last executing test programs: 7.643517092s ago: executing program 0 (id=399): r0 = syz_open_dev$vcsa(&(0x7f00000006c0), 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) write$FUSE_LK(r0, 0x0, 0x0) 7.464766514s ago: executing program 0 (id=405): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) sendmsg$inet(r3, &(0x7f0000003300)={&(0x7f00000000c0)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000300)="dba1f6d63215f4cd2de3ea822468cbad6468519f3ae11932c16d1b1d53eef8c2f39fb239a209da1afde2bc2aeeed68b750ece14291e0c7ff5d0fd554031e92862125138c6194f9952350483bfa737d2579c64f8a562c0659e3b4959c2113cae76d39f49a619fd0ea2051fbb64021e448f0c7a9b4871dfa9ddb23ddec05eb6e8575ec15206da0365d682ad2f8d22afc8a6bf81f26e59c2d6e6be16c6d250eabd0116eba1ef31105177a9383fcd2049f7d10adc69ac223b3f759f9e7e2d57f870fffd7369de0ac7f5109fe7eb4b2c038e4fb8fd447d28f2bbce1e65ae49a64b7167d8d657361616e301414dcf5529e2f7e166667eb584f0c7ae4017aecbbdce8dcb3b281b0f358971ecea54aeb7f59d1df20ef92ba7adeba35631e12b910bc34c70beb6aa8fe4223be2f35d563ada7a73afa406f125ad863de746cf87e6f387c6a7550081c96f92086eae5ada7513d1757996a26349d400c5be67c48186d1a497fcd4ad19f4d222f20e738dbc66962e1eb070e62a19b2dfb8ce6a801c405d9e19f79f9c45d07487bc09757072fd44412a6afcbfce71908f6ea995676587b79706005fb0796a7fce46a174d26a83215681c4900b07a9cd4a3b391bf6303ec6967ad5389dcb01c0e5f705140f0075d9ee0f06dcfdfd63a46e055650e7d246adc235b2fbd774c3fa3f789674401c17b18765b8ea616021f87fcccc297776bf5e55f18a710c0639077b980ab87220ab57205c115e3b14f0d6f5b82e596249fc6d3e2d68a8727231a1a012afde839cb9e52d72aa7386df3208a92795eeeda235b7d57ac207186c646f957bdce39527873347f76fefd1ce7718eb02d28db411b9bd591f2f98f41594a910e393ed1fe6c8138c7aee81ee90c806655f08d03562fb46125d48ab94805ab7547f96fa3d2efb16d90318c5a3b553ecf48d9d06dac0b4d67cb33ccc3575d7c139d193ae29271ccf89eea2654855ec3ad55c71eacea48bcfdfcd5563d9a121a6dbfc4048c75a425d1b25875fc3d64cd16ab3b932e2cf6f2cb2456dd83ef4d7771a3487f37074f4f67678e534ee45de86d11636bd4b126d026e987c949c40a13259e765f4694497094636fc56eab8287446f12799269f7893c8205984c8191fb8cc06480634bd75fffb8de665fcff9b246d7e31157cdd32f556854b80dacce558fbba78e3ae32dc18bfc6d12885dde1552743bbe48250d545b11322980ae0f4009ad7ed273c7c1746cb5b2e28b4abb3705c77257518b0f28b5ffd39a52c7e84ea3258425636604d75b9c1f15f9cca3dd0e54bc65682142282ed805829577d14f5e5533bf7d15fd4865bf649ef3f8f49e896e849682faff8b16786b34f8f4d380f2ce3d00fa7253aa9de803e4b8df363f16f9a66c05517a7d06702b52395a45ad49d643939b5e013a0572d422d96b09556d5b3d9ff69082c9bfc76d895ae58c59cdd729b0917ce43b384332877ac460deb7d82f35c34a81b3d842b6f9a21ec790e7b4c0526a9ac6956a2defd57723bbd8dbe12672fe88b6b4835ae79cddab0f9daad03f27121948eca6b1f7fbce0fcc55515b7e3e05a5d91321a3a47ed3ecee55cfd21fc2e053da805a1c2716dacfbc7f9b8b9215f7138e945742403a09ae65d6392fc45a911c2962ffdfa70c0746e873e11d83730087c2812e07bc909bc0139d35cb22f5b8e19477a7a4d7039e7ce960ff8c7e0f0098b0d2da58b8f4df4d4386acc2ac5595ee7b3753c4608a1e04743ad5e35c40562927b5cf7272bd2dbd8aac860f69493ff502e80d38fd868d8e9815f523a6b03fa7ab6905393e987937e81cf287961f31685c7b67aaeec10fb8a839af94f5d59bd939e1380e9a70228cdece9e7bddbcab676f526630b8b33706ecde3c2248ef7f608d91bac00a73c5c59a2d7b24615d7a4ed71e1b11ad36803a947caf0d3c13d939e96ed62d7b40bfd823f1f4c8bbc4d34f166e7791691229567332c5e14cb22cd7dd160360b473976cca4940000bf561ce738d4c35a89f090361acad1c411c27654c7fca5397b4b9d59b782e88abbe", 0x5a9}], 0x1}, 0x0) fallocate(0xffffffffffffffff, 0x28, 0x4, 0x2) ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, &(0x7f0000001d80)={0x4, "f3de5af7dd11d2c7c8aca6488a8f0006439065833ad65a82f95c892039cb311f"}) r4 = socket$inet_smc(0x2b, 0x1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f0000000040), 0x1000000}, 0x20) bind$inet(r4, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000200)='westwood\x00', 0x9) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'}) 4.366983682s ago: executing program 2 (id=428): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000084c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x0, 0x0, 0x0) 4.157682899s ago: executing program 2 (id=430): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000a40)={0x14}, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) recvmsg(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000009240)={&(0x7f0000000600)=@newtfilter={0x7c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x4c, 0x2, [@TCA_FLOWER_KEY_ENC_IPV6_DST={0x14, 0x21, @empty}, @TCA_FLOWER_KEY_ICMPV6_CODE_MASK={0xffffffffffffff80}, @TCA_FLOWER_KEY_ENC_UDP_DST_PORT={0x6}, @TCA_FLOWER_KEY_ENC_IPV6_DST_MASK={0x14, 0x22, [0x0, 0x0, 0x0, 0xffffff00]}, @TCA_FLOWER_KEY_MPLS_BOS={0x5}, @TCA_FLOWER_KEY_IPV4_SRC={0x8, 0xa, @remote}]}}]}, 0x7c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4.026837924s ago: executing program 2 (id=432): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="1401000031000100000000000000000002"], 0x114}], 0x1}, 0x0) 3.965412561s ago: executing program 4 (id=434): r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="e000000010000905000000000000000008004300ff03c11bf560dd7e9ea3f6e735040000000000000000077f1fb6b2975b7b8cd46994e83dacfac0ee2dd2b104000000000000bf702c8986626691b01b5f44e4ce28712d2828"], 0xe0}], 0x1}, 0x0) 3.845185319s ago: executing program 2 (id=436): unshare(0x68060200) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109"], 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000018000900000000000000000002000000e40000010000000008000500ac"], 0x24}}, 0x0) 3.813674223s ago: executing program 0 (id=437): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)={0x64, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @random, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_TX_RATES={0x8, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x4}]}]}, 0x64}}, 0x0) 3.586600172s ago: executing program 0 (id=438): openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040)) 3.533727879s ago: executing program 4 (id=439): syz_emit_ethernet(0x13a, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000006500)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000065c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000006600)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_KEY(r1, &(0x7f0000006780)={0x0, 0x0, &(0x7f0000006740)={&(0x7f0000000000)={0x24, r2, 0x501, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}]}, 0x24}}, 0x0) 3.43439218s ago: executing program 4 (id=441): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080), 0xc, &(0x7f00000003c0)={0x0}}, 0x0) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000480)=ANY=[@ANYBLOB="fa643cf1a91b6b27ffff080211000000ffffffffffff"], 0x1a) sendmsg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000022c0)=[{0x18, 0x0, 0x0, "47fe"}], 0x18}, 0x0) unshare(0x20000400) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)}, 0x0) 2.822841266s ago: executing program 4 (id=447): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@delneigh={0x30, 0x1d, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@NDA_LLADDR={0xa, 0x2, @random="2ee308099cc8"}, @NDA_VLAN={0x6, 0x5, 0x2}]}, 0x30}}, 0x0) 2.685608395s ago: executing program 4 (id=448): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) sendmsg$inet(r3, &(0x7f0000003300)={&(0x7f00000000c0)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000300)="dba1f6d63215f4cd2de3ea822468cbad6468519f3ae11932c16d1b1d53eef8c2f39fb239a209da1afde2bc2aeeed68b750ece14291e0c7ff5d0fd554031e92862125138c6194f9952350483bfa737d2579c64f8a562c0659e3b4959c2113cae76d39f49a619fd0ea2051fbb64021e448f0c7a9b4871dfa9ddb23ddec05eb6e8575ec15206da0365d682ad2f8d22afc8a6bf81f26e59c2d6e6be16c6d250eabd0116eba1ef31105177a9383fcd2049f7d10adc69ac223b3f759f9e7e2d57f870fffd7369de0ac7f5109fe7eb4b2c038e4fb8fd447d28f2bbce1e65ae49a64b7167d8d657361616e301414dcf5529e2f7e166667eb584f0c7ae4017aecbbdce8dcb3b281b0f358971ecea54aeb7f59d1df20ef92ba7adeba35631e12b910bc34c70beb6aa8fe4223be2f35d563ada7a73afa406f125ad863de746cf87e6f387c6a7550081c96f92086eae5ada7513d1757996a26349d400c5be67c48186d1a497fcd4ad19f4d222f20e738dbc66962e1eb070e62a19b2dfb8ce6a801c405d9e19f79f9c45d07487bc09757072fd44412a6afcbfce71908f6ea995676587b79706005fb0796a7fce46a174d26a83215681c4900b07a9cd4a3b391bf6303ec6967ad5389dcb01c0e5f705140f0075d9ee0f06dcfdfd63a46e055650e7d246adc235b2fbd774c3fa3f789674401c17b18765b8ea616021f87fcccc297776bf5e55f18a710c0639077b980ab87220ab57205c115e3b14f0d6f5b82e596249fc6d3e2d68a8727231a1a012afde839cb9e52d72aa7386df3208a92795eeeda235b7d57ac207186c646f957bdce39527873347f76fefd1ce7718eb02d28db411b9bd591f2f98f41594a910e393ed1fe6c8138c7aee81ee90c806655f08d03562fb46125d48ab94805ab7547f96fa3d2efb16d90318c5a3b553ecf48d9d06dac0b4d67cb33ccc3575d7c139d193ae29271ccf89eea2654855ec3ad55c71eacea48bcfdfcd5563d9a121a6dbfc4048c75a425d1b25875fc3d64cd16ab3b932e2cf6f2cb2456dd83ef4d7771a3487f37074f4f67678e534ee45de86d11636bd4b126d026e987c949c40a13259e765f4694497094636fc56eab8287446f12799269f7893c8205984c8191fb8cc06480634bd75fffb8de665fcff9b246d7e31157cdd32f556854b80dacce558fbba78e3ae32dc18bfc6d12885dde1552743bbe48250d545b11322980ae0f4009ad7ed273c7c1746cb5b2e28b4abb3705c77257518b0f28b5ffd39a52c7e84ea3258425636604d75b9c1f15f9cca3dd0e54bc65682142282ed805829577d14f5e5533bf7d15fd4865bf649ef3f8f49e896e849682faff8b16786b34f8f4d380f2ce3d00fa7253aa9de803e4b8df363f16f9a66c05517a7d06702b52395a45ad49d643939b5e013a0572d422d96b09556d5b3d9ff69082c9bfc76d895ae58c59cdd729b0917ce43b384332877ac460deb7d82f35c34a81b3d842b6f9a21ec790e7b4c0526a9ac6956a2defd57723bbd8dbe12672fe88b6b4835ae79cddab0f9daad03f27121948eca6b1f7fbce0fcc55515b7e3e05a5d91321a3a47ed3ecee55cfd21fc2e053da805a1c2716dacfbc7f9b8b9215f7138e945742403a09ae65d6392fc45a911c2962ffdfa70c0746e873e11d83730087c2812e07bc909bc0139d35cb22f5b8e19477a7a4d7039e7ce960ff8c7e0f0098b0d2da58b8f4df4d4386acc2ac5595ee7b3753c4608a1e04743ad5e35c40562927b5cf7272bd2dbd8aac860f69493ff502e80d38fd868d8e9815f523a6b03fa7ab6905393e987937e81cf287961f31685c7b67aaeec10fb8a839af94f5d59bd939e1380e9a70228cdece9e7bddbcab676f526630b8b33706ecde3c2248ef7f608d91bac00a73c5c59a2d7b24615d7a4ed71e1b11ad36803a947caf0d3c13d939e96ed62d7b40bfd823f1f4c8bbc4d34f166e7791691229567332c5e14cb22cd7dd160360b473976cca4940000bf561ce738d4c35a89f090361acad1c411c27654c7fca5397b4b9d59b782e88abbe", 0x5a9}], 0x1}, 0x0) fallocate(0xffffffffffffffff, 0x28, 0x4, 0x2) ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, &(0x7f0000001d80)={0x4, "f3de5af7dd11d2c7c8aca6488a8f0006439065833ad65a82f95c892039cb311f"}) r4 = socket$inet_smc(0x2b, 0x1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f0000000040), 0x1000000}, 0x20) bind$inet(r4, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000200)='westwood\x00', 0x9) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'}) 2.116157058s ago: executing program 1 (id=450): r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="e000000010000905000000000000000008004300ff03c11bf560dd7e9ea3f6e735040000000000000000077f1fb6b2975b7b8cd46994e83dacfac0ee2dd2b104000000000000bf702c8986626691b01b5f44e4ce28712d2828"], 0xe0}], 0x1}, 0x0) 1.975495334s ago: executing program 3 (id=452): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000084c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x0, 0x0, 0x0) 1.875104146s ago: executing program 3 (id=453): syz_open_dev$ptys(0xc, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x3f, 0x0, 0x0) 1.802407407s ago: executing program 1 (id=454): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}, 0x1c) 1.677606684s ago: executing program 1 (id=455): prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setgroups(0x0, 0x0) getgroups(0x1, &(0x7f0000000080)=[0xee00]) setregid(0x0, r0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) preadv(r1, &(0x7f0000000180)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r3 = syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) read$FUSE(r2, &(0x7f0000000100)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000002140)={0x50, 0x0, r4}, 0x50) read$FUSE(r2, &(0x7f0000002900)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r2, &(0x7f0000000000)={0x10, 0xffffffffffffffda, r5}, 0x10) syz_fuse_handle_req(r2, 0x0, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r3, 0x80086601, 0x0) 931.890882ms ago: executing program 1 (id=456): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003540)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)="4abb1d8fb9ec59d06d02cc053ce6ac1168", 0x11}], 0x1}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x0, 0x60, 0x0) 801.335166ms ago: executing program 3 (id=457): r0 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r0, 0xc2604111, &(0x7f0000000840)={0x0, [[0x3], [0x4c0f], [0xfff]], '\x00', [{0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3}]}) 751.620605ms ago: executing program 2 (id=458): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) close(r0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10003, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r1, &(0x7f0000000000), &(0x7f0000001a00)=""/122}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x4, &(0x7f0000001800)={{r0}, 0x0, &(0x7f00000017c0)='%-010d \x00'}, 0x20) 669.708055ms ago: executing program 1 (id=459): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@loopback, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x32}, 0x2, @in=@dev, 0x0, 0x1}}, 0xe8) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) write$binfmt_script(r1, &(0x7f0000000a00)={'#! ', './file0'}, 0xb) 669.396405ms ago: executing program 3 (id=460): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000002008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x4517, &(0x7f0000000d40), 0x12, 0x4b3, &(0x7f0000001b00)="$eJzs3d9rW9cdAPDvvbay/HBmZ9tDFlgWlgwnbJHseEnMHrIMxvIU2Ja9p64tG2PZMpacxCYUh/4BhVLaQp/61JdC/4BCyZ9QCoH2vbSlpbRJ+9CHtiqSrtLElWKHyBbInw+c3HPulfT9nhgd3XPvQQpgzzoREZcjYiAizkTEcLY/zcqVemOj+bgH929P10sStdq1r5JIsn2t10qy7aHmU2J/RPzvSsTzyS/jVtbWF6ZKpeJK1i5UF5cLlbX1s/OLU3PFueLSxMT4hcmLk+cnx7rSz5GIuPSvz1596a1/X3rvrzc/vv7F6RfqaQ1lxx/tRzc1u55r/F+0DEbEyk4E64GBbJvrcR4AAGxP/Rz/NxHxp8b5/3AMNM5OAQAAgH5S+8dQfJ9E1AAAAIC+lTbWwCZpPlsLMBRpms831/D+Lg6mpXKl+pfZ8urSTHOt7Ejk0tn5UnEsWys8Ermk3h7P1ti22uc2tSci4khEvDJ8oNHOT5dLM72++AEAAAB7xKFN8/9vh5vzfwAAAKDPjPQ6AQAAAGDHmf8DAABA/zP/BwAAgL72n6tX66XW+v3rmRtrqwvlG2dnipWF/OLqdH66vLKcnyuX5xrf2be41euVyuXlv8XS6q1CtVipFipr69cXy6tL1evzj/0ENgAAALCLjvzx7kdJRGz8/UCj1O3rdVLArsg9zYM/3bk8gN030OsEgJ4Z7HUCQM881fk/0JeSLY53XLzzfvdzAQAAdsbo7zvf/3dtAPpb2usEAIBd5/4/7F05KwBhz/v1Fsef/f5/rfZUCQEAAF031ChJms/uBQ5FmubzEYcbPwuQS2bnS8WxbH7w4XDuV/X2eOOZyZZrhgEAAAAAAAAAAAAAAAAAAAAAAACAplotiRoAAADQ1yLSz5PGt/lHjA6fGtp8fWBf8t1wYxsRN9+49tqtqWp1Zby+/+uH+6uvZ/vP9eIKBgAAALBZa57emscDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQDc9uH97ulV2M+6X/4yIkXbxB2N/Y7s/chFx8JskBh95XhIRA12Iv3EnIo62i5/U04qRLIt28Q/0MH4aEYe6EB/2srv18edyu/dfGica2/bvv8GsPKvO41/6cPwb6DD+HN5mjGP33il0jH8n4thg+/GnFT/pEP/kNuM/9//19U7Ham9GjLb9/Ekei1WoLi4XKmvrZ+cXp+aKc8WliYnxC5MXJ89PjhVm50vF7N+2MV7+w7s/Pqn/BzvEH9mi/6e22f8f7t26/9tmNdcu/umT7T9/j3aIn2affX/O6vXjo636RrP+qONvf3D8Sf2f6dD/rf7+p7fZ/zP/ffGTbT4UANgFlbX1halSqbiioqKi8rDS65EJAADotp9P+nudCQAAAAAAAAAAAAAAAAAAAOxdu/F1YptjbvSmqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT/RTAAAA//+octTx") 652.116468ms ago: executing program 2 (id=461): openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040)) 455.639095ms ago: executing program 0 (id=462): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)={0x64, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @random, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_TX_RATES={0x8, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x4}]}]}, 0x64}}, 0x0) 304.761469ms ago: executing program 3 (id=463): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000084c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 304.103067ms ago: executing program 0 (id=464): r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="e000000010000905000000000000000008004300ff03c11bf560dd7e9ea3f6e735040000000000000000077f1fb6b2975b7b8cd46994e83dacfac0ee2dd2b104000000000000bf702c8986626691b01b5f44e4ce28712d2828"], 0xe0}], 0x1}, 0x0) 121.526108ms ago: executing program 3 (id=465): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095000000000000008f047d06236e9912c2a5779412d19b2b882eb9c191d201a4cec02ec05e49ef80fb99917d15a985f639a1b9c9bd4495027a17b02cc0a1c4709175c42e959f65976b2607f7f8d078e47bb0d808d3dd513e2513a2940cc4db5d807684b6a36006675ac4bfb456769c8628737bc261b76494"], &(0x7f00000005c0)='GPL\x00'}, 0x80) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r4, r3, 0x25, 0x2, @val=@tracing}, 0x40) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) 108.869543ms ago: executing program 4 (id=466): syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001040)={0x9b, {"a2e3ad09ed0d09f91a5e070987f70e06d038e7ff7fc6e5539b0d3e0e8b089b3f363063030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c526db51b1b5b31070d0773090acd3b78130daa61d8e8040001000000b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f6709000000a141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7af1d0e54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c01008e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e1a63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0d8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffebd}}, 