last executing test programs: 33.370622154s ago: executing program 1 (id=761): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x1eb640) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000000c0)=0x2) preadv(r2, &(0x7f0000000740)=[{&(0x7f0000000200)=""/183, 0xc8}, {&(0x7f0000000340)=""/162, 0xfec2}, {&(0x7f00000004c0)=""/88, 0x65}, {&(0x7f0000000540)=""/215, 0x107}, {&(0x7f00000007c0)=""/218, 0xda}], 0x5, 0x80000001, 0x3f7a) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x0, &(0x7f0000000400), &(0x7f0000000280)='syzkaller\x00', 0x5, 0x0, &(0x7f00000002c0), 0x40f00, 0x10, '\x00', 0x0, 0x25, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0xbd4a, 0x2, 0x7eab, 0x8}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x1, '\x00', 0x2, 0xa, 0x5, 0x10}}}}]}, 0x48}}, 0x8850) r4 = socket$inet_udp(0x2, 0x2, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="183279000000000000"], &(0x7f00000003c0)='GPL\x00', 0x8, 0x1005, &(0x7f0000001840)=""/4101, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x281, 0x3) setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000140)='wg0\x00', 0x4) connect$inet(r4, &(0x7f00000001c0)={0x2, 0x2, @rand_addr=0x64010101}, 0x10) r5 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$apparmor_current(r5, &(0x7f0000000040)=@profile={'stack ', ':\x00'}, 0x8) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2f}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0x2980000}, @NFTA_LAST_MSECS={0xc, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb8}}, 0x20050800) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x191c) io_setup(0x8, &(0x7f0000000600)) 31.525799062s ago: executing program 1 (id=774): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1={0xff, 0x5}}, 0x1c) syz_emit_ethernet(0x138, &(0x7f0000000740)=ANY=[], 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r4, &(0x7f0000000380)=[{&(0x7f0000000a40)=""/65, 0x41}], 0x1, 0x6, 0x0) 27.889249276s ago: executing program 1 (id=790): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000f0000001c0007800c000400402e00000000002d0c0003"], 0x30}, 0x1, 0x2d}, 0x20088004) 27.57477715s ago: executing program 1 (id=793): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000220f0000001c0007800c000400402e003a0000002d0c0003"], 0x30}}, 0x20088004) 27.336761594s ago: executing program 1 (id=795): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x1800, &(0x7f00000004c0)={0x100002, 0x1, 0x80000, {r0}}, 0x20) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r3 = socket(0x1e, 0x5, 0x0) listen(r3, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) accept4$inet6(r3, 0x0, 0x0, 0x0) r5 = socket$rxrpc(0x21, 0x2, 0xa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000006000000000000208e0010000000d7d7ad52019c75d76776b35f9500080000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0xd, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) r6 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r5, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x24) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18030000000000000000000000000000850000002e000000850000000700000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r9, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) recvmmsg(r9, &(0x7f0000003180)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/53, 0x35}, {&(0x7f0000000200)=""/171, 0xab}, {&(0x7f0000000300)=""/180, 0xb4}, {&(0x7f00000003c0)=""/96, 0x60}, {&(0x7f0000003240)=""/126, 0x7e}, {&(0x7f0000000500)=""/171, 0xab}], 0x6, &(0x7f00000005c0)=""/14, 0xe}, 0xa724}, {{&(0x7f0000000600)=@pptp={0x18, 0x2, {0x0, @dev}}, 0x80, &(0x7f0000001bc0)=[{&(0x7f00000045c0)=""/4110, 0x100e}, {&(0x7f0000001680)=""/33, 0x21}, {&(0x7f00000016c0)=""/226, 0xe2}, {&(0x7f00000017c0)=""/186, 0xba}, {&(0x7f0000001880)=""/158, 0x9e}, {&(0x7f0000001940)=""/239, 0xef}, {&(0x7f0000001a40)=""/229, 0xe5}, {&(0x7f0000001b40)=""/109, 0x6d}], 0x8, &(0x7f0000001c00)=""/141, 0x8d}, 0x3}, {{&(0x7f0000001cc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f0000002fc0)=[{&(0x7f0000000480)=""/19, 0x13}, {&(0x7f0000001d80)=""/112, 0x70}, {&(0x7f0000001e00)=""/181, 0xb5}, {&(0x7f00000032c0)=""/128, 0x80}, {&(0x7f0000001f40)=""/16, 0x10}, {&(0x7f0000001f80)=""/4096, 0x1000}, {&(0x7f0000002f80)=""/29, 0x1d}], 0x7}, 0x22}, {{&(0x7f0000003000)=@isdn, 0x80, &(0x7f0000004100), 0x0, &(0x7f0000004140)=""/93, 0x5d}, 0x4}, {{&(0x7f0000004540)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000004340), 0x0, &(0x7f0000004380)=""/233, 0xe9}, 0xa00000}, {{0x0, 0x0, 0xfffffffffffffffe, 0x0, &(0x7f0000003080)=""/246, 0xf6}, 0x3efd}], 0x6, 0x10042, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000000)={0xfd6893aced4ab15c, 0x3, 0x1, 0x2000, &(0x7f0000000000/0x2000)=nil}) bind$rxrpc(r6, &(0x7f00000004c0)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e24, 0x4, @mcast1, 0x9}}, 0x24) socket$inet_tcp(0x2, 0x1, 0x0) 27.009276296s ago: executing program 3 (id=798): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[]) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_GETIPTR(0xffffffffffffffff, 0x800c5011, &(0x7f00000000c0)) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x80000001}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x8}]}}}]}]}], {0x14}}, 0xd4}, 0x1, 0x0, 0x900}, 0x0) 26.805187948s ago: executing program 3 (id=800): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0xfffffffffffffffe, 0x0, {0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, {0x5, 0x20000000000000, 0x10000000000e068, 0x9, 0x3, 0x0, 0xfffffffe, 0x8000000, 0x4, 0xa000, 0x10000, 0x0, 0x0, 0x734, 0x200000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000000000000000000000000af1e4ccfb7b3cad800", [0x0, 0x2000000000001]}}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=@newsa={0x134, 0x10, 0x1, 0xfffffffe, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@local, 0x4e24, 0x71c, 0x0, 0x0, 0xa, 0x0, 0xc2ca4bd923256b4d, 0x32}, {@in=@loopback, 0x0, 0x6c}, @in=@remote, {0x0, 0x192, 0x9ba3, 0xffff, 0x251c, 0x3, 0x6, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x21, 0xffffffffffffffff}, {0xffffffff}, 0x80, 0x34ff, 0x2, 0x1}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x134}, 0x1, 0x0, 0x0, 0x2000c002}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f0000000240)="b9a00d0000b816000000ba000000000f30b9800000c00f3235000800000f30266726660f3821d50f0666baf80cb8bb71dc8bef66bafc0cb00fee0f20d835200000000f22d866b8f2008ee80f0f360d66ba6100ecb8009800000f23d00f21f8350000000c0f23f8"}], 0x1555555555555665, 0x61, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, &(0x7f0000000140)) sendmsg$FOU_CMD_GET(r3, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e24}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e23}, @FOU_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x4008010) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x7) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$alg(0x26, 0x5, 0x0) r6 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000400)=0xffffffffffffffff, 0x4) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000440)={{0x0, 0x4, 0x8, 0xfffffffffffffff9, 0x80000001, 0x8, 0x3, 0x378, 0x0, 0x3, 0xff, 0x7fff, 0x9, 0x200, 0x3}, 0x8, [0x0]}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r6, 0xc0709411, &(0x7f0000000640)={{r7, 0x9, 0x9, 0x7, 0x8001, 0x6d14, 0x7, 0x1ff, 0xff, 0xfffffff9, 0x5, 0xffff, 0x7, 0x3, 0x9}, 0x40, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000056544820e105080411250102030109021b00010000000009040000012ec25d000905d891"], 0x0) sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="d80100001c0001"], 0x1d8}}, 0x0) 26.091487624s ago: executing program 1 (id=801): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'essiv(authenc(rmd160-generic,cbc-camellia-aesni-avx2),sha1-avx)\x00'}, 0x58) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000cb9f2cfcc837c14b000000000000000000000000000000000000000200000000000000ffffe2ffe0ffffff000000000000000000000000000000000000000000000000000000000000e1069346585daf1fd012000002"], 0xb8}}, 0x4004) sendmsg$nl_xfrm(r1, 0x0, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000700150001000000000000000000e000000200000012b7000000000000000000000000000000000000800000000100000000000000000a00100000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b56b6e0000010000"], 0xb8}}, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@ifindex, 0x31, 0x0, 0xe, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x0, 0x0) r5 = fcntl$dupfd(r4, 0x2, 0xffffffffffffffff) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x57, 0xe8, 0x97, 0x20, 0xcf2, 0x6250, 0x10ae, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3a, 0xfd, 0xb8}}]}}]}}, 0x0) splice(r3, 0x0, r5, 0x0, 0x2000, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000b40)=ANY=[@ANYRES32=r1, @ANYRES32, @ANYBLOB="0800000110000000000000c57a3c20bc31aeea1bab13525904bb2bb120802e3da8c177921a13b4223fbe9614dc63d50160069058419ce01a68f822829b2bb3cac3d78bc9b99fdff90e0eaa442154463cdd2129586d103d353fa86afcb85c6a2e25422aadcb9b8ff3b4b9546064aab5342c472549d8ebd8b39bc967820a6876c1d9137afbb3d5e27e438e3dea9b42cc8bbbc59f420db363cd88ffa9640b445f9886f061db0e9a830e8c4506ba", @ANYBLOB="4e0ae2f0883fa79965303142ff0f000000000000da1800f64b20f053e5eac8fec27de1a2e528d97f74af25f62c8fe31b6b20e584de92f8b56227adf2d16c5ce5699124592d3d73cf708377f2e1985ea8e7489c0e859ba15973e1f6bc81617073c5ac665cb3b2157821d3f7c199edb5ceed1ddea4f41a0bece4aeb759b4834140332d4a7e56f13f1f2df4dbef402fc7a028be37f98f05f62b48bcaa8ab1cfe603784b3a5ef1a66dfb4f3bc82e84d98b28822308dbd9b7b114655e8716bf287e1ca41638b5f01b619d54fdef7c36cc485bf6b2a1fd59cf8c2cdb1661a4c0050ec5022a3285060ebe334529f011ec3f826812b700f2b1d7735df525ec47180d8d", @ANYRESOCT=0x0, @ANYBLOB="e99006f613accf9f123c99535e126d9df4ee2ee2a3df2dfbd13c2da7eb81fdf857ae43adbfba2039aa455e74590214e6b5e41b91befd376425dab0e1273c04d20664500ecb883937db9e1c346e246e88bb27cde02552e9eba4e5fa2c3637fbf476eb2d9a36371470f224487bfbab29f3f1657ac37a48e02ca7885126a008e7f11b70c6655268b82b6f7f00000035a3d4766d014618a279bbdac9"], 0x20) close(0x3) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) socket$inet6(0xa, 0x80003, 0x6) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') preadv(r7, &(0x7f00000002c0)=[{&(0x7f00000003c0)=""/257, 0x101}], 0x20000000000000a9, 0xa3, 0x0) sendmmsg(r0, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000340)='^', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000700)="73fecb87", 0x4}], 0x1}}], 0x2, 0x4048004) 25.647561443s ago: executing program 4 (id=804): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/icmp\x00') r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000004002, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x80000) ioctl$SG_IO(r2, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x29, 0x6, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000240)="ae8d7acda0", 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) syz_open_procfs(r3, &(0x7f00000006c0)='attr\x00') ptrace$setregs(0x15, r3, 0x0, &(0x7f0000000700)) timer_create(0x3, 0x0, &(0x7f0000000040)) pread64(r0, &(0x7f0000000400)=""/255, 0xff, 0x8) 25.285796471s ago: executing program 4 (id=805): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000220f0000001c0007800c0004002e2e00000000002d0c0003"], 0x30}}, 0x20088004) 24.926705119s ago: executing program 4 (id=806): socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000280)="fbf4c7c93c2f841d4320d161b545d7547666dd82a1c7479a8a265e60af95425f50024e", 0x23}], 0x1) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd0300000000000085000000330000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfe, 0x2ffffffff}, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) socket(0x2, 0x80805, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'veth1_to_team\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2000000011000100000000000000000000000020", @ANYRES32=r3], 0x20}}, 0x0) 24.720172044s ago: executing program 4 (id=807): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x10, 0x0, 0xb49, 0x9, 0x8, 0x2000, 0x3}, 0x0) socket$key(0xf, 0x3, 0x2) socketpair$unix(0x1, 0x5, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001240)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x4000000, {0x0, 0x0, 0x0, r4, {0x0, 0x5}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x3, 0x1ff, 0x0, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x5, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f, 0x3, 0x0, 0x0, 0xffffffff, 0x2, 0xc00, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x589, 0x6, 0x9, 0x0, 0x4, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x200002, 0x8000000, 0x0, 0x0, 0x0, 0xa, 0x4, 0x0, 0x0, 0xfffffffc, 0x0, 0x200000, 0x0, 0x0, 0xb97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0x0, 0x400000, 0x7, 0x0, 0xc, 0x0, 0x0, 0x0, 0x100, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x20, 0x0, 0x200001, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x5b9, 0x0, 0x0, 0x401, 0x0, 0x7, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x5, 0x0, 0x800000, 0x0, 0x6, 0x0, 0xfffffffc, 0x1, 0x0, 0x0, 0x0, 0x4, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0xd79, 0xfffffffd, 0x0, 0x200, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x100, 0x401, 0x4, 0xfffffffd, 0x80000003, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffd]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x0, 0x0, 0x1, 0x6}, {0xff, 0x0, 0x0, 0x10}}}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x2008080}, 0x24044490) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.numa_stat\x00', 0x26e1, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r6, 0x0, 0x0) listen(r6, 0xfffffffc) bind$tipc(r5, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(r7, 0x6, 0x9, &(0x7f0000000200)={{0xff, @local, 0xfffe, 0x1, 'lc\x00', 0x25}, {@multicast1, 0x0, 0x4, 0x0, 0x0, 0x400}}, 0x44) getsockopt$inet_tcp_int(r7, 0x6, 0x9, 0x0, 0x0) creat(0x0, 0xd931d3864d39dcca) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) r8 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000080)={'vxcan1\x00'}) socket$can_bcm(0x1d, 0x2, 0x2) sendmsg$can_bcm(r8, &(0x7f0000000280)={&(0x7f00000002c0), 0x10, &(0x7f0000000240)={&(0x7f0000000140)={0x3, 0x880, 0x6, {}, {}, {0x0, 0x0, 0x1}, 0x1, @canfd={{}, 0x16, 0x2, 0x0, 0x0, "ee1dac5f02f42d1e95f014b9a6adcfaf988a79e7eceeee523e37fccef11431e082bc7e2705c15f2c8a53fa3ada58378717e1ef5d5977836af8618f874d2637dd"}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x894) 24.510062335s ago: executing program 3 (id=808): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) openat$sndseq(0xffffff9c, &(0x7f0000001240), 0xc8000) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff0281ffffffffffffff000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000"], 0xfdef) 23.967295615s ago: executing program 3 (id=810): bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @multicast}) write$tun(0xffffffffffffffff, &(0x7f0000001540)={@void, @val={0x3, 0x0, 0x4, 0x800, 0xfc03, 0x16}, @ipv4=@igmp={{0xe, 0x4, 0x0, 0x6, 0x111, 0x65, 0x0, 0x0, 0x2, 0x0, @multicast1, @multicast1, {[@rr={0x7, 0x3, 0x89}, @ssrr={0x89, 0x3, 0x39}, @timestamp_addr={0x44, 0x1c, 0x69, 0x1, 0x8, [{@rand_addr=0x64010102, 0x9}, {@dev={0xac, 0x14, 0x14, 0x35}, 0x8}, {@broadcast, 0x7}]}]}}, {0x1e, 0x1, 0x0, @local, "b80a685730f1401e0dffc53da3a39c2ebf323014f104e5fd0ff94bf4dd9c775a1677ca4ef54ac112bc7870e228c5d542cf2ec7c9bbc50f10f8bc9bccc04f61360b832f8e21394fb5ac405faed2702df1aec0b88a7b961987bef686ca75687b4c19dc8db43e5305ead3e834879a06d89675a5e30b19fa5abb7d4e777c1dd2b13f866de3fcee2da792ca0ec1ef458206f5b393f96500b2de9bc5bd95ca3080793f66b04ff6be0dd39becdf4c28bacbd5783a7a32eb3a6e0aea27e00fe7978c20819fe30a73653b8c3985e0aed38a1b36b974"}}}, 0x11b) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xc, 0x810, 0xffffffffffffffff, 0x57c68000) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r4, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) getcwd(&(0x7f0000000540)=""/4096, 0x1000) shutdown(r4, 0x1) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) unlinkat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x200) syz_open_dev$midi(0x0, 0x500, 0x0) close(r4) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004d00), 0x0, 0xf00) connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 22.309024974s ago: executing program 4 (id=814): setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) socket(0x27, 0x3, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getdents64(0xffffffffffffffff, &(0x7f00000001c0)=""/23, 0x17) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x2, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) syz_clone3(&(0x7f00000000c0)={0x200000400, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x7d) r4 = socket$can_j1939(0x1d, 0x2, 0x7) connect$can_j1939(r4, &(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x1, 0x0, 0x1}, 0x1}, 0x18) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r6, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) ioctl$FBIOPUT_VSCREENINFO(r7, 0x4601, &(0x7f0000000040)={0x191, 0x140, 0xa0, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x4}) socketpair$unix(0x1, 0x5, 0x0, 0x0) r8 = openat$bsg(0xffffffffffffff9c, &(0x7f0000002300), 0x0, 0x0) fremovexattr(r8, &(0x7f0000002340)=@known='system.posix_acl_access\x00') ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r8, 0x89f0, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f0000000240)={'syztnl1\x00', 0x0, 0x2f, 0x0, 0x4, 0xfffffff2, 0x8, @ipv4={'\x00', '\xff\xff', @local}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40, 0x7887, 0xf, 0x7}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@bridge_getlink={0x27c, 0x12, 0x300, 0x70bd2b, 0x25dfdbff, {0x7, 0x0, 0x0, r9, 0x0, 0x9}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x2c, 0x5, 0x0, 0x1, [@IFLA_BRPORT_MODE={0x5, 0x4, 0x1}, @IFLA_BRPORT_BACKUP_PORT={0x8, 0x22, r10}, @IFLA_BRPORT_PRIORITY={0x6}, @IFLA_BRPORT_PROXYARP={0x5}, @IFLA_BRPORT_BCAST_FLOOD={0x5}]}}}, @IFLA_LINK_NETNSID={0x8, 