last executing test programs: 40.760991986s ago: executing program 0 (id=234): syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x800, &(0x7f00000011c0)=ANY=[@ANYRES32=0x0, @ANYRES8, @ANYRES16, @ANYBLOB="9dbe489148f5b0e0c5e214038a36626e9f8f050f644e657b8323ec5e815bd46e72a7be382f1dac2b9cab191c72157f4964d577a371c97b5183d1565f935cd8afbe4247a43f9e09be676243a2678bd2ef1d79802a9846a9bfe63bb1a18fb6", @ANYRES16], 0x1, 0x1cb, &(0x7f0000000280)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBQuMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xy4uNgcHvzElPXa1lsswMrZ7a8hW3tNetOQURk0vtMXKTXMwjwcwQmnpkUbEQQ3ZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT8xrykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCHp2yFhIaGk8QVCYsGE8YP//83uIKcmNLAkKYQxpjECQ0IZn42twUKLcknmEKPciydKWFxQKjq5E9LzbcOiW4ztj11YDvDc/g4z5qCPkGj4xIMTgsF/8uAjEloaCjTWMu01HbBlyKNvxJeq42dMhjc7ZmWwQKUpQFEroTyZMF6EpJXeOhoahqlJCc0bGKBOmDrHs7VAg0MSNGmwsDAsJ0RFrcQcA3GGAWjYBSMglEwCkbBKBgFo2AUjIJRMCIAIAAA///cmpKG") socket$inet6_sctp(0xa, 0x1, 0x84) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) syz_open_procfs(0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x0, 0x0, &(0x7f0000000040)={0x0, 0x6}) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000480)="b9ff03076844268cb89e14f088a8", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50) 39.497413885s ago: executing program 0 (id=239): creat(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000200), 0x129082, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000040)) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f00000000c0)=0x20) write$binfmt_elf32(r3, 0x0, 0x4cd) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000100)=0x4) write$dsp(r3, &(0x7f0000000240)="755a5398d512d39077459e67ee110daaf0413bc3deef85b89f2141d512b2c14020e625b0d98e6f09000000ac3c22dbfdebb1ab51524cf9df6f80884a8ab6c1165db5a2034aff8a1bce0b5e3928d4aa605c76fe83be50a4b0ba64896d0020fe6d7b0100000058b323da6238f784a6243e9e97f0f00fee7a3dffffffffffffffffa944c98d62397cf81a19b53f", 0x8c) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000080)=0x40000017) ppoll(&(0x7f0000000000)=[{}], 0x1, 0x0, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000200)=[{&(0x7f0000000080)="580000001400192340834b00000d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000a0c10000000010000000000", 0x58}], 0x1) 36.820109869s ago: executing program 0 (id=249): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r3}, 0x10) r4 = socket$inet(0x2, 0x2, 0x0) sendto$inet(r4, &(0x7f0000000280)="e1fe062bdab9ac728d88ec2db1e86a6eee9ee91df6ae561f41cfa2eb9f78636980f0f6b4ca78ab59e9794c758b600df5db79876070328b0acc1863a3a48fff432f479181554fc969097f02ce90392b29cca5eb2ae86db5f2f5e986463a444dea1e6f44bf66c51bcc2a96934d300c2d8976e092675ac4726a3e9fee4441ace546049f8575e275adeceaedb574a1586d89366039f77fa59de83026737259eab884a29f41733a5be7af1e18c4d58e8972483b8267a7f1", 0xb5, 0x4001, 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000001380)="2e2b0812635ff32dcfd350deceeb7133524ecd9e8dce2e592df1f0fa8d47671266665509974bf2585b626b7b7871367c72631c33a2846ed7c5a5cf0c69eda6dc95c3554e277a658f40b37983ddb52f96785c83c5f862476bc5c7e05eb504b80d99fb55b309485006a7f47a7bc833c9e5729943a877be6682b3948ae0e201e3a7e2af197e4b87503db3b605fd9daaffced10565cbbffce2441053fb6d2dd747d917c28352", 0xa4, 0x4000, &(0x7f0000001440)={0x2, 0x0, @private=0xa010100}, 0x10) fstat(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r5) r6 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r7 = request_key(&(0x7f0000000540)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)=',$:@^@,\x00', r6) r8 = add_key$user(&(0x7f0000000240), &(0x7f00000006c0)={'syz', 0x1}, &(0x7f0000000500)="3fd8", 0x2, r6) r9 = add_key(&(0x7f0000000080)='user\x00', &(0x7f0000000000)={'syz', 0x2}, &(0x7f0000000040)='9', 0x1, 0xfffffffffffffffc) keyctl$chown(0x4, r9, 0xee00, 0xffffffffffffffff) keyctl$setperm(0x5, r9, 0x0) keyctl$chown(0x4, r9, 0x0, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000300)={r9, r7, r8}, &(0x7f0000000340)=""/197, 0xc5, &(0x7f0000000680)={&(0x7f0000000440)={'sha256-avx\x00'}, &(0x7f0000000580)="707adafc6dc1f5848de9d72dbe8157eb7c42c3aee040a104df25956930f29c2f190f11ad989240b0037578d6d8c49edddba7587e470cde580fae8d43d326e8a542dbb7a0d29c5d21ff8f440f3ec5f9ef0ea890563e1dadb0280e40e162405a813060f4a4b9240427a56491d4499c0e70c312eab3f0fe537169677a3849e48e47f10ec56ae9c52b9cdff38498e564a9f668fd4ae53a1a40f1f503bf542c4900383c00830ba4a1a27baaac9c90807764151738687bda8d3c2c8843a0063d48bd7c3b4b5391ac369d89c4675621cf354d0e11c2edcba3c18de1a654f4f056ba94", 0xdf}) r10 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) sendmsg$nl_generic(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x24, 0x9, 0x0, 0x0, {0x6}}, 0x14}}, 0x0) 8.782348419s ago: executing program 1 (id=318): pipe2(&(0x7f0000000300), 0x0) syz_emit_ethernet(0x36, 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000002bc0)={0x2020}, 0x2020) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_pidfd_open(0x0, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) fanotify_init(0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={0xffffffffffffffff, 0x7, 0x0, 0x0, &(0x7f0000000040), 0x0, 0xffb0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$nl_route(0x10, 0x3, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x271, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d"}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) syz_usb_connect$cdc_ncm(0x0, 0x91, &(0x7f0000000680)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7f, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, ';'}, {0x5, 0x24, 0x0, 0xfffe}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x0, 0x2f}, {0x6}, [@mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x0, 0x1ff}, @network_terminal={0x7, 0x24, 0xa, 0x7, 0x0, 0x7}, @network_terminal={0x7, 0x24, 0xa, 0x6d, 0x0, 0xfe}, @mbim={0xc, 0x24, 0x1b, 0x100, 0x59d}]}}}}}]}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x8, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x4}]}}}]}, 0x38}}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000b00)={{0x12, 0x1, 0x0, 0xa5, 0xaf, 0x5f, 0x20, 0xe8d, 0x23, 0x3aab, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x56, 0x0, 0x0, 0xa}}]}}]}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=ANY=[@ANYBLOB="00000000000080000000148a3045e2d59b2f835be5ea0e158eca154cbab5354fbf743f5fc122403262404ab03d579ff00ae8803b1d4b880ed1f02b5aa5b0c2883f9126da4a26a5f382ff54dd48e667192affe59dc40ee4fc3ec1030a0850e9281e119ab2de5ada1393ab9069", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e64000000001100028005000100030000000500150000000000"], 0x44}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) syz_io_uring_setup(0x24f8, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000040), &(0x7f0000000080)) socket$inet6_sctp(0xa, 0x801, 0x84) syz_io_uring_setup(0x1fbf, &(0x7f0000000040)={0x0, 0x0, 0x140}, &(0x7f00000000c0), &(0x7f0000000100)) 8.387737229s ago: executing program 4 (id=319): syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x2200050, &(0x7f00000000c0)=ANY=[], 0xee, 0x1af, &(0x7f0000000580)="$eJzs282O0lAYxvGnlALi99fGlYkL3QiKbtzJBXgD7ghUQixqxA3ExHgpcyfcydwAJDO7WU0nLWUCpMBpOzOF4f9LgDc5fc45JD1wzqICcLAehe+WLDlh5fv+v5eSvn6RVMx5cgCula9zH8Chsk/yngGAfEybdrgPGFvS8enf9iR6OYb7h2mzMCsqkhbyJdP8fyv8fFGUJgv5ctTl1v3L0Sz/Wsv5OwnHr67kq1ty1mV+9v3fvFrO35V0T9J9SQ8kPYzOWo8lPYkZv7My/nPD+QNZBHdfLWs+QwfB6vnW89x3cY329rwT5d/HNy/8hIxjLyhF+YbhfNflP6TMl6N8rf3T68S0F1L2C5go5Lz+benMX13/n83zxc3rH8AGg+Hoe8vz3N8JCicsylEPCeLB5QnHosijqMQ0OSnvlp0ugr+vHZiGaTFftTc5FoDbqv6n/6s+GI7e9vqtrtt1fzQ+fpofu8NzeX3t6RzAnlvenAMAAAAAAAAAAAAAgH30VNKzNEHTB/wAAAAA7IyrfWbIkRT/2B8AAAAAAAAAAAAAAAAAAACA7C4CAAD//3Y4Qng=") r0 = socket$unix(0x1, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$nl_netfilter(0x10, 0x3, 0xc) dup3(r1, r0, 0x0) r5 = open$dir(&(0x7f0000000140)='.\x00', 0x0, 0x0) r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x18) renameat2(r5, &(0x7f0000000000)='./file1\x00', r6, &(0x7f0000000340)='./file1\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}]}) 7.22481001s ago: executing program 4 (id=320): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0xffffffff) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}}) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xfffffffffffffffc}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x5) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) 7.068916367s ago: executing program 2 (id=321): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0) socket$tipc(0x1e, 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0xc0505405, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) setsockopt$ax25_int(r1, 0x101, 0xa, &(0x7f0000000080)=0xbb1e, 0x4) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f0000000180)=0x4) listen(0xffffffffffffffff, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000015c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044051) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000010401040000000000000000000000000a000200000000001c0000000500010001000080c25e879aca591e3819"], 0x28}}, 0x0) sendto$inet6(r2, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) poll(0x0, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0) 6.759926531s ago: executing program 2 (id=323): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010921"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f00000000c0)={0x40, 0xb, 0x98, {0x98, 0x0, "3af10391f6f64d17989e8e77365dd9e3c699519c102ea670235159903a1433175198e2287a75a7286192d04d6826dcc308414de3c59f29eca893370da51e7e65186f550275303923df2dda85c60b8f9d7294fea2887b61d229f853fe3ec9e5c845fb8bf83d86f16c67661aa36afd947fc98979664a3ef7338ae97a43574b23adcff2ca0e22c10dd08dc3739420e6e996cca9d5e3d837"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x422}}, &(0x7f0000000840)=ANY=[@ANYBLOB="000f12000000050f1200020a10030204009509910003100b8d0a88f35b51c31c94a3818a007bb20372ab711aefe86ab0bf16f2d1690a505e0e0b4ba0966f50756b679ce7e725acda21263f19533990e24e2ec8992bf105b48b7199423006f56f676c47b5d67514d907c3aaa97482a9ac5634797658dd7f8530a8ec00ccbf5217881ab2d2262da8988d3ae3e68a76de894d0e9fa5f4388427c8c9f6d111a609520e2df120430c757450c7ef06063d1bde5c89d0883d5b18f9b9642691816045f744d0c4b6fac13749bafc593d57d22d1b49cdf06a"], &(0x7f00000001c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0xfb, 0x18, 0x0, 0x3c, "ca915279", "a9622aa7"}}, &(0x7f0000000200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x0, 0x0, 0x8, 0xc0, 0x6, 0x1800}}}, &(0x7f0000000780)={0x84, &(0x7f0000000280)={0x40, 0x11, 0xf0, "678b54649b4d66e7901397ff69dc7d57b8ae72c82f3e135b48e2a2628f9da42adbb0ee4263ee19e55aded1e45fe187701d7a228b130b0085295304f5979a852be596bd715bbdc24be536c99ec3662915f3430401f69d8eda76abe3db80d02727e39963233f049e030d448ad9dea5d8c81482fd5370bf01833d2fb06380bc9c033f5a387563032c6fa85bddaa43417671518c62d77f7b2eab6e8d4eb0315c518648a9b77f9865a5aeac8a8533099cb4414e4f42b05ca1fb9b3101ebf1d6026d750507bc25444e32743228445a549a37929c1838a3e0f0f932f8ab3399a40cd46ea676fc635beadf49afb1642a6f128827"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x86}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0xd}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x49c412e0632bd5c4}}, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x140, 0x20}}, &(0x7f0000000480)={0x40, 0x7, 0x2, 0x5}, &(0x7f00000004c0)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000500)={0x40, 0xb, 0x2, 'p,'}, &(0x7f0000000540)={0x40, 0xf, 0x2, 0x2}, &(0x7f0000000580)={0x40, 0x13, 0x6, @multicast}, 0x0, &(0x7f0000000600)={0x40, 0x19, 0x2, "2a10"}, &(0x7f0000000680)={0x40, 0x1a, 0x2, 0x5}, &(0x7f00000006c0)={0x40, 0x1c, 0x1, 0x4}, &(0x7f0000000700)={0x40, 0x1e, 0x1, 0x7}, &(0x7f0000000740)={0x40, 0x21, 0x1, 0x2}}) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="81feffecff000000"], 0x0, 0x0}, 0x0) 6.383240568s ago: executing program 3 (id=324): sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)=[{}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 6.149917739s ago: executing program 4 (id=325): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bad547412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a63506e8cb76bba42c6bee078240ec871a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f6306644f6f08bbd3ca3229d272acd3483bf3ae4228f7a2b839594856918b10ca47ad4dc249d99c244aba277d101b5ac305"], 0xd) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="04228e03c80000001900000000087153747f969e99df4ce46e32770322ecb729d355601ae95054505636932cc0e259ba2b5419ab8c9f86e4"], 0x14) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000780), 0x208e24b) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00') lseek(r2, 0x4, 0x0) bpf$BPF_PROG_QUERY(0x9, &(0x7f0000000140)={@map=0x1, 0x0, 0x4, 0x0, &(0x7f0000000000)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) getdents(r2, 0x0, 0x48) ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=""/121, 0x79}) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffc, 0xffffffffffffffe1, 0x0, 0x0, 0x10001, 0xfffffffffffff924], 0x2}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r4 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) listen(r4, 0x80080400) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x8, 0x3, 0x2c8, 0x160, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x230, 0xffffffff, 0xffffffff, 0x230, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x130, 0x160, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x7d}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x2}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328) connect$inet(0xffffffffffffffff, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) r6 = socket(0x1, 0x2, 0x0) syz_io_uring_setup(0x27f3, &(0x7f0000000340), 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000000)=""/135, 0x87}], 0x300) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_perm_addr={0x33}}) syz_emit_vhci(0x0, 0xffffffffffffffc7) 5.978743463s ago: executing program 1 (id=326): openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x200000000004e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x200116c0}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x12, &(0x7f0000000300), 0x4) write$binfmt_elf64(r0, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0x100000530) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0) 5.896048295s ago: executing program 3 (id=327): syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x800, &(0x7f00000011c0)=ANY=[@ANYRES32=0x0, @ANYRES8, @ANYRES16, @ANYBLOB="9dbe489148f5b0e0c5e214038a36626e9f8f050f644e657b8323ec5e815bd46e72a7be382f1dac2b9cab191c72157f4964d577a371c97b5183d1565f935cd8afbe4247a43f9e09be676243a2678bd2ef1d79802a9846a9bfe63bb1a18fb6", @ANYRES16], 0x1, 0x1cb, &(0x7f0000000280)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBQuMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xy4uNgcHvzElPXa1lsswMrZ7a8hW3tNetOQURk0vtMXKTXMwjwcwQmnpkUbEQQ3ZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT8xrykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCHp2yFhIaGk8QVCYsGE8YP//83uIKcmNLAkKYQxpjECQ0IZn42twUKLcknmEKPciydKWFxQKjq5E9LzbcOiW4ztj11YDvDc/g4z5qCPkGj4xIMTgsF/8uAjEloaCjTWMu01HbBlyKNvxJeq42dMhjc7ZmWwQKUpQFEroTyZMF6EpJXeOhoahqlJCc0bGKBOmDrHs7VAg0MSNGmwsDAsJ0RFrcQcA3GGAWjYBSMglEwCkbBKBgFo2AUjIJRMCIAIAAA///cmpKG") socket$inet6_sctp(0xa, 0x1, 0x84) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) syz_open_procfs(0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x0, 0x0, &(0x7f0000000040)={0x0, 0x6}) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000480)="b9ff03076844268cb89e14f088a8", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50) 5.170648367s ago: executing program 4 (id=328): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$kcm(0x10, 0x2, 0x0) socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) syz_emit_vhci(0x0, 0x5a) bind$netlink(r2, &(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = dup(r1) getsockname$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000100)=0x14) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) syz_usb_connect$uac1(0x5, 0xf7, &(0x7f0000000340)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe5, 0x3, 0x1, 0xd, 0xa0, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x4, 0x4}, [@mixer_unit={0x9, 0x24, 0x4, 0x2, 0xdc, "7118ce1a"}, @input_terminal={0xc, 0x24, 0x2, 0x2, 0x203, 0x5, 0x8d, 0x6, 0x80, 0x9}, @input_terminal={0xc, 0x24, 0x2, 0x2, 0xfe, 0x4, 0x49, 0x95, 0x5, 0x3}, @feature_unit={0x11, 0x24, 0x6, 0x1, 0x3, 0x5, [0x3, 0x6, 0x6, 0x2, 0x5], 0x7}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x6, 0x3, 0x9, 0x5, "3511c396221085c831"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0xb924, 0x9, 0x1, "9f4c3277"}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0xf691, 0xd50, 0x6}, @as_header={0x7, 0x24, 0x1, 0x6, 0x14}]}, {{0x9, 0x5, 0x1, 0x9, 0x800, 0x4, 0x2, 0x3, {0x7, 0x25, 0x1, 0x2, 0x5, 0x9}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x8, 0x7}, @as_header={0x7, 0x24, 0x1, 0x5, 0xf2, 0x5}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x7, 0x1, 0x10, 0x7, "80", "8b"}, @as_header={0x7, 0x24, 0x1, 0x7, 0x33, 0x2}, @as_header={0x7, 0x24, 0x1, 0xe4, 0xc7, 0x2}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x49, 0x7, 0x4, {0x7, 0x25, 0x1, 0x0, 0x5, 0x4}}}}}}}]}}, &(0x7f0000000540)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x110, 0x2, 0x0, 0x7, 0x40, 0x4}, 0x46, &(0x7f0000000240)={0x5, 0xf, 0x46, 0x5, [@ssp_cap={0x1c, 0x10, 0xa, 0x20, 0x4, 0xa, 0x0, 0xa9, [0x3fcf, 0xffc017, 0xff3fcf, 0x0]}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "8819c7ac774913570bcd00cdfa173cae"}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x2, 0x3, 0xbc2d}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x0, 0x2, 0x2}, @ptm_cap={0x3}]}, 0x3, [{0x68, &(0x7f0000000440)=ANY=[@ANYBLOB="680343f171bb752d4410e936e13cde6ddf5679bd404328ea815224326565a3cdfee2dec3d497f5620e6d64cfc442cbb2ee4101c07c6c9056a7201ce4b01f43b69938c984cc664eb87afb74881a207c8cdf1bd5ea373e5210a97f51eb786616ff8b37f1078dbfdcfa"]}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x444}}, {0xa, &(0x7f0000000500)=@string={0xa, 0x3, "7fc448d21d0a7bc4"}}]}) 4.990107498s ago: executing program 1 (id=329): r0 = socket$inet(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'veth0_to_team\x00', 0x0}) bind$packet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r4, @ANYBLOB], 0x3c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_FLAGS={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x4c}}, 0x0) 4.906518456s ago: executing program 3 (id=330): syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x2200050, &(0x7f00000000c0)=ANY=[], 0xee, 0x1af, &(0x7f0000000580)="$eJzs282O0lAYxvGnlALi99fGlYkL3QiKbtzJBXgD7ghUQixqxA3ExHgpcyfcydwAJDO7WU0nLWUCpMBpOzOF4f9LgDc5fc45JD1wzqICcLAehe+WLDlh5fv+v5eSvn6RVMx5cgCula9zH8Chsk/yngGAfEybdrgPGFvS8enf9iR6OYb7h2mzMCsqkhbyJdP8fyv8fFGUJgv5ctTl1v3L0Sz/Wsv5OwnHr67kq1ty1mV+9v3fvFrO35V0T9J9SQ8kPYzOWo8lPYkZv7My/nPD+QNZBHdfLWs+QwfB6vnW89x3cY329rwT5d/HNy/8hIxjLyhF+YbhfNflP6TMl6N8rf3T68S0F1L2C5go5Lz+benMX13/n83zxc3rH8AGg+Hoe8vz3N8JCicsylEPCeLB5QnHosijqMQ0OSnvlp0ugr+vHZiGaTFftTc5FoDbqv6n/6s+GI7e9vqtrtt1fzQ+fpofu8NzeX3t6RzAnlvenAMAAAAAAAAAAAAAgH30VNKzNEHTB/wAAAAA7IyrfWbIkRT/2B8AAAAAAAAAAAAAAAAAAACA7C4CAAD//3Y4Qng=") r0 = socket$unix(0x1, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$nl_netfilter(0x10, 0x3, 0xc) dup3(r1, r0, 0x0) r5 = open$dir(&(0x7f0000000140)='.