0x1006) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x33832, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69643d941373fc0900c5de4e8ed05380a32aee9fec3f54e6a4c47edfc5f81b8877a87f3cbb30a7af5491a2996daf5d42b10e26efeec957d974c180a1c26a3892e411340d9788cea0bb79adbaa8b7b82beb6e7bfe7997135b66258b888a08e4386cc06dd5208d098e1b9175e68494be2413b770cfcf4673cf9c4d4d50a7af97a5", @ANYRESDEC=0x0]) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x33, &(0x7f0000000000)=0x7, 0x4) getsockopt$inet6_buf(r3, 0x29, 0x6, &(0x7f0000000380)=""/25, &(0x7f0000000040)=0x19) newfstatat(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0x0, 0x0) syz_emit_vhci(&(0x7f0000000640)=ANY=[], 0x22) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x1f}, @hci_ev_le_enh_conn_complete={{}, {0x0, 0xc9, 0x0, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, @none, @any, 0x0, 0x0, 0x1ff}}}}, 0x22) syz_emit_vhci(0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000040)={0x7ff, 0xef9, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x8, 0x7fff}) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r4, 0x1000f0000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x30) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$netlink(0x10, 0x3, 0x1) socket$unix(0x1, 0x5, 0x0) socket(0x10, 0x3, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB(r5, 0xc01c64ae, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x4, 0x4}) 0s ago: executing program 1 (id=467): syz_open_dev$ptys(0xc, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x3f, 0x0, 0x0) kernel console output (not intermixed with test programs): 1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 103.797037][ T5660] EXT4-fs: Ignoring removed orlov option [ 103.815509][ T5593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.845037][ T5660] EXT4-fs (loop2): Test dummy encryption mode enabled [ 103.868205][ T5660] EXT4-fs (loop2): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 103.878146][ T5593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.092160][ T5660] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.171629][ T53] hsr_slave_0: left promiscuous mode [ 104.191356][ T5654] loop0: detected capacity change from 0 to 32768 [ 104.230322][ T53] hsr_slave_1: left promiscuous mode [ 104.295082][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 104.337946][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 104.381701][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 104.408959][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 104.451971][ T5660] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 104.510413][ T53] veth1_macvtap: left promiscuous mode [ 104.533126][ T53] veth0_macvtap: left promiscuous mode [ 104.544749][ T53] veth1_vlan: left promiscuous mode [ 104.565164][ T53] veth0_vlan: left promiscuous mode [ 104.592146][ T5660] tmpfs: Bad value for 'huge' [ 104.728327][ T5208] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 104.747358][ T5094] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.927983][ T5110] Bluetooth: hci3: command tx timeout [ 104.933678][ T5096] Bluetooth: hci2: command tx timeout [ 105.900570][ T5208] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 105.914625][ T5208] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.926466][ T5208] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 105.936437][ T5208] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 105.957382][ T5208] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 105.975346][ T5208] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 105.983480][ T5208] usb 2-1: Manufacturer: syz [ 105.998474][ T5208] usb 2-1: config 0 descriptor?? [ 106.018184][ T5702] loop2: detected capacity change from 0 to 64 [ 106.434611][ T5208] appleir 0003:05AC:8243.0005: unknown main item tag 0x0 [ 106.472787][ T5208] appleir 0003:05AC:8243.0005: No inputs registered, leaving [ 106.525668][ T5208] appleir 0003:05AC:8243.0005: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 106.688762][ T5110] Bluetooth: hci2: Ignoring connect complete event for invalid link type [ 106.702003][ T5110] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 107.005451][ T5110] Bluetooth: hci3: command tx timeout [ 107.026484][ T5704] loop0: detected capacity change from 0 to 32768 [ 107.035515][ T5704] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.119 (5704) [ 107.087078][ T5704] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 107.115059][ T5704] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 107.127238][ T53] team0 (unregistering): Port device team_slave_1 removed [ 107.255186][ T5704] BTRFS info (device loop0): rebuilding free space tree [ 107.301552][ T53] team0 (unregistering): Port device team_slave_0 removed [ 107.322931][ T5704] BTRFS info (device loop0): disabling free space tree [ 107.342184][ T5704] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 107.350494][ T5727] loop4: detected capacity change from 0 to 1024 [ 107.357933][ T5704] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 107.385129][ T5704] BTRFS info (device loop0): checking UUID tree [ 107.571166][ T5090] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 107.930586][ T5145] usb 2-1: reset high-speed USB device number 4 using dummy_hcd [ 108.137609][ T5145] usb 2-1: device descriptor read/64, error -32 [ 108.705458][ T5593] team0: Port device team_slave_0 added [ 108.723449][ T5593] team0: Port device team_slave_1 added [ 108.790427][ T5593] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.803107][ T5593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.837398][ T5593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.930162][ T5145] usb 2-1: reset high-speed USB device number 4 using dummy_hcd [ 109.009826][ T5593] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.031923][ T5740] loop0: detected capacity change from 0 to 4096 [ 109.039480][ T5593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.085270][ T5740] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 109.102690][ T5593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.173038][ T5094] syz-executor (5094) used greatest stack depth: 18512 bytes left [ 109.175619][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 109.175636][ T29] audit: type=1800 audit(1720350675.044:69): pid=5740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.128" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 109.220042][ T5744] loop4: detected capacity change from 0 to 2048 [ 109.256417][ T29] audit: type=1800 audit(1720350675.094:70): pid=5740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.128" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 109.318696][ T5744] NILFS (loop4): ifile inode (checkpoint number=2) corrupted [ 109.442852][ T5744] NILFS (loop4): error -5 while loading last checkpoint (checkpoint number=2) [ 109.479056][ T5593] hsr_slave_0: entered promiscuous mode [ 109.549200][ T5593] hsr_slave_1: entered promiscuous mode [ 109.676171][ T5744] loop4: detected capacity change from 0 to 1024 [ 109.810844][ T5208] usb 2-1: USB disconnect, device number 4 [ 109.816289][ T5744] EXT4-fs: Ignoring removed orlov option [ 109.923149][ T5744] EXT4-fs (loop4): Test dummy encryption mode enabled [ 110.610047][ T5744] EXT4-fs (loop4): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 110.736191][ T5744] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.915404][ T5744] tmpfs: Bad value for 'huge' [ 111.051507][ T5092] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.074340][ T5096] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 111.085087][ T5096] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 111.100349][ T5096] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 111.122477][ T5096] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 111.130818][ T5096] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 111.145694][ T4493] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 111.511043][ T53] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.713901][ T53] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.789407][ T5746] loop1: detected capacity change from 0 to 32768 [ 111.903008][ T53] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.117641][ T53] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.189613][ T5104] Bluetooth: hci1: Ignoring connect complete event for invalid link type [ 112.209617][ T5104] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 112.547755][ T5774] loop4: detected capacity change from 0 to 32768 [ 112.577015][ T5774] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.135 (5774) [ 112.620960][ T5774] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 112.636964][ T53] bridge_slave_1: left allmulticast mode [ 112.642640][ T53] bridge_slave_1: left promiscuous mode [ 112.645867][ T5774] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 112.658003][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.673356][ T53] bridge_slave_0: left allmulticast mode [ 112.680164][ T53] bridge_slave_0: left promiscuous mode [ 112.687515][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.731567][ T5774] BTRFS info (device loop4): rebuilding free space tree [ 112.753784][ T5774] BTRFS info (device loop4): disabling free space tree [ 112.765748][ T5774] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 112.793208][ T5774] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 112.852118][ T5774] BTRFS info (device loop4): checking UUID tree [ 113.096936][ T5092] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 113.245643][ T5104] Bluetooth: hci4: command tx timeout [ 113.377379][ T53] team0: Port device bridge0 removed [ 113.597954][ T29] audit: type=1326 audit(1720350679.464:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfb775bd9 code=0x7ffc0000 [ 113.631256][ T5805] loop1: detected capacity change from 0 to 1024 [ 113.666566][ T29] audit: type=1326 audit(1720350679.464:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfb775bd9 code=0x7ffc0000 [ 113.758048][ T29] audit: type=1326 audit(1720350679.504:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fddfb775bd9 code=0x7ffc0000 [ 113.817697][ T29] audit: type=1326 audit(1720350679.524:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfb775bd9 code=0x7ffc0000 [ 113.887199][ T29] audit: type=1326 audit(1720350679.524:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfb775bd9 code=0x7ffc0000 [ 113.915386][ T29] audit: type=1326 audit(1720350679.534:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fddfb775bd9 code=0x7ffc0000 [ 113.961741][ T29] audit: type=1326 audit(1720350679.534:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfb775bd9 code=0x7ffc0000 [ 114.016737][ T29] audit: type=1326 audit(1720350679.534:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfb775bd9 code=0x7ffc0000 [ 114.039947][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 114.053948][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 114.066315][ T53] bond0 (unregistering): Released all slaves [ 114.116070][ T5593] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 114.166768][ T5593] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 114.204718][ T5593] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 114.264309][ T5593] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 114.495534][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 114.495554][ T29] audit: type=1326 audit(1720350680.284:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfb775bd9 code=0x7ffc0000 [ 114.531288][ T29] audit: type=1326 audit(1720350680.284:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfb775bd9 code=0x7ffc0000 [ 115.143710][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 115.325701][ T5104] Bluetooth: hci4: command tx timeout [ 115.377633][ T5837] loop0: detected capacity change from 0 to 2048 [ 115.434946][ T5837] NILFS (loop0): ifile inode (checkpoint number=2) corrupted [ 115.450787][ T5837] NILFS (loop0): error -5 while loading last checkpoint (checkpoint number=2) [ 115.610715][ T5837] loop0: detected capacity change from 0 to 1024 [ 115.640447][ T5837] EXT4-fs: Ignoring removed orlov option [ 115.816995][ T5837] EXT4-fs (loop0): Test dummy encryption mode enabled [ 115.826921][ T53] hsr_slave_0: left promiscuous mode [ 115.841737][ T53] hsr_slave_1: left promiscuous mode [ 115.848781][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 115.856784][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 115.890063][ T5837] EXT4-fs (loop0): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 115.901220][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 115.922958][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 115.973792][ T5837] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.023018][ T53] veth1_macvtap: left promiscuous mode [ 116.095830][ T53] veth0_macvtap: left promiscuous mode [ 116.115442][ T53] veth1_vlan: left promiscuous mode [ 116.139855][ T53] veth0_vlan: left promiscuous mode [ 116.145807][ T5837] tmpfs: Bad value for 'huge' [ 116.230990][ T5090] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.610231][ T5104] Bluetooth: hci2: Ignoring connect complete event for invalid link type [ 116.625173][ T5104] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 117.261008][ T5859] loop0: detected capacity change from 0 to 32768 [ 117.335353][ T5859] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.147 (5859) [ 117.407598][ T5104] Bluetooth: hci4: command tx timeout [ 117.420135][ T5844] loop1: detected capacity change from 0 to 32768 [ 117.428735][ T5859] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 117.439285][ T5859] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 117.755860][ T5859] BTRFS info (device loop0): rebuilding free space tree [ 117.841012][ T5859] BTRFS info (device loop0): disabling free space tree [ 117.862553][ T5859] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 117.891418][ T5859] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 117.934984][ T5859] BTRFS info (device loop0): checking UUID tree [ 118.346328][ T53] team0 (unregistering): Port device team_slave_1 removed [ 118.356391][ T5090] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 118.542512][ T29] audit: type=1326 audit(1720350684.414:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 118.627433][ T29] audit: type=1326 audit(1720350684.444:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 118.740509][ T53] team0 (unregistering): Port device team_slave_0 removed [ 118.779762][ T29] audit: type=1326 audit(1720350684.444:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 118.803572][ T29] audit: type=1326 audit(1720350684.444:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 118.832132][ T29] audit: type=1326 audit(1720350684.444:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 119.101872][ T29] audit: type=1326 audit(1720350684.444:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 119.492467][ T5104] Bluetooth: hci2: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 119.502159][ T5104] Bluetooth: hci4: command tx timeout [ 119.512329][ T29] audit: type=1326 audit(1720350684.444:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 119.537304][ T29] audit: type=1326 audit(1720350684.444:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 119.625908][ T29] audit: type=1326 audit(1720350684.444:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 119.662765][ T29] audit: type=1326 audit(1720350684.444:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 119.691198][ T29] audit: type=1326 audit(1720350684.444:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 119.720452][ T29] audit: type=1326 audit(1720350684.444:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 119.751642][ T29] audit: type=1326 audit(1720350684.444:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 119.778746][ T29] audit: type=1326 audit(1720350684.444:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 119.863645][ T29] audit: type=1326 audit(1720350684.444:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 119.909130][ T5928] loop1: detected capacity change from 0 to 256 [ 119.911413][ T29] audit: type=1326 audit(1720350684.444:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3b81b75bd9 code=0x7ffc0000 [ 119.931763][ T5928] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 119.954449][ T5928] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.597243][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.615481][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.649564][ T5767] bridge_slave_0: entered allmulticast mode [ 120.666657][ T5767] bridge_slave_0: entered promiscuous mode [ 