHY(r8, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000005c0)={0x14, r9, 0x30b}, 0x14}}, 0x0) 42.502212826s ago: executing program 0 (id=164): io_uring_setup(0x6d4f, 0x0) socket$pppoe(0x18, 0x1, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) r2 = dup(r1) ioctl$PPPIOCCONNECT(r2, 0x40047435, &(0x7f00000002c0)=0x1) ioctl$PPPIOCGCHAN(r0, 0x80047437, 0x0) 41.070577957s ago: executing program 3 (id=167): r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) syz_open_dev$midi(0x0, 0x3, 0x88c02) openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = dup(0xffffffffffffffff) write$6lowpan_enable(r1, 0x0, 0x0) pselect6(0x40, &(0x7f0000000600)={0x0, 0x100000}, 0x0, &(0x7f0000000680)={0x7ff}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendfile(r0, r0, 0x0, 0x7ffff000) 41.004081672s ago: executing program 0 (id=168): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108) socket$inet6_sctp(0xa, 0x1, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) sched_setscheduler(0x0, 0x2, 0x0) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) gettid() fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) readv(r3, 0x0, 0x0) mkdirat(0xffffffffffffffff, 0x0, 0x100) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8) setsockopt$packet_int(r1, 0x107, 0x9, 0x0, 0x0) sendto$packet(r1, &(0x7f0000000200)="3f0336082608123a160097ca0000f09210d7c2290f0086fd1378c9167c643c6198872bbfe465ebc0e9ad89b8ac5dcaaeaf21dca98d", 0x16, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(0xffffffffffffffff, 0xc008551b, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r2]) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r6, 0x0, r7, 0x0, 0x8000f28, 0x0) vmsplice(r7, &(0x7f0000000780)=[{&(0x7f0000000200)="94", 0x1}], 0x1, 0xa) ioctl$sock_inet_udp_SIOCINQ(r7, 0x541b, 0x0) write(r5, 0x0, 0x0) 40.035874707s ago: executing program 3 (id=171): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a3000"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401}], {0x14}}, 0x90}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() r2 = fspick(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x80000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r5, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffc, 0x5, 0x0, @buffer={0x0, 0xca, &(0x7f0000000300)=""/202}, &(0x7f00000000c0)="008d7acda0", 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000800000c02000000000000000000000d0000000000005f"], 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r6 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r6, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@cswp={0x58, 0x114, 0x7, {{}, 0x0, 0x0}}], 0x58}, 0x0) open(0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffd) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) ioctl$TIOCSERGETLSR(r7, 0x5459, &(0x7f0000000040)) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x32, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x70bd2d, 0x25dfdbff, {}, [@IFLA_MTU={0x8, 0x4, 0x42}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 38.665940021s ago: executing program 3 (id=173): r0 = io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xfffffffd}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x101000, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000580)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x42, 0x0, "bd1c790806ed6dcd18899f9ea77ca9fb5184ff0ba54b7dfe784d2f6b7dcd9474d9b295588ac0b991d5c66461eca3f1ff5543acc6c970d0ad22d692e84d692972368e64c272da633a217b45fcc8b1ff3b"}, 0xd8) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340)=0x2, 0xa2) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000540), 0x3c) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f000000e0c0), 0x10010) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000200)=@gcm_256={{0x304}, "00e0f07600", "832b4d2434b35bca8c0b78d2afff6d70d2025c7f53123828322d5af0d5c6c3a5", '`\a-N', "298f0e6df9ae9b3d"}, 0x38) sendfile(r1, r2, &(0x7f0000000100)=0x8dff, 0x100000000010001) r3 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x47be, 0x2, 0xd, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 36.543430801s ago: executing program 3 (id=179): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x40008, 0x420000008b}, 0x0) ptrace(0x10, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) rename(0x0, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r1 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x43, &(0x7f0000000080)=0x9, 0x4) sendto$inet6(r1, &(0x7f00000000c0)='H', 0xffe0, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x9, @loopback={0x3f}}, 0x1c) 35.061555609s ago: executing program 3 (id=182): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x15) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) r2 = dup(r1) write$UHID_INPUT(r2, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f70c9b3e6ee7ff7fc6e5539b9b3b0e8b9b411b5d30091b080d29428f0e1ac6e7049b3468959b4c9a242a9b67f3988f7ef319520200ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x100d}}, 0xfffffdef) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x10, 0x8000000000000001}, 0x0, &(0x7f0000000240)={0x1d, 0x2}, 0x0, 0x0) 33.924103103s ago: executing program 3 (id=184): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private=0xa010102}}, 0x24) sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000001880)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd2d}, 0x700}], 0xf000, 0x10002, 0x0) 25.953676404s ago: executing program 32 (id=168): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108) socket$inet6_sctp(0xa, 0x1, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) sched_setscheduler(0x0, 0x2, 0x0) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) gettid() fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) readv(r3, 0x0, 0x0) mkdirat(0xffffffffffffffff, 0x0, 0x100) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8) setsockopt$packet_int(r1, 0x107, 0x9, 0x0, 0x0) sendto$packet(r1, &(0x7f0000000200)="3f0336082608123a160097ca0000f09210d7c2290f0086fd1378c9167c643c6198872bbfe465ebc0e9ad89b8ac5dcaaeaf21dca98d", 0x16, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(0xffffffffffffffff, 0xc008551b, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r2]) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r6, 0x0, r7, 0x0, 0x8000f28, 0x0) vmsplice(r7, &(0x7f0000000780)=[{&(0x7f0000000200)="94", 0x1}], 0x1, 0xa) ioctl$sock_inet_udp_SIOCINQ(r7, 0x541b, 0x0) write(r5, 0x0, 0x0) 17.352704506s ago: executing program 33 (id=184): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private=0xa010102}}, 0x24) sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000001880)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd2d}, 0x700}], 0xf000, 0x10002, 0x0) 9.075723916s ago: executing program 1 (id=249): bind$inet(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000040c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x6) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x114, 0x1f, 0x1, 0x0, 0x0, "", [@nested={0x103, 0x0, 0x0, 0x1, [@typed={0x14, 0x3, 0x0, 0x0, @ipv6=@private1}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@dev}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b504681000000000000009ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8"]}]}, 0x114}], 0x1}, 0x0) 8.192590753s ago: executing program 1 (id=250): recvmmsg$unix(0xffffffffffffffff, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{0x0}], 0x1}}], 0x1, 0x34000, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast2}, 0x10) sendmmsg$inet(r0, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x7e1f, 0x0}, 0xee0000b0}, {{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000001100)="15b26f226e2966667482d50903b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5d07d691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6bea1764fbde5500fa30c5f2459cff4d7f123ab94cfd5762d586ec7a28abc2f8c9e608f8f964b96ecb0883d60d444f317834a3d734cb304051a60d1a084a84da8f9a23a1b9d4951c0a81985c63ae193f40e9deb358b2f08553324fd6086be9e70e5061568abefebcda50e70f4dab2e4dc0cf6d85aced044d7005326922886194895267165f7f592036ebe11dcf1cad98f5cda766eaea90fb4cb5e793525126c7594f8599055192d63a81d3cd26aadd50983f1c3f1d4655c1b5f59e80f733e3abc4792b760729fd26298ef15141cf76cc4", 0xc3}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="a6", 0x1}], 0x300}}], 0x3, 0x0) 8.019555482s ago: executing program 1 (id=251): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000003700010324bd7002fcdbdf2502"], 0x14}}, 0x0) 7.868074969s ago: executing program 1 (id=252): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0) syz_usb_disconnect(r1) r2 = syz_usb_connect(0x4, 0x3f, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000a00)=ANY=[], 0x0) syz_usb_control_io$uac1(r3, 0x0, 0x0) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r4, 0x40015b19, 0x0) 6.902229249s ago: executing program 4 (id=254): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'hsr0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@delchain={0x24, 0x11, 0x1, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r4, {0x10, 0xf}, {0x0, 0xc}, {0x4, 0x1}}}, 0x24}}, 0x0) 6.763817742s ago: executing program 2 (id=255): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002580)={0x3c, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x10, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x8, 0x3, 0x0, 0x1, [{0x4}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x3c}}, 0x0) 5.866891613s ago: executing program 2 (id=256): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000027c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48016}}, {{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000200)="8b26480df80dc7e7c351a9be1dca823cab", 0x11}, {&(0x7f0000000d80)='[)', 0x2}], 0x2, 0x0, 0x0, 0x10}}], 0x2, 0x10) 5.8479957s ago: executing program 1 (id=257): r0 = socket$netlink(0x10, 0x3, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x400, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x4c}}, 0x0) socket$xdp(0x2c, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000000200)={0x2020}, 0x2020) 5.781822682s ago: executing program 4 (id=258): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ptrace$ARCH_MAP_VDSO_64(0x1e, 0xffffffffffffffff, 0x1, 0x2003) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_TTY(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x834, 0x4}, 0x10}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="02000000040000000700000002"], 0x48) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080)) listen(0xffffffffffffffff, 0x5) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x9003000000000000, 0x40, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000001040)={{0x1, 0x1, 0x1018}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00'}) 5.068619325s ago: executing program 4 (id=259): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) setrlimit(0x9, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) creat(&(0x7f0000000100)='./file0\x00', 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x11d502, 0x2) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r3, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r3, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r3, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000540)=""/219, 0xdb, 0x0, 0x1, 0x2}}, 0x48) write$vhost_msg_v2(r3, &(0x7f0000000340)={0x2, 0x0, {&(0x7f00000018c0)=""/201, 0xfd72, 0x0, 0x2, 0x2}}, 0x48) write$vhost_msg_v2(r3, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/119, 0xfca2, 0x0, 0x0, 0x3}}, 0x48) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0) close(r0) syz_emit_ethernet(0x56, &(0x7f00000002c0)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, '\x00', 0x20, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2c}, @remote, {[@hopopts={0x2f, 0x2, '\x00', [@enc_lim={0x4, 0x1, 0x7f}, @enc_lim, @ra={0x5, 0x2, 0x453}, @pad1, @ra={0x5, 0x2, 0x80}, @enc_lim={0x4, 0x1, 0x3}, @enc_lim={0x4, 0x1, 0x96}]}]}}}}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3b8, 0xffffffff, 0xf0, 0xf0, 0x0, 0xffffffff, 0xffffffff, 0x320, 0x320, 0x320, 0xffffffff, 0x4, &(0x7f0000000040), {[{{@uncond, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@addrtype={{0x30}, {0x0, 0x4, 0x1}}, @common=@inet=@tos={{0x28}, {0xc, 0x7, 0x1}}]}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x7ff}}}, {{@uncond, 0x0, 0x100, 0x160, 0x0, {}, [@common=@icmp={{0x28}, {0xb, "047a"}}, @common=@unspec=@rateest={{0x68}, {'bond_slave_0\x00', 'caif0\x00', 0x0, 0x0, 0x6, 0x8000, 0x8, 0x80000000, {0x2}, {0x91}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x3, 0x0, 0x5, 0x2, 0x1, 0x2], 0x0, 0x7}, {0x3, [0x2, 0x4, 0x2, 0x1, 0x2, 0x3], 0x6, 0x2}}}}, {{@ip={@loopback, @local, 0xff, 0x0, 'macvlan0\x00', 'bond0\x00', {0xff}, {0xff}, 0xe529ff109b9325c7, 0x2, 0x20}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, 0x6, 0xf, [0x39, 0x14, 0x3, 0x39, 0xb, 0xf, 0x4, 0x19, 0x16, 0x11, 0x26, 0x10, 0x15, 0x23, 0x23, 0x13], 0x2, 0x10000}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418) 4.936041654s ago: executing program 2 (id=260): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000880)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc2a00e9bfde908990817b364e51afe9c8dab05b16a6437211f9f0570759f1cae63487ff68fffffffffffe8e3932e2b75a25a4cf8a9456aa8a701c318c67edb6e9330b53c0eeba8644311ba7541189070000f50c000000d8e5b1dc91c5499be2097784a94b6cc2d272ac751d8bce5db4862c1b2eab7007ceea158dbc329bab5f8450147b2b9629fdd6cdb5507d3a76dbaf6f93d161caa513f8aa41f795507856ea0015166c56ea0103220ed5a66834be086ef206a8606b04fc8462cbbe8233f381b4eefbdbdac708c1f4959cb6c008397006da8e243ec9fb19f3fab2b0f46d73a9f2d7c674cdbe4d7f76f5fbd05043e81f435fccf5063a93aa9b4c7f68670594"], &(0x7f0000000000)='GPL\x00', 0x5, 0x487, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) ioperm(0x0, 