\x00', 0x0, 0x0) r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x18) renameat2(r5, &(0x7f0000000000)='./file1\x00', r6, &(0x7f0000000340)='./file1\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000002240)='./file0\x00', 0x0, 0x0, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}]}) 4.256399625s ago: executing program 1 (id=331): syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="000037ab7d818c7880beaf956770407d7a05c1bb0aa6aebef6bd46f82853825b67c84a908adca22e7266dfd4f239a3abbb98f982f6e8d45852b4cc9d5fdab730a45584d799dfdd019bf9611c91a31edc45c2f064bf78d886991b3c7941edf04673356b94520592b962a1dab9fa4c3c9d49d87496c1ce44b6dec02025820fb3ed45c925fe051befbf13f0e7026dc95bd3fc0a8e63f7da4659261c70f15ede8a630c105f515b104972c655bab6adc2b7b2d07967b2d2250748d0c4ead793be8df6000000000000000000000000155c8ff98b9b99aec7ca377070cae0adee5c07ae8ceb858c2a9d2e6976b510e64a19254bf2686cde54aeca904df99159ba522010aba8c420a9a1acf0176b46b1802f5b28cfab8c9004777dde3fcb98de01819c0dc84e"], 0x22) syz_emit_vhci(&(0x7f0000000800)=ANY=[], 0x22) syz_emit_vhci(&(0x7f00000004c0)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="0604ea00000000000054679202"], 0xd) syz_emit_vhci(0x0, 0x14) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="03c90058cd294fbcedc17ccfa4025a1e5777b4814b0663f4852deb97559d7624bd505e611ef8a55937ffffffffffffff7f293408287051702a79e7442da8de9e11bf6e9357e6edea2d50e82f055f6f923cd4e59e223193d487cfa619"], 0x5c) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000780), 0x208e24b) openat$vnet(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) preadv(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x4) ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000340)=""/121, 0x79}) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="030f0404000000000000001620"], 0x7) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x1608d87, 0x4, 0x10001, 0x4, 0x8000, 0x0, 0x5, 0x7, 0x7b7, 0x0, 0x414, 0x4, 0x10001, 0xfffffffffffff924, 0xffffffff7fffffff], 0x10000, 0x286381}) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) r0 = syz_open_dev$sndpcmc(&(0x7f0000000400), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS32(r0, 0x80984120, &(0x7f0000000080)) mlock(&(0x7f0000001000/0x1000)=nil, 0x1000) mlock2(&(0x7f0000ab9000/0x1000)=nil, 0x1000, 0x1) syz_emit_vhci(&(0x7f00000007c0)=ANY=[@ANYRESDEC=r0], 0xb) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) msync(&(0x7f0000377000/0x4000)=nil, 0x4000, 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="044206000000000000"], 0x9) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r1, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10) bind$llc(r1, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) socket$igmp6(0xa, 0x3, 0x2) syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="040504a5c80068"], 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) 3.949482321s ago: executing program 2 (id=332): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0) socket$tipc(0x1e, 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0xc0505405, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) setsockopt$ax25_int(r1, 0x101, 0xa, &(0x7f0000000080)=0xbb1e, 0x4) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f0000000180)=0x4) listen(0xffffffffffffffff, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000015c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044051) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000010401040000000000000000000000000a000200000000001c0000000500010001000080c25e879aca591e3819"], 0x28}}, 0x0) sendto$inet6(r2, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) poll(0x0, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0) 3.842393512s ago: executing program 3 (id=333): sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x800000, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$inet6(r2, 0x0, 0x0, 0x0) r3 = socket(0xf, 0x3, 0x0) write(r3, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f00"/28, 0x32) recvmmsg(r3, &(0x7f0000000200), 0x0, 0x0, &(0x7f00000001c0)={0x77359400}) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x20440) ioctl$SCSI_IOCTL_GET_PCI(r4, 0x1274, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/rpc\x00') renameat2(r0, &(0x7f0000000100)='./file0\x00', r5, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000340)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha1\x00'}, 0x58) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/vmstat\x00', 0x0, 0x0) pread64(r6, &(0x7f0000000280)=""/169, 0xa9, 0x25) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) unshare(0x20000480) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000001680)=@mangle={'mangle\x00', 0x44, 0x6, 0xc28, 0x98, 0x98, 0x0, 0x228, 0x98, 0xb90, 0xb90, 0xb90, 0xb90, 0xb90, 0x6, 0x0, {[{{@ip={@broadcast, @dev, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xac8}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00'}, 0x0, 0xa8, 0xd0, 0x0, {}, [@common=@unspec=@devgroup={{0x38}, {0xe}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@ttl={{0x28}}]}, @ECN={0x28}}, {{@ip={@private, @multicast2, 0x0, 0x0, 'veth0\x00', 'bond0\x00'}, 0x0, 0x878, 0x8a0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@u32={{0x7e0}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xc88) 3.74732812s ago: executing program 2 (id=334): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000007300)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000003180), 0x0, 0x0, 0x50}}], 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.567865983s ago: executing program 3 (id=335): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x90) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r3, r5}, 0x10) bpf$ITER_CREATE(0x22, &(0x7f0000000040)={r6}, 0x8) bpf$LINK_DETACH(0xf, &(0x7f0000000080)=r6, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) 2.510419202s ago: executing program 3 (id=336): pipe2(&(0x7f0000000300), 0x0) syz_emit_ethernet(0x36, 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000002bc0)={0x2020}, 0x2020) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_pidfd_open(0x0, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) fanotify_init(0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={0xffffffffffffffff, 0x7, 0x0, 0x0, &(0x7f0000000040), 0x0, 0xffb0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$nl_route(0x10, 0x3, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x271, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d"}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) syz_usb_connect$cdc_ncm(0x0, 0x91, &(0x7f0000000680)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7f, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, ';'}, {0x5, 0x24, 0x0, 0xfffe}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x0, 0x2f}, {0x6}, [@mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x0, 0x1ff}, @network_terminal={0x7, 0x24, 0xa, 0x7, 0x0, 0x7}, @network_terminal={0x7, 0x24, 0xa, 0x6d, 0x0, 0xfe}, @mbim={0xc, 0x24, 0x1b, 0x100, 0x59d}]}}}}}]}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x8, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x4}]}}}]}, 0x38}}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000b00)={{0x12, 0x1, 0x0, 0xa5, 0xaf, 0x5f, 0x20, 0xe8d, 0x23, 0x3aab, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x56, 0x0, 0x0, 0xa}}]}}]}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=ANY=[@ANYBLOB="00000000000080000000148a3045e2d59b2f835be5ea0e158eca154cbab5354fbf743f5fc122403262404ab03d579ff00ae8803b1d4b880ed1f02b5aa5b0c2883f9126da4a26a5f382ff54dd48e667192affe59dc40ee4fc3ec1030a0850e9281e119ab2de5ada1393ab9069", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e64000000001100028005000100030000000500150000000000"], 0x44}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) syz_io_uring_setup(0x24f8, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000040), &(0x7f0000000080)) socket$inet6_sctp(0xa, 0x801, 0x84) syz_io_uring_setup(0x1fbf, &(0x7f0000000040)={0x0, 0x0, 0x140}, &(0x7f00000000c0), &(0x7f0000000100)) 2.209942465s ago: executing program 2 (id=337): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bad547412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a63506e8cb76bba42c6bee078240ec871a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f6306644f6f08bbd3ca3229d272acd3483bf3ae4228f7a2b839594856918b10ca47ad4dc249d99c244aba277d101b5ac305"], 0xd) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="04228e03c80000001900000000087153747f969e99df4ce46e32770322ecb729d355601ae95054505636932cc0e259ba2b5419ab8c9f86e4"], 0x14) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000780), 0x208e24b) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00') lseek(r2, 0x4, 0x0) bpf$BPF_PROG_QUERY(0x9, &(0x7f0000000140)={@map=0x1, 0x0, 0x4, 0x0, &(0x7f0000000000)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) getdents(r2, 0x0, 0x48) ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=""/121, 0x79}) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffc, 0xffffffffffffffe1, 0x0, 0x0, 0x10001, 0xfffffffffffff924], 0x2}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r4 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) listen(r4, 0x80080400) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x8, 0x3, 0x2c8, 0x160, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x230, 0xffffffff, 0xffffffff, 0x230, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x130, 0x160, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x7d}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x2}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328) connect$inet(0xffffffffffffffff, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) r6 = socket(0x1, 0x2, 0x0) syz_io_uring_setup(0x27f3, &(0x7f0000000340), 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000000)=""/135, 0x87}], 0x300) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_perm_addr={0x33}}) syz_emit_vhci(0x0, 0xffffffffffffffc7) 1.877926203s ago: executing program 4 (id=338): openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x200000000004e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x200116c0}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x12, &(0x7f0000000300), 0x4) write$binfmt_elf64(r0, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0x100000530) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0) 1.741279475s ago: executing program 1 (id=339): syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x800, &(0x7f00000011c0)=ANY=[@ANYRES32=0x0, @ANYRES8, @ANYRES16, @ANYBLOB="9dbe489148f5b0e0c5e214038a36626e9f8f050f644e657b8323ec5e815bd46e72a7be382f1dac2b9cab191c72157f4964d577a371c97b5183d1565f935cd8afbe4247a43f9e09be676243a2678bd2ef1d79802a9846a9bfe63bb1a18fb6", @ANYRES16], 0x1, 0x1cb, &(0x7f0000000280)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBQuMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xy4uNgcHvzElPXa1lsswMrZ7a8hW3tNetOQURk0vtMXKTXMwjwcwQmnpkUbEQQ3ZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT8xrykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCHp2yFhIaGk8QVCYsGE8YP//83uIKcmNLAkKYQxpjECQ0IZn42twUKLcknmEKPciydKWFxQKjq5E9LzbcOiW4ztj11YDvDc/g4z5qCPkGj4xIMTgsF/8uAjEloaCjTWMu01HbBlyKNvxJeq42dMhjc7ZmWwQKUpQFEroTyZMF6EpJXeOhoahqlJCc0bGKBOmDrHs7VAg0MSNGmwsDAsJ0RFrcQcA3GGAWjYBSMglEwCkbBKBgFo2AUjIJRMCIAIAAA///cmpKG") socket$inet6_sctp(0xa, 0x1, 0x84) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) syz_open_procfs(0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x0, 0x0, &(0x7f0000000040)={0x0, 0x6}) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000480)="b9ff03076844268cb89e14f088a8", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.518588965s ago: executing program 0 (id=274): syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f0000000300)=0x100000001, 0x4) r1 = memfd_create(0x0, 0x0) fallocate(r1, 0x0, 0x0, 0x10001) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r0, &(0x7f0000000340)='\b', 0x1, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x0, 0x0, 0xfffffffffffffd25) 1.197497361s ago: executing program 2 (id=340): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001500)={0xffffffffffffffff}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) pselect6(0x40, &(0x7f0000000380)={0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0) ioctl$TCSBRKP(r0, 0x5437, 0x0) 464.54749ms ago: executing program 1 (id=341): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010921"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f00000000c0)={0x40, 0xb, 0x98, {0x98, 0x0, "3af10391f6f64d17989e8e77365dd9e3c699519c102ea670235159903a1433175198e2287a75a7286192d04d6826dcc308414de3c59f29eca893370da51e7e65186f550275303923df2dda85c60b8f9d7294fea2887b61d229f853fe3ec9e5c845fb8bf83d86f16c67661aa36afd947fc98979664a3ef7338ae97a43574b23adcff2ca0e22c10dd08dc3739420e6e996cca9d5e3d837"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x422}}, &(0x7f0000000840)=ANY=[@ANYBLOB="000f12000000050f1200020a10030204009509910003100b8d0a88f35b51c31c94a3818a007bb20372ab711aefe86ab0bf16f2d1690a505e0e0b4ba0966f50756b679ce7e725acda21263f19533990e24e2ec8992bf105b48b7199423006f56f676c47b5d67514d907c3aaa97482a9ac5634797658dd7f8530a8ec00ccbf5217881ab2d2262da8988d3ae3e68a76de894d0e9fa5f4388427c8c9f6d111a609520e2df120430c757450c7ef06063d1bde5c89d0883d5b18f9b9642691816045f744d0c4b6fac13749bafc593d57d22d1b49cdf06a"], &(0x7f00000001c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0xfb, 0x18, 0x0, 0x3c, "ca915279", "a9622aa7"}}, &(0x7f0000000200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x0, 0x0, 0x8, 0xc0, 0x6, 0x1800}}}, &(0x7f0000000780)={0x84, &(0x7f0000000280)={0x40, 0x11, 0xf0, "678b54649b4d66e7901397ff69dc7d57b8ae72c82f3e135b48e2a2628f9da42adbb0ee4263ee19e55aded1e45fe187701d7a228b130b0085295304f5979a852be596bd715bbdc24be536c99ec3662915f3430401f69d8eda76abe3db80d02727e39963233f049e030d448ad9dea5d8c81482fd5370bf01833d2fb06380bc9c033f5a387563032c6fa85bddaa43417671518c62d77f7b2eab6e8d4eb0315c518648a9b77f9865a5aeac8a8533099cb4414e4f42b05ca1fb9b3101ebf1d6026d750507bc25444e32743228445a549a37929c1838a3e0f0f932f8ab3399a40cd46ea676fc635beadf49afb1642a6f128827"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x86}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0xd}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x49c412e0632bd5c4}}, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x140, 0x20}}, &(0x7f0000000480)={0x40, 0x7, 0x2, 0x5}, &(0x7f00000004c0)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000500)={0x40, 0xb, 0x2, 'p,'}, &(0x7f0000000540)={0x40, 0xf, 0x2, 0x2}, &(0x7f0000000580)={0x40, 0x13, 0x6, @multicast}, &(0x7f00000005c0)={0x40, 0x17, 0x6, @multicast}, 0x0, &(0x7f0000000680)={0x40, 0x1a, 0x2, 0x5}, &(0x7f00000006c0)={0x40, 0x1c, 0x1, 0x4}, &(0x7f0000000700)={0x40, 0x1e, 0x1, 0x7}, &(0x7f0000000740)={0x40, 0x21, 0x1, 0x2}}) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="81feffecff000000"], 0x0, 0x0}, 0x0) 463.820118ms ago: executing program 4 (id=342): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) r2 = epoll_create(0x47f) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000540)) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x1) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640), 0x0, 0x0}) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000060c0)="970b180393e57da0084004606e0f7eb55b4379b678ec58dd5832867fc4741e325499108ee901f5ade42a10a2a5ca59b706328aca067422dcda816a63687f6b445fdf7c8c4c158921aab593be18f8f3e3a72a3c634c089c468f2afa55a47fcb36c8ec931a3b8e995ca8f9da378136eee8d00878a33e262e3718e8829586fb5a3bdd2143ea5a880a6322892369f494dd40593794a88b4f0e69dfc3d573117dc27d511cb0b7e7d1c13dac381d4472cb9eba0637c9611565d496c7a6936582144f524085bf34af3a90ac0a0db2f79a423fa8b797909b65b72ee23068ebf92a9ae53fdeca4a47ec6838e363039c63988cf6f4f393f907cff08e13520751cfa3bfeb452f120d8a5f462b040f8537f7add203eb2b2f5784376b4e0d85c027c4e0d5817ce1db986581a147a5c7e820212907992afff07f13a43b2a2c23e6f61d7bdafdea1d396e0fa1e79afd07195dfdab53cbe75d4b96971caef941b69525b87d59fcb99bfb348a12236968f9dacbfbdc4d9b0b01df755ba3b6c320a29e5bc23bd6b20f3b27dc3d63d2d2ef11865347c5ca1504ded5d549e17e1194d717c79bc330ebfc3929d079152f51f3ab9701a3241c7df4130027ca1a6d0e6b5f2f2c3b659cbea4cef19728b45f1325e04151af66111cabddafa17b90f193c52d1c4fb646f99fd42d77a3f16c05a491a775962a2a4ee9f9f6c1a5eaa68305a88add9d6f35815f37cadae92293a0db1613662f145991ba5fd632c4a170588f8265e11b3e1a4ff2b17f3664b98d9c6f54a356f19a9b72175e7eb46ff4330812993886cd7b42ffdc3767a4ac16dd21d76417b70cfe97ad6ad0ddea7284d0e3ecf0c6c6b57833f65963f3764e297c994e0181bbf693c8fc0e57fc15b2ad776a00c19a805a906ffa80efa4116d5f5c9863a74bb340008d958db841c5f1e3b286afac717ceabcc7310e75e45b61215f6ba0bb496bd5e094b6139326758c1d81b176e11da5eda522f05346e1a71a6358b4c9b7653a66ae7153858fac4695d64fe2962b0d62d6d8aac14cf9cd2199fb039b54b64f5085434b2339f90bc11f2e407a6e84557de9a7a7edcc3b15a7798cbc68c1b1e1a822103bd43b656e933bfe886736a2bda6ccb228a8e4fae5956673db0105999017d8b68159f7a9480fd2ca70bb7e9fbc8f4f1c3581b1f528c8fb5b5d6beb769dd5e9650739f3cfcb61ab7b066c342a6c6886b0bd83f399e3eb74d2cafce7fc76febe624a37e185924afa8695caa7d3c1a97fd6684979ef33957a334fbf10c7a9bba18397082580df2425129a87c4868d41d1bcda8a7faaf1afd492cb4c83b7c5ce7a950f92186cc07bf27dcf58ac56506f2453399070ae8e5b009e40eb1970bbe8a1c9f3befb54255602bd191bd46c56c0fda2842462c0b68884f9a922d2a8b161aa9ca2c0c52bcfa26b7b7a152f2ccd16ec4974361f7322dc3b345e926e1a1b56200dc425e2e03c3d7194f9cbd321e10de387adf9790a5706bcf05d9b8c16e40e5633c44553c2aa8611f7656fc732b5dfce1eaf212d2521eb013fcf154d251553ba7a6a1f7ba8b7ceb3a1df621376543a451fe76671beaab4833f1be28247919c7cdf4177e2c9cca78ce52b5a7e4dde913dd8b13ce861bbf7048822041f4b29b3441b4880a8f7a4a289ad3c6258494e7736e48373408d248c3b033372ebdb3d9a406869445b5d956434a576b83d4a7e7b47ae8c69f50be20ea56f171e592e114602ed4f47e86dc34008770940adb4f0167811c474ada06693b55f567cc3201f97c08a3711dca486a86c367f59ce44259c1d71cdb135aa8630c4cae61ad07998a2f781ff87c946e8aef9bde6d4738bc009fc43fd176bc38756a0ca48c382395b48bc55da32892551ecdd0bd3f4c69a79bbe600f4103f21e443821492b92516833b231942e91a39e7401a42ba3e99a3a2fefa6167365b9050305b6f09a013f41e764a80f422cce051e5b30ba6528540ee5d4ea5872572c85f321b68e730f40f64b648be31a9e530718ec17443a1a4dcdb79cf799cfa75d0bfa0fde71828d8f51e38dc3d1d77430ceed007426f689d5843c34afdec5dde3e480a36ffa25db4b3483cde91e56eee8756dd953a3abff11bd7901d6b37c8371b023d7457361908576f92990f19e9f48dc58ca550e61a035161f1539b14b7bcce535b3a3783021094129f312c03e51df62579ae9423927021e8bcf530116f3658a1e94d39a800452f7461d2f001f86b911a8a14b9e61c2fd8f959ea40793df240aed5e5862ea59d78fb235788c1ba3c0ec44fbefc29c2e6f22d70849750625c3c15227579d42858b5fac30bbe86491697cec1c4543addc1f50202fdf77a6d2d23e70ed611a63368694e459012ebdbe71c4f702980d7ae63aaee33d5f8df5fce071c73cd918991c6ba2f95f33a9917a22c9e7342dd492c9e2c2f6457c3a48f35edc1720f2224f2af2ef4c0a38b75ce27aae5d5ef615920ab9245851590cdcdcfaa7e5a66b73f5a0a1bcf1bab66ecdfc0dcbd8cebb1b98f6256cea6761c835a761819018fd9c3d2f541eba25abde06f1551328800b1efc04d8e10594dbe95f9f10005cae8c5b27cc18268ebaa4578f9dcfa99aa61567a55b43545ec729764af99d224cfea6a36a93d4f70bae3225256e179e81a0c64dffce9c2141994253af664c33f881aa417fa3b7e9424f1841f1aa845ea0fe05c4e47b318bef60709d6f20c9eee6e8c0c18bd161d3dbe57d82903937e10c41aa9066dcee124354584232afdcb60d185bc39fcc5e7e5124d17e2f998b64836b587cf233469b92af65a70f4a8f35df9e24c7d5d21bda27ae44ce6706f86d3747db675aa329e8b43652bb1e89687dd003dd7924d300f498d444639b3fd413840cfa958e436e5959e95486161af807cbb7304d99284818eabe39493c66664e92143ff41602a3805369f461abeae5e5b6987a20fa47495cbeeeb322c848147dd9a052384a49898138557e10eb015df370d01977083ad24c7defc8c80583d5f5eca20d0853afb9f41c356f8da0e2435d423528f67f091fc614645980a57ed893ded1c3d37881b243b8a5503f45672492f3849895c9377277a91e7090241832629032872294896107628ffd1151c444153f54b484fa3e5ca057cbe073e6039c11b1eceaf7e20eef2576aa99e7a3f36aed9beb089af28d82e2dc5e97da4878b76b5224e1d293f5223c09f715fba13945695a98624eade1381e31c5651069805e6f707811586f5f81e431e8624a608ba1ab405d2593b1f9f667b89d82e60048e4ef3be98bd3078beb4e5e66e8823c8b427d6f84468f1f18f1ff8a8c11515426993334bcbe0c3ba37b91be07eb800fb2e00a24351457d8fc067b4bfec43c0ce8cd26b23bfbb27d3da7bca3efb7fe6f7715760eda4e3a27a7be7419b803667ef6057bdd5d44250b47fa156af04db91fc57f25425b3cfbaf90a840fe5cfcefcd1500cf4908ec4df10c8bc14ec284bb99b13a8f6136e5e1c669806cb5a4a5227f7952c5b605a2b443866fae399a1f8fea323784935c3e5a9ba9e831749efc9b8228421bdb91afed16341962535cebf6fb02679e5412f67db405c90e218789b634d92a41aaf528c92b8bf38b629a1797c036465b77dc3bb124bdddd309136681d3fbe0251698da27c6f89589171e4492209f7eb48d50a161a5135602fca3355f8934f879c54afb91224901b635ed372fdacc9469471225d2ef3c980466027b86cfe3d664071edaa29b47455064a074da56f4e098ddf27984dac546826aed38e464d5c5a79a3ece544cdb3801de0e29bf5164dbcc14578e3e6c44a4a9041e2315f1243358c5949377352911e0a67c6de7e11b0881af528fe478c34909a1178a8a4f7fb727317e4f3981706d9c9215224604c2d6a4faeefc21bd635c8412931ac4feb2c60666672fb6dc5deda0d6c4ce31f2b6cb45907427691488abb280c3fd001f3d7507c0db358af7151d3b8e2e98eb8a78ee69966f7a1307882c5b57530e0dab5c57f84852c42db013e3448da2fb0a754ed97c001f33cca549eb71d7aef88d1ae7fac0d96f334556d75f600a029ed698ce9e4302279999726a57337b9afda0b0292c14d1687a85326120d9fcd84cdc02718f26c12ca28cac81af0dede79685233be41c7269c57100c603a4f9536f757fa753353bd0cded7d4edab29dff6f7dd5faa81078c263c9d1d7e662a0ffae22d8d12e679de9ec6c634ba46ddf6aa86ac0be41cabd9b14fd12107ffce96915fa0154f5b6017fa866d14ff47754a58ba14c1a3eb3f23f040779a788b774604c3a8a7dd818619352cf47849eebfdd3b49b56f376044e7cb218759059fa85057f96c159ccd63ea6cd0bf47781c2d023411854dd3ea46f4913cda9672655e566d2e83fe2e0eb5476bd6fd7a84557e37a4e8d32c75ab51dbffc59f0cebc3edeb395f38f82765ed3cfdce75b2fd570e783c8c3afb31049383af0b51575e5c9dd9332bde6f684a3e11d199f43004439ed535a20c7f2a695cf9b547985421ac62c2289c71491f0617d23cb7a9466c8f0482eb2e8aa782118702761e0267ef500afc52f4a3a7a53ef22aea542f679dc5c751c766e06af453576689c87b3b89c091e5444ff6fb1472fbd271fffb268a2eada125d7acfc70c8ff4cfd3f5421941c2857e54ed0617d6430b806d605c2e508cd5a7764d6ecdc69dbd050a97f8696535585bbb95b66f751566ce612aebce9a0b021f9fbf067870fe447dd05e8c521413e7f27955db3b8239836b6ad120f5fb48e9003bd19b05f94752743d89bdc5492c2ca1bc3133fe0ceb29451900e2ac713cf2cbc3a531048a473a195ad40c685b539f806f434c9e2cb6a8a25df84d41c13d1ceb90de1a3efecd06a53ac9a32654d1ece86dcf6fa17ea6a4f367f9b360b3e26514bf94af1f52d9c0b0691241e3c6c302e7054bb738cb234019c0e45a7db270ab9d75df73568f25579d33e7b42743c924b1f888df85c6166228f5391962b689f0a4d9683b43ddc98982a820b5c60d9c4e3997cd2212fc3850b2bd41342ccbefc1e4ec2ad7ae285f156f4a4f383281018c73ca4f2e9d255487a9717dd39cd744a000c68c53f82a22a08bcb734b5bbb8364180991140c2e727dfce4b19e70c968c97393b56019ef84688772d488b9bd6fa9354ab64f731e6adab543851e5ca1470fd13d0334ba025b57db5d9ea13c970642726284fefddab8fdf7155f5b8e3b3b86d098c4207b428bffcc7ff76f6397b6a3efc3c0b0fb2a4343b4051271f87e384c2b659086ba668c66a15d68b87faf82a60b184f27256e36a9ada7c4422754be56dbbab50ed781f36e40ded65a30378003de5b5cd5f80a6042613c76e80851312c7ed2c07b762b85a1b6928a7b2428d2bc7a6bfdfa2ba55aed54fd3c878ec655caf1223245433b7c6fc2a2d3b0393d7ba4e12f26a53b9d5afdbab230b9148f061df2e1c0fe73c2abcd142125367fa5e598e500263d9b27e759c08b7debee4695a5b192d968108c134241f236cae0434ed71e5099cd466cfb04d5f7cef2e94683172f82a9841610cb6fe55d4bfe73920992bb76f362b9cf7919c906495d4b37a915d23168fd7ffc2f36de55a1b17fa2232df03663ffa2a4c5e76aad90fd5abc80b6dfc16ec6aa328cc7714dc2d7bb14aae9f86c999e93a59fd18fb2300539bca25e69b04943a16c985ff481a42c9d8af43eb61ef7432b8e3aa5bc391c181b7d546b94ac659bc4b501157d3adf9d4cda4e298a4e4271fa2cd08919b055eb3f168