120.677381][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.684610][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.700402][ T5767] bridge_slave_1: entered allmulticast mode [ 120.716313][ T5945] loop1: detected capacity change from 0 to 512 [ 120.716704][ T5767] bridge_slave_1: entered promiscuous mode [ 120.754869][ T5945] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 120.852471][ T5945] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #17: comm syz.1.156: iget: bad i_size value: -6917529027641081756 [ 120.870945][ T5954] loop4: detected capacity change from 0 to 1024 [ 120.910306][ T5954] EXT4-fs: Ignoring removed orlov option [ 120.921979][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 120.936191][ T5945] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.156: couldn't read orphan inode 17 (err -117) [ 120.975693][ T5954] EXT4-fs (loop4): Test dummy encryption mode enabled [ 121.025527][ T5954] EXT4-fs (loop4): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 121.039934][ T5945] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.040365][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 121.063645][ T5954] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.153117][ T5958] loop0: detected capacity change from 0 to 4096 [ 121.155317][ T5089] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.172846][ T5958] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 121.265894][ T5958] ntfs3: loop0: Failed to initialize $Extend/$ObjId. [ 121.286988][ T5767] team0: Port device team_slave_0 added [ 121.347769][ T5767] team0: Port device team_slave_1 added [ 121.374394][ T5949] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 121.431395][ T5593] 8021q: adding VLAN 0 to HW filter on device bond0 [ 121.522309][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 121.539999][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.565905][ C1] vkms_vblank_simulate: vblank timer overrun [ 121.569246][ T5110] Bluetooth: hci2: command tx timeout [ 121.621564][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 121.637022][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 121.642686][ T5092] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.644119][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.690472][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 121.768647][ T5767] hsr_slave_0: entered promiscuous mode [ 121.797067][ T5767] hsr_slave_1: entered promiscuous mode [ 121.807023][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 121.820023][ T5982] loop0: detected capacity change from 0 to 64 [ 121.829936][ T5767] Cannot create hsr debugfs directory [ 121.841770][ T5982] hfs: unable to parse mount options [ 121.891792][ T5982] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 121.957536][ T5593] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.234105][ T5110] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 123.244106][ T5110] CPU: 1 UID: 0 PID: 5110 Comm: kworker/u9:9 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 123.254477][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 123.264732][ T5110] Workqueue: hci2 hci_rx_work [ 123.269539][ T5110] Call Trace: [ 123.272873][ T5110] [ 123.275818][ T5110] dump_stack_lvl+0x241/0x360 [ 123.280536][ T5110] ? __pfx_dump_stack_lvl+0x10/0x10 [ 123.286191][ T5110] ? __pfx__printk+0x10/0x10 [ 123.290806][ T5110] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 123.296118][ T5110] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 123.301782][ T5110] sysfs_create_dir_ns+0x2ce/0x3a0 [ 123.307043][ T5110] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 123.312728][ T5110] kobject_add_internal+0x435/0x8d0 [ 123.317937][ T5110] kobject_add+0x152/0x220 [ 123.322353][ T5110] ? do_raw_spin_unlock+0x13c/0x8b0 [ 123.327551][ T5110] ? device_add+0x3e7/0xbf0 [ 123.332490][ T5110] ? __pfx_kobject_add+0x10/0x10 [ 123.337428][ T5110] ? _raw_spin_unlock+0x28/0x50 [ 123.342362][ T5110] ? get_device_parent+0x165/0x410 [ 123.347473][ T5110] device_add+0x4e5/0xbf0 [ 123.351804][ T5110] hci_conn_add_sysfs+0xe8/0x200 [ 123.356747][ T5110] le_conn_complete_evt+0xc9f/0x12e0 [ 123.362033][ T5110] ? trace_contention_end+0x3c/0x120 [ 123.367318][ T5110] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 123.373079][ T5110] ? __mutex_unlock_slowpath+0x21d/0x750 [ 123.378728][ T5110] ? __copy_skb_header+0x437/0x5b0 [ 123.383839][ T5110] ? skb_pull_data+0x112/0x230 [ 123.388610][ T5110] hci_le_enh_conn_complete_evt+0x185/0x420 [ 123.394946][ T5110] hci_event_packet+0xa55/0x1540 [ 123.399975][ T5110] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 123.405270][ T5110] ? __pfx_hci_event_packet+0x10/0x10 [ 123.410656][ T5110] ? do_raw_spin_unlock+0x13c/0x8b0 [ 123.415879][ T5110] ? hci_send_to_monitor+0xd8/0x7f0 [ 123.421323][ T5110] ? kcov_remote_start+0x9e/0x7e0 [ 123.426349][ T5110] hci_rx_work+0x3e8/0xca0 [ 123.430767][ T5110] ? process_scheduled_works+0x945/0x1830 [ 123.436481][ T5110] process_scheduled_works+0xa2c/0x1830 [ 123.442041][ T5110] ? __pfx_process_scheduled_works+0x10/0x10 [ 123.448025][ T5110] ? assign_work+0x364/0x3d0 [ 123.452620][ T5110] worker_thread+0x86d/0xd40 [ 123.457402][ T5110] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 123.463292][ T5110] ? __kthread_parkme+0x169/0x1d0 [ 123.468317][ T5110] ? __pfx_worker_thread+0x10/0x10 [ 123.473512][ T5110] kthread+0x2f0/0x390 [ 123.477580][ T5110] ? __pfx_worker_thread+0x10/0x10 [ 123.482791][ T5110] ? __pfx_kthread+0x10/0x10 [ 123.487467][ T5110] ret_from_fork+0x4b/0x80 [ 123.491881][ T5110] ? __pfx_kthread+0x10/0x10 [ 123.496472][ T5110] ret_from_fork_asm+0x1a/0x30 [ 123.501507][ T5110] [ 123.504585][ C1] vkms_vblank_simulate: vblank timer overrun [ 123.522426][ T5110] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 123.536740][ T5110] Bluetooth: hci2: failed to register connection device [ 123.582988][ T5143] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.590365][ T5143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.611740][ T5143] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.619030][ T5143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.788453][ T5593] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 124.225965][ T5148] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 124.289712][ T5593] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 124.421148][ T5148] usb 1-1: Using ep0 maxpacket: 8 [ 124.445709][ T5148] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 124.471102][ T5148] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 124.494077][ T5148] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.691130][ T5593] veth0_vlan: entered promiscuous mode [ 124.731822][ T5593] veth1_vlan: entered promiscuous mode [ 124.927710][ T5593] veth0_macvtap: entered promiscuous mode [ 124.953556][ T5593] veth1_macvtap: entered promiscuous mode [ 125.035009][ T5593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 125.067408][ T5593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.085323][ T5593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 125.100560][ T6014] loop4: detected capacity change from 0 to 32768 [ 125.107214][ T5593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.125307][ T5593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 125.136131][ T6014] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.170 (6014) [ 125.159404][ T5593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.183385][ T5593] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 125.193968][ T6014] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 125.211641][ T6014] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 125.221721][ T5767] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 125.242179][ T5767] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 125.275632][ T5767] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 125.299233][ T5767] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 125.345606][ T5593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.375546][ T5593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.398965][ T5593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.418057][ T5593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.441176][ T6014] BTRFS info (device loop4): rebuilding free space tree [ 125.459870][ T5593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.467811][ T6014] BTRFS info (device loop4): disabling free space tree [ 125.494127][ T5593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.495146][ T6014] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 125.520287][ T5593] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 125.521823][ T6014] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 125.533881][ T5593] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.547257][ T5593] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.553652][ T6014] BTRFS info (device loop4): checking UUID tree [ 125.558415][ T5593] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.573028][ T5110] Bluetooth: hci2: command tx timeout [ 125.578581][ T5593] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.736707][ T5092] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 125.938493][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.963932][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.052126][ T2893] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.087081][ T2893] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.114439][ T6061] netlink: 16 bytes leftover after parsing attributes in process `syz.4.172'. [ 126.177737][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 126.292047][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 126.362249][ T5146] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.369467][ T5146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.422732][ T5208] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.429976][ T5208] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.954002][ T5148] usb 1-1: USB disconnect, device number 4 [ 127.804047][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 127.856615][ T5110] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 127.868313][ T5110] CPU: 0 UID: 0 PID: 5110 Comm: kworker/u9:9 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 127.878688][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 127.888776][ T5110] Workqueue: hci0 hci_rx_work [ 127.893907][ T5110] Call Trace: [ 127.897188][ T5110] [ 127.900116][ T5110] dump_stack_lvl+0x241/0x360 [ 127.904898][ T5110] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.910189][ T5110] ? __pfx__printk+0x10/0x10 [ 127.914931][ T5110] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 127.920222][ T5110] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 127.925776][ T5110] sysfs_create_dir_ns+0x2ce/0x3a0 [ 127.931245][ T5110] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 127.936897][ T5110] kobject_add_internal+0x435/0x8d0 [ 127.942097][ T5110] kobject_add+0x152/0x220 [ 127.946517][ T5110] ? do_raw_spin_unlock+0x13c/0x8b0 [ 127.951761][ T5110] ? device_add+0x3e7/0xbf0 [ 127.956261][ T5110] ? __pfx_kobject_add+0x10/0x10 [ 127.961198][ T5110] ? _raw_spin_unlock+0x28/0x50 [ 127.966050][ T5110] ? get_device_parent+0x165/0x410 [ 127.971163][ T5110] device_add+0x4e5/0xbf0 [ 127.975508][ T5110] hci_conn_add_sysfs+0xe8/0x200 [ 127.980539][ T5110] le_conn_complete_evt+0xc9f/0x12e0 [ 127.985830][ T5110] ? trace_contention_end+0x3c/0x120 [ 127.991128][ T5110] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 127.996957][ T5110] ? __mutex_unlock_slowpath+0x21d/0x750 [ 128.002590][ T5110] ? __copy_skb_header+0x437/0x5b0 [ 128.007710][ T5110] ? skb_pull_data+0x112/0x230 [ 128.012569][ T5110] hci_le_enh_conn_complete_evt+0x185/0x420 [ 128.018892][ T5110] hci_event_packet+0xa55/0x1540 [ 128.023930][ T5110] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 128.029310][ T5110] ? __pfx_hci_event_packet+0x10/0x10 [ 128.034680][ T5110] ? do_raw_spin_unlock+0x13c/0x8b0 [ 128.039900][ T5110] ? hci_send_to_monitor+0xd8/0x7f0 [ 128.045191][ T5110] ? kcov_remote_start+0x9e/0x7e0 [ 128.050348][ T5110] hci_rx_work+0x3e8/0xca0 [ 128.054863][ T5110] ? process_scheduled_works+0x945/0x1830 [ 128.060590][ T5110] process_scheduled_works+0xa2c/0x1830 [ 128.066163][ T5110] ? __pfx_process_scheduled_works+0x10/0x10 [ 128.072167][ T5110] ? assign_work+0x364/0x3d0 [ 128.076758][ T5110] worker_thread+0x86d/0xd40 [ 128.081351][ T5110] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 128.087309][ T5110] ? __kthread_parkme+0x169/0x1d0 [ 128.092337][ T5110] ? __pfx_worker_thread+0x10/0x10 [ 128.097468][ T5110] kthread+0x2f0/0x390 [ 128.101539][ T5110] ? __pfx_worker_thread+0x10/0x10 [ 128.106645][ T5110] ? __pfx_kthread+0x10/0x10 [ 128.111239][ T5110] ret_from_fork+0x4b/0x80 [ 128.116116][ T5110] ? __pfx_kthread+0x10/0x10 [ 128.120731][ T5110] ret_from_fork_asm+0x1a/0x30 [ 128.125523][ T5110] [ 128.135020][ T5110] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 128.149823][ T5110] Bluetooth: hci0: failed to register connection device [ 128.264062][ T5767] veth0_vlan: entered promiscuous mode [ 128.334254][ T5767] veth1_vlan: entered promiscuous mode [ 128.483123][ T5767] veth0_macvtap: entered promiscuous mode [ 128.518314][ T5767] veth1_macvtap: entered promiscuous mode [ 128.599091][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.637064][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.665760][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.702237][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.725778][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.747467][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.775876][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.805323][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.830264][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.872481][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.897353][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.915318][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.938332][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.965312][ T5143] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 128.980938][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.021788][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.054697][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.088730][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.127602][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 129.177348][ T5767] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.202686][ T5143] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 129.215268][ T5767] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.228432][ T5143] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.244562][ T5767] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.275075][ T5767] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.275145][ T5143] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.325808][ T5143] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 129.399832][ T5143] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 129.415284][ T5143] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 129.433763][ T5143] usb 1-1: Manufacturer: syz [ 129.474361][ T5143] usb 1-1: config 0 descriptor?? [ 129.508161][ T2893] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.536543][ T2893] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.633439][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.657734][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.899439][ T5143] appleir 0003:05AC:8243.0006: unknown main item tag 0x0 [ 129.916325][ T5143] appleir 0003:05AC:8243.0006: No inputs registered, leaving [ 129.954200][ T5143] appleir 0003:05AC:8243.0006: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 129.978340][ T6116] loop1: detected capacity change from 0 to 32768 [ 130.004585][ T6116] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.181 (6116) [ 130.047893][ T6116] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 130.083712][ T6116] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 130.125917][ T5145] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 130.206169][ T5104] Bluetooth: hci0: command tx timeout [ 130.222742][ T6116] BTRFS info (device loop1): rebuilding free space tree [ 130.257943][ T6116] BTRFS info (device loop1): disabling free space tree [ 130.266956][ T6116] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 130.277622][ T6116] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 130.298044][ T6116] BTRFS info (device loop1): checking UUID tree [ 130.315430][ T5145] usb 3-1: Using ep0 maxpacket: 16 [ 130.322902][ T5145] usb 3-1: config 0 has an invalid descriptor of length 160, skipping remainder of the config [ 130.349786][ T5145] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 130.385188][ T5145] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 130.394419][ T5145] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.417161][ T5089] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 130.440215][ T5145] usb 3-1: config 0 descriptor?? [ 130.469566][ T5143] usb 1-1: USB disconnect, device number 5 [ 130.470240][ T5145] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 130.830483][ T6145] netlink: 16 bytes leftover after parsing attributes in process `syz.1.183'. [ 130.855727][ T5148] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 131.079936][ T5148] usb 5-1: Using ep0 maxpacket: 8 [ 131.100691][ T6160] loop3: detected capacity change from 0 to 1024 [ 131.107367][ T5148] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 131.134673][ T5148] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 131.170265][ T5148] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.208296][ T6159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 131.240006][ T6159] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.430786][ T5104] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 131.632203][ T5110] Bluetooth: hci0: Ignoring connect complete event for invalid link type [ 131.645445][ T5110] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 132.117406][ T6184] netlink: 'syz.0.192': attribute type 12 has an invalid length. [ 133.168764][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.175401][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.551271][ T5145] usb 3-1: USB disconnect, device number 5 [ 133.610048][ T5146] usb 5-1: USB disconnect, device number 3 [ 133.863020][ T6201] netlink: 16 bytes leftover after parsing attributes in process `syz.4.198'. [ 134.266181][ T6187] loop1: detected capacity change from 0 to 32768 [ 134.287928][ T6187] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.194 (6187) [ 134.319141][ T6187] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 134.330959][ T6187] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 134.459712][ T6187] BTRFS info (device loop1): rebuilding free space tree [ 134.576634][ T5146] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 134.593167][ T6187] BTRFS info (device loop1): disabling free space tree [ 134.610570][ T6187] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 134.654547][ T6187] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 134.675107][ T5110] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 134.686094][ T5110] CPU: 1 UID: 0 PID: 5110 Comm: kworker/u9:9 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 134.696547][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 134.706619][ T5110] Workqueue: hci4 hci_rx_work [ 134.711310][ T5110] Call Trace: [ 134.714582][ T5110] [ 134.717504][ T5110] dump_stack_lvl+0x241/0x360 [ 134.722206][ T5110] ? __pfx_dump_stack_lvl+0x10/0x10 [ 134.727490][ T5110] ? __pfx__printk+0x10/0x10 [ 134.732083][ T5110] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 134.737365][ T5110] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 134.742913][ T5110] sysfs_create_dir_ns+0x2ce/0x3a0 [ 134.748029][ T5110] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 134.753667][ T5110] kobject_add_internal+0x435/0x8d0 [ 134.758864][ T5110] kobject_add+0x152/0x220 [ 134.763371][ T5110] ? do_raw_spin_unlock+0x13c/0x8b0 [ 134.768574][ T5110] ? device_add+0x3e7/0xbf0 [ 134.773085][ T5110] ? __pfx_kobject_add+0x10/0x10 [ 134.778201][ T5110] ? _raw_spin_unlock+0x28/0x50 [ 134.783048][ T5110] ? get_device_parent+0x165/0x410 [ 134.788163][ T5110] device_add+0x4e5/0xbf0 [ 134.792503][ T5110] hci_conn_add_sysfs+0xe8/0x200 [ 134.797453][ T5110] le_conn_complete_evt+0xc9f/0x12e0 [ 134.802743][ T5110] ? trace_contention_end+0x3c/0x120 [ 134.808027][ T5110] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 134.813746][ T5110] ? __mutex_unlock_slowpath+0x21d/0x750 [ 134.819386][ T5110] ? __copy_skb_header+0x437/0x5b0 [ 134.824492][ T5110] ? skb_pull_data+0x112/0x230 [ 134.829256][ T5110] hci_le_enh_conn_complete_evt+0x185/0x420 [ 134.835154][ T5110] hci_event_packet+0xa55/0x1540 [ 134.840088][ T5110] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 134.845374][ T5110] ? __pfx_hci_event_packet+0x10/0x10 [ 134.851000][ T5110] ? do_raw_spin_unlock+0x13c/0x8b0 [ 134.856198][ T5110] ? hci_send_to_monitor+0xd8/0x7f0 [ 134.861394][ T5110] ? kcov_remote_start+0x9e/0x7e0 [ 134.866424][ T5110] hci_rx_work+0x3e8/0xca0 [ 134.870962][ T5110] ? process_scheduled_works+0x945/0x1830 [ 134.876677][ T5110] process_scheduled_works+0xa2c/0x1830 [ 134.882239][ T5110] ? __pfx_process_scheduled_works+0x10/0x10 [ 134.888221][ T5110] ? assign_work+0x364/0x3d0 [ 134.892825][ T5110] worker_thread+0x86d/0xd40 [ 134.897418][ T5110] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 134.903309][ T5110] ? __kthread_parkme+0x169/0x1d0 [ 134.908595][ T5110] ? __pfx_worker_thread+0x10/0x10 [ 134.913704][ T5110] kthread+0x2f0/0x390 [ 134.917768][ T5110] ? __pfx_worker_thread+0x10/0x10 [ 134.922872][ T5110] ? __pfx_kthread+0x10/0x10 [ 134.927457][ T5110] ret_from_fork+0x4b/0x80 [ 134.931870][ T5110] ? __pfx_kthread+0x10/0x10 [ 134.936455][ T5110] ret_from_fork_asm+0x1a/0x30 [ 134.941226][ T5110] [ 134.944252][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.956286][ T5110] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 134.970988][ T5110] Bluetooth: hci4: failed to register connection device [ 134.987324][ T5146] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 134.998525][ T5146] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.010625][ T5146] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.021468][ T5146] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 135.046943][ T6187] BTRFS info (device loop1): checking UUID tree [ 135.053640][ T5146] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 135.069892][ T5146] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 135.079915][ T5146] usb 5-1: Manufacturer: syz [ 135.098996][ T5146] usb 5-1: config 0 descriptor?? [ 135.719303][ T5146] appleir 0003:05AC:8243.0007: unknown main item tag 0x0 [ 135.932655][ T5146] appleir 0003:05AC:8243.0007: No inputs registered, leaving [ 136.170610][ T5089] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 136.195807][ T5146] appleir 0003:05AC:8243.0007: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 136.350647][ T5104] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 136.744791][ T5104] Bluetooth: hci0: unexpected event 0x2f length: 763 > 260 [ 137.006531][ T5104] Bluetooth: hci4: command tx timeout [ 137.328067][ T1146] usb 5-1: USB disconnect, device number 4 [ 137.346615][ T6254] sysfs: cannot create duplicate filename '/class/ieee80211/C|+i!‡3§rU&6 bÎOo¸ ' 1©|y' [ 137.369050][ T6254] CPU: 0 UID: 0 PID: 6254 Comm: syz.1.204 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 137.379161][ T6254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 137.389230][ T6254] Call Trace: [ 137.392507][ T6254] [ 137.395435][ T6254] dump_stack_lvl+0x241/0x360 [ 137.400120][ T6254] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.405322][ T6254] ? __pfx__printk+0x10/0x10 [ 137.409922][ T6254] ? sysfs_warn_dup+0x51/0xa0 [ 137.414614][ T6254] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 137.420171][ T6254] sysfs_warn_dup+0x8e/0xa0 [ 137.424676][ T6254] sysfs_do_create_link_sd+0xbe/0x110 [ 137.430051][ T6254] device_add_class_symlinks+0x1c5/0x250 [ 137.435686][ T6254] device_add+0x553/0xbf0 [ 137.440012][ T6254] wiphy_register+0x1d3f/0x2b30 [ 137.444875][ T6254] ? __pfx_wiphy_register+0x10/0x10 [ 137.450070][ T6254] ? minstrel_ht_alloc+0x72b/0x860 [ 137.455186][ T6254] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 137.461255][ T6254] ieee80211_register_hw+0x304a/0x3d30 [ 137.466905][ T6254] ? ieee80211_register_hw+0x1081/0x3d30 [ 137.472541][ T6254] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 137.478355][ T6254] ? __asan_memset+0x23/0x50 [ 137.482939][ T6254] ? __hrtimer_init+0x170/0x250 [ 137.487787][ T6254] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 137.493629][ T6254] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 137.499688][ T6254] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 137.506272][ T6254] ? kstrndup+0x5c/0xb0 [ 137.510428][ T6254] ? __asan_memcpy+0x40/0x70 [ 137.515012][ T6254] hwsim_new_radio_nl+0xe4c/0x21d0 [ 137.520136][ T6254] ? __pfx___nla_validate_parse+0x10/0x10 [ 137.525853][ T6254] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 137.531435][ T6254] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 137.537764][ T6254] genl_rcv_msg+0xb14/0xec0 [ 137.542261][ T6254] ? mark_lock+0x9a/0x360 [ 137.546604][ T6254] ? __pfx_genl_rcv_msg+0x10/0x10 [ 137.551645][ T6254] ? __pfx_lock_acquire+0x10/0x10 [ 137.556663][ T6254] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 137.562203][ T6254] ? __pfx_genl_rcv+0x10/0x10 [ 137.566897][ T6254] netlink_rcv_skb+0x1e3/0x430 [ 137.571668][ T6254] ? __pfx_genl_rcv_msg+0x10/0x10 [ 137.576689][ T6254] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 137.582006][ T6254] ? __netlink_deliver_tap+0x77e/0x7c0 [ 137.587471][ T6254] genl_rcv+0x28/0x40 [ 137.591447][ T6254] netlink_unicast+0x7f0/0x990 [ 137.596217][ T6254] ? __pfx_netlink_unicast+0x10/0x10 [ 137.601499][ T6254] ? __virt_addr_valid+0x183/0x530 [ 137.606612][ T6254] ? __check_object_size+0x49c/0x900 [ 137.611891][ T6254] ? bpf_lsm_netlink_send+0x9/0x10 [ 137.617001][ T6254] netlink_sendmsg+0x8e4/0xcb0 [ 137.621777][ T6254] ? __pfx_netlink_sendmsg+0x10/0x10 [ 137.627141][ T6254] ? __import_iovec+0x536/0x820 [ 137.631986][ T6254] ? aa_sock_msg_perm+0x91/0x160 [ 137.636920][ T6254] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 137.642218][ T6254] ? security_socket_sendmsg+0x87/0xb0 [ 137.647704][ T6254] ? __pfx_netlink_sendmsg+0x10/0x10 [ 137.652999][ T6254] __sock_sendmsg+0x221/0x270 [ 137.657706][ T6254] ____sys_sendmsg+0x525/0x7d0 [ 137.662481][ T6254] ? __pfx_____sys_sendmsg+0x10/0x10 [ 137.667780][ T6254] __sys_sendmsg+0x2b0/0x3a0 [ 137.672370][ T6254] ? __pfx___sys_sendmsg+0x10/0x10 [ 137.677513][ T6254] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 137.683836][ T6254] ? do_syscall_64+0x100/0x230 [ 137.688593][ T6254] ? do_syscall_64+0xb6/0x230 [ 137.693279][ T6254] do_syscall_64+0xf3/0x230 [ 137.697778][ T6254] ? clear_bhb_loop+0x35/0x90 [ 137.702450][ T6254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.708349][ T6254] RIP: 0033:0x7f3b81b75bd9 [ 137.712840][ T6254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.732439][ T6254] RSP: 002b:00007f3b82947048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 137.740855][ T6254] RAX: ffffffffffffffda RBX: 00007f3b81d04038 RCX: 00007f3b81b75bd9 [ 137.748820][ T6254] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 137.756784][ T6254] RBP: 00007f3b81be4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 137.764744][ T6254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 137.772705][ T6254] R13: 000000000000006e R14: 00007f3b81d04038 R15: 00007ffd29ad8d88 [ 137.780685][ T6254] [ 137.935325][ T25] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 137.944484][ T6250] debugfs: Directory 'C|+i!‡3§rU&6 bÎOo¸ ' 1©|y' with parent 'ieee80211' already present! [ 138.155490][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 138.194970][ T25] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 138.234177][ T25] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 138.298701][ T25] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 138.332666][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.379188][ T25] usbtmc 1-1:16.0: bulk endpoints not found [ 139.019086][ T6273] loop4: detected capacity change from 0 to 764 [ 139.109796][ T6273] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 139.230476][ T6268] netlink: 16 bytes leftover after parsing attributes in process `syz.3.210'. [ 139.923349][ T6287] loop2: detected capacity change from 0 to 64 [ 139.952846][ T6287] hfs: unable to parse mount options [ 140.012401][ T6287] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 140.087029][ T5104] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 140.731016][ T5142] usb 1-1: USB disconnect, device number 6 [ 141.618153][ T5142] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 142.475662][ T5104] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 142.591389][ T5142] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 142.622108][ T6315] sysfs: cannot create duplicate filename '/class/ieee80211/C|+i!‡3§rU&6 bÎOo¸ ' 1©|y' [ 142.632958][ T6315] CPU: 1 UID: 0 PID: 6315 Comm: syz.2.224 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 142.643063][ T6315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 142.650231][ T5142] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.653124][ T6315] Call Trace: [ 142.653139][ T6315] [ 142.653149][ T6315] dump_stack_lvl+0x241/0x360 [ 142.674906][ T6315] ? __pfx_dump_stack_lvl+0x10/0x10 [ 142.680136][ T6315] ? __pfx__printk+0x10/0x10 [ 142.684754][ T6315] ? sysfs_warn_dup+0x51/0xa0 [ 142.689458][ T6315] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 142.695032][ T6315] sysfs_warn_dup+0x8e/0xa0 [ 142.699554][ T6315] sysfs_do_create_link_sd+0xbe/0x110 [ 142.704929][ T6315] device_add_class_symlinks+0x1c5/0x250 [ 142.710565][ T6315] device_add+0x553/0xbf0 [ 142.714892][ T6315] wiphy_register+0x1d3f/0x2b30 [ 142.719754][ T6315] ? __pfx_wiphy_register+0x10/0x10 [ 142.724943][ T6315] ? minstrel_ht_alloc+0x72b/0x860 [ 142.730147][ T6315] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 142.736216][ T6315] ieee80211_register_hw+0x304a/0x3d30 [ 142.741856][ T6315] ? ieee80211_register_hw+0x1081/0x3d30 [ 142.747492][ T6315] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 142.753306][ T6315] ? __asan_memset+0x23/0x50 [ 142.757911][ T6315] ? __hrtimer_init+0x170/0x250 [ 142.762759][ T6315] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 142.768502][ T6315] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 142.774604][ T6315] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 142.781276][ T6315] ? kstrndup+0x5c/0xb0 [ 142.785439][ T6315] ? __asan_memcpy+0x40/0x70 [ 142.790045][ T6315] hwsim_new_radio_nl+0xe4c/0x21d0 [ 142.795176][ T6315] ? __pfx___nla_validate_parse+0x10/0x10 [ 142.800916][ T6315] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 142.806486][ T6315] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 142.812815][ T6315] genl_rcv_msg+0xb14/0xec0 [ 142.817398][ T6315] ? mark_lock+0x9a/0x360 [ 142.821732][ T6315] ? __pfx_genl_rcv_msg+0x10/0x10 [ 142.826773][ T6315] ? __pfx_lock_acquire+0x10/0x10 [ 142.831799][ T6315] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 142.837339][ T6315] ? __pfx___might_resched+0x10/0x10 [ 142.842623][ T6315] netlink_rcv_skb+0x1e3/0x430 [ 142.847386][ T6315] ? __pfx_genl_rcv_msg+0x10/0x10 [ 142.852404][ T6315] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 142.857790][ T6315] ? __netlink_deliver_tap+0x77e/0x7c0 [ 142.863255][ T6315] genl_rcv+0x28/0x40 [ 142.867230][ T6315] netlink_unicast+0x7f0/0x990 [ 142.872000][ T6315] ? __pfx_netlink_unicast+0x10/0x10 [ 142.877276][ T6315] ? __virt_addr_valid+0x183/0x530 [ 142.882384][ T6315] ? __check_object_size+0x49c/0x900 [ 142.887664][ T6315] ? bpf_lsm_netlink_send+0x9/0x10 [ 142.892776][ T6315] netlink_sendmsg+0x8e4/0xcb0 [ 142.897543][ T6315] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.902820][ T6315] ? __import_iovec+0x536/0x820 [ 142.907661][ T6315] ? aa_sock_msg_perm+0x91/0x160 [ 142.912594][ T6315] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 142.917880][ T6315] ? security_socket_sendmsg+0x87/0xb0 [ 142.923334][ T6315] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.928618][ T6315] __sock_sendmsg+0x221/0x270 [ 142.933298][ T6315] ____sys_sendmsg+0x525/0x7d0 [ 142.938070][ T6315] ? __pfx_____sys_sendmsg+0x10/0x10 [ 142.943364][ T6315] __sys_sendmsg+0x2b0/0x3a0 [ 142.947982][ T6315] ? __pfx___sys_sendmsg+0x10/0x10 [ 142.953126][ T6315] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 142.959456][ T6315] ? do_syscall_64+0x100/0x230 [ 142.964238][ T6315] ? do_syscall_64+0xb6/0x230 [ 142.968931][ T6315] do_syscall_64+0xf3/0x230 [ 142.973443][ T6315] ? clear_bhb_loop+0x35/0x90 [ 142.978221][ T6315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.984110][ T6315] RIP: 0033:0x7f89d7b75bd9 [ 142.988530][ T6315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.008130][ T6315] RSP: 002b:00007f89d8a0f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 143.016544][ T6315] RAX: ffffffffffffffda RBX: 00007f89d7d04038 RCX: 00007f89d7b75bd9 [ 143.024509][ T6315] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 143.032499][ T6315] RBP: 00007f89d7be4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 143.040476][ T6315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 143.048448][ T6315] R13: 000000000000006e R14: 00007f89d7d04038 R15: 00007fff353cab48 [ 143.056432][ T6315] [ 143.065448][ T5142] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.085395][ T5142] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 143.137345][ T5142] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 143.147402][ T5142] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 143.176098][ T5142] usb 1-1: Manufacturer: syz [ 143.213510][ T6320] netlink: 'syz.4.225': attribute type 12 has an invalid length. [ 143.229384][ T5142] usb 1-1: config 0 descriptor?? [ 143.712312][ T5142] appleir 0003:05AC:8243.0008: unknown main item tag 0x0 [ 143.728931][ T5142] appleir 0003:05AC:8243.0008: No inputs registered, leaving [ 143.747006][ T5142] appleir 0003:05AC:8243.0008: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 143.765263][ T5104] Bluetooth: hci0: Ignoring connect complete event for invalid link type [ 143.788197][ T5104] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 144.306905][ T6329] netlink: 'syz.3.226': attribute type 2 has an invalid length. [ 144.335863][ T6329] netlink: 4 bytes leftover after parsing attributes in process `syz.3.226'. [ 144.377872][ T5142] usb 1-1: USB disconnect, device number 7 [ 144.403892][ T6327] tunl0: entered promiscuous mode [ 144.416740][ T6331] loop1: detected capacity change from 0 to 764 [ 144.427311][ T6327] netlink: 'syz.3.226': attribute type 1 has an invalid length. [ 144.461428][ T6327] netlink: 9 bytes leftover after parsing attributes in process `syz.3.226'. [ 144.472942][ T6329] netlink: 24 bytes leftover after parsing attributes in process `syz.3.226'. [ 144.514969][ T6331] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 144.574967][ T6327] netlink: 20 bytes leftover after parsing attributes in process `syz.3.226'. [ 145.016467][ T6337] loop2: detected capacity change from 0 to 64 [ 145.025079][ T6337] hfs: unable to parse mount options [ 145.034410][ T6337] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 145.147994][ T5145] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 145.904325][ T5145] usb 4-1: Using ep0 maxpacket: 8 [ 146.001261][ T5145] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 146.122498][ T5145] usb 4-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 146.210943][ T5145] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 146.264776][ T5145] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.289867][ T5145] usbtmc 4-1:16.0: bulk endpoints not found [ 146.862858][ T6351] loop1: detected capacity change from 0 to 32768 [ 146.891046][ T6351] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.235 (6351) [ 146.949271][ T6351] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 146.989683][ T6351] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 147.191480][ T5110] Bluetooth: hci2: Ignoring connect complete event for invalid link type [ 147.204773][ T5110] Bluetooth: hci2: SCO packet for unknown connection handle 1039 [ 147.346119][ T6351] BTRFS info (device loop1): rebuilding free space tree [ 147.413206][ T6351] BTRFS info (device loop1): disabling free space tree [ 147.434252][ T6351] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 147.455752][ T6351] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 147.469887][ T6386] netlink: 'syz.2.239': attribute type 2 has an invalid length. [ 147.500773][ T6386] netlink: 4 bytes leftover after parsing attributes in process `syz.2.239'. [ 147.511862][ T6351] BTRFS info (device loop1): checking UUID tree [ 147.555835][ T6384] tunl0: entered promiscuous mode [ 147.568758][ T5110] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 147.591486][ T6384] netlink: 'syz.2.239': attribute type 1 has an invalid length. [ 147.619909][ T6384] netlink: 9 bytes leftover after parsing attributes in process `syz.2.239'. [ 147.649392][ T6386] netlink: 24 bytes leftover after parsing attributes in process `syz.2.239'. [ 147.717851][ T5089] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 147.743778][ T6384] netlink: 20 bytes leftover after parsing attributes in process `syz.2.239'. [ 147.818791][ T6393] sysfs: cannot create duplicate filename '/class/ieee80211/C|+i!‡3§rU&6 bÎOo¸ ' 1©|y' [ 147.829355][ T6393] CPU: 1 UID: 0 PID: 6393 Comm: syz.0.240 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 147.839446][ T6393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 147.849502][ T6393] Call Trace: [ 147.852779][ T6393] [ 147.855703][ T6393] dump_stack_lvl+0x241/0x360 [ 147.860387][ T6393] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.865581][ T6393] ? __pfx__printk+0x10/0x10 [ 147.870170][ T6393] ? sysfs_warn_dup+0x51/0xa0 [ 147.874849][ T6393] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 147.880416][ T6393] sysfs_warn_dup+0x8e/0xa0 [ 147.884928][ T6393] sysfs_do_create_link_sd+0xbe/0x110 [ 147.890305][ T6393] device_add_class_symlinks+0x1c5/0x250 [ 147.895942][ T6393] device_add+0x553/0xbf0 [ 147.900275][ T6393] wiphy_register+0x1d3f/0x2b30 [ 147.905140][ T6393] ? __pfx_wiphy_register+0x10/0x10 [ 147.910333][ T6393] ? minstrel_ht_alloc+0x72b/0x860 [ 147.915446][ T6393] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 147.921512][ T6393] ieee80211_register_hw+0x304a/0x3d30 [ 147.927068][ T6393] ? ieee80211_register_hw+0x1081/0x3d30 [ 147.932885][ T6393] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 147.938782][ T6393] ? __asan_memset+0x23/0x50 [ 147.943366][ T6393] ? __hrtimer_init+0x170/0x250 [ 147.948215][ T6393] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 147.953951][ T6393] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 147.960014][ T6393] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 147.966597][ T6393] ? kstrndup+0x5c/0xb0 [ 147.970751][ T6393] ? __asan_memcpy+0x40/0x70 [ 147.975356][ T6393] hwsim_new_radio_nl+0xe4c/0x21d0 [ 147.980487][ T6393] ? __pfx___nla_validate_parse+0x10/0x10 [ 147.986206][ T6393] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 147.991774][ T6393] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 147.998190][ T6393] genl_rcv_msg+0xb14/0xec0 [ 148.002685][ T6393] ? mark_lock+0x9a/0x360 [ 148.007282][ T6393] ? __pfx_genl_rcv_msg+0x10/0x10 [ 148.012325][ T6393] ? __pfx_lock_acquire+0x10/0x10 [ 148.017343][ T6393] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 148.022902][ T6393] ? __pfx___might_resched+0x10/0x10 [ 148.028218][ T6393] netlink_rcv_skb+0x1e3/0x430 [ 148.032996][ T6393] ? __pfx_genl_rcv_msg+0x10/0x10 [ 148.038026][ T6393] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 148.043328][ T6393] ? __netlink_deliver_tap+0x77e/0x7c0 [ 148.048794][ T6393] genl_rcv+0x28/0x40 [ 148.052772][ T6393] netlink_unicast+0x7f0/0x990 [ 148.057540][ T6393] ? __pfx_netlink_unicast+0x10/0x10 [ 148.062826][ T6393] ? __virt_addr_valid+0x183/0x530 [ 148.067938][ T6393] ? __check_object_size+0x49c/0x900 [ 148.073213][ T6393] ? bpf_lsm_netlink_send+0x9/0x10 [ 148.078327][ T6393] netlink_sendmsg+0x8e4/0xcb0 [ 148.083096][ T6393] ? __pfx_netlink_sendmsg+0x10/0x10 [ 148.088386][ T6393] ? __import_iovec+0x536/0x820 [ 148.093248][ T6393] ? aa_sock_msg_perm+0x91/0x160 [ 148.098181][ T6393] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 148.103465][ T6393] ? security_socket_sendmsg+0x87/0xb0 [ 148.108925][ T6393] ? __pfx_netlink_sendmsg+0x10/0x10 [ 148.114200][ T6393] __sock_sendmsg+0x221/0x270 [ 148.118879][ T6393] ____sys_sendmsg+0x525/0x7d0 [ 148.123736][ T6393] ? __pfx_____sys_sendmsg+0x10/0x10 [ 148.129028][ T6393] __sys_sendmsg+0x2b0/0x3a0 [ 148.133614][ T6393] ? __pfx___sys_sendmsg+0x10/0x10 [ 148.138757][ T6393] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 148.145080][ T6393] ? do_syscall_64+0x100/0x230 [ 148.149838][ T6393] ? do_syscall_64+0xb6/0x230 [ 148.154507][ T6393] do_syscall_64+0xf3/0x230 [ 148.159002][ T6393] ? clear_bhb_loop+0x35/0x90 [ 148.163763][ T6393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.169648][ T6393] RIP: 0033:0x7f1209375bd9 [ 148.174056][ T6393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.193751][ T6393] RSP: 002b:00007f120a127048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 148.202178][ T6393] RAX: ffffffffffffffda RBX: 00007f1209504038 RCX: 00007f1209375bd9 [ 148.210174][ T6393] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 148.218160][ T6393] RBP: 00007f12093e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 148.226131][ T6393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.234100][ T6393] R13: 000000000000006e R14: 00007f1209504038 R15: 00007ffe23229ca8 [ 148.242083][ T6393] [ 148.428420][ T5145] usb 4-1: USB disconnect, device number 3 [ 148.523142][ T6401] loop2: detected capacity change from 0 to 64 [ 148.598106][ T6401] hfs: unable to parse mount options [ 148.619831][ T6405] netlink: 'syz.4.242': attribute type 12 has an invalid length. [ 148.667405][ T6401] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 148.865379][ T5142] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 149.029268][ T5110] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 149.066923][ T5142] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 149.094108][ T5142] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 149.121728][ T5142] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 149.142898][ T5142] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 149.158788][ T5142] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 149.168453][ T5142] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 149.179826][ T5142] usb 2-1: Manufacturer: syz [ 149.186267][ T5142] usb 2-1: config 0 descriptor?? [ 149.237017][ T6412] debugfs: Directory 'C|+i!‡3§rU&6 bÎOo¸ ' 1©|y' with parent 'ieee80211' already present! [ 149.631407][ T5142] appleir 0003:05AC:8243.0009: unknown main item tag 0x0 [ 149.676641][ T5142] appleir 0003:05AC:8243.0009: No inputs registered, leaving [ 149.690453][ T5142] appleir 0003:05AC:8243.0009: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 150.984984][ T6414] raw-gadget.0 gadget.1: fail, usb_ep_queue returned -108 [ 152.388066][ T5142] usb 2-1: USB disconnect, device number 5 [ 152.556330][ T6433] netlink: 16 bytes leftover after parsing attributes in process `syz.0.252'. [ 153.285543][ T5110] Bluetooth: hci0: Ignoring connect complete event for invalid link type [ 153.312640][ T5110] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 153.518877][ T6426] loop4: detected capacity change from 0 to 32768 [ 153.558384][ T6447] loop3: detected capacity change from 0 to 764 [ 153.576517][ T6426] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.251 (6426) [ 153.590067][ T6447] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 153.625365][ T5148] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 153.646656][ T6426] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 153.675563][ T6426] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 153.781426][ T6426] BTRFS info (device loop4): rebuilding free space tree [ 153.835579][ T5148] usb 1-1: Using ep0 maxpacket: 8 [ 153.845488][ T6426] BTRFS info (device loop4): disabling free space tree [ 153.856345][ T6426] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 153.870522][ T5148] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 153.901188][ T5148] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 153.915838][ T6426] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 153.935392][ T5148] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 153.944482][ T5148] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.968634][ T6426] BTRFS info (device loop4): checking UUID tree [ 154.086961][ T5148] usbtmc 1-1:16.0: bulk endpoints not found [ 154.806382][ T5092] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 155.014465][ T6487] netlink: 'syz.2.263': attribute type 12 has an invalid length. [ 155.675692][ T5110] Bluetooth: hci2: unexpected event 0x2f length: 763 > 260 [ 156.946600][ T1146] usb 1-1: USB disconnect, device number 8 [ 156.966176][ T6492] sysfs: cannot create duplicate filename '/class/ieee80211/C|+i!‡3§rU&6 bÎOo¸ ' 1©|y' [ 156.976683][ T6492] CPU: 0 UID: 0 PID: 6492 Comm: syz.4.262 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 156.986770][ T6492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 156.996826][ T6492] Call Trace: [ 157.000095][ T6492] [ 157.003012][ T6492] dump_stack_lvl+0x241/0x360 [ 157.007699][ T6492] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.012923][ T6492] ? __pfx__printk+0x10/0x10 [ 157.017514][ T6492] ? sysfs_warn_dup+0x51/0xa0 [ 157.022184][ T6492] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 157.027729][ T6492] sysfs_warn_dup+0x8e/0xa0 [ 157.032225][ T6492] sysfs_do_create_link_sd+0xbe/0x110 [ 157.037611][ T6492] device_add_class_symlinks+0x1c5/0x250 [ 157.043270][ T6492] device_add+0x553/0xbf0 [ 157.047636][ T6492] wiphy_register+0x1d3f/0x2b30 [ 157.052540][ T6492] ? __pfx_wiphy_register+0x10/0x10 [ 157.057767][ T6492] ? minstrel_ht_alloc+0x72b/0x860 [ 157.062904][ T6492] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 157.068977][ T6492] ieee80211_register_hw+0x304a/0x3d30 [ 157.074534][ T6492] ? ieee80211_register_hw+0x1081/0x3d30 [ 157.080166][ T6492] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 157.085978][ T6492] ? __asan_memset+0x23/0x50 [ 157.090567][ T6492] ? __hrtimer_init+0x170/0x250 [ 157.095436][ T6492] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 157.101214][ T6492] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 157.107274][ T6492] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 157.113873][ T6492] ? kstrndup+0x5c/0xb0 [ 157.118026][ T6492] ? __asan_memcpy+0x40/0x70 [ 157.122630][ T6492] hwsim_new_radio_nl+0xe4c/0x21d0 [ 157.127748][ T6492] ? __pfx___nla_validate_parse+0x10/0x10 [ 157.133464][ T6492] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 157.139033][ T6492] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 157.145362][ T6492] genl_rcv_msg+0xb14/0xec0 [ 157.149859][ T6492] ? mark_lock+0x9a/0x360 [ 157.154192][ T6492] ? __pfx_genl_rcv_msg+0x10/0x10 [ 157.159213][ T6492] ? mark_lock+0x9a/0x360 [ 157.163546][ T6492] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 157.169560][ T6492] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 157.175905][ T6492] ? lockdep_hardirqs_on+0x99/0x150 [ 157.181119][ T6492] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 157.186853][ T6492] netlink_rcv_skb+0x1e3/0x430 [ 157.191713][ T6492] ? __pfx_genl_rcv_msg+0x10/0x10 [ 157.196756][ T6492] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 157.202069][ T6492] ? __netlink_deliver_tap+0x77e/0x7c0 [ 157.207538][ T6492] genl_rcv+0x28/0x40 [ 157.211522][ T6492] netlink_unicast+0x7f0/0x990 [ 157.216295][ T6492] ? __pfx_netlink_unicast+0x10/0x10 [ 157.221574][ T6492] ? __virt_addr_valid+0x183/0x530 [ 157.226685][ T6492] ? __check_object_size+0x49c/0x900 [ 157.231961][ T6492] ? bpf_lsm_netlink_send+0x9/0x10 [ 157.237077][ T6492] netlink_sendmsg+0x8e4/0xcb0 [ 157.241846][ T6492] ? __pfx_netlink_sendmsg+0x10/0x10 [ 157.247125][ T6492] ? __import_iovec+0x536/0x820 [ 157.251970][ T6492] ? aa_sock_msg_perm+0x91/0x160 [ 157.256904][ T6492] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 157.262187][ T6492] ? security_socket_sendmsg+0x87/0xb0 [ 157.267735][ T6492] ? __pfx_netlink_sendmsg+0x10/0x10 [ 157.273018][ T6492] __sock_sendmsg+0x221/0x270 [ 157.277697][ T6492] ____sys_sendmsg+0x525/0x7d0 [ 157.282463][ T6492] ? __pfx_____sys_sendmsg+0x10/0x10 [ 157.287758][ T6492] __sys_sendmsg+0x2b0/0x3a0 [ 157.292351][ T6492] ? __pfx___sys_sendmsg+0x10/0x10 [ 157.297669][ T6492] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 157.304079][ T6492] ? do_syscall_64+0x100/0x230 [ 157.308837][ T6492] ? do_syscall_64+0xb6/0x230 [ 157.313525][ T6492] do_syscall_64+0xf3/0x230 [ 157.318018][ T6492] ? clear_bhb_loop+0x35/0x90 [ 157.322689][ T6492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.328573][ T6492] RIP: 0033:0x7fddfb775bd9 [ 157.333068][ T6492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.352753][ T6492] RSP: 002b:00007fddfc56b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 157.361170][ T6492] RAX: ffffffffffffffda RBX: 00007fddfb904038 RCX: 00007fddfb775bd9 [ 157.369132][ T6492] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 157.377091][ T6492] RBP: 00007fddfb7e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 157.385047][ T6492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.393008][ T6492] R13: 000000000000006e R14: 00007fddfb904038 R15: 00007ffd79c79848 [ 157.400987][ T6492] [ 157.652214][ T5110] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 158.243270][ T6508] sysfs: cannot create duplicate filename '/class/ieee80211/C|+i!