0x7, 0x40000000000006) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000004c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r4 = getpgid(0x0) kcmp(r4, r4, 0x0, r3, r3) 4.059579874s ago: executing program 4 (id=261): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4e) lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x38, 0x1403, 0x6c08c44bda12f87d, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_1\x00'}}]}, 0x38}}, 0x0) io_submit(0x0, 0xfffffffffffffcf9, 0x0) syz_usb_connect(0x2, 0x2d, &(0x7f0000000380)={{0x12, 0x1, 0x250, 0x4, 0xda, 0xb0, 0x10, 0xccd, 0x39, 0x4499, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x4, 0xf8, 0x90, 0x1, [{{0x9, 0x4, 0x6f, 0x8, 0x1, 0x37, 0x6d, 0xbe, 0x9, [], [{{0x9, 0x5, 0x1, 0x2, 0x8, 0xc0, 0x94, 0xa3}}]}}]}}]}}, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0}) r5 = socket(0x49, 0x5, 0x4) getsockopt$MRT6(r5, 0x29, 0xce, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000000100)=""/71, 0x47) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x2) r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VIDIOC_S_PARM(r6, 0xc0cc5616, &(0x7f00000002c0)={0x2, @capture={0x0, 0x1, {0xffff8000, 0x7}, 0xffffffff, 0x4}}) r7 = socket$inet6(0x10, 0x2, 0x0) getsockopt$sock_int(r7, 0x1, 0x2c, 0x0, &(0x7f0000000480)) syz_usb_disconnect(0xffffffffffffffff) ioctl$GIO_FONT(0xffffffffffffffff, 0x4b60, &(0x7f0000000500)=""/9) 1.309312302s ago: executing program 2 (id=262): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x22002, 0x0) openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x5) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[], 0xa4}}, 0x4) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f00000002c0)={0x0, 0x0, '\x00', @bt={0x21, 0x1, 0xffffffff, 0x7, 0x18000000000008, 0x400007, 0xd, 0xd}}) openat$dir(0xffffffffffffff9c, 0x0, 0x4c940, 0x8) acct(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00') inotify_init1(0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) close(r4) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0xff2e) 468.041772ms ago: executing program 4 (id=263): setresgid(0xee00, 0xee01, 0x0) setresgid(0xee01, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x143042, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0x6, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x5453, 0x0) r1 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) 321.733731ms ago: executing program 2 (id=264): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002580)={0x3c, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x10, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x8, 0x3, 0x0, 0x1, [{0x4}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x3c}}, 0x0) 103.938575ms ago: executing program 2 (id=265): landlock_create_ruleset(0x0, 0x0, 0x10000000000001) openat$mice(0xffffffffffffff9c, &(0x7f0000000180), 0x0) syz_emit_vhci(&(0x7f0000000b40)=ANY=[@ANYBLOB="040f0400000b08"], 0x7) 64.438424ms ago: executing program 1 (id=266): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001280), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{}, 'syz1\x00', 0x26}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0) preadv(r1, &(0x7f0000002480)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1, 0x0, 0x0) 0s ago: executing program 4 (id=267): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46a, 0x27, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0xc}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000100)={0x0, 0x30, 0x5, {0x5, 0x1, "a7ea31"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.84' (ED25519) to the list of known hosts. [ 54.443323][ T5816] cgroup: Unknown subsys name 'net' [ 54.548398][ T5816] cgroup: Unknown subsys name 'cpuset' [ 54.556658][ T5816] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 55.870698][ T5816] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 58.171727][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 58.195278][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 58.203419][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 58.216643][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 58.245238][ T5829] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 58.252594][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 58.348933][ T5142] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 58.358243][ T5142] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 58.380960][ T5834] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 58.400397][ T5837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 58.409055][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 58.417232][ T5837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 58.425430][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 58.432850][ T5837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 58.437329][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 58.441069][ T5837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 58.452355][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 58.457016][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 58.462433][ T5844] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 58.469540][ T5837] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 58.476148][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 58.482865][ T5837] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 58.498290][ T5837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 58.506985][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 58.517251][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 58.517258][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 58.532617][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 58.545494][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 58.555311][ T5844] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 58.562983][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 58.729320][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 58.897271][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.904446][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.913107][ T5826] bridge_slave_0: entered allmulticast mode [ 58.920298][ T5826] bridge_slave_0: entered promiscuous mode [ 58.967611][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.974833][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.982524][ T5826] bridge_slave_1: entered allmulticast mode [ 58.990078][ T5826] bridge_slave_1: entered promiscuous mode [ 58.997175][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 59.067467][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.080165][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.153472][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 59.187228][ T5826] team0: Port device team_slave_0 added [ 59.197915][ T5826] team0: Port device team_slave_1 added [ 59.266232][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.273206][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.299438][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.315591][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.322575][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.348598][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.369705][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 59.382032][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 59.397639][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.404803][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.412117][ T5830] bridge_slave_0: entered allmulticast mode [ 59.418715][ T5830] bridge_slave_0: entered promiscuous mode [ 59.426874][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.434011][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.441283][ T5830] bridge_slave_1: entered allmulticast mode [ 59.448280][ T5830] bridge_slave_1: entered promiscuous mode [ 59.490914][ T5826] hsr_slave_0: entered promiscuous mode [ 59.500047][ T5826] hsr_slave_1: entered promiscuous mode [ 59.531657][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.539353][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.547026][ T5839] bridge_slave_0: entered allmulticast mode [ 59.553664][ T5839] bridge_slave_0: entered promiscuous mode [ 59.561771][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.569020][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.576634][ T5839] bridge_slave_1: entered allmulticast mode [ 59.583200][ T5839] bridge_slave_1: entered promiscuous mode [ 59.600700][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.654836][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.681567][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.718645][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.775631][ T5830] team0: Port device team_slave_0 added [ 59.781659][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.792144][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.800105][ T5831] bridge_slave_0: entered allmulticast mode [ 59.810483][ T5831] bridge_slave_0: entered promiscuous mode [ 59.841128][ T5830] team0: Port device team_slave_1 added [ 59.852544][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.860134][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.867685][ T5831] bridge_slave_1: entered allmulticast mode [ 59.874230][ T5831] bridge_slave_1: entered promiscuous mode [ 59.881158][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.888407][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.895743][ T5832] bridge_slave_0: entered allmulticast mode [ 59.902326][ T5832] bridge_slave_0: entered promiscuous mode [ 59.916489][ T5839] team0: Port device team_slave_0 added [ 59.944124][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.951324][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.958678][ T5832] bridge_slave_1: entered allmulticast mode [ 59.965778][ T5832] bridge_slave_1: entered promiscuous mode [ 59.980550][ T5839] team0: Port device team_slave_1 added [ 59.991994][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.999088][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.025120][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.038148][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.045216][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.071207][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.119473][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.131198][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.150925][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.159026][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.186078][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.210249][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.219938][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.230558][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.256765][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.270027][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.324331][ T5830] hsr_slave_0: entered promiscuous mode [ 60.327083][ T5834] Bluetooth: hci0: command tx timeout [ 60.336887][ T5830] hsr_slave_1: entered promiscuous mode [ 60.343199][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.351726][ T5830] Cannot create hsr debugfs directory [ 60.369392][ T5831] team0: Port device team_slave_0 added [ 60.380273][ T5832] team0: Port device team_slave_0 added [ 60.395831][ T5831] team0: Port device team_slave_1 added [ 60.414293][ T5832] team0: Port device team_slave_1 added [ 60.485633][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.492609][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.519171][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.539668][ T5839] hsr_slave_0: entered promiscuous mode [ 60.546433][ T5839] hsr_slave_1: entered promiscuous mode [ 60.552479][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.561851][ T5839] Cannot create hsr debugfs directory [ 60.565443][ T5834] Bluetooth: hci1: command tx timeout [ 60.567413][ T5844] Bluetooth: hci3: command tx timeout [ 60.572771][ T5837] Bluetooth: hci2: command tx timeout [ 60.590622][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.597773][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.623836][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.645385][ T5834] Bluetooth: hci4: command tx timeout [ 60.646678][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.658222][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.684375][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.710551][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.717777][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.743953][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.809591][ T5826] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.843513][ T5826] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.857107][ T5826] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.872430][ T5831] hsr_slave_0: entered promiscuous mode [ 60.879980][ T5831] hsr_slave_1: entered promiscuous mode [ 60.887145][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.894744][ T5831] Cannot create hsr debugfs directory [ 60.929136][ T5826] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.956516][ T5832] hsr_slave_0: entered promiscuous mode [ 60.962813][ T5832] hsr_slave_1: entered promiscuous mode [ 60.969186][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.976828][ T5832] Cannot create hsr debugfs directory [ 61.152940][ T5839] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 61.164360][ T5839] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 61.176550][ T5839] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 61.201733][ T5839] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 61.295399][ T5830] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 61.309665][ T5830] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 61.333940][ T5830] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 61.356457][ T5830] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 61.378712][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 61.390313][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 61.401978][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 61.440666][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 61.504701][ T5832] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 61.521429][ T5832] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 61.530955][ T5832] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 61.543617][ T5832] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 61.567957][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.608031][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.624761][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.663103][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.670374][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.689224][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.708565][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.715702][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.733290][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.740481][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.775708][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.803716][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.811036][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.887223][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.913236][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.978877][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.986043][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.008219][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.030254][ T81] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.037449][ T81] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.069206][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.076359][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.119254][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.126405][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.198714][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.232863][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.258584][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.280533][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.287830][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.314045][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.321238][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.336172][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.405500][ T5834] Bluetooth: hci0: command tx timeout [ 62.467618][ T5832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 62.502959][ T5826] veth0_vlan: entered promiscuous mode [ 62.540915][ T5826] veth1_vlan: entered promiscuous mode [ 62.602751][ T5839] veth0_vlan: entered promiscuous mode [ 62.645837][ T5834] Bluetooth: hci3: command tx timeout [ 62.651308][ T5834] Bluetooth: hci1: command tx timeout [ 62.657157][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.658130][ T5837] Bluetooth: hci2: command tx timeout [ 62.677140][ T5839] veth1_vlan: entered promiscuous mode [ 62.699201][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.731956][ T5834] Bluetooth: hci4: command tx timeout [ 62.757215][ T5826] veth0_macvtap: entered promiscuous mode [ 62.774500][ T5831] veth0_vlan: entered promiscuous mode [ 62.792490][ T5826] veth1_macvtap: entered promiscuous mode [ 62.821164][ T5831] veth1_vlan: entered promiscuous mode [ 62.868824][ T5839] veth0_macvtap: entered promiscuous mode [ 62.884270][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.898925][ T5839] veth1_macvtap: entered promiscuous mode [ 62.939374][ T5831] veth0_macvtap: entered promiscuous mode [ 62.957445][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.986311][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.001081][ T5831] veth1_macvtap: entered promiscuous mode [ 63.009637][ T5832] veth0_vlan: entered promiscuous mode [ 63.019488][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.033481][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.047739][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.058824][ T5826] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.068309][ T5826] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.077238][ T5826] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.086192][ T5826] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.107211][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.118387][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.130725][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.147669][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.158872][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.168960][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.179641][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.191147][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.201440][ T5839] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.211107][ T5839] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.220721][ T5839] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.230329][ T5839] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.248583][ T5832] veth1_vlan: entered promiscuous mode [ 63.262890][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.274034][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.286695][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.297966][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.309063][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.360641][ T5831] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.371457][ T5831] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.380852][ T5831] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.390145][ T5831] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.462987][ T5832] veth0_macvtap: entered promiscuous mode [ 63.481927][ T5830] veth0_vlan: entered promiscuous mode [ 63.494909][ T5832] veth1_macvtap: entered promiscuous mode [ 63.514520][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.523731][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.569184][ T5830] veth1_vlan: entered promiscuous mode [ 63.595725][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.603597][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.614727][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.629659][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.640135][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.650792][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.660964][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.672309][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.684857][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.702204][ T5830] veth0_macvtap: entered promiscuous mode [ 63.734961][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.747741][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.759219][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.771097][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.781063][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.792224][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.803075][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.819453][ T5832] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.825677][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.833115][ T5832] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.845649][ T5832] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.846007][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.854373][ T5832] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.888097][ T5830] veth1_macvtap: entered promiscuous mode [ 63.896807][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.904679][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.965317][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.973184][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.012013][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.022941][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.033152][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.044652][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.054849][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.065412][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.077656][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.088846][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.100985][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.120130][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 64.127801][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.146793][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.154671][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.161467][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.173351][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.184187][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.195628][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.206236][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.216128][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.226649][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.236528][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.248745][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.259722][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.296513][ T5830] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.308299][ T5830] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.327137][ T5830] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.339278][ T5830] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.398910][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.418514][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.485832][ T5834] Bluetooth: hci0: command tx timeout [ 64.725887][ T5834] Bluetooth: hci3: command tx timeout [ 64.731335][ T5834] Bluetooth: hci1: command tx timeout [ 64.736908][ T5837] Bluetooth: hci2: command tx timeout [ 64.775800][ T5920] loop0: detected capacity change from 0 to 256 [ 64.806176][ T5834] Bluetooth: hci4: command tx timeout [ 64.811657][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.881995][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 64.893969][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.352911][ T5923] 9pnet_fd: p9_fd_create_unix (5923): problem connecting socket: ./file0/file0: -2 [ 65.380010][ T5923] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 65.388165][ T5923] FAT-fs (loop0): Filesystem has been set read-only [ 65.927822][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.955477][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.985379][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 65.993800][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.055484][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.064089][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.305732][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.386846][ T5918] syz.3.4 (5918): drop_caches: 2 [ 66.392180][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.566567][ T5834] Bluetooth: hci0: command tx timeout [ 66.739932][ T5929] loop0: detected capacity change from 0 to 64 [ 67.315245][ T5834] Bluetooth: hci1: command tx timeout [ 67.440023][ T5837] Bluetooth: hci3: command tx timeout [ 67.446291][ T5837] Bluetooth: hci2: command tx timeout [ 67.452403][ T5837] Bluetooth: hci4: command tx timeout [ 67.806502][ T5880] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 68.035289][ T5880] usb 5-1: Using ep0 maxpacket: 8 [ 68.068918][ T5880] usb 5-1: config 0 has no interfaces? [ 68.080961][ T5880] usb 5-1: New USB device found, idVendor=046d, idProduct=08ad, bcdDevice=45.03 [ 68.103947][ T5880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.147955][ T5880] usb 5-1: Product: syz [ 68.152494][ T5880] usb 5-1: Manufacturer: syz [ 68.215224][ T5941] loop3: detected capacity change from 0 to 512 [ 69.037942][ T5880] usb 5-1: SerialNumber: syz [ 69.078133][ T5880] usb 5-1: config 0 descriptor?? [ 69.141464][ T5941] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.8: corrupted in-inode xattr: invalid ea_ino [ 69.267853][ T5945] loop0: detected capacity change from 0 to 512 [ 69.357308][ T5941] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.8: couldn't read orphan inode 15 (err -117) [ 70.180682][ T5941] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.197300][ T5945] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.9: corrupted in-inode xattr: invalid ea_ino [ 70.224137][ T5880] usb 5-1: USB disconnect, device number 2 [ 70.252832][ T5945] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.9: couldn't read orphan inode 15 (err -117) [ 70.277309][ T5945] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.332797][ T5952] loop2: detected capacity change from 0 to 256 [ 70.340432][ T5943] /dev/nullb0: Can't open blockdev [ 70.347623][ T5943] /dev/nullb0: Can't open blockdev [ 70.394100][ T5952] exfat: Deprecated parameter 'namecase' [ 70.690989][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.719855][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.734752][ T5952] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 71.081539][ T5958] loop4: detected capacity change from 0 to 512 [ 71.288671][ T5958] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.13: corrupted in-inode xattr: invalid ea_ino [ 71.318493][ T5958] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.13: couldn't read orphan inode 15 (err -117) [ 71.346236][ T5958] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.514196][ T5957] /dev/nullb0: Can't open blockdev [ 71.521253][ T5957] /dev/nullb0: Can't open blockdev [ 71.643989][ T5954] loop1: detected capacity change from 0 to 32768 [ 71.694388][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.701030][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.881073][ T5966] loop0: detected capacity change from 0 to 64 [ 71.941480][ T29] audit: type=1800 audit(1736142809.300:2): pid=5954 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.12" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 72.045439][ T5830] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.104800][ T29] audit: type=1800 audit(1736142809.360:3): pid=5954 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.12" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 72.860504][ T5953] syz.1.12 (5953) used greatest stack depth: 18384 bytes left [ 73.941947][ T5981] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 74.986994][ T5994] loop0: detected capacity change from 0 to 512 [ 75.007050][ T5991] loop2: detected capacity change from 0 to 4096 [ 75.014273][ T5991] ntfs3: Unknown parameter 'showmeta' [ 75.048078][ T5994] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.22: corrupted in-inode xattr: invalid ea_ino [ 75.103500][ T5994] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.22: couldn't read orphan inode 15 (err -117) [ 75.119291][ T5994] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.093079][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.108279][ T5991] sp0: Synchronizing with TNC [ 76.638384][ T5989] loop4: detected capacity change from 0 to 32768 [ 76.648425][ T5989] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section members_v2: section too small (65432 > 152) [ 76.648425][ T5989] members_v2 (size 152): [ 76.648425][ T5989] Device: 0 [ 76.648425][ T5989] Label: (none) [ 76.648425][ T5989] UUID: 7af6772b-00de-4159-84cd-1faead05aceb [ 76.648425][ T5989] Size: 16777216 [ 76.648425][ T5989] read errors: 0 [ 76.648425][ T5989] write errors: 0 [ 76.648425][ T5989] checksum errors: 0 [ 76.648425][ T5989] seqread iops: 0 [ 76.648425][ T5989] seqwrite iops: 0 [ 76.648425][ T5989] randread iops: 0 [ 76.648425][ T5989] randwrite iops: 0 [ 76.648425][ T5989] Bucket size: 131072 [ 76.648425][ T5989] First bucket: 0 [ 76.648425][ T5989] Buckets: 128 [ 76.648425][ T5989] Last mount: 1714681267 [ 76.648425][ T5989] Last superblock write: 42 [ 76.648425][ T5989] State: rw [ 76.648425][ T5989] Data allowed: journal,btree,user [ 76.648425][ T5989] Has data: journal,btree,user [ 76.648425][ T5989] Btree allocated bitmap blocksize:256 [ 76.648425][ T5989] Btree allocated bitmap: 0000000000000000000001000010000010011000000000000000000000000000 [ 76.648425][ T5989] Durability: [ 76.648577][ T5989] bcachefs: bch2_fs_get_tree() error: invalid_sb_members [ 76.844634][ T6014] evm: overlay not supported [ 77.471476][ T29] audit: type=1804 audit(1736142814.210:4): pid=6014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.23" name="/newroot/6/bus/bus" dev="overlay" ino=62 res=1 errno=0 [ 78.057639][ T6023] netlink: 32 bytes leftover after parsing attributes in process `syz.1.24'. [ 78.506625][ T6023] netlink: 32 bytes leftover after parsing attributes in process `syz.1.24'. [ 78.691953][ T6030] loop4: detected capacity change from 0 to 64 [ 79.199460][ T6032] 0: reclassify loop, rule prio 0, protocol 800 [ 79.212687][ T6032] 0: reclassify loop, rule prio 0, protocol 800 [ 79.242317][ T6022] loop0: detected capacity change from 0 to 64 [ 79.245371][ C0] 0: reclassify loop, rule prio 0, protocol 800 [ 79.295313][ T6029] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.369616][ T5910] 0: reclassify loop, rule prio 0, protocol 800 [ 79.376700][ T5909] 0: reclassify loop, rule prio 0, protocol 800 [ 79.399475][ T6029] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.475417][ C0] 0: reclassify loop, rule prio 0, protocol 800 [ 79.772783][ T6041] loop0: detected capacity change from 0 to 64 [ 79.905423][ C0] 0: reclassify loop, rule prio 0, protocol 800 [ 80.516100][ T6039] loop1: detected capacity change from 0 to 32768 [ 80.561011][ T6045] loop0: detected capacity change from 0 to 512 [ 80.663039][ T6045] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 80.805156][ C0] 0: reclassify loop, rule prio 0, protocol 800 [ 81.140589][ T6047] loop2: detected capacity change from 0 to 512 [ 81.287386][ C1] 0: reclassify loop, rule prio 0, protocol 800 [ 81.370387][ T6047] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.34: corrupted in-inode xattr: invalid ea_ino [ 81.384669][ T6047] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.34: couldn't read orphan inode 15 (err -117) [ 81.415257][ T6045] EXT4-fs (loop0): blocks per group (95) and clusters per group (32768) inconsistent [ 81.426816][ T29] audit: type=1800 audit(1736142818.790:5): pid=6039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.31" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 81.458037][ T6047] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.517691][ T6046] /dev/nullb0: Can't open blockdev [ 81.525401][ T6046] /dev/nullb0: Can't open blockdev [ 81.558931][ T29] audit: type=1800 audit(1736142818.810:6): pid=6039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.31" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 81.673649][ T6045] loop0: detected capacity change from 0 to 128 [ 81.710849][ T6045] ufs: You didn't specify the type of your ufs filesystem [ 81.710849][ T6045] [ 81.710849][ T6045] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 81.710849][ T6045] [ 81.710849][ T6045] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 81.751908][ T6040] loop3: detected capacity change from 0 to 32768 [ 81.879805][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.882065][ T6040] ======================================================= [ 81.882065][ T6040] WARNING: The mand mount option has been deprecated and [ 81.882065][ T6040] and is ignored by this kernel. Remove the mand [ 81.882065][ T6040] option from the mount to silence this warning. [ 81.882065][ T6040] ======================================================= [ 81.968806][ T8] cfg80211: failed to load regulatory.db [ 82.204918][ T6045] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2 [ 82.334912][ T6045] netlink: 16 bytes leftover after parsing attributes in process `syz.0.33'. [ 82.351322][ T6040] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 82.370623][ T6034] loop4: detected capacity change from 0 to 32768 [ 82.396053][ T6045] openvswitch: netlink: IP tunnel dst address not specified [ 82.930683][ T6064] loop2: detected capacity change from 0 to 512 [ 83.093012][ T6064] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.35: corrupted in-inode xattr: invalid ea_ino [ 83.109348][ T6064] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.35: couldn't read orphan inode 15 (err -117) [ 83.130511][ T6064] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.204299][ T6064] /dev/nullb0: Can't open blockdev [ 83.221766][ T6064] /dev/nullb0: Can't open blockdev [ 83.737438][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.825523][ T6061] loop4: detected capacity change from 0 to 32768 [ 84.848054][ T6061] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.37 (6061) [ 84.933267][ T6061] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 84.945280][ T6061] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 84.954464][ T6061] BTRFS info (device loop4): using free-space-tree [ 84.984628][ T5832] ocfs2: Unmounting device (7,3) on (node local) [ 85.499008][ T6077] loop1: detected capacity change from 0 to 32768 [ 85.698071][ T6075] loop0: detected capacity change from 0 to 32768 [ 85.717893][ T29] audit: type=1800 audit(1736142823.080:7): pid=6077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.40" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 85.767188][ T1135] net_ratelimit: 1 callbacks suppressed [ 85.767205][ T1135] 0: reclassify loop, rule prio 0, protocol 800 [ 85.819800][ T29] audit: type=1800 audit(1736142823.080:8): pid=6061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.37" name="bus" dev="loop4" ino=263 res=0 errno=0 [ 86.005150][ C0] 0: reclassify loop, rule prio 0, protocol 800 [ 86.142545][ T6105] netlink: 4 bytes leftover after parsing attributes in process `syz.4.37'. [ 86.738360][ T29] audit: type=1800 audit(1736142823.110:9): pid=6100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.37" name="bus" dev="loop4" ino=263 res=0 errno=0 [ 86.758789][ T6105] netlink: 4 bytes leftover after parsing attributes in process `syz.4.37'. [ 86.809987][ T29] audit: type=1800 audit(1736142823.110:10): pid=6077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.40" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 86.858900][ T6105] netlink: 116 bytes leftover after parsing attributes in process `syz.4.37'. [ 86.901407][ T6105] netlink: 4 bytes leftover after parsing attributes in process `syz.4.37'. [ 86.927173][ T29] audit: type=1800 audit(1736142823.160:11): pid=6075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.39" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 87.009730][ T29] audit: type=1800 audit(1736142823.160:12): pid=6075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.39" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 87.031492][ T29] audit: type=1804 audit(1736142824.350:13): pid=6102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.37" name="/newroot/6/bus/bus" dev="loop4" ino=263 res=1 errno=0 [ 87.477200][ T6116] loop1: detected capacity change from 0 to 512 [ 87.521620][ T6116] EXT4-fs (loop1): blocks per group (95) and clusters per group (32768) inconsistent [ 87.548136][ T5830] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 87.585826][ T6116] loop1: detected capacity change from 0 to 128 [ 87.594028][ T6116] ufs: You didn't specify the type of your ufs filesystem [ 87.594028][ T6116] [ 87.594028][ T6116] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 87.594028][ T6116] [ 87.594028][ T6116] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 87.644386][ T6116] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2 [ 87.709822][ T6114] loop3: detected capacity change from 0 to 32768 [ 87.761854][ T6116] netlink: 16 bytes leftover after parsing attributes in process `syz.1.43'. [ 87.843490][ T6121] loop2: detected capacity change from 0 to 64 [ 87.881423][ T29] audit: type=1800 audit(1736142825.240:14): pid=6114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.42" name="file1" dev="loop3" ino=4 res=0 errno=0 [ 88.013973][ T6123] openvswitch: netlink: IP tunnel dst address not specified [ 88.054768][ T29] audit: type=1800 audit(1736142825.390:15): pid=6122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.42" name="file1" dev="loop3" ino=4 res=0 errno=0 [ 89.012746][ T6126] read_mapping_page failed! [ 89.018372][ T6126] diRead: read_metapage failed [ 89.024668][ T6126] jfs_lookup: iget failed on inum 32 [ 89.030905][ T6126] overlayfs: failed to resolve './file0': -5 [ 89.206096][ T5879] 0: reclassify loop, rule prio 0, protocol 800 [ 89.306080][ T6129] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 89.379221][ T6131] raw_sendmsg: syz.4.45 forgot to set AF_INET. Fix it! [ 89.583557][ T6136] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 89.799026][ T6120] loop0: detected capacity change from 0 to 32768 [ 89.810694][ T6138] loop4: detected capacity change from 0 to 32768 [ 89.907787][ T6140] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 89.914787][ T6140] pim6reg0: linktype set to 0 [ 90.023967][ T29] audit: type=1800 audit(1736142827.380:16): pid=6120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.44" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 90.093399][ T6116] loop1: detected capacity change from 0 to 32768 [ 90.119869][ T6116] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 90.259671][ T6116] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 91.193744][ T6116] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 91.246043][ T5909] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 91.253535][ T5909] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 91.458981][ T5909] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 205ms [ 91.467476][ T5909] gfs2: fsid=syz:syz.0: jid=0: Done [ 91.475909][ T6116] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 91.489944][ T6116] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 91.506464][ T6160] loop2: detected capacity change from 0 to 1024 [ 91.530766][ T12] 0: reclassify loop, rule prio 0, protocol 800 [ 92.250978][ T6179] netlink: 256 bytes leftover after parsing attributes in process `syz.1.60'. [ 92.395602][ T6185] loop1: detected capacity change from 0 to 1024 [ 92.456869][ T6185] EXT4-fs: Ignoring removed bh option [ 92.479921][ T5879] IPVS: starting estimator thread 0... [ 92.487625][ T6185] EXT4-fs: inline encryption not supported [ 92.537064][ T6185] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 92.655829][ T6188] IPVS: using max 22 ests per chain, 52800 per kthread [ 92.732666][ T6185] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 92.759569][ T6185] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.60: Invalid block bitmap block 0 in block_group 0 [ 92.805227][ C0] 0: reclassify loop, rule prio 0, protocol 800 [ 92.874222][ T6194] loop2: detected capacity change from 0 to 512 [ 93.563603][ T6194] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.62: corrupted in-inode xattr: invalid ea_ino [ 93.577397][ T6194] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.62: couldn't read orphan inode 15 (err -117) [ 93.589975][ T6194] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.655342][ T6185] __quota_error: 3 callbacks suppressed [ 93.655362][ T6185] Quota error (device loop1): write_blk: dquota write failed [ 93.668953][ T6185] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 93.679183][ T6185] EXT4-fs error (device loop1): ext4_acquire_dquot:6927: comm syz.1.60: Failed to acquire dquot type 0 [ 93.770034][ T6185] EXT4-fs error (device loop1): ext4_free_blocks:6589: comm syz.1.60: Freeing blocks not in datazone - block = 0, count = 4096 [ 93.810602][ T6185] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.60: Invalid inode bitmap blk 0 in block_group 0 [ 93.839444][ T1135] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-8 [ 93.849009][ T1135] EXT4-fs error (device loop1): ext4_release_dquot:6950: comm kworker/u8:6: Failed to release dquot type 0 [ 93.860815][ T6185] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem [ 93.896868][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.910396][ T6185] EXT4-fs (loop1): 1 orphan inode deleted [ 93.942881][ T6185] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.966947][ T6171] loop4: detected capacity change from 0 to 32768 [ 93.987209][ T6197] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 94.025655][ T6171] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 94.034031][ T6171] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 94.034444][ T6179] binder: 6178:6179 ioctl c0306201 20000080 returned -14 [ 94.048880][ T6186] loop3: detected capacity change from 0 to 32768 [ 94.084375][ T6179] binder: 6178:6179 ioctl c05064a7 20000540 returned -22 [ 94.086477][ T6171] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 94.121010][ T5876] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 94.132590][ T5876] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 94.156168][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.216953][ T5876] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 84ms [ 94.226121][ T5876] gfs2: fsid=syz:syz.0: jid=0: Done [ 94.267077][ T6171] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 94.276424][ T6186] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 94.282604][ T6211] mmap: syz.1.65 (6211) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 94.421332][ T6216] loop0: detected capacity change from 0 to 1024 [ 94.560495][ T6216] hfsplus: bad catalog entry type [ 94.585432][ T6186] XFS (loop3): Ending clean mount [ 94.772421][ T1135] 0: reclassify loop, rule prio 0, protocol 800 [ 94.781244][ T1010] hfsplus: b-tree write err: -5, ino 4 [ 95.695527][ T6241] loop2: detected capacity change from 0 to 1024 [ 95.740982][ T5876] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 95.858929][ T6247] loop4: detected capacity change from 0 to 128 [ 95.884813][ T6247] affs: No valid root block on device loop4 [ 95.925338][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.935277][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.975380][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.078432][ T5832] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 96.157445][ T6249] loop1: detected capacity change from 0 to 256 [ 96.175138][ T5876] usb 4-1: device not accepting address 2, error -71 [ 96.198736][ T6253] Zero length message leads to an empty skb [ 96.571250][ T6249] 9pnet_fd: p9_fd_create_unix (6249): problem connecting socket: ./file0/file0: -2 [ 97.143986][ T6267] warning: `syz.3.79' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 97.288042][ T35] 0: reclassify loop, rule prio 0, protocol 800 [ 97.296858][ T5879] 0: reclassify loop, rule prio 0, protocol 800 [ 97.303413][ T5879] 0: reclassify loop, rule prio 0, protocol 800 [ 97.405953][ T6274] IPVS: set_ctl: invalid protocol: 184 172.30.1.4:20000 [ 97.420690][ T6254] loop2: detected capacity change from 0 to 32768 [ 97.501636][ T6272] loop0: detected capacity change from 0 to 4096 [ 97.510432][ T6272] ntfs3: Unknown parameter 'showmeta' [ 97.535100][ T29] audit: type=1800 audit(1736142834.870:20): pid=6254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.74" name="file1" dev="loop2" ino=4 res=0 errno=0 [ 97.578097][ T29] audit: type=1800 audit(1736142834.940:21): pid=6254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.74" name="file1" dev="loop2" ino=4 res=0 errno=0 [ 97.653288][ T6272] sp0: Synchronizing with TNC [ 97.700455][ T6284] loop4: detected capacity change from 0 to 4096 [ 98.704152][ T6284] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.748361][ T6284] fs-verity: sha256 using implementation "sha256-avx2" [ 98.779798][ T6295] loop1: detected capacity change from 0 to 4096 [ 98.852792][ T6295] ntfs3: Unknown parameter 'showmeta' [ 98.865856][ T6297] fs-verity: sha512 using implementation "sha512-avx2" [ 98.952344][ T6300] binder: BINDER_SET_CONTEXT_MGR already set [ 98.967111][ T6300] binder: 6299:6300 ioctl 4018620d 20001340 returned -16 [ 98.991736][ T6301] FAULT_INJECTION: forcing a failure. [ 98.991736][ T6301] name failslab, interval 1, probability 0, space 0, times 0 [ 99.035188][ T6301] CPU: 0 UID: 0 PID: 6301 Comm: syz.3.86 Not tainted 6.13.0-rc3-next-20241220-syzkaller #0 [ 99.035220][ T6301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 99.035234][ T6301] Call Trace: [ 99.035240][ T6301] [ 99.035248][ T6301] dump_stack_lvl+0x241/0x360 [ 99.035285][ T6301] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.035303][ T6301] ? __pfx__printk+0x10/0x10 [ 99.035329][ T6301] ? __kmalloc_cache_noprof+0x48/0x390 [ 99.035348][ T6301] ? __pfx___might_resched+0x10/0x10 [ 99.035373][ T6301] ? flow_indr_dev_setup_offload+0x48/0x660 [ 99.035395][ T6301] should_fail_ex+0x40a/0x550 [ 99.035423][ T6301] should_failslab+0xac/0x100 [ 99.035448][ T6301] __kmalloc_cache_noprof+0x70/0x390 [ 99.035463][ T6301] ? flow_indr_dev_setup_offload+0x24f/0x660 [ 99.035485][ T6301] flow_indr_dev_setup_offload+0x24f/0x660 [ 99.035505][ T6301] ? __pfx_tc_block_indr_cleanup+0x10/0x10 [ 99.035526][ T6301] tcf_block_offload_cmd+0x31f/0x470 [ 99.035551][ T6301] ? __pfx_tcf_block_offload_cmd+0x10/0x10 [ 99.035576][ T6301] ? __pfx_down_write+0x10/0x10 [ 99.035596][ T6301] ? __kmalloc_cache_noprof+0x243/0x390 [ 99.035612][ T6301] ? tcf_block_get_ext+0x86c/0x1670 [ 99.035638][ T6301] tcf_block_get_ext+0xe97/0x1670 [ 99.035676][ T6301] tcf_block_get+0xf8/0x150 [ 99.035700][ T6301] ? __pfx_tcf_block_get+0x10/0x10 [ 99.035722][ T6301] ? __pfx_tcf_chain_head_change_dflt+0x10/0x10 [ 99.035751][ T6301] ? __asan_memset+0x23/0x50 [ 99.035772][ T6301] hfsc_init_qdisc+0x11f/0x390 [ 99.035792][ T6301] ? __pfx_hfsc_init_qdisc+0x10/0x10 [ 99.035810][ T6301] qdisc_create+0x9d4/0x11a0 [ 99.035839][ T6301] ? __pfx_qdisc_create+0x10/0x10 [ 99.035868][ T6301] tc_modify_qdisc+0xa26/0x1e40 [ 99.035904][ T6301] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 99.035948][ T6301] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 99.035969][ T6301] rtnetlink_rcv_msg+0x73f/0xcf0 [ 99.035987][ T6301] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 99.036010][ T6301] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 99.036035][ T6301] ? ref_tracker_free+0x643/0x7e0 [ 99.036057][ T6301] netlink_rcv_skb+0x1e3/0x430 [ 99.036081][ T6301] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 99.036102][ T6301] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 99.036145][ T6301] ? netlink_deliver_tap+0x2e/0x1b0 [ 99.036171][ T6301] netlink_unicast+0x7f6/0x990 [ 99.036202][ T6301] ? __pfx_netlink_unicast+0x10/0x10 [ 99.036221][ T6301] ? __virt_addr_valid+0x45f/0x530 [ 99.036245][ T6301] ? __phys_addr_symbol+0x2f/0x70 [ 99.036265][ T6301] ? __check_object_size+0x47a/0x730 [ 99.036287][ T6301] netlink_sendmsg+0x8e4/0xcb0 [ 99.036309][ T6301] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.036333][ T6301] ? aa_sock_msg_perm+0x91/0x160 [ 99.036365][ T6301] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.036384][ T6301] __sock_sendmsg+0x221/0x270 [ 99.036406][ T6301] ____sys_sendmsg+0x52a/0x7e0 [ 99.036431][ T6301] ? __pfx_____sys_sendmsg+0x10/0x10 [ 99.036446][ T6301] ? __fget_files+0x2a/0x410 [ 99.036465][ T6301] ? __fget_files+0x2a/0x410 [ 99.036489][ T6301] __sys_sendmmsg+0x36a/0x720 [ 99.036519][ T6301] ? __pfx___sys_sendmmsg+0x10/0x10 [ 99.036548][ T6301] ? __pfx_lock_release+0x10/0x10 [ 99.036568][ T6301] ? kstrtouint_from_user+0x128/0x190 [ 99.036612][ T6301] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 99.036631][ T6301] ? ksys_write+0x22a/0x2b0 [ 99.036651][ T6301] ? __pfx_lock_release+0x10/0x10 [ 99.036680][ T6301] ? vfs_write+0x7fa/0xd10 [ 99.036707][ T6301] ? __mutex_unlock_slowpath+0x21e/0x790 [ 99.036753][ T6301] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 99.036777][ T6301] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 99.036800][ T6301] ? do_syscall_64+0x100/0x230 [ 99.036820][ T6301] __x64_sys_sendmmsg+0xa0/0xb0 [ 99.036839][ T6301] do_syscall_64+0xf3/0x230 [ 99.036856][ T6301] ? clear_bhb_loop+0x35/0x90 [ 99.036882][ T6301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.036903][ T6301] RIP: 0033:0x7f098a585d29 [ 99.036927][ T6301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.036941][ T6301] RSP: 002b:00007f098b44b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 99.036961][ T6301] RAX: ffffffffffffffda RBX: 00007f098a775fa0 RCX: 00007f098a585d29 [ 99.036974][ T6301] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 99.036986][ T6301] RBP: 00007f098b44b090 R08: 0000000000000000 R09: 0000000000000000 [ 99.036997][ T6301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 99.037008][ T6301] R13: 0000000000000000 R14: 00007f098a775fa0 R15: 00007fff71191f58 [ 99.037038][ T6301] [ 99.833402][ T5830] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.855378][ T6290] sp0: Synchronizing with TNC [ 100.525990][ T6319] netlink: 4 bytes leftover after parsing attributes in process `syz.2.90'. [ 100.894071][ T6333] netlink: 'syz.2.94': attribute type 21 has an invalid length. [ 100.903542][ T6333] netlink: 128 bytes leftover after parsing attributes in process `syz.2.94'. [ 100.914296][ T6333] netlink: 'syz.2.94': attribute type 4 has an invalid length. [ 100.922642][ T6333] netlink: 3 bytes leftover after parsing attributes in process `syz.2.94'. [ 101.003408][ T6336] @: renamed from vlan0 (while UP) [ 101.064089][ T6334] x_tables: duplicate underflow at hook 2 [ 101.512957][ T6336] loop2: detected capacity change from 0 to 4096 [ 101.843882][ T6336] ntfs3(loop2): Failed to initialize $Extend/$ObjId. [ 102.327604][ T6338] loop1: detected capacity change from 0 to 32768 [ 102.368727][ T29] audit: type=1800 audit(1736142839.730:22): pid=6338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.97" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 102.448406][ T29] audit: type=1800 audit(1736142839.760:23): pid=6338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.97" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 102.937462][ T6362] loop4: detected capacity change from 0 to 1024 [ 104.119086][ T6368] loop0: detected capacity change from 0 to 512 [ 104.406615][ T11] hfsplus: b-tree write err: -5, ino 4 [ 104.455417][ T6368] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.100: corrupted in-inode xattr: invalid ea_ino [ 104.509280][ T6368] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.100: couldn't read orphan inode 15 (err -117) [ 104.554327][ T6368] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.629694][ T6376] loop3: detected capacity change from 0 to 64 [ 104.801664][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.897874][ T6379] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 105.432249][ T6382] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 105.453438][ T6385] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 105.455179][ T6382] overlayfs: missing 'lowerdir' [ 105.872967][ T6386] loop0: detected capacity change from 0 to 512 [ 106.182346][ T6386] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.107: corrupted in-inode xattr: invalid ea_ino [ 106.198506][ T6386] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.107: couldn't read orphan inode 15 (err -117) [ 106.212365][ T6386] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.552889][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.655237][ T1627] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 106.820020][ T1627] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 106.833270][ T1627] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 106.949274][ T1627] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.024915][ T1627] usb 2-1: config 0 descriptor?? [ 107.055207][ T8] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 107.087026][ T1627] pwc: Askey VC010 type 2 USB webcam detected. [ 107.216153][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 107.300839][ T8] usb 1-1: config 0 has no interfaces? [ 107.403845][ T8] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 107.478933][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.495130][ T1627] pwc: recv_control_msg error -32 req 02 val 2b00 [ 107.505874][ T1627] pwc: recv_control_msg error -32 req 02 val 2700 [ 107.529750][ T8] usb 1-1: Product: syz [ 107.533514][ T1627] pwc: recv_control_msg error -32 req 02 val 2c00 [ 107.533937][ T8] usb 1-1: Manufacturer: syz [ 107.545411][ T8] usb 1-1: SerialNumber: syz [ 107.553303][ T8] usb 1-1: config 0 descriptor?? [ 107.580602][ T1627] pwc: recv_control_msg error -32 req 04 val 1000 [ 107.615912][ T1627] pwc: recv_control_msg error -32 req 04 val 1300 [ 107.648633][ T1627] pwc: recv_control_msg error -32 req 04 val 1400 [ 107.685367][ T1627] pwc: recv_control_msg error -32 req 02 val 2000 [ 107.725367][ T1627] pwc: recv_control_msg error -32 req 02 val 2100 [ 107.746105][ T1627] pwc: recv_control_msg error -32 req 04 val 1500 [ 107.771660][ T1627] pwc: recv_control_msg error -32 req 02 val 2500 [ 107.907732][ T1627] pwc: recv_control_msg error -32 req 02 val 2400 [ 108.643193][ T6402] loop3: detected capacity change from 0 to 32768 [ 108.654156][ T6402] xfs: Unknown parameter 'fsmagic' [ 108.748658][ T6406] loop4: detected capacity change from 0 to 32768 [ 108.913650][ T29] audit: type=1800 audit(1736142846.250:24): pid=6406 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.113" name="file1" dev="loop4" ino=4 res=0 errno=0 [ 109.015575][ T1627] pwc: recv_control_msg error -32 req 02 val 2800 [ 109.024045][ T29] audit: type=1800 audit(1736142846.260:25): pid=6406 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.113" name="file1" dev="loop4" ino=4 res=0 errno=0 [ 109.045763][ T1627] pwc: recv_control_msg error -32 req 04 val 1100 [ 109.069753][ T1627] pwc: recv_control_msg error -32 req 04 val 1200 [ 109.081353][ T1627] pwc: Registered as video103. [ 109.092876][ T1627] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input5 [ 109.334342][ T6421] netlink: 48 bytes leftover after parsing attributes in process `syz.2.115'. [ 109.344412][ T6421] netlink: 'syz.2.115': attribute type 1 has an invalid length. [ 109.354048][ T6421] netlink: 56 bytes leftover after parsing attributes in process `syz.2.115'. [ 109.581706][ T6426] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.775234][ T6435] netlink: 8 bytes leftover after parsing attributes in process `syz.2.118'. [ 109.775262][ T6435] netlink: 4 bytes leftover after parsing attributes in process `syz.2.118'. [ 109.775289][ T6435] netlink: 'syz.2.118': attribute type 14 has an invalid length. [ 109.775352][ T6435] netlink: 'syz.2.118': attribute type 11 has an invalid length. [ 109.837196][ T6431] loop3: detected capacity change from 0 to 1024 [ 109.892214][ T6431] hfsplus: Unknown parameter '' [ 110.016156][ T6440] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 110.232808][ T6442] program syz.4.121 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 110.641163][ T1627] usb 2-1: USB disconnect, device number 2 [ 110.737525][ T6452] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 110.899272][ T8] usb 1-1: USB disconnect, device number 2 [ 111.218249][ T6460] loop1: detected capacity change from 0 to 128 [ 111.282796][ T6460] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 111.326926][ T6460] ext4 filesystem being mounted at /21/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 111.444374][ T6460] binder: 6455:6460 ioctl c0306201 20001a80 returned -14 [ 111.444804][ T6457] binder: 6455:6457 ioctl c0306201 20001a80 returned -14 [ 111.677849][ T6473] loop4: detected capacity change from 0 to 256 [ 111.683144][ T5831] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 111.713961][ T6473] exfat: Unknown parameter '0000000000176888688100000000000000000000143' [ 112.385587][ T6468] loop0: detected capacity change from 0 to 32768 [ 112.460958][ T29] audit: type=1800 audit(1736142849.810:26): pid=6468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.126" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 112.482107][ T29] audit: type=1800 audit(1736142849.810:27): pid=6468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.126" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 113.027091][ T6492] netlink: 'syz.3.132': attribute type 4 has an invalid length. [ 113.365150][ T1627] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 113.535367][ T1627] usb 4-1: Using ep0 maxpacket: 32 [ 113.547780][ T1627] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 113.561427][ T1627] usb 4-1: config 0 has no interface number 0 [ 113.578285][ T1627] usb 4-1: config 0 interface 12 has no altsetting 0 [ 113.591673][ T6498] netlink: 18 bytes leftover after parsing attributes in process `syz.2.134'. [ 113.614146][ T1627] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 113.632510][ T1627] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.641074][ T1627] usb 4-1: Product: syz [ 113.646462][ T1627] usb 4-1: Manufacturer: syz [ 113.651712][ T1627] usb 4-1: SerialNumber: syz [ 113.668138][ T1627] usb 4-1: config 0 descriptor?? [ 113.673438][ T6489] loop1: detected capacity change from 0 to 32768 [ 113.710046][ T6498] netlink: 18 bytes leftover after parsing attributes in process `syz.2.134'. [ 113.713396][ T6489] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 113.727702][ T6489] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 113.790370][ T6489] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 113.844250][ T6489] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 114.285205][ T5880] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 114.346128][ T6489] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 114.436757][ T5880] usb 1-1: device descriptor read/64, error -71 [ 114.506001][ T6492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.526415][ T6492] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.695242][ T5880] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 114.767781][ T6508] FAULT_INJECTION: forcing a failure. [ 114.767781][ T6508] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 114.791984][ T6508] CPU: 1 UID: 0 PID: 6508 Comm: syz.2.138 Not tainted 6.13.0-rc3-next-20241220-syzkaller #0 [ 114.792014][ T6508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 114.792025][ T6508] Call Trace: [ 114.792031][ T6508] [ 114.792039][ T6508] dump_stack_lvl+0x241/0x360 [ 114.792066][ T6508] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.792086][ T6508] ? __pfx__printk+0x10/0x10 [ 114.792112][ T6508] ? __pfx_lock_release+0x10/0x10 [ 114.792151][ T6508] should_fail_ex+0x40a/0x550 [ 114.792181][ T6508] _copy_from_user+0x2f/0xc0 [ 114.792205][ T6508] input_event_from_user+0x1e2/0x4a0 [ 114.792234][ T6508] ? __pfx_input_event_from_user+0x10/0x10 [ 114.792259][ T6508] ? input_inject_event+0xd6/0x350 [ 114.792281][ T6508] evdev_write+0x470/0x790 [ 114.792311][ T6508] ? __pfx_evdev_write+0x10/0x10 [ 114.792335][ T6508] ? bpf_lsm_file_permission+0x9/0x10 [ 114.792355][ T6508] ? rw_verify_area+0x243/0x630 [ 114.792376][ T6508] ? __pfx_evdev_write+0x10/0x10 [ 114.792399][ T6508] vfs_write+0x29f/0xd10 [ 114.792428][ T6508] ? __pfx_vfs_write+0x10/0x10 [ 114.792453][ T6508] ? __fget_files+0x2a/0x410 [ 114.792473][ T6508] ? __fget_files+0x395/0x410 [ 114.792490][ T6508] ? __fget_files+0x2a/0x410 [ 114.792517][ T6508] ksys_write+0x18f/0x2b0 [ 114.792541][ T6508] ? __pfx_ksys_write+0x10/0x10 [ 114.792562][ T6508] ? do_syscall_64+0x100/0x230 [ 114.792582][ T6508] ? do_syscall_64+0xb6/0x230 [ 114.792602][ T6508] do_syscall_64+0xf3/0x230 [ 114.792618][ T6508] ? clear_bhb_loop+0x35/0x90 [ 114.792644][ T6508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.792664][ T6508] RIP: 0033:0x7fdcb7385d29 [ 114.792681][ T6508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.792695][ T6508] RSP: 002b:00007fdcb8186038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 114.792715][ T6508] RAX: ffffffffffffffda RBX: 00007fdcb7575fa0 RCX: 00007fdcb7385d29 [ 114.792728][ T6508] RDX: 0000000000000918 RSI: 0000000020000040 RDI: 0000000000000003 [ 114.792739][ T6508] RBP: 00007fdcb8186090 R08: 0000000000000000 R09: 0000000000000000 [ 114.792751][ T6508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 114.792761][ T6508] R13: 0000000000000000 R14: 00007fdcb7575fa0 R15: 00007fffba9152c8 [ 114.792789][ T6508] [ 115.095755][ T5880] usb 1-1: device descriptor read/64, error -71 [ 115.297499][ T6510] loop1: detected capacity change from 0 to 512 [ 115.698191][ T6510] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.137: corrupted in-inode xattr: invalid ea_ino [ 115.712114][ T6510] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.137: couldn't read orphan inode 15 (err -117) [ 115.727667][ T6510] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.741737][ T5880] usb usb1-port1: attempt power cycle [ 115.814544][ T6516] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 115.967313][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.105395][ T5880] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 116.135167][ T5879] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 116.148461][ T5880] usb 1-1: device descriptor read/8, error -71 [ 116.183618][ T6521] loop1: detected capacity change from 0 to 256 [ 116.395194][ T5879] usb 3-1: Using ep0 maxpacket: 8 [ 116.412465][ T5879] usb 3-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad [ 116.421844][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.875122][ T6525] 9pnet_fd: p9_fd_create_unix (6525): problem connecting socket: ./file0/file0: -2 [ 116.910256][ T6525] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000001) [ 116.918265][ T6525] FAT-fs (loop1): Filesystem has been set read-only [ 117.036449][ T5879] usb 3-1: Product: syz [ 117.044373][ T5879] usb 3-1: Manufacturer: syz [ 117.049105][ T5879] usb 3-1: SerialNumber: syz [ 117.076392][ T5879] usb 3-1: config 0 descriptor?? [ 117.084802][ T5879] smsusb:smsusb_probe: board id=2, interface number 0 [ 117.091866][ T5879] smsusb:smsusb_probe: Device initialized with return code -19 [ 117.156097][ T5880] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 117.185506][ T5880] usb 1-1: device descriptor read/8, error -71 [ 117.235317][ T57] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 117.295501][ T5880] usb usb1-port1: unable to enumerate USB device [ 117.386996][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.400653][ T6533] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 117.419230][ T57] usb 5-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 117.428498][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.452593][ T57] usb 5-1: config 0 descriptor?? [ 117.535620][ T6532] loop2: detected capacity change from 0 to 4096 [ 117.572007][ T6532] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 117.747052][ T6532] ntfs3(loop2): Failed to initialize $Extend/$Reparse. [ 117.992551][ T6532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.007127][ T6532] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.053753][ T6516] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.063287][ T6516] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.136564][ T5879] usb 3-1: USB disconnect, device number 2 [ 118.185898][ T1627] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -32 [ 118.234933][ T1627] f81534 4-1:0.12: f81534_find_config_idx: read failed: -32 [ 118.242954][ T1627] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -32 [ 118.296260][ T1627] f81534 4-1:0.12: probe with driver f81534 failed with error -32 [ 118.531188][ T1627] usb 4-1: USB disconnect, device number 4 [ 119.053614][ T6523] loop4: detected capacity change from 0 to 32768 [ 119.061069][ T6523] XFS: noikeep mount option is deprecated. [ 119.120409][ T6523] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 119.223021][ T6523] XFS (loop4): Ending clean mount [ 119.298795][ T6523] XFS (loop4): Quotacheck needed: Please wait. [ 119.345679][ T5909] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 119.415203][ T1627] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 119.481159][ T6523] XFS (loop4): Quotacheck: Done. [ 119.523553][ T57] usbhid 5-1:0.0: can't add hid device: -71 [ 119.532149][ T57] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 119.534340][ T5830] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 119.547137][ T57] usb 5-1: USB disconnect, device number 3 [ 119.555190][ T5909] usb 2-1: Using ep0 maxpacket: 32 [ 119.576241][ T5909] usb 2-1: config 0 has an invalid interface number: 208 but max is 0 [ 119.578257][ T1627] usb 4-1: config 0 has no interfaces? [ 119.584558][ T5909] usb 2-1: config 0 has no interface number 0 [ 119.584607][ T5909] usb 2-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=a3.c2 [ 119.599796][ T1627] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 119.606644][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.632619][ T1627] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 119.645313][ T1627] usb 4-1: Product: syz [ 119.649695][ T1627] usb 4-1: Manufacturer: syz [ 119.666353][ T1627] usb 4-1: config 0 descriptor?? [ 119.676035][ T5909] usb 2-1: config 0 descriptor?? [ 119.696997][ T5876] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 119.897069][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.897370][ T6548] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.917371][ T5876] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 119.933390][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.942059][ T6548] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.972863][ T5876] usb 3-1: config 0 descriptor?? [ 119.996429][ T5909] usb 2-1: string descriptor 0 read error: -71 [ 120.006474][ T5909] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 120.014598][ T5909] dvb-usb: bulk message failed: -22 (2/0) [ 120.031969][ T5909] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 120.052647][ T5909] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 120.061323][ T5909] usb 2-1: media controller created [ 120.085449][ T5909] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 120.099014][ T6551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.114052][ T5909] cxusb: set interface failed [ 120.114144][ T6551] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.120432][ T5909] dvb-usb: bulk message failed: -22 (1/0) [ 120.168738][ T5909] DVB: Unable to find symbol lgdt330x_attach() [ 120.176901][ T8] usb 4-1: USB disconnect, device number 5 [ 120.206985][ T5876] usbhid 3-1:0.0: can't add hid device: -71 [ 120.212579][ T5909] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 120.213219][ T5876] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 120.256033][ T57] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 120.280115][ T5876] usb 3-1: USB disconnect, device number 3 [ 120.295237][ T5909] rc_core: IR keymap rc-dvico-portable not found [ 120.302533][ T5909] Registered IR keymap rc-empty [ 120.312305][ T5909] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0 [ 120.324801][ T5909] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input6 [ 120.347207][ T5909] dvb-usb: schedule remote query interval to 100 msecs. [ 120.354249][ T5909] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 120.384875][ T5909] usb 2-1: USB disconnect, device number 3 [ 120.416687][ T57] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 120.442531][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 120.459205][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 120.476180][ T57] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 120.490827][ T57] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 120.501615][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.504654][ T5909] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 120.528127][ T57] usb 5-1: config 0 descriptor?? [ 120.716429][ T5876] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 121.172144][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.313195][ T5876] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 121.359835][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.392502][ T5876] usb 3-1: config 0 descriptor?? [ 121.406656][ T57] plantronics 0003:047F:FFFF.0001: ignoring exceeding usage max [ 121.433184][ T57] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 121.560340][ T57] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 122.368122][ T6556] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.584467][ T6556] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.677398][ T5909] usb 5-1: USB disconnect, device number 4 [ 122.748416][ T5876] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor [ 122.761842][ T5876] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0002/input/input7 [ 122.988239][ T5876] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 123.345494][ T6588] netlink: 72 bytes leftover after parsing attributes in process `syz.0.156'. [ 123.548701][ T6589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 123.755333][ T6589] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.818475][ T5880] usb 3-1: USB disconnect, device number 4 [ 125.878854][ T6609] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 126.842238][ T6607] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 129.629483][ T5880] libceph: connect (1)[c::]:6789 error -101 [ 129.725323][ T5880] libceph: mon0 (1)[c::]:6789 connect error [ 130.375108][ T5880] libceph: connect (1)[c::]:6789 error -101 [ 130.422489][ T5880] libceph: mon0 (1)[c::]:6789 connect error [ 130.612561][ T6664] loop5: detected capacity change from 0 to 7 [ 130.619906][ T6664] Buffer I/O error on dev loop5, logical block 0, async page read [ 130.628250][ T6664] Buffer I/O error on dev loop5, logical block 0, async page read [ 130.636275][ T6664] Buffer I/O error on dev loop5, logical block 0, async page read [ 130.644193][ T6664] Buffer I/O error on dev loop5, logical block 0, async page read [ 130.652409][ T6664] Buffer I/O error on dev loop5, logical block 0, async page read [ 130.660462][ T6664] Buffer I/O error on dev loop5, logical block 0, async page read [ 130.668728][ T6664] Buffer I/O error on dev loop5, logical block 0, async page read [ 130.676840][ T6664] ldm_validate_partition_table(): Disk read failed. [ 130.683598][ T6664] Buffer I/O error on dev loop5, logical block 0, async page read [ 130.691947][ T6664] Buffer I/O error on dev loop5, logical block 0, async page read [ 130.700518][ T6664] Buffer I/O error on dev loop5, logical block 0, async page read [ 130.708773][ T6664] Dev loop5: unable to read RDB block 0 [ 130.714779][ T6664] loop5: unable to read partition table [ 130.720953][ T6664] loop5: partition table beyond EOD, truncated [ 130.727368][ T6664] loop_reread_partitions: partition scan of loop5 (被xڬdƤݡ [ 130.727368][ T6664] ) failed (rc=-5) [ 130.949595][ T5880] libceph: connect (1)[c::]:6789 error -101 [ 131.558710][ T6627] ceph: No mds server is up or the cluster is laggy [ 131.566288][ T5880] libceph: mon0 (1)[c::]:6789 connect error [ 132.085235][ T5880] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 133.338867][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.345281][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.739258][ T5880] usb 2-1: No LPM exit latency info found, disabling LPM. [ 133.757135][ T5880] usb 2-1: config 7 has an invalid interface number: 253 but max is 0 [ 133.765950][ T5880] usb 2-1: config 7 has no interface number 0 [ 133.774122][ T5880] usb 2-1: config 7 interface 253 has no altsetting 0 [ 133.791954][ T5880] usb 2-1: string descriptor 0 read error: -22 [ 133.804122][ T5880] usb 2-1: New USB device found, idVendor=0f11, idProduct=2050, bcdDevice=4c.e8 [ 133.844022][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.926941][ T5880] ldusb 2-1:7.253: Interrupt in endpoint not found [ 133.965247][ T1627] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 134.088255][ T6693] netlink: 4 bytes leftover after parsing attributes in process `syz.2.183'. [ 134.115222][ T1627] usb 5-1: Using ep0 maxpacket: 32 [ 134.130226][ T1627] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.135834][ T5909] usb 2-1: USB disconnect, device number 4 [ 134.152271][ T1627] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.163203][ T1627] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 134.178861][ T1627] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 134.196797][ T1627] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.237722][ T1627] usb 5-1: config 0 descriptor?? [ 134.650650][ T1627] usbhid 5-1:0.0: can't add hid device: -71 [ 134.658930][ T1627] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 134.714472][ T1627] usb 5-1: USB disconnect, device number 5 [ 142.418013][ T6767] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 142.434471][ T6767] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 143.289717][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 143.369775][ T6786] Bluetooth: MGMT ver 1.23 [ 144.062606][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 144.211749][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 144.287573][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 144.296654][ T5844] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 144.303972][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 144.449377][ T8] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 144.619819][ T8] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 144.629467][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.655188][ T8] usb 3-1: Product: syz [ 144.662259][ T8] usb 3-1: Manufacturer: syz [ 144.670395][ T8] usb 3-1: SerialNumber: syz [ 144.752495][ T6781] chnl_net:caif_netlink_parms(): no params data found [ 144.772331][ T8] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 144.849592][ T908] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 146.061949][ T908] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 146.069875][ T908] ath9k_htc: Failed to initialize the device [ 146.325417][ T5844] Bluetooth: hci5: command tx timeout [ 146.346144][ T908] usb 3-1: ath9k_htc: USB layer deinitialized [ 146.630509][ T6781] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.639448][ T6781] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.650235][ T6781] bridge_slave_0: entered allmulticast mode [ 146.660313][ T6781] bridge_slave_0: entered promiscuous mode [ 146.752805][ T6781] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.761957][ T6781] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.810355][ T6781] bridge_slave_1: entered allmulticast mode [ 146.836981][ T6781] bridge_slave_1: entered promiscuous mode [ 146.989539][ T5974] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.257311][ T5974] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.313551][ T6781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.313691][ T908] usb 3-1: USB disconnect, device number 5 [ 147.401917][ T6781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.682320][ T5974] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.709852][ T5844] Bluetooth: hci5: command tx timeout [ 149.234849][ T6835] netlink: 4 bytes leftover after parsing attributes in process `syz.2.220'. [ 149.559424][ T6781] team0: Port device team_slave_0 added [ 150.734276][ T5844] Bluetooth: hci5: command tx timeout [ 151.004128][ T6842] capability: warning: `syz.1.221' uses deprecated v2 capabilities in a way that may be insecure [ 151.018521][ T6842] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 151.028147][ T6842] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 151.039310][ T6842] overlayfs: failed to get uuid (52/file1, err=-13); falling back to uuid=null. [ 151.435405][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 151.489994][ T5974] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.539256][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 151.548623][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 151.562393][ T6781] team0: Port device team_slave_1 added [ 151.573519][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 151.584066][ T5834] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 151.594238][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 151.717635][ T6781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 151.730728][ T6781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.788583][ T6781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 151.911430][ T6781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 151.937530][ T6781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.979271][ T6781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 152.159137][ T5974] bridge_slave_1: left allmulticast mode [ 152.177668][ T5974] bridge_slave_1: left promiscuous mode [ 152.205301][ T908] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 152.215233][ T5974] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.300588][ T5974] bridge_slave_0: left allmulticast mode [ 152.319387][ T5974] bridge_slave_0: left promiscuous mode [ 152.353139][ T5974] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.401457][ T908] usb 3-1: config 1 has an invalid interface number: 3 but max is 0 [ 152.410080][ T908] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 152.427125][ T908] usb 3-1: config 1 has no interface number 0 [ 152.439394][ T908] usb 3-1: too many endpoints for config 1 interface 3 altsetting 0: 255, using maximum allowed: 30 [ 152.454766][ T908] usb 3-1: config 1 interface 3 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 152.495683][ T908] usb 3-1: config 1 interface 3 altsetting 0 endpoint 0x3 has invalid maxpacket 25710, setting to 64 [ 152.561256][ T908] usb 3-1: config 1 interface 3 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 152.609860][ T908] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 152.623514][ T908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 152.646588][ T908] usb 3-1: SerialNumber: syz [ 152.664576][ T6858] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 152.808736][ T5834] Bluetooth: hci5: command tx timeout [ 152.910095][ T908] cdc_acm 3-1:1.3: ttyACM0: USB ACM device [ 152.924421][ T908] usb 3-1: USB disconnect, device number 6 [ 152.966116][ T6869] fuse: root generation should be zero [ 153.556375][ T6879] netlink: 8 bytes leftover after parsing attributes in process `syz.4.233'. [ 153.691481][ T5834] Bluetooth: hci0: command tx timeout [ 153.711553][ T5974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 153.737726][ T5974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 153.776103][ T5974] bond0 (unregistering): Released all slaves [ 153.799004][ T6844] chnl_net:caif_netlink_parms(): no params data found [ 153.885931][ T6881] x_tables: ip_tables: SNAT target: used from hooks OUTPUT, but only usable from INPUT/POSTROUTING [ 154.568169][ T6781] hsr_slave_0: entered promiscuous mode [ 154.593573][ T6781] hsr_slave_1: entered promiscuous mode [ 154.608967][ T6781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 154.619420][ T6781] Cannot create hsr debugfs directory [ 154.630434][ T6884] netlink: 4 bytes leftover after parsing attributes in process `syz.2.234'. [ 155.808602][ T5834] Bluetooth: hci0: command tx timeout [ 156.601286][ T6901] process 'syz.1.239' launched '/dev/fd/8' with NULL argv: empty string added [ 158.485452][ T5834] Bluetooth: hci0: command tx timeout [ 159.555716][ T6945] netlink: 'syz.1.249': attribute type 3 has an invalid length. [ 159.563620][ T6945] netlink: 'syz.1.249': attribute type 1 has an invalid length. [ 159.571718][ T6945] netlink: 216 bytes leftover after parsing attributes in process `syz.1.249'. [ 159.582510][ T6945] NCSI netlink: No device for ifindex 33022 [ 160.073931][ T6844] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.081910][ T6844] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.106925][ T6844] bridge_slave_0: entered allmulticast mode [ 160.132899][ T6844] bridge_slave_0: entered promiscuous mode [ 160.195235][ T908] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 160.253257][ T5974] hsr_slave_0: left promiscuous mode [ 160.262132][ T5974] hsr_slave_1: left promiscuous mode [ 160.280987][ T5974] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 