df76c1f0b0d5cf5760b56774f105e51c93cc03ce97b00768b9620a6fd5162b9d9191ac0928d2460e4e821a276680cedb3b8167bc156b48a34d4c24d4a87fd09968a725d4b6a1b54b169f1e14143e97a84cf3d8eb4ec5458dcd5ff93365396c00533c3493847f595725a4f15300183eac306d16ea136b97a9864d16330d8c5b8321a6947caeb9cdc7ff4e53c419518ce9bc11f7355651be27a2c2b9ff4127ad86b96c1b5967def371d5d6a3f365abaca55c5f19600d1d5051d320b065c2f78f2147c170b9153a0eefd7b3f1e637cac3fff14b0eeaf472e6a6a9f7553ed3267c911d4d77a4f7285b77df725b3a88fbfd221343f656d60b61808b52a8facc81b8516698f2ac50cd8769371e67278c59ab1cc890fab36206b939f23b31ab976651ca8a4e7754bb10d03d4cc6506f13d98f2bda76477a69a8794a34614a88a7ec94e1a229ad6f747724a3bfb674cc87ea0dfb610f66057671f664206672e78c00a3f4585f17fc40827d0c8af88d3437f811274f662e9ee73d550833d0c8fde449089f8b5e8a25d25096537ac960699a07ebb51271a8f8556037436307063282febae745d53f8db65f13f24cc2e525ae465c9bf79f76b82dceada3bf34529321f913dd18548ab2a26f2a065028f46f4dfb18294dff30a7e5b131a08c671787baea45545d15629ec2f435d9138e517055cd48af7120b3b79f2275baed8a4b6a0f33c30890105ae2c07a332df79f2fd6767ecc66f1ed628c968a2685813342677a2823d10263958eee79d03e393a557475701694b5ec3dec8773f37b980f5812f1cbaed6e5253da037b5f88ba2070f445d74907679460dd48e16442d345abbd37f7853ec7123ff16db46c8571987db63ed711d36c05c2dafac47ea366f9467624b6296a2b9fb7056702d4ba38b4df72e7db3244421f31aa0911af3e3a09f9e08e96aa1545c37465f990bab4ee2821b1a701aa707db1dc18d52fcede15245f54a5f1a47b0d82c33fa378625d247b08753ac5fa5444b2e3f9d1d3918b154665b02fba87e39d0e27bdf60b27930eee02c31d847d40166544ab9ef801bd79bcc8d93980354021b8c7a1b9592934a90917db115bcd92068a970680011cb074da705f1cd06a0142862a777c6a47afd38721979323e27151c114e8901d41f79358e78289af10134e22d903415e2ebd2edf34ae10eefeec219db7b13ac983583dd4b02dcc615c6f70e6cf35ea216807c4b9c81482c2b941c7d6cd6621d9480ba924a3372ca3e3ca78438b0e9bf7c8436fcc0047b3bdb8d70190076d9feea778005d5d69f1b1194c76dce628e17b6beb299146b25f3f6660263c23dbcd08f70ccb45569a81a140eff66f2190110cf0977d9df7a2c437042961606ca1a378c8f59a310ad6c9cb4ff30a2d55411eeb38d927bb4d0f60ae75d90ab78dad14097f6dd38f512af2f932e1ad6a5e201180373689981f23bd9f59e4ca29244a8ea4236527fe2249eaa299af174f25b13d72b181c2f421652ece630ee1358098c29f84506654ffad3647792852a7faf107e36ae330886ffcef6e3a1725495e430568a9cd85d385e5a15d2f77ed274be3c8edfc52c230d21785b927bb8e470f989e8c89b01af8d04fc7050fc978013fbc5dcedd2baf5e8bfa8e2e1d3f193c224375db2f71d4655d2f647e9b1739657a0ad8ef6751a88151a3413ab870e0d7ba3f0a55ce3f30d55e8eb9e47e3d82563d9180399e7895490b8561a374acf5c94a1c648fa06780c4141c58ed913fb92865d3b4883301ba69b3f2b20c1f82024bd75e62ce2972d3219bdb961ab3bbac8f1d873ddece6d85f540f82c9d79b0937973335fe05e5c6ad8fcc525620a57678d58c7c2f0f157e03073d01fe4f6de520b390794cefdc6c828b4512fb6b2000d08e38693fa22834e69180d31b3978f9da75389f919a0d49ff961997d14ae6bdffcfb179c2ead52c69dae97416eef2602843dcbe4e5ae613d429feef7ffba6a31a8be8bf2e62c6d374c807363a986519a8cf9dfc99fc6607486e10599ae415b51e23f639194885e5119036e0e535accb4f126b4c45c47a53658af1e049daa2967b01d9450625d92f8f8e9d151633646044fcc5f6ad835479d48702839456decf070c7e6143cd31033810bd7da01c4a2cfb08605b25c00336f17d3b5a3db48866ef864b8d9cea9530429d3fb1afc7ae9e7d06aea9034db89b2ec8fc2a96d8d701fc51994305077dbea527bc0fc398b6bb7d42f0c408be69b98eb173d285fd8010ba75c57f2dd982582153814ff959fccc78aa5f7901357f6129f840af6649534f9ebc7750a20502a7cbf2d2f28c6f97884f43779bbbf93c550f8e79949db0e066538456b4e966761656eb7bebd5afe9b9fc241711b874682b226e9c6baecc1e909858e01b32472f6f8d483c073d3b576a4b03534dc4b620e21e6feb4bb2ddb37e3f0d4ff92c0af19e6087034c72c5928707748bc10ea22788bd938a0e6512cae4733fc1a2e47f3d4961932fe564684872922b44db143bea77580b0704675290e0839cb5ee529ada8b4c0bb14f05c5c396e29376f1ea80dea2852a88ddf8929fd402571fb242ead60d2be61f1662e1a833969e18e23e0b808900e7ed4be9d6944942da7d384739da1055cddc94937e1ea4cd305bf161c407b471df0ce3fb3413c5bd511d3c65e70edeb5397b0a8701538be7d2f1765688cbb0379744281231e60f5edcbfa6abd177405c455f77e30b95011ae4fda2a3c6d3f9a29bfe7656f6afba48358d57b4e1a84ebca241b7a427c6f806d1f771b540912f05a6df0d5223f85639fd7c163799e28abd08e4013aa43ddbc11ccc9d53131ec5c75f7682481968ad13ef34ba23d4759b51c4cac5a7ca2c73b3103c5b9e4b8686b872edcaca791d669589655e239920fc088eeced3a131ddff2eee9fab3cced40163eebfb29a85b3e97bbd97d17c3b06d3123409f115cf3e3d1c74dcc359664ab942e6ab36c41b1af4015ff5baf700eb99abd658e6833039051a235a2f84b70cb8d90271a481ce40e2a18bef8dcf7f54952b090bbaaaad391cb6cfa218a1e823ca7b16311e35e0350dd8016f67ed34771d7f3a607c1c9ed63524ea0c865148b05f1d017e475641b5076df632b7c261ef54c23eaf7cf52c22864a8ae8f8c3442d147fd52a801f87665b47e229a77b8e85c21d7996c7de9ac4899b098380f74eff119369c81b21b0b916017d0b604ca2a74b1424a4c3132d265d12a01ec2e8cff9809ed2f7891c55bc5cb932c6ea3cdba14cef47a2a0521e36869e9d62914447c3e6cf3da9ecaed915dec41e81605a46a4ec71a8b5ec0bc2f62b3237de7203e4b6d01bc32a5b2dc416623936a324b73e0c63ec414ce1bb4b344db85f014979ae866c4a2c2cce0f814862c0691883dd2d7bcd63fdf2ddf0cb2c6a1a10aa878ba997b74db8e894e4a7ed5e8ea1e3c0b602bae23c6c8c5f38b919aeef5625501fe5d4759c43e90de56122f3ecf87e8023f25e0d3ce64ab629409e881d2d1c5f083da90d45907e62ce3177f7982e514779a13f70bc207d9aa55835e37a5f4782242681ff46600ac9e63f90a245957440987b54b3678ae808c481d25755dba747cd7c3cc0fafb9a142e1ec1a9a5f81b5cdd6dbbc3a4ba5d49f58be6196c305e2af35fdbfbbae02cc4efe771d65e6000ec3f6cf394650f5144308c95279b9df3b29236a32ad3e9cd377296a4252e7dda1bb95d99c32cb81d970de4ff47760ee087dd2fa98392c8ede48391b49cd40e314adb896f0f5b08ffcdffdd70775160144552b13edfac23a09d53a4a4a827a1f216b2827cb9fb47a9fe6412d509d35b754d3700cc0dc8d7a3406a53bd1b0ee5112c50fb8f805be52a6c4e1e664d174727f33720bb371fbe9adc747a234013fcaadbce5cd2d416414b1900074e3ec73a36f32f9d7baa96ed4ea37aea560df4d9c724c69b440139a6dc1758bc74b59c521bc59958da71c4e5c23e4a8999305d989369a9bcd10f0faa789f4040950c349ef0ee910a822ba8df4a6cc16bd72dfb85d7c9a97911e96541a7fb6fb4711cdfe1e1083b2e8e870e2d2a7304f99296a496fe30553971b75f78ace054a8e3c6d54d40b2dbb2ee38a6244139fcba31b88a3ce91d637e7c88db35794002ca28533a46af85929f603e4cf4f5aea715ac4495d2c07e8bf79da078521fac5059dfe6dff61405fb6962987d15a2c7b27a851e3076803c7b4374a85f05b96e9bae91656a003e9acad767c9ac88b339fd868136b63fcb0520a2ee2f25128c8b97a0d43d60be7436756614108cfee63fb0fd65cce0bb0afcf5ea7fa817134c876c949945642a29d71aab10d05522b4b1788bb051ae1ad23fc7e75607580f9bfb7ed901a66d69e79ba742ba169f7e0d36d0c8482d3a85d66a9fc08b3e4c1669ffb4f74f418d4317fbf03b785859601b9e3af056b6a2543289738fe1e601e635ff04d750f8724bdebbbc920a7ca2f99cdaff265299bef09a2e20878682f2f37e46b5d2d3ade8d857ec6d3f7a2779080a5927749086b33b22def28633d53dae49362b4c4d47d2899562a52f22618a45998233048f0e54ba01dd53953c9f508abcb0acb1c1fb1d110e5d6c14d707713cea4cf0403b7573ab5b0a1439e6b2d29c46a3077e0dd296ca751db66f829a42c5afe0304c48fbef52c526c8f2100f6826fd4a5295f7492855f841fdb1f8487fba63b6db19af983a75468ad29a2b6cc58f9ef2dfeec8d798d60e1950731e65c5e2ec1065a22915a30845a5f87a26c067ea870d4e1ef71f67617906080b7b122b8ac9e4da1b05442b5477ee97343cb20f2587744abfa5f318ce29cbd24df1a6dbd42470789e17ae8115a588788d910a171b88dd1b94228728bfef3b28b2b32f523d603fa28d00cf23b0a201658f28ef7920f36a0da8917068a4435e0d710d320258114e2fcde2e1dec0c9faac26d671ea3735ee2b26cb644ba56ced9031cdd2b391c4b96aee7a4c38063e61dbd8ada24cea7ced0728a365bc2320eda9746823b7d83afdc8b3b293b56739011554000aec6272004a002328f20368c0902b8a8d251afebfb4d7b427cfa8927385626a474e3918ff557c8f19a8691011523a63c7e578b98c8951157f0763db3ebc4ea24388527e83b149ef89d4173ebb1c0c9aa3cf4e1a47faa3ebe7ca625e7ef077b38235781236797360696e552b9289a80491d4c3e70ff00b01540deb0de1b3385549b667cfa3598a34751868a14ccb22a420781452699563b16d0d0f1a7f0ba3f0ff45cc2d2536f1de9e024bbc923cede7725f84bf3e6a645f43c4ab3db6ddff671f283857262570b6652dbd8c869ca6a3896b870235047db08a54e5c39d7516c4b0d621d87a9c3e8c53249ff2ab9145f026ba4743a46197af56a0df022363ed59a5c2011e664a05fb952d5ad9ee2037c59a4075e4b504d91e87d303e0bc55cccaeb17e1cbab6176d2d148ce05fe986c79eb843886194f80e202c4f373244b38fd46643c1bc0fa8723ac498c71919e4ed8e5092832aec00a35ceeca94df7bd2c0c02dabc886cedf1fd044db2b45c30f8c0334c992eed40290baaeeb4d00e2cb504ca1173b6b6eec8d2aa3a1bf46e64c1ae1b3ca2882545729fe78d5e1e99c6f1f31c0b0f2190889c7318ce7605128a86c62c8a1fa107304c4609e28a2a43c6799ff6a7d70909ee10676801ee670004cf9632e34cb8cfb43d2f477ad335f5142da0baa4f4542dc93704e93a3420ec50284626fe36618b079d0db013d691583aba257947bdb1514d0318180ae43d0f94712f5c0de35f3e342ce7da65f755761506b9bfd186641fdbd03d5a2d4fe170fe23af8", 0x2000, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="85000000610000005400000000000000950000c1810000000000b4a8b154120610000000c79077fa15ba36eca61299de67cf77c9062430bc068829afff36b31fa7e35ce95d04"], &(0x7f0000000280)='syzkaller\x00', 0x1}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0xe40, 0x0, &(0x7f0000000240)="5cdd3086ddff0066b3c9bbac88a8862c00dffd0013dd00000000000000008100f5df86dd", 0x0, 0x15d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0) preadv(r7, &(0x7f00000002c0)=[{&(0x7f0000000580)=""/4078, 0xfffffffffffffccc}, {&(0x7f00000000c0)=""/46}], 0x10000000000000aa, 0xc6, 0x3) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000011c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r8, &(0x7f0000002440)={0x0, 0x0, &(0x7f0000002400)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="290200000000000000000300000008000400000000005db792c29c3c6ae2fbde8919ab6d7504be4877881440f6b64849046921312c789a07b87852463a219d2a9c3f"], 0x1c}}, 0x0) syz_usb_connect(0x5, 0xe4, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000017ffd340b1134200bbdf000000010902d200010000400009046a00067af4190009050f102000050801060c8b631b7507250102020700090501", @ANYRES32], 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) 237.801258ms ago: executing program 0 (id=343): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0) socket$tipc(0x1e, 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0xc0505405, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) setsockopt$ax25_int(r1, 0x101, 0xa, &(0x7f0000000080)=0xbb1e, 0x4) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f0000000180)=0x4) listen(0xffffffffffffffff, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000015c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044051) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000010401040000000000000000000000000a000200000000001c0000000500010001000080c25e879aca591e3819"], 0x28}}, 0x0) sendto$inet6(r2, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) poll(0x0, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0) 0s ago: executing program 0 (id=344): r0 = open(&(0x7f0000000100)='./bus\x00', 0x400145042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r1, 0x81fd) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x1670e68) write$tun(r0, &(0x7f0000000340)={@void, @void, @arp=@ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @remote, @rand_addr, @link_local, @local}}, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r3 = open(&(0x7f0000000080)='./bus\x00', 0x145842, 0x0) fallocate(r3, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): -0000-000000000000. [ 130.603926][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 130.634096][ T5751] loop2: detected capacity change from 0 to 512 [ 130.641351][ T5751] EXT4-fs: Ignoring removed bh option [ 130.650307][ T5727] loop0: detected capacity change from 0 to 32768 [ 130.667842][ T5727] XFS: ikeep mount option is deprecated. [ 130.673857][ T5727] XFS: ikeep mount option is deprecated. [ 130.690815][ T5751] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 130.754959][ T5727] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 130.812899][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 130.837981][ T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.858294][ T5751] EXT4-fs (loop2): 1 truncate cleaned up [ 130.864416][ T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.881245][ T5751] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 130.911394][ T9] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 130.923316][ T9] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 130.933655][ T9] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 130.943887][ T9] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 130.963468][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 130.972289][ T5751] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.989539][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.001151][ T9] usb 5-1: Product: syz [ 131.007113][ T9] usb 5-1: Manufacturer: syz [ 131.011965][ T9] usb 5-1: SerialNumber: syz [ 131.115799][ T5727] XFS (loop0): Ending clean mount [ 131.199428][ T5097] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 131.371885][ T5751] overlayfs: missing 'lowerdir' [ 131.423081][ T5145] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 131.574502][ T5767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 131.609903][ T5767] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.724365][ T5145] usb 4-1: config 0 has an invalid interface number: 106 but max is 0 [ 131.759784][ T5145] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 131.782962][ T5145] usb 4-1: config 0 has no interface number 0 [ 131.789501][ T5145] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 255, changing to 11 [ 131.817593][ T5145] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 59391, setting to 1024 [ 131.837943][ T5145] usb 4-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 131.880166][ T5145] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 131.895397][ T5145] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.946102][ T5144] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 131.947185][ T5145] usb 4-1: config 0 descriptor?? [ 131.979909][ T5758] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 132.080477][ T5145] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 132.219406][ T5144] usb 3-1: Using ep0 maxpacket: 32 [ 132.269693][ T5144] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.290621][ T5770] loop0: detected capacity change from 0 to 4096 [ 132.299661][ T5144] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.325934][ T5770] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 132.365947][ T5144] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 132.422737][ T5144] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 132.449281][ T5144] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 132.521015][ T5144] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 132.542094][ T5145] usb 4-1: USB disconnect, device number 7 [ 132.548102][ T1051] usb 4-1: Failed to submit usb control message: -71 [ 132.548200][ T1051] usb 4-1: unable to send the bmi data to the device: -71 [ 132.548220][ T1051] usb 4-1: unable to get target info from device [ 132.548235][ T1051] usb 4-1: could not get target info (-71) [ 132.585779][ T1051] usb 4-1: could not probe fw (-71) [ 132.606010][ T5144] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 132.621213][ T5144] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.640430][ T5144] usb 3-1: Product: syz [ 132.645094][ T5144] usb 3-1: Manufacturer: syz [ 132.649713][ T5144] usb 3-1: SerialNumber: syz [ 132.665258][ T1040] team0 (unregistering): Port device team_slave_1 removed [ 132.679108][ T5770] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 132.861025][ T1040] team0 (unregistering): Port device team_slave_0 removed [ 133.103965][ T5775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.139873][ T5775] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.373974][ T1245] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.381782][ T1245] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.312885][ C1] DEBUG: holding rtnl_mutex for 508 jiffies. [ 134.319611][ C1] task:kworker/u8:6 state:R running task stack:22672 pid:1040 tgid:1040 ppid:2 flags:0x00004000 [ 134.331763][ C1] Workqueue: netns cleanup_net [ 134.336911][ C1] Call Trace: [ 134.340346][ C1] [ 134.344306][ C1] __schedule+0x1800/0x4a60 [ 134.350339][ C1] ? __pfx___schedule+0x10/0x10 [ 134.355777][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 134.362161][ C1] ? preempt_schedule+0xe1/0xf0 [ 134.367251][ C1] preempt_schedule_common+0x84/0xd0 [ 134.372934][ C1] preempt_schedule+0xe1/0xf0 [ 134.377705][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 134.383165][ C1] preempt_schedule_thunk+0x1a/0x30 [ 134.388428][ C1] _raw_spin_unlock_irqrestore+0x130/0x140 [ 134.394420][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 134.400964][ C1] debug_object_activate+0x3e4/0x510 [ 134.406467][ C1] ? __pfx_debug_object_activate+0x10/0x10 [ 134.412375][ C1] ? __pfx_kernfs_free_rcu+0x10/0x10 [ 134.417786][ C1] call_rcu+0x97/0xa70 [ 134.422442][ C1] ? kernfs_put+0x1c6/0x370 [ 134.427126][ C1] ? __pfx_lock_release+0x10/0x10 [ 134.432274][ C1] ? __pfx_call_rcu+0x10/0x10 [ 134.437058][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 134.442328][ C1] kernfs_put+0x1dc/0x370 [ 134.446742][ C1] kernfs_remove_by_name_ns+0xe4/0x160 [ 134.452249][ C1] sysfs_remove_group+0xfe/0x2c0 [ 134.457475][ C1] sysfs_remove_groups+0x54/0xb0 [ 134.462612][ C1] device_remove_attrs+0x23a/0x290 [ 134.468148][ C1] ? __pfx_device_remove_attrs+0x10/0x10 [ 134.474006][ C1] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 134.480085][ C1] device_del+0x572/0x9b0 [ 134.484559][ C1] ? __pfx_device_del+0x10/0x10 [ 134.489613][ C1] ? netdev_unregister_kobject+0x178/0x250 [ 134.495600][ C1] unregister_netdevice_many_notify+0x17d3/0x1d20 [ 134.502092][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 134.508985][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 134.514967][ C1] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 134.521194][ C1] default_device_exit_batch+0xa0f/0xa90 [ 134.526919][ C1] ? __pfx___might_resched+0x10/0x10 [ 134.532290][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 134.538579][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 134.543969][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 134.550189][ C1] cleanup_net+0x89d/0xcc0 [ 134.554840][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 134.559877][ C1] ? process_scheduled_works+0x945/0x1830 [ 134.565700][ C1] process_scheduled_works+0xa2c/0x1830 [ 134.571348][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 134.577539][ C1] ? assign_work+0x364/0x3d0 [ 134.582204][ C1] worker_thread+0x86d/0xd40 [ 134.586896][ C1] ? __kthread_parkme+0x169/0x1d0 [ 134.592417][ C1] ? __pfx_worker_thread+0x10/0x10 [ 134.597627][ C1] kthread+0x2f0/0x390 [ 134.601765][ C1] ? __pfx_worker_thread+0x10/0x10 [ 134.606969][ C1] ? __pfx_kthread+0x10/0x10 [ 134.611767][ C1] ret_from_fork+0x4b/0x80 [ 134.616272][ C1] ? __pfx_kthread+0x10/0x10 [ 134.620966][ C1] ret_from_fork_asm+0x1a/0x30 [ 134.625854][ C1] [ 134.628935][ C1] DEBUG: waiting rtnl_mutex for 537 jiffies. [ 134.635002][ C1] task:syz-executor state:D stack:21024 pid:5615 tgid:5615 ppid:5610 flags:0x00004002 [ 134.645298][ C1] Call Trace: [ 134.648640][ C1] [ 134.651710][ C1] __schedule+0x1800/0x4a60 [ 134.656334][ C1] ? __pfx___schedule+0x10/0x10 [ 134.661273][ C1] ? __pfx_lock_release+0x10/0x10 [ 134.666549][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 134.671368][ T5779] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 134.672180][ C1] ? schedule+0x90/0x320 [ 134.672245][ C1] schedule+0x14b/0x320 [ 134.672272][ C1] schedule_preempt_disabled+0x13/0x30 [ 134.672319][ C1] __mutex_lock+0x6a4/0xd70 [ 134.672351][ C1] ? __mutex_lock+0x527/0xd70 [ 134.672379][ C1] ? unregister_nexthop_notifier+0x17/0x40 [ 134.672407][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 134.672455][ C1] ? synchronize_rcu+0x11b/0x360 [ 134.672491][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 134.672524][ C1] ? get_rtnl_holder+0x144/0x190 [ 134.672549][ C1] unregister_nexthop_notifier+0x17/0x40 [ 134.672597][ C1] nsim_fib_destroy+0x89/0x180 [ 134.672627][ C1] nsim_dev_reload_destroy+0x2e3/0x490 [ 134.672657][ C1] ? __pfx_nsim_bus_remove+0x10/0x10 [ 134.672684][ C1] nsim_drv_remove+0x58/0x160 [ 134.672731][ C1] device_release_driver_internal+0x4a9/0x7c0 [ 134.672769][ C1] bus_remove_device+0x34f/0x420 [ 134.672867][ C1] device_del+0x57a/0x9b0 [ 134.672908][ C1] ? __pfx_device_del+0x10/0x10 [ 134.672943][ C1] device_unregister+0x20/0xc0 [ 134.672968][ C1] del_device_store+0x363/0x480 [ 134.673024][ C1] ? __pfx_del_device_store+0x10/0x10 [ 134.673059][ C1] ? sysfs_kf_write+0x182/0x2a0 [ 134.673085][ C1] ? bus_attr_store+0x4f/0xa0 [ 134.673108][ C1] ? __pfx_sysfs_kf_write+0x10/0x10 [ 134.673164][ C1] kernfs_fop_write_iter+0x3a1/0x500 [ 134.673197][ C1] vfs_write+0xa72/0xc90 [ 134.673223][ C1] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 134.673249][ C1] ? __pfx_vfs_write+0x10/0x10 [ 134.829730][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 134.835026][ C1] ? blkcg_maybe_throttle_current+0x1ab/0xb80 [ 134.841428][ C1] ksys_write+0x1a0/0x2c0 [ 134.845813][ C1] ? __pfx_ksys_write+0x10/0x10 [ 134.850740][ C1] ? do_syscall_64+0x100/0x230 [ 134.855602][ C1] ? do_syscall_64+0xb6/0x230 [ 134.860350][ C1] do_syscall_64+0xf3/0x230 [ 134.865019][ C1] ? clear_bhb_loop+0x35/0x90 [ 134.869760][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.875739][ C1] RIP: 0033:0x7f939477475f [ 134.880247][ C1] RSP: 002b:00007ffe5aad7b60 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 134.888854][ C1] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f939477475f [ 134.897026][ C1] RDX: 0000000000000001 RSI: 00007ffe5aad7bb0 RDI: 0000000000000005 [ 134.905270][ C1] RBP: 00007f93947e45a0 R08: 0000000000000000 R09: 00007ffe5aad79b7 [ 134.913432][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 134.921494][ C1] R13: 00007ffe5aad7bb0 R14: 00007f9395434620 R15: 0000000000000003 [ 134.930004][ C1] [ 134.933201][ C1] [ 134.933201][ C1] Showing all locks held in the system: [ 134.940966][ C1] 6 locks held by kworker/0:1/9: [ 134.946333][ C1] #0: ffff888018aa9948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 134.957853][ C1] #1: ffffc900000e7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 134.969877][ C1] #2: ffff888023656190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 134.978983][ C1] #3: ffff8880218ba190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 134.988349][ C1] #4: ffff888061481160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 134.997814][ C1] #5: ffff888023010f68 (hcd->bandwidth_mutex){+.