‡3§rU&6 bÎOo¸ ' 1©|y' [ 158.275057][ T6508] CPU: 0 UID: 0 PID: 6508 Comm: syz.3.270 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 158.285177][ T6508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 158.295259][ T6508] Call Trace: [ 158.298554][ T6508] [ 158.301500][ T6508] dump_stack_lvl+0x241/0x360 [ 158.306213][ T6508] ? __pfx_dump_stack_lvl+0x10/0x10 [ 158.311445][ T6508] ? __pfx__printk+0x10/0x10 [ 158.316082][ T6508] sysfs_warn_dup+0x8e/0xa0 [ 158.320617][ T6508] sysfs_do_create_link_sd+0xbe/0x110 [ 158.326021][ T6508] device_add_class_symlinks+0x1c5/0x250 [ 158.331690][ T6508] device_add+0x553/0xbf0 [ 158.336046][ T6508] wiphy_register+0x1d3f/0x2b30 [ 158.340918][ T6508] ? __pfx_wiphy_register+0x10/0x10 [ 158.346112][ T6508] ? minstrel_ht_alloc+0x72b/0x860 [ 158.351230][ T6508] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 158.357296][ T6508] ieee80211_register_hw+0x304a/0x3d30 [ 158.362768][ T6508] ? ieee80211_register_hw+0x1081/0x3d30 [ 158.368403][ T6508] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 158.374215][ T6508] ? __asan_memset+0x23/0x50 [ 158.378800][ T6508] ? __hrtimer_init+0x170/0x250 [ 158.383668][ T6508] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 158.389424][ T6508] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 158.395495][ T6508] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 158.402087][ T6508] ? kstrndup+0x5c/0xb0 [ 158.406244][ T6508] ? __asan_memcpy+0x40/0x70 [ 158.410833][ T6508] hwsim_new_radio_nl+0xe4c/0x21d0 [ 158.415955][ T6508] ? __pfx___nla_validate_parse+0x10/0x10 [ 158.421675][ T6508] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 158.427265][ T6508] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 158.433592][ T6508] genl_rcv_msg+0xb14/0xec0 [ 158.438085][ T6508] ? mark_lock+0x9a/0x360 [ 158.442417][ T6508] ? __pfx_genl_rcv_msg+0x10/0x10 [ 158.447474][ T6508] ? __pfx_lock_acquire+0x10/0x10 [ 158.452503][ T6508] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 158.458051][ T6508] ? __pfx___might_resched+0x10/0x10 [ 158.463350][ T6508] netlink_rcv_skb+0x1e3/0x430 [ 158.468124][ T6508] ? __pfx_genl_rcv_msg+0x10/0x10 [ 158.473147][ T6508] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 158.478449][ T6508] ? __netlink_deliver_tap+0x77e/0x7c0 [ 158.483916][ T6508] genl_rcv+0x28/0x40 [ 158.487895][ T6508] netlink_unicast+0x7f0/0x990 [ 158.492662][ T6508] ? __pfx_netlink_unicast+0x10/0x10 [ 158.497942][ T6508] ? __virt_addr_valid+0x183/0x530 [ 158.503050][ T6508] ? __check_object_size+0x49c/0x900 [ 158.508329][ T6508] ? bpf_lsm_netlink_send+0x9/0x10 [ 158.513445][ T6508] netlink_sendmsg+0x8e4/0xcb0 [ 158.518231][ T6508] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.523518][ T6508] ? tomoyo_socket_sendmsg_permission+0x12e/0x420 [ 158.529937][ T6508] ? security_socket_sendmsg+0x69/0xb0 [ 158.535483][ T6508] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 158.540768][ T6508] ? security_socket_sendmsg+0x87/0xb0 [ 158.546228][ T6508] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.551503][ T6508] __sock_sendmsg+0x221/0x270 [ 158.556182][ T6508] ____sys_sendmsg+0x525/0x7d0 [ 158.560950][ T6508] ? __pfx_____sys_sendmsg+0x10/0x10 [ 158.566242][ T6508] __sys_sendmsg+0x2b0/0x3a0 [ 158.570832][ T6508] ? __pfx___sys_sendmsg+0x10/0x10 [ 158.575973][ T6508] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 158.582303][ T6508] ? do_syscall_64+0x100/0x230 [ 158.587061][ T6508] ? do_syscall_64+0xb6/0x230 [ 158.591734][ T6508] do_syscall_64+0xf3/0x230 [ 158.596226][ T6508] ? clear_bhb_loop+0x35/0x90 [ 158.600897][ T6508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.606784][ T6508] RIP: 0033:0x7f0a25775bd9 [ 158.611192][ T6508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.630792][ T6508] RSP: 002b:00007f0a2646d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 158.639209][ T6508] RAX: ffffffffffffffda RBX: 00007f0a25904038 RCX: 00007f0a25775bd9 [ 158.647176][ T6508] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 158.655141][ T6508] RBP: 00007f0a257e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 158.663139][ T6508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 158.671113][ T6508] R13: 000000000000006e R14: 00007f0a25904038 R15: 00007fff4445b178 [ 158.679098][ T6508] [ 158.775734][ T5110] Bluetooth: hci1: Ignoring connect complete event for invalid link type [ 158.834591][ T5110] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 160.373931][ T6529] loop1: detected capacity change from 0 to 764 [ 160.403640][ T6517] loop2: detected capacity change from 0 to 32768 [ 161.098095][ T6529] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 161.126226][ T6517] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.272 (6517) [ 161.322270][ T6517] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 161.356545][ T6517] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 161.524557][ T6517] BTRFS info (device loop2): rebuilding free space tree [ 161.543879][ T6517] BTRFS info (device loop2): disabling free space tree [ 161.552250][ T6517] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 161.563200][ T6517] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 161.620479][ T6517] BTRFS info (device loop2): checking UUID tree [ 161.715346][ T5148] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 161.915961][ T5148] usb 1-1: Using ep0 maxpacket: 8 [ 161.934412][ T5148] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 161.960509][ T5148] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 162.000850][ T5148] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 162.007806][ T5767] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 162.044702][ T5148] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 162.080303][ T5148] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 162.119462][ T5148] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.158743][ T5148] usbtmc 1-1:16.0: bulk endpoints not found [ 162.984544][ T6575] netlink: 'syz.3.284': attribute type 2 has an invalid length. [ 163.010671][ T6575] netlink: 4 bytes leftover after parsing attributes in process `syz.3.284'. [ 163.033622][ T6576] netlink: 'syz.2.283': attribute type 12 has an invalid length. [ 163.041762][ T6572] netlink: 'syz.3.284': attribute type 1 has an invalid length. [ 163.077926][ T6572] netlink: 9 bytes leftover after parsing attributes in process `syz.3.284'. [ 163.114827][ T6575] netlink: 24 bytes leftover after parsing attributes in process `syz.3.284'. [ 163.187343][ T6572] netlink: 20 bytes leftover after parsing attributes in process `syz.3.284'. [ 163.706584][ T5110] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 163.764315][ T6583] loop3: detected capacity change from 0 to 256 [ 163.784645][ T6583] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 163.789449][ T6583] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 164.839888][ T5148] usb 1-1: USB disconnect, device number 9 [ 165.006412][ T6598] loop0: detected capacity change from 0 to 764 [ 165.062091][ T6598] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 165.867113][ T25] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 166.216423][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 166.241349][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 166.272738][ T6616] netlink: 'syz.0.296': attribute type 2 has an invalid length. [ 166.283097][ T25] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 166.292991][ T6616] netlink: 4 bytes leftover after parsing attributes in process `syz.0.296'. [ 166.303654][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.343944][ T25] usb 4-1: config 0 descriptor?? [ 166.370781][ T6616] tunl0: entered promiscuous mode [ 166.392329][ T6616] netlink: 'syz.0.296': attribute type 1 has an invalid length. [ 166.407267][ T6616] netlink: 9 bytes leftover after parsing attributes in process `syz.0.296'. [ 166.417781][ T6612] netlink: 24 bytes leftover after parsing attributes in process `syz.0.296'. [ 166.462440][ T6616] netlink: 20 bytes leftover after parsing attributes in process `syz.0.296'. [ 166.473120][ T6599] loop4: detected capacity change from 0 to 32768 [ 166.502975][ T6599] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.290 (6599) [ 166.560609][ T6599] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 166.591422][ T6599] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 166.750651][ T6599] BTRFS info (device loop4): rebuilding free space tree [ 166.837259][ T6599] BTRFS info (device loop4): disabling free space tree [ 166.840972][ T6599] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 166.842492][ T6609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.842762][ T6599] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 166.842903][ T6609] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.846526][ T25] hid (null): invalid report_size 12391 [ 166.863797][ T25] hid-generic 0003:0158:0100.000A: unknown main item tag 0x1 [ 166.879386][ T6599] BTRFS info (device loop4): checking UUID tree [ 166.910248][ T5104] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 166.933657][ T25] hid-generic 0003:0158:0100.000A: unexpected long global item [ 166.946184][ T25] hid-generic 0003:0158:0100.000A: probe with driver hid-generic failed with error -22 [ 167.148054][ T25] usb 4-1: USB disconnect, device number 4 [ 167.163489][ T5092] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 167.403356][ T6652] loop1: detected capacity change from 0 to 64 [ 167.416407][ T6652] hfs: unable to parse mount options [ 167.470115][ T6652] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 167.685434][ T1746] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 167.896996][ T1746] usb 5-1: Using ep0 maxpacket: 8 [ 167.932863][ T1746] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 168.117701][ T1746] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 168.234427][ T6664] loop1: detected capacity change from 0 to 764 [ 168.374738][ T1746] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 168.487557][ T6664] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 168.767815][ T1746] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 168.781181][ T1746] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 168.790710][ T1746] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.803345][ T1746] usbtmc 5-1:16.0: bulk endpoints not found [ 170.156993][ T6688] netlink: 'syz.1.312': attribute type 2 has an invalid length. [ 170.175565][ T6688] netlink: 4 bytes leftover after parsing attributes in process `syz.1.312'. [ 170.175683][ T5143] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 170.208304][ T6686] tunl0: entered promiscuous mode [ 170.262611][ T6686] netlink: 'syz.1.312': attribute type 1 has an invalid length. [ 170.272344][ T6686] netlink: 9 bytes leftover after parsing attributes in process `syz.1.312'. [ 170.292245][ T6688] netlink: 24 bytes leftover after parsing attributes in process `syz.1.312'. [ 170.324457][ T6686] netlink: 20 bytes leftover after parsing attributes in process `syz.1.312'. [ 170.369423][ T5110] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 170.397152][ T5143] usb 1-1: no configurations [ 170.397178][ T5143] usb 1-1: can't read configurations, error -22 [ 170.548006][ T5143] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 170.694307][ T6682] loop3: detected capacity change from 0 to 32768 [ 170.707968][ T6682] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.311 (6682) [ 170.734995][ T6682] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 170.753182][ T6682] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 170.763051][ T5143] usb 1-1: no configurations [ 170.772394][ T5143] usb 1-1: can't read configurations, error -22 [ 170.785575][ T5143] usb usb1-port1: attempt power cycle [ 170.835703][ T6713] loop2: detected capacity change from 0 to 64 [ 170.843292][ T6713] hfs: unable to parse mount options [ 170.872881][ T1146] usb 5-1: USB disconnect, device number 5 [ 170.892242][ T6713] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 170.994577][ T6682] BTRFS info (device loop3): rebuilding free space tree [ 171.088940][ T6682] BTRFS info (device loop3): disabling free space tree [ 171.110780][ T6682] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 171.141695][ T6682] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 171.168978][ T5104] Bluetooth: hci4: unexpected event 0x2f length: 763 > 260 [ 171.183309][ T6682] BTRFS info (device loop3): checking UUID tree [ 171.227915][ T5143] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 171.297008][ T5143] usb 1-1: no configurations [ 171.301653][ T5143] usb 1-1: can't read configurations, error -22 [ 171.372213][ T6728] sysfs: cannot create duplicate filename '/class/ieee80211/C|+i!‡3§rU&6 bÎOo¸ ' 1©|y' [ 171.383346][ T6728] CPU: 0 UID: 0 PID: 6728 Comm: syz.2.318 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 171.393450][ T6728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 171.403530][ T6728] Call Trace: [ 171.406836][ T6728] [ 171.409797][ T6728] dump_stack_lvl+0x241/0x360 [ 171.414531][ T6728] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.419767][ T6728] ? __pfx__printk+0x10/0x10 [ 171.424396][ T6728] ? sysfs_warn_dup+0x51/0xa0 [ 171.429108][ T6728] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 171.434690][ T6728] sysfs_warn_dup+0x8e/0xa0 [ 171.439223][ T6728] sysfs_do_create_link_sd+0xbe/0x110 [ 171.444611][ T6728] device_add_class_symlinks+0x1c5/0x250 [ 171.450764][ T6728] device_add+0x553/0xbf0 [ 171.455097][ T6728] wiphy_register+0x1d3f/0x2b30 [ 171.459963][ T6728] ? __pfx_wiphy_register+0x10/0x10 [ 171.465154][ T6728] ? minstrel_ht_alloc+0x72b/0x860 [ 171.470276][ T6728] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 171.476347][ T6728] ieee80211_register_hw+0x304a/0x3d30 [ 171.481818][ T6728] ? ieee80211_register_hw+0x1081/0x3d30 [ 171.487459][ T6728] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 171.493267][ T6728] ? debug_init+0x4b/0x230 [ 171.497693][ T6728] ? __asan_memset+0x23/0x50 [ 171.502275][ T6728] ? __hrtimer_init+0x170/0x250 [ 171.507125][ T6728] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 171.512861][ T6728] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 171.518922][ T6728] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 171.525522][ T6728] ? kstrndup+0x5c/0xb0 [ 171.529690][ T6728] ? __asan_memcpy+0x40/0x70 [ 171.534281][ T6728] hwsim_new_radio_nl+0xe4c/0x21d0 [ 171.539507][ T6728] ? __pfx___nla_validate_parse+0x10/0x10 [ 171.545239][ T6728] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 171.550829][ T6728] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 171.557174][ T6728] genl_rcv_msg+0xb14/0xec0 [ 171.561679][ T6728] ? mark_lock+0x9a/0x360 [ 171.566019][ T6728] ? __pfx_genl_rcv_msg+0x10/0x10 [ 171.571062][ T6728] ? __pfx_lock_acquire+0x10/0x10 [ 171.576135][ T6728] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 171.581677][ T6728] ? __pfx___might_resched+0x10/0x10 [ 171.586973][ T6728] netlink_rcv_skb+0x1e3/0x430 [ 171.591742][ T6728] ? __pfx_genl_rcv_msg+0x10/0x10 [ 171.596767][ T6728] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 171.602064][ T6728] ? __netlink_deliver_tap+0x77e/0x7c0 [ 171.607529][ T6728] genl_rcv+0x28/0x40 [ 171.611506][ T6728] netlink_unicast+0x7f0/0x990 [ 171.616279][ T6728] ? __pfx_netlink_unicast+0x10/0x10 [ 171.621610][ T6728] ? __virt_addr_valid+0x183/0x530 [ 171.626726][ T6728] ? __check_object_size+0x49c/0x900 [ 171.632008][ T6728] ? bpf_lsm_netlink_send+0x9/0x10 [ 171.637120][ T6728] netlink_sendmsg+0x8e4/0xcb0 [ 171.641892][ T6728] ? __pfx_netlink_sendmsg+0x10/0x10 [ 171.647167][ T6728] ? tomoyo_socket_sendmsg_permission+0x12e/0x420 [ 171.653580][ T6728] ? aa_sock_msg_perm+0x91/0x160 [ 171.658514][ T6728] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 171.663793][ T6728] ? security_socket_sendmsg+0x87/0xb0 [ 171.669361][ T6728] ? __pfx_netlink_sendmsg+0x10/0x10 [ 171.674637][ T6728] __sock_sendmsg+0x221/0x270 [ 171.679318][ T6728] ____sys_sendmsg+0x525/0x7d0 [ 171.684093][ T6728] ? __pfx_____sys_sendmsg+0x10/0x10 [ 171.689393][ T6728] __sys_sendmsg+0x2b0/0x3a0 [ 171.693988][ T6728] ? __pfx___sys_sendmsg+0x10/0x10 [ 171.699137][ T6728] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 171.705462][ T6728] ? do_syscall_64+0x100/0x230 [ 171.710231][ T6728] ? do_syscall_64+0xb6/0x230 [ 171.714903][ T6728] do_syscall_64+0xf3/0x230 [ 171.719399][ T6728] ? clear_bhb_loop+0x35/0x90 [ 171.724075][ T6728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.729970][ T6728] RIP: 0033:0x7f89d7b75bd9 [ 171.734381][ T6728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.753983][ T6728] RSP: 002b:00007f89d8a0f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 171.762484][ T6728] RAX: ffffffffffffffda RBX: 00007f89d7d04038 RCX: 00007f89d7b75bd9 [ 171.770450][ T6728] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 171.778414][ T6728] RBP: 00007f89d7be4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 171.786378][ T6728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 171.794338][ T6728] R13: 000000000000006e R14: 00007f89d7d04038 R15: 00007fff353cab48 [ 171.802316][ T6728] [ 171.976236][ T5143] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 