160.302514][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 160.323315][ T5974] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 160.338645][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 160.364804][ T908] usb 5-1: config 0 has an invalid interface number: 113 but max is 0 [ 160.373642][ T908] usb 5-1: config 0 has no interface number 0 [ 160.412518][ T908] usb 5-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 160.438553][ T5974] veth1_macvtap: left promiscuous mode [ 160.452961][ T908] usb 5-1: config 0 interface 113 has no altsetting 0 [ 160.460064][ T5974] veth0_macvtap: left promiscuous mode [ 160.468177][ T908] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 160.484914][ T5974] veth1_vlan: left promiscuous mode [ 160.490730][ T908] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.501519][ T5974] veth0_vlan: left promiscuous mode [ 160.506884][ T908] usb 5-1: Product: syz [ 160.511108][ T908] usb 5-1: Manufacturer: syz [ 160.523605][ T908] usb 5-1: SerialNumber: syz [ 160.539579][ T908] usb 5-1: config 0 descriptor?? [ 160.575658][ T5834] Bluetooth: hci0: command tx timeout [ 160.585978][ C0] usb 5-1: NFC: Urb failure (status -71) [ 160.815500][ T57] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 160.826269][ C0] usb 5-1: NFC: Urb failure (status -71) [ 160.835497][ T908] usb 5-1: NFC: Unable to get FW version [ 160.868411][ T908] pn533_usb 5-1:0.113: probe with driver pn533_usb failed with error -71 [ 160.894560][ T908] usb 5-1: USB disconnect, device number 6 [ 160.968949][ T57] usb 2-1: Using ep0 maxpacket: 8 [ 160.980255][ T57] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 161.004315][ T57] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 161.031729][ T57] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 161.049265][ T57] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 161.060297][ T57] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 161.075422][ T57] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 161.084502][ T57] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.362911][ T6956] binder: BINDER_SET_CONTEXT_MGR already set [ 161.369526][ T6956] binder: 6953:6956 ioctl 4018620d 20000040 returned -16 [ 161.465223][ T57] usb 2-1: usb_control_msg returned -32 [ 161.467757][ T6952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 161.472823][ T57] usbtmc 2-1:16.0: can't read capabilities [ 161.503573][ T6952] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 161.819623][ T5974] team0 (unregistering): Port device team_slave_1 removed [ 161.868903][ T5974] team0 (unregistering): Port device team_slave_0 removed [ 161.934100][ T6952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 161.957328][ T6952] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 161.992896][ T5910] usb 2-1: USB disconnect, device number 5 [ 162.363121][ T6844] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.374732][ T6844] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.387458][ T6844] bridge_slave_1: entered allmulticast mode [ 162.394449][ T6844] bridge_slave_1: entered promiscuous mode [ 162.424674][ T6959] hsr_slave_0: left promiscuous mode [ 162.435472][ T6959] hsr_slave_1: left promiscuous mode [ 162.578663][ T6844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 162.639149][ T6844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.378969][ T6844] team0: Port device team_slave_0 added [ 163.946273][ T6844] team0: Port device team_slave_1 added [ 164.120297][ T5974] IPVS: stop unused estimator thread 0... [ 164.281819][ T6781] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 164.324228][ T6781] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 164.386180][ T6844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 164.404912][ T6844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.447715][ T6844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 164.490301][ T6844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 164.582815][ T29] audit: type=1326 audit(1736142901.920:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae8d85d29 code=0x7ffc0000 [ 164.752090][ T29] audit: type=1326 audit(1736142901.920:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f3ae8d85d29 code=0x7ffc0000 [ 164.864094][ T6844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.894616][ T908] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 165.104958][ T29] audit: type=1326 audit(1736142901.920:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae8d85d29 code=0x7ffc0000 [ 165.210193][ T908] usb 5-1: unable to get BOS descriptor or descriptor too short [ 165.225224][ T6844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 165.249230][ T29] audit: type=1326 audit(1736142901.920:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f3ae8d85d29 code=0x7ffc0000 [ 165.271612][ T6781] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 165.272937][ T908] usb 5-1: not running at top speed; connect to a high speed hub [ 165.291437][ T6781] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 165.293530][ T908] usb 5-1: config 4 has an invalid interface number: 111 but max is 0 [ 165.378219][ T6999] infiniband syz2: set active [ 165.383122][ T6999] infiniband syz2: added team_slave_1 [ 165.423021][ T6999] RDS/IB: syz2: added [ 165.427595][ T6999] smc: adding ib device syz2 with port count 1 [ 165.433857][ T6999] smc: ib device syz2 port 1 has pnetid [ 165.750997][ T908] usb 5-1: config 4 has no interface number 0 [ 165.757885][ T908] usb 5-1: config 4 interface 111 has no altsetting 0 [ 165.810968][ T29] audit: type=1326 audit(1736142901.930:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae8d85d29 code=0x7ffc0000 [ 165.843145][ T6844] hsr_slave_0: entered promiscuous mode [ 165.866546][ T6844] hsr_slave_1: entered promiscuous mode [ 165.885015][ T908] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=44.99 [ 165.939791][ T29] audit: type=1326 audit(1736142901.930:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ae8d85d29 code=0x7ffc0000 [ 165.986797][ T908] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.055281][ T908] usb 5-1: Product: syz [ 166.076312][ T908] usb 5-1: Manufacturer: syz [ 166.080961][ T908] usb 5-1: SerialNumber: syz [ 166.100907][ T29] audit: type=1326 audit(1736142901.930:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae8d85d29 code=0x7ffc0000 [ 166.144832][ T29] audit: type=1326 audit(1736142901.930:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3ae8d85d29 code=0x7ffc0000 [ 166.175912][ T29] audit: type=1326 audit(1736142901.930:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ae8d85d29 code=0x7ffc0000 [ 166.209432][ T29] audit: type=1326 audit(1736142901.930:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.4.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3ae8d85d29 code=0x7ffc0000 [ 166.259378][ T6781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.375760][ T6998] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.384399][ T6998] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.463641][ T6781] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.496762][ T6564] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.503896][ T6564] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.567939][ T6564] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.575130][ T6564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.907124][ T6844] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 166.963340][ T6844] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 167.016956][ T6844] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 167.079019][ T6844] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 167.841637][ T908] pvrusb2: Hardware description: Terratec Grabster AV400 [ 167.860387][ T908] pvrusb2: ********** [ 167.864426][ T908] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 167.925359][ T908] pvrusb2: Important functionality might not be entirely working. [ 167.958569][ T908] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 167.980196][ T6844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.987801][ T908] pvrusb2: ********** [ 167.992526][ T908] usb 5-1: selecting invalid altsetting 0 [ 168.027944][ T6844] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.031357][ T2338] pvrusb2: control-write URB failure, status=-71 [ 168.046649][ T6564] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.053787][ T6564] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.062716][ T908] usb 5-1: USB disconnect, device number 7 [ 168.107236][ T2338] pvrusb2: Device being rendered inoperable [ 168.122717][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 168.134587][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 168.140279][ T6564] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.150923][ T6564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.462526][ T6781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.490120][ T7034] ================================================================== [ 168.498231][ T7034] BUG: KASAN: null-ptr-deref in input_ff_create+0x213/0x2f0 [ 168.505545][ T7034] Read of size 8 at addr 0000000000000040 by task syz.1.266/7034 [ 168.513306][ T7034] [ 168.515650][ T7034] CPU: 1 UID: 0 PID: 7034 Comm: syz.1.266 Not tainted 6.13.0-rc3-next-20241220-syzkaller #0 [ 168.515674][ T7034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 168.515685][ T7034] Call Trace: [ 168.515692][ T7034] [ 168.515700][ T7034] dump_stack_lvl+0x241/0x360 [ 168.515725][ T7034] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.515743][ T7034] ? __pfx__printk+0x10/0x10 [ 168.515767][ T7034] ? _printk+0xd5/0x120 [ 168.515793][ T7034] print_report+0xe8/0x550 [ 168.515818][ T7034] ? __asan_memset+0x23/0x50 [ 168.515837][ T7034] ? __virt_addr_valid+0x58/0x530 [ 168.515862][ T7034] ? input_ff_create+0x213/0x2f0 [ 168.515879][ T7034] kasan_report+0x143/0x180 [ 168.515903][ T7034] ? input_ff_create+0x213/0x2f0 [ 168.515921][ T7034] kasan_check_range+0x282/0x290 [ 168.515945][ T7034] input_ff_create+0x213/0x2f0 [ 168.515962][ T7034] uinput_create_device+0x26d/0x630 [ 168.515988][ T7034] uinput_ioctl_handler+0x488/0x1770 [ 168.516021][ T7034] ? __pfx_uinput_ioctl_handler+0x10/0x10 [ 168.516052][ T7034] ? __pfx_uinput_ioctl+0x10/0x10 [ 168.516075][ T7034] __se_sys_ioctl+0xf5/0x170 [ 168.516097][ T7034] do_syscall_64+0xf3/0x230 [ 168.516115][ T7034] ? clear_bhb_loop+0x35/0x90 [ 168.516138][ T7034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.516160][ T7034] RIP: 0033:0x7efe18f85d29 [ 168.516176][ T7034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.516192][ T7034] RSP: 002b:00007efe19d9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 168.516211][ T7034] RAX: ffffffffffffffda RBX: 00007efe19175fa0 RCX: 00007efe18f85d29 [ 168.516225][ T7034] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 168.516237][ T7034] RBP: 00007efe19001b08 R08: 0000000000000000 R09: 0000000000000000 [ 168.516250][ T7034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 168.516261][ T7034] R13: 0000000000000000 R14: 00007efe19175fa0 R15: 00007ffd98e0bc98 [ 168.516279][ T7034] [ 168.516285][ T7034] ================================================================== [ 168.753692][ T7034] Kernel panic - not syncing: KASAN: panic_on_warn set ... SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 168.760934][ T7034] CPU: 1 UID: 0 PID: 7034 Comm: syz.1.266 Not tainted 6.13.0-rc3-next-20241220-syzkaller #0 [ 168.771028][ T7034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 168.781112][ T7034] Call Trace: [ 168.784402][ T7034] [ 168.787353][ T7034] dump_stack_lvl+0x241/0x360 [ 168.792067][ T7034] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.797294][ T7034] ? __pfx__printk+0x10/0x10 [ 168.801906][ T7034] ? preempt_schedule+0xe1/0xf0 [ 168.806786][ T7034] ? vscnprintf+0x5d/0x90 [ 168.811133][ T7034] panic+0x349/0x880 [ 168.815053][ T7034] ? check_panic_on_warn+0x21/0xb0 [ 168.820200][ T7034] ? __pfx_panic+0x10/0x10 [ 168.824664][ T7034] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 168.830667][ T7034] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 168.837027][ T7034] ? print_report+0xe8/0x550 [ 168.841648][ T7034] check_panic_on_warn+0x86/0xb0 [ 168.846612][ T7034] ? input_ff_create+0x213/0x2f0 [ 168.851569][ T7034] end_report+0x77/0x160 [ 168.855832][ T7034] kasan_report+0x154/0x180 [ 168.860353][ T7034] ? input_ff_create+0x213/0x2f0 [ 168.865299][ T7034] kasan_check_range+0x282/0x290 [ 168.870253][ T7034] input_ff_create+0x213/0x2f0 [ 168.875026][ T7034] uinput_create_device+0x26d/0x630 [ 168.880234][ T7034] uinput_ioctl_handler+0x488/0x1770 [ 168.885520][ T7034] ? __pfx_uinput_ioctl_handler+0x10/0x10 [ 168.891255][ T7034] ? __pfx_uinput_ioctl+0x10/0x10 [ 168.896281][ T7034] __se_sys_ioctl+0xf5/0x170 [ 168.900964][ T7034] do_syscall_64+0xf3/0x230 [ 168.905469][ T7034] ? clear_bhb_loop+0x35/0x90 [ 168.910144][ T7034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.916032][ T7034] RIP: 0033:0x7efe18f85d29 [ 168.920437][ T7034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.940047][ T7034] RSP: 002b:00007efe19d9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 168.948460][ T7034] RAX: ffffffffffffffda RBX: 00007efe19175fa0 RCX: 00007efe18f85d29 [ 168.956423][ T7034] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 168.964381][ T7034] RBP: 00007efe19001b08 R08: 0000000000000000 R09: 0000000000000000 [ 168.972346][ T7034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 168.980313][ T7034] R13: 0000000000000000 R14: 00007efe19175fa0 R15: 00007ffd98e0bc98 [ 168.988285][ T7034] [ 168.991435][ T7034] Kernel Offset: disabled [ 168.995747][ T7034] Rebooting in 86400 seconds..