+.}-{3:3}, at: usb_set_interface+0x35e/0x13b0 [ 135.008324][ C1] 3 locks held by kworker/1:0/25: [ 135.013731][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 135.024842][ C1] #1: ffffc900001f7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 135.036229][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 135.045450][ C1] 5 locks held by kworker/u8:6/1040: [ 135.050844][ C1] 2 locks held by kworker/u8:10/3515: [ 135.056315][ C1] 2 locks held by dhcpcd/4761: [ 135.062128][ C1] #0: ffff888078655678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780 [ 135.072974][ C1] #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x9e/0x210 [ 135.082519][ C1] 2 locks held by getty/4848: [ 135.087335][ C1] #0: ffff88802a3080a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 135.097267][ C1] #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 135.107607][ C1] 4 locks held by udevd/5098: [ 135.112328][ C1] #0: ffff88801ced02f0 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60 [ 135.121249][ C1] #1: ffff8880776c2088 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0 [ 135.130843][ C1] #2: ffff88805ca63698 (kn->active#19){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0 [ 135.140768][ C1] #3: ffff88801c785190 (&dev->mutex){....}-{3:3}, at: product_show+0x26/0xa0 [ 135.149799][ C1] 4 locks held by udevd/5110: [ 135.154695][ C1] #0: ffff88802284f2f0 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60 [ 135.163617][ C1] #1: ffff888077d90c88 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0 [ 135.173118][ C1] #2: ffff88805d3d03c8 (kn->active#5){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0 [ 135.182611][ C1] #3: ffff8880218ba190 (&dev->mutex){....}-{3:3}, at: uevent_show+0x17d/0x340 [ 135.191651][ C1] 2 locks held by kworker/0:3/5133: [ 135.196924][ C1] 6 locks held by kworker/1:4/5144: [ 135.202149][ C1] #0: ffff888018aa9948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 135.213633][ C1] #1: ffffc90003f4fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 135.225734][ C1] #2: ffff8880235b6190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 135.234868][ C1] #3: ffff88801c785190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 135.245580][ C1] #4: ffff8880627b5160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 135.254990][ C1] #5: ffff888022fc1d68 (hcd->bandwidth_mutex){+.+.}-{3:3}, at: usb_set_interface+0x35e/0x13b0 [ 135.266097][ C1] 7 locks held by syz-executor/5615: [ 135.271440][ C1] #0: ffff88802f2f6420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 [ 135.280589][ C1] #1: ffff88802a998488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 135.290509][ C1] #2: ffff888021939a58 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 135.300801][ C1] #3: ffffffff8ef05248 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 [ 135.311231][ C1] #4: ffff8880624960e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 [ 135.321909][ C1] #5: ffff888062497250 (&devlink->lock_key#6){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160 [ 135.332185][ C1] #6: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: unregister_nexthop_notifier+0x17/0x40 [ 135.342438][ C1] 2 locks held by syz.4.142/5742: [ 135.347655][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 135.356022][ C1] #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0 [ 135.366451][ C1] 1 lock held by syz.4.142/5765: [ 135.371568][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 135.381178][ C1] 2 locks held by syz.2.146/5768: [ 135.386280][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 135.394710][ C1] #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0 [ 135.404082][ C1] 1 lock held by syz.2.146/5774: [ 135.409047][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 135.418788][ C1] 2 locks held by syz.0.145/5770: [ 135.424110][ C1] 3 locks held by syz.3.147/5778: [ 135.429330][ C1] #0: ffff88807cb9ed80 (&u->iolock){+.+.}-{3:3}, at: __unix_dgram_recvmsg+0x246/0x12f0 [ 135.439219][ C1] #1: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 135.449484][ C1] #2: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 135.459566][ C1] [ 135.461955][ C1] ============================================= [ 135.461955][ C1] [ 136.075478][ T9] cdc_ncm 5-1:1.0: bind() failure [ 136.123277][ T9] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 136.130141][ T9] cdc_ncm 5-1:1.1: bind() failure [ 136.472855][ C1] DEBUG: waiting rtnl_mutex for 585 jiffies. [ 136.479021][ C1] task:dhcpcd state:D stack:20672 pid:4761 tgid:4761 ppid:4760 flags:0x00000002 [ 136.489273][ C1] Call Trace: [ 136.492586][ C1] [ 136.495589][ C1] __schedule+0x1800/0x4a60 [ 136.500184][ C1] ? __pfx___schedule+0x10/0x10 [ 136.505150][ C1] ? __pfx_lock_release+0x10/0x10 [ 136.510285][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 136.515864][ C1] ? schedule+0x90/0x320 [ 136.520206][ C1] schedule+0x14b/0x320 [ 136.524553][ C1] schedule_preempt_disabled+0x13/0x30 [ 136.530107][ C1] __mutex_lock+0x6a4/0xd70 [ 136.534729][ C1] ? __mutex_lock+0x527/0xd70 [ 136.539463][ C1] ? rtnl_dumpit+0x9e/0x210 [ 136.544001][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 136.549068][ C1] ? __alloc_skb+0x28f/0x440 [ 136.553738][ C1] ? get_rtnl_holder+0x144/0x190 [ 136.558701][ C1] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 136.564166][ C1] rtnl_dumpit+0x9e/0x210 [ 136.568517][ C1] netlink_dump+0x647/0xd80 [ 136.573232][ C1] ? __pfx_netlink_dump+0x10/0x10 [ 136.578402][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 136.583584][ C1] __netlink_dump_start+0x59f/0x780 [ 136.588815][ C1] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 136.594218][ C1] rtnetlink_rcv_msg+0xdaa/0x1180 [ 136.599271][ C1] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 136.604704][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 136.609920][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 136.615525][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 136.620864][ C1] ? mark_lock+0x9a/0x360 [ 136.625417][ C1] ? __lock_acquire+0x1359/0x2000 [ 136.630490][ C1] ? __pfx_rtnl_dumpit+0x10/0x10 [ 136.635498][ C1] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 136.641312][ C1] netlink_rcv_skb+0x1e3/0x430 [ 136.646209][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 136.651777][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 136.657159][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 136.662402][ C1] netlink_unicast+0x7f0/0x990 [ 136.667265][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 136.672596][ C1] ? __virt_addr_valid+0x183/0x530 [ 136.677808][ C1] ? __check_object_size+0x49c/0x900 [ 136.683159][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 136.688296][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 136.693567][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 136.698870][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 136.703876][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 136.709187][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 136.714719][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 136.720025][ C1] __sock_sendmsg+0x221/0x270 [ 136.724869][ C1] __sys_sendto+0x3a4/0x4f0 [ 136.729439][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 136.734634][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 136.740641][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 136.747129][ C1] __x64_sys_sendto+0xde/0x100 [ 136.752044][ C1] do_syscall_64+0xf3/0x230 [ 136.756956][ C1] ? clear_bhb_loop+0x35/0x90 [ 136.761993][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.768069][ C1] RIP: 0033:0x7f6cf0cd1ad7 [ 136.772895][ C1] RSP: 002b:00007ffefe7c19b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 136.781813][ C1] RAX: ffffffffffffffda RBX: 00007ffefe7c2ae0 RCX: 00007f6cf0cd1ad7 [ 136.789900][ C1] RDX: 0000000000000014 RSI: 00007ffefe7c2a00 RDI: 0000000000000018 [ 136.798019][ C1] RBP: 00007ffefe7c2a70 R08: 00007ffefe7c29e4 R09: 000000000000000c [ 136.806667][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012 [ 136.814707][ C1] R13: 00007ffefe7c29e4 R14: 00007ffefe7c2a00 R15: 0000000000000105 [ 136.822748][ C1] [ 136.825969][ C1] DEBUG: waiting rtnl_mutex for 536 jiffies. [ 136.832268][ C1] task:syz.4.142 state:D stack:23800 pid:5742 tgid:5741 ppid:5088 flags:0x00000004 [ 136.842528][ C1] Call Trace: [ 136.845847][ C1] [ 136.848789][ C1] __schedule+0x1800/0x4a60 [ 136.853359][ C1] ? __pfx___schedule+0x10/0x10 [ 136.858364][ C1] ? __pfx_lock_release+0x10/0x10 [ 136.863534][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 136.869108][ C1] ? schedule+0x90/0x320 [ 136.873461][ C1] schedule+0x14b/0x320 [ 136.877646][ C1] schedule_preempt_disabled+0x13/0x30 [ 136.883149][ C1] __mutex_lock+0x6a4/0xd70 [ 136.888076][ C1] ? __mutex_lock+0x527/0xd70 [ 136.893702][ C1] ? nl80211_pre_doit+0x5f/0x8b0 [ 136.899853][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 136.905240][ C1] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 136.911555][ C1] ? get_rtnl_holder+0x144/0x190 [ 136.916689][ C1] nl80211_pre_doit+0x5f/0x8b0 [ 136.921600][ C1] genl_rcv_msg+0xaaa/0xec0 [ 136.926176][ C1] ? mark_lock+0x9a/0x360 [ 136.930566][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 136.935635][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 136.940666][ C1] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 136.946070][ C1] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 136.951386][ C1] ? __pfx_nl80211_post_doit+0x10/0x10 [ 136.956963][ C1] ? __pfx___might_resched+0x10/0x10 [ 136.962391][ C1] netlink_rcv_skb+0x1e3/0x430 [ 136.967219][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 136.972431][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 136.977917][ C1] ? __netlink_deliver_tap+0x77e/0x7c0 [ 136.983478][ C1] genl_rcv+0x28/0x40 [ 136.987517][ C1] netlink_unicast+0x7f0/0x990 [ 136.992389][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 136.997927][ C1] ? __virt_addr_valid+0x183/0x530 [ 137.003205][ C1] ? __check_object_size+0x49c/0x900 [ 137.008528][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 137.013745][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 137.018545][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 137.023945][ C1] ? __import_iovec+0x536/0x820 [ 137.028840][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 137.033890][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 137.039208][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 137.044817][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 137.050140][ C1] __sock_sendmsg+0x221/0x270 [ 137.054973][ C1] ____sys_sendmsg+0x525/0x7d0 [ 137.061596][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 137.066934][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 137.071618][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 137.076844][ C1] ? __hrtimer_run_queues+0xcdc/0xd50 [ 137.082260][ C1] ? __pfx_sched_clock_cpu+0x10/0x10 [ 137.087622][ C1] ? hrtimer_interrupt+0x76f/0x990 [ 137.092821][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 137.099200][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 137.105583][ C1] ? __irq_exit_rcu+0x100/0x1c0 [ 137.110445][ C1] ? do_syscall_64+0xb6/0x230 [ 137.115150][ C1] do_syscall_64+0xf3/0x230 [ 137.119662][ C1] ? clear_bhb_loop+0x35/0x90 [ 137.124367][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.130279][ C1] RIP: 0033:0x7f401f175bd9 [ 137.134743][ C1] RSP: 002b:00007f401ff25048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 137.143291][ C1] RAX: ffffffffffffffda RBX: 00007f401f303f60 RCX: 00007f401f175bd9 [ 137.151394][ C1] RDX: 0000000000000000 RSI: 0000000020001380 RDI: 000000000000000a [ 137.159643][ C1] RBP: 00007f401f1e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 137.167758][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 137.175778][ C1] R13: 000000000000000b R14: 00007f401f303f60 R15: 00007ffc96af5b78 [ 137.183784][ C1] [ 137.186824][ C1] DEBUG: waiting rtnl_mutex for 567 jiffies. [ 137.192839][ C1] task:syz.4.142 state:D stack:26800 pid:5765 tgid:5741 ppid:5088 flags:0x00000004 [ 137.203116][ C1] Call Trace: [ 137.206407][ C1] [ 137.209346][ C1] __schedule+0x1800/0x4a60 [ 137.213914][ C1] ? __pfx___schedule+0x10/0x10 [ 137.218878][ C1] ? __pfx_lock_release+0x10/0x10 [ 137.223936][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 137.229457][ C1] ? schedule+0x90/0x320 [ 137.233832][ C1] schedule+0x14b/0x320 [ 137.238042][ C1] schedule_preempt_disabled+0x13/0x30 [ 137.243599][ C1] __mutex_lock+0x6a4/0xd70 [ 137.248131][ C1] ? __mutex_lock+0x527/0xd70 [ 137.252933][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 137.258156][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 137.263214][ C1] ? get_rtnl_holder+0x144/0x190 [ 137.268154][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 137.273211][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 137.278422][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 137.284212][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 137.289612][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 137.294854][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 137.300240][ C1] ? dev_hard_start_xmit+0x773/0x7e0 [ 137.305590][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 137.310702][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 137.316541][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 137.321662][ C1] ? __dev_queue_xmit+0x1763/0x3e90 [ 137.326883][ C1] ? kasan_save_track+0x51/0x80 [ 137.331794][ C1] ? do_syscall_64+0xf3/0x230 [ 137.336640][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 137.342084][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 137.347563][ C1] ? ref_tracker_free+0x643/0x7e0 [ 137.352992][ C1] netlink_rcv_skb+0x1e3/0x430 [ 137.357853][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 137.363642][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 137.368987][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 137.374365][ C1] netlink_unicast+0x7f0/0x990 [ 137.379155][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 137.384511][ C1] ? __virt_addr_valid+0x183/0x530 [ 137.389637][ C1] ? __check_object_size+0x49c/0x900 [ 137.395119][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 137.400268][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 137.405129][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 137.410444][ C1] ? __import_iovec+0x536/0x820 [ 137.415358][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 137.420322][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 137.425690][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 137.431212][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 137.436553][ C1] __sock_sendmsg+0x221/0x270 [ 137.441290][ C1] ____sys_sendmsg+0x525/0x7d0 [ 137.446177][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 137.451526][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 137.456161][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 137.461330][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 137.467472][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 137.473836][ C1] ? exc_page_fault+0x590/0x8c0 [ 137.478818][ C1] ? do_syscall_64+0xb6/0x230 [ 137.483652][ C1] do_syscall_64+0xf3/0x230 [ 137.488175][ C1] ? clear_bhb_loop+0x35/0x90 [ 137.492912][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.498962][ C1] RIP: 0033:0x7f401f175bd9 [ 137.503449][ C1] RSP: 002b:00007f401ff04048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 137.512053][ C1] RAX: ffffffffffffffda RBX: 00007f401f304038 RCX: 00007f401f175bd9 [ 137.520074][ C1] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000009 [ 137.528368][ C1] RBP: 00007f401f1e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 137.536711][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 137.544748][ C1] R13: 000000000000006e R14: 00007f401f304038 R15: 00007ffc96af5b78 [ 137.553135][ C1] [ 137.556357][ C1] DEBUG: holding rtnl_mutex for 832 jiffies. [ 137.562359][ C1] task:kworker/u8:6 state:R running task stack:22672 pid:1040 tgid:1040 ppid:2 flags:0x00004008 [ 137.574376][ C1] Workqueue: netns cleanup_net [ 137.579179][ C1] Call Trace: [ 137.582510][ C1] [ 137.585431][ C1] sched_show_task+0x506/0x6d0 [ 137.590228][ C1] ? report_rtnl_holders+0x29e/0x3f0 [ 137.595907][ C1] ? __pfx__printk+0x10/0x10 [ 137.600524][ C1] ? __pfx_sched_show_task+0x10/0x10 [ 137.605865][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 137.611770][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 137.618147][ C1] report_rtnl_holders+0x320/0x3f0 [ 137.623299][ C1] call_timer_fn+0x18e/0x650 [ 137.627999][ C1] ? call_timer_fn+0xc0/0x650 [ 137.633093][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 137.638883][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 137.644067][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 137.650455][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 137.656145][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 137.661928][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 137.667228][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 137.672504][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 137.678287][ C1] __run_timer_base+0x66a/0x8e0 [ 137.683220][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 137.688772][ C1] run_timer_softirq+0xb7/0x170 [ 137.693681][ C1] handle_softirqs+0x2c4/0x970 [ 137.698485][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 137.703340][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 137.708776][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 137.714122][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 137.718853][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 137.724261][ C1] irq_exit_rcu+0x9/0x30 [ 137.728575][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 137.734281][ C1] [ 137.737340][ C1] [ 137.740340][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 137.746464][ C1] RIP: 0010:__down_write_common+0x169/0x200 [ 137.752534][ C1] Code: d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 0d 67 8b 00 4c 89 33 31 db bf 01 00 00 00 e8 4e ae f3 ff 65 8b 05 5f ee 94 7e <85> c0 74 56 48 c7 44 24 20 0e 36 e0 45 4b c7 04 2c 00 00 00 00 65 [ 137.772802][ C1] RSP: 0018:ffffc90003e3f3e0 EFLAGS: 00000297 [ 137.779020][ C1] RAX: 0000000080000000 RBX: 0000000000000000 RCX: 0000000000000001 [ 137.787765][ C1] RDX: 0000000000000001 RSI: 0000000000000008 RDI: 0000000000000001 [ 137.795782][ C1] RBP: ffffc90003e3f498 R08: ffff888015ede97f R09: 1ffff11002bdbd2f [ 137.803781][ C1] R10: dffffc0000000000 R11: ffffed1002bdbd30 R12: dffffc0000000000 [ 137.811754][ C1] R13: 1ffff920007c7e80 R14: ffff888021c6da00 R15: 1ffff920007c7e84 [ 137.819776][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 137.824854][ C1] ? __pfx___down_write_common+0x10/0x10 [ 137.830546][ C1] __kernfs_remove+0x4ba/0x870 [ 137.835396][ C1] kernfs_remove_by_name_ns+0xdc/0x160 [ 137.840866][ C1] sysfs_remove_group+0xfe/0x2c0 [ 137.845879][ C1] sysfs_remove_groups+0x54/0xb0 [ 137.850885][ C1] __kobject_del+0x84/0x310 [ 137.855736][ C1] ? kobject_put+0x23d/0x480 [ 137.861039][ C1] kobject_put+0x245/0x480 [ 137.865660][ C1] net_rx_queue_update_kobjects+0x52b/0x5b0 [ 137.872180][ C1] netdev_unregister_kobject+0x104/0x250 [ 137.879590][ C1] unregister_netdevice_many_notify+0x17d3/0x1d20 [ 137.886822][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 137.893771][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 137.899687][ C1] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 137.905967][ C1] default_device_exit_batch+0xa0f/0xa90 [ 137.911627][ C1] ? __pfx___might_resched+0x10/0x10 [ 137.917057][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 137.923259][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 137.928549][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 137.935032][ C1] cleanup_net+0x89d/0xcc0 [ 137.939647][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 137.944835][ C1] ? process_scheduled_works+0x945/0x1830 [ 137.950791][ C1] process_scheduled_works+0xa2c/0x1830 [ 137.956562][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 137.962916][ C1] ? assign_work+0x364/0x3d0 [ 137.967651][ C1] worker_thread+0x86d/0xd40 [ 137.972369][ C1] ? __kthread_parkme+0x169/0x1d0 [ 137.977487][ C1] ? __pfx_worker_thread+0x10/0x10 [ 137.982630][ C1] kthread+0x2f0/0x390 [ 137.986743][ C1] ? __pfx_worker_thread+0x10/0x10 [ 137.992009][ C1] ? __pfx_kthread+0x10/0x10 [ 137.996630][ C1] ret_from_fork+0x4b/0x80 [ 138.001340][ C1] ? __pfx_kthread+0x10/0x10 [ 138.006022][ C1] ret_from_fork_asm+0x1a/0x30 [ 138.011299][ C1] [ 138.014405][ C1] DEBUG: waiting rtnl_mutex for 876 jiffies. [ 138.021046][ C1] task:syz-executor state:D stack:21024 pid:5615 tgid:5615 ppid:5610 flags:0x00004002 [ 138.031502][ C1] Call Trace: [ 138.034856][ C1] [ 138.037831][ C1] __schedule+0x1800/0x4a60 [ 138.042406][ C1] ? __pfx___schedule+0x10/0x10 [ 138.047440][ C1] ? __pfx_lock_release+0x10/0x10 [ 138.052734][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 138.058546][ C1] ? schedule+0x90/0x320 [ 138.063027][ C1] schedule+0x14b/0x320 [ 138.067318][ C1] schedule_preempt_disabled+0x13/0x30 [ 138.072871][ C1] __mutex_lock+0x6a4/0xd70 [ 138.078059][ C1] ? __mutex_lock+0x527/0xd70 [ 138.082855][ C1] ? unregister_nexthop_notifier+0x17/0x40 [ 138.088868][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 138.094078][ C1] ? synchronize_rcu+0x11b/0x360 [ 138.099236][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 138.105641][ C1] ? get_rtnl_holder+0x144/0x190 [ 138.110602][ C1] unregister_nexthop_notifier+0x17/0x40 [ 138.116319][ C1] nsim_fib_destroy+0x89/0x180 [ 138.121145][ C1] nsim_dev_reload_destroy+0x2e3/0x490 [ 138.126691][ C1] ? __pfx_nsim_bus_remove+0x10/0x10 [ 138.132013][ C1] nsim_drv_remove+0x58/0x160 [ 138.136852][ C1] device_release_driver_internal+0x4a9/0x7c0 [ 138.143101][ C1] bus_remove_device+0x34f/0x420 [ 138.148164][ C1] device_del+0x57a/0x9b0 [ 138.152604][ C1] ? __pfx_device_del+0x10/0x10 [ 138.157513][ C1] device_unregister+0x20/0xc0 [ 138.162282][ C1] del_device_store+0x363/0x480 [ 138.167372][ C1] ? __pfx_del_device_store+0x10/0x10 [ 138.172833][ C1] ? sysfs_kf_write+0x182/0x2a0 [ 138.177968][ C1] ? bus_attr_store+0x4f/0xa0 [ 138.183152][ C1] ? __pfx_sysfs_kf_write+0x10/0x10 [ 138.188402][ C1] kernfs_fop_write_iter+0x3a1/0x500 [ 138.193766][ C1] vfs_write+0xa72/0xc90 [ 138.198075][ C1] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 138.203916][ C1] ? __pfx_vfs_write+0x10/0x10 [ 138.208685][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 138.213919][ C1] ? blkcg_maybe_throttle_current+0x1ab/0xb80 [ 138.220002][ C1] ksys_write+0x1a0/0x2c0 [ 138.224373][ C1] ? __pfx_ksys_write+0x10/0x10 [ 138.229245][ C1] ? do_syscall_64+0x100/0x230 [ 138.234222][ C1] ? do_syscall_64+0xb6/0x230 [ 138.238937][ C1] do_syscall_64+0xf3/0x230 [ 138.243503][ C1] ? clear_bhb_loop+0x35/0x90 [ 138.248209][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.254556][ C1] RIP: 0033:0x7f939477475f [ 138.259625][ C1] RSP: 002b:00007ffe5aad7b60 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 138.269429][ C1] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f939477475f [ 138.277674][ C1] RDX: 0000000000000001 RSI: 00007ffe5aad7bb0 RDI: 0000000000000005 [ 138.285825][ C1] RBP: 00007f93947e45a0 R08: 0000000000000000 R09: 00007ffe5aad79b7 [ 138.294232][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 138.304026][ C1] R13: 00007ffe5aad7bb0 R14: 00007f9395434620 R15: 0000000000000003 [ 138.314747][ C1] [ 138.318226][ C1] DEBUG: waiting rtnl_mutex for 818 jiffies. [ 138.324809][ C1] task:kworker/1:0 state:D stack:22256 pid:25 tgid:25 ppid:2 flags:0x00004000 [ 138.335225][ C1] Workqueue: events linkwatch_event [ 138.340593][ C1] Call Trace: [ 138.344267][ C1] [ 138.347305][ C1] __schedule+0x1800/0x4a60 [ 138.351971][ C1] ? __pfx___schedule+0x10/0x10 [ 138.357418][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 138.363561][ C1] ? __pfx_lock_release+0x10/0x10 [ 138.370172][ C1] ? kick_pool+0x1bd/0x620 [ 138.375650][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 138.380989][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 138.386451][ C1] ? schedule+0x90/0x320 [ 138.390841][ C1] schedule+0x14b/0x320 [ 138.395139][ C1] schedule_preempt_disabled+0x13/0x30 [ 138.401288][ C1] __mutex_lock+0x6a4/0xd70 [ 138.406084][ C1] ? __mutex_lock+0x527/0xd70 [ 138.410833][ C1] ? linkwatch_event+0xe/0x60 [ 138.415575][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 138.421515][ C1] ? get_rtnl_holder+0x144/0x190 [ 138.427505][ C1] ? process_scheduled_works+0x945/0x1830 [ 138.433268][ C1] linkwatch_event+0xe/0x60 [ 138.437822][ C1] process_scheduled_works+0xa2c/0x1830 [ 138.443653][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 138.449884][ C1] ? assign_work+0x364/0x3d0 [ 138.454526][ C1] worker_thread+0x86d/0xd40 [ 138.459145][ C1] ? __kthread_parkme+0x169/0x1d0 [ 138.464326][ C1] ? __pfx_worker_thread+0x10/0x10 [ 138.469579][ C1] kthread+0x2f0/0x390 [ 138.473819][ C1] ? __pfx_worker_thread+0x10/0x10 [ 138.479054][ C1] ? __pfx_kthread+0x10/0x10 [ 138.483973][ C1] ret_from_fork+0x4b/0x80 [ 138.488487][ C1] ? __pfx_kthread+0x10/0x10 [ 138.493129][ C1] ret_from_fork_asm+0x1a/0x30 [ 138.497920][ C1] [ 138.500983][ C1] [ 138.500983][ C1] Showing all locks held in the system: [ 138.509223][ C1] 3 locks held by kworker/1:0/25: [ 138.514390][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 138.525568][ C1] #1: ffffc900001f7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 138.537168][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 138.546311][ C1] 6 locks held by kworker/1:1/46: [ 138.551332][ C1] #0: ffff888018aa9948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 138.562867][ C1] #1: ffffc90000b67d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 138.575368][ C1] #2: ffff8880235c6190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 138.584345][ C1] #3: ffff888023651518 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x25b6/0x5150 [ 138.595540][ C1] #4: ffff888023008568 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x25f4/0x5150 [ 138.606323][ C1] #5: ffffffff8ef34f90 (ehci_cf_port_reset_rwsem){.+.+}-{3:3}, at: hub_port_reset+0x1f8/0x1b30 [ 138.616991][ C1] 8 locks held by kworker/u8:6/1040: [ 138.622291][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 138.633510][ C1] #1: ffffc90003e3fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 138.644769][ C1] #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 138.654551][ C1] #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 138.665089][ C1] #4: ffff888015ede948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_remove_by_name_ns+0x7a/0x160 [ 138.676017][ C1] #5: ffff888015ede9e0 (&root->kernfs_iattr_rwsem){++++}-{3:3}, at: __kernfs_remove+0x4ba/0x870 [ 138.686776][ C1] #6: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 138.697178][ C1] #7: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 138.707442][ C1] 2 locks held by dhcpcd/4761: [ 138.712238][ C1] #0: ffff888078655678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780 [ 138.722890][ C1] #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x9e/0x210 [ 138.732130][ C1] 2 locks held by getty/4848: [ 138.736890][ C1] #0: ffff88802a3080a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 138.746744][ C1] #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 138.757056][ C1] 1 lock held by syz-executor/5097: [ 138.762445][ C1] 4 locks held by udevd/5098: [ 138.767251][ C1] #0: ffff88801ced02f0 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60 [ 138.776598][ C1] #1: ffff8880776c2088 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0 [ 138.786630][ C1] #2: ffff88805ca63698 (kn->active#19){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0 [ 138.796335][ C1] #3: ffff88801c785190 (&dev->mutex){....}-{3:3}, at: product_show+0x26/0xa0 [ 138.805299][ C1] 6 locks held by kworker/1:4/5144: [ 138.810529][ C1] #0: ffff888018aa9948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 138.822398][ C1] #1: ffffc90003f4fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 138.834445][ C1] #2: ffff8880235b6190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 138.843674][ C1] #3: ffff88801c785190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 138.853262][ C1] #4: ffff8880627b5160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 138.862605][ C1] #5: ffff888022fc1d68 (hcd->bandwidth_mutex){+.+.}-{3:3}, at: usb_set_interface+0x35e/0x13b0 [ 138.873117][ C1] 7 locks held by syz-executor/5615: [ 138.879191][ C1] #0: ffff88802f2f6420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 [ 138.888579][ C1] #1: ffff88802a998488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 138.898756][ C1] #2: ffff888021939a58 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 138.909072][ C1] #3: ffffffff8ef05248 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 [ 138.919535][ C1] #4: ffff8880624960e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 [ 138.930278][ C1] #5: ffff888062497250 (&devlink->lock_key#6){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160 [ 138.940751][ C1] #6: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: unregister_nexthop_notifier+0x17/0x40 [ 138.951503][ C1] 2 locks held by syz.4.142/5742: [ 138.956677][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 138.965100][ C1] #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0 [ 138.974797][ C1] 1 lock held by syz.4.142/5765: [ 138.979754][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 138.989599][ C1] 2 locks held by syz.2.146/5768: [ 138.995014][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 139.003471][ C1] #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0 [ 139.013290][ C1] 1 lock held by syz.2.146/5774: [ 139.018224][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 139.027889][ C1] 1 lock held by syz.3.148/5781: [ 139.032885][ C1] [ 139.035237][ C1] ============================================= [ 139.035237][ C1] [ 139.051953][ T46] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 139.061660][ T5144] cdc_ncm 3-1:1.0: bind() failure [ 139.159087][ T5144] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 139.200432][ T5144] cdc_ncm 3-1:1.1: bind() failure [ 139.325039][ T5789] loop3: detected capacity change from 0 to 8 [ 139.474206][ T25] usb 3-1: USB disconnect, device number 9 [ 139.484538][ T5144] usb 5-1: USB disconnect, device number 6 [ 139.766557][ T5615] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 139.806225][ T5792] loop4: detected capacity change from 0 to 64 [ 139.914015][ T5615] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 140.043566][ T5615] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 140.116166][ T5615] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 140.402947][ T46] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 140.575257][ T5615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.614467][ T5615] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.660510][ T46] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 140.948779][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.956128][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.982298][ T46] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 141.062963][ T46] usb 4-1: config 1 has no interface number 0 [ 141.069321][ T46] usb 4-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 141.194927][ T46] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 141.207090][ T5145] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.214387][ T5145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.228272][ T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.240498][ T5808] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 141.279758][ T46] usb 4-1: Product: syz [ 141.292191][ T46] usb 4-1: Manufacturer: syz [ 141.298536][ T5816] loop0: detected capacity change from 0 to 512 [ 141.314618][ T46] usb 4-1: SerialNumber: syz [ 141.331595][ T5816] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 141.340120][ T5816] EXT4-fs (loop0): orphan cleanup on readonly fs [ 141.352592][ T5816] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 4 index 0 [ 141.361090][ T46] usb 4-1: selecting invalid altsetting 1 [ 141.363890][ T5816] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 141.379061][ T5816] EXT4-fs error (device loop0): ext4_acquire_dquot:6862: comm syz.0.155: Failed to acquire dquot type 1 [ 141.401284][ T5816] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.155: bg 0: block 40: padding at end of block bitmap is not set [ 141.416532][ T5816] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 141.428784][ T5816] EXT4-fs (loop0): 1 truncate cleaned up [ 141.449989][ T5816] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 141.482366][ T5819] loop2: detected capacity change from 0 to 512 [ 141.524916][ T5819] EXT4-fs: Ignoring removed bh option [ 141.558918][ T5821] Cache volume key already in use (9p,(null),) [ 141.615422][ T5819] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 141.635229][ T5821] loop4: detected capacity change from 0 to 512 [ 141.666958][ T5821] EXT4-fs: Ignoring removed bh option [ 141.692221][ T5821] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 141.709912][ T5097] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.734602][ T5819] EXT4-fs (loop2): 1 truncate cleaned up [ 141.735566][ T5821] EXT4-fs (loop4): 1 truncate cleaned up [ 141.743448][ T5819] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.761486][ T1040] bridge_slave_1: left allmulticast mode [ 141.777916][ T5821] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.791093][ T1040] bridge_slave_1: left promiscuous mode [ 141.798934][ T46] cdc_ncm 4-1:1.1: failed GET_NTB_PARAMETERS [ 141.805335][ T46] cdc_ncm 4-1:1.1: bind() failure [ 141.815522][ T1040] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.828332][ T5821] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.849453][ T5819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.860080][ T46] usb 4-1: USB disconnect, device number 9 [ 141.868251][ T1040] bridge_slave_0: left allmulticast mode [ 141.882374][ T1040] bridge_slave_0: left promiscuous mode [ 141.894349][ T1040] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.220480][ T5821] overlayfs: missing 'lowerdir' [ 142.719205][ T46] libceph: connect (1)[c::]:6789 error -101 [ 142.736094][ T46] libceph: mon0 (1)[c::]:6789 connect error [ 142.835828][ T5836] ceph: No mds server is up or the cluster is laggy [ 142.879382][ T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 142.976215][ T5846] loop3: detected capacity change from 0 to 8 [ 142.982995][ T5145] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 143.026767][ T929] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 143.113194][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 143.137505][ T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.170930][ T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.187689][ T8] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 143.197794][ T5145] usb 5-1: Using ep0 maxpacket: 8 [ 143.209171][ T8] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 143.219653][ T8] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 143.230847][ T8] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 143.243356][ T5145] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 143.259381][ T929] usb 3-1: Using ep0 maxpacket: 32 [ 143.272595][ T929] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.288237][ T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 143.428413][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.437808][ T929] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.438331][ T1040] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 143.449071][ T8] usb 1-1: Product: syz [ 143.467645][ T1040] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 143.469581][ T5145] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 143.499727][ T1040] bond0 (unregistering): Released all slaves [ 143.504767][ T929] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 143.523108][ T8] usb 1-1: Manufacturer: syz [ 143.527909][ T8] usb 1-1: SerialNumber: syz [ 143.532757][ T5145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.536449][ T929] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 143.555929][ T5145] usb 5-1: Product: syz [ 143.560391][ T5145] usb 5-1: Manufacturer: syz [ 143.566683][ T5145] usb 5-1: SerialNumber: syz [ 143.629140][ T5145] usb 5-1: bad CDC descriptors [ 143.645477][ T929] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 143.714531][ T929] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 143.724387][ T5615] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 143.769032][ T929] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 143.795886][ T929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.809499][ T929] usb 3-1: Product: syz [ 143.819316][ T929] usb 3-1: Manufacturer: syz [ 143.843451][ T929] usb 3-1: SerialNumber: syz [ 143.857837][ T5830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.899074][ T5615] veth0_vlan: entered promiscuous mode [ 143.911809][ T5830] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 144.611501][ T8] cdc_ncm 1-1:1.0: bind() failure [ 144.630631][ T8] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 144.640969][ T5857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.649708][ T8] cdc_ncm 1-1:1.1: bind() failure [ 144.674904][ T5857] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 144.675818][ T8] usb 1-1: USB disconnect, device number 4 [ 144.689269][ T5615] veth1_vlan: entered promiscuous mode [ 144.798963][ T929] cdc_ncm 3-1:1.0: bind() failure [ 144.813237][ T929] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 144.820568][ T929] cdc_ncm 3-1:1.1: bind() failure [ 144.834975][ T929] usb 3-1: USB disconnect, device number 10 [ 144.948510][ T1040] hsr_slave_0: left promiscuous mode [ 144.972992][ T1040] hsr_slave_1: left promiscuous mode [ 144.987570][ T5859] loop3: detected capacity change from 0 to 64 [ 144.996942][ T1040] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.007414][ T1040] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.017375][ T1040] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 145.025356][ T1040] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 145.059917][ T1040] veth1_macvtap: left promiscuous mode [ 145.066786][ T1040] veth0_macvtap: left promiscuous mode [ 145.072562][ T1040] veth1_vlan: left promiscuous mode [ 145.078418][ T1040] veth0_vlan: left promiscuous mode [ 145.305213][ T5863] netlink: 'syz.0.167': attribute type 29 has an invalid length. [ 146.164275][ T5133] usb 5-1: USB disconnect, device number 7 [ 146.236241][ T5870] netlink: 28 bytes leftover after parsing attributes in process `syz.2.168'. [ 146.428972][ T5874] loop3: detected capacity change from 0 to 512 [ 146.459911][ T5874] EXT4-fs: Ignoring removed bh option [ 146.503042][ T5874] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 146.566063][ T5874] EXT4-fs (loop3): 1 truncate cleaned up [ 146.572493][ T5874] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 146.603174][ T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 146.643353][ T5874] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.887949][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 147.033892][ T8] usb 3-1: config 1 has an invalid interface descriptor of length 3, skipping [ 147.133265][ T8] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 147.173185][ T8] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 147.182508][ T8] usb 3-1: config 1 has no interface number 1 [ 147.189144][ T8] usb 3-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 147.210263][ T8] usb 3-1: config 1 interface 2 altsetting 220 has 0 endpoint descriptors, different from the interface descriptor's value: 113 [ 147.458671][ T8] usb 3-1: config 1 interface 2 has no altsetting 0 [ 147.470309][ T8] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 147.480500][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.488810][ T8] usb 3-1: Product: 쑿퉈ਝ쑻 [ 147.493815][ T8] usb 3-1: Manufacturer: ф [ 147.498352][ T8] usb 3-1: SerialNumber: syz [ 147.641644][ T1040] team0 (unregistering): Port device team_slave_1 removed [ 147.732540][ T1040] team0 (unregistering): Port device team_slave_0 removed [ 148.354438][ T5200] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 148.390043][ T5863] netlink: 'syz.0.167': attribute type 29 has an invalid length. [ 148.447070][ T5615] veth0_macvtap: entered promiscuous mode [ 148.470446][ T5615] veth1_macvtap: entered promiscuous mode [ 148.550169][ T5200] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 148.562387][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.580139][ T5200] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 148.593113][ T8] usb 3-1: USB disconnect, device number 11 [ 148.596252][ T5885] loop0: detected capacity change from 0 to 64 [ 148.620294][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.622895][ T5200] usb 4-1: config 1 has no interface number 0 [ 148.656941][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.667617][ T5200] usb 4-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 148.679061][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.703735][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.717695][ T5200] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 148.742923][ T5200] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.756089][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.761527][ T5200] usb 4-1: Product: syz [ 148.773996][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.789530][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.795880][ T5200] usb 4-1: Manufacturer: syz [ 148.805437][ T5887] loop4: detected