172.022711][ T5593] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 172.042466][ T5143] usb 1-1: no configurations [ 172.055004][ T5143] usb 1-1: can't read configurations, error -22 [ 172.062386][ T5143] usb usb1-port1: unable to enumerate USB device [ 173.285083][ T5104] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 173.302975][ T6739] netlink: 'syz.4.324': attribute type 2 has an invalid length. [ 173.303000][ T6739] netlink: 4 bytes leftover after parsing attributes in process `syz.4.324'. [ 173.311304][ T6749] tunl0: entered promiscuous mode [ 173.326607][ T6749] netlink: 'syz.4.324': attribute type 1 has an invalid length. [ 173.326633][ T6749] netlink: 9 bytes leftover after parsing attributes in process `syz.4.324'. [ 173.463861][ T6739] netlink: 24 bytes leftover after parsing attributes in process `syz.4.324'. [ 174.271298][ T6744] netlink: 20 bytes leftover after parsing attributes in process `syz.4.324'. [ 174.765131][ T6764] netlink: 'syz.4.328': attribute type 12 has an invalid length. [ 174.795386][ T5145] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 175.010130][ T5145] usb 4-1: Using ep0 maxpacket: 8 [ 175.022652][ T5145] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 175.033522][ T5145] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 175.045005][ T5145] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 175.105295][ T5145] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 175.138388][ T5145] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 175.151190][ T5145] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.166591][ T5145] usbtmc 4-1:16.0: bulk endpoints not found [ 175.988822][ T6770] loop0: detected capacity change from 0 to 32768 [ 176.015405][ T6770] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.330 (6770) [ 176.121906][ T6770] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 176.148472][ T6770] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 176.308190][ T6770] BTRFS info (device loop0): rebuilding free space tree [ 176.398642][ T6770] BTRFS info (device loop0): disabling free space tree [ 176.427102][ T6770] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 176.450955][ T6770] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 176.481088][ T6770] BTRFS info (device loop0): checking UUID tree [ 176.577373][ T6800] loop2: detected capacity change from 0 to 256 [ 176.587624][ T6800] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 176.601767][ T6800] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 176.678488][ T5090] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 176.806325][ T6807] netlink: 16 bytes leftover after parsing attributes in process `syz.1.335'. [ 177.706609][ T6816] netlink: 'syz.2.338': attribute type 2 has an invalid length. [ 177.763755][ T1746] usb 4-1: USB disconnect, device number 5 [ 177.833622][ T6816] netlink: 4 bytes leftover after parsing attributes in process `syz.2.338'. [ 177.884555][ T6823] netlink: 'syz.2.338': attribute type 1 has an invalid length. [ 177.926985][ T6823] netlink: 9 bytes leftover after parsing attributes in process `syz.2.338'. [ 177.966442][ T6814] netlink: 24 bytes leftover after parsing attributes in process `syz.2.338'. [ 177.971029][ T5104] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 178.060856][ T6816] netlink: 20 bytes leftover after parsing attributes in process `syz.2.338'. [ 178.073202][ T5104] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 178.087978][ T6831] sysfs: cannot create duplicate filename '/class/ieee80211/C|+i!‡3§rU&6 bÎOo¸ ' 1©|y' [ 178.088017][ T6831] CPU: 0 UID: 0 PID: 6831 Comm: syz.3.341 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 178.088043][ T6831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 178.088056][ T6831] Call Trace: [ 178.088065][ T6831] [ 178.088074][ T6831] dump_stack_lvl+0x241/0x360 [ 178.088099][ T6831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.088115][ T6831] ? __pfx__printk+0x10/0x10 [ 178.088132][ T6831] ? sysfs_warn_dup+0x51/0xa0 [ 178.088147][ T6831] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 178.088167][ T6831] sysfs_warn_dup+0x8e/0xa0 [ 178.088182][ T6831] sysfs_do_create_link_sd+0xbe/0x110 [ 178.088198][ T6831] device_add_class_symlinks+0x1c5/0x250 [ 178.088213][ T6831] device_add+0x553/0xbf0 [ 178.088235][ T6831] wiphy_register+0x1d3f/0x2b30 [ 178.088263][ T6831] ? __pfx_wiphy_register+0x10/0x10 [ 178.088281][ T6831] ? ieee80211_register_hw+0x2daa/0x3d30 [ 178.088295][ T6831] ? ieee80211_register_hw+0x2e8f/0x3d30 [ 178.088314][ T6831] ieee80211_register_hw+0x304a/0x3d30 [ 178.088336][ T6831] ? ieee80211_register_hw+0x1081/0x3d30 [ 178.088355][ T6831] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 178.088375][ T6831] ? __asan_memset+0x23/0x50 [ 178.088386][ T6831] ? __hrtimer_init+0x170/0x250 [ 178.088401][ T6831] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 178.088428][ T6831] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 178.088440][ T6831] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 178.088454][ T6831] ? kstrndup+0x5c/0xb0 [ 178.088470][ T6831] ? __asan_memcpy+0x40/0x70 [ 178.088485][ T6831] hwsim_new_radio_nl+0xe4c/0x21d0 [ 178.088515][ T6831] ? __pfx___nla_validate_parse+0x10/0x10 [ 178.088531][ T6831] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 178.088564][ T6831] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 178.088585][ T6831] genl_rcv_msg+0xb14/0xec0 [ 178.088597][ T6831] ? mark_lock+0x9a/0x360 [ 178.088616][ T6831] ? __pfx_genl_rcv_msg+0x10/0x10 [ 178.088645][ T6831] ? __pfx_lock_acquire+0x10/0x10 [ 178.088658][ T6831] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 178.088671][ T6831] ? __pfx___might_resched+0x10/0x10 [ 178.088690][ T6831] netlink_rcv_skb+0x1e3/0x430 [ 178.088707][ T6831] ? __pfx_genl_rcv_msg+0x10/0x10 [ 178.088721][ T6831] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 178.088744][ T6831] ? __netlink_deliver_tap+0x77e/0x7c0 [ 178.088764][ T6831] genl_rcv+0x28/0x40 [ 178.088776][ T6831] netlink_unicast+0x7f0/0x990 [ 178.088796][ T6831] ? __pfx_netlink_unicast+0x10/0x10 [ 178.088809][ T6831] ? __virt_addr_valid+0x183/0x530 [ 178.088826][ T6831] ? __check_object_size+0x49c/0x900 [ 178.088840][ T6831] ? bpf_lsm_netlink_send+0x9/0x10 [ 178.088855][ T6831] netlink_sendmsg+0x8e4/0xcb0 [ 178.088874][ T6831] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.088889][ T6831] ? __import_iovec+0x536/0x820 [ 178.088905][ T6831] ? aa_sock_msg_perm+0x91/0x160 [ 178.088919][ T6831] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 178.088932][ T6831] ? security_socket_sendmsg+0x87/0xb0 [ 178.088950][ T6831] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.088963][ T6831] __sock_sendmsg+0x221/0x270 [ 178.088984][ T6831] ____sys_sendmsg+0x525/0x7d0 [ 178.089003][ T6831] ? __pfx_____sys_sendmsg+0x10/0x10 [ 178.089026][ T6831] __sys_sendmsg+0x2b0/0x3a0 [ 178.089041][ T6831] ? __pfx___sys_sendmsg+0x10/0x10 [ 178.089080][ T6831] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 178.089095][ T6831] ? do_syscall_64+0x100/0x230 [ 178.089108][ T6831] ? do_syscall_64+0xb6/0x230 [ 178.089120][ T6831] do_syscall_64+0xf3/0x230 [ 178.089131][ T6831] ? clear_bhb_loop+0x35/0x90 [ 178.089146][ T6831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.089159][ T6831] RIP: 0033:0x7f0a25775bd9 [ 178.089173][ T6831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.089185][ T6831] RSP: 002b:00007f0a2646d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 178.089200][ T6831] RAX: ffffffffffffffda RBX: 00007f0a25904038 RCX: 00007f0a25775bd9 [ 178.089209][ T6831] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 178.089217][ T6831] RBP: 00007f0a257e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 178.089229][ T6831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.089238][ T6831] R13: 000000000000006e R14: 00007f0a25904038 R15: 00007fff4445b178 [ 178.089257][ T6831] [ 179.057765][ T5104] Bluetooth: hci1: Ignoring connect complete event for invalid link type [ 179.067827][ T5104] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 180.864453][ T6859] netlink: 'syz.0.347': attribute type 12 has an invalid length. [ 181.335478][ T5110] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260 [ 181.353037][ T5098] Bluetooth: hci0: command 0x0406 tx timeout [ 181.359939][ T5110] Bluetooth: hci1: command tx timeout [ 181.365429][ T5096] Bluetooth: hci2: command 0x0406 tx timeout [ 181.504386][ T6868] loop1: detected capacity change from 0 to 256 [ 181.539252][ T6868] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 181.548019][ T6868] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 182.335413][ T1146] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 182.625623][ T1146] usb 2-1: Using ep0 maxpacket: 8 [ 182.686375][ T1146] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 182.719745][ T1146] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 182.827485][ T1146] usb 2-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 182.894228][ T1146] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 182.909808][ T6870] sysfs: cannot create duplicate filename '/class/ieee80211/C|+i!‡3§rU&6 bÎOo¸ ' 1©|y' [ 182.920478][ T6870] CPU: 0 UID: 0 PID: 6870 Comm: syz.3.349 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 182.930585][ T6870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 182.940671][ T6870] Call Trace: [ 182.943979][ T6870] [ 182.946932][ T6870] dump_stack_lvl+0x241/0x360 [ 182.951656][ T6870] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.956899][ T6870] ? __pfx__printk+0x10/0x10 [ 182.961527][ T6870] ? sysfs_warn_dup+0x51/0xa0 [ 182.966233][ T6870] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 182.971905][ T6870] sysfs_warn_dup+0x8e/0xa0 [ 182.976444][ T6870] sysfs_do_create_link_sd+0xbe/0x110 [ 182.981858][ T6870] device_add_class_symlinks+0x1c5/0x250 [ 182.987524][ T6870] device_add+0x553/0xbf0 [ 182.991868][ T6870] wiphy_register+0x1d3f/0x2b30 [ 182.996763][ T6870] ? __pfx_wiphy_register+0x10/0x10 [ 183.001992][ T6870] ? minstrel_ht_alloc+0x72b/0x860 [ 183.007138][ T6870] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 183.013483][ T6870] ieee80211_register_hw+0x304a/0x3d30 [ 183.018994][ T6870] ? ieee80211_register_hw+0x1081/0x3d30 [ 183.024680][ T6870] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 183.030516][ T6870] ? __asan_memset+0x23/0x50 [ 183.035115][ T6870] ? __hrtimer_init+0x170/0x250 [ 183.040144][ T6870] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 183.045888][ T6870] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 183.051951][ T6870] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 183.058537][ T6870] ? kstrndup+0x5c/0xb0 [ 183.062693][ T6870] ? __asan_memcpy+0x40/0x70 [ 183.067281][ T6870] hwsim_new_radio_nl+0xe4c/0x21d0 [ 183.072402][ T6870] ? __pfx___nla_validate_parse+0x10/0x10 [ 183.078140][ T6870] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 183.083814][ T6870] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 183.090158][ T6870] genl_rcv_msg+0xb14/0xec0 [ 183.094700][ T6870] ? mark_lock+0x9a/0x360 [ 183.099045][ T6870] ? __pfx_genl_rcv_msg+0x10/0x10 [ 183.104094][ T6870] ? __pfx_lock_acquire+0x10/0x10 [ 183.109122][ T6870] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 183.114670][ T6870] ? __pfx___might_resched+0x10/0x10 [ 183.120047][ T6870] netlink_rcv_skb+0x1e3/0x430 [ 183.124819][ T6870] ? __pfx_genl_rcv_msg+0x10/0x10 [ 183.129845][ T6870] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 183.135145][ T6870] ? __netlink_deliver_tap+0x77e/0x7c0 [ 183.140600][ T6870] ? netlink_deliver_tap+0x5f/0x1b0 [ 183.145798][ T6870] genl_rcv+0x28/0x40 [ 183.149790][ T6870] netlink_unicast+0x7f0/0x990 [ 183.154559][ T6870] ? __pfx_netlink_unicast+0x10/0x10 [ 183.159927][ T6870] ? __virt_addr_valid+0x183/0x530 [ 183.165127][ T6870] ? __check_object_size+0x49c/0x900 [ 183.170432][ T6870] ? bpf_lsm_netlink_send+0x9/0x10 [ 183.175668][ T6870] netlink_sendmsg+0x8e4/0xcb0 [ 183.180464][ T6870] ? __pfx_netlink_sendmsg+0x10/0x10 [ 183.185760][ T6870] ? aa_sock_msg_perm+0x91/0x160 [ 183.190708][ T6870] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 183.195996][ T6870] ? security_socket_sendmsg+0x87/0xb0 [ 183.201476][ T6870] ? __pfx_netlink_sendmsg+0x10/0x10 [ 183.206760][ T6870] __sock_sendmsg+0x221/0x270 [ 183.211450][ T6870] ____sys_sendmsg+0x525/0x7d0 [ 183.216229][ T6870] ? __pfx_____sys_sendmsg+0x10/0x10 [ 183.221703][ T6870] __sys_sendmsg+0x2b0/0x3a0 [ 183.226300][ T6870] ? __pfx___sys_sendmsg+0x10/0x10 [ 183.231443][ T6870] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 183.237772][ T6870] ? do_syscall_64+0x100/0x230 [ 183.242529][ T6870] ? do_syscall_64+0xb6/0x230 [ 183.247199][ T6870] do_syscall_64+0xf3/0x230 [ 183.251699][ T6870] ? clear_bhb_loop+0x35/0x90 [ 183.256375][ T6870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.262260][ T6870] RIP: 0033:0x7f0a25775bd9 [ 183.266760][ T6870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.286377][ T6870] RSP: 002b:00007f0a2646d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 183.294808][ T6870] RAX: ffffffffffffffda RBX: 00007f0a25904038 RCX: 00007f0a25775bd9 [ 183.302783][ T6870] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 183.310752][ T6870] RBP: 00007f0a257e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 183.318718][ T6870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 183.326733][ T6870] R13: 000000000000006e R14: 00007f0a25904038 R15: 00007fff4445b178 [ 183.334805][ T6870] [ 183.342607][ T1146] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 183.355297][ T1146] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.491803][ T1146] usbtmc 2-1:16.0: bulk endpoints not found [ 183.845379][ T1146] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 184.027275][ T1146] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 184.043952][ T1146] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.088203][ T1146] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 184.101626][ T1146] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 184.257408][ T1146] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 184.268110][ T1146] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 184.284367][ T1146] usb 5-1: Manufacturer: syz [ 184.302121][ T1146] usb 5-1: config 0 descriptor?? [ 185.114446][ T25] usb 2-1: USB disconnect, device number 6 [ 185.245064][ T1146] appleir 0003:05AC:8243.000B: unknown main item tag 0x0 [ 185.374478][ T1146] appleir 0003:05AC:8243.000B: No inputs registered, leaving [ 185.386807][ T1146] appleir 0003:05AC:8243.000B: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 185.422537][ T6895] netlink: 16 bytes leftover after parsing attributes in process `syz.0.357'. [ 186.549802][ T4493] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 186.637665][ T5142] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 186.715860][ T25] usb 5-1: USB disconnect, device number 6 [ 186.763002][ T5104] Bluetooth: hci4: Ignoring connect complete event for invalid link type [ 186.774182][ T5104] Bluetooth: hci4: SCO packet for unknown connection handle 1039 [ 186.815384][ T5142] usb 2-1: Using ep0 maxpacket: 16 [ 186.865371][ T5142] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 186.909501][ T5142] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 186.937714][ T5142] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.964016][ T5142] usb 2-1: config 0 descriptor?? [ 187.046892][ T6922] loop0: detected capacity change from 0 to 256 [ 187.082041][ T6922] FAT-fs (loop0): Directory bread(block 64) failed [ 187.089988][ T6922] FAT-fs (loop0): Directory bread(block 65) failed [ 187.103455][ T6922] FAT-fs (loop0): Directory bread(block 66) failed [ 187.112165][ T6922] FAT-fs (loop0): Directory bread(block 67) failed [ 187.124871][ T6922] FAT-fs (loop0): Directory bread(block 68) failed [ 187.132124][ T6922] FAT-fs (loop0): Directory bread(block 69) failed [ 187.144809][ T6922] FAT-fs (loop0): Directory bread(block 70) failed [ 187.151842][ T6922] FAT-fs (loop0): Directory bread(block 71) failed [ 187.175355][ T6922] FAT-fs (loop0): Directory bread(block 72) failed [ 187.182068][ T6922] FAT-fs (loop0): Directory bread(block 73) failed [ 187.467305][ T6906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.486966][ T6906] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.521616][ T5142] hid (null): invalid report_size 12391 [ 187.562042][ T5142] hid-generic 0003:0158:0100.000C: unknown main item tag 0x1 [ 187.599894][ T5142] hid-generic 0003:0158:0100.000C: unexpected long global item [ 187.648876][ T5142] hid-generic 0003:0158:0100.000C: probe with driver hid-generic failed with error -22 [ 188.340107][ T5142] usb 2-1: USB disconnect, device number 7 [ 188.795389][ T1146] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 188.825314][ T6933] loop4: detected