last executing test programs: 2.076128426s ago: executing program 4 (id=392): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x20, 0x1, 0x0, 0xffffffffffffffff, 0x8}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r0, 0x0, 0x5) fchdir(r2) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) move_mount(r4, &(0x7f0000000240)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0\x00', 0x247) 1.971114862s ago: executing program 4 (id=396): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r2, @ANYBLOB="00000016010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=@newlink={0x54, 0x10, 0x439, 0x70bd2c, 0xffffffea, {0x0, 0x0, 0xe403, r2, 0x40083}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @sit={{0x8}, {0x28, 0x2, 0x0, 0x1, [@IFLA_IPTUN_6RD_RELAY_PREFIX={0x8}, @IFLA_IPTUN_6RD_PREFIX={0x14, 0xb, @ipv4={'\x00', '\xff\xff', @multicast2}}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20008004}, 0x4040) 1.788695665s ago: executing program 4 (id=399): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xb, @empty, 0x1}, {0xa, 0x4e22, 0x2, @remote, 0x80000000}, r1, 0xfffffe4d}}, 0x48) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x111, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r3, 0x7}}, 0x48) syz_emit_ethernet(0x2a, &(0x7f0000000040)={@multicast, @empty, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @empty, @remote, @multicast, @remote}}}}, 0x0) 1.587704177s ago: executing program 3 (id=404): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x8, &(0x7f0000000a00)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@jmp={0x6, 0x0, 0xc, 0x0, 0x0, 0x1, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @exit, @cb_func={0x18, 0x0, 0x4, 0x0, 0xffffffffffffffff}]}, &(0x7f0000000100)='GPL\x00', 0x6, 0x10a, &(0x7f0000000280)=""/266, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) 1.587554046s ago: executing program 4 (id=405): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000100)=0x5, 0x20) 1.530027397s ago: executing program 0 (id=406): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) move_mount(r1, &(0x7f0000000240)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0\x00', 0x247) 1.490431889s ago: executing program 3 (id=407): munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) quotactl$Q_SETQUOTA(0xffffffff80000801, 0x0, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e23, @local}, @in6={0xa, 0x0, 0x6, @loopback, 0x7ff}], 0x2c) sendto$inet6(r0, &(0x7f0000000240)='\x00', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x7, 0x84, 0x2, 0x5, 0x5, 0xfd, 0x0, 0x0, 0xfd, 0x2, 0x3, 0x0, 0x2}, 0xe) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000000c0)=0x2, 0x4) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002440)=""/144, 0x90}, 0x7fffffff}], 0x1, 0x40010000, 0x0) 1.423565726s ago: executing program 0 (id=409): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x300, 0x0, 0x1, 0x9, 0x0, 0x6}, 0x20) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) r0 = socket(0xa, 0x3, 0x1) setsockopt$inet6_int(r0, 0x29, 0x3e, &(0x7f00000000c0)=0x7f, 0x4) sendto$inet6(r0, &(0x7f0000000180)="c412", 0xffe6, 0x40, &(0x7f0000000240)={0xa, 0x4ea2, 0x5, @empty, 0x401}, 0x1c) 1.360041307s ago: executing program 0 (id=410): r0 = syz_open_procfs(0x0, &(0x7f0000000440)='projid_map\x00') bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xa, 0x10, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x29, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x1, 0x7e, 0x1, 0xffffffffffffffff, 0x2}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0xca, r1}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000005c0)={r1, 0x0, &(0x7f0000000140)=""/241}, 0x20) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000008000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x26, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)={0x14, 0x14, 0x301, 0x0, 0x0, {0xf}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x900, 0x0) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0x4, &(0x7f0000000100)=ANY=[@ANYRES16=r4], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @cgroup_sock_addr=0x20, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffdee}, 0x86) close_range(r0, 0xffffffffffffffff, 0x0) 1.31228881s ago: executing program 1 (id=411): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x41, 0x3, 0x200, 0x0, 0x0, 0x0, 0x98, 0x0, 0x168, 0x1f0, 0x1f0, 0x168, 0x1f0, 0x3, 0x0, {[{{@ip={@private, @empty, 0x0, 0xff, 'caif0\x00', 'wg1\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0xffffffffa0028000}}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@broadcast, @broadcast, 0x0, 0x0, 'team0\x00', 'veth1_to_hsr\x00', {0xff}, {}, 0x0, 0x1}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @remote, 0x8, 0xd, [0x2b, 0x50, 0x26, 0x19, 0x2c, 0x13, 0xe, 0x3e, 0x8, 0xc, 0x16, 0x28, 0xc81f, 0xd, 0x39], 0x0, 0x8, 0x3}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x260) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="340000001c00010029bd7000ffdbdf2507000000", @ANYRES32, @ANYBLOB="80007f0a0a0002000180c2000003000004000e8008000f"], 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x4044004) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="340000001c00010029bd7000ffdbdf2507000000", @ANYRES32=r1], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4040004) r2 = socket(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) 1.290806845s ago: executing program 1 (id=412): fcntl$setstatus(0xffffffffffffffff, 0x4, 0x4800) utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001200)=[{&(0x7f0000000180)=""/4096, 0x1000}, {0x0}], 0x2, 0x0, 0x6) 1.225778605s ago: executing program 1 (id=413): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000980)={0x802}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 1.14105491s ago: executing program 1 (id=414): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = open(&(0x7f0000000300)='.\x00', 0x100000, 0x0) flock(r1, 0x1) r2 = syz_open_procfs(0xffffffffffffffff, 0x0) read$FUSE(r2, 0x0, 0x0) r3 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(r3, 0x2) r4 = open(&(0x7f0000000180)='.\x00', 0x10000, 0x2) flock(r4, 0x2) close_range(r0, 0xffffffffffffffff, 0x0) 1.05140534s ago: executing program 0 (id=415): r0 = msgget$private(0x0, 0x200) msgsnd(r0, &(0x7f0000000a40)=ANY=[@ANYRESDEC=r0], 0xff, 0x0) msgrcv(r0, 0x0, 0x0, 0xffffffffffffffff, 0x2000) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000700)={{0x2, 0xee01, 0x0, 0x0, 0x0, 0x60, 0x1}, 0x0, 0x0, 0x101, 0x8, 0x5, 0x8001, 0x6b5, 0x2, 0x5, 0xf}) 974.294436ms ago: executing program 1 (id=418): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0xfffffffffffffffc, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ptrace$getregset(0x4205, r0, 0x200, &(0x7f0000000080)={0x0}) 691.987846ms ago: executing program 2 (id=422): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x8001, @empty, 0xffffff5d}, 0x1c) listen(r0, 0x6) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x6e23, 0x5, @empty, 0x4}, 0x4a) listen(0xffffffffffffffff, 0x50) 682.684477ms ago: executing program 2 (id=423): fcntl$setstatus(0xffffffffffffffff, 0x4, 0x4800) utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001200)=[{&(0x7f0000000180)=""/4096, 0x1000}, {0x0}], 0x2, 0x0, 0x6) 647.456874ms ago: executing program 4 (id=424): sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0xc03, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x901800, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil}) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xa, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="7b87f20f", @ANYRES64=r4], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 543.785926ms ago: executing program 2 (id=425): r0 = socket$inet6(0xa, 0x3, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000013c0)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [0x0, 0x0, 0x0, 0xffffff00], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) syz_emit_ethernet(0x5e, &(0x7f0000000540)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @private2, @local, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @remote, @loopback}}}}}}, 0x0) 515.040177ms ago: executing program 3 (id=426): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000100)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000680)={0x2, {{0xa, 0x4620, 0x407, @mcast2, 0x7d}}, 0x1, 0x1, [{{0xa, 0x4e23, 0x2088, @private1}}]}, 0x110) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@random="9d3e485beb27", @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "ff00", 0x8, 0x3a, 0x0, @private1, @mcast2, {[], @echo_request={0x80, 0x0, 0x0, 0x4, 0x6}}}}}}, 0x0) 426.490534ms ago: executing program 3 (id=427): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xb, &(0x7f00000000c0)=0xffeffff8, 0x4) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e29}, 0x10) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x2102, 0x0, 0x0) 368.348099ms ago: executing program 2 (id=428): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000200000004"], 0x48) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) unshare(0x22020400) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3000001, 0x11, r0, 0x0) mlock(&(0x7f000011b000/0x3000)=nil, 0x3000) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) 324.802669ms ago: executing program 3 (id=429): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) open$dir(&(0x7f00000000c0)='./file0\x00', 0x40020, 0x8) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000300)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000340)=[{&(0x7f00000004c0)='\x00', 0x1}], 0x1}, 0x48043) r2 = dup(r1) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x48, 0xff}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, 0x0) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0x7) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000140)={0x0, 0x26e9, 0x5, 0x0, 0x10, 0x2, 0xf45}, 0x20) splice(r3, 0x0, r0, 0x0, 0xffff, 0x2) 311.366556ms ago: executing program 4 (id=430): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x101800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f00009b3000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000240)="b9800000c00f3235004000000f30b9fa000000130f01d9300d76c4020a1bf7b805000000b90000c0fe0f3cae0a41d941d9000f32ba00e500000f30660fc775022e0fba600c9864660ffc76002f3166b85766baa00066ed00d0", 0x59}], 0x1, 0x1, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000010000/0x18000)=nil, &(0x7f00000004c0)=[@textreal={0x8, 0x0}], 0x1, 0x2e, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 211.87831ms ago: executing program 2 (id=431): r0 = io_uring_setup(0x41d9, 0x0) io_uring_setup(0x5f2b, &(0x7f0000000000)={0x0, 0xb0fa, 0x1000, 0x0, 0x2b5, 0x0, r0}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz1\x00', 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000005c0)={r2, r1, 0x15, 0x0, @val=@kprobe_multi=@addrs={0x0, 0x0, 0x0, 0x0, 0xffffffff}}, 0x30) r3 = openat$cgroup_procs(r1, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000400), 0x12) r4 = socket$igmp(0x2, 0x3, 0x2) getsockopt$sock_buf(r4, 0x1, 0x1a, &(0x7f0000000840)=""/136, &(0x7f0000000ac0)=0x88) 196.201806ms ago: executing program 3 (id=432): socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_tracing={0x1a, 0x3, &(0x7f0000000300)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x237b3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00h'], 0x2c}}, 0x4000) r0 = io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 175.834238ms ago: executing program 0 (id=433): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x8001, @empty, 0xffffff5d}, 0x1c) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x6e23, 0x5, @empty, 0x4}, 0x4a) listen(r1, 0x50) 52.177746ms ago: executing program 2 (id=434): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000100)=0x5, 0x20) 38.050365ms ago: executing program 0 (id=435): r0 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x1ea1e2) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_freeze_timeout', 0x103a00, 0x160) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0xb, 0xc, "faf98357e5a1149989fc8dbec3bd02b82a128bbad0099cebdc25f5abb534464c516bdd8a0f3500", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d81cd4a524bd3ffe70c7f3f04002f7b6aa54cc50a1fcaed1e15ee3748", "715237641a8ccf162e43ac61f700000000009b4100", [0x9, 0xa]}}) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 0s ago: executing program 1 (id=436): munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) quotactl$Q_SETQUOTA(0xffffffff80000801, 0x0, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e23, @local}, @in6={0xa, 0x0, 0x6, @loopback, 0x7ff}], 0x2c) sendto$inet6(r0, &(0x7f0000000240)='\x00', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x7, 0x84, 0x2, 0x5, 0x5, 0xfd, 0x0, 0x0, 0xfd, 0x2, 0x3, 0x0, 0x2}, 0xe) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000000c0)=0x2, 0x4) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002440)=""/144, 0x90}, 0x7fffffff}], 0x1, 0x40010000, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.128' (ED25519) to the list of known hosts. [ 81.933973][ T5810] cgroup: Unknown subsys name 'net' [ 82.046029][ T5810] cgroup: Unknown subsys name 'cpuset' [ 82.055612][ T5810] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.638710][ T5810] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.883505][ T5827] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.888210][ T5829] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.896551][ T5827] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.902787][ T5829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.907023][ T5827] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.922134][ T5827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.929562][ T5827] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.937582][ T5829] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.938443][ T5827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.953283][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.983314][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.992445][ T5827] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.000339][ T5827] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.008624][ T5827] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.017849][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.018340][ T5827] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.041173][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.057008][ T5827] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.065414][ T5827] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.072960][ T5827] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.081377][ T5827] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.088719][ T5827] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.097988][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.106316][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.114090][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.631098][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 86.846457][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 86.864911][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.872809][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.880333][ T5839] bridge_slave_0: entered allmulticast mode [ 86.894157][ T5839] bridge_slave_0: entered promiscuous mode [ 86.914185][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.921395][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.942103][ T5839] bridge_slave_1: entered allmulticast mode [ 86.949945][ T5839] bridge_slave_1: entered promiscuous mode [ 87.085114][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.105092][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.115434][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 87.278336][ T5839] team0: Port device team_slave_0 added [ 87.288373][ T5839] team0: Port device team_slave_1 added [ 87.295527][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 87.318607][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 87.410025][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.417378][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.425267][ T5841] bridge_slave_0: entered allmulticast mode [ 87.433606][ T5841] bridge_slave_0: entered promiscuous mode [ 87.443510][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.450721][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.458620][ T5841] bridge_slave_1: entered allmulticast mode [ 87.465979][ T5841] bridge_slave_1: entered promiscuous mode [ 87.492472][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.499452][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.525796][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.589330][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.596413][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.622760][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.670789][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.678278][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.686586][ T5845] bridge_slave_0: entered allmulticast mode [ 87.694621][ T5845] bridge_slave_0: entered promiscuous mode [ 87.713181][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.726157][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.756326][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.764443][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.772111][ T5845] bridge_slave_1: entered allmulticast mode [ 87.780002][ T5845] bridge_slave_1: entered promiscuous mode [ 87.882058][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.889205][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.897128][ T5844] bridge_slave_0: entered allmulticast mode [ 87.904829][ T5844] bridge_slave_0: entered promiscuous mode [ 87.925422][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.938105][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.949390][ T5841] team0: Port device team_slave_0 added [ 87.962094][ T5839] hsr_slave_0: entered promiscuous mode [ 87.968630][ T5839] hsr_slave_1: entered promiscuous mode [ 87.975602][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.983709][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.990910][ T5844] bridge_slave_1: entered allmulticast mode [ 87.998471][ T5844] bridge_slave_1: entered promiscuous mode [ 88.004827][ T5838] Bluetooth: hci1: command tx timeout [ 88.004834][ T5144] Bluetooth: hci0: command tx timeout [ 88.037523][ T5841] team0: Port device team_slave_1 added [ 88.055028][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.062394][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.069640][ T5842] bridge_slave_0: entered allmulticast mode [ 88.077312][ T5842] bridge_slave_0: entered promiscuous mode [ 88.129355][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.136719][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.144216][ T5842] bridge_slave_1: entered allmulticast mode [ 88.151505][ T5842] bridge_slave_1: entered promiscuous mode [ 88.160586][ T5845] team0: Port device team_slave_0 added [ 88.166796][ T5838] Bluetooth: hci4: command tx timeout [ 88.166804][ T5144] Bluetooth: hci2: command tx timeout [ 88.172441][ T5144] Bluetooth: hci3: command tx timeout [ 88.187465][ T5845] team0: Port device team_slave_1 added [ 88.205036][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.212139][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.238174][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.252570][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.293679][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.300684][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.327768][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.341291][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.416421][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.429119][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.439350][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.446463][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.472631][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.507333][ T5844] team0: Port device team_slave_0 added [ 88.524721][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.531941][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.558419][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.587175][ T5844] team0: Port device team_slave_1 added [ 88.634502][ T5841] hsr_slave_0: entered promiscuous mode [ 88.641074][ T5841] hsr_slave_1: entered promiscuous mode [ 88.647664][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 88.654202][ T5841] Cannot create hsr debugfs directory [ 88.679124][ T5842] team0: Port device team_slave_0 added [ 88.721441][ T5842] team0: Port device team_slave_1 added [ 88.768617][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.776178][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.802306][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.831365][ T5845] hsr_slave_0: entered promiscuous mode [ 88.838017][ T5845] hsr_slave_1: entered promiscuous mode [ 88.844827][ T5845] debugfs: 'hsr0' already exists in 'hsr' [ 88.850593][ T5845] Cannot create hsr debugfs directory [ 88.875610][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.882732][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.908904][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.931733][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.938819][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.964788][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.022889][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.029896][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.056327][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.209962][ T5844] hsr_slave_0: entered promiscuous mode [ 89.216584][ T5844] hsr_slave_1: entered promiscuous mode [ 89.223417][ T5844] debugfs: 'hsr0' already exists in 'hsr' [ 89.229265][ T5844] Cannot create hsr debugfs directory [ 89.252898][ T5842] hsr_slave_0: entered promiscuous mode [ 89.259337][ T5842] hsr_slave_1: entered promiscuous mode [ 89.266219][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 89.272246][ T5842] Cannot create hsr debugfs directory [ 89.497639][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.539933][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.573788][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.602085][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.708519][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.733722][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.759436][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.792490][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.853229][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.879452][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.906549][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.919428][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.017094][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.033930][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.048425][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.059164][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 90.073854][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.083301][ T5838] Bluetooth: hci0: command tx timeout [ 90.083329][ T5144] Bluetooth: hci1: command tx timeout [ 90.170181][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.203898][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 90.215138][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 90.225872][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 90.237765][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 90.244697][ T5144] Bluetooth: hci4: command tx timeout [ 90.246075][ T5838] Bluetooth: hci3: command tx timeout [ 90.250118][ T5144] Bluetooth: hci2: command tx timeout [ 90.293435][ T397] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.300856][ T397] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.317166][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.359827][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.367040][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.396631][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.464831][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.472029][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.489416][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.512993][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.520141][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.558766][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.587742][ T397] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.594942][ T397] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.633951][ T397] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.641133][ T397] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.672766][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.682703][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.715316][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.767672][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.796903][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.804122][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.830786][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.839711][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.846965][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.881672][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.888905][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.914627][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.921917][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.983969][ T5839] veth0_vlan: entered promiscuous mode [ 91.011664][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.027606][ T5839] veth1_vlan: entered promiscuous mode [ 91.100113][ T5839] veth0_macvtap: entered promiscuous mode [ 91.116365][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.131353][ T5839] veth1_macvtap: entered promiscuous mode [ 91.185503][ T5841] veth0_vlan: entered promiscuous mode [ 91.197617][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.222111][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.241222][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.255645][ T5841] veth1_vlan: entered promiscuous mode [ 91.280249][ T58] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.303333][ T58] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.313596][ T58] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.324721][ T58] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.354401][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.390333][ T5845] veth0_vlan: entered promiscuous mode [ 91.458803][ T5845] veth1_vlan: entered promiscuous mode [ 91.470461][ T5841] veth0_macvtap: entered promiscuous mode [ 91.511168][ T5841] veth1_macvtap: entered promiscuous mode [ 91.525529][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.541978][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.564358][ T5842] veth0_vlan: entered promiscuous mode [ 91.583202][ T5845] veth0_macvtap: entered promiscuous mode [ 91.628897][ T5842] veth1_vlan: entered promiscuous mode [ 91.638448][ T5845] veth1_macvtap: entered promiscuous mode [ 91.654366][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.663062][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.663183][ T5844] veth0_vlan: entered promiscuous mode [ 91.690005][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.693950][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.720689][ T5844] veth1_vlan: entered promiscuous mode [ 91.732323][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.774584][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.791703][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.798731][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 91.803154][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.849208][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.862935][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.908377][ T5842] veth0_macvtap: entered promiscuous mode [ 91.947779][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.000360][ T5842] veth1_macvtap: entered promiscuous mode [ 92.007640][ T5915] netlink: 4988 bytes leftover after parsing attributes in process `syz.0.1'. [ 92.020565][ T29] cfg80211: failed to load regulatory.db [ 92.026894][ T5915] openvswitch: netlink: Flow actions attr not present in new flow. [ 92.036490][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.046766][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.063081][ T5915] netlink: 4988 bytes leftover after parsing attributes in process `syz.0.1'. [ 92.072422][ T5915] openvswitch: netlink: Flow actions attr not present in new flow. [ 92.084408][ T5915] netlink: 4988 bytes leftover after parsing attributes in process `syz.0.1'. [ 92.104715][ T5915] openvswitch: netlink: Flow actions attr not present in new flow. [ 92.118211][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.139241][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.162884][ T5144] Bluetooth: hci0: command tx timeout [ 92.168388][ T5144] Bluetooth: hci1: command tx timeout [ 92.176831][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.189377][ T5844] veth0_macvtap: entered promiscuous mode [ 92.231361][ T5844] veth1_macvtap: entered promiscuous mode [ 92.270661][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.297247][ T5920] FAULT_INJECTION: forcing a failure. [ 92.297247][ T5920] name failslab, interval 1, probability 0, space 0, times 1 [ 92.314407][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.322341][ T5838] Bluetooth: hci3: command tx timeout [ 92.322378][ T5838] Bluetooth: hci4: command tx timeout [ 92.322866][ T5838] Bluetooth: hci2: command tx timeout [ 92.335987][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.346856][ T5920] CPU: 0 UID: 0 PID: 5920 Comm: syz.0.6 Not tainted syzkaller #0 PREEMPT(full) [ 92.346885][ T5920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 92.346905][ T5920] Call Trace: [ 92.346914][ T5920] [ 92.346922][ T5920] dump_stack_lvl+0xe8/0x150 [ 92.346964][ T5920] should_fail_ex+0x412/0x560 [ 92.347002][ T5920] should_failslab+0xa8/0x100 [ 92.347031][ T5920] __kmalloc_cache_noprof+0x88/0x660 [ 92.347054][ T5920] ? __sctp_v6_cmp_addr+0x1dc/0x510 [ 92.347084][ T5920] ? sctp_v6_cmp_addr+0x15/0xd0 [ 92.347099][ T5920] ? sctp_add_bind_addr+0x8c/0x370 [ 92.347118][ T5920] sctp_add_bind_addr+0x8c/0x370 [ 92.347174][ T5920] sctp_copy_local_addr_list+0x314/0x4f0 [ 92.347200][ T5920] ? sctp_copy_local_addr_list+0xa4/0x4f0 [ 92.347223][ T5920] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 92.347246][ T5920] ? sctp_v6_is_any+0x64/0x80 [ 92.347271][ T5920] ? sctp_copy_one_addr+0x93/0x360 [ 92.347296][ T5920] sctp_bind_addr_copy+0xb3/0x3c0 [ 92.347327][ T5920] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 92.347361][ T5920] sctp_connect_new_asoc+0x2ff/0x6b0 [ 92.347391][ T5920] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 92.347425][ T5920] ? __local_bh_enable_ip+0xd0/0x130 [ 92.347450][ T5920] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 92.347476][ T5920] ? security_sctp_bind_connect+0x7e/0x2c0 [ 92.347505][ T5920] sctp_sendmsg+0x1528/0x2c10 [ 92.347546][ T5920] ? __pfx_sctp_sendmsg+0x10/0x10 [ 92.347574][ T5920] ? aa_sk_perm+0x6d5/0x900 [ 92.347612][ T5920] ? __pfx_aa_sk_perm+0x10/0x10 [ 92.347645][ T5920] ? sock_rps_record_flow+0x19/0x400 [ 92.347672][ T5920] ? __pfx_inet_sendmsg+0x10/0x10 [ 92.347701][ T5920] ? inet_sendmsg+0x2f4/0x370 [ 92.347728][ T5920] ? __pfx_inet_sendmsg+0x10/0x10 [ 92.347765][ T5920] __sys_sendto+0x5de/0x710 [ 92.347792][ T5920] ? __pfx___sys_sendto+0x10/0x10 [ 92.347814][ T5920] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 92.347856][ T5920] ? __fget_files+0x3a0/0x420 [ 92.347886][ T5920] ? ksys_write+0x242/0x270 [ 92.347913][ T5920] ? __pfx_ksys_write+0x10/0x10 [ 92.347942][ T5920] __x64_sys_sendto+0xde/0x100 [ 92.347971][ T5920] do_syscall_64+0x14d/0xf80 [ 92.347997][ T5920] ? trace_irq_disable+0x3b/0x150 [ 92.348015][ T5920] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.348037][ T5920] ? clear_bhb_loop+0x40/0x90 [ 92.348063][ T5920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.348084][ T5920] RIP: 0033:0x7fb70f79c819 [ 92.348112][ T5920] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 92.348129][ T5920] RSP: 002b:00007fb7105dc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 92.348152][ T5920] RAX: ffffffffffffffda RBX: 00007fb70fa15fa0 RCX: 00007fb70f79c819 [ 92.348167][ T5920] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000004 [ 92.348180][ T5920] RBP: 00007fb7105dc090 R08: 000020000005ffe4 R09: 000000000000001c [ 92.348193][ T5920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 92.348205][ T5920] R13: 00007fb70fa16038 R14: 00007fb70fa15fa0 R15: 00007fb70fb3fa48 [ 92.348238][ T5920] [ 92.716647][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.786074][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.794164][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.880806][ T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.896304][ T5924] kAFS: unable to lookup cell '' [ 92.908178][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.919289][ T5924] netlink: 76 bytes leftover after parsing attributes in process `syz.3.4'. [ 92.975806][ T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.988601][ T49] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.003250][ T29] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 93.012623][ T411] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.021985][ T411] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.042331][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.058454][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.130412][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.191370][ T29] usb 1-1: Using ep0 maxpacket: 32 [ 93.217318][ T29] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 93.230459][ T29] usb 1-1: config 0 has an invalid descriptor of length 42, skipping remainder of the config [ 93.253329][ T29] usb 1-1: config 0 has no interface number 0 [ 93.260872][ T29] usb 1-1: config 0 interface 8 altsetting 32 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 93.274215][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.286434][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.296103][ T29] usb 1-1: config 0 interface 8 has no altsetting 0 [ 93.309652][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.323855][ T29] usb 1-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice=b8.00 [ 93.335301][ T5931] capability: warning: `syz.1.2' uses 32-bit capabilities (legacy support in use) [ 93.344636][ T29] usb 1-1: New USB device strings: Mfr=82, Product=126, SerialNumber=47 [ 93.354171][ T29] usb 1-1: Product: syz [ 93.358395][ T29] usb 1-1: Manufacturer: syz [ 93.387559][ T29] usb 1-1: SerialNumber: syz [ 93.407909][ T29] usb 1-1: config 0 descriptor?? [ 93.431492][ T29] usbhid 1-1:0.8: couldn't find an input interrupt endpoint [ 93.461454][ T5927] syzkaller0: entered promiscuous mode [ 93.467141][ T5927] syzkaller0: entered allmulticast mode [ 93.492825][ T397] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.506565][ T397] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.541359][ T5933] netlink: 'syz.1.9': attribute type 10 has an invalid length. [ 93.604260][ T5934] netlink: 'syz.1.9': attribute type 10 has an invalid length. [ 93.612653][ T5934] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9'. [ 93.689606][ T5935] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 93.704181][ T5935] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 94.252442][ T5838] Bluetooth: hci1: command tx timeout [ 94.252454][ T5144] Bluetooth: hci0: command tx timeout [ 94.402258][ T5838] Bluetooth: hci2: command tx timeout [ 94.402569][ T5144] Bluetooth: hci4: command tx timeout [ 94.407762][ T5838] Bluetooth: hci3: command tx timeout [ 94.466066][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.485086][ T5933] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 94.601215][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.626735][ T411] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.636374][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.671248][ T411] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.773863][ T397] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.793879][ T397] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.769247][ T5813] usb 1-1: USB disconnect, device number 2 [ 95.851198][ T5972] netlink: 28 bytes leftover after parsing attributes in process `syz.2.18'. [ 97.472283][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 97.589263][ T6002] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 97.622127][ T10] usb 1-1: device descriptor read/64, error -71 [ 97.650281][ T6002] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 97.708082][ T6005] syz.1.29 uses obsolete (PF_INET,SOCK_PACKET) [ 97.866905][ T6009] FAULT_INJECTION: forcing a failure. [ 97.866905][ T6009] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 97.882256][ T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 97.911672][ T6009] CPU: 1 UID: 0 PID: 6009 Comm: syz.1.31 Not tainted syzkaller #0 PREEMPT(full) [ 97.911700][ T6009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 97.911713][ T6009] Call Trace: [ 97.911721][ T6009] [ 97.911729][ T6009] dump_stack_lvl+0xe8/0x150 [ 97.911763][ T6009] should_fail_ex+0x412/0x560 [ 97.911803][ T6009] _copy_from_user+0x2d/0xb0 [ 97.911828][ T6009] ___sys_sendmsg+0x1c6/0x360 [ 97.911860][ T6009] ? __pfx____sys_sendmsg+0x10/0x10 [ 97.911930][ T6009] ? __fget_files+0x2a/0x420 [ 97.911949][ T6009] ? __fget_files+0x3a0/0x420 [ 97.911978][ T6009] __x64_sys_sendmsg+0x1bd/0x2a0 [ 97.912008][ T6009] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 97.912045][ T6009] ? __pfx_ksys_write+0x10/0x10 [ 97.912080][ T6009] do_syscall_64+0x14d/0xf80 [ 97.912108][ T6009] ? trace_irq_disable+0x3b/0x150 [ 97.912127][ T6009] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.912147][ T6009] ? clear_bhb_loop+0x40/0x90 [ 97.912172][ T6009] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.912194][ T6009] RIP: 0033:0x7f6bb919c819 [ 97.912214][ T6009] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 97.912231][ T6009] RSP: 002b:00007f6bba02f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.912252][ T6009] RAX: ffffffffffffffda RBX: 00007f6bb9415fa0 RCX: 00007f6bb919c819 [ 97.912266][ T6009] RDX: 0000000004004890 RSI: 0000200000000180 RDI: 0000000000000003 [ 97.912279][ T6009] RBP: 00007f6bba02f090 R08: 0000000000000000 R09: 0000000000000000 [ 97.912291][ T6009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.912302][ T6009] R13: 00007f6bb9416038 R14: 00007f6bb9415fa0 R15: 00007f6bb953fa48 [ 97.912334][ T6009] [ 98.072232][ T10] usb 1-1: device descriptor read/64, error -71 [ 98.112075][ T6013] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 98.342269][ T10] usb usb1-port1: attempt power cycle [ 98.491933][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 98.558302][ T6025] netlink: 52 bytes leftover after parsing attributes in process `syz.4.36'. [ 98.583628][ T6025] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.591880][ T6025] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.660344][ T6028] netlink: 'syz.3.37': attribute type 13 has an invalid length. [ 98.669484][ T6030] netlink: 52 bytes leftover after parsing attributes in process `syz.4.36'. [ 98.687021][ T10] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 98.722953][ T10] usb 1-1: device descriptor read/8, error -71 [ 98.742141][ T5992] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 98.767230][ T6025] netlink: 8 bytes leftover after parsing attributes in process `syz.4.36'. [ 98.925393][ T5992] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.936893][ T5992] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.948081][ T5992] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 98.961651][ T5992] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 98.972168][ T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 98.990219][ T5992] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.002704][ T10] usb 1-1: device descriptor read/8, error -71 [ 99.024352][ T5992] usb 3-1: config 0 descriptor?? [ 99.112170][ T10] usb usb1-port1: unable to enumerate USB device [ 99.127851][ T6028] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.136372][ T6028] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.331086][ T6028] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 99.350058][ T6028] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 100.305139][ T12] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.314424][ T12] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.361312][ T12] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.396857][ T12] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.973514][ T6048] loop2: detected capacity change from 0 to 7 [ 100.990288][ T5833] Dev loop2: unable to read RDB block 7 [ 101.000057][ T5833] loop2: AHDI p1 p2 p3 [ 101.044261][ T6051] syz_tun: entered allmulticast mode [ 101.056297][ T5833] loop2: partition table partially beyond EOD, truncated [ 101.073879][ T5833] loop2: p1 start 1818582900 is beyond EOD, truncated [ 101.088349][ T6046] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 101.102872][ T6049] syz_tun: left allmulticast mode [ 101.115535][ T5833] loop2: p3 start 335544320 is beyond EOD, truncated [ 101.140781][ T6046] sg_write: data in/out 393432/56 bytes for SCSI command 0x0-- guessing data in; [ 101.140781][ T6046] program syz.0.44 not setting count and/or reply_len properly [ 101.164578][ T6048] Dev loop2: unable to read RDB block 7 [ 101.172350][ T6048] loop2: AHDI p1 p2 p3 [ 101.177792][ T6048] loop2: partition table partially beyond EOD, truncated [ 101.186476][ T6048] loop2: p1 start 1818582900 is beyond EOD, truncated [ 101.196955][ T6048] loop2: p3 start 335544320 is beyond EOD, truncated [ 101.648056][ T6060] warning: `syz.4.47' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 101.880498][ T6063] tipc: Failed to remove unknown binding: 66,1,1/0:780937804/780937806 [ 102.109117][ T5992] usbhid 3-1:0.0: can't add hid device: -71 [ 102.116533][ T5992] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 102.173686][ T6060] tipc: Failed to remove unknown binding: 66,1,1/0:2544469406/2544469408 [ 102.310895][ T5992] usb 3-1: USB disconnect, device number 2 [ 102.545654][ T6076] process 'syz.2.52' launched './file1' with NULL argv: empty string added [ 102.659523][ T6077] FAULT_INJECTION: forcing a failure. [ 102.659523][ T6077] name failslab, interval 1, probability 0, space 0, times 0 [ 102.673856][ T6077] CPU: 1 UID: 0 PID: 6077 Comm: syz.1.51 Tainted: G L syzkaller #0 PREEMPT(full) [ 102.673892][ T6077] Tainted: [L]=SOFTLOCKUP [ 102.673899][ T6077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 102.673911][ T6077] Call Trace: [ 102.673919][ T6077] [ 102.673928][ T6077] dump_stack_lvl+0xe8/0x150 [ 102.673963][ T6077] should_fail_ex+0x412/0x560 [ 102.674004][ T6077] should_failslab+0xa8/0x100 [ 102.674035][ T6077] __kmalloc_noprof+0xe8/0x760 [ 102.674060][ T6077] ? tomoyo_encode2+0x27f/0x530 [ 102.674089][ T6077] tomoyo_encode2+0x27f/0x530 [ 102.674118][ T6077] tomoyo_check_unix_address+0x3d9/0x7f0 [ 102.674147][ T6077] ? tomoyo_check_unix_address+0x167/0x7f0 [ 102.674169][ T6077] ? __pfx_tomoyo_check_unix_address+0x10/0x10 [ 102.674214][ T6077] tomoyo_socket_sendmsg_permission+0x1d9/0x300 [ 102.674258][ T6077] security_socket_sendmsg+0x97/0x280 [ 102.674286][ T6077] ____sys_sendmsg+0x522/0x9f0 [ 102.674326][ T6077] ? __pfx_____sys_sendmsg+0x10/0x10 [ 102.674364][ T6077] ? import_iovec+0x73/0xa0 [ 102.674394][ T6077] ___sys_sendmsg+0x2a5/0x360 [ 102.674428][ T6077] ? __pfx____sys_sendmsg+0x10/0x10 [ 102.674508][ T6077] __sys_sendmmsg+0x27c/0x4e0 [ 102.674543][ T6077] ? __pfx___sys_sendmmsg+0x10/0x10 [ 102.674570][ T6077] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 102.674627][ T6077] ? ksys_write+0x242/0x270 [ 102.674654][ T6077] ? __pfx_ksys_write+0x10/0x10 [ 102.674685][ T6077] __x64_sys_sendmmsg+0xa0/0xc0 [ 102.674717][ T6077] do_syscall_64+0x14d/0xf80 [ 102.674745][ T6077] ? trace_irq_disable+0x3b/0x150 [ 102.674764][ T6077] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.674785][ T6077] ? clear_bhb_loop+0x40/0x90 [ 102.674811][ T6077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.674833][ T6077] RIP: 0033:0x7f6bb919c819 [ 102.674853][ T6077] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 102.674870][ T6077] RSP: 002b:00007f6bba02f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 102.674892][ T6077] RAX: ffffffffffffffda RBX: 00007f6bb9415fa0 RCX: 00007f6bb919c819 [ 102.674908][ T6077] RDX: 0000000000000002 RSI: 00002000000065c0 RDI: 0000000000000003 [ 102.674920][ T6077] RBP: 00007f6bba02f090 R08: 0000000000000000 R09: 0000000000000000 [ 102.674933][ T6077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.674944][ T6077] R13: 00007f6bb9416038 R14: 00007f6bb9415fa0 R15: 00007f6bb953fa48 [ 102.674977][ T6077] [ 104.202267][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 104.595325][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 104.793137][ T10] usb 2-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 104.860595][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.022195][ T10] usb 2-1: Product: syz [ 105.417447][ T10] usb 2-1: Manufacturer: syz [ 105.458276][ T10] usb 2-1: SerialNumber: syz [ 105.495551][ T10] usb 2-1: config 0 descriptor?? [ 105.817620][ T10] RobotFuzz Open Source InterFace, OSIF 2-1:0.0: version d4.15 found at bus 002 address 002 [ 105.889281][ T6104] netlink: 32 bytes leftover after parsing attributes in process `syz.0.58'. [ 106.265767][ T29] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 106.441939][ T29] usb 3-1: Using ep0 maxpacket: 16 [ 106.458748][ T29] usb 3-1: config index 0 descriptor too short (expected 14385, got 56) [ 106.499413][ T29] usb 3-1: config 52 has too many interfaces: 52, using maximum allowed: 32 [ 106.520561][ T29] usb 3-1: config 52 has an invalid descriptor of length 52, skipping remainder of the config [ 106.559595][ T6108] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 106.567230][ T6108] IPv6: NLM_F_CREATE should be set when creating new route [ 106.574612][ T6108] IPv6: NLM_F_CREATE should be set when creating new route [ 106.590391][ T29] usb 3-1: config 52 has 0 interfaces, different from the descriptor's value: 52 [ 106.627944][ T29] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 106.642260][ T29] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 106.650575][ T29] usb 3-1: Manufacturer: syz [ 106.851101][ T6111] FAULT_INJECTION: forcing a failure. [ 106.851101][ T6111] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 106.899737][ T6111] CPU: 1 UID: 0 PID: 6111 Comm: syz.3.62 Tainted: G L syzkaller #0 PREEMPT(full) [ 106.899774][ T6111] Tainted: [L]=SOFTLOCKUP [ 106.899781][ T6111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 106.899792][ T6111] Call Trace: [ 106.899801][ T6111] [ 106.899810][ T6111] dump_stack_lvl+0xe8/0x150 [ 106.899847][ T6111] should_fail_ex+0x412/0x560 [ 106.899887][ T6111] _copy_from_user+0x2d/0xb0 [ 106.899911][ T6111] __sys_bpf+0x229/0x950 [ 106.899932][ T6111] ? __pfx___sys_bpf+0x10/0x10 [ 106.899963][ T6111] ? ksys_write+0x242/0x270 [ 106.899987][ T6111] ? __pfx_ksys_write+0x10/0x10 [ 106.900015][ T6111] __x64_sys_bpf+0x7c/0x90 [ 106.900046][ T6111] do_syscall_64+0x14d/0xf80 [ 106.900073][ T6111] ? trace_irq_disable+0x3b/0x150 [ 106.900091][ T6111] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.900112][ T6111] ? clear_bhb_loop+0x40/0x90 [ 106.900138][ T6111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.900159][ T6111] RIP: 0033:0x7fdf1479c819 [ 106.900179][ T6111] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 106.900195][ T6111] RSP: 002b:00007fdf15631028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 106.900218][ T6111] RAX: ffffffffffffffda RBX: 00007fdf14a15fa0 RCX: 00007fdf1479c819 [ 106.900232][ T6111] RDX: 0000000000000020 RSI: 00002000000003c0 RDI: 0000000000000009 [ 106.900245][ T6111] RBP: 00007fdf15631090 R08: 0000000000000000 R09: 0000000000000000 [ 106.900257][ T6111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.900269][ T6111] R13: 00007fdf14a16038 R14: 00007fdf14a15fa0 R15: 00007fdf14b3fa48 [ 106.900301][ T6111] [ 107.294432][ T6100] netlink: 16 bytes leftover after parsing attributes in process `syz.2.59'. [ 107.345545][ T5992] usb 2-1: USB disconnect, device number 2 [ 107.804660][ T6124] netlink: 48 bytes leftover after parsing attributes in process `syz.1.67'. [ 107.908999][ T6124] netlink: 8 bytes leftover after parsing attributes in process `syz.1.67'. [ 107.958399][ T5813] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 108.124548][ T5813] usb 1-1: config 4 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 108.137869][ T5813] usb 1-1: config 4 interface 0 has no altsetting 0 [ 108.159379][ T5813] usb 1-1: New USB device found, idVendor=046a, idProduct=0020, bcdDevice= 0.00 [ 108.194021][ T5813] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.254816][ T6122] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 108.255947][ T6127] bridge0: port 3(macvlan2) entered blocking state [ 108.310010][ T5813] usbhid 1-1:4.0: couldn't find an input interrupt endpoint [ 108.343402][ T6127] bridge0: port 3(macvlan2) entered disabled state [ 108.392312][ T6127] macvlan2: entered allmulticast mode [ 108.462259][ T6127] bridge0: entered allmulticast mode [ 108.513143][ T5813] usb 1-1: USB disconnect, device number 7 [ 108.753746][ T6127] macvlan2: left allmulticast mode [ 108.774876][ T6127] bridge0: left allmulticast mode [ 109.443821][ T5912] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 109.604199][ T5912] usb 1-1: config 0 has no interfaces? [ 109.611569][ T5912] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 109.621940][ T5912] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 109.631427][ T5912] usb 1-1: Manufacturer: syz [ 109.640076][ T5912] usb 1-1: config 0 descriptor?? [ 109.968186][ T29] usb 3-1: USB disconnect, device number 3 [ 110.108083][ T5912] usb 1-1: USB disconnect, device number 8 [ 110.136206][ T6152] netlink: 40 bytes leftover after parsing attributes in process `syz.2.76'. [ 110.353359][ T6142] netlink: 196 bytes leftover after parsing attributes in process `syz.4.72'. [ 110.433068][ T6158] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 110.554359][ T6165] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 110.874902][ T29] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 110.921893][ T5912] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 111.036604][ T29] usb 4-1: unable to get BOS descriptor or descriptor too short [ 111.046265][ T29] usb 4-1: language id specifier not provided by device, defaulting to English [ 111.066420][ T29] usb 4-1: New USB device found, idVendor=1235, idProduct=8201, bcdDevice= 0.40 [ 111.075789][ T5912] usb 1-1: Using ep0 maxpacket: 8 [ 111.084971][ T5912] usb 1-1: unable to get BOS descriptor or descriptor too short [ 111.097402][ T5912] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 111.116987][ T29] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.181451][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 111.193300][ T29] usb 4-1: Product: syz [ 111.197531][ T29] usb 4-1: Manufacturer: 롚婾ä᤼⁴䬋ᶔ쓹龯긳탲ӻ⧋㉔렐뵉唅㢯ୢ⫵꫌끮䆱퉥 [ 111.235893][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 111.261305][ T29] usb 4-1: SerialNumber: syz [ 111.270901][ T5912] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1 [ 111.311971][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 111.367141][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 111.488708][ T5912] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 111.527114][ T5912] usb 1-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 111.536565][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.547437][ T5912] usb 1-1: Product: syz [ 111.555552][ T5912] usb 1-1: Manufacturer: syz [ 111.560313][ T5912] usb 1-1: SerialNumber: syz [ 111.581289][ T6176] netlink: 48 bytes leftover after parsing attributes in process `syz.1.81'. [ 111.613333][ T5912] usb 1-1: config 0 descriptor?? [ 111.620749][ T6168] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 111.641080][ T5912] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 111.981584][ T5912] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -12 [ 112.025287][ T5912] usb 1-1: USB disconnect, device number 9 [ 112.070320][ T5843] udevd[5843]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 112.443677][ T5812] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 112.634000][ T5812] usb 3-1: Using ep0 maxpacket: 16 [ 112.645151][ T5812] usb 3-1: config index 0 descriptor too short (expected 52, got 36) [ 112.653682][ T5812] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 112.664654][ T5812] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 112.683572][ T5812] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 112.696599][ T5812] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.711062][ T5812] usb 3-1: Product: syz [ 112.711565][ T6194] loop5: detected capacity change from 0 to 7 [ 112.719370][ T5812] usb 3-1: Manufacturer: syz [ 112.733599][ T5812] usb 3-1: SerialNumber: syz [ 112.745980][ T6198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.85'. [ 113.563456][ T5812] usb 3-1: config 0 descriptor?? [ 113.604695][ T6194] loop5: p1 < > p3 p4 [ 113.633066][ T6194] loop5: partition table partially beyond EOD, truncated [ 113.722405][ T29] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 113.729569][ T6194] loop5: p3 size 3645588866 extends beyond EOD, truncated [ 113.744822][ T29] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 113.780896][ T6194] loop5: p4 start 33554432 is beyond EOD, truncated [ 113.802093][ T5813] usb 3-1: USB disconnect, device number 4 [ 113.862015][ T6204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.89'. [ 113.978563][ T29] usb 4-1: USB disconnect, device number 2 [ 114.150425][ T6207] loop2: detected capacity change from 0 to 7 [ 114.157237][ T5840] udevd[5840]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 114.190846][ T6207] Dev loop2: unable to read RDB block 7 [ 114.199276][ T6207] loop2: AHDI p1 p2 p3 [ 114.215687][ T5843] udevd[5843]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 114.218352][ T6207] loop2: partition table partially beyond EOD, [ 114.246388][ T6210] udevd[6210]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 114.269630][ T6207] truncated [ 114.287597][ T6207] loop2: p1 start 1818582900 is beyond EOD, truncated [ 114.313476][ T6207] loop2: p3 start 335544320 is beyond EOD, truncated [ 114.372571][ T6211] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 114.569936][ T6214] syz_tun: entered allmulticast mode [ 114.593723][ T6213] syz_tun: left allmulticast mode [ 115.089423][ T5899] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 115.242050][ T6227] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 115.255390][ T5899] usb 3-1: device descriptor read/64, error -71 [ 115.323161][ T30] audit: type=1800 audit(1775916520.462:2): pid=6236 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.97" name="memory.events" dev="tmpfs" ino=102 res=0 errno=0 [ 115.556374][ T5899] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 115.701223][ T5899] usb 3-1: device descriptor read/64, error -71 [ 115.834947][ T5899] usb usb3-port1: attempt power cycle [ 116.201921][ T5899] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 116.271921][ T5899] usb 3-1: device descriptor read/8, error -71 [ 116.531912][ T5899] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 116.564318][ T5899] usb 3-1: device descriptor read/8, error -71 [ 116.682237][ T5899] usb usb3-port1: unable to enumerate USB device [ 117.282225][ T5912] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 117.291899][ T5813] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 117.442789][ T5813] usb 5-1: Using ep0 maxpacket: 16 [ 117.453784][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.465689][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.476640][ T5813] usb 5-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.488658][ T5912] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 117.501986][ T5813] usb 5-1: config 0 interface 0 has no altsetting 0 [ 117.508802][ T5813] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 117.519392][ T5912] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 117.528849][ T5813] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.537221][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.549444][ T5813] usb 5-1: config 0 descriptor?? [ 117.564379][ T5912] usb 1-1: config 0 descriptor?? [ 117.571934][ T5812] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 117.739140][ T5812] usb 4-1: not running at top speed; connect to a high speed hub [ 117.770917][ T5812] usb 4-1: config 3 has an invalid interface number: 111 but max is 3 [ 117.798051][ T5812] usb 4-1: config 3 has an invalid interface number: 180 but max is 3 [ 117.815297][ T5812] usb 4-1: config 3 has an invalid interface number: 77 but max is 3 [ 117.824362][ T5812] usb 4-1: config 3 has an invalid interface number: 186 but max is 3 [ 117.837264][ T5812] usb 4-1: config 3 has an invalid interface number: 63 but max is 3 [ 117.849169][ T5812] usb 4-1: config 3 has an invalid interface number: 187 but max is 3 [ 117.858326][ T5812] usb 4-1: config 3 has 6 interfaces, different from the descriptor's value: 4 [ 117.868393][ T5812] usb 4-1: config 3 has no interface number 0 [ 117.880353][ T5812] usb 4-1: config 3 has no interface number 1 [ 117.887510][ T5812] usb 4-1: config 3 has no interface number 2 [ 117.894222][ T5812] usb 4-1: config 3 has no interface number 3 [ 118.029595][ T5912] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x4 [ 118.052779][ T5812] usb 4-1: config 3 has no interface number 4 [ 118.059073][ T5812] usb 4-1: config 3 has no interface number 5 [ 118.078491][ T5912] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 118.091120][ T5812] usb 4-1: config 3 interface 111 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 118.117540][ T5812] usb 4-1: config 3 interface 111 altsetting 1 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 118.132181][ T5812] usb 4-1: config 3 interface 111 altsetting 1 has an endpoint descriptor with address 0xB9, changing to 0x89 [ 118.147317][ T5812] usb 4-1: config 3 interface 111 altsetting 1 has a duplicate endpoint with address 0x89, skipping [ 118.160427][ T5812] usb 4-1: config 3 interface 111 altsetting 1 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 118.173090][ T5812] usb 4-1: config 3 interface 111 altsetting 1 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 118.184296][ T5812] usb 4-1: config 3 interface 111 altsetting 1 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 118.198127][ T5812] usb 4-1: config 3 interface 111 altsetting 1 endpoint 0xE has invalid maxpacket 1024, setting to 64 [ 118.210003][ T5812] usb 4-1: config 3 interface 111 altsetting 1 has a duplicate endpoint with address 0x5, skipping [ 118.258626][ T5899] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 118.295465][ T5812] usb 4-1: config 3 interface 111 altsetting 1 has a duplicate endpoint with address 0x8, skipping [ 118.306447][ T5812] usb 4-1: config 3 interface 111 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 118.318561][ T5812] usb 4-1: config 3 interface 111 altsetting 1 has 14 endpoint descriptors, different from the interface descriptor's value: 13 [ 118.432162][ T5899] usb 3-1: Using ep0 maxpacket: 32 [ 118.444067][ T5812] usb 4-1: config 3 interface 180 altsetting 64 has a duplicate endpoint with address 0xA, skipping [ 118.468359][ T5899] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 118.484178][ T5899] usb 3-1: config 0 has no interface number 0 [ 118.498518][ T5899] usb 3-1: config 0 interface 67 altsetting 0 has a duplicate endpoint with address 0x82, skipping [ 118.502117][ T5812] usb 4-1: config 3 interface 180 altsetting 64 has a duplicate endpoint with address 0xE, skipping [ 118.525933][ T5899] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 118.538465][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.619901][ T5899] usb 3-1: Product: syz [ 118.629385][ T5899] usb 3-1: Manufacturer: syz [ 118.641384][ T5899] usb 3-1: SerialNumber: syz [ 118.660480][ T5899] usb 3-1: config 0 descriptor?? [ 118.678882][ T5899] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 118.692666][ T5899] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -22 [ 118.714551][ T5812] usb 4-1: config 3 interface 180 altsetting 64 has a duplicate endpoint with address 0xD, skipping [ 118.750567][ T5812] usb 4-1: config 3 interface 180 altsetting 64 has a duplicate endpoint with address 0x6, skipping [ 118.804609][ T5812] usb 4-1: config 3 interface 180 altsetting 64 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 118.850908][ T5812] usb 4-1: config 3 interface 180 altsetting 64 has a duplicate endpoint with address 0xA, skipping [ 118.910721][ T5992] usb 3-1: USB disconnect, device number 9 [ 118.939099][ T5812] usb 4-1: config 3 interface 77 altsetting 112 has a duplicate endpoint with address 0x3, skipping [ 118.977379][ T5812] usb 4-1: config 3 interface 77 altsetting 112 has a duplicate endpoint with address 0xE, skipping [ 119.021650][ T5812] usb 4-1: config 3 interface 77 altsetting 112 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 119.057916][ T5812] usb 4-1: config 3 interface 77 altsetting 112 has a duplicate endpoint with address 0xA, skipping [ 119.094345][ T5812] usb 4-1: config 3 interface 77 altsetting 112 has a duplicate endpoint with address 0xA, skipping [ 119.129062][ T5812] usb 4-1: config 3 interface 77 altsetting 112 has 5 endpoint descriptors, different from the interface descriptor's value: 11 [ 119.178155][ T5812] usb 4-1: too many endpoints for config 3 interface 186 altsetting 162: 244, using maximum allowed: 30 [ 119.209639][ T5812] usb 4-1: config 3 interface 186 altsetting 162 has a duplicate endpoint with address 0x4, skipping [ 119.252412][ T5812] usb 4-1: config 3 interface 186 altsetting 162 has a duplicate endpoint with address 0x9, skipping [ 119.281704][ T5812] usb 4-1: config 3 interface 186 altsetting 162 has a duplicate endpoint with address 0x5, skipping [ 119.307365][ T5812] usb 4-1: config 3 interface 186 altsetting 162 has a duplicate endpoint with address 0x3, skipping [ 119.339036][ T5812] usb 4-1: config 3 interface 186 altsetting 162 has a duplicate endpoint with address 0x9, skipping [ 119.364792][ T5144] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 119.374158][ T5144] Bluetooth: hci0: Injecting HCI hardware error event [ 119.384623][ T5144] Bluetooth: hci0: hardware error 0x00 [ 119.386080][ T5812] usb 4-1: config 3 interface 186 altsetting 162 has 6 endpoint descriptors, different from the interface descriptor's value: 244 [ 119.438774][ T5812] usb 4-1: config 3 interface 63 altsetting 9 has a duplicate endpoint with address 0xF, skipping [ 119.511878][ T5812] usb 4-1: config 3 interface 63 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 119.550406][ T5812] usb 4-1: config 3 interface 63 altsetting 9 has 3 endpoint descriptors, different from the interface descriptor's value: 5 [ 119.653115][ T5812] usb 4-1: too many endpoints for config 3 interface 187 altsetting 83: 83, using maximum allowed: 30 [ 119.665831][ T5812] usb 4-1: config 3 interface 187 altsetting 83 has a duplicate endpoint with address 0x7, skipping [ 119.698809][ T5812] usb 4-1: config 3 interface 187 altsetting 83 has a duplicate endpoint with address 0x6, skipping [ 119.711144][ T5812] usb 4-1: config 3 interface 187 altsetting 83 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 119.723907][ T5812] usb 4-1: config 3 interface 187 altsetting 83 endpoint 0x8B has invalid maxpacket 14023, setting to 64 [ 119.735834][ T5812] usb 4-1: config 3 interface 187 altsetting 83 has 3 endpoint descriptors, different from the interface descriptor's value: 83 [ 119.757734][ T5812] usb 4-1: config 3 interface 111 has no altsetting 0 [ 119.766290][ T5812] usb 4-1: config 3 interface 180 has no altsetting 0 [ 119.775865][ T5812] usb 4-1: config 3 interface 77 has no altsetting 0 [ 119.785354][ T5812] usb 4-1: config 3 interface 186 has no altsetting 0 [ 119.819348][ T5812] usb 4-1: config 3 interface 63 has no altsetting 0 [ 119.847729][ T798] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 119.856866][ T5812] usb 4-1: config 3 interface 187 has no altsetting 0 [ 119.875428][ T5812] usb 4-1: Dual-Role OTG device on HNP port [ 119.884693][ T5812] usb 4-1: New USB device found, idVendor=2040, idProduct=026d, bcdDevice=2c.c4 [ 119.894800][ T5812] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.905076][ T5812] usb 4-1: Product: syz [ 119.909762][ T5812] usb 4-1: Manufacturer: ࡡ [ 119.915506][ T5812] usb 4-1: SerialNumber: syz [ 120.034687][ T798] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 120.050137][ T5912] usb 1-1: USB disconnect, device number 10 [ 120.059397][ T798] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 120.097002][ T798] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 120.115269][ T6265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.105'. [ 120.175009][ T798] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 190, setting to 64 [ 120.227164][ T798] usb 3-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 120.264800][ T5812] usb 4-1: USB disconnect, device number 3 [ 120.271291][ T798] usb 3-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 120.304246][ T798] usb 3-1: Product: syz [ 120.308828][ T798] usb 3-1: Manufacturer: syz [ 120.315693][ T798] usb 3-1: SerialNumber: syz [ 120.375226][ T798] usb 3-1: config 0 descriptor?? [ 120.381079][ T6257] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 120.469688][ T5912] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 120.551894][ T798] rc_core: IR keymap rc-imon-rsc not found [ 120.557839][ T798] Registered IR keymap rc-empty [ 120.612702][ T798] rc rc0: iMON Station as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 120.632838][ T5813] usbhid 5-1:0.0: can't add hid device: -71 [ 120.640585][ T798] input: iMON Station as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input8 [ 120.650840][ T5912] usb 1-1: Using ep0 maxpacket: 32 [ 120.659877][ T5813] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 120.680482][ T5912] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 120.722146][ T5912] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 120.753771][ T5813] usb 5-1: USB disconnect, device number 2 [ 120.759815][ T5912] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 120.775454][ T5912] usb 1-1: config 1 has no interface number 0 [ 120.781736][ T5912] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 120.888337][ T5912] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 120.914357][ T5912] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 120.944647][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.038530][ T5912] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 121.282406][ T6279] netlink: 8 bytes leftover after parsing attributes in process `syz.3.109'. [ 121.522464][ T5144] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 121.680327][ T5912] snd_usb_pod 1-1:1.1: set_interface failed [ 121.687070][ T5912] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 121.692708][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 121.702359][ T5912] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 121.740704][ T5912] usb 1-1: USB disconnect, device number 11 [ 121.872418][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 121.889333][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.904422][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.926467][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 121.950535][ T10] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 121.970365][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.006628][ T10] usb 4-1: config 0 descriptor?? [ 122.111845][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 122.875792][ T10] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 122.891935][ T10] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 122.936927][ T10] microsoft 0003:045E:07DA.0002: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 123.052628][ T10] microsoft 0003:045E:07DA.0002: no inputs found [ 123.073062][ T10] microsoft 0003:045E:07DA.0002: could not initialize ff, continuing anyway [ 124.171924][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 124.341897][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 124.356569][ T10] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 124.382016][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.390132][ T10] usb 5-1: Product: syz [ 124.411910][ T10] usb 5-1: Manufacturer: syz [ 124.416658][ T10] usb 5-1: SerialNumber: syz [ 124.425323][ T10] usb 5-1: config 0 descriptor?? [ 124.509910][ T6269] ip6gre1: entered promiscuous mode [ 124.518809][ T6269] ip6gre1: entered allmulticast mode [ 124.658748][ T29] usb 3-1: USB disconnect, device number 10 [ 124.664630][ T10] RobotFuzz Open Source InterFace, OSIF 5-1:0.0: version d4.15 found at bus 005 address 003 [ 124.728076][ T5826] usb 4-1: USB disconnect, device number 4 [ 124.831971][ T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 125.019303][ T10] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 125.054061][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.079246][ T10] usb 2-1: Product: syz [ 125.092455][ T10] usb 2-1: Manufacturer: syz [ 125.097122][ T10] usb 2-1: SerialNumber: syz [ 125.118350][ T6314] xt_connbytes: Forcing CT accounting to be enabled [ 125.125573][ T6314] set match dimension is over the limit! [ 125.156016][ T6315] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 125.163163][ T10] usb 2-1: config 0 descriptor?? [ 125.188334][ T10] ch341 2-1:0.0: ch341-uart converter detected [ 125.471818][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 126.037694][ T29] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 126.250810][ T29] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 126.273623][ T29] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.311557][ T29] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 126.351485][ T29] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 126.376510][ T10] usb 2-1: ch341-uart converter now attached to ttyUSB0 [ 126.391305][ T6335] bridge0: port 3(macvlan2) entered blocking state [ 126.423454][ T29] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.441099][ T6335] bridge0: port 3(macvlan2) entered disabled state [ 126.452254][ T6335] macvlan2: entered allmulticast mode [ 126.470722][ T6335] bridge0: entered allmulticast mode [ 126.492852][ T29] usb 3-1: config 0 descriptor?? [ 126.513381][ T6335] macvlan2: left allmulticast mode [ 126.521885][ T6335] bridge0: left allmulticast mode [ 126.594001][ T6299] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20003 [ 126.872601][ T6338] FAULT_INJECTION: forcing a failure. [ 126.872601][ T6338] name failslab, interval 1, probability 0, space 0, times 0 [ 126.886514][ T6338] CPU: 1 UID: 0 PID: 6338 Comm: syz.3.126 Tainted: G L syzkaller #0 PREEMPT(full) [ 126.886551][ T6338] Tainted: [L]=SOFTLOCKUP [ 126.886559][ T6338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 126.886571][ T6338] Call Trace: [ 126.886579][ T6338] [ 126.886588][ T6338] dump_stack_lvl+0xe8/0x150 [ 126.886636][ T6338] should_fail_ex+0x412/0x560 [ 126.886675][ T6338] should_failslab+0xa8/0x100 [ 126.886705][ T6338] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 126.886731][ T6338] ? __alloc_skb+0x1d0/0x7d0 [ 126.886754][ T6338] ? __local_bh_enable_ip+0xd0/0x130 [ 126.886787][ T6338] __alloc_skb+0x1d0/0x7d0 [ 126.886816][ T6338] rtmsg_ifinfo_build_skb+0x84/0x260 [ 126.886856][ T6338] rtnetlink_event+0x1b7/0x270 [ 126.886884][ T6338] notifier_call_chain+0x1be/0x400 [ 126.886927][ T6338] netif_set_mtu_ext+0x5aa/0x800 [ 126.886960][ T6338] ? __pfx_netif_set_mtu_ext+0x10/0x10 [ 126.886986][ T6338] ? mutex_is_locked+0x17/0x50 [ 126.887015][ T6338] ? rtnl_is_locked+0x15/0x20 [ 126.887041][ T6338] ? netif_state_change+0x241/0x3a0 [ 126.887066][ T6338] ? is_bpf_text_address+0x26/0x2b0 [ 126.887092][ T6338] ? validate_linkmsg+0x765/0x950 [ 126.887129][ T6338] do_setlink+0xa89/0x4590 [ 126.887158][ T6338] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 126.887193][ T6338] ? __pfx_do_setlink+0x10/0x10 [ 126.887219][ T6338] ? __lock_acquire+0x6b5/0x2cf0 [ 126.887269][ T6338] ? __mutex_trylock_common+0x158/0x260 [ 126.887303][ T6338] ? __pfx___mutex_trylock_common+0x10/0x10 [ 126.887344][ T6338] ? rcu_is_watching+0x15/0xb0 [ 126.887374][ T6338] ? trace_contention_end+0x3d/0x150 [ 126.887407][ T6338] ? __mutex_lock+0x319/0x1300 [ 126.887437][ T6338] ? __pfx___nla_validate_parse+0x10/0x10 [ 126.887471][ T6338] ? rtnl_newlink+0x883/0x1bb0 [ 126.887497][ T6338] ? __pfx___mutex_lock+0x10/0x10 [ 126.887538][ T6338] ? ns_capable+0x89/0xe0 [ 126.887572][ T6338] rtnl_newlink+0x14ca/0x1bb0 [ 126.887608][ T6338] ? __pfx_rtnl_newlink+0x10/0x10 [ 126.887641][ T6338] ? __lock_acquire+0x6b5/0x2cf0 [ 126.887675][ T6338] ? __lock_acquire+0x6b5/0x2cf0 [ 126.887704][ T6338] ? __lock_acquire+0x6b5/0x2cf0 [ 126.887743][ T6338] ? unwind_next_frame+0xa5/0x23c0 [ 126.887798][ T6338] ? __lock_acquire+0x6b5/0x2cf0 [ 126.887828][ T6338] ? is_bpf_text_address+0x26/0x2b0 [ 126.887854][ T6338] ? kernel_text_address+0xa5/0xe0 [ 126.887905][ T6338] ? __pfx_rtnl_newlink+0x10/0x10 [ 126.887928][ T6338] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 126.887955][ T6338] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 126.887977][ T6338] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 126.888003][ T6338] ? __lock_acquire+0x6b5/0x2cf0 [ 126.888041][ T6338] netlink_rcv_skb+0x232/0x4b0 [ 126.888065][ T6338] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 126.888095][ T6338] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 126.888130][ T6338] ? netlink_deliver_tap+0x2e/0x1b0 [ 126.888160][ T6338] netlink_unicast+0x80f/0x9b0 [ 126.888202][ T6338] ? __pfx_netlink_unicast+0x10/0x10 [ 126.888236][ T6338] ? netlink_sendmsg+0x650/0xb40 [ 126.888258][ T6338] ? skb_put+0x11b/0x210 [ 126.888293][ T6338] netlink_sendmsg+0x813/0xb40 [ 126.888415][ T6338] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.888452][ T6338] ? aa_sock_msg_perm+0xf1/0x1b0 [ 126.888486][ T6338] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 126.888516][ T6338] ____sys_sendmsg+0x972/0x9f0 [ 126.888554][ T6338] ? __pfx_____sys_sendmsg+0x10/0x10 [ 126.888592][ T6338] ? import_iovec+0x73/0xa0 [ 126.888621][ T6338] ___sys_sendmsg+0x2a5/0x360 [ 126.888655][ T6338] ? __pfx____sys_sendmsg+0x10/0x10 [ 126.888719][ T6338] ? __fget_files+0x2a/0x420 [ 126.888738][ T6338] ? __fget_files+0x3a0/0x420 [ 126.888769][ T6338] __x64_sys_sendmsg+0x1bd/0x2a0 [ 126.888800][ T6338] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 126.888838][ T6338] ? __pfx_ksys_write+0x10/0x10 [ 126.888875][ T6338] do_syscall_64+0x14d/0xf80 [ 126.888904][ T6338] ? trace_irq_disable+0x3b/0x150 [ 126.888924][ T6338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.888947][ T6338] ? clear_bhb_loop+0x40/0x90 [ 126.888973][ T6338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.888995][ T6338] RIP: 0033:0x7fdf1479c819 [ 126.889029][ T6338] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 126.889045][ T6338] RSP: 002b:00007fdf15631028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 126.889075][ T6338] RAX: ffffffffffffffda RBX: 00007fdf14a15fa0 RCX: 00007fdf1479c819 [ 126.889089][ T6338] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 126.889100][ T6338] RBP: 00007fdf15631090 R08: 0000000000000000 R09: 0000000000000000 [ 126.889113][ T6338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 126.889124][ T6338] R13: 00007fdf14a16038 R14: 00007fdf14a15fa0 R15: 00007fdf14b3fa48 [ 126.889156][ T6338] [ 127.510578][ T29] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 127.554568][ T6340] netlink: 'syz.0.127': attribute type 29 has an invalid length. [ 127.563972][ T6340] netlink: 8 bytes leftover after parsing attributes in process `syz.0.127'. [ 127.578956][ T6340] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 127.689977][ T10] usb 5-1: USB disconnect, device number 3 [ 127.753550][ T6343] loop2: detected capacity change from 0 to 7 [ 127.787770][ T6343] Dev loop2: unable to read RDB block 7 [ 127.803675][ T29] usb 2-1: USB disconnect, device number 3 [ 127.819024][ T29] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0 [ 127.828237][ T29] ch341 2-1:0.0: device disconnected [ 127.869140][ T6343] loop2: AHDI p1 p2 p3 [ 127.934297][ T6343] loop2: partition table partially beyond EOD, truncated [ 127.949722][ T6343] loop2: p1 start 1818582900 is beyond EOD, truncated [ 127.956885][ T6343] loop2: p3 start 335544320 is beyond EOD, truncated [ 128.218899][ T6352] syz_tun: entered allmulticast mode [ 128.254706][ T6351] syz_tun: left allmulticast mode [ 128.264304][ T6355] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 128.436338][ T6354] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 128.470096][ T6354] block device autoloading is deprecated and will be removed. [ 128.751903][ T5826] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 128.962455][ T5992] usb 3-1: reset full-speed USB device number 11 using dummy_hcd [ 128.996596][ T5826] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 129.010995][ T5826] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.032123][ T5826] usb 5-1: Product: syz [ 129.037683][ T5826] usb 5-1: Manufacturer: syz [ 129.046681][ T5826] usb 5-1: SerialNumber: syz [ 129.077268][ T5826] usb 5-1: config 0 descriptor?? [ 129.102329][ T5992] usb 3-1: device descriptor read/64, error -32 [ 129.318141][ T5826] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 129.352150][ T5992] usb 3-1: reset full-speed USB device number 11 using dummy_hcd [ 129.522005][ T5992] usb 3-1: device descriptor read/64, error -32 [ 129.768457][ T5912] IPVS: starting estimator thread 0... [ 129.779976][ T6364] IPVS: wlc: FWM 3 0x00000003 - no destination available [ 129.792944][ T5992] usb 3-1: reset full-speed USB device number 11 using dummy_hcd [ 129.854108][ T5992] usb 3-1: device descriptor read/8, error -32 [ 129.870696][ T6365] IPVS: using max 30 ests per chain, 72000 per kthread [ 130.122510][ T6373] loop9: detected capacity change from 0 to 524287872 [ 130.261880][ T5912] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 130.321456][ T6375] netlink: 8 bytes leftover after parsing attributes in process `syz.3.140'. [ 130.385256][ T5826] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 130.452490][ T5912] usb 2-1: Using ep0 maxpacket: 32 [ 130.490063][ T5912] usb 2-1: config 0 interface 0 has no altsetting 0 [ 130.509600][ T5912] usb 2-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 130.545084][ T5912] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.585983][ T5912] usb 2-1: config 0 descriptor?? [ 130.614377][ T6375] ip6tnl2: entered allmulticast mode [ 130.621293][ T6382] netlink: 14 bytes leftover after parsing attributes in process `syz.3.140'. [ 130.668192][ T5912] usb 2-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state [ 130.685748][ T5912] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 130.722479][ T5912] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+) [ 130.744430][ T5912] usb 2-1: media controller created [ 130.776038][ T5912] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 130.793849][ T5899] usb 3-1: USB disconnect, device number 11 [ 130.824853][ T6369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.833877][ T6369] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.143320][ T6382] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 131.194757][ T6382] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 131.231188][ T6382] bond0 (unregistering): Released all slaves [ 131.276147][ T5912] set interface failed [ 131.276491][ T5912] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 131.298533][ T5912] error writing reg: 0xff, val: 0x00 [ 131.434401][ T5912] dvb_usb_mxl111sf 2-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 131.490193][ T5912] usb 2-1: USB disconnect, device number 4 [ 131.598301][ T5899] usb 5-1: USB disconnect, device number 4 [ 131.774660][ T6396] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 132.006942][ T6405] netlink: 164 bytes leftover after parsing attributes in process `syz.4.148'. [ 132.056812][ T6404] netlink: 96 bytes leftover after parsing attributes in process `syz.2.146'. [ 133.232388][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.239279][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.796263][ T6438] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 134.696135][ T6447] netlink: 4 bytes leftover after parsing attributes in process `syz.1.159'. [ 134.712087][ T6447] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16) [ 134.720267][ T6447] openvswitch: netlink: Message has 16 unknown bytes. [ 134.764753][ T6447] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12) [ 134.771922][ T6447] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 134.849303][ T6447] vhci_hcd vhci_hcd.0: Device attached [ 135.092074][ T5899] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 135.271852][ T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 135.321877][ T5992] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 135.453639][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 135.461908][ T5992] usb 2-1: device descriptor read/64, error -71 [ 135.494507][ T10] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 135.515193][ T10] usb 5-1: config 0 has no interface number 0 [ 135.532204][ T6465] random: crng reseeded on system resumption [ 135.565686][ T10] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 135.589291][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.616849][ T6463] bond0 (unregistering): Released all slaves [ 135.630341][ T10] usb 5-1: Product: syz [ 135.635602][ T10] usb 5-1: Manufacturer: syz [ 135.651743][ T10] usb 5-1: SerialNumber: syz [ 135.688978][ T10] usb 5-1: config 0 descriptor?? [ 135.701954][ T5992] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 135.733938][ T10] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 135.757791][ T10] usb 5-1: selecting invalid altsetting 1 [ 135.780146][ T10] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 135.832085][ T5992] usb 2-1: device descriptor read/64, error -71 [ 135.845678][ T10] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 135.857296][ T10] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 135.894463][ T10] usb 5-1: media controller created [ 135.942767][ T5992] usb usb2-port1: attempt power cycle [ 135.954768][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 136.265276][ T6456] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.274314][ T6456] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.306421][ T10] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 136.313882][ T5992] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 136.372709][ T5992] usb 2-1: device descriptor read/8, error -71 [ 136.394925][ T6470] FAULT_INJECTION: forcing a failure. [ 136.394925][ T6470] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 136.446365][ T6470] CPU: 0 UID: 0 PID: 6470 Comm: syz.3.165 Tainted: G L syzkaller #0 PREEMPT(full) [ 136.446399][ T6470] Tainted: [L]=SOFTLOCKUP [ 136.446406][ T6470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 136.446418][ T6470] Call Trace: [ 136.446426][ T6470] [ 136.446434][ T6470] dump_stack_lvl+0xe8/0x150 [ 136.446469][ T6470] should_fail_ex+0x412/0x560 [ 136.446505][ T6470] _copy_from_iter+0x1d3/0x1670 [ 136.446531][ T6470] ? rcu_is_watching+0x15/0xb0 [ 136.446565][ T6470] ? __pfx__copy_from_iter+0x10/0x10 [ 136.446594][ T6470] ? netlink_sendmsg+0x650/0xb40 [ 136.446615][ T6470] ? skb_put+0x11b/0x210 [ 136.446642][ T6470] netlink_sendmsg+0x6c0/0xb40 [ 136.446674][ T6470] ? __pfx_netlink_sendmsg+0x10/0x10 [ 136.446706][ T6470] ? aa_sock_msg_perm+0xf1/0x1b0 [ 136.446740][ T6470] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 136.446767][ T6470] ____sys_sendmsg+0x972/0x9f0 [ 136.446804][ T6470] ? __pfx_____sys_sendmsg+0x10/0x10 [ 136.446840][ T6470] ? import_iovec+0x73/0xa0 [ 136.446867][ T6470] ___sys_sendmsg+0x2a5/0x360 [ 136.446899][ T6470] ? __pfx____sys_sendmsg+0x10/0x10 [ 136.446957][ T6470] ? __fget_files+0x2a/0x420 [ 136.446976][ T6470] ? __fget_files+0x3a0/0x420 [ 136.447004][ T6470] __x64_sys_sendmsg+0x1bd/0x2a0 [ 136.447034][ T6470] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 136.447071][ T6470] ? __pfx_ksys_write+0x10/0x10 [ 136.447106][ T6470] do_syscall_64+0x14d/0xf80 [ 136.447133][ T6470] ? trace_irq_disable+0x3b/0x150 [ 136.447151][ T6470] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.447172][ T6470] ? clear_bhb_loop+0x40/0x90 [ 136.447198][ T6470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.447227][ T6470] RIP: 0033:0x7fdf1479c819 [ 136.447247][ T6470] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 136.447264][ T6470] RSP: 002b:00007fdf15631028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 136.447287][ T6470] RAX: ffffffffffffffda RBX: 00007fdf14a15fa0 RCX: 00007fdf1479c819 [ 136.447301][ T6470] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 136.447313][ T6470] RBP: 00007fdf15631090 R08: 0000000000000000 R09: 0000000000000000 [ 136.447325][ T6470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.447337][ T6470] R13: 00007fdf14a16038 R14: 00007fdf14a15fa0 R15: 00007fdf14b3fa48 [ 136.447369][ T6470] [ 136.448766][ T10] usb 5-1: USB disconnect, device number 5 [ 136.482239][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 136.863500][ T5992] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 136.882710][ T5992] usb 2-1: device descriptor read/8, error -71 [ 136.993035][ T5992] usb usb2-port1: unable to enumerate USB device [ 137.338727][ T6482] trusted_key: syz.4.169 sent an empty control message without MSG_MORE. [ 137.697199][ T6496] netlink: 68 bytes leftover after parsing attributes in process `syz.0.173'. [ 137.921019][ T6500] Cannot find del_set index 0 as target [ 138.597230][ T6529] netlink: 48 bytes leftover after parsing attributes in process `syz.2.176'. [ 139.086007][ T6448] vhci_hcd: connection reset by peer [ 139.148166][ T36] vhci_hcd vhci_hcd.1: stop threads [ 139.164636][ T36] vhci_hcd vhci_hcd.1: release socket [ 139.224539][ T36] vhci_hcd vhci_hcd.1: disconnect device [ 139.533311][ T6558] binder: 6555:6558 ioctl 4018620d 0 returned -22 [ 139.613996][ T6558] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 139.621310][ T6558] IPv6: NLM_F_CREATE should be set when creating new route [ 139.877055][ T6558] Zero length message leads to an empty skb [ 139.911931][ T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 140.231505][ T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD4, changing to 0x84 [ 140.248132][ T5899] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 140.255870][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 51544, setting to 1024 [ 140.603563][ T10] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1024 [ 140.649420][ T10] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 140.658973][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.729931][ T10] usb 2-1: Product: syz [ 140.741943][ T5912] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 140.764111][ T10] usb 2-1: Manufacturer: syz [ 140.780273][ T10] usb 2-1: SerialNumber: syz [ 140.821476][ T10] usb 2-1: config 0 descriptor?? [ 140.845405][ T6557] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 141.011057][ T5912] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 141.066486][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.329034][ T5912] usb 1-1: config 0 descriptor?? [ 141.339849][ T5912] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 141.384760][ T6557] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 141.642562][ T5992] usb 3-1: new low-speed USB device number 12 using dummy_hcd [ 141.746401][ T6584] syzkaller1: entered promiscuous mode [ 141.756001][ T6584] syzkaller1: entered allmulticast mode [ 141.921746][ T5992] usb 3-1: Invalid ep0 maxpacket: 16 [ 142.051996][ T5992] usb 3-1: new low-speed USB device number 13 using dummy_hcd [ 142.129713][ T6587] netlink: 'syz.3.188': attribute type 32 has an invalid length. [ 142.147298][ T6587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.188'. [ 142.203586][ T6568] loop5: detected capacity change from 0 to 7 [ 142.211478][ T6568] Dev loop5: unable to read RDB block 7 [ 142.212498][ T5992] usb 3-1: Invalid ep0 maxpacket: 16 [ 142.218015][ T6568] loop5: AHDI p1 p2 p3 [ 142.218196][ T6568] loop5: partition table partially beyond EOD, truncated [ 142.239863][ T6568] loop5: p1 start 1601398130 is beyond EOD, truncated [ 142.248361][ T5992] usb usb3-port1: attempt power cycle [ 142.316223][ T6568] loop5: p2 start 1702059890 is beyond EOD, truncated [ 142.601963][ T5992] usb 3-1: new low-speed USB device number 14 using dummy_hcd [ 142.622675][ T5992] usb 3-1: Invalid ep0 maxpacket: 16 [ 142.750295][ T5899] usb 2-1: USB disconnect, device number 9 [ 142.792010][ T5992] usb 3-1: new low-speed USB device number 15 using dummy_hcd [ 142.842704][ T5992] usb 3-1: Invalid ep0 maxpacket: 16 [ 142.883198][ T5992] usb usb3-port1: unable to enumerate USB device [ 143.243710][ T5912] gspca_stv06xx: I2C: Read error writing address: -71 [ 143.260458][ T6597] lo: entered allmulticast mode [ 143.262754][ T5912] usb 1-1: USB disconnect, device number 12 [ 143.266435][ T6597] tunl0: entered allmulticast mode [ 143.293513][ T6597] gre0: entered allmulticast mode [ 143.322832][ T6597] gretap0: entered allmulticast mode [ 143.337551][ T6597] erspan0: entered allmulticast mode [ 143.352090][ T6597] ip_vti0: entered allmulticast mode [ 143.370777][ T6597] ip6_vti0: entered allmulticast mode [ 143.387455][ T6597] sit0: entered allmulticast mode [ 143.407771][ T6597] ip6tnl0: entered allmulticast mode [ 143.422179][ T6597] ip6gre0: entered allmulticast mode [ 143.438148][ T6597] syz_tun: entered allmulticast mode [ 143.452139][ T6597] ip6gretap0: entered allmulticast mode [ 143.468354][ T6597] bridge0: entered allmulticast mode [ 143.478555][ T6597] vcan0: entered allmulticast mode [ 143.492644][ T6597] team0: entered allmulticast mode [ 143.514722][ T6597] team_slave_0: entered allmulticast mode [ 143.541847][ T6597] team_slave_1: entered allmulticast mode [ 143.556961][ T6597] dummy0: entered allmulticast mode [ 143.573183][ T6597] nlmon0: entered allmulticast mode [ 143.588903][ T6597] caif0: entered allmulticast mode [ 143.596952][ T6597] batadv0: entered allmulticast mode [ 143.603791][ T6597] vxcan0: entered allmulticast mode [ 143.609298][ T6597] vxcan1: entered allmulticast mode [ 143.615947][ T6597] veth0: entered allmulticast mode [ 143.621388][ T6597] veth1: entered allmulticast mode [ 143.628922][ T6597] wg0: entered allmulticast mode [ 143.634259][ T6597] wg1: entered allmulticast mode [ 143.639509][ T6597] wg2: entered allmulticast mode [ 143.647265][ T6597] veth0_to_bridge: entered allmulticast mode [ 143.655436][ T6597] veth1_to_bridge: entered allmulticast mode [ 143.661965][ T6597] veth0_to_bond: entered allmulticast mode [ 143.672458][ T6597] bond_slave_0: entered allmulticast mode [ 143.679060][ T6597] veth1_to_bond: entered allmulticast mode [ 143.687952][ T6597] bond_slave_1: entered allmulticast mode [ 143.696440][ T6597] veth0_to_team: entered allmulticast mode [ 143.703086][ T6597] veth1_to_team: entered allmulticast mode [ 143.710455][ T6597] veth0_to_batadv: entered allmulticast mode [ 143.717148][ T6597] batadv_slave_0: entered allmulticast mode [ 143.723781][ T6597] veth1_to_batadv: entered allmulticast mode [ 143.730110][ T6597] batadv_slave_1: entered allmulticast mode [ 143.736871][ T6597] xfrm0: entered allmulticast mode [ 143.742661][ T6597] veth0_to_hsr: entered allmulticast mode [ 143.757029][ T6597] hsr_slave_0: entered allmulticast mode [ 143.764524][ T6597] veth1_to_hsr: entered allmulticast mode [ 143.770580][ T6597] hsr_slave_1: entered allmulticast mode [ 143.777714][ T6605] netlink: 'syz.4.196': attribute type 10 has an invalid length. [ 143.821202][ T6605] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 143.870689][ T6606] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 144.073631][ T6617] vcan0: tx drop: invalid sa for name 0x00000000000000fe [ 144.122174][ T6621] netlink: 'syz.3.199': attribute type 1 has an invalid length. [ 144.174591][ T6621] bond0: entered promiscuous mode [ 144.180124][ T6621] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.498310][ T6621] bond0: (slave bridge1): making interface the new active one [ 144.506061][ T6621] bridge1: entered promiscuous mode [ 144.513012][ T6621] bond0: (slave bridge1): Enslaving as an active interface with an up link [ 145.000937][ T6641] netlink: 4 bytes leftover after parsing attributes in process `syz.4.205'. [ 145.034508][ T6641] netlink: 4 bytes leftover after parsing attributes in process `syz.4.205'. [ 145.141615][ T6641] kvm: kvm [6634]: vcpu3, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0xffffff [ 145.511091][ T6647] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 145.632020][ T5992] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 145.933668][ T6656] netlink: 32 bytes leftover after parsing attributes in process `syz.3.211'. [ 145.954098][ T6656] netlink: 8 bytes leftover after parsing attributes in process `syz.3.211'. [ 145.962276][ T5992] usb 5-1: Using ep0 maxpacket: 16 [ 146.000883][ T5992] usb 5-1: config 0 has no interfaces? [ 146.164450][ T5992] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 146.183905][ T5992] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 146.205118][ T5992] usb 5-1: Manufacturer: syz [ 146.277446][ T5992] usb 5-1: config 0 descriptor?? [ 146.312904][ T6664] bridge0: port 3(macvlan2) entered blocking state [ 146.319632][ T6664] bridge0: port 3(macvlan2) entered disabled state [ 146.342232][ T6664] macvlan2: entered allmulticast mode [ 146.388526][ T5899] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 146.463223][ T6661] netlink: 388 bytes leftover after parsing attributes in process `syz.0.212'. [ 146.669993][ T6664] macvlan2: left allmulticast mode [ 146.702156][ T5899] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 146.807305][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.096469][ T5899] usb 3-1: Product: syz [ 147.123455][ T5899] usb 3-1: Manufacturer: syz [ 147.128120][ T5899] usb 3-1: SerialNumber: syz [ 147.242631][ T5899] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 147.312194][ T5992] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 147.559133][ T6651] netlink: 8 bytes leftover after parsing attributes in process `syz.2.208'. [ 147.623208][ T5912] usb 3-1: USB disconnect, device number 16 [ 148.446838][ T6678] ipip0: entered promiscuous mode [ 148.452128][ T6678] ipip0: entered allmulticast mode [ 148.554530][ T5992] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 148.592589][ T5899] usb 5-1: USB disconnect, device number 6 [ 148.602385][ T5992] ath9k_htc: Failed to initialize the device [ 148.615019][ T5912] usb 3-1: ath9k_htc: USB layer deinitialized [ 150.612062][ T6714] kvm: user requested TSC rate below hardware speed [ 152.726061][ T6783] netlink: 60 bytes leftover after parsing attributes