capacity change from 0 to 8 [ 148.805745][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 148.818582][ T5200] usb 4-1: SerialNumber: syz [ 148.862694][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 148.864796][ T5200] usb 4-1: selecting invalid altsetting 1 [ 148.916280][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 148.953150][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.978740][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 148.993057][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.034196][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.067650][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.097176][ T5615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.108924][ T5615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.136959][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.163061][ T5615] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.173939][ T5615] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.334834][ T5200] cdc_ncm 4-1:1.1: failed GET_NTB_PARAMETERS [ 149.341013][ T5200] cdc_ncm 4-1:1.1: bind() failure [ 149.365877][ T5200] usb 4-1: USB disconnect, device number 10 [ 149.389743][ T5615] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.415539][ T5615] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.428560][ T5894] loop0: detected capacity change from 0 to 64 [ 149.578307][ T5144] libceph: connect (1)[c::]:6789 error -101 [ 149.605262][ T5144] libceph: mon0 (1)[c::]:6789 connect error [ 149.673140][ T5896] ceph: No mds server is up or the cluster is laggy [ 149.739549][ T1051] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.838183][ T1051] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.005688][ T140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.016810][ T140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.186652][ T5907] netlink: 'syz.0.178': attribute type 10 has an invalid length. [ 150.254426][ T5911] loop3: detected capacity change from 0 to 2048 [ 150.261410][ T5912] netlink: 28 bytes leftover after parsing attributes in process `syz.0.178'. [ 150.338922][ T5907] team0: Failed to send options change via netlink (err -105) [ 150.363757][ T5911] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 150.385200][ T5907] team0: Port device netdevsim0 added [ 150.422473][ T5911] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 150.445265][ T5147] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 150.533174][ T29] audit: type=1326 audit(1720143797.836:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.111" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9394775bd9 code=0x0 [ 150.683245][ T5200] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 150.903472][ T5200] usb 1-1: Using ep0 maxpacket: 8 [ 150.986211][ T5200] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 151.050558][ T5200] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 151.071428][ T5200] usb 1-1: config 1 has no interface number 1 [ 151.079447][ T5200] usb 1-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 151.101486][ T5200] usb 1-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 151.129794][ T5911] Process accounting resumed [ 151.136546][ T5200] usb 1-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 151.191480][ T5200] usb 1-1: config 1 interface 2 has no altsetting 0 [ 151.203770][ T5133] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 151.211370][ T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 151.214701][ T5200] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 151.258110][ T5200] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.274405][ T5200] usb 1-1: Product: 쑿퉈ਝ쑻 [ 151.279586][ T5200] usb 1-1: Manufacturer: ф [ 151.298093][ T5200] usb 1-1: SerialNumber: syz [ 151.392961][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 151.410778][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 151.421228][ T5133] usb 5-1: Using ep0 maxpacket: 32 [ 151.430319][ T5133] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.457675][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 151.474249][ T5133] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.487496][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.491666][ T5923] loop1: detected capacity change from 0 to 64 [ 151.495862][ T5133] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 151.512519][ T9] usb 3-1: Product: syz [ 151.542667][ T9] usb 3-1: Manufacturer: syz [ 151.554891][ T9] usb 3-1: SerialNumber: syz [ 151.569548][ T5133] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 151.588921][ T9] usb 3-1: bad CDC descriptors [ 151.609617][ T5133] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 151.625037][ T5133] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 151.650638][ T5133] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 151.660824][ T5133] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.693289][ T5133] usb 5-1: Product: syz [ 151.699075][ T5133] usb 5-1: Manufacturer: syz [ 151.714392][ T5133] usb 5-1: SerialNumber: syz [ 151.743098][ T5144] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 151.847754][ T5200] usb 1-1: USB disconnect, device number 5 [ 152.157446][ T5144] usb 4-1: config 0 has an invalid interface number: 106 but max is 0 [ 152.173448][ T5903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 152.506751][ T5144] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 152.519700][ T5144] usb 4-1: config 0 has no interface number 0 [ 152.526011][ T5144] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 255, changing to 11 [ 152.553821][ T5144] usb 4-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 59391, setting to 1024 [ 152.571631][ T5903] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 152.629873][ T5144] usb 4-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 152.649113][ T5144] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 152.686700][ T5133] cdc_ncm 5-1:1.0: bind() failure [ 152.707872][ T5133] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 152.719911][ T5133] cdc_ncm 5-1:1.1: bind() failure [ 152.740940][ T5133] usb 5-1: USB disconnect, device number 8 [ 152.741215][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 152.766202][ T5144] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.825291][ T5144] usb 4-1: config 0 descriptor?? [ 152.831730][ T5922] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 152.880853][ T5144] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 153.027686][ T5930] netlink: 28 bytes leftover after parsing attributes in process `syz.1.184'. [ 153.194741][ T5933] loop0: detected capacity change from 0 to 8 [ 153.383528][ T5133] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 153.614223][ T5133] usb 2-1: Using ep0 maxpacket: 8 [ 153.644826][ T5133] usb 2-1: config 1 has an invalid interface descriptor of length 3, skipping [ 153.679542][ T5144] usb 3-1: USB disconnect, device number 12 [ 153.689157][ T5133] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 153.768341][ T5133] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 153.808189][ T5133] usb 2-1: config 1 has no interface number 1 [ 153.835950][ T5133] usb 2-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 153.881461][ T5133] usb 2-1: config 1 interface 2 altsetting 220 has 0 endpoint descriptors, different from the interface descriptor's value: 113 [ 153.935064][ T58] usb 4-1: Failed to submit usb control message: -110 [ 153.971723][ T58] usb 4-1: unable to send the bmi data to the device: -110 [ 153.987576][ T5133] usb 2-1: config 1 interface 2 has no altsetting 0 [ 154.001646][ T58] usb 4-1: unable to get target info from device [ 154.016383][ T58] usb 4-1: could not get target info (-110) [ 154.021354][ T5133] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 154.022523][ T58] usb 4-1: could not probe fw (-110) [ 154.046851][ T5133] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.055493][ T5133] usb 2-1: Product: 쑿퉈ਝ쑻 [ 154.060786][ T5133] usb 2-1: Manufacturer: ф [ 154.065897][ T5133] usb 2-1: SerialNumber: syz [ 154.103001][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 154.310446][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 154.353627][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 154.380900][ T5133] usb 2-1: USB disconnect, device number 4 [ 154.490365][ T9] usb 1-1: config 1 has no interface number 0 [ 155.100632][ T9] usb 1-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 155.189431][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 155.200789][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.213342][ T929] usb 4-1: USB disconnect, device number 11 [ 155.229317][ T9] usb 1-1: Product: syz [ 155.252229][ T9] usb 1-1: Manufacturer: syz [ 155.292852][ T9] usb 1-1: SerialNumber: syz [ 155.383599][ T9] usb 1-1: selecting invalid altsetting 1 [ 155.416027][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 155.595622][ T29] audit: type=1326 audit(1720143802.796:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5949 comm="syz.2.191" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f474e175bd9 code=0x0 [ 156.037541][ T9] cdc_ncm 1-1:1.1: failed GET_NTB_PARAMETERS [ 156.148335][ T9] cdc_ncm 1-1:1.1: bind() failure [ 156.168539][ T9] usb 1-1: USB disconnect, device number 6 [ 156.268391][ T5964] loop3: detected capacity change from 0 to 8 [ 156.440255][ T5958] loop4: detected capacity change from 0 to 64 [ 156.507395][ T5200] libceph: connect (1)[c::]:6789 error -101 [ 156.523237][ T5200] libceph: mon0 (1)[c::]:6789 connect error [ 156.533530][ T5962] ceph: No mds server is up or the cluster is laggy [ 156.669464][ T5972] loop1: detected capacity change from 0 to 128 [ 156.669511][ T5974] loop3: detected capacity change from 0 to 64 [ 156.756276][ T5972] VFS: Found a Xenix FS (block size = 512) on device loop1 [ 156.955325][ T5972] sysv_count_free_blocks: cannot read free-list block [ 157.111846][ T5972] sysv_count_free_inodes: unable to read inode table [ 157.124018][ T5978] sysv_count_free_blocks: cannot read free-list block [ 157.137398][ T5978] sysv_count_free_inodes: unable to read inode table [ 157.204919][ T5982] overlay: ./file1 is not a directory [ 157.516894][ T5980] loop0: detected capacity change from 0 to 512 [ 157.776213][ T5980] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 157.834829][ T5980] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 158.006215][ T5992] netlink: 'syz.2.203': attribute type 10 has an invalid length. [ 158.089622][ T5996] netlink: 28 bytes leftover after parsing attributes in process `syz.2.203'. [ 158.524613][ T9] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 158.762907][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 158.771260][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 158.828770][ T9] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 158.845761][ T9] usb 3-1: config 1 has no interface number 1 [ 158.852342][ T9] usb 3-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 158.868490][ T9] usb 3-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 158.889929][ T9] usb 3-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 158.945911][ T9] usb 3-1: config 1 interface 2 has no altsetting 0 [ 158.991830][ T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 159.017128][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.032046][ T9] usb 3-1: Product: 쑿퉈ਝ쑻 [ 159.041855][ T9] usb 3-1: Manufacturer: ф [ 159.054338][ T6006] loop4: detected capacity change from 0 to 256 [ 159.062714][ T9] usb 3-1: SerialNumber: syz [ 159.064275][ T5097] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.486810][ T5615] sysv_free_block: trying to free block not in datazone [ 159.497763][ T9] usb 3-1: USB disconnect, device number 13 [ 159.520220][ T5615] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 159.684826][ T6011] loop1: detected capacity change from 0 to 8 [ 159.793299][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 160.844780][ T5091] Bluetooth: hci3: SCO packet for unknown connection handle 1039 [ 160.861096][ T6021] loop1: detected capacity change from 0 to 64 [ 160.949184][ T6019] loop3: detected capacity change from 0 to 2048 [ 160.985579][ T6019] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 161.022294][ T6019] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 161.122122][ T6009] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 161.163381][ T6019] Process accounting resumed [ 161.171234][ T6009] FAT-fs (loop4): Filesystem has been set read-only [ 161.187001][ T6009] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 161.458141][ T6029] overlay: ./file1 is not a directory [ 161.680344][ T6009] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 161.848191][ T29] audit: type=1800 audit(1720143809.096:7): pid=6009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.206" name="file1" dev="loop4" ino=1048605 res=0 errno=0 [ 162.623100][ T59] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 162.625545][ T6047] loop2: detected capacity change from 0 to 128 [ 162.700275][ T6047] VFS: Found a Xenix FS (block size = 512) on device loop2 [ 162.815857][ T6047] sysv_count_free_blocks: cannot read free-list block [ 162.823126][ T59] usb 2-1: Using ep0 maxpacket: 16 [ 162.841793][ T59] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 162.852399][ T6047] sysv_count_free_inodes: unable to read inode table [ 162.859976][ T6048] sysv_count_free_blocks: cannot read free-list block [ 162.873928][ T6048] sysv_count_free_inodes: unable to read inode table [ 162.885523][ T59] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 163.005679][ T59] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.022046][ T59] usb 2-1: config 0 descriptor?? [ 163.055999][ T6051] netlink: 4 bytes leftover after parsing attributes in process `syz.3.220'. [ 163.118763][ T6054] loop0: detected capacity change from 0 to 8 [ 163.191383][ T6051] team0: entered promiscuous mode [ 163.200073][ T6051] team_slave_0: entered promiscuous mode [ 163.212865][ T6051] team_slave_1: entered promiscuous mode [ 163.218731][ T6051] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 163.289854][ T6051] team_slave_0: entered allmulticast mode [ 163.347367][ T6051] team0: Port device team_slave_0 removed [ 163.567033][ T6043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.589690][ T6043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.670425][ T6061] binder_alloc: 6056: binder_alloc_buf, no vma [ 164.085512][ T6049] team0: left promiscuous mode [ 164.283004][ T6049] team_slave_1: left promiscuous mode [ 164.293558][ T6049] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 164.524371][ T59] hid (null): unknown global tag 0x83 [ 164.539500][ T59] hid (null): global environment stack underflow [ 164.569795][ T59] hid-generic 0003:0158:0100.0002: unexpected long global item [ 164.589741][ T6065] loop0: detected capacity change from 0 to 64 [ 164.616074][ T59] hid-generic 0003:0158:0100.0002: probe with driver hid-generic failed with error -22 [ 164.818574][ T59] usb 2-1: USB disconnect, device number 5 [ 164.978141][ T6070] overlay: ./file1 is not a directory [ 165.726970][ T6072] loop0: detected capacity change from 0 to 256 [ 165.909160][ T5092] sysv_free_block: trying to free block not in datazone [ 166.258573][ T5092] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 166.893475][ T4491] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 167.069971][ T6079] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 167.088132][ T6079] FAT-fs (loop0): Filesystem has been set read-only [ 167.095999][ T6079] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 167.106633][ T6079] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 167.116978][ T29] audit: type=1800 audit(1720143814.426:8): pid=6079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.226" name="file1" dev="loop0" ino=1048608 res=0 errno=0 [ 167.208341][ T6085] loop2: detected capacity change from 0 to 1024 [ 167.309887][ T6085] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.419172][ T6092] netlink: 4 bytes leftover after parsing attributes in process `syz.3.231'. [ 167.458081][ T6092] team0: entered promiscuous mode [ 167.467523][ T6092] team_slave_1: entered promiscuous mode [ 167.486847][ T6092] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 167.533211][ T6091] team0: left promiscuous mode [ 167.538062][ T6091] team_slave_1: left promiscuous mode [ 167.557766][ T5092] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.563287][ T6091] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 167.751036][ T6100] loop0: detected capacity change from 0 to 8 [ 167.905551][ T4491] Bluetooth: hci6: link tx timeout [ 167.910028][ T6105] loop4: detected capacity change from 0 to 64 [ 167.912182][ T4491] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 167.930205][ T5091] Bluetooth: hci6: link tx timeout [ 167.938418][ T5091] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 167.947247][ T5091] Bluetooth: hci6: link tx timeout [ 167.955183][ T5091] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 167.971797][ T5091] Bluetooth: hci6: link tx timeout [ 167.977255][ T5091] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 168.005588][ T5091] Bluetooth: hci6: link tx timeout [ 168.011261][ T5091] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 168.019209][ T5091] Bluetooth: hci6: link tx timeout [ 168.025281][ T5091] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 168.692433][ T6111] overlay: ./file1 is not a directory [ 168.820134][ T6099] loop2: detected capacity change from 0 to 4096 [ 168.835311][ T6099] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 169.158820][ T6099] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 169.202358][ T6099] ntfs3: loop2: mft corrupted [ 169.207366][ T6099] ntfs3: loop2: Failed to load $Extend (-22). [ 169.214017][ T6099] ntfs3: loop2: Failed to initialize $Extend. [ 169.365882][ T6099] ntfs3: Unknown parameter '01777777777777777777777Xcv:Q' [ 169.366406][ T6123] loop4: detected capacity change from 0 to 128 [ 169.430587][ T6123] VFS: Found a Xenix FS (block size = 512) on device loop4 [ 169.508060][ T6123] sysv_count_free_blocks: cannot read free-list block [ 169.725601][ T6123] sysv_count_free_inodes: unable to read inode table [ 169.766926][ T6125] sysv_count_free_blocks: cannot read free-list block [ 169.769740][ T6120] loop3: detected capacity change from 0 to 4096 [ 169.865376][ T6125] sysv_count_free_inodes: unable to read inode table [ 169.960540][ T6120] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 169.994868][ T5091] Bluetooth: hci6: command 0x0406 tx timeout [ 170.075579][ T6131] loop2: detected capacity change from 0 to 256 [ 170.180362][ T6120] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 170.217409][ T6120] ntfs3: loop3: mft corrupted [ 170.222407][ T6120] ntfs3: loop3: Failed to load $Extend (-22). [ 170.229177][ T6120] ntfs3: loop3: Failed to initialize $Extend. [ 170.532595][ T6120] ntfs3: Unknown parameter '01777777777777777777777Xcv:Q' [ 170.597173][ T4491] Bluetooth: hci6: SCO packet for unknown connection handle 201 [ 170.609575][ T4491] Bluetooth: hci6: SCO packet for unknown connection handle 1039 [ 170.966597][ T6136] netlink: 'syz.3.243': attribute type 13 has an invalid length. [ 171.003634][ T6131] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 171.023506][ T6131] FAT-fs (loop2): Filesystem has been set read-only [ 171.055446][ T6131] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 171.100055][ T6131] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 171.151741][ T29] audit: type=1800 audit(1720143818.456:9): pid=6131 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.242" name="file1" dev="loop2" ino=1048611 res=0 errno=0 [ 171.281932][ T6141] netlink: 'syz.1.245': attribute type 10 has an invalid length. [ 171.384514][ T6141] team0: Failed to send options change via netlink (err -105) [ 171.427550][ T6144] netlink: 28 bytes leftover after parsing attributes in process `syz.1.245'. [ 171.441754][ T6141] team0: Port device netdevsim0 added [ 171.463880][ T59] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 171.476143][ T5088] sysv_free_block: trying to free block not in datazone [ 171.523552][ T5088] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 171.692369][ T6152] loop4: detected capacity change from 0 to 64 [ 171.792899][ T59] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 172.955336][ T59] usb 2-1: Using ep0 maxpacket: 8 [ 172.986375][ T59] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 173.013025][ T59] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 173.026018][ T59] usb 2-1: config 1 has no interface number 1 [ 173.032256][ T59] usb 2-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 173.045043][ T6165] loop4: detected capacity change from 0 to 8 [ 173.051990][ T59] usb 2-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 173.074900][ T59] usb 2-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 173.094398][ T59] usb 2-1: config 1 interface 2 has no altsetting 0 [ 173.206153][ T59] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 173.272893][ T59] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.297389][ T59] usb 2-1: Product: 쑿퉈ਝ쑻 [ 173.312615][ T59] usb 2-1: Manufacturer: ф [ 173.320275][ T59] usb 2-1: SerialNumber: syz [ 173.422176][ T6171] capability: warning: `syz.3.252' uses 32-bit capabilities (legacy support in use) [ 173.604174][ T59] usb 2-1: USB disconnect, device number 6 [ 173.850465][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 174.167076][ T6173] netlink: 24 bytes leftover after parsing attributes in process `syz.4.253'. [ 174.186996][ T6173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 174.235467][ T6173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 174.612940][ T59] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 174.666579][ T6182] loop1: detected capacity change from 0 to 256 [ 174.824379][ T59] usb 3-1: config 0 has an invalid interface number: 106 but max is 0 [ 174.874464][ T59] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 174.917919][ T59] usb 3-1: config 0 has no interface number 0 [ 174.935997][ T59] usb 3-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 255, changing to 11 [ 174.967089][ T59] usb 3-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 59391, setting to 1024 [ 174.984890][ T59] usb 3-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 175.029337][ T59] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 175.060482][ T59] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.088480][ T59] usb 3-1: config 0 descriptor?? [ 175.125708][ T6176] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 175.161015][ T59] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 176.197399][ T29] audit: type=1800 audit(1720143823.506:10): pid=6196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.257" name="file1" dev="loop1" ino=1048614 res=0 errno=0 [ 176.305625][ T1051] usb 3-1: Failed to submit usb control message: -110 [ 176.382274][ T1051] usb 3-1: unable to send the bmi data to the device: -110 [ 176.436442][ T1051] usb 3-1: unable to get target info from device [ 176.462888][ T1051] usb 3-1: could not get target info (-110) [ 176.473629][ T1051] usb 3-1: could not probe fw (-110) [ 177.406953][ T5843] usb 3-1: USB disconnect, device number 14 [ 178.490454][ T6219] netlink: 'syz.2.265': attribute type 10 has an invalid length. [ 178.541437][ T6219] netlink: 28 bytes leftover after parsing attributes in process `syz.2.265'. [ 178.542035][ T6222] netlink: 'syz.1.266': attribute type 10 has an invalid length. [ 178.631412][ T6222] netlink: 28 bytes leftover after parsing attributes in process `syz.1.266'. [ 178.862916][ T5843] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 179.044829][ T59] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 179.062906][ T5843] usb 3-1: Using ep0 maxpacket: 8 [ 179.074355][ T5843] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 179.090361][ T5843] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 179.100012][ T5843] usb 3-1: config 1 has no interface number 1 [ 179.106673][ T5843] usb 3-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 179.172935][ T6232] binder_alloc: 6229: binder_alloc_buf, no vma [ 179.200167][ T5843] usb 3-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 179.271902][ T5843] usb 3-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 179.398094][ T5843] usb 3-1: config 1 interface 2 has no altsetting 0 [ 179.484060][ T5843] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 179.608441][ T5843] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.697612][ T5843] usb 3-1: Product: 쑿퉈ਝ쑻 [ 179.714825][ T5843] usb 3-1: Manufacturer: ф [ 179.739656][ T5843] usb 3-1: SerialNumber: syz [ 179.846715][ T6228] loop4: detected capacity change from 0 to 32768 [ 179.854865][ T6228] XFS: ikeep mount option is deprecated. [ 179.860553][ T6228] XFS: ikeep mount option is deprecated. [ 179.893964][ T59] usb 2-1: Using ep0 maxpacket: 8 [ 180.293150][ T6228] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 180.738722][ T59] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 180.751169][ T59] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 180.762266][ T59] usb 2-1: config 1 has no interface number 1 [ 180.769425][ T59] usb 2-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 180.780765][ T59] usb 2-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 180.792491][ T59] usb 2-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 180.806611][ T59] usb 2-1: config 1 interface 2 has no altsetting 0 [ 180.816205][ T59] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 180.829071][ T59] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.852328][ T59] usb 2-1: Product: 쑿퉈ਝ쑻 [ 180.867895][ T59] usb 2-1: Manufacturer: ф [ 180.870639][ T5843] usb 3-1: USB disconnect, device number 15 [ 180.874579][ T59] usb 2-1: SerialNumber: syz [ 180.990149][ T6247] loop3: detected capacity change from 0 to 256 [ 181.014199][ T6228] XFS (loop4): Ending clean mount [ 181.107216][ T29] audit: type=1800 audit(1720143828.416:11): pid=6228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.268" name="bus" dev="loop4" ino=9289 res=0 errno=0 [ 181.143357][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 181.225123][ T5088] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 181.251801][ T59] usb 2-1: USB disconnect, device number 7 [ 181.515715][ T5098] udevd[5098]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 181.564981][ T6248] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 181.578502][ T6248] FAT-fs (loop3): Filesystem has been set read-only [ 181.585396][ T6248] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 181.595947][ T6248] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 181.614816][ T29] audit: type=1800 audit(1720143828.916:12): pid=6248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.271" name="file1" dev="loop3" ino=1048617 res=0 errno=0 [ 181.634648][ C0] vkms_vblank_simulate: vblank timer overrun [ 181.793254][ T6255] loop2: detected capacity change from 0 to 4096 [ 181.800856][ T6255] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 181.949983][ T6255] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 181.998735][ T6255] ntfs3: loop2: mft corrupted [ 182.010319][ T6255] ntfs3: loop2: Failed to load $Extend (-22). [ 182.039509][ T6255] ntfs3: loop2: Failed to initialize $Extend. [ 182.263909][ T6261] ntfs3: Unknown parameter '01777777777777777777777Xcv:Q' [ 182.419243][ T6262] loop1: detected capacity change from 0 to 4096 [ 182.461011][ T6262] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 182.630972][ T6262] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 182.669083][ T6262] ntfs3: loop1: mft corrupted [ 182.675289][ T6262] ntfs3: loop1: Failed to load $Extend (-22). [ 182.682230][ T5091] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 182.694689][ T6262] ntfs3: loop1: Failed to initialize $Extend. [ 182.713451][ T5091] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 182.783280][ T5091] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 182.851109][ T5091] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 182.860090][ T5091] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 182.867693][ T5091] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 183.296002][ T3515] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.448833][ T6276] loop2: detected capacity change from 0 to 512 [ 183.479271][ T6276] EXT4-fs: Ignoring removed bh option [ 183.513109][ T6276] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 183.553962][ T3515] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.585980][ T6276] EXT4-fs (loop2): 1 truncate cleaned up [ 183.596779][ T6276] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.619229][ T6276] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.952941][ T5109] Bluetooth: hci4: command tx timeout [ 185.213760][ T6293] overlayfs: missing 'lowerdir' [ 186.616165][ T3515] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.651994][ T5109] Bluetooth: hci1: command 0x0406 tx timeout [ 186.659137][ T5103] Bluetooth: hci0: command 0x0406 tx timeout [ 186.665370][ T5109] Bluetooth: hci2: command 0x0406 tx timeout [ 186.753402][ T6298] netlink: 24 bytes leftover after parsing attributes in process `syz.3.283'. [ 186.765074][ T6291] loop1: detected capacity change from 0 to 2048 [ 186.792232][ T4491] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 186.806605][ T6291] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 186.831123][ T6291] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 186.854157][ T6303] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.938762][ T3515] team0: Port device netdevsim0 removed [ 186.949945][ T3515] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.034671][ T5099] Bluetooth: hci4: command tx timeout [ 187.072909][ T5133] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 187.126768][ T6304] loop4: detected capacity change from 0 to 4096 [ 187.160553][ T6304] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 187.267320][ T5133] usb 3-1: New USB device found, idVendor=093b, idProduct=a102, bcdDevice= 0.01 [ 187.330880][ T5133] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.332933][ T6304] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 187.356111][ T5133] usb 3-1: Product: syz [ 187.360328][ T5133] usb 3-1: Manufacturer: syz [ 187.365210][ T6304] ntfs3: loop4: mft corrupted [ 187.370855][ T6304] ntfs3: loop4: Failed to load $Extend (-22). [ 187.382862][ T6304] ntfs3: loop4: Failed to initialize $Extend. [ 187.387557][ T5133] usb 3-1: SerialNumber: syz [ 187.391823][ T6266] chnl_net:caif_netlink_parms(): no params data found [ 187.418728][ T5133] usb 3-1: config 0 descriptor?? [ 187.431633][ T5133] go7007 3-1:0.0: probe with driver go7007 failed with error -12 [ 187.600700][ T6315] ntfs3: Unknown parameter '01777777777777777777777Xcv:Q' [ 187.649852][ T3515] bridge_slave_1: left allmulticast mode [ 187.670521][ T3515] bridge_slave_1: left promiscuous mode [ 187.689211][ T3515] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.711785][ T3515] bridge_slave_0: left allmulticast mode [ 187.726246][ T3515] bridge_slave_0: left promiscuous mode [ 187.739952][ T3515] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.230430][ T6332] loop4: detected capacity change from 0 to 512 [ 188.257843][ T6332] EXT4-fs: Ignoring removed bh option [ 188.292969][ T6332] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 189.112946][ T5099] Bluetooth: hci4: command tx timeout [ 189.356395][ T5099] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 189.366326][ T6332] EXT4-fs (loop4): 1 truncate cleaned up [ 189.401323][ T6332] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 189.485985][ T6332] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.980249][ T6357] overlayfs: missing 'lowerdir' [ 190.628379][ T6366] loop1: detected capacity change from 0 to 8 [ 190.813244][ T46] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 190.869582][ T3515] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 190.891898][ T3515] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 190.917164][ T3515] bond0 (unregistering): Released all slaves [ 191.026237][ T46] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 191.065676][ T46] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 191.080198][ T46] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 191.120938][ T6266] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.132415][ T46] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 191.150167][ T6266] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.167949][ T46] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 191.178409][ T6266] bridge_slave_0: entered allmulticast mode [ 191.187222][ T46] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 191.194523][ T6266] bridge_slave_0: entered promiscuous mode [ 191.202854][ T5099] Bluetooth: hci4: command tx timeout [ 191.209989][ T46] usb 5-1: Product: syz [ 191.220189][ T46] usb 5-1: Manufacturer: syz [ 191.230597][ T6266] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.255632][ T46] cdc_wdm 5-1:1.0: skipping garbage [ 191.260927][ T46] cdc_wdm 5-1:1.0: skipping garbage [ 191.271739][ T6266] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.280720][ T6266] bridge_slave_1: entered allmulticast mode [ 191.295486][ T6266] bridge_slave_1: entered promiscuous mode [ 191.370247][ T46] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 191.388372][ T46] cdc_wdm 5-1:1.0: Unknown control protocol [ 191.552530][ T6266] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.631520][ T6266] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.883064][ T5133] usb 3-1: USB disconnect, device number 16 [ 191.913526][ T6266] team0: Port device team_slave_0 added [ 191.935114][ T46] usb 5-1: USB disconnect, device number 9 [ 192.002307][ T6266] team0: Port device team_slave_1 added [ 192.110316][ T3515] hsr_slave_0: left promiscuous mode [ 192.135398][ T3515] hsr_slave_1: left promiscuous mode [ 192.171858][ T3515] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 192.179853][ T3515] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 192.192406][ T3515] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 192.193109][ T5843] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 192.200694][ T3515] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 192.256851][ T3515] veth1_macvtap: left promiscuous mode [ 192.262544][ T3515] veth0_macvtap: left promiscuous mode [ 192.269618][ T3515] veth1_vlan: left promiscuous mode [ 192.281601][ T3515] veth0_vlan: left promiscuous mode [ 192.437122][ T5843] usb 2-1: config 0 has an invalid interface number: 106 but max is 0 [ 192.471212][ T5843] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.565134][ T5843] usb 2-1: config 0 has no interface number 0 [ 192.584798][ T5843] usb 2-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 255, changing to 11 [ 192.608850][ T5843] usb 2-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 59391, setting to 1024 [ 192.615237][ T46] libceph: connect (1)[c::]:6789 error -101 [ 192.634817][ T46] libceph: mon0 (1)[c::]:6789 connect error [ 192.641506][ T46] libceph: connect (1)[c::]:6789 error -101 [ 192.648826][ T46] libceph: mon0 (1)[c::]:6789 connect error [ 192.690128][ T5843] usb 2-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 192.727871][ T6389] ceph: No mds server is up or the cluster is laggy [ 192.753231][ T5843] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 192.819127][ T5843] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.870055][ T6398] loop4: detected capacity change from 0 to 512 [ 192.923429][ T6398] EXT4-fs: Ignoring removed bh option [ 192.951910][ T5843] usb 2-1: config 0 descriptor?? [ 192.964311][ T6398] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 193.021219][ T6374] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 193.044845][ T6398] EXT4-fs (loop4): 1 truncate cleaned up [ 193.091518][ T5843] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 193.094294][ T6398] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 193.368179][ T6398] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.930178][ T6415] overlayfs: missing 'lowerdir' [ 194.163504][ T11] usb 2-1: Failed to submit usb control message: -110 [ 194.193067][ T11] usb 2-1: unable to send the bmi data to the device: -110 [ 194.262920][ T11] usb 2-1: unable to get target info from device [ 194.310102][ T11] usb 2-1: could not get target info (-110) [ 194.334161][ T11] usb 2-1: could not probe fw (-110) [ 194.469016][ T6419] loop4: detected capacity change from 0 to 8 [ 194.652714][ T5200] usb 2-1: USB disconnect, device number 8 [ 194.680047][ T3515] team0 (unregistering): Port device team_slave_1 removed [ 194.790209][ T5099] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 194.801534][ T1245] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.818026][ T1245] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.862722][ T6424] loop1: detected capacity change from 0 to 512 [ 194.876109][ T3515] team0 (unregistering): Port device team_slave_0 removed [ 194.895568][ T6424] EXT4-fs: Ignoring removed bh option [ 194.909658][ T6424] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 194.943251][ T6424] EXT4-fs (loop1): 1 truncate cleaned up [ 194.982153][ T6424] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 195.034279][ T6424] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.353626][ T5099] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 195.490332][ T6435] loop3: detected capacity change from 0 to 64 [ 196.635471][ T5099] Bluetooth: hci2: Malformed HCI Event: 0x22 [ 196.751879][ T6451] Cannot find add_set index 0 as target [ 196.968038][ T6454] overlayfs: missing 'lowerdir' [ 197.272798][ C1] DEBUG: holding rtnl_mutex for 517 jiffies. [ 197.279015][ C1] task:kworker/u8:10 state:R running task stack:20280 pid:3515 tgid:3515 ppid:2 flags:0x00004000 [ 197.291273][ C1] Workqueue: netns cleanup_net [ 197.296459][ C1] Call Trace: [ 197.299786][ C1] [ 197.302817][ C1] __schedule+0x1800/0x4a60 [ 197.307406][ C1] ? __pfx___schedule+0x10/0x10 [ 197.312373][ C1] ? __pfx_lock_release+0x10/0x10 [ 197.317593][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 197.323704][ C1] ? kthread_data+0x52/0xd0 [ 197.328316][ C1] ? wq_worker_sleeping+0x66/0x240 [ 197.333534][ C1] ? schedule+0x90/0x320 [ 197.337853][ C1] schedule+0x14b/0x320 [ 197.342082][ C1] synchronize_rcu_expedited+0x684/0x830 [ 197.347858][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 197.354074][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 197.359544][ C1] ? __pfx___might_resched+0x10/0x10 [ 197.364877][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 197.370970][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 197.377244][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 197.383640][ C1] synchronize_rcu+0x11b/0x360 [ 197.388450][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 197.393938][ C1] lockdep_unregister_key+0x556/0x610 [ 197.399400][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 197.405368][ C1] ? rcu_is_watching+0x15/0xb0 [ 197.410165][ C1] ? qdisc_reset+0x3bf/0x5b0 [ 197.414838][ C1] __qdisc_destroy+0x165/0x410 [ 197.419626][ C1] dev_shutdown+0x9b/0x440 [ 197.424374][ C1] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 197.430761][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 197.437637][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 197.443836][ C1] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 197.450042][ C1] default_device_exit_batch+0xa0f/0xa90 [ 197.455820][ C1] ? __pfx___might_resched+0x10/0x10 [ 197.461184][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 197.467461][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 197.472829][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 197.479134][ C1] cleanup_net+0x89d/0xcc0 [ 197.483597][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 197.488558][ C1] ? process_scheduled_works+0x945/0x1830 [ 197.494360][ C1] process_scheduled_works+0xa2c/0x1830 [ 197.499982][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 197.506022][ C1] ? assign_work+0x364/0x3d0 [ 197.510645][ C1] worker_thread+0x86d/0xd40 [ 197.515272][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 197.521267][ C1] ? __kthread_parkme+0x169/0x1d0 [ 197.526330][ C1] ? __pfx_worker_thread+0x10/0x10 [ 197.531482][ C1] kthread+0x2f0/0x390 [ 197.535616][ C1] ? __pfx_worker_thread+0x10/0x10 [ 197.540745][ C1] ? __pfx_kthread+0x10/0x10 [ 197.545390][ C1] ret_from_fork+0x4b/0x80 [ 197.549867][ C1] ? __pfx_kthread+0x10/0x10 [ 197.554503][ C1] ret_from_fork_asm+0x1a/0x30 [ 197.559472][ C1] [ 197.562530][ C1] DEBUG: waiting rtnl_mutex for 550 jiffies. [ 197.568658][ C1] task:syz-executor state:D stack:21024 pid:6266 tgid:6266 ppid:6258 flags:0x00004000 [ 197.579205][ C1] Call Trace: [ 197.582509][ C1] [ 197.585647][ C1] __schedule+0x1800/0x4a60 [ 197.590186][ C1] ? __pfx___schedule+0x10/0x10 [ 197.595102][ C1] ? __pfx_lock_release+0x10/0x10 [ 197.600238][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 197.605763][ C1] ? schedule+0x90/0x320 [ 197.610268][ C1] schedule+0x14b/0x320 [ 197.614483][ C1] schedule_preempt_disabled+0x13/0x30 [ 197.619949][ C1] __mutex_lock+0x6a4/0xd70 [ 197.624505][ C1] ? __mutex_lock+0x527/0xd70 [ 197.629236][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 197.634637][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 197.639770][ C1] ? get_rtnl_holder+0x144/0x190 [ 197.644794][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 197.649839][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 197.655106][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 197.660701][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 197.666039][ C1] ? __pfx_validate_chain+0x10/0x10 [ 197.671352][ C1] ? __pfx_validate_chain+0x10/0x10 [ 197.676672][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 197.681688][ C1] ? mark_lock+0x9a/0x360 [ 197.686777][ C1] ? __pfx_validate_chain+0x10/0x10 [ 197.692195][ C1] ? __lock_acquire+0x1359/0x2000 [ 197.697339][ C1] ? mark_lock+0x9a/0x360 [ 197.701701][ C1] ? __lock_acquire+0x1359/0x2000 [ 197.706921][ C1] netlink_rcv_skb+0x1e3/0x430 [ 197.711868][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 197.717469][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 197.723042][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 197.728295][ C1] netlink_unicast+0x7f0/0x990 [ 197.733116][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 197.738411][ C1] ? __virt_addr_valid+0x183/0x530 [ 197.743709][ C1] ? __check_object_size+0x49c/0x900 [ 197.749347][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 197.754535][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 197.759617][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.765324][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 197.771335][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 197.776353][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 197.781667][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 197.787184][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.792870][ C1] __sock_sendmsg+0x221/0x270 [ 197.797793][ C1] __sys_sendto+0x3a4/0x4f0 [ 197.802306][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 197.807416][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 197.813472][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 197.819807][ C1] __x64_sys_sendto+0xde/0x100 [ 197.824621][ C1] do_syscall_64+0xf3/0x230 [ 197.829196][ C1] ? clear_bhb_loop+0x35/0x90 [ 197.833918][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.839924][ C1] RIP: 0033:0x7f33f277796c [ 197.844612][ C1] RSP: 002b:00007ffffb2b4c90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 197.853107][ C1] RAX: ffffffffffffffda RBX: 00007f33f3434620 RCX: 00007f33f277796c [ 197.861324][ C1] RDX: 000000000000006c RSI: 00007f33f3434670 RDI: 0000000000000003 [ 197.869342][ C1] RBP: 0000000000000000 R08: 00007ffffb2b4ce4 R09: 000000000000000c [ 197.877587][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 197.885622][ C1] R13: 0000000000000000 R14: 00007f33f3434670 R15: 0000000000000000 [ 197.893646][ C1] [ 197.896694][ C1] [ 197.896694][ C1] Showing all locks held in the system: [ 197.904597][ C1] 3 locks held by kworker/1:1/46: [ 197.909609][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 197.920666][ C1] #1: ffffc90000b67d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 197.931722][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 197.940951][ C1] 5 locks held by kworker/u8:4/58: [ 197.946318][ C1] #0: ffff88802a932948 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 197.958252][ C1] #1: ffffc9000123fd00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 197.971575][ C1] #2: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: batadv_nc_worker+0xcb/0x610 [ 197.981137][ C1] #3: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 197.991327][ C1] #4: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 198.001398][ C1] 5 locks held by kworker/u8:10/3515: [ 198.006789][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 198.017744][ C1] #1: ffffc9000af8fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 198.028377][ C1] #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 198.038025][ C1] #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 198.048222][ C1] #4: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 198.060151][ C1] 1 lock held by udevd/4547: [ 198.064921][ C1] 1 lock held by dhcpcd/4761: [ 198.069638][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 198.079107][ C1] 2 locks held by getty/4848: [ 198.084001][ C1] #0: ffff88802a3080a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 198.093924][ C1] #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 198.104188][ C1] 2 locks held by kworker/0:3/5133: [ 198.109412][ C1] 2 locks held by syz-executor/5615: [ 198.114887][ C1] 1 lock held by syz-executor/6266: [ 198.120094][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 198.130029][ C1] 1 lock held by syz.2.307/6430: [ 198.134985][ C1] #0: ffffffff8eb3e5e8 (reading_mutex){+.+.}-{3:3}, at: rng_dev_read+0x171/0x6d0 [ 198.144296][ C1] 1 lock held by syz.3.310/6449: [ 198.149581][ C1] 1 lock held by syz.3.310/6451: [ 198.155170][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: dev_ethtool+0x21e/0x1bc0 [ 198.164208][ C1] 1 lock held by syz.4.312/6452: [ 198.169146][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 198.178687][ C1] [ 198.180995][ C1] ============================================= [ 198.180995][ C1] [ 198.483507][ T6452] netlink: 'syz.4.312': attribute type 10 has an invalid length. [ 198.528582][ T6452] team0: Port device netdevsim0 removed [ 198.560878][ T6452] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 198.574033][ T6451] netdevsim netdevsim3: Direct firmware load for ng failed with error -2 [ 198.583203][ T6451] netdevsim netdevsim3: Falling back to sysfs fallback for: ng [ 198.644841][ T6266] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.652026][ T6266] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.696036][ T6266] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.717909][ T6266] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.725132][ T5099] Bluetooth: hci2: command 0x0406 tx timeout [ 198.735825][ T6266] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.781979][ T6266] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.872064][ T5099] Bluetooth: hci0: Malformed HCI Event: 0x22 [ 198.955604][ T6266] hsr_slave_0: entered promiscuous mode [ 198.973182][ T6266] hsr_slave_1: entered promiscuous mode [ 199.004154][ T6266] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 199.018143][ T6266] Cannot create hsr debugfs directory [ 199.121215][ T6467] Cannot find add_set index 0 as target [ 199.340201][ T6471] loop1: detected capacity change from 0 to 8 [ 199.420052][ T6467] netdevsim netdevsim4: Direct firmware load for ng failed with error -2 [ 199.431693][ T6467] netdevsim netdevsim4: Falling back to sysfs fallback for: ng [ 200.022553][ T5099] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 200.152962][ T5133] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 200.231797][ T6486] loop4: detected capacity change from 0 to 64 [ 200.403063][ T5133] usb 2-1: Using ep0 maxpacket: 32 [ 200.560564][ T5133] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.593034][ T5133] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.644692][ T5133] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 200.818655][ T5133] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 200.874140][ T5099] Bluetooth: hci0: command 0x0406 tx timeout [ 200.952358][ T5133] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 201.031530][ T5133] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 201.194991][ T5133] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 201.269011][ T5133] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.308614][ T5133] usb 2-1: Product: syz [ 201.323016][ T5133] usb 2-1: Manufacturer: syz [ 201.339099][ T5133] usb 2-1: SerialNumber: syz [ 201.388783][ T6492] loop4: detected capacity change from 0 to 512 [ 201.422056][ T6492] EXT4-fs: Ignoring removed bh option [ 201.461565][ T6492] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 201.545582][ T6492] EXT4-fs (loop4): 1 truncate cleaned up [ 201.591581][ T6492] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 201.608561][ T6479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 201.643175][ T6479] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 201.692335][ T5133] cdc_ncm 2-1:1.0: bind() failure [ 201.725215][ T5133] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 201.743254][ T6492] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.795760][ T5133] cdc_ncm 2-1:1.1: bind() failure [ 201.853492][ T6266] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 201.884233][ T5133] usb 2-1: USB disconnect, device number 9 [ 202.034336][ T6266] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 202.094030][ T6266] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 202.143617][ T6266] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 202.234298][ T6505] netlink: 'syz.3.324': attribute type 10 has an invalid length. [ 202.278710][ T6505] team0: Port device netdevsim0 removed [ 202.321870][ T6505] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 202.331209][ T5099] Bluetooth: hci0: Malformed HCI Event: 0x22 [ 202.337553][ T8] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 202.464676][ T6510] Cannot find add_set index 0 as target [ 202.553723][ T6510] netdevsim netdevsim4: Direct firmware load for ng failed with error -2 [ 202.577734][ T6510] netdevsim netdevsim4: Falling back to sysfs fallback for: ng [ 202.579667][ T6515] loop3: detected capacity change from 0 to 8 [ 202.602918][ T8] usb 3-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 202.606384][ T6266] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.627474][ T8] usb 3-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 202.651361][ T8] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 202.700414][ T6266] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.700532][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.782568][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.790142][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.830574][ T5200] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.837927][ T5200] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.187382][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 203.214044][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 203.222829][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 203.231284][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 203.239356][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 203.274286][ T46] usb 3-1: USB disconnect, device number 17 [ 203.398572][ T6533] netlink: 'syz.4.328': attribute type 10 has an invalid length. [ 203.454387][ T6533] bond0: (slave netdevsim0): Releasing backup interface [ 203.490027][ T6533] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 203.526026][ T6533] team0: Failed to send options change via netlink (err -105) [ 203.546083][ T6540] loop3: detected capacity change from 0 to 64 [ 203.552950][ T6533] team0: Port device netdevsim0 added [ 203.568755][ T6538] netlink: 28 bytes leftover after parsing attributes in process `syz.1.329'. [ 203.738480][ T6266] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.827707][ T6266] veth0_vlan: entered promiscuous mode [ 204.393394][ T5099] Bluetooth: hci0: command 0x0406 tx timeout [ 204.428976][ T6266] veth1_vlan: entered promiscuous mode [ 204.593336][ T5200] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 204.616693][ T6266] veth0_macvtap: entered promiscuous mode [ 204.659703][ T6266] veth1_macvtap: entered promiscuous mode [ 204.692450][ T5099] Bluetooth: hci6: SCO packet for unknown connection handle 201 [ 204.704054][ T5099] Bluetooth: hci6: SCO packet for unknown connection handle 1039 [ 204.778502][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.833851][ T5200] usb 5-1: Using ep0 maxpacket: 8 [ 204.863155][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.883632][ T5200] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 204.903843][ T5200] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 204.913081][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.939284][ T5200] usb 5-1: config 1 has no interface number 1 [ 204.945691][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.966360][ T5200] usb 5-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 204.998092][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.019789][ T5200] usb 5-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 205.065900][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.100562][ T5200] usb 5-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 205.153302][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.160317][ T5200] usb 5-1: config 1 interface 2 has no altsetting 0 [ 205.174453][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.194870][ T5200] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 205.215143][ T5200] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.277311][ T5200] usb 5-1: Product: 쑿퉈ਝ쑻 [ 205.319905][ T5200] usb 5-1: Manufacturer: ф [ 205.346180][ T6266] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.438667][ T5200] usb 5-1: SerialNumber: syz [ 205.804869][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.833004][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.883119][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.915872][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.932825][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.959540][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.976798][ T6266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.997768][ T6266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.028267][ T6266] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 206.036143][ T5200] usb 5-1: USB disconnect, device number 10 [ 206.059950][ T6266] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.087163][ T6266] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.112826][ T6266] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.141074][ T6266] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.314010][ T8] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 206.327855][ T5110] udevd[5110]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 206.359322][ T5099] Bluetooth: hci1: Malformed HCI Event: 0x22 [ 206.481654][ T6581] Cannot find add_set index 0 as target [ 206.494086][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.520795][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.568822][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 206.614388][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.644478][ T6581] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 206.649595][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 206.666755][ T6581] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 206.683980][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.688876][ T8] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 206.702396][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.738609][ T8] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 206.782827][ T8] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 206.822033][ T6591] loop1: detected capacity change from 0 to 8 [ 206.825913][ T8] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 206.990683][ T8] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 207.182983][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.832272][ T8] usb 4-1: Product: syz [ 207.850861][ T8] usb 4-1: Manufacturer: syz [ 207.872838][ T8] usb 4-1: SerialNumber: syz [ 208.136329][ T6573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.167684][ T6573] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.283836][ T5133] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 208.321638][ T8] cdc_ncm 4-1:1.0: bind() failure [ 208.393484][ T5099] Bluetooth: hci1: command 0x0406 tx timeout [ 208.418032][ T8] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 208.426999][ T8] cdc_ncm 4-1:1.1: bind() failure [ 208.453190][ T46] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 208.455818][ T8] usb 4-1: USB disconnect, device number 12 [ 208.544883][ T5133] usb 2-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 208.586384][ T5133] usb 2-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 208.643912][ T5133] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 208.646128][ T52] ------------[ cut here ]------------ [ 208.656075][ T5133] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.659341][ T52] WARNING: CPU: 1 PID: 52 at net/wireless/nl80211.c:19513 cfg80211_bss_color_notify+0x5f8/0x8b0 [ 208.659382][ T52] Modules linked in: [ 208.659403][ T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 208.659422][ T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 208.659434][ T52] Workqueue: phy3 ieee80211_color_collision_detection_work [ 208.659458][ T52] RIP: 0010:cfg80211_bss_color_notify+0x5f8/0x8b0 [ 208.659482][ T52] Code: 00 e8 fc b9 b6 fe 48 83 c4 08 89 c1 c1 f8 1f 21 c8 e9 08 fd ff ff e8 67 b3 ab f6 90 0f 0b 90 e9 6f fb ff ff e8 59 b3 ab f6 90 <0f> 0b 90 e9 36 fb ff ff e8 4b b3 ab f6 c6 05 8b 02 b2 04 01 90 48 [ 208.659496][ T52] RSP: 0018:ffffc90000bc7aa0 EFLAGS: 00010293 [ 208.659510][ T52] RAX: ffffffff8ae7d087 RBX: 0000000000000000 RCX: ffff888015b68000 [ 208.659522][ T52] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 208.659532][ T52] RBP: ffffc90000bc7bb0 R08: ffffffff8ae7cbb2 R09: 1ffffffff1f5ef4d [ 208.659545][ T52] R10: dffffc0000000000 R11: ffffffff8b037720 R12: 1ffff92000178f5c [ 208.659558][ T52] R13: ffff88802ef38000 R14: ffff88802ef38cd0 R15: dffffc0000000000 [ 208.659571][ T52] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 208.659585][ T52] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 208.659597][ T52] CR2: 0000001b3321fffc CR3: 0000000069d12000 CR4: 00000000003506f0 [ 208.659612][ T52] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 208.659623][ T52] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 208.659634][ T52] Call Trace: [ 208.659641][ T52] [ 208.659650][ T52] ? __warn+0x168/0x4e0 [ 208.659666][ T52] ? cfg80211_bss_color_notify+0x5f8/0x8b0 [ 208.659691][ T52] ? report_bug+0x2b3/0x500 [ 208.659712][ T52] ? cfg80211_bss_color_notify+0x5f8/0x8b0 [ 208.659738][ T52] ? handle_bug+0x3e/0x70 [ 208.659754][ T52] ? exc_invalid_op+0x1a/0x50 [ 208.659770][ T52] ? asm_exc_invalid_op+0x1a/0x20 [ 208.659792][ T52] ? __pfx_ieee80211_color_collision_detection_work+0x10/0x10 [ 208.659813][ T52] ? cfg80211_bss_color_notify+0x122/0x8b0 [ 208.659834][ T52] ? cfg80211_bss_color_notify+0x5f7/0x8b0 [ 208.659858][ T52] ? cfg80211_bss_color_notify+0x5f8/0x8b0 [ 208.659891][ T52] ? __pfx_lock_acquire+0x10/0x10 [ 208.659914][ T52] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 208.659934][ T52] ? __pfx_cfg80211_bss_color_notify+0x10/0x10 [ 208.659957][ T52] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 208.659988][ T52] ? process_scheduled_works+0x945/0x1830 [ 208.660007][ T52] process_scheduled_works+0xa2c/0x1830 [ 208.660052][ T52] ? __pfx_process_scheduled_works+0x10/0x10 [ 208.660079][ T52] ? assign_work+0x364/0x3d0 [ 208.660104][ T52] worker_thread+0x86d/0xd40 [ 208.660136][ T52] ? __kthread_parkme+0x169/0x1d0 [ 208.660160][ T52] ? __pfx_worker_thread+0x10/0x10 [ 208.660179][ T52] kthread+0x2f0/0x390 [ 208.660200][ T52] ? __pfx_worker_thread+0x10/0x10 [ 208.660219][ T52] ? __pfx_kthread+0x10/0x10 [ 208.660241][ T52] ret_from_fork+0x4b/0x80 [ 208.660261][ T52] ? __pfx_kthread+0x10/0x10 [ 208.660282][ T52] ret_from_fork_asm+0x1a/0x30 [ 208.660317][ T52] [ 208.660325][ T52] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 208.660336][ T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 208.660354][ T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 208.660365][ T52] Workqueue: phy3 ieee80211_color_collision_detection_work [ 208.660386][ T52] Call Trace: [ 208.660394][ T52] [ 208.660401][ T52] dump_stack_lvl+0x241/0x360 [ 208.660429][ T52] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.660452][ T52] ? __pfx__printk+0x10/0x10 [ 208.660482][ T52] ? vscnprintf+0x5d/0x90 [ 208.660502][ T52] panic+0x349/0x870 [ 208.660526][ T52] ? __warn+0x177/0x4e0 [ 208.660542][ T52] ? __pfx_panic+0x10/0x10 [ 208.660575][ T52] ? ret_from_fork_asm+0x1a/0x30 [ 208.660601][ T52] __warn+0x34b/0x4e0 [ 208.660617][ T52] ? cfg80211_bss_color_notify+0x5f8/0x8b0 [ 208.660643][ T52] report_bug+0x2b3/0x500 [ 208.660663][ T52] ? cfg80211_bss_color_notify+0x5f8/0x8b0 [ 208.660691][ T52] handle_bug+0x3e/0x70 [ 208.660707][ T52] exc_invalid_op+0x1a/0x50 [ 208.660725][ T52] asm_exc_invalid_op+0x1a/0x20 [ 208.660743][ T52] RIP: 0010:cfg80211_bss_color_notify+0x5f8/0x8b0 [ 208.660766][ T52] Code: 00 e8 fc b9 b6 fe 48 83 c4 08 89 c1 c1 f8 1f 21 c8 e9 08 fd ff ff e8 67 b3 ab f6 90 0f 0b 90 e9 6f fb ff ff e8 59 b3 ab f6 90 <0f> 0b 90 e9 36 fb ff ff e8 4b b3 ab f6 c6 05 8b 02 b2 04 01 90 48 [ 208.660780][ T52] RSP: 0018:ffffc90000bc7aa0 EFLAGS: 00010293 [ 208.660795][ T52] RAX: ffffffff8ae7d087 RBX: 0000000000000000 RCX: ffff888015b68000 [ 208.660808][ T52] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 208.660819][ T52] RBP: ffffc90000bc7bb0 R08: ffffffff8ae7cbb2 R09: 1ffffffff1f5ef4d [ 208.660832][ T52] R10: dffffc0000000000 R11: ffffffff8b037720 R12: 1ffff92000178f5c [ 208.660845][ T52] R13: ffff88802ef38000 R14: ffff88802ef38cd0 R15: dffffc0000000000 [ 208.660863][ T52] ? __pfx_ieee80211_color_collision_detection_work+0x10/0x10 [ 208.660891][ T52] ? cfg80211_bss_color_notify+0x122/0x8b0 [ 208.660912][ T52] ? cfg80211_bss_color_notify+0x5f7/0x8b0 [ 208.660941][ T52] ? __pfx_lock_acquire+0x10/0x10 [ 208.660962][ T52] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 208.660984][ T52] ? __pfx_cfg80211_bss_color_notify+0x10/0x10 [ 208.661015][ T52] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 208.661047][ T52] ? process_scheduled_works+0x945/0x1830 [ 208.661066][ T52] process_scheduled_works+0xa2c/0x1830 [ 208.661110][ T52] ? __pfx_process_scheduled_works+0x10/0x10 [ 208.661138][ T52] ? assign_work+0x364/0x3d0 [ 208.661163][ T52] worker_thread+0x86d/0xd40 [ 208.661196][ T52] ? __kthread_parkme+0x169/0x1d0 [ 208.661221][ T52] ? __pfx_worker_thread+0x10/0x10 [ 208.661241][ T52] kthread+0x2f0/0x390 [ 208.661262][ T52] ? __pfx_worker_thread+0x10/0x10 [ 208.661282][ T52] ? __pfx_kthread+0x10/0x10 [ 208.661304][ T52] ret_from_fork+0x4b/0x80 [ 208.661324][ T52] ? __pfx_kthread+0x10/0x10 [ 208.661346][ T52] ret_from_fork_asm+0x1a/0x30 [ 208.661381][ T52] [ 208.667584][ T52] Kernel Offset: disabled