0x25, 0x1}, @IFLA_IFALIAS={0x14, 0x14, 'wg0\x00'}, @IFLA_VFINFO_LIST={0x1fc, 0x16, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x0, 0x2}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0xc0}}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x98, 0xd10}}, @IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x61000000, 0x800}}]}, {0x30, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x4, 0x5c}}, @IFLA_VF_IB_NODE_GUID={0x10, 0xa, {0x4, 0xd}}, @IFLA_VF_IB_PORT_GUID={0x10, 0xb, {0x7, 0x22}}]}, {0xb0, 0x1, 0x0, 0x1, [@IFLA_VF_TRUST={0xc, 0x9, {0x7, 0x6}}, @IFLA_VF_RATE={0x10, 0x6, {0x0, 0x1f, 0x4}}, @IFLA_VF_VLAN_LIST={0x68, 0xc, 0x0, 0x1, [{0x14, 0x1, {0xffffff00, 0x1f1, 0x1, 0x8100}}, {0x14, 0x1, {0x1ff, 0x3d3, 0x6, 0x8100}}, {0x14, 0x1, {0x4, 0xb1d, 0x10001, 0x8100}}, {0x14, 0x1, {0x7f, 0x5af, 0x1, 0x8100}}, {0x14, 0x1, {0x2, 0x3fc, 0x4, 0x8100}}]}, @IFLA_VF_MAC={0x28, 0x1, {0x3, @multicast}}]}, {0xe4, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc, 0x5, {0x4b65c46a, 0x10000}}, @IFLA_VF_IB_NODE_GUID={0x10, 0xa, {0x60, 0x9}}, @IFLA_VF_TRUST={0xc, 0x9, {0x9, 0x9}}, @IFLA_VF_RATE={0x10, 0x6, {0x7, 0xfff, 0x101}}, @IFLA_VF_VLAN_LIST={0x90, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x8, 0x567, 0x0, 0x8100}}, {0x14, 0x1, {0x80b1, 0x6d0, 0xffffffff, 0x8100}}, {0x14, 0x1, {0x8, 0x65c, 0xedd722e8, 0x88a8}}, {0x14, 0x1, {0x9, 0x5eb, 0x7, 0x8100}}, {0x14, 0x1, {0x4, 0x79b, 0x8000, 0x88a8}}, {0x14, 0x1, {0x2, 0x302, 0x6, 0x8100}}, {0x14, 0x1, {0x101, 0xd48, 0x7, 0x88a8}}]}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x5, 0xf}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0xc, 0x8}}]}]}]}, 0x27c}}, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x1eb) 20.420414452s ago: executing program 3 (id=818): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0xfffffffffffffffe, 0x0, {0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, {0x5, 0x20000000000000, 0x10000000000e068, 0x9, 0x3, 0x0, 0xfffffffe, 0x8000000, 0x4, 0xa000, 0x10000, 0x0, 0x0, 0x734, 0x200000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000000000000000000000000af1e4ccfb7b3cad800", [0x0, 0x2000000000001]}}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=@newsa={0x134, 0x10, 0x1, 0xfffffffe, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@local, 0x4e24, 0x71c, 0x0, 0x0, 0xa, 0x0, 0xc2ca4bd923256b4d, 0x32}, {@in=@loopback, 0x0, 0x6c}, @in=@remote, {0x0, 0x192, 0x9ba3, 0xffff, 0x251c, 0x3, 0x6, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x21, 0xffffffffffffffff}, {0xffffffff}, 0x80, 0x34ff, 0x2, 0x1}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x134}, 0x1, 0x0, 0x0, 0x2000c002}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f0000000240)="b9a00d0000b816000000ba000000000f30b9800000c00f3235000800000f30266726660f3821d50f0666baf80cb8bb71dc8bef66bafc0cb00fee0f20d835200000000f22d866b8f2008ee80f0f360d66ba6100ecb8009800000f23d00f21f8350000000c0f23f8"}], 0x1555555555555665, 0x61, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, &(0x7f0000000140)) sendmsg$FOU_CMD_GET(r3, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e24}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e23}, @FOU_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x4008010) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x7) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$alg(0x26, 0x5, 0x0) r6 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000400)=0xffffffffffffffff, 0x4) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000440)={{0x0, 0x4, 0x8, 0xfffffffffffffff9, 0x80000001, 0x8, 0x3, 0x378, 0x0, 0x3, 0xff, 0x7fff, 0x9, 0x200, 0x3}, 0x8, [0x0]}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r6, 0xc0709411, &(0x7f0000000640)={{r7, 0x9, 0x9, 0x7, 0x8001, 0x6d14, 0x7, 0x1ff, 0xff, 0xfffffff9, 0x5, 0xffff, 0x7, 0x3, 0x9}, 0x40, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000056544820e105080411250102030109021b00010000000009040000012ec25d000905d891"], 0x0) sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="d80100001c0001"], 0x1d8}}, 0x0) 20.102260659s ago: executing program 2 (id=819): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r0) socket$inet6_sctp(0xa, 0x801, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$igmp(0x2, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x1) syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="6400000010000304000000000000000000000009", @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200060000001f000000060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x0) 19.498145248s ago: executing program 2 (id=820): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000018c0)={0x1, 0x3, &(0x7f00000017c0)=@framed={{}, [@map_val={0x18, 0x4, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0xfffff39b}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @jmp={0x5, 0x1, 0x1, 0x3, 0x0, 0x0, 0x8}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}]}, &(0x7f0000000240)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffdc3, 0x0, 0x0, 0xfffffdf0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$UHID_CREATE2(r2, 0x0, 0x0) lseek(r0, 0x1000000, 0x0) sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x10}, 0xfdf6}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_usb_connect$uac1(0x0, 0xac, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_misc(r7, &(0x7f0000000000)="180c4552", 0x4) ioctl$HIDIOCGUSAGE(r6, 0xc018480b, &(0x7f0000000040)={0x2, 0x2, 0x76a, 0xe36, 0xe7a2, 0xeb9e}) write$binfmt_misc(r7, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000400)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) r8 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), r5) sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000000)={0x0, 0xa7, &(0x7f0000000640)={&(0x7f0000000580)={0x44, r8, 0x917, 0x0, 0xffffffe4, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @private=0x7fffffff}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x44}}, 0x4000) r9 = syz_open_dev$video(&(0x7f0000000b40), 0x7, 0x28000) preadv(r9, &(0x7f0000001200)=[{&(0x7f0000000c00)=""/113, 0x71}], 0x1, 0x4, 0xb) ioctl$VIDIOC_LOG_STATUS(r9, 0x5646, 0x0) 18.414922305s ago: executing program 3 (id=822): r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xc65, 0x5, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket(0x2b, 0x1, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000280)={0x3, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x7}, 0x0) syz_usb_connect$hid(0x4, 0xe, &(0x7f0000000380)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x56a, 0xd3, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x3, 0x30, 0x5, [{{0x9, 0x4, 0x0, 0xc9, 0x1, 0x3, 0x1, 0x1, 0x0, {0x9, 0x21, 0xff, 0x1, 0x1, {0x22, 0xbb0}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x2, 0x7f, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x8, 0xe, 0x1}}]}}}]}}]}}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0xb4, &(0x7f00000004c0)=@lang_id={0x0, 0x3, 0x3007}}]}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000001800)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0xc}}, 0x14}}, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r2, 0x29, 0x3b, 0x0, 0xa8) sendmsg$NFT_BATCH(r2, 0x0, 0x0) ioctl$TCSETAF(r1, 0x5408, &(0x7f00000000c0)={0xffff, 0x6d7, 0x0, 0x79, 0x3, "5acf8f53872ebc82"}) r7 = memfd_secret(0x0) futimesat(r7, 0x0, 0x0) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000480)="b9e94d05d9adf5e171261092d920194b9c340d", 0x13}], 0x1) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000005", @ANYRES16=0x0, @ANYBLOB="00042bbd7000fbdbdf251000000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20004840}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)=""/89, 0x59}, {&(0x7f0000002740)=""/4097, 0x1001}, {&(0x7f00000002c0)=""/177, 0xb1}], 0x3}, 0x9}], 0x8000000000002e0, 0x40010000, 0x0) 18.3429528s ago: executing program 4 (id=823): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x100) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000100)=0x14) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000200)}, 0x1c) r3 = openat$vcsa(0xffffff9c, &(0x7f0000000280), 0x80000, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x7, &(0x7f0000000040)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x7}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}], &(0x7f0000000080)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41100, 0x20, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x4, 0x1, 0x3, 0xa78}, 0x10, 0x0, 0x0, 0x4, &(0x7f00000002c0)=[0x1, r2, r3], &(0x7f0000000300)=[{0x2, 0x2, 0xb, 0x6}, {0x0, 0x5, 0x10, 0x8}, {0x0, 0x2, 0xa, 0x2}, {0x2, 0x5, 0xb, 0x7}], 0x10, 0x8, @void, @value}, 0x94) sendmsg$nl_route(r0, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=@ipv4_getroute={0x1c, 0x1a, 0x400, 0x70bd27, 0x25dfdbfb, {0x2, 0x10, 0x0, 0x8, 0x0, 0x1, 0x0, 0x6, 0xa00}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) syz_open_dev$char_usb(0xc, 0xb4, 0x7) r5 = openat$nci(0xffffff9c, &(0x7f0000000500), 0x2, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r5, 0x8040942d, &(0x7f0000000540)) flock(r4, 0x1) r6 = openat$thread_pidfd(0xffffff9c, &(0x7f0000000580), 0x200000, 0x0) r7 = signalfd4(r5, &(0x7f00000005c0)={[0x0, 0x4]}, 0x8, 0x800) ioctl$BINDER_GET_NODE_DEBUG_INFO(r7, 0xc018620b, &(0x7f0000000600)={0x2}) ioctl$FAT_IOCTL_GET_VOLUME_ID(r5, 0x80047213, &(0x7f0000000640)) openat$sndseq(0xffffff9c, &(0x7f0000000680), 0x20a041) writev(r6, &(0x7f0000000780)=[{&(0x7f00000006c0)="dc48aa20383d8eb6a4fa7d0ffd61c7e90f101816eb398b956666e15cd8b14eb05ee411825f63c2351d", 0x29}, {&(0x7f0000000700)="a606cb6b3357957002a05bc1fad8b5870b27b5ef74052c3cf8ac400d57874408c654c72450b96d2a908dbd39c8dbc050c019436a099ad12bc3f26c6cca74bcc000", 0x41}], 0x2) preadv2(r4, &(0x7f0000000840)=[{&(0x7f00000007c0)}, {&(0x7f0000000800)=""/1, 0x1}], 0x2, 0x4265, 0x7f, 0x8) getresuid(&(0x7f0000000900), &(0x7f0000000940), &(0x7f0000000980)=0x0) statx(r3, &(0x7f00000009c0)='./file0\x00', 0x400, 0x1c, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuse(0x0, &(0x7f0000000880)='./file0\x00', &(0x7f00000008c0), 0x42000, &(0x7f0000000b00)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r9}, 0x2c, {[{@max_read={'max_read', 0x3d, 0xd0c}}, {@max_read={'max_read', 0x3d, 0xfe43}}, {@allow_other}, {@default_permissions}], [{@subj_role={'subj_role', 0x3d, '#.{'}}, {@smackfsroot={'smackfsroot', 0x3d, '$*/\'!#'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/vcsa\x00'}}]}}) ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000c40)={0x10, 0xffffff00}) shutdown(r3, 0x1) syz_open_dev$usbfs(&(0x7f0000000c80), 0x3421, 0x2004c0) read$FUSE(r3, &(0x7f0000000cc0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r3, &(0x7f0000002d00)={0x60, 0x0, r10, {{0x6, 0x3, 0x100, 0x0, 0x7f, 0x8, 0x2, 0x9}}}, 0x60) sched_setattr(r11, &(0x7f0000002d80)={0x38, 0x5, 0x1000002c, 0x43c0, 0x0, 0x99e3, 0xf1, 0xd5b, 0x5, 0x5}, 0x0) openat$fuse(0xffffff9c, &(0x7f0000002dc0), 0x2, 0x0) clock_gettime(0x0, &(0x7f0000002ec0)={0x0, 0x0}) pselect6(0x40, &(0x7f0000002e00)={0x8, 0x7fff, 0x7, 0x94f8, 0x25, 0x7ff, 0x3, 0xc44c}, &(0x7f0000002e40)={0x0, 0x2, 0x4, 0x2b1, 0x2, 0x1b65, 0x6, 0x1}, &(0x7f0000002e80)={0x800, 0xc4c, 0x1, 0x2, 0x6, 0x2, 0x8a, 0x2}, &(0x7f0000002f00)={r12, r13+10000000}, &(0x7f0000002f80)={&(0x7f0000002f40)={[0x6, 0x9]}, 0x8}) umount2(&(0x7f0000002fc0)='./file0\x00', 0x2) 17.691479331s ago: executing program 0 (id=824): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="b7000000000000004e0000000000000020a00001030000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xb579, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xe, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23) 17.537105249s ago: executing program 0 (id=825): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x24, r1, 0x300, 0x0, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_io_uring_setup(0x4116, &(0x7f0000000200)={0x0, 0x1ffffd, 0x10100, 0x2}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r5, 0x468b, 0xfb96, 0x0, 0x0, 0x0) r8 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) fcntl$setlease(r8, 0x400, 0x0) mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x2a, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000019600)}, 0x0) r9 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) r10 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) r11 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, r10, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r11, 0x3, r10, &(0x7f00000001c0)={0xa0000004}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r12, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x3c7883) dup2(r12, r13) epoll_wait(r11, &(0x7f0000000280)=[{}], 0x1, 0x8) keyctl$dh_compute(0x17, &(0x7f0000000800)={r9, r9, r9}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}, 0x0, 0x28}) 16.37723086s ago: executing program 2 (id=826): r0 = add_key$user(&(0x7f0000001ec0), &(0x7f0000001f00)={'syz', 0x0}, &(0x7f0000001f40)="c6", 0x1, 0xfffffffffffffffb) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000002f40)={r0}, &(0x7f0000002f80)={'enc=', 'oaep', ' hash=', {'hmac(sha1-ce)\x00'}}, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000040)=[{&(0x7f0000000280)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000000800014001080800418e00000004fcff", 0x58}], 0x1) r3 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @auto=[0x65, 0x51, 0x64, 0x61, 0x61, 0x34, 0x32, 0x66, 0x39, 0x32, 0x35, 0x6, 0x30, 0x32, 0x39, 0x32]}, &(0x7f0000000300)={0x0, "d54fffff88e1c10bfc893f7f8762b5d1d205fb3a6f2ab7d468363d0f49836618a605db7b2cf99473a6b8a80329ec0a2f0c7f7ccc0dcce598f97dc6d7cd9bea92", 0x38}, 0x48, 0xfffffffffffffff8) keyctl$search(0xa, r0, &(0x7f0000000080)='trusted\x00', &(0x7f00000000c0)={'syz', 0x3}, r3) r4 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0xb, 0x40000) mmap$snddsp_control(&(0x7f0000436000/0x3000)=nil, 0x1000, 0x4, 0x50, r4, 0x83000000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000980)=@bridge_delneigh={0x1c, 0x1c, 0xc07, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0xd0}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000041}, 0x20024090) 16.23140653s ago: executing program 0 (id=827): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_etf={{0x8}, {0xfffffffffffffd65, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x2}}}}]}, 0x40}}, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x4d0797c9, @mcast2, 0x7}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket(0x80000000000000a, 0x2, 0x0) ioctl$FIBMAP(r3, 0x1, &(0x7f0000000040)=0x67c1263e) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000780)={0x0, {{0xa, 0x4e24, 0x6589e3, @mcast1, 0x8}}, {{0xa, 0x4e21, 0x4, @private1, 0xfffffff8}}}, 0x108) getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8) 15.952659358s ago: executing program 0 (id=828): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=ANY=[@ANYBLOB="04010000", @ANYRES16=r1, @ANYBLOB="0100000000000000110001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb542b0000880ac000080060005000000000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a00fffc00000000ff020000000000000000000000000001000000001400040002000000ac1414aa00000000000000004800098028000080060001000a0000001400020000000000000000000000ffffe000000205000300000000001cbcb47def472350ce00000008000200e0000002050003000000000014000200776730"], 0x104}}, 0x0) 15.805604466s ago: executing program 0 (id=829): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001140)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808007fff000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff00000000d609080000000000c39af0ff40000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000001500000076000000bf9800000000000056020000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 15.695446313s ago: executing program 2 (id=830): r0 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000780)="f4000900062b8825fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b4003a", 0x29}], 0x1}, 0x7d) 15.572500065s ago: executing program 0 (id=831): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="170900000000000000000100000005000700000000000800090000000000060002000000000008000a000000000008001800ac1414aa08001900ffffffff14001b00fe"], 0x58}, 0x1, 0x0, 0x0, 0x4c000}, 0x0) r3 = openat$vmci(0xffffff9c, &(0x7f00000003c0), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000100)={@host}) r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000040)={@local}) syz_io_uring_setup(0x22d8, &(0x7f00000001c0)={0x0, 0x8a51, 0x2000, 0x1, 0xb8}, &(0x7f0000000140), &(0x7f0000000280)) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r4, 0x7a5, &(0x7f00000000c0)={{}, 0x1, 0x0, 0x5}) r5 = openat$tun(0xffffff9c, &(0x7f0000000000), 0x40, 0x0) r6 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$printer(r6, 0x0, 0x0) syz_usb_control_io(r6, 0x0, 0x0) r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0) ioctl$I2C_RDWR(r7, 0x707, &(0x7f0000000080)={&(0x7f00000000c0)=[{0x94, 0x7200, 0x0, 0x0}], 0x1}) syz_usb_control_io(r6, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000003d0007010000000000000000037c000004003080100001"], 0x3c}}, 0xc000) ioctl$TUNGETVNETBE(r5, 0x800454df, &(0x7f0000000040)) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=@newsa={0x1c4, 0x10, 0x633, 0x0, 0x0, {{@in=@broadcast, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {@in6=@loopback, 0x0, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {0x0, 0x0, 0xb898}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @algo_auth_trunc={0x8d, 0x14, {{'rmd160\x00'}, 0x208, 0x0, "e863654b40a7ad42118bc1dd69d07e3b05cf0dbc9a9aac6130f0d060cb0c958c133115ff9cbb79de1007f5583249a62fe4273013ec2c2cca44c3a2d388d9483ca3"}}]}, 0x1c4}}, 0x0) 15.419912237s ago: executing program 2 (id=832): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="b700000000000000180a04000000000000640000000000009500000700000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23) 