in process `syz.0.258'. [ 153.134795][ T6801] netlink: 32 bytes leftover after parsing attributes in process `syz.4.265'. [ 154.559915][ T6853] loop6: detected capacity change from 0 to 7 [ 154.598829][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 154.608798][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 154.641873][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 154.651611][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 154.660122][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 154.669845][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 154.678285][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 154.687981][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 154.700655][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 154.710504][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 154.719864][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 154.730020][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 154.746568][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 154.756303][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 154.765075][ T6210] ldm_validate_partition_table(): Disk read failed. [ 154.775107][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 154.784798][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 154.796239][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 154.805956][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 154.814437][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 154.824097][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 154.836236][ T6210] Dev loop6: unable to read RDB block 0 [ 154.844101][ T6210] loop6: unable to read partition table [ 154.858355][ T6210] loop6: partition table beyond EOD, truncated [ 154.884391][ T6853] ldm_validate_partition_table(): Disk read failed. [ 154.917547][ T6853] Dev loop6: unable to read RDB block 0 [ 154.944927][ T6853] loop6: unable to read partition table [ 154.953862][ T6853] loop6: partition table beyond EOD, truncated [ 154.991825][ T6853] loop_reread_partitions: partition scan of loop6 (Wý* %4FLQk݊5) failed (rc=-5) [ 156.019145][ T6903] netlink: 19 bytes leftover after parsing attributes in process `syz.2.305'. [ 156.501653][ T30] audit: type=1804 audit(1775916561.652:3): pid=6921 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.313" name="/newroot/61/file0" dev="fuse" ino=1 res=1 errno=0 [ 156.953217][ T6941] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3254283991 (3254283991 ns) > initial count (192 ns). Using initial count to start timer. [ 158.594176][ T7004] netlink: 4 bytes leftover after parsing attributes in process `syz.3.343'. [ 159.538615][ T30] audit: type=1326 audit(1775916564.692:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7039 comm="syz.2.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5852f9c819 code=0x7ffc0000 [ 159.579720][ T30] audit: type=1326 audit(1775916564.692:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7039 comm="syz.2.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5852f9c819 code=0x7ffc0000 [ 159.603759][ T30] audit: type=1326 audit(1775916564.712:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7039 comm="syz.2.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5852f5d04e code=0x7ffc0000 [ 159.632084][ T30] audit: type=1326 audit(1775916564.712:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7039 comm="syz.2.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5852f9c819 code=0x7ffc0000 [ 159.656013][ T30] audit: type=1326 audit(1775916564.722:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7039 comm="syz.2.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5852f9c819 code=0x7ffc0000 [ 159.679222][ T30] audit: type=1326 audit(1775916564.722:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7039 comm="syz.2.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5852f9c819 code=0x7ffc0000 [ 159.709821][ T30] audit: type=1326 audit(1775916564.722:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7039 comm="syz.2.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5852f9c819 code=0x7ffc0000 [ 159.861684][ T30] audit: type=1326 audit(1775916564.722:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7039 comm="syz.2.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5852f9c819 code=0x7ffc0000 [ 159.861737][ T30] audit: type=1326 audit(1775916564.722:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7039 comm="syz.2.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5852f9c819 code=0x7ffc0000 [ 159.926573][ T7045] netlink: 4 bytes leftover after parsing attributes in process `syz.2.360'. [ 160.089878][ T7045] team0: Port device team_slave_0 removed [ 161.182596][ T7111] xt_TPROXY: Can be used only with -p tcp or -p udp [ 161.475783][ T7124] netlink: 28 bytes leftover after parsing attributes in process `syz.1.391'. [ 161.485100][ T7124] netlink: 24 bytes leftover after parsing attributes in process `syz.1.391'. [ 161.494872][ T7124] vlan0: entered promiscuous mode [ 163.706965][ T7231] [ 163.709367][ T7231] ====================================================== [ 163.716414][ T7231] WARNING: possible circular locking dependency detected [ 163.723479][ T7231] syzkaller #0 Tainted: G L [ 163.729490][ T7231] ------------------------------------------------------ [ 163.736523][ T7231] syz.0.435/7231 is trying to acquire lock: [ 163.742427][ T7231] ffff88801badda20 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9e/0x450 [ 163.752745][ T7231] [ 163.752745][ T7231] but task is already holding lock: [ 163.760121][ T7231] ffff8880262089e8 (&q->q_usage_counter(io)#22){++++}-{0:0}, at: lo_ioctl+0x1a51/0x1fb0 [ 163.769945][ T7231] [ 163.769945][ T7231] which lock already depends on the new lock. [ 163.769945][ T7231] [ 163.780364][ T7231] [ 163.780364][ T7231] the existing dependency chain (in reverse order) is: [ 163.789390][ T7231] [ 163.789390][ T7231] -> #2 (&q->q_usage_counter(io)#22){++++}-{0:0}: [ 163.798025][ T7231] blk_alloc_queue+0x546/0x680 [ 163.803341][ T7231] __blk_mq_alloc_disk+0x197/0x390 [ 163.809084][ T7231] loop_add+0x482/0xb40 [ 163.814166][ T7231] loop_init+0xd9/0x170 [ 163.818926][ T7231] do_one_initcall+0x250/0x8d0 [ 163.824499][ T7231] do_initcall_level+0x104/0x190 [ 163.829979][ T7231] do_initcalls+0x59/0xa0 [ 163.834858][ T7231] kernel_init_freeable+0x2a6/0x3e0 [ 163.840685][ T7231] kernel_init+0x1d/0x1d0 [ 163.845645][ T7231] ret_from_fork+0x51e/0xb90 [ 163.850787][ T7231] ret_from_fork_asm+0x1a/0x30 [ 163.856183][ T7231] [ 163.856183][ T7231] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 163.863420][ T7231] fs_reclaim_acquire+0x71/0x100 [ 163.868905][ T7231] kmem_cache_alloc_noprof+0x40/0x650 [ 163.874819][ T7231] __kernfs_iattrs+0xdf/0x340 [ 163.880065][ T7231] kernfs_iop_setattr+0xea/0x3f0 [ 163.885660][ T7231] notify_change+0xc1a/0xf40 [ 163.890805][ T7231] do_truncate+0x1c2/0x250 [ 163.895772][ T7231] path_openat+0x2f89/0x3860 [ 163.900925][ T7231] do_file_open+0x23e/0x4a0 [ 163.905972][ T7231] do_sys_openat2+0x113/0x200 [ 163.911194][ T7231] __x64_sys_openat+0x138/0x170 [ 163.916593][ T7231] do_syscall_64+0x14d/0xf80 [ 163.921757][ T7231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.928207][ T7231] [ 163.928207][ T7231] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 163.936784][ T7231] __lock_acquire+0x15a5/0x2cf0 [ 163.942277][ T7231] lock_acquire+0xf0/0x2e0 [ 163.947358][ T7231] down_read+0x47/0x2e0 [ 163.952160][ T7231] kernfs_iop_getattr+0x9e/0x450 [ 163.957647][ T7231] vfs_getattr_nosec+0x2e1/0x430 [ 163.963132][ T7231] loop_assign_backing_file+0x27a/0x4b0 [ 163.969221][ T7231] lo_ioctl+0x1acb/0x1fb0 [ 163.974122][ T7231] blkdev_ioctl+0x5e3/0x740 [ 163.979179][ T7231] __se_sys_ioctl+0xfc/0x170 [ 163.984310][ T7231] do_syscall_64+0x14d/0xf80 [ 163.989479][ T7231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.995924][ T7231] [ 163.995924][ T7231] other info that might help us debug this: [ 163.995924][ T7231] [ 164.006169][ T7231] Chain exists of: [ 164.006169][ T7231] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#22 [ 164.006169][ T7231] [ 164.020724][ T7231] Possible unsafe locking scenario: [ 164.020724][ T7231] [ 164.028281][ T7231] CPU0 CPU1 [ 164.033684][ T7231] ---- ---- [ 164.039068][ T7231] lock(&q->q_usage_counter(io)#22); [ 164.044477][ T7231] lock(fs_reclaim); [ 164.050996][ T7231] lock(&q->q_usage_counter(io)#22); [ 164.058911][ T7231] rlock(&root->kernfs_iattr_rwsem); [ 164.064319][ T7231] [ 164.064319][ T7231] *** DEADLOCK *** [ 164.064319][ T7231] [ 164.072482][ T7231] 3 locks held by syz.0.435/7231: [ 164.077525][ T7231] #0: ffff8880262d4448 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0x14c7/0x1fb0 [ 164.086705][ T7231] #1: ffff8880262089e8 (&q->q_usage_counter(io)#22){++++}-{0:0}, at: lo_ioctl+0x1a51/0x1fb0 [ 164.096926][ T7231] #2: ffff888026208a20 (&q->q_usage_counter(queue)#6){+.+.}-{0:0}, at: lo_ioctl+0x1a51/0x1fb0 [ 164.107319][ T7231] [ 164.107319][ T7231] stack backtrace: [ 164.113226][ T7231] CPU: 0 UID: 0 PID: 7231 Comm: syz.0.435 Tainted: G L syzkaller #0 PREEMPT(full) [ 164.113251][ T7231] Tainted: [L]=SOFTLOCKUP [ 164.113257][ T7231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 164.113267][ T7231] Call Trace: [ 164.113274][ T7231] [ 164.113281][ T7231] dump_stack_lvl+0xe8/0x150 [ 164.113307][ T7231] print_circular_bug+0x2e1/0x300 [ 164.113337][ T7231] check_noncircular+0x12e/0x150 [ 164.113364][ T7231] __lock_acquire+0x15a5/0x2cf0 [ 164.113393][ T7231] lock_acquire+0xf0/0x2e0 [ 164.113414][ T7231] ? kernfs_iop_getattr+0x9e/0x450 [ 164.113441][ T7231] down_read+0x47/0x2e0 [ 164.113465][ T7231] ? kernfs_iop_getattr+0x9e/0x450 [ 164.113489][ T7231] kernfs_iop_getattr+0x9e/0x450 [ 164.113515][ T7231] vfs_getattr_nosec+0x2e1/0x430 [ 164.113539][ T7231] loop_assign_backing_file+0x27a/0x4b0 [ 164.113560][ T7231] ? __pfx_loop_assign_backing_file+0x10/0x10 [ 164.113590][ T7231] lo_ioctl+0x1acb/0x1fb0 [ 164.113609][ T7231] ? __pfx_lo_ioctl+0x10/0x10 [ 164.113623][ T7231] ? __kernel_text_address+0xd/0x30 [ 164.113641][ T7231] ? unwind_get_return_address+0x4d/0x90 [ 164.113669][ T7231] ? __lock_acquire+0x6b5/0x2cf0 [ 164.113692][ T7231] ? __lock_acquire+0x6b5/0x2cf0 [ 164.113715][ T7231] ? __lock_acquire+0x6b5/0x2cf0 [ 164.113737][ T7231] ? __lock_acquire+0x6b5/0x2cf0 [ 164.113758][ T7231] ? __lock_acquire+0x6b5/0x2cf0 [ 164.113780][ T7231] ? __lock_acquire+0x6b5/0x2cf0 [ 164.113801][ T7231] ? __lock_acquire+0x6b5/0x2cf0 [ 164.113830][ T7231] ? unwind_next_frame+0xa5/0x23c0 [ 164.113862][ T7231] ? is_bpf_text_address+0x26/0x2b0 [ 164.113881][ T7231] ? is_bpf_text_address+0x292/0x2b0 [ 164.113897][ T7231] ? is_bpf_text_address+0x26/0x2b0 [ 164.113915][ T7231] ? kernel_text_address+0xa5/0xe0 [ 164.113932][ T7231] ? __kernel_text_address+0xd/0x30 [ 164.113949][ T7231] ? unwind_get_return_address+0x4d/0x90 [ 164.113972][ T7231] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 164.113990][ T7231] ? arch_stack_walk+0xfb/0x150 [ 164.114018][ T7231] ? stack_trace_save+0xa9/0x100 [ 164.114034][ T7231] ? __pfx_stack_trace_save+0x10/0x10 [ 164.114049][ T7231] ? kasan_save_free_info+0x46/0x50 [ 164.114076][ T7231] ? stack_depot_save_flags+0x33/0x810 [ 164.114102][ T7231] ? format_decode+0xd0/0xe10 [ 164.114119][ T7231] ? kasan_save_track+0x4f/0x80 [ 164.114136][ T7231] ? kasan_save_track+0x3e/0x80 [ 164.114152][ T7231] ? kasan_save_free_info+0x46/0x50 [ 164.114175][ T7231] ? __kasan_slab_free+0x5c/0x80 [ 164.114192][ T7231] ? kfree+0x1c1/0x630 [ 164.114206][ T7231] ? tomoyo_path_number_perm+0x501/0x630 [ 164.114228][ T7231] ? security_file_ioctl+0xc3/0x2a0 [ 164.114248][ T7231] ? __se_sys_ioctl+0x47/0x170 [ 164.114268][ T7231] ? do_syscall_64+0x14d/0xf80 [ 164.114289][ T7231] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.114307][ T7231] ? __asan_memset+0x22/0x50 [ 164.114322][ T7231] ? blk_get_meta_cap+0x16d/0x7a0 [ 164.114345][ T7231] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 164.114368][ T7231] ? blkdev_common_ioctl+0x14b7/0x3250 [ 164.114394][ T7231] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 164.114417][ T7231] ? kasan_quarantine_put+0xbb/0x1f0 [ 164.114437][ T7231] ? tomoyo_path_number_perm+0x219/0x630 [ 164.114460][ T7231] ? tomoyo_path_number_perm+0x219/0x630 [ 164.114483][ T7231] ? do_vfs_ioctl+0x1166/0x1530 [ 164.114502][ T7231] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 164.114526][ T7231] ? do_futex+0x333/0x420 [ 164.114552][ T7231] ? __pfx_lo_ioctl+0x10/0x10 [ 164.114567][ T7231] blkdev_ioctl+0x5e3/0x740 [ 164.114591][ T7231] ? __pfx_blkdev_ioctl+0x10/0x10 [ 164.114612][ T7231] ? __fget_files+0x2a/0x420 [ 164.114627][ T7231] ? bpf_lsm_file_ioctl+0x9/0x20 [ 164.114648][ T7231] ? __pfx_blkdev_ioctl+0x10/0x10 [ 164.114669][ T7231] __se_sys_ioctl+0xfc/0x170 [ 164.114689][ T7231] do_syscall_64+0x14d/0xf80 [ 164.114711][ T7231] ? trace_irq_disable+0x3b/0x150 [ 164.114724][ T7231] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.114740][ T7231] ? clear_bhb_loop+0x40/0x90 [ 164.114758][ T7231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.114774][ T7231] RIP: 0033:0x7fb70f79c819 [ 164.114790][ T7231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 164.114804][ T7231] RSP: 002b:00007fb7105dc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 164.114829][ T7231] RAX: ffffffffffffffda RBX: 00007fb70fa15fa0 RCX: 00007fb70f79c819 [ 164.114842][ T7231] RDX: 0000000000000004 RSI: 0000000000004c06 RDI: 0000000000000003 [ 164.114852][ T7231] RBP: 00007fb70f832c91 R08: 0000000000000000 R09: 0000000000000000 [ 164.114863][ T7231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.114873][ T7231] R13: 00007fb70fa16038 R14: 00007fb70fa15fa0 R15: 00007fb70fb3fa48 [ 164.114891][ T7231]