capacity change from 0 to 32768 [ 188.862735][ T6925] loop2: detected capacity change from 0 to 32768 [ 188.880970][ T6925] ======================================================= [ 188.880970][ T6925] WARNING: The mand mount option has been deprecated and [ 188.880970][ T6925] and is ignored by this kernel. Remove the mand [ 188.880970][ T6925] option from the mount to silence this warning. [ 188.880970][ T6925] ======================================================= [ 188.915948][ C0] vkms_vblank_simulate: vblank timer overrun [ 189.025497][ T1146] usb 1-1: Using ep0 maxpacket: 8 [ 189.027227][ T6933] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nocow [ 189.046889][ T6933] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 189.056531][ T6933] bcachefs (loop4): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 189.056531][ T6933] running recovery passes: check_allocations [ 189.077888][ T1146] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 189.099656][ T1146] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 189.118456][ T1146] usb 1-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 189.129639][ T6925] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 189.147069][ T1146] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 189.166513][ T1146] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 189.180827][ T1146] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.217153][ T1146] usbtmc 1-1:16.0: bulk endpoints not found [ 189.376133][ T6933] bcachefs (loop4): accounting_read... done [ 189.387446][ T6933] bcachefs (loop4): alloc_read... done [ 189.393283][ T6933] bcachefs (loop4): stripes_read... done [ 189.536773][ T6933] bcachefs (loop4): snapshots_read... done [ 189.794843][ T6961] netlink: 'syz.1.370': attribute type 3 has an invalid length. [ 189.803120][ T6961] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.370'. [ 189.848670][ T6933] bcachefs (loop4): check_allocations... [ 190.035154][ T6925] XFS (loop2): Ending clean mount [ 190.058729][ T6933] btree ptr not marked in member info btree allocated bitmap [ 190.058799][ T6933] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 190.107896][ T6933] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 10 [ 190.151865][ T6933] bcachefs (loop4): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 190.177139][ T6933] bcachefs (loop4): bch2_gc_btree(): error fsck_errors_not_fixed [ 190.185957][ T6933] bcachefs (loop4): bch2_gc_btrees(): error fsck_errors_not_fixed [ 190.198696][ T6933] bcachefs (loop4): bch2_check_allocations(): error fsck_errors_not_fixed [ 190.208775][ T6933] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 190.216852][ T6933] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 190.226472][ T6933] bcachefs (loop4): shutting down [ 190.230468][ T6964] loop3: detected capacity change from 0 to 512 [ 190.238486][ T6925] XFS (loop2): Quotacheck needed: Please wait. [ 190.286820][ T6933] bcachefs (loop4): shutdown complete [ 190.309536][ T6964] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 190.309971][ T6964] EXT4-fs (loop3): orphan cleanup on readonly fs [ 190.310054][ T6964] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #4: comm syz.3.371: pblk 0 bad header/extent: invalid magic - magic 50a, entries 0, max 4(0), depth 0(0) [ 190.310732][ T6964] EXT4-fs error (device loop3): ext4_quota_enable:7039: comm syz.3.371: Bad quota inode: 4, type: 1 [ 190.311118][ T6964] EXT4-fs warning (device loop3): ext4_enable_quotas:7080: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 190.329244][ T5104] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 190.331068][ T6964] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 190.332154][ T6964] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 190.383996][ T6925] XFS (loop2): Quotacheck: Done. [ 190.392588][ T5593] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.475118][ T5767] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 191.455622][ T5146] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 191.486502][ T5142] usb 1-1: USB disconnect, device number 14 [ 191.608543][ T6989] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.380'. [ 191.631408][ T6989] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4 [ 191.667461][ T5146] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 191.678600][ T5146] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 191.710861][ T5146] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 191.741184][ T5146] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 191.768457][ T5146] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 191.778204][ T5146] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 191.791873][ T5146] usb 4-1: Manufacturer: syz [ 191.880756][ T6981] loop2: detected capacity change from 0 to 40427 [ 191.926619][ T6981] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 191.965804][ T6981] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 192.023324][ T5146] usb 4-1: config 0 descriptor?? [ 192.042181][ T6981] F2FS-fs (loop2): Found nat_bits in checkpoint [ 192.672138][ T6981] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 192.713877][ T6981] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 193.079203][ T5146] appleir 0003:05AC:8243.000D: unknown main item tag 0x0 [ 193.091677][ T5146] appleir 0003:05AC:8243.000D: No inputs registered, leaving [ 193.109471][ T5146] appleir 0003:05AC:8243.000D: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 194.518504][ T5146] usb 4-1: USB disconnect, device number 6 [ 194.533124][ T4493] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 194.613781][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.613869][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.307307][ T5146] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 195.496768][ T5146] usb 4-1: Using ep0 maxpacket: 8 [ 195.523154][ T5146] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 195.576098][ T5146] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 195.613818][ T5146] usb 4-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 195.638186][ T5146] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 195.669419][ T5146] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 195.689124][ T5146] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.712634][ T5146] usbtmc 4-1:16.0: bulk endpoints not found [ 196.998797][ T5104] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 198.180922][ T1146] usb 4-1: USB disconnect, device number 7 [ 199.341167][ T7115] smc: net device batadv_slave_1 applied user defined pnetid SYZ2 [ 199.416611][ T4493] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 199.540248][ T7125] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 199.627366][ T5145] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 199.817482][ T5145] usb 4-1: Using ep0 maxpacket: 8 [ 199.831615][ T5145] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 199.860422][ T5145] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 199.872478][ T7132] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 199.883536][ T5145] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 199.897243][ T5145] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 199.907708][ T5145] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 199.921305][ T5145] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 199.931155][ T5145] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.945629][ T5145] usbtmc 4-1:16.0: probe with driver usbtmc failed with error -22 [ 200.385608][ T7140] netlink: 20 bytes leftover after parsing attributes in process `syz.4.431'. [ 200.519199][ T7145] netlink: 256 bytes leftover after parsing attributes in process `syz.2.432'. [ 201.005936][ T5145] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 201.061575][ T7170] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 201.171385][ T7176] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 201.186456][ T7176] netlink: 40 bytes leftover after parsing attributes in process `syz.1.444'. [ 201.215570][ T1146] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 201.220227][ T5145] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 201.236094][ T5145] usb 3-1: can't read configurations, error -61 [ 201.395576][ T5145] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 201.416934][ T1146] usb 1-1: Using ep0 maxpacket: 8 [ 201.427812][ T1146] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 201.458413][ T1146] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 201.474919][ T1146] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 201.508496][ T1146] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 201.524206][ T1146] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 201.540472][ T1146] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.562564][ T1146] usbtmc 1-1:16.0: bulk endpoints not found [ 201.608603][ T5145] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 201.617436][ T5145] usb 3-1: can't read configurations, error -61 [ 201.631247][ T5145] usb usb3-port1: attempt power cycle [ 201.691014][ T7199] bridge: RTM_DELNEIGH with unconfigured vlan 2 on bridge_slave_0 [ 202.065659][ T5145] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 202.124323][ T5145] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 202.182866][ T5145] usb 3-1: can't read configurations, error -61 [ 202.353449][ T5146] usb 4-1: USB disconnect, device number 8 [ 202.365569][ T5145] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 202.420453][ T5145] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 202.458483][ T5145] usb 3-1: can't read configurations, error -61 [ 202.476255][ T5145] usb usb3-port1: unable to enumerate USB device [ 203.909756][ T7255] loop3: detected capacity change from 0 to 512 [ 203.983078][ T7255] EXT4-fs (loop3): blocks per group (71) and clusters per group (32768) inconsistent [ 203.987629][ T5142] usb 1-1: USB disconnect, device number 15 [ 204.175511][ T5145] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 204.406276][ T5145] usb 3-1: Using ep0 maxpacket: 8 [ 204.420040][ T5145] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 204.455622][ T5145] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 204.465661][ T7275] Oops: stack segment: 0000 [#1] PREEMPT SMP KASAN PTI [ 204.465686][ T7275] CPU: 0 UID: 0 PID: 7275 Comm: syz.3.465 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 204.465708][ T7275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 204.465722][ T7275] RIP: 0010:bpf_xdp_redirect+0x59/0x1a0 [ 204.465754][ T7275] Code: 81 c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 b5 18 90 f8 48 8b 1b 4c 8d 63 38 4c 89 e5 48 c1 ed 03 <42> 0f b6 44 2d 00 84 c0 0f 85 d0 00 00 00 45 8b 34 24 44 89 f6 83 [ 204.465770][ T7275] RSP: 0018:ffffc9000326f098 EFLAGS: 00010202 [ 204.465787][ T7275] RAX: 1ffff11004d09300 RBX: 0000000000000000 RCX: 0000000000040000 [ 204.465799][ T7275] RDX: ffffc900035c9000 RSI: 00000000000004ba RDI: 00000000000004bb [ 204.465811][ T7275] RBP: 0000000000000007 R08: ffffffff895fff80 R09: 1ffff1100c0ff26c [ 204.465822][ T7275] R10: dffffc0000000000 R11: ffffed100c0ff26d R12: 0000000000000038 [ 204.465834][ T7275] R13: dffffc0000000000 R14: 1ffff9200064de55 R15: 0000000000000000 [ 204.465846][ T7275] FS: 00007f0a2648e6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 204.465861][ T7275] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 204.465873][ T7275] CR2: 0000001b3201fffc CR3: 000000002ea86000 CR4: 00000000003506f0 [ 204.465888][ T7275] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 204.465899][ T7275] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 204.465910][ T7275] Call Trace: [ 204.465916][ T7275] [ 204.465923][ T7275] ? __die_body+0x88/0xe0 [ 204.465947][ T7275] ? die+0xcf/0x110 [ 204.465970][ T7275] ? do_trap+0x15a/0x3a0 [ 204.465994][ T7275] ? do_error_trap+0x1dc/0x2c0 [ 204.466016][ T7275] ? __pfx_do_error_trap+0x10/0x10 [ 204.466038][ T7275] ? rcu_is_watching+0x15/0xb0 [ 204.466062][ T7275] ? exc_stack_segment+0x38/0x50 [ 204.466081][ T7275] ? asm_exc_stack_segment+0x26/0x30 [ 204.466102][ T7275] ? bpf_prog_run_generic_xdp+0x5f0/0x14c0 [ 204.466125][ T7275] ? bpf_xdp_redirect+0x59/0x1a0 [ 204.466147][ T7275] ? bpf_xdp_redirect+0x25/0x1a0 [ 204.466170][ T7275] bpf_prog_bd73926c2776e1d5+0x1a/0x1c [ 204.466185][ T7275] bpf_prog_run_generic_xdp+0x679/0x14c0 [ 204.466217][ T7275] do_xdp_generic+0x673/0xb90 [ 204.466236][ T7275] ? __pfx_validate_chain+0x10/0x10 [ 204.466262][ T7275] ? __pfx_do_xdp_generic+0x10/0x10 [ 204.466288][ T7275] __netif_receive_skb_core+0x1be6/0x4570 [ 204.466312][ T7275] ? mark_lock+0x9a/0x360 [ 204.466342][ T7275] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 204.466365][ T7275] ? mark_lock+0x9a/0x360 [ 204.466394][ T7275] ? __lock_acquire+0x1359/0x2000 [ 204.466425][ T7275] __netif_receive_skb+0x12f/0x650 [ 204.466448][ T7275] ? __pfx_lock_acquire+0x10/0x10 [ 204.466468][ T7275] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 204.466489][ T7275] ? __pfx___netif_receive_skb+0x10/0x10 [ 204.466509][ T7275] ? __kasan_slab_alloc+0x66/0x80 [ 204.466529][ T7275] ? read_tsc+0x9/0x20 [ 204.466546][ T7275] ? timekeeping_get_ns+0x2c0/0x420 [ 204.466569][ T7275] ? netif_receive_skb+0x131/0x890 [ 204.466590][ T7275] ? netif_receive_skb+0x131/0x890 [ 204.466610][ T7275] netif_receive_skb+0x1e8/0x890 [ 204.466630][ T7275] ? tun_rx_batched+0x160/0x8f0 [ 204.466647][ T7275] ? __pfx_netif_receive_skb+0x10/0x10 [ 204.466673][ T7275] ? tun_rx_batched+0x160/0x8f0 [ 204.466688][ T7275] tun_rx_batched+0x1b7/0x8f0 [ 204.466704][ T7275] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 204.466726][ T7275] ? __pfx_lock_acquire+0x10/0x10 [ 204.466745][ T7275] ? __pfx_tun_rx_batched+0x10/0x10 [ 204.466770][ T7275] tun_get_user+0x2f3b/0x4560 [ 204.466787][ T7275] ? tun_get_user+0x2a35/0x4560 [ 204.466809][ T7275] ? __pfx_tun_get_user+0x10/0x10 [ 204.466827][ T7275] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 204.466844][ T7275] ? tun_get+0x1e/0x2f0 [ 204.466866][ T7275] ? tun_get+0x1e/0x2f0 [ 204.466881][ T7275] ? tun_get+0x27d/0x2f0 [ 204.466896][ T7275] tun_chr_write_iter+0x113/0x1f0 [ 204.466914][ T7275] vfs_write+0xa72/0xc90 [ 204.466931][ T7275] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 204.466947][ T7275] ? __pfx_vfs_write+0x10/0x10 [ 204.466961][ T7275] ? do_futex+0x33b/0x560 [ 204.466998][ T7275] ksys_write+0x1a0/0x2c0 [ 204.467017][ T7275] ? __pfx_ksys_write+0x10/0x10 [ 204.467032][ T7275] ? do_syscall_64+0x100/0x230 [ 204.467050][ T7275] ? do_syscall_64+0xb6/0x230 [ 204.467066][ T7275] do_syscall_64+0xf3/0x230 [ 204.467080][ T7275] ? clear_bhb_loop+0x35/0x90 [ 204.467101][ T7275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.467120][ T7275] RIP: 0033:0x7f0a2577475f [ 204.467133][ T7275] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 204.467147][ T7275] RSP: 002b:00007f0a2648e010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 204.467170][ T7275] RAX: ffffffffffffffda RBX: 00007f0a25903f60 RCX: 00007f0a2577475f [ 204.467182][ T7275] RDX: 000000000000002a RSI: 0000000020000000 RDI: 00000000000000c8 [ 204.467194][ T7275] RBP: 00007f0a257e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 204.467206][ T7275] R10: 000000000000002a R11: 0000000000000293 R12: 0000000000000000 [ 204.467218][ T7275] R13: 000000000000000b R14: 00007f0a25903f60 R15: 00007fff4445b178 [ 204.467237][ T7275] [ 204.467243][ T7275] Modules linked in: [ 204.467277][ T7275] ---[ end trace 0000000000000000 ]--- [ 204.467295][ T7275] RIP: 0010:bpf_xdp_redirect+0x59/0x1a0 [ 204.483456][ T5145] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 204.492867][ T7275] Code: 81 c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 b5 18 90 f8 48 8b 1b 4c 8d 63 38 4c 89 e5 48 c1 ed 03 <42> 0f b6 44 2d 00 84 c0 0f 85 d0 00 00 00 45 8b 34 24 44 89 f6 83 [ 204.492892][ T7275] RSP: 0018:ffffc9000326f098 EFLAGS: 00010202 [ 204.492910][ T7275] RAX: 1ffff11004d09300 RBX: 0000000000000000 RCX: 0000000000040000 [ 204.492922][ T7275] RDX: ffffc900035c9000 RSI: 00000000000004ba RDI: 00000000000004bb [ 204.492934][ T7275] RBP: 0000000000000007 R08: ffffffff895fff80 R09: 1ffff1100c0ff26c [ 204.492946][ T7275] R10: dffffc0000000000 R11: ffffed100c0ff26d R12: 0000000000000038 [ 204.492960][ T7275] R13: dffffc0000000000 R14: 1ffff9200064de55 R15: 0000000000000000 [ 204.492974][ T7275] FS: 00007f0a2648e6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 204.492991][ T7275] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 204.493006][ T7275] CR2: 0000001b3201fffc CR3: 000000002ea86000 CR4: 00000000003506f0 [ 204.493023][ T7275] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 204.493035][ T7275] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 204.493051][ T7275] Kernel panic - not syncing: Fatal exception in interrupt [ 204.498664][ T7275] Kernel Offset: disabled