15.142833799s ago: executing program 2 (id=833): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0xfffffffffffffffe, 0x0, {0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, {0x5, 0x20000000000000, 0x10000000000e068, 0x9, 0x3, 0x0, 0xfffffffe, 0x8000000, 0x4, 0xa000, 0x10000, 0x0, 0x0, 0x734, 0x200000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000000000000000000000000af1e4ccfb7b3cad800", [0x0, 0x2000000000001]}}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=@newsa={0x134, 0x10, 0x1, 0xfffffffe, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@local, 0x4e24, 0x71c, 0x0, 0x0, 0xa, 0x0, 0xc2ca4bd923256b4d, 0x32}, {@in=@loopback, 0x0, 0x6c}, @in=@remote, {0x0, 0x192, 0x9ba3, 0xffff, 0x251c, 0x3, 0x6, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x21, 0xffffffffffffffff}, {0xffffffff}, 0x80, 0x34ff, 0x2, 0x1}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x134}, 0x1, 0x0, 0x0, 0x2000c002}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f0000000240)="b9a00d0000b816000000ba000000000f30b9800000c00f3235000800000f30266726660f3821d50f0666baf80cb8bb71dc8bef66bafc0cb00fee0f20d835200000000f22d866b8f2008ee80f0f360d66ba6100ecb8009800000f23d00f21f8350000000c0f23f8"}], 0x1555555555555665, 0x61, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, &(0x7f0000000140)) sendmsg$FOU_CMD_GET(r3, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e24}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e23}, @FOU_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x4008010) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x7) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$alg(0x26, 0x5, 0x0) r6 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000400)=0xffffffffffffffff, 0x4) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000440)={{0x0, 0x4, 0x8, 0xfffffffffffffff9, 0x80000001, 0x8, 0x3, 0x378, 0x0, 0x3, 0xff, 0x7fff, 0x9, 0x200, 0x3}, 0x8, [0x0]}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r6, 0xc0709411, &(0x7f0000000640)={{r7, 0x9, 0x9, 0x7, 0x8001, 0x6d14, 0x7, 0x1ff, 0xff, 0xfffffff9, 0x5, 0xffff, 0x7, 0x3, 0x9}, 0x40, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000056544820e105080411250102030109021b00010000000009040000012ec25d000905d891"], 0x0) sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="d80100001c0001"], 0x1d8}}, 0x0) 11.061469508s ago: executing program 32 (id=801): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'essiv(authenc(rmd160-generic,cbc-camellia-aesni-avx2),sha1-avx)\x00'}, 0x58) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000cb9f2cfcc837c14b000000000000000000000000000000000000000200000000000000ffffe2ffe0ffffff000000000000000000000000000000000000000000000000000000000000e1069346585daf1fd012000002"], 0xb8}}, 0x4004) sendmsg$nl_xfrm(r1, 0x0, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000700150001000000000000000000e000000200000012b7000000000000000000000000000000000000800000000100000000000000000a00100000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b56b6e0000010000"], 0xb8}}, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@ifindex, 0x31, 0x0, 0xe, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x0, 0x0) r5 = fcntl$dupfd(r4, 0x2, 0xffffffffffffffff) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x57, 0xe8, 0x97, 0x20, 0xcf2, 0x6250, 0x10ae, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3a, 0xfd, 0xb8}}]}}]}}, 0x0) splice(r3, 0x0, r5, 0x0, 0x2000, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000b40)=ANY=[@ANYRES32=r1, @ANYRES32, @ANYBLOB="0800000110000000000000c57a3c20bc31aeea1bab13525904bb2bb120802e3da8c177921a13b4223fbe9614dc63d50160069058419ce01a68f822829b2bb3cac3d78bc9b99fdff90e0eaa442154463cdd2129586d103d353fa86afcb85c6a2e25422aadcb9b8ff3b4b9546064aab5342c472549d8ebd8b39bc967820a6876c1d9137afbb3d5e27e438e3dea9b42cc8bbbc59f420db363cd88ffa9640b445f9886f061db0e9a830e8c4506ba", @ANYBLOB="4e0ae2f0883fa79965303142ff0f000000000000da1800f64b20f053e5eac8fec27de1a2e528d97f74af25f62c8fe31b6b20e584de92f8b56227adf2d16c5ce5699124592d3d73cf708377f2e1985ea8e7489c0e859ba15973e1f6bc81617073c5ac665cb3b2157821d3f7c199edb5ceed1ddea4f41a0bece4aeb759b4834140332d4a7e56f13f1f2df4dbef402fc7a028be37f98f05f62b48bcaa8ab1cfe603784b3a5ef1a66dfb4f3bc82e84d98b28822308dbd9b7b114655e8716bf287e1ca41638b5f01b619d54fdef7c36cc485bf6b2a1fd59cf8c2cdb1661a4c0050ec5022a3285060ebe334529f011ec3f826812b700f2b1d7735df525ec47180d8d", @ANYRESOCT=0x0, @ANYBLOB="e99006f613accf9f123c99535e126d9df4ee2ee2a3df2dfbd13c2da7eb81fdf857ae43adbfba2039aa455e74590214e6b5e41b91befd376425dab0e1273c04d20664500ecb883937db9e1c346e246e88bb27cde02552e9eba4e5fa2c3637fbf476eb2d9a36371470f224487bfbab29f3f1657ac37a48e02ca7885126a008e7f11b70c6655268b82b6f7f00000035a3d4766d014618a279bbdac9"], 0x20) close(0x3) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) socket$inet6(0xa, 0x80003, 0x6) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') preadv(r7, &(0x7f00000002c0)=[{&(0x7f00000003c0)=""/257, 0x101}], 0x20000000000000a9, 0xa3, 0x0) sendmmsg(r0, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000340)='^', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000700)="73fecb87", 0x4}], 0x1}}], 0x2, 0x4048004) 2.546732388s ago: executing program 33 (id=822): r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xc65, 0x5, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket(0x2b, 0x1, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000280)={0x3, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x7}, 0x0) syz_usb_connect$hid(0x4, 0xe, &(0x7f0000000380)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x56a, 0xd3, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x3, 0x30, 0x5, [{{0x9, 0x4, 0x0, 0xc9, 0x1, 0x3, 0x1, 0x1, 0x0, {0x9, 0x21, 0xff, 0x1, 0x1, {0x22, 0xbb0}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x2, 0x7f, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x8, 0xe, 0x1}}]}}}]}}]}}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0xb4, &(0x7f00000004c0)=@lang_id={0x0, 0x3, 0x3007}}]}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000001800)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0xc}}, 0x14}}, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r2, 0x29, 0x3b, 0x0, 0xa8) sendmsg$NFT_BATCH(r2, 0x0, 0x0) ioctl$TCSETAF(r1, 0x5408, &(0x7f00000000c0)={0xffff, 0x6d7, 0x0, 0x79, 0x3, "5acf8f53872ebc82"}) r7 = memfd_secret(0x0) futimesat(r7, 0x0, 0x0) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000480)="b9e94d05d9adf5e171261092d920194b9c340d", 0x13}], 0x1) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000005", @ANYRES16=0x0, @ANYBLOB="00042bbd7000fbdbdf251000000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20004840}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)=""/89, 0x59}, {&(0x7f0000002740)=""/4097, 0x1001}, {&(0x7f00000002c0)=""/177, 0xb1}], 0x3}, 0x9}], 0x8000000000002e0, 0x40010000, 0x0) 2.478792438s ago: executing program 34 (id=823): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x100) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000100)=0x14) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000200)}, 0x1c) r3 = openat$vcsa(0xffffff9c, &(0x7f0000000280), 0x80000, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x7, &(0x7f0000000040)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x7}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}], &(0x7f0000000080)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41100, 0x20, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x4, 0x1, 0x3, 0xa78}, 0x10, 0x0, 0x0, 0x4, &(0x7f00000002c0)=[0x1, r2, r3], &(0x7f0000000300)=[{0x2, 0x2, 0xb, 0x6}, {0x0, 0x5, 0x10, 0x8}, {0x0, 0x2, 0xa, 0x2}, {0x2, 0x5, 0xb, 0x7}], 0x10, 0x8, @void, @value}, 0x94) sendmsg$nl_route(r0, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=@ipv4_getroute={0x1c, 0x1a, 0x400, 0x70bd27, 0x25dfdbfb, {0x2, 0x10, 0x0, 0x8, 0x0, 0x1, 0x0, 0x6, 0xa00}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) syz_open_dev$char_usb(0xc, 0xb4, 0x7) r5 = openat$nci(0xffffff9c, &(0x7f0000000500), 0x2, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r5, 0x8040942d, &(0x7f0000000540)) flock(r4, 0x1) r6 = openat$thread_pidfd(0xffffff9c, &(0x7f0000000580), 0x200000, 0x0) r7 = signalfd4(r5, &(0x7f00000005c0)={[0x0, 0x4]}, 0x8, 0x800) ioctl$BINDER_GET_NODE_DEBUG_INFO(r7, 0xc018620b, &(0x7f0000000600)={0x2}) ioctl$FAT_IOCTL_GET_VOLUME_ID(r5, 0x80047213, &(0x7f0000000640)) openat$sndseq(0xffffff9c, &(0x7f0000000680), 0x20a041) writev(r6, &(0x7f0000000780)=[{&(0x7f00000006c0)="dc48aa20383d8eb6a4fa7d0ffd61c7e90f101816eb398b956666e15cd8b14eb05ee411825f63c2351d", 0x29}, {&(0x7f0000000700)="a606cb6b3357957002a05bc1fad8b5870b27b5ef74052c3cf8ac400d57874408c654c72450b96d2a908dbd39c8dbc050c019436a099ad12bc3f26c6cca74bcc000", 0x41}], 0x2) preadv2(r4, &(0x7f0000000840)=[{&(0x7f00000007c0)}, {&(0x7f0000000800)=""/1, 0x1}], 0x2, 0x4265, 0x7f, 0x8) getresuid(&(0x7f0000000900), &(0x7f0000000940), &(0x7f0000000980)=0x0) statx(r3, &(0x7f00000009c0)='./file0\x00', 0x400, 0x1c, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuse(0x0, &(0x7f0000000880)='./file0\x00', &(0x7f00000008c0), 0x42000, &(0x7f0000000b00)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, r9}, 0x2c, {[{@max_read={'max_read', 0x3d, 0xd0c}}, {@max_read={'max_read', 0x3d, 0xfe43}}, {@allow_other}, {@default_permissions}], [{@subj_role={'subj_role', 0x3d, '#.{'}}, {@smackfsroot={'smackfsroot', 0x3d, '$*/\'!#'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/vcsa\x00'}}]}}) ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000c40)={0x10, 0xffffff00}) shutdown(r3, 0x1) syz_open_dev$usbfs(&(0x7f0000000c80), 0x3421, 0x2004c0) read$FUSE(r3, &(0x7f0000000cc0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r3, &(0x7f0000002d00)={0x60, 0x0, r10, {{0x6, 0x3, 0x100, 0x0, 0x7f, 0x8, 0x2, 0x9}}}, 0x60) sched_setattr(r11, &(0x7f0000002d80)={0x38, 0x5, 0x1000002c, 0x43c0, 0x0, 0x99e3, 0xf1, 0xd5b, 0x5, 0x5}, 0x0) openat$fuse(0xffffff9c, &(0x7f0000002dc0), 0x2, 0x0) clock_gettime(0x0, &(0x7f0000002ec0)={0x0, 0x0}) pselect6(0x40, &(0x7f0000002e00)={0x8, 0x7fff, 0x7, 0x94f8, 0x25, 0x7ff, 0x3, 0xc44c}, &(0x7f0000002e40)={0x0, 0x2, 0x4, 0x2b1, 0x2, 0x1b65, 0x6, 0x1}, &(0x7f0000002e80)={0x800, 0xc4c, 0x1, 0x2, 0x6, 0x2, 0x8a, 0x2}, &(0x7f0000002f00)={r12, r13+10000000}, &(0x7f0000002f80)={&(0x7f0000002f40)={[0x6, 0x9]}, 0x8}) umount2(&(0x7f0000002fc0)='./file0\x00', 0x2) 32.339052ms ago: executing program 35 (id=831): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="170900000000000000000100000005000700000000000800090000000000060002000000000008000a000000000008001800ac1414aa08001900ffffffff14001b00fe"], 0x58}, 0x1, 0x0, 0x0, 0x4c000}, 0x0) r3 = openat$vmci(0xffffff9c, &(0x7f00000003c0), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000100)={@host}) r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000040)={@local}) syz_io_uring_setup(0x22d8, &(0x7f00000001c0)={0x0, 0x8a51, 0x2000, 0x1, 0xb8}, &(0x7f0000000140), &(0x7f0000000280)) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r4, 0x7a5, &(0x7f00000000c0)={{}, 0x1, 0x0, 0x5}) r5 = openat$tun(0xffffff9c, &(0x7f0000000000), 0x40, 0x0) r6 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$printer(r6, 0x0, 0x0) syz_usb_control_io(r6, 0x0, 0x0) r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0) ioctl$I2C_RDWR(r7, 0x707, &(0x7f0000000080)={&(0x7f00000000c0)=[{0x94, 0x7200, 0x0, 0x0}], 0x1}) syz_usb_control_io(r6, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000003d0007010000000000000000037c000004003080100001"], 0x3c}}, 0xc000) ioctl$TUNGETVNETBE(r5, 0x800454df, &(0x7f0000000040)) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=@newsa={0x1c4, 0x10, 0x633, 0x0, 0x0, {{@in=@broadcast, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {@in6=@loopback, 0x0, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {0x0, 0x0, 0xb898}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @algo_auth_trunc={0x8d, 0x14, {{'rmd160\x00'}, 0x208, 0x0, "e863654b40a7ad42118bc1dd69d07e3b05cf0dbc9a9aac6130f0d060cb0c958c133115ff9cbb79de1007f5583249a62fe4273013ec2c2cca44c3a2d388d9483ca3"}}]}, 0x1c4}}, 0x0) 0s ago: executing program 36 (id=833): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0xfffffffffffffffe, 0x0, {0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, {0x5, 0x20000000000000, 0x10000000000e068, 0x9, 0x3, 0x0, 0xfffffffe, 0x8000000, 0x4, 0xa000, 0x10000, 0x0, 0x0, 0x734, 0x200000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000000000000000000000000af1e4ccfb7b3cad800", [0x0, 0x2000000000001]}}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=@newsa={0x134, 0x10, 0x1, 0xfffffffe, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@local, 0x4e24, 0x71c, 0x0, 0x0, 0xa, 0x0, 0xc2ca4bd923256b4d, 0x32}, {@in=@loopback, 0x0, 0x6c}, @in=@remote, {0x0, 0x192, 0x9ba3, 0xffff, 0x251c, 0x3, 0x6, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x21, 0xffffffffffffffff}, {0xffffffff}, 0x80, 0x34ff, 0x2, 0x1}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x134}, 0x1, 0x0, 0x0, 0x2000c002}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f0000000240)="b9a00d0000b816000000ba000000000f30b9800000c00f3235000800000f30266726660f3821d50f0666baf80cb8bb71dc8bef66bafc0cb00fee0f20d835200000000f22d866b8f2008ee80f0f360d66ba6100ecb8009800000f23d00f21f8350000000c0f23f8"}], 0x1555555555555665, 0x61, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, &(0x7f0000000140)) sendmsg$FOU_CMD_GET(r3, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e24}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e23}, @FOU_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x4008010) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x7) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$alg(0x26, 0x5, 0x0) r6 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000400)=0xffffffffffffffff, 0x4) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000440)={{0x0, 0x4, 0x8, 0xfffffffffffffff9, 0x80000001, 0x8, 0x3, 0x378, 0x0, 0x3, 0xff, 0x7fff, 0x9, 0x200, 0x3}, 0x8, [0x0]}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r6, 0xc0709411, &(0x7f0000000640)={{r7, 0x9, 0x9, 0x7, 0x8001, 0x6d14, 0x7, 0x1ff, 0xff, 0xfffffff9, 0x5, 0xffff, 0x7, 0x3, 0x9}, 0x40, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000056544820e105080411250102030109021b00010000000009040000012ec25d000905d891"], 0x0) sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="d80100001c0001"], 0x1d8}}, 0x0) kernel console output (not intermixed with test programs): B Raw Gadget: couldn't find an available UDC or it's busy [ 175.781896][ T7162] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.889835][ T5899] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 175.908009][ T5899] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 175.928822][ T5899] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.996245][ T5899] aiptek 5-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 176.069028][ T5874] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 176.248788][ T7145] netlink: 196 bytes leftover after parsing attributes in process `syz.4.322'. [ 176.289218][ T5874] usb 1-1: Using ep0 maxpacket: 32 [ 176.299790][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.317313][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.344753][ T5874] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 176.363975][ T5874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.534338][ T7175] netlink: 12 bytes leftover after parsing attributes in process `syz.1.329'. [ 176.742955][ T5874] usb 1-1: config 0 descriptor?? [ 177.154742][ T1210] usb 5-1: USB disconnect, device number 13 [ 177.818473][ T5926] pwc: send_video_command error -71 [ 177.844884][ T5926] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 177.948185][ T5926] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71 [ 178.007085][ T5926] usb 4-1: USB disconnect, device number 16 [ 179.698794][ T5874] usbhid 1-1:0.0: can't add hid device: -71 [ 179.759099][ T5874] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 179.842399][ T5874] usb 1-1: USB disconnect, device number 14 [ 180.021788][ T7204] random: crng reseeded on system resumption [ 180.114520][ T7204] netlink: 12 bytes leftover after parsing attributes in process `syz.1.336'. [ 180.172290][ T7204] vlan2: entered promiscuous mode [ 180.179932][ T7204] ip6gretap0: entered promiscuous mode [ 180.410893][ T5874] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 180.603328][ T5874] usb 1-1: Using ep0 maxpacket: 16 [ 180.609024][ T5926] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 180.620522][ T5874] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 65, using maximum allowed: 30 [ 180.636037][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.656672][ T7219] fuse: Invalid rootmode [ 180.668506][ T5874] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 65 [ 180.719329][ T5874] usb 1-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 180.779318][ T5926] usb 4-1: Using ep0 maxpacket: 32 [ 180.786749][ T5926] usb 4-1: config 0 interface 0 has no altsetting 0 [ 180.788297][ T5874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.802796][ T5926] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 180.802827][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.802850][ T5926] usb 4-1: Product: syz [ 180.802866][ T5926] usb 4-1: Manufacturer: syz [ 180.802884][ T5926] usb 4-1: SerialNumber: syz [ 180.862148][ T5926] usb 4-1: config 0 descriptor?? [ 180.874941][ T5926] gs_usb 4-1:0.0: Required endpoints not found [ 181.107795][ T5926] usb 4-1: USB disconnect, device number 17 [ 181.212332][ T5874] usb 1-1: config 0 descriptor?? [ 181.706239][ T7203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.750241][ T7203] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.012233][ T5874] usbhid 1-1:0.0: can't add hid device: -71 [ 182.018323][ T5874] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 182.102119][ T7234] netlink: 12 bytes leftover after parsing attributes in process `syz.3.347'. [ 182.147796][ T5874] usb 1-1: USB disconnect, device number 15 [ 182.159261][ T7234] netlink: 12 bytes leftover after parsing attributes in process `syz.3.347'. [ 182.200901][ T7237] netlink: 36 bytes leftover after parsing attributes in process `syz.1.348'. [ 182.572882][ T7248] loop2: detected capacity change from 0 to 7 [ 182.584237][ T7248] Dev loop2: unable to read RDB block 7 [ 182.595394][ T7248] loop2: unable to read partition table [ 182.631588][ T7248] loop2: partition table beyond EOD, truncated [ 182.678244][ T7248] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 183.071867][ T7234] netlink: 12 bytes leftover after parsing attributes in process `syz.3.347'. [ 183.101645][ T7255] Cannot find del_set index 0 as target [ 183.169677][ T7234] netlink: 12 bytes leftover after parsing attributes in process `syz.3.347'. [ 183.326104][ T7260] tipc: Started in network mode [ 183.331296][ T7260] tipc: Node identity , cluster identity 4711 [ 183.708336][ T7234] netlink: 12 bytes leftover after parsing attributes in process `syz.3.347'. [ 183.718397][ T7234] netlink: 12 bytes leftover after parsing attributes in process `syz.3.347'. [ 183.783623][ T7266] netlink: 12 bytes leftover after parsing attributes in process `syz.0.356'. [ 183.814256][ T7266] vlan2: entered promiscuous mode [ 183.831544][ T5874] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 183.842697][ T7266] team0: entered promiscuous mode [ 183.872551][ T7266] team_slave_0: entered promiscuous mode [ 184.018981][ T5874] usb 3-1: Using ep0 maxpacket: 16 [ 184.026474][ T5874] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.038143][ T5874] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 184.053443][ T5874] usb 3-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 184.120550][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0 [ 184.196960][ T5874] usb 3-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00 [ 184.394012][ T5874] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.399555][ T5926] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 184.488570][ T5874] usb 3-1: config 0 descriptor?? [ 184.633097][ T5926] usb 2-1: config 0 has no interfaces? [ 184.750641][ T5926] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 184.763241][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.781227][ T5926] usb 2-1: Product: syz [ 184.834126][ T5926] usb 2-1: Manufacturer: syz [ 184.893655][ T7276] netlink: 'syz.0.360': attribute type 2 has an invalid length. [ 184.919109][ T5926] usb 2-1: SerialNumber: syz [ 184.950306][ T5926] usb 2-1: config 0 descriptor?? [ 185.107766][ T5874] hid-generic 0003:045E:05DA.0003: unknown main item tag 0x0 [ 185.236042][ T5874] hid-generic 0003:045E:05DA.0003: unknown main item tag 0x0 [ 185.306765][ T5874] hid-generic 0003:045E:05DA.0003: unknown main item tag 0x0 [ 185.349036][ T5874] hid-generic 0003:045E:05DA.0003: ignoring exceeding usage max [ 185.406345][ T5874] hid-generic 0003:045E:05DA.0003: unbalanced collection at end of report description [ 185.407179][ T5874] hid-generic 0003:045E:05DA.0003: probe with driver hid-generic failed with error -22 [ 185.430837][ T5874] usb 3-1: USB disconnect, device number 8 [ 185.542172][ T7286] netlink: 288 bytes leftover after parsing attributes in process `syz.4.362'. [ 186.131814][ T7294] loop2: detected capacity change from 0 to 7 [ 186.160637][ T7294] Dev loop2: unable to read RDB block 7 [ 186.195383][ T7294] loop2: unable to read partition table [ 186.217992][ T7294] loop2: partition table beyond EOD, truncated [ 186.249238][ T7294] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 186.460247][ T7298] netlink: 56 bytes leftover after parsing attributes in process `syz.4.368'. [ 186.483035][ T7298] netlink: 8 bytes leftover after parsing attributes in process `syz.4.368'. [ 187.431208][ T7310] netlink: 'syz.3.373': attribute type 2 has an invalid length. [ 188.169227][ T5899] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 188.170313][ T5926] usb 2-1: USB disconnect, device number 14 [ 188.330297][ T5899] usb 4-1: Using ep0 maxpacket: 32 [ 188.340764][ T7320] netlink: 16 bytes leftover after parsing attributes in process `syz.1.376'. [ 188.344710][ T5899] usb 4-1: unable to get BOS descriptor or descriptor too short [ 188.368166][ T7320] openvswitch: netlink: Missing key (keys=40, expected=80) [ 188.381442][ T5899] usb 4-1: config 128 has an invalid interface number: 127 but max is 3 [ 188.399977][ T5899] usb 4-1: config 128 contains an unexpected descriptor of type 0x2, skipping [ 188.410957][ T5899] usb 4-1: config 128 has an invalid interface number: 6 but max is 3 [ 188.419436][ T5899] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 188.431618][ T5899] usb 4-1: config 128 has 5 interfaces, different from the descriptor's value: 4 [ 188.442924][ T5899] usb 4-1: config 128 has no interface number 3 [ 188.449600][ T5899] usb 4-1: config 128 has no interface number 4 [ 188.458264][ T5899] usb 4-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 188.474552][ T5899] usb 4-1: too many endpoints for config 128 interface 6 altsetting 15: 96, using maximum allowed: 30 [ 188.485977][ T5899] usb 4-1: config 128 interface 6 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 96 [ 188.501719][ T5899] usb 4-1: config 128 interface 127 has no altsetting 0 [ 188.510073][ T5899] usb 4-1: config 128 interface 6 has no altsetting 0 [ 188.521712][ T5899] usb 4-1: config 128 interface 1 has no altsetting 0 [ 188.532465][ T5899] usb 4-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 188.555708][ T7322] xt_CT: You must specify a L4 protocol and not use inversions on it [ 188.573425][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.605192][ T5899] usb 4-1: Product: syz [ 188.629125][ T5899] usb 4-1: Manufacturer: syz [ 188.653964][ T5899] usb 4-1: SerialNumber: syz [ 188.932169][ T5899] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 189.006598][ T5899] usb 4-1: USB disconnect, device number 18 [ 189.125746][ T6053] udevd[6053]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:128.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 189.869407][ T5926] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 190.029541][ T1210] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 190.149008][ T5926] usb 3-1: Using ep0 maxpacket: 32 [ 190.156840][ T5926] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 190.296051][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 190.323737][ T1210] usb 5-1: config 0 has no interfaces? [ 190.333107][ T1210] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 190.345476][ T1210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.365998][ T1210] usb 5-1: Product: syz [ 190.410230][ T1210] usb 5-1: Manufacturer: syz [ 190.414872][ T1210] usb 5-1: SerialNumber: syz [ 190.502777][ T5926] usb 3-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 190.553555][ T1210] usb 5-1: config 0 descriptor?? [ 190.573616][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.588963][ T5926] usb 3-1: Product: syz [ 190.593204][ T5926] usb 3-1: Manufacturer: syz [ 190.597839][ T5926] usb 3-1: SerialNumber: syz [ 190.820065][ T5926] usb 3-1: config 0 descriptor?? [ 190.838404][ T5926] usb 3-1: no audio or video endpoints found [ 191.366408][ T7346] netlink: 452 bytes leftover after parsing attributes in process `syz.2.383'. [ 191.366431][ T7346] netlink: 452 bytes leftover after parsing attributes in process `syz.2.383'. [ 191.367567][ T5926] usb 3-1: USB disconnect, device number 9 [ 191.633256][ T7370] netlink: 'syz.3.387': attribute type 30 has an invalid length. [ 192.647620][ T5874] usb 5-1: USB disconnect, device number 14 [ 192.801081][ T7382] loop6: detected capacity change from 0 to 7 [ 192.846063][ T6053] Dev loop6: unable to read RDB block 7 [ 192.881390][ T6053] loop6: unable to read partition table [ 192.927505][ T6053] loop6: partition table beyond EOD, truncated [ 193.133499][ T7382] Dev loop6: unable to read RDB block 7 [ 193.139934][ T7382] loop6: unable to read partition table [ 193.147186][ T7382] loop6: partition table beyond EOD, truncated [ 193.221197][ T7382] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 193.289885][ T7388] xt_hashlimit: size too large, truncated to 1048576 [ 193.301572][ T7388] xt_hashlimit: overflow, try lower: 9223336852482686975/36028797018968064 [ 193.739405][ T1210] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 193.903010][ T1210] usb 2-1: Using ep0 maxpacket: 8 [ 193.915212][ T1210] usb 2-1: New USB device found, idVendor=0499, idProduct=1055, bcdDevice= 1.a4 [ 193.962593][ T1210] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.000974][ T1210] usb 2-1: Product: syz [ 194.028833][ T1210] usb 2-1: Manufacturer: syz [ 194.039756][ T1210] usb 2-1: SerialNumber: syz [ 194.055014][ T1210] usb 2-1: config 0 descriptor?? [ 194.417616][ T1210] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 194.548537][ T1210] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 194.649954][ T1210] usb 2-1: USB disconnect, device number 15 [ 194.818111][ T6053] udevd[6053]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 194.986540][ T7408] netlink: 12 bytes leftover after parsing attributes in process `syz.3.402'. [ 195.008735][ T7408] vlan2: entered promiscuous mode [ 195.017101][ T5913] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 195.169905][ T1210] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 195.247369][ T5913] usb 3-1: device descriptor read/64, error -71 [ 195.348983][ T1210] usb 1-1: Using ep0 maxpacket: 32 [ 195.378681][ T1210] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 195.409027][ T1210] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 195.428600][ T1210] usb 1-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 195.455254][ T1210] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.505596][ T1210] usb 1-1: Product: syz [ 195.519469][ T5913] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 195.524522][ T1210] usb 1-1: Manufacturer: syz [ 195.554935][ T1210] usb 1-1: SerialNumber: syz [ 195.571785][ T1210] usb 1-1: config 0 descriptor?? [ 195.591432][ T1210] usb 1-1: no audio or video endpoints found [ 195.692290][ T7427] loop2: detected capacity change from 0 to 7 [ 195.709361][ T7427] Dev loop2: unable to read RDB block 7 [ 195.719077][ T7427] loop2: unable to read partition table [ 195.726536][ T7427] loop2: partition table beyond EOD, truncated [ 195.749564][ T7427] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 195.838071][ T7405] netlink: 452 bytes leftover after parsing attributes in process `syz.0.401'. [ 195.848932][ T5913] usb 3-1: device descriptor read/64, error -71 [ 195.901533][ T7405] netlink: 452 bytes leftover after parsing attributes in process `syz.0.401'. [ 196.165710][ T5913] usb usb3-port1: attempt power cycle [ 196.225620][ T5874] usb 1-1: USB disconnect, device number 16 [ 196.509063][ T5913] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 196.778470][ T5913] usb 3-1: device descriptor read/8, error -71 [ 197.082443][ T5913] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 197.153225][ T5913] usb 3-1: device descriptor read/8, error -71 [ 197.284891][ T7442] loop2: detected capacity change from 0 to 7 [ 197.300101][ T5913] usb usb3-port1: unable to enumerate USB device [ 197.325675][ T7442] Dev loop2: unable to read RDB block 7 [ 197.339054][ T7442] loop2: unable to read partition table [ 197.351941][ T7442] loop2: partition table beyond EOD, truncated [ 197.382263][ T7442] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 197.530574][ T7445] ======================================================= [ 197.530574][ T7445] WARNING: The mand mount option has been deprecated and [ 197.530574][ T7445] and is ignored by this kernel. Remove the mand [ 197.530574][ T7445] option from the mount to silence this warning. [ 197.530574][ T7445] ======================================================= [ 197.874607][ T7455] netlink: 176 bytes leftover after parsing attributes in process `syz.4.414'. [ 197.885484][ T7455] @: renamed from vlan0 (while UP) [ 198.025191][ T7455] capability: warning: `syz.4.414' uses deprecated v2 capabilities in a way that may be insecure [ 198.519152][ T5913] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 198.689417][ T5913] usb 1-1: Using ep0 maxpacket: 32 [ 198.701279][ T5913] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 198.714309][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 198.730850][ T5913] usb 1-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 198.743822][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.762320][ T5913] usb 1-1: Product: syz [ 198.777310][ T5913] usb 1-1: Manufacturer: syz [ 198.789746][ T5913] usb 1-1: SerialNumber: syz [ 198.826060][ T5913] usb 1-1: config 0 descriptor?? [ 198.870091][ T5838] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 198.883545][ T5913] usb 1-1: no audio or video endpoints found [ 199.039338][ T5838] usb 3-1: Using ep0 maxpacket: 32 [ 199.046802][ T5838] usb 3-1: config 0 has an invalid descriptor of length 144, skipping remainder of the config [ 199.097364][ T7464] netlink: 452 bytes leftover after parsing attributes in process `syz.0.419'. [ 199.108718][ T5838] usb 3-1: config 0 interface 0 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 199.141521][ T7464] netlink: 452 bytes leftover after parsing attributes in process `syz.0.419'. [ 199.243584][ T5874] usb 1-1: USB disconnect, device number 17 [ 199.278688][ T5838] usb 3-1: config 0 interface 0 has no altsetting 0 [ 199.308373][ T5838] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 199.349198][ T5838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.378788][ T5838] usb 3-1: config 0 descriptor?? [ 199.398492][ T5838] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 199.483838][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.498905][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.608059][ T7466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 199.617173][ T7466] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 199.747481][ T7482] bridge_slave_0: left promiscuous mode [ 199.764281][ T7482] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.786560][ T7482] bridge_slave_1: left allmulticast mode [ 199.800169][ T7482] bridge_slave_1: left promiscuous mode [ 199.808368][ T7482] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.980789][ T7482] bond0: (slave bond_slave_0): Releasing backup interface [ 200.059776][ T7482] bond0: (slave bond_slave_1): Releasing backup interface [ 200.082568][ T7482] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 200.090876][ T7482] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 200.113966][ T7482] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 200.128354][ T7482] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 201.176787][ T7505] netlink: 'syz.0.425': attribute type 30 has an invalid length. [ 201.509313][ T5838] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 201.819424][ T5838] usb 2-1: config 0 has no interfaces? [ 201.840200][ T5838] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 201.858919][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.983526][ T5874] usb 3-1: USB disconnect, device number 14 [ 202.008928][ T5838] usb 2-1: Product: syz [ 202.056651][ T5838] usb 2-1: Manufacturer: syz [ 202.081492][ T5838] usb 2-1: SerialNumber: syz [ 202.132754][ T7512] random: crng reseeded on system resumption [ 202.165803][ T5838] usb 2-1: config 0 descriptor?? [ 202.206362][ T7512] netlink: 12 bytes leftover after parsing attributes in process `syz.4.432'. [ 202.371781][ T7512] vlan0: entered promiscuous mode [ 202.450423][ T7504] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 202.510562][ T7512] ip6gretap0: entered promiscuous mode [ 203.286427][ T7524] loop2: detected capacity change from 0 to 7 [ 203.286897][ T7527] loop6: detected capacity change from 0 to 7 [ 203.322964][ T7524] Dev loop2: unable to read RDB block 7 [ 203.328625][ T7524] loop2: unable to read partition table [ 203.342449][ T7527] Dev loop6: unable to read RDB block 7 [ 203.368468][ T7524] loop2: partition table beyond EOD, truncated [ 203.379563][ T7527] loop6: unable to read partition table [ 203.385321][ T7524] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 203.395559][ T7529] tipc: Started in network mode [ 203.412917][ T7529] tipc: Node identity , cluster identity 4711 [ 203.420292][ T7527] loop6: partition table beyond EOD, truncated [ 203.444983][ T5206] Dev loop2: unable to read RDB block 7 [ 203.455013][ T7527] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 203.482997][ T5206] loop2: unable to read partition table [ 203.507085][ T5206] loop2: partition table beyond EOD, truncated [ 203.529277][ T5874] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 203.647149][ T5206] Dev loop2: unable to read RDB block 7 [ 203.669128][ T5206] loop2: unable to read partition table [ 203.693335][ T5206] loop2: partition table beyond EOD, truncated [ 203.714205][ T5874] usb 4-1: Using ep0 maxpacket: 32 [ 203.757415][ T5874] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 203.781167][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 203.819649][ T5874] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 203.835630][ T7536] netlink: 8 bytes leftover after parsing attributes in process `syz.4.442'. [ 203.846605][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.872086][ T5874] usb 4-1: Product: syz [ 203.880070][ T5874] usb 4-1: Manufacturer: syz [ 203.928313][ T5874] usb 4-1: SerialNumber: syz [ 204.010013][ T5874] usb 4-1: config 0 descriptor?? [ 204.026190][ T5874] usb 4-1: no audio or video endpoints found [ 204.121009][ T7536] vlan0: entered allmulticast mode [ 204.222137][ T7544] tipc: Started in network mode [ 204.231605][ T7524] netlink: 452 bytes leftover after parsing attributes in process `syz.3.435'. [ 204.259939][ T7524] netlink: 452 bytes leftover after parsing attributes in process `syz.3.435'. [ 204.279290][ T7544] tipc: Node identity , cluster identity 4711 [ 204.281136][ T1210] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 204.304505][ T5874] usb 4-1: USB disconnect, device number 19 [ 205.033725][ T5913] usb 2-1: USB disconnect, device number 16 [ 205.784611][ T1210] usb 3-1: unable to get BOS descriptor or descriptor too short [ 205.798720][ T1210] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 205.849156][ T1210] usb 3-1: can't read configurations, error -71 [ 206.474405][ T7576] loop2: detected capacity change from 0 to 7 [ 206.512203][ T7576] Dev loop2: unable to read RDB block 7 [ 206.528180][ T7576] loop2: unable to read partition table [ 206.548675][ T7576] loop2: partition table beyond EOD, truncated [ 206.591773][ T7576] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 206.882139][ T7587] loop2: detected capacity change from 0 to 7 [ 206.915472][ T7587] Dev loop2: unable to read RDB block 7 [ 206.938554][ T7587] loop2: unable to read partition table [ 206.957855][ T7587] loop2: partition table beyond EOD, truncated [ 206.977523][ T7587] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 207.169095][ T5913] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 207.202624][ T5206] Dev loop2: unable to read RDB block 7 [ 207.318606][ T5206] loop2: unable to read partition table [ 207.335613][ T5206] loop2: partition table beyond EOD, truncated [ 207.376818][ T5874] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 207.399010][ T5913] usb 5-1: Using ep0 maxpacket: 16 [ 207.407469][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 207.442738][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 207.493281][ T5913] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 207.506756][ T5913] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 207.524658][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.550061][ T5913] usb 5-1: config 0 descriptor?? [ 207.555953][ T5206] Dev loop2: unable to read RDB block 7 [ 207.563245][ T5874] usb 4-1: Using ep0 maxpacket: 32 [ 207.572835][ T5874] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 207.584995][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 207.609052][ T5206] loop2: unable to read partition table [ 207.629688][ T5874] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 207.641354][ T5206] loop2: partition table beyond EOD, truncated [ 207.652604][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.667313][ T5874] usb 4-1: Product: syz [ 207.680392][ T5874] usb 4-1: Manufacturer: syz [ 207.726751][ T5874] usb 4-1: SerialNumber: syz [ 207.787211][ T7585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.796907][ T7585] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.804481][ T5874] usb 4-1: config 0 descriptor?? [ 207.846973][ T5874] usb 4-1: no audio or video endpoints found [ 207.874627][ T5206] Dev loop2: unable to read RDB block 7 [ 207.880559][ T5206] loop2: unable to read partition table [ 207.903030][ T5206] loop2: partition table beyond EOD, truncated [ 208.061858][ T7587] netlink: 452 bytes leftover after parsing attributes in process `syz.3.458'. [ 208.064488][ T5913] microsoft 0003:045E:07DA.0004: ignoring exceeding usage max [ 208.071381][ T7587] netlink: 452 bytes leftover after parsing attributes in process `syz.3.458'. [ 208.106180][ T5913] microsoft 0003:045E:07DA.0004: item 0 4 0 11 parsing failed [ 208.123924][ T5913] microsoft 0003:045E:07DA.0004: parse failed [ 208.144167][ T5913] microsoft 0003:045E:07DA.0004: probe with driver microsoft failed with error -22 [ 208.207772][ T5838] usb 4-1: USB disconnect, device number 20 [ 208.310091][ T5874] usb 5-1: USB disconnect, device number 15 [ 208.757876][ T7613] netlink: 16 bytes leftover after parsing attributes in process `syz.2.465'. [ 208.777456][ T7613] openvswitch: netlink: Missing key (keys=40, expected=80) [ 208.872933][ T7614] xt_CT: You must specify a L4 protocol and not use inversions on it [ 209.685629][ T7621] netlink: 12 bytes leftover after parsing attributes in process `syz.3.466'. [ 209.704978][ T7626] fuse: Unknown parameter 'fd0x0000000000000005' [ 210.499503][ T5926] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 210.675067][ T5926] usb 4-1: config 2 has an invalid interface number: 108 but max is 0 [ 210.711192][ T5926] usb 4-1: config 2 has an invalid descriptor of length 255, skipping remainder of the config [ 210.773219][ T5926] usb 4-1: config 2 has no interface number 0 [ 210.808979][ T5926] usb 4-1: config 2 interface 108 has no altsetting 0 [ 210.850585][ T7641] bond0: Error: Cannot enslave bond to itself. [ 210.862362][ T5926] usb 4-1: New USB device found, idVendor=129b, idProduct=160c, bcdDevice=5b.d8 [ 210.899480][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.907557][ T5926] usb 4-1: Product: syz [ 210.937639][ T5926] usb 4-1: Manufacturer: syz [ 210.947963][ T5926] usb 4-1: SerialNumber: syz [ 211.099331][ T5943] usb 5-1: new low-speed USB device number 16 using dummy_hcd [ 211.197094][ T5926] usb 4-1: Could not find all expected endpoints [ 211.209478][ T5920] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 211.245164][ T5926] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 211.252479][ T5943] usb 5-1: device descriptor read/64, error -71 [ 211.260278][ T5926] usb 4-1: MIDIStreaming interface descriptor not found [ 211.284108][ T7650] loop2: detected capacity change from 0 to 7 [ 211.293561][ T7650] Dev loop2: unable to read RDB block 7 [ 211.315737][ T7650] loop2: unable to read partition table [ 211.332252][ T7650] loop2: partition table beyond EOD, truncated [ 211.352088][ T5926] usb 4-1: USB disconnect, device number 21 [ 211.356801][ T7650] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 211.400136][ T5920] usb 1-1: Using ep0 maxpacket: 8 [ 211.412721][ T5920] usb 1-1: config 2 has an invalid interface number: 226 but max is 0 [ 211.427816][ T5920] usb 1-1: config 2 has no interface number 0 [ 211.435393][ T5920] usb 1-1: config 2 interface 226 altsetting 91 endpoint 0xD has invalid maxpacket 512, setting to 64 [ 211.437017][ T6053] udevd[6053]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:2.108/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 211.451256][ T5920] usb 1-1: config 2 interface 226 altsetting 91 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 211.480402][ T5920] usb 1-1: config 2 interface 226 altsetting 91 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 211.497116][ T5920] usb 1-1: config 2 interface 226 has no altsetting 0 [ 211.514282][ T5920] usb 1-1: New USB device found, idVendor=05c8, idProduct=0403, bcdDevice=d4.d4 [ 211.519501][ T5943] usb 5-1: new low-speed USB device number 17 using dummy_hcd [ 211.528090][ T5920] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.542028][ T5920] usb 1-1: Product: syz [ 211.546241][ T5920] usb 1-1: Manufacturer: syz [ 211.551430][ T5920] usb 1-1: SerialNumber: syz [ 211.629990][ T5838] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 211.659123][ T5943] usb 5-1: device descriptor read/64, error -71 [ 211.770034][ T5943] usb usb5-port1: attempt power cycle [ 211.770336][ T5920] usb 1-1: Found UVC 0.00 device syz (05c8:0403) [ 211.783530][ T5920] usb 1-1: No valid video chain found. [ 211.801025][ T5920] usb 1-1: USB disconnect, device number 18 [ 211.801277][ T7628] Bluetooth: hci2: command 0x0406 tx timeout [ 211.807228][ T7627] Bluetooth: hci3: command 0x0406 tx timeout [ 211.815783][ T5838] usb 2-1: Using ep0 maxpacket: 32 [ 211.821458][ T7627] Bluetooth: hci1: command 0x0406 tx timeout [ 211.829690][ T7628] Bluetooth: hci4: command 0x0406 tx timeout [ 211.851076][ T5838] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 211.864225][ T5838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 211.879570][ T5838] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 211.889278][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.897580][ T5838] usb 2-1: Product: syz [ 211.902275][ T5838] usb 2-1: Manufacturer: syz [ 211.911772][ T5838] usb 2-1: SerialNumber: syz [ 211.919861][ T5838] usb 2-1: config 0 descriptor?? [ 211.933243][ T5838] usb 2-1: no audio or video endpoints found [ 212.020856][ T5206] Dev loop2: unable to read RDB block 7 [ 212.036146][ T5206] loop2: unable to read partition table [ 212.050989][ T5206] loop2: partition table beyond EOD, truncated [ 212.156091][ T5943] usb 5-1: new low-speed USB device number 18 using dummy_hcd [ 212.173867][ T7650] netlink: 452 bytes leftover after parsing attributes in process `syz.1.476'. [ 212.194231][ T5943] usb 5-1: device descriptor read/8, error -71 [ 212.200693][ T7650] netlink: 452 bytes leftover after parsing attributes in process `syz.1.476'. [ 212.216122][ T5838] usb 2-1: USB disconnect, device number 17 [ 212.469558][ T5943] usb 5-1: new low-speed USB device number 19 using dummy_hcd [ 212.514523][ T5943] usb 5-1: device descriptor read/8, error -71 [ 212.630271][ T5943] usb usb5-port1: unable to enumerate USB device [ 213.960307][ T7679] fuse: Unknown parameter 'fd0x0000000000000005' [ 215.553012][ T7690] netlink: 'syz.4.486': attribute type 10 has an invalid length. [ 215.769646][ T7690] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode [ 215.795563][ T7690] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 215.866912][ T7689] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 215.900617][ T7698] loop6: detected capacity change from 0 to 524287999 [ 215.920725][ T7698] buffer_io_error: 23 callbacks suppressed [ 215.920744][ T7698] Buffer I/O error on dev loop6, logical block 0, async page read [ 215.940070][ T7698] Buffer I/O error on dev loop6, logical block 0, async page read [ 215.971730][ T7699] loop2: detected capacity change from 0 to 524287998 [ 216.049123][ T7698] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.078121][ T7698] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.087620][ T12] Buffer I/O error on dev loop6, logical block 65535968, async page read [ 216.137878][ C0] I/O error, dev loop2, sector 524287744 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 0 [ 216.148345][ T6694] Buffer I/O error on dev loop2, logical block 65535968, async page read [ 216.180176][ T7698] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.188391][ T7698] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.211164][ T7698] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.250703][ T7698] Buffer I/O error on dev loop6, logical block 0, async page read [ 216.283760][ T7698] ldm_validate_partition_table(): Disk read failed. [ 216.302795][ T7698] Dev loop6: unable to read RDB block 0 [ 216.322511][ T7698] loop6: unable to read partition table [ 216.333905][ T7698] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 216.519405][ T5874] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 216.681326][ T5874] usb 4-1: Using ep0 maxpacket: 32 [ 216.702850][ T5874] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 216.718926][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 216.787124][ T5874] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 216.796729][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.805122][ T5874] usb 4-1: Product: syz [ 216.814742][ T5874] usb 4-1: Manufacturer: syz [ 216.819889][ T5874] usb 4-1: SerialNumber: syz [ 216.827707][ T5874] usb 4-1: config 0 descriptor?? [ 216.839062][ T5899] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 216.849918][ T5874] usb 4-1: no audio or video endpoints found [ 216.998978][ T5943] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 216.999174][ T5899] usb 1-1: Using ep0 maxpacket: 16 [ 217.027963][ T5899] usb 1-1: config 0 has an invalid descriptor of length 33, skipping remainder of the config [ 217.051115][ T7701] netlink: 452 bytes leftover after parsing attributes in process `syz.3.490'. [ 217.062886][ T5899] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 217.074848][ T7701] netlink: 452 bytes leftover after parsing attributes in process `syz.3.490'. [ 217.088261][ T5899] usb 1-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 217.104570][ T5899] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.114695][ T5874] usb 4-1: USB disconnect, device number 22 [ 217.146333][ T5899] usb 1-1: config 0 descriptor?? [ 217.161679][ T5943] usb 5-1: Using ep0 maxpacket: 32 [ 217.171629][ T5943] usb 5-1: config 0 has an invalid descriptor of length 144, skipping remainder of the config [ 217.191185][ T5943] usb 5-1: config 0 interface 0 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 217.242901][ T5943] usb 5-1: config 0 interface 0 has no altsetting 0 [ 217.260984][ T5943] usb 5-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 217.271268][ T5943] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.283091][ T5943] usb 5-1: config 0 descriptor?? [ 217.293654][ T5943] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 217.520913][ T7712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 217.530124][ T7712] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 217.674310][ T7727] bridge_slave_0: left promiscuous mode [ 217.680390][ T7727] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.742558][ T7727] bridge_slave_1: left allmulticast mode [ 217.748478][ T7727] bridge_slave_1: left promiscuous mode [ 217.754737][ T7727] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.820178][ T7727] bond0: (slave bond_slave_0): Releasing backup interface [ 217.828235][ T7727] bond_slave_0: left promiscuous mode [ 217.859629][ T7727] bond0: (slave bond_slave_1): Releasing backup interface [ 217.882066][ T7727] bond_slave_1: left promiscuous mode [ 217.942860][ T7727] team0: Port device team_slave_0 removed [ 217.983723][ T7727] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 217.998723][ T7727] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.051842][ T7727] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.062071][ T7727] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.186050][ T7735] netlink: 'syz.3.501': attribute type 1 has an invalid length. [ 218.266852][ T7727] bond0: (slave wlan1): Releasing backup interface [ 218.370707][ T7727] mac80211_hwsim hwsim7 wlan1: left promiscuous mode [ 219.612112][ T5913] usb 1-1: USB disconnect, device number 19 [ 219.801767][ T7761] loop2: detected capacity change from 0 to 7 [ 219.832351][ T5874] usb 5-1: USB disconnect, device number 20 [ 219.904676][ T7727] syz.4.495 (7727) used greatest stack depth: 19336 bytes left [ 219.943335][ T6000] Dev loop2: unable to read RDB block 7 [ 220.029745][ T6000] loop2: unable to read partition table [ 220.035702][ T6000] loop2: partition table beyond EOD, truncated [ 220.117752][ T7761] Dev loop2: unable to read RDB block 7 [ 220.169438][ T5899] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 220.179003][ T7761] loop2: unable to read partition table [ 220.191326][ T7761] loop2: partition table beyond EOD, truncated [ 220.532805][ T1210] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 220.539021][ T7761] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 220.595290][ T5206] Dev loop2: unable to read RDB block 7 [ 220.608721][ T5206] loop2: unable to read partition table [ 220.634361][ T5899] usb 1-1: config 0 has no interfaces? [ 220.649618][ T5206] loop2: partition table beyond EOD, truncated [ 220.676333][ T5899] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 220.709764][ T1210] usb 4-1: Using ep0 maxpacket: 32 [ 220.726077][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.737219][ T1210] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 220.773813][ T5899] usb 1-1: Product: syz [ 220.778040][ T5899] usb 1-1: Manufacturer: syz [ 220.793410][ T1210] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 220.835152][ T5899] usb 1-1: SerialNumber: syz [ 220.875521][ T1210] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 220.906505][ T5899] usb 1-1: config 0 descriptor?? [ 220.925754][ T1210] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.997665][ T1210] usb 4-1: Product: syz [ 221.038662][ T1210] usb 4-1: Manufacturer: syz [ 221.087873][ T1210] usb 4-1: SerialNumber: syz [ 221.153360][ T1210] usb 4-1: config 0 descriptor?? [ 221.166901][ T5206] Dev loop2: unable to read RDB block 7 [ 221.211387][ T5206] loop2: unable to read partition table [ 221.218459][ T5206] loop2: partition table beyond EOD, truncated [ 221.220525][ T1210] usb 4-1: no audio or video endpoints found [ 221.368812][ T7761] netlink: 452 bytes leftover after parsing attributes in process `syz.3.511'. [ 221.399469][ T7761] netlink: 452 bytes leftover after parsing attributes in process `syz.3.511'. [ 221.428130][ T1210] usb 4-1: USB disconnect, device number 23 [ 222.723057][ T5943] usb 1-1: USB disconnect, device number 20 [ 223.091997][ T7805] tipc: Started in network mode [ 223.108597][ T7805] tipc: Node identity , cluster identity 4711 [ 223.500807][ T7809] fuse: Unknown parameter 'uid>00000000000000000000' [ 223.669087][ T7796] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 224.322277][ T7801] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.524'. [ 224.331897][ T7801] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 224.341038][ T7801] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 224.694864][ T7821] loop2: detected capacity change from 0 to 7 [ 224.727645][ T6053] Dev loop2: unable to read RDB block 7 [ 224.758944][ T6053] loop2: unable to read partition table [ 224.796226][ T6053] loop2: partition table beyond EOD, truncated [ 224.882702][ T7821] Dev loop2: unable to read RDB block 7 [ 224.888326][ T7821] loop2: unable to read partition table [ 224.899802][ T7827] loop6: detected capacity change from 0 to 7 [ 224.920137][ T7821] loop2: partition table beyond EOD, truncated [ 224.930235][ T7827] Dev loop6: unable to read RDB block 7 [ 224.947908][ T7827] loop6: unable to read partition table [ 224.964056][ T7827] loop6: partition table beyond EOD, truncated [ 224.969292][ T7821] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 224.979328][ T7827] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 225.086763][ T5899] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 225.168710][ T5206] Dev loop2: unable to read RDB block 7 [ 225.175682][ T5206] loop2: unable to read partition table [ 225.182316][ T5206] loop2: partition table beyond EOD, truncated [ 225.264450][ T5899] usb 2-1: Using ep0 maxpacket: 32 [ 225.274911][ T5899] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 225.292793][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 225.307818][ T5899] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 225.333758][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.361819][ T5899] usb 2-1: Product: syz [ 225.366082][ T5899] usb 2-1: Manufacturer: syz [ 225.379852][ T5899] usb 2-1: SerialNumber: syz [ 225.407475][ T7838] xt_hashlimit: size too large, truncated to 1048576 [ 225.420260][ T5899] usb 2-1: config 0 descriptor?? [ 225.442940][ T5899] usb 2-1: no audio or video endpoints found [ 225.450150][ T7838] xt_hashlimit: overflow, try lower: 9223336852482686975/36028797018968064 [ 225.639322][ T5913] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 225.659636][ T7821] netlink: 452 bytes leftover after parsing attributes in process `syz.1.530'. [ 225.668663][ T7821] netlink: 452 bytes leftover after parsing attributes in process `syz.1.530'. [ 225.705058][ T5943] usb 2-1: USB disconnect, device number 18 [ 225.842021][ T5913] usb 5-1: unable to get BOS descriptor or descriptor too short [ 225.855209][ T5913] usb 5-1: not running at top speed; connect to a high speed hub [ 225.865108][ T5913] usb 5-1: config 17 has an invalid interface number: 8 but max is 1 [ 225.874577][ T5913] usb 5-1: config 17 has 1 interface, different from the descriptor's value: 2 [ 225.885318][ T5913] usb 5-1: config 17 has no interface number 0 [ 225.892026][ T5913] usb 5-1: config 17 interface 8 altsetting 6 endpoint 0x3 has an invalid bInterval 0, changing to 4 [ 225.904044][ T5913] usb 5-1: config 17 interface 8 has no altsetting 0 [ 225.934979][ T5913] usb 5-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff [ 225.946278][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.957492][ T5913] usb 5-1: Product: syz [ 225.963137][ T5913] usb 5-1: Manufacturer: syz [ 225.968241][ T5913] usb 5-1: SerialNumber: syz [ 226.243298][ T7833] netlink: 140 bytes leftover after parsing attributes in process `syz.4.534'. [ 226.244968][ T7845] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 226.404856][ T7833] netlink: 140 bytes leftover after parsing attributes in process `syz.4.534'. [ 226.909402][ T5943] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 227.159011][ T5845] Bluetooth: hci0: command 0x0406 tx timeout [ 227.342798][ T5943] usb 3-1: Using ep0 maxpacket: 8 [ 227.437980][ T7849] delete_channel: no stack [ 227.457718][ T5943] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 227.541594][ T5943] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 227.622536][ T5943] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 227.666546][ T5943] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 227.730400][ T5943] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 227.761057][ T5943] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.023791][ T5943] usb 3-1: GET_CAPABILITIES returned 0 [ 228.049104][ T5943] usbtmc 3-1:16.0: can't read capabilities [ 228.422802][ T5913] usb 5-1: selecting invalid altsetting 0 [ 228.436198][ T5913] usb 5-1: 8:6 : no UAC_FORMAT_TYPE desc [ 228.443002][ T5913] usb 5-1: selecting invalid altsetting 0 [ 228.503901][ T5913] usb 5-1: USB disconnect, device number 21 [ 228.677562][ T7857] openvswitch: netlink: Duplicate or invalid key (type 0). [ 228.707632][ T7857] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 229.268154][ T7875] loop2: detected capacity change from 0 to 7 [ 229.278385][ T7875] Dev loop2: unable to read RDB block 7 [ 229.289530][ T7875] loop2: unable to read partition table [ 229.297218][ T7875] loop2: partition table beyond EOD, truncated [ 229.308992][ T7875] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 229.864054][ T1210] usb 3-1: USB disconnect, device number 18 [ 230.123805][ T7881] macsec1: entered allmulticast mode [ 230.147451][ T7881] hsr0: entered allmulticast mode [ 230.172110][ T7881] hsr_slave_0: entered allmulticast mode [ 230.221690][ T7881] hsr_slave_1: entered allmulticast mode [ 230.279845][ T7881] hsr0: left allmulticast mode [ 230.322234][ T7881] hsr_slave_0: left allmulticast mode [ 230.339044][ T7881] hsr_slave_1: left allmulticast mode [ 230.475346][ T7890] netlink: 48 bytes leftover after parsing attributes in process `syz.2.549'. [ 231.118742][ T7891] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 231.169531][ T1210] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 231.217792][ T7903] netlink: 'syz.0.555': attribute type 1 has an invalid length. [ 231.342718][ T1210] usb 5-1: config 0 has no interfaces? [ 231.359936][ T7903] 8021q: adding VLAN 0 to HW filter on device bond2 [ 231.367927][ T7907] lo: entered promiscuous mode [ 231.414662][ T7907] tunl0: entered promiscuous mode [ 231.426158][ T1210] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 231.458569][ T1210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.459949][ T7907] gre0: entered promiscuous mode [ 231.467730][ T1210] usb 5-1: Product: syz [ 231.476304][ T1210] usb 5-1: Manufacturer: syz [ 231.486082][ T1210] usb 5-1: SerialNumber: syz [ 231.502933][ T1210] usb 5-1: config 0 descriptor?? [ 231.744382][ T7907] gretap0: entered promiscuous mode [ 231.756731][ T7907] erspan0: entered promiscuous mode [ 231.832488][ T7907] ip_vti0: entered promiscuous mode [ 231.858432][ T7907] ip6_vti0: entered promiscuous mode [ 231.876487][ T7907] sit0: entered promiscuous mode [ 231.902226][ T1210] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 232.044895][ T7907] ip6tnl0: entered promiscuous mode [ 232.073058][ T1210] usb 3-1: Using ep0 maxpacket: 32 [ 232.091887][ T1210] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 232.112925][ T7907] ip6gre0: entered promiscuous mode [ 232.126714][ T1210] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 232.144886][ T7907] syz_tun: entered promiscuous mode [ 232.160063][ T7907] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.167237][ T7907] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.175023][ T7907] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.182248][ T7907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.198059][ T1210] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 232.217170][ T1210] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.226335][ T7907] bridge0: entered promiscuous mode [ 232.243718][ T1210] usb 3-1: config 0 descriptor?? [ 232.376743][ T7907] vcan0: entered promiscuous mode [ 232.408611][ T7907] dummy0: entered promiscuous mode [ 232.428310][ T7907] nlmon0: entered promiscuous mode [ 232.463065][ T7907] caif0: entered promiscuous mode [ 232.468184][ T7907] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 232.510227][ T7912] netlink: 27 bytes leftover after parsing attributes in process `syz.2.558'. [ 232.797364][ T1210] usbhid 3-1:0.0: can't add hid device: -71 [ 232.837036][ T1210] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 232.895838][ T1210] usb 3-1: USB disconnect, device number 19 [ 233.539380][ T5874] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 233.720655][ T5874] usb 3-1: config 0 has no interfaces? [ 233.744740][ T5874] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 233.757352][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.774390][ T5874] usb 3-1: Product: syz [ 233.802175][ T5874] usb 3-1: Manufacturer: syz [ 233.827657][ T5874] usb 3-1: SerialNumber: syz [ 233.930917][ T5874] usb 3-1: config 0 descriptor?? [ 233.939764][ T7948] loop2: detected capacity change from 0 to 7 [ 233.954562][ T7948] Dev loop2: unable to read RDB block 7 [ 233.986497][ T7948] loop2: unable to read partition table [ 234.083535][ T7948] loop2: partition table beyond EOD, truncated [ 234.213595][ T5926] usb 5-1: USB disconnect, device number 22 [ 234.314971][ T7937] netlink: 4 bytes leftover after parsing attributes in process `syz.2.564'. [ 234.324104][ T7937] netlink: 4 bytes leftover after parsing attributes in process `syz.2.564'. [ 234.333668][ T5838] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 234.341770][ T7948] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 234.584649][ T5838] usb 2-1: Using ep0 maxpacket: 32 [ 234.590261][ T5838] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 234.590288][ T5838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 234.597604][ T5838] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 234.597630][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.597646][ T5838] usb 2-1: Product: syz [ 234.597658][ T5838] usb 2-1: Manufacturer: syz [ 234.597669][ T5838] usb 2-1: SerialNumber: syz [ 234.605375][ T5838] usb 2-1: config 0 descriptor?? [ 234.610814][ T5838] usb 2-1: no audio or video endpoints found [ 234.826317][ T7948] netlink: 452 bytes leftover after parsing attributes in process `syz.1.570'. [ 234.826347][ T7948] netlink: 452 bytes leftover after parsing attributes in process `syz.1.570'. [ 234.833396][ T5920] usb 2-1: USB disconnect, device number 19 [ 234.929627][ T7943] netlink: 1284 bytes leftover after parsing attributes in process `syz.0.567'. [ 235.590408][ T7969] loop2: detected capacity change from 0 to 7 [ 235.600760][ T7969] Dev loop2: unable to read RDB block 7 [ 235.600815][ T7969] loop2: unable to read partition table [ 235.601052][ T7969] loop2: partition table beyond EOD, truncated [ 235.601096][ T7969] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 235.947386][ T7971] netlink: 28 bytes leftover after parsing attributes in process `syz.1.575'. [ 235.947428][ T7971] netlink: 28 bytes leftover after parsing attributes in process `syz.1.575'. [ 236.453072][ T7976] Cannot find del_set index 0 as target [ 236.589716][ T5874] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 236.767040][ T5874] usb 2-1: unable to get BOS descriptor or descriptor too short [ 236.790504][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 236.832633][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 236.860992][ T5874] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x88 has invalid maxpacket 0 [ 236.922179][ T5874] usb 2-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=b5.39 [ 236.936074][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.978735][ T5874] usb 2-1: Product: syz [ 236.994199][ T5874] usb 2-1: Manufacturer: syz [ 237.052420][ T5874] usb 2-1: SerialNumber: syz [ 237.101989][ T5874] usb 2-1: config 0 descriptor?? [ 237.124289][ T5874] pn533_usb 2-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint [ 237.464259][ T5838] usb 2-1: USB disconnect, device number 20 [ 237.510589][ T7986] netlink: 8 bytes leftover after parsing attributes in process `syz.4.579'. [ 237.642357][ T5874] usb 3-1: USB disconnect, device number 20 [ 237.791674][ T7988] loop6: detected capacity change from 0 to 7 [ 237.802512][ T7988] Dev loop6: unable to read RDB block 7 [ 237.808169][ T7988] loop6: unable to read partition table [ 237.825333][ T7988] loop6: partition table beyond EOD, truncated [ 237.834213][ T7988] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 238.236834][ T7997] loop2: detected capacity change from 0 to 7 [ 238.337696][ T6053] Dev loop2: unable to read RDB block 7 [ 238.395741][ T6053] loop2: unable to read partition table [ 238.414367][ T6053] loop2: partition table beyond EOD, truncated [ 238.514557][ T7997] Dev loop2: unable to read RDB block 7 [ 238.529404][ T7997] loop2: unable to read partition table [ 238.556353][ T7997] loop2: partition table beyond EOD, truncated [ 238.588977][ T7997] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 238.639201][ T5838] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 238.699136][ T5926] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 238.736278][ T8003] random: crng reseeded on system resumption [ 238.775463][ T8003] netlink: 12 bytes leftover after parsing attributes in process `syz.3.587'. [ 238.805219][ T5838] usb 1-1: Using ep0 maxpacket: 32 [ 238.812199][ T5838] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 238.824060][ T5838] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 238.858580][ T5838] usb 1-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 238.868546][ T5838] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.888562][ T8003] vlan2: entered promiscuous mode [ 238.914575][ T5838] usb 1-1: Product: syz [ 238.925826][ T5838] usb 1-1: Manufacturer: syz [ 238.942823][ T5926] usb 2-1: config 0 has no interfaces? [ 238.956193][ T5926] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 238.965729][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.982053][ T5838] usb 1-1: SerialNumber: syz [ 239.004231][ T5926] usb 2-1: Product: syz [ 239.013739][ T5838] usb 1-1: config 0 descriptor?? [ 239.024454][ T5926] usb 2-1: Manufacturer: syz [ 239.033429][ T5926] usb 2-1: SerialNumber: syz [ 239.043739][ T5838] usb 1-1: no audio or video endpoints found [ 239.054521][ T5926] usb 2-1: config 0 descriptor?? [ 239.235885][ T7997] netlink: 452 bytes leftover after parsing attributes in process `syz.0.584'. [ 239.258824][ T7997] netlink: 452 bytes leftover after parsing attributes in process `syz.0.584'. [ 239.338512][ T5926] usb 1-1: USB disconnect, device number 21 [ 239.370416][ T8012] netlink: 4 bytes leftover after parsing attributes in process `syz.3.588'. [ 240.326509][ T8016] random: crng reseeded on system resumption [ 240.676497][ T8022] vlan2: entered promiscuous mode [ 241.187248][ T8029] netlink: 12 bytes leftover after parsing attributes in process `syz.3.592'. [ 241.837168][ T8035] tipc: Started in network mode [ 241.842231][ T8035] tipc: Node identity , cluster identity 4711 [ 242.177255][ T8045] loop2: detected capacity change from 0 to 7 [ 242.251596][ T8045] Dev loop2: unable to read RDB block 7 [ 242.295725][ T8045] loop2: unable to read partition table [ 242.329348][ T8045] loop2: partition table beyond EOD, truncated [ 242.377200][ T8045] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 242.398726][ T5874] usb 2-1: USB disconnect, device number 21 [ 242.582937][ T8047] loop2: detected capacity change from 0 to 7 [ 242.593762][ T8049] tipc: Started in network mode [ 242.598694][ T8049] tipc: Node identity , cluster identity 4711 [ 242.615893][ T6000] Dev loop2: unable to read RDB block 7 [ 242.639287][ T6000] loop2: unable to read partition table [ 242.671047][ T6000] loop2: partition table beyond EOD, truncated [ 242.681206][ T8047] Dev loop2: unable to read RDB block 7 [ 242.686858][ T8047] loop2: unable to read partition table [ 242.709364][ T8047] loop2: partition table beyond EOD, truncated [ 242.727301][ T8052] hsr0: entered promiscuous mode [ 242.735963][ T8047] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 242.764737][ T8052] macsec1: entered allmulticast mode [ 242.790105][ T8052] hsr0: entered allmulticast mode [ 242.803456][ T8052] hsr_slave_0: entered allmulticast mode [ 242.818158][ T8052] hsr_slave_1: entered allmulticast mode [ 242.838798][ T8052] hsr0: left allmulticast mode [ 242.843927][ T8052] hsr_slave_0: left allmulticast mode [ 242.851953][ T8052] hsr_slave_1: left allmulticast mode [ 242.888997][ T5920] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 243.064107][ T5920] usb 5-1: Using ep0 maxpacket: 32 [ 243.096041][ T5920] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 243.110574][ T5206] Dev loop2: unable to read RDB block 7 [ 243.116218][ T5206] loop2: unable to read partition table [ 243.137272][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 243.154839][ T5206] loop2: partition table beyond EOD, truncated [ 243.187120][ T5920] usb 5-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 243.213279][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.238341][ T5920] usb 5-1: Product: syz [ 243.238367][ T5920] usb 5-1: Manufacturer: syz [ 243.238385][ T5920] usb 5-1: SerialNumber: syz [ 243.277512][ T5920] usb 5-1: config 0 descriptor?? [ 243.290592][ T5920] usb 5-1: no audio or video endpoints found [ 243.498047][ T8047] netlink: 452 bytes leftover after parsing attributes in process `syz.4.599'. [ 243.530737][ T8047] netlink: 452 bytes leftover after parsing attributes in process `syz.4.599'. [ 243.552570][ T5838] usb 5-1: USB disconnect, device number 23 [ 244.158965][ T5838] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 244.382825][ T5838] usb 2-1: Using ep0 maxpacket: 32 [ 244.396819][ T5838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 244.442277][ T5838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 244.469317][ T5838] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 244.507508][ T5838] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.565297][ T5838] usb 2-1: config 0 descriptor?? [ 244.605284][ T8088] tipc: Started in network mode [ 244.611742][ T8088] tipc: Node identity , cluster identity 4711 [ 244.619826][ T5920] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 244.841676][ T5920] usb 5-1: Using ep0 maxpacket: 8 [ 244.857296][ T8079] netlink: 27 bytes leftover after parsing attributes in process `syz.1.612'. [ 244.900944][ T5920] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 244.955617][ T5920] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 244.988575][ T8094] loop2: detected capacity change from 0 to 7 [ 245.012861][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 239, changing to 11 [ 245.036042][ T6053] Dev loop2: unable to read RDB block 7 [ 245.052523][ T6053] loop2: unable to read partition table [ 245.054321][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 9059, setting to 1024 [ 245.079299][ T6053] loop2: partition table beyond EOD, truncated [ 245.083901][ T5920] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 245.122094][ T8094] Dev loop2: unable to read RDB block 7 [ 245.127831][ T8094] loop2: unable to read partition table [ 245.141047][ T5920] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 245.153017][ T8094] loop2: partition table beyond EOD, truncated [ 245.159685][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.173470][ T8094] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 245.189158][ T5920] usb 5-1: Product: syz [ 245.197374][ T5920] usb 5-1: Manufacturer: syz [ 245.234230][ T5920] usb 5-1: SerialNumber: syz [ 245.248039][ T5838] savu 0003:1E7D:2D5A.0005: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 245.271353][ T5920] usb 5-1: config 0 descriptor?? [ 245.349887][ T5920] input: KB Gear Tablet as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input9 [ 245.432311][ C0] kbtab 5-1:0.0: kbtab_irq - usb_submit_urb failed with result -1 [ 245.542627][ C0] kbtab 5-1:0.0: kbtab_irq - usb_submit_urb failed with result -1 [ 245.657196][ T8100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 245.770682][ T8100] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 245.945653][ T5926] usb 5-1: USB disconnect, device number 24 [ 245.945813][ C0] kbtab 5-1:0.0: kbtab_irq - usb_submit_urb failed with result -19 [ 246.164040][ T5838] usb 2-1: USB disconnect, device number 22 [ 246.404085][ T8113] loop2: detected capacity change from 0 to 7 [ 246.442354][ T6000] Dev loop2: unable to read RDB block 7 [ 246.448094][ T6000] loop2: unable to read partition table [ 246.465905][ T6000] loop2: partition table beyond EOD, truncated [ 246.490692][ T8113] Dev loop2: unable to read RDB block 7 [ 246.496363][ T8113] loop2: unable to read partition table [ 246.530511][ T8113] loop2: partition table beyond EOD, truncated [ 246.550684][ T8113] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 246.727052][ T8126] netlink: 4 bytes leftover after parsing attributes in process `syz.4.629'. [ 246.729323][ T5838] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 246.903689][ T5838] usb 2-1: Using ep0 maxpacket: 32 [ 246.930431][ T5838] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 246.979074][ T5838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 247.127400][ T5838] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 247.138017][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.198334][ T5920] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 247.216811][ T5838] usb 2-1: Product: syz [ 247.232031][ T5838] usb 2-1: Manufacturer: syz [ 247.267936][ T5838] usb 2-1: SerialNumber: syz [ 247.305191][ T5838] usb 2-1: config 0 descriptor?? [ 247.325246][ T5838] usb 2-1: no audio or video endpoints found [ 247.361069][ T5920] usb 3-1: Using ep0 maxpacket: 32 [ 247.381677][ T5920] usb 3-1: config 127 has an invalid interface number: 116 but max is 1 [ 247.393229][ T5920] usb 3-1: config 127 has an invalid interface number: 119 but max is 1 [ 247.428469][ T5920] usb 3-1: config 127 has no interface number 0 [ 247.444145][ T5920] usb 3-1: config 127 has no interface number 1 [ 247.482980][ T5920] usb 3-1: config 127 interface 116 altsetting 252 has an invalid descriptor for endpoint zero, skipping [ 247.552530][ T8113] netlink: 452 bytes leftover after parsing attributes in process `syz.1.624'. [ 247.563144][ T5920] usb 3-1: config 127 interface 116 altsetting 252 endpoint 0x8 has invalid maxpacket 1471, setting to 64 [ 247.578441][ T8113] netlink: 452 bytes leftover after parsing attributes in process `syz.1.624'. [ 247.599704][ T5838] usb 2-1: USB disconnect, device number 23 [ 247.963545][ T5920] usb 3-1: config 127 interface 116 altsetting 252 has an invalid descriptor for endpoint zero, skipping [ 247.986328][ T5920] usb 3-1: config 127 interface 116 altsetting 252 bulk endpoint 0x6 has invalid maxpacket 1023 [ 248.014492][ T5920] usb 3-1: config 127 interface 116 altsetting 252 has a duplicate endpoint with address 0x8, skipping [ 248.049277][ T5920] usb 3-1: config 127 interface 119 altsetting 55 has a duplicate endpoint with address 0xB, skipping [ 248.081103][ T5920] usb 3-1: config 127 interface 116 has no altsetting 0 [ 248.151127][ T5920] usb 3-1: config 127 interface 119 has no altsetting 0 [ 248.174050][ T5920] usb 3-1: New USB device found, idVendor=11f5, idProduct=0001, bcdDevice=20.6a [ 248.183573][ T5920] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.218402][ T5920] usb 3-1: Product: syz [ 248.809252][ T5920] usb 3-1: Manufacturer: Щ [ 248.813849][ T5920] usb 3-1: SerialNumber: syz [ 248.853522][ T8132] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 248.862431][ T8132] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 249.118741][ T5920] pl2303 3-1:127.116: required endpoints missing [ 249.150740][ T5920] pl2303 3-1:127.119: required endpoints missing [ 249.194417][ T5920] usb 3-1: USB disconnect, device number 21 [ 249.484847][ T8153] FAULT_INJECTION: forcing a failure. [ 249.484847][ T8153] name failslab, interval 1, probability 0, space 0, times 1 [ 249.516706][ T8153] CPU: 1 UID: 0 PID: 8153 Comm: syz.0.636 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 249.516739][ T8153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 249.516760][ T8153] Call Trace: [ 249.516772][ T8153] [ 249.516790][ T8153] dump_stack_lvl+0x189/0x250 [ 249.516841][ T8153] ? __pfx____ratelimit+0x10/0x10 [ 249.516873][ T8153] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.516908][ T8153] ? __pfx__printk+0x10/0x10 [ 249.516937][ T8153] ? __pfx___might_resched+0x10/0x10 [ 249.516976][ T8153] should_fail_ex+0x414/0x560 [ 249.517009][ T8153] should_failslab+0xa8/0x100 [ 249.517035][ T8153] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 249.517058][ T8153] ? __alloc_skb+0x112/0x2d0 [ 249.517088][ T8153] __alloc_skb+0x112/0x2d0 [ 249.517117][ T8153] netlink_sendmsg+0x5c6/0xb30 [ 249.517154][ T8153] ? __pfx_netlink_sendmsg+0x10/0x10 [ 249.517183][ T8153] ? __import_iovec+0x5d4/0x7f0 [ 249.517201][ T8153] ? aa_sock_msg_perm+0x94/0x160 [ 249.517231][ T8153] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 249.517259][ T8153] ? __pfx_netlink_sendmsg+0x10/0x10 [ 249.517286][ T8153] __sock_sendmsg+0x21c/0x270 [ 249.517322][ T8153] ____sys_sendmsg+0x505/0x830 [ 249.517356][ T8153] ? __pfx_____sys_sendmsg+0x10/0x10 [ 249.517399][ T8153] ___sys_sendmsg+0x21f/0x2a0 [ 249.517431][ T8153] ? __pfx____sys_sendmsg+0x10/0x10 [ 249.517496][ T8153] ? __fget_files+0x2a/0x420 [ 249.517518][ T8153] ? __fget_files+0x3a0/0x420 [ 249.517552][ T8153] __sys_sendmsg+0x164/0x220 [ 249.517582][ T8153] ? __pfx___sys_sendmsg+0x10/0x10 [ 249.517624][ T8153] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 249.517659][ T8153] ? lockdep_hardirqs_on+0x9c/0x150 [ 249.517692][ T8153] __do_fast_syscall_32+0xb6/0x2b0 [ 249.517713][ T8153] ? lockdep_hardirqs_on+0x9c/0x150 [ 249.517750][ T8153] do_fast_syscall_32+0x34/0x80 [ 249.517770][ T8153] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 249.517804][ T8153] RIP: 0023:0xf70de539 [ 249.517830][ T8153] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 249.517850][ T8153] RSP: 002b:00000000f50ce55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 249.517872][ T8153] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480 [ 249.517887][ T8153] RDX: 0000000020088004 RSI: 0000000000000000 RDI: 0000000000000000 [ 249.517901][ T8153] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 249.517914][ T8153] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 249.517926][ T8153] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 249.517955][ T8153] [ 250.202662][ T8171] fuse: Unknown parameter 'fd0x0000000000000005' [ 250.269966][ T8174] netlink: 12 bytes leftover after parsing attributes in process `syz.4.643'. [ 250.280511][ T5920] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 250.429095][ T5920] usb 1-1: device descriptor read/64, error -71 [ 250.699035][ T5920] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 250.879176][ T5920] usb 1-1: device descriptor read/64, error -71 [ 250.989590][ T5920] usb usb1-port1: attempt power cycle [ 251.150134][ T5874] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 251.321935][ T5874] usb 2-1: unable to get BOS descriptor or descriptor too short [ 251.331641][ T5874] usb 2-1: not running at top speed; connect to a high speed hub [ 251.341434][ T5874] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 251.353341][ T5920] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 251.372985][ T5874] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 251.384037][ T5920] usb 1-1: device descriptor read/8, error -71 [ 251.567812][ T5874] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice= 0.40 [ 251.577437][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.601827][ T5874] usb 2-1: Product: syz [ 251.606069][ T5874] usb 2-1: Manufacturer: syz [ 251.615701][ T5874] usb 2-1: SerialNumber: syz [ 251.649454][ T5920] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 251.680475][ T5920] usb 1-1: device descriptor read/8, error -71 [ 251.701611][ T8188] tipc: Started in network mode [ 251.706947][ T8188] tipc: Node identity , cluster identity 4711 [ 251.796441][ T5920] usb usb1-port1: unable to enumerate USB device [ 252.346942][ T5874] cdc_ncm 2-1:1.0: bind() failure [ 252.364593][ T5874] usbtest 2-1:1.0: Linux gadget zero [ 252.434356][ T5874] usbtest 2-1:1.0: full-speed {control in/out int-in} tests (+alt) [ 252.474727][ T5874] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 252.524770][ T5874] cdc_ncm 2-1:1.1: bind() failure [ 252.550270][ T5874] usbtest 2-1:1.1: couldn't get endpoints, -71 [ 252.557138][ T5874] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 252.627224][ T8195] hsr0: entered promiscuous mode [ 252.634761][ T5874] usb 2-1: USB disconnect, device number 24 [ 252.667496][ T8195] macsec1: entered allmulticast mode [ 252.681580][ T8195] hsr0: entered allmulticast mode [ 252.694663][ T8195] hsr_slave_0: entered allmulticast mode [ 252.717593][ T8195] hsr_slave_1: entered allmulticast mode [ 252.736753][ T8195] hsr0: left allmulticast mode [ 252.754086][ T8195] hsr_slave_0: left allmulticast mode [ 252.772986][ T8195] hsr_slave_1: left allmulticast mode [ 253.754420][ T8216] netlink: 28 bytes leftover after parsing attributes in process `syz.0.657'. [ 253.777158][ T8216] netlink: 28 bytes leftover after parsing attributes in process `syz.0.657'. [ 254.219351][ T5874] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 254.228329][ T8231] netlink: 24 bytes leftover after parsing attributes in process `syz.3.661'. [ 254.381407][ T5874] usb 2-1: unable to get BOS descriptor or descriptor too short [ 254.418597][ T5874] usb 2-1: config 9 has an invalid interface number: 44 but max is 0 [ 254.458052][ T5874] usb 2-1: config 9 has no interface number 0 [ 254.486035][ T5874] usb 2-1: config 9 interface 44 has no altsetting 0 [ 254.506827][ T5874] usb 2-1: New USB device found, idVendor=06f8, idProduct=0001, bcdDevice=b4.f9 [ 254.546501][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.569760][ T5874] usb 2-1: Product: syz [ 254.574001][ T5874] usb 2-1: Manufacturer: syz [ 254.585928][ T5874] usb 2-1: SerialNumber: syz [ 254.852291][ T5874] usb 2-1: USB disconnect, device number 25 [ 254.960555][ T8245] netlink: 4 bytes leftover after parsing attributes in process `syz.3.665'. [ 255.985762][ T8242] vivid-004: disconnect [ 256.173418][ T8238] vivid-004: reconnect [ 257.490664][ T5913] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 257.729590][ T5913] usb 2-1: config 0 has no interfaces? [ 257.769532][ T5913] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 257.778715][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.805948][ T5913] usb 2-1: Product: syz [ 257.829514][ T5913] usb 2-1: Manufacturer: syz [ 257.874893][ T5913] usb 2-1: SerialNumber: syz [ 257.920524][ T5913] usb 2-1: config 0 descriptor?? [ 258.610406][ T5838] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 258.717125][ T8304] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 258.857635][ T5838] usb 4-1: config 0 has no interfaces? [ 258.903054][ T5838] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 258.903079][ T5838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.903095][ T5838] usb 4-1: Product: syz [ 258.903107][ T5838] usb 4-1: Manufacturer: syz [ 258.903119][ T5838] usb 4-1: SerialNumber: syz [ 258.905201][ T5838] usb 4-1: config 0 descriptor?? [ 260.984650][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.997741][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.389155][ T5913] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 261.544627][ T5838] usb 4-1: USB disconnect, device number 24 [ 261.559131][ T5913] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 261.591131][ T5943] usb 2-1: USB disconnect, device number 26 [ 261.640641][ T5913] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 261.693904][ T5913] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 261.732681][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.792188][ T5913] hub 3-1:4.0: USB hub found [ 261.956296][ T8333] tipc: Started in network mode [ 261.973571][ T8333] tipc: Node identity , cluster identity 4711 [ 261.985182][ T5913] hub 3-1:4.0: 12 ports detected [ 261.992036][ T5913] usb 3-1: selecting invalid altsetting 1 [ 261.998641][ T5913] hub 3-1:4.0: Using single TT (err -22) [ 262.039196][ T5913] hub 3-1:4.0: insufficient power available to use all downstream ports [ 262.211527][ T5913] hub 3-1:4.0: hub_hub_status failed (err = -71) [ 262.218218][ T5913] hub 3-1:4.0: config failed, can't get hub status (err -71) [ 262.317377][ T5913] usb 3-1: USB disconnect, device number 22 [ 262.412265][ T8346] tipc: Started in network mode [ 262.417214][ T8346] tipc: Node identity , cluster identity 4711 [ 262.429026][ T5943] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 262.609001][ T5943] usb 1-1: Using ep0 maxpacket: 16 [ 263.381045][ T5943] usb 1-1: device descriptor read/all, error -71 [ 264.171359][ T8372] hsr0: entered promiscuous mode [ 264.197144][ T8372] macsec1: entered allmulticast mode [ 264.232783][ T8372] hsr0: entered allmulticast mode [ 264.333088][ T8372] hsr_slave_0: entered allmulticast mode [ 264.429056][ T8372] hsr_slave_1: entered allmulticast mode [ 264.461453][ T5943] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 264.484447][ T8372] hsr0: left allmulticast mode [ 264.489909][ T8372] hsr_slave_0: left allmulticast mode [ 264.521755][ T8372] hsr_slave_1: left allmulticast mode [ 264.669194][ T5943] usb 1-1: Using ep0 maxpacket: 8 [ 264.680557][ T5943] usb 1-1: config index 0 descriptor too short (expected 28277, got 36) [ 264.689235][ T5943] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 264.707637][ T5943] usb 1-1: config 0 has no interfaces? [ 264.747157][ T5943] usb 1-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 264.842031][ T5943] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.096056][ T5943] usb 1-1: config 0 descriptor?? [ 265.360582][ T8385] loop6: detected capacity change from 0 to 7 [ 265.368978][ T8386] netlink: 12 bytes leftover after parsing attributes in process `syz.3.705'. [ 265.406949][ T6053] Dev loop6: unable to read RDB block 7 [ 265.415393][ T6053] loop6: unable to read partition table [ 265.431494][ T6053] loop6: partition table beyond EOD, truncated [ 265.464067][ T8386] vlan2: entered promiscuous mode [ 265.526382][ T8385] Dev loop6: unable to read RDB block 7 [ 265.549081][ T8385] loop6: unable to read partition table [ 265.569911][ T8385] loop6: partition table beyond EOD, truncated [ 265.592346][ T8385] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 265.603171][ T8371] netlink: 60 bytes leftover after parsing attributes in process `syz.0.696'. [ 265.948513][ T8389] bridge0: entered promiscuous mode [ 265.979446][ T8389] macvlan2: entered promiscuous mode [ 266.166306][ T8397] netlink: 452 bytes leftover after parsing attributes in process `syz.2.709'. [ 266.192469][ T8397] netlink: 452 bytes leftover after parsing attributes in process `syz.2.709'. [ 266.285346][ T8399] netlink: 4 bytes leftover after parsing attributes in process `syz.3.710'. [ 266.842201][ T8410] loop2: detected capacity change from 0 to 7 [ 266.885367][ T8410] Dev loop2: unable to read RDB block 7 [ 266.923409][ T8410] loop2: unable to read partition table [ 266.932016][ T8410] loop2: partition table beyond EOD, truncated [ 266.938988][ T8410] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 267.279382][ T5899] usb 1-1: USB disconnect, device number 27 [ 267.317605][ T8412] vivid-000: ================= START STATUS ================= [ 267.326336][ T8412] vivid-000: Test Pattern: 75% Colorbar [ 267.332949][ T8412] vivid-000: Fill Percentage of Frame: 100 [ 267.353580][ T5920] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 267.363723][ T8412] vivid-000: Horizontal Movement: No Movement [ 267.419628][ T8412] vivid-000: Vertical Movement: No Movement [ 267.443584][ T8412] vivid-000: OSD Text Mode: All [ 267.452611][ T8412] vivid-000: Show Border: false [ 267.473463][ T8412] vivid-000: Show Square: false [ 267.510049][ T8412] vivid-000: Sensor Flipped Horizontally: false [ 267.529166][ T8412] vivid-000: Sensor Flipped Vertically: false [ 267.555361][ T8412] vivid-000: Insert SAV Code in Image: false [ 267.591254][ T8412] vivid-000: Insert EAV Code in Image: false [ 267.609016][ T8412] vivid-000: Insert Video Guard Band: false [ 267.615108][ T8412] vivid-000: Reduced Framerate: false [ 267.633691][ T8412] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 267.644250][ T8412] vivid-000: S-Video 000-0 Is Connected To: None [ 267.657174][ T8412] vivid-000: Enable Capture Cropping: true grabbed [ 267.681633][ T8412] vivid-000: Enable Capture Composing: true grabbed [ 267.704196][ T8412] vivid-000: Enable Capture Scaler: true grabbed [ 267.717772][ T8412] vivid-000: Timestamp Source: End of Frame [ 267.742710][ T8412] vivid-000: Colorspace: SMPTE 170M [ 267.756042][ T8412] vivid-000: Transfer Function: Default [ 267.771621][ T8412] vivid-000: Y'CbCr Encoding: Default [ 267.785345][ T8412] vivid-000: HSV Encoding: Hue 0-179 [ 267.799800][ T8412] vivid-000: Quantization: Default [ 267.814591][ T8412] vivid-000: Apply Alpha To Red Only: false [ 267.834807][ T8412] vivid-000: Standard Aspect Ratio: 4x3 [ 267.854192][ T8412] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 267.864449][ T8412] vivid-000: DV Timings: 640x480p59 inactive [ 267.872086][ T8412] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 267.884342][ T8412] vivid-000: Maximum EDID Blocks: 2 [ 267.898615][ T8412] vivid-000: Limited RGB Range (16-235): false [ 267.919078][ T8412] vivid-000: Rx RGB Quantization Range: Automatic [ 267.930544][ T8412] vivid-000: Power Present: 0x00000001 [ 268.059364][ T8412] tpg source WxH: 720x576 (R'G'B) [ 268.078067][ T8412] tpg field: 2 [ 268.091098][ T8412] tpg crop: (0,0)/64x64 [ 268.118525][ T8412] tpg compose: (0,0)/16x16 [ 268.148303][ T5920] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 268.216990][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.231977][ T8412] tpg colorspace: 1 [ 268.236442][ T8412] tpg transfer function: 0/0 [ 268.242771][ T5920] usb 4-1: Product: syz [ 268.252369][ T8412] tpg quantization: 0/0 [ 268.256600][ T8412] tpg RGB range: 0/2 [ 268.263886][ T8412] vivid-000: ================== END STATUS ================== [ 268.318382][ T5920] usb 4-1: Manufacturer: syz [ 268.384902][ T5920] usb 4-1: SerialNumber: syz [ 268.449752][ T5920] usb 4-1: config 0 descriptor?? [ 268.523976][ T5920] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 268.649213][ T5943] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 268.814524][ T5920] gspca_sunplus: reg_r err -32 [ 268.839409][ T5943] usb 5-1: Using ep0 maxpacket: 32 [ 268.842476][ T5920] sunplus 4-1:0.0: probe with driver sunplus failed with error -32 [ 268.887076][ T5943] usb 5-1: New USB device found, idVendor=0b95, idProduct=2790, bcdDevice=86.5d [ 268.896749][ T5943] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.906151][ T5943] usb 5-1: Product: syz [ 268.915234][ T5943] usb 5-1: Manufacturer: syz [ 268.926416][ T5943] usb 5-1: SerialNumber: syz [ 268.970914][ T5943] usb 5-1: config 0 descriptor?? [ 269.216487][ T5943] usb 5-1: USB disconnect, device number 25 [ 270.042499][ T8442] trusted_key: encrypted_key: insufficient parameters specified [ 270.074384][ T5874] usb 4-1: USB disconnect, device number 25 [ 270.159417][ T5913] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 270.192797][ T8446] vlan2: entered promiscuous mode [ 270.328952][ T5913] usb 1-1: Using ep0 maxpacket: 8 [ 270.349190][ T5913] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 270.400611][ T5913] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 270.420966][ T5913] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 270.451797][ T5913] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 270.495505][ T5913] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 270.517530][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.589322][ T5874] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 270.789277][ T5913] usb 1-1: GET_CAPABILITIES returned 0 [ 270.794895][ T5913] usbtmc 1-1:16.0: can't read capabilities [ 270.864081][ T5874] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 270.887219][ T5874] usb 2-1: can't read configurations, error -61 [ 270.993872][ T5943] usb 1-1: USB disconnect, device number 28 [ 271.043121][ T5874] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 271.229379][ T5874] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 271.294304][ T5874] usb 2-1: can't read configurations, error -61 [ 271.478657][ T5874] usb usb2-port1: attempt power cycle [ 271.598952][ T5899] usb 5-1: new full-speed USB device number 26 using dummy_hcd [ 271.909646][ T5874] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 271.930092][ T5899] usb 5-1: config 0 has no interfaces? [ 272.041196][ T5874] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 272.049474][ T5899] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 272.075703][ T5874] usb 2-1: can't read configurations, error -61 [ 272.082247][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.121441][ T5899] usb 5-1: Product: syz [ 272.125652][ T5899] usb 5-1: Manufacturer: syz [ 272.149040][ T5899] usb 5-1: SerialNumber: syz [ 272.180507][ T5899] usb 5-1: config 0 descriptor?? [ 272.239330][ T5874] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 272.602454][ T5874] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 272.799267][ T5874] usb 2-1: can't read configurations, error -61 [ 272.799574][ T5874] usb usb2-port1: unable to enumerate USB device [ 274.022167][ T8488] FAULT_INJECTION: forcing a failure. [ 274.022167][ T8488] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 274.100553][ T8488] CPU: 1 UID: 0 PID: 8488 Comm: syz.1.735 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 274.100577][ T8488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 274.100587][ T8488] Call Trace: [ 274.100594][ T8488] [ 274.100601][ T8488] dump_stack_lvl+0x189/0x250 [ 274.100630][ T8488] ? __pfx____ratelimit+0x10/0x10 [ 274.100654][ T8488] ? __pfx_dump_stack_lvl+0x10/0x10 [ 274.100679][ T8488] ? __pfx__printk+0x10/0x10 [ 274.100695][ T8488] ? __might_fault+0xb0/0x130 [ 274.100718][ T8488] should_fail_ex+0x414/0x560 [ 274.100741][ T8488] _copy_from_iter+0x1db/0x16f0 [ 274.100768][ T8488] ? rcu_is_watching+0x15/0xb0 [ 274.100794][ T8488] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 274.100811][ T8488] ? __pfx__copy_from_iter+0x10/0x10 [ 274.100835][ T8488] ? __build_skb_around+0x257/0x3e0 [ 274.100855][ T8488] ? netlink_sendmsg+0x642/0xb30 [ 274.100873][ T8488] ? skb_put+0x11b/0x210 [ 274.100893][ T8488] netlink_sendmsg+0x6b2/0xb30 [ 274.100925][ T8488] ? __pfx_netlink_sendmsg+0x10/0x10 [ 274.100987][ T8488] ? __import_iovec+0x5d4/0x7f0 [ 274.101002][ T8488] ? aa_sock_msg_perm+0x94/0x160 [ 274.101025][ T8488] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 274.101045][ T8488] ? __pfx_netlink_sendmsg+0x10/0x10 [ 274.101064][ T8488] __sock_sendmsg+0x21c/0x270 [ 274.101091][ T8488] ____sys_sendmsg+0x505/0x830 [ 274.101115][ T8488] ? __pfx_____sys_sendmsg+0x10/0x10 [ 274.101148][ T8488] ___sys_sendmsg+0x21f/0x2a0 [ 274.101170][ T8488] ? __pfx____sys_sendmsg+0x10/0x10 [ 274.101216][ T8488] ? __fget_files+0x2a/0x420 [ 274.101233][ T8488] ? __fget_files+0x3a0/0x420 [ 274.101257][ T8488] __sys_sendmsg+0x164/0x220 [ 274.101278][ T8488] ? __pfx___sys_sendmsg+0x10/0x10 [ 274.101314][ T8488] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 274.101343][ T8488] ? lockdep_hardirqs_on+0x9c/0x150 [ 274.101368][ T8488] __do_fast_syscall_32+0xb6/0x2b0 [ 274.101383][ T8488] ? lockdep_hardirqs_on+0x9c/0x150 [ 274.101409][ T8488] do_fast_syscall_32+0x34/0x80 [ 274.101423][ T8488] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 274.101442][ T8488] RIP: 0023:0xf7fd8539 [ 274.101456][ T8488] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 274.101470][ T8488] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 274.101487][ T8488] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480 [ 274.101497][ T8488] RDX: 0000000020088004 RSI: 0000000000000000 RDI: 0000000000000000 [ 274.101507][ T8488] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 274.101515][ T8488] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 274.101524][ T8488] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 274.101545][ T8488] [ 274.734305][ T8491] loop2: detected capacity change from 0 to 7 [ 274.746374][ T8491] Dev loop2: unable to read RDB block 7 [ 274.859691][ T5913] usb 5-1: USB disconnect, device number 26 [ 274.914755][ T8491] loop2: unable to read partition table [ 274.922884][ T8491] loop2: partition table beyond EOD, truncated [ 274.931977][ T8491] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 275.134283][ T8497] loop6: detected capacity change from 0 to 524287999 [ 275.153977][ T8497] buffer_io_error: 11 callbacks suppressed [ 275.153992][ T8497] Buffer I/O error on dev loop6, logical block 0, async page read [ 275.173389][ T8497] Buffer I/O error on dev loop6, logical block 0, async page read [ 275.194688][ T8497] Buffer I/O error on dev loop6, logical block 0, async page read [ 275.210100][ T8497] Buffer I/O error on dev loop6, logical block 0, async page read [ 275.218245][ T8497] Buffer I/O error on dev loop6, logical block 0, async page read [ 275.261944][ T8497] Buffer I/O error on dev loop6, logical block 0, async page read [ 275.289774][ T8497] Buffer I/O error on dev loop6, logical block 0, async page read [ 275.311481][ T8497] Buffer I/O error on dev loop6, logical block 0, async page read [ 275.342664][ T5838] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 275.418356][ T8497] ldm_validate_partition_table(): Disk read failed. [ 275.440931][ T8497] Buffer I/O error on dev loop6, logical block 0, async page read [ 275.534236][ T8497] Buffer I/O error on dev loop6, logical block 0, async page read [ 275.542829][ T5838] usb 2-1: Using ep0 maxpacket: 32 [ 275.559689][ T8497] Dev loop6: unable to read RDB block 0 [ 275.566256][ T8497] loop6: unable to read partition table [ 275.579116][ T8497] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 275.643015][ T5838] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 275.710424][ T5838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 275.756040][ T5838] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 275.765712][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.775453][ T5838] usb 2-1: Product: syz [ 275.803144][ T5838] usb 2-1: Manufacturer: syz [ 275.885429][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 275.885444][ T30] audit: type=1326 audit(1749955437.933:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8501 comm="syz.3.739" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6539 code=0x7ffc0000 [ 275.948072][ T5838] usb 2-1: SerialNumber: syz [ 276.002475][ T30] audit: type=1326 audit(1749955437.993:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8501 comm="syz.3.739" exe="/root/syz-executor" sig=0 arch=40000003 syscall=97 compat=1 ip=0xf7fb6539 code=0x7ffc0000 [ 276.030131][ T30] audit: type=1326 audit(1749955437.993:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8501 comm="syz.3.739" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6539 code=0x7ffc0000 [ 276.051909][ C0] vkms_vblank_simulate: vblank timer overrun [ 276.073573][ T30] audit: type=1326 audit(1749955437.993:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8501 comm="syz.3.739" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fb6539 code=0x7ffc0000 [ 276.101005][ T30] audit: type=1326 audit(1749955437.993:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8501 comm="syz.3.739" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6539 code=0x7ffc0000 [ 276.102127][ T5838] usb 2-1: config 0 descriptor?? [ 276.272050][ T30] audit: type=1326 audit(1749955437.993:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8501 comm="syz.3.739" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fb6539 code=0x7ffc0000 [ 276.319266][ T30] audit: type=1326 audit(1749955437.993:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8501 comm="syz.3.739" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6539 code=0x7ffc0000 [ 276.351904][ T30] audit: type=1326 audit(1749955437.993:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8501 comm="syz.3.739" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fb6539 code=0x7ffc0000 [ 276.377369][ T5838] usb 2-1: no audio or video endpoints found [ 276.383602][ T30] audit: type=1326 audit(1749955438.023:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8501 comm="syz.3.739" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6539 code=0x7ffc0000 [ 276.448994][ T30] audit: type=1326 audit(1749955438.023:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8501 comm="syz.3.739" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fb6539 code=0x7ffc0000 [ 276.689093][ T8491] netlink: 452 bytes leftover after parsing attributes in process `syz.1.736'. [ 276.698239][ T8491] netlink: 452 bytes leftover after parsing attributes in process `syz.1.736'. [ 276.723527][ T5913] usb 2-1: USB disconnect, device number 31 [ 276.939334][ T5874] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 277.126477][ T5874] usb 4-1: Using ep0 maxpacket: 16 [ 277.151988][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 277.236110][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 277.276795][ T5874] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 277.329049][ T5874] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 277.356136][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.375891][ T5874] usb 4-1: config 0 descriptor?? [ 277.856346][ T5874] microsoft 0003:045E:07DA.0006: ignoring exceeding usage max [ 277.949858][ T5874] microsoft 0003:045E:07DA.0006: item 0 4 0 11 parsing failed [ 278.024180][ T8522] FAULT_INJECTION: forcing a failure. [ 278.024180][ T8522] name failslab, interval 1, probability 0, space 0, times 0 [ 278.053044][ T8522] CPU: 1 UID: 0 PID: 8522 Comm: syz.1.746 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 278.053070][ T8522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 278.053081][ T8522] Call Trace: [ 278.053088][ T8522] [ 278.053095][ T8522] dump_stack_lvl+0x189/0x250 [ 278.053125][ T8522] ? __pfx____ratelimit+0x10/0x10 [ 278.053149][ T8522] ? __pfx_dump_stack_lvl+0x10/0x10 [ 278.053173][ T8522] ? __pfx__printk+0x10/0x10 [ 278.053192][ T8522] ? __pfx___might_resched+0x10/0x10 [ 278.053218][ T8522] ? fs_reclaim_acquire+0x7d/0x100 [ 278.053240][ T8522] should_fail_ex+0x414/0x560 [ 278.053263][ T8522] should_failslab+0xa8/0x100 [ 278.053282][ T8522] kmem_cache_alloc_noprof+0x73/0x3c0 [ 278.053306][ T8522] ? security_file_alloc+0x34/0x330 [ 278.053326][ T8522] security_file_alloc+0x34/0x330 [ 278.053343][ T8522] init_file+0x93/0x2f0 [ 278.053364][ T8522] alloc_empty_file+0x6e/0x1d0 [ 278.053385][ T8522] path_openat+0x107/0x3830 [ 278.053417][ T8522] ? is_bpf_text_address+0x26/0x2b0 [ 278.053445][ T8522] ? is_bpf_text_address+0x292/0x2b0 [ 278.053467][ T8522] ? is_bpf_text_address+0x26/0x2b0 [ 278.053494][ T8522] ? kernel_text_address+0xa5/0xe0 [ 278.053515][ T8522] ? __kernel_text_address+0xd/0x40 [ 278.053535][ T8522] ? __pfx_path_openat+0x10/0x10 [ 278.053556][ T8522] ? arch_stack_walk+0xfc/0x150 [ 278.053584][ T8522] do_filp_open+0x1fa/0x410 [ 278.053608][ T8522] ? __pfx_do_filp_open+0x10/0x10 [ 278.053651][ T8522] ? __lock_acquire+0xab9/0xd20 [ 278.053672][ T8522] ? do_open_execat+0x93/0x450 [ 278.053698][ T8522] do_open_execat+0x135/0x450 [ 278.053720][ T8522] ? __pfx_do_open_execat+0x10/0x10 [ 278.053752][ T8522] alloc_bprm+0x28/0x5b0 [ 278.053778][ T8522] do_execveat_common+0x1b3/0x6a0 [ 278.053807][ T8522] __ia32_compat_sys_execve+0x99/0xb0 [ 278.053846][ T8522] __do_fast_syscall_32+0xb6/0x2b0 [ 278.053868][ T8522] ? lockdep_hardirqs_on+0x9c/0x150 [ 278.053904][ T8522] do_fast_syscall_32+0x34/0x80 [ 278.053919][ T8522] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 278.053937][ T8522] RIP: 0023:0xf7fd8539 [ 278.053956][ T8522] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 278.053970][ T8522] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 000000000000000b [ 278.053986][ T8522] RAX: ffffffffffffffda RBX: 0000000080000400 RCX: 0000000000000000 [ 278.053997][ T8522] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 278.054006][ T8522] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 278.054015][ T8522] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 278.054024][ T8522] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 278.054044][ T8522] [ 278.388957][ T5838] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 278.489070][ T5874] microsoft 0003:045E:07DA.0006: parse failed [ 278.524844][ T8524] macvlan2: entered promiscuous mode [ 278.564282][ T5838] usb 3-1: config 0 has no interfaces? [ 278.577294][ T5838] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 278.587401][ T5838] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.595505][ T5838] usb 3-1: Product: syz [ 278.599826][ T5838] usb 3-1: Manufacturer: syz [ 278.604435][ T5838] usb 3-1: SerialNumber: syz [ 278.611654][ T5838] usb 3-1: config 0 descriptor?? [ 278.669375][ T5874] microsoft 0003:045E:07DA.0006: probe with driver microsoft failed with error -22 [ 279.381625][ T8532] macsec1: entered allmulticast mode [ 279.388961][ T8532] hsr0: entered allmulticast mode [ 279.395257][ T8532] hsr_slave_0: entered allmulticast mode [ 279.406060][ T8532] hsr_slave_1: entered allmulticast mode [ 279.430136][ T8532] hsr0: left allmulticast mode [ 279.435983][ T8532] hsr_slave_0: left allmulticast mode [ 279.444557][ T8532] hsr_slave_1: left allmulticast mode [ 279.689904][ T5899] usb 4-1: USB disconnect, device number 26 [ 279.892442][ T8541] [U] ¹ÉMÙ­ÕÁQ&’Ù Kœ4 [ 279.941619][ T8535] netlink: 48 bytes leftover after parsing attributes in process `syz.0.750'. [ 280.058397][ T8544] loop2: detected capacity change from 0 to 7 [ 280.130288][ T8544] Dev loop2: unable to read RDB block 7 [ 280.144035][ T8544] loop2: unable to read partition table [ 280.261042][ T8544] loop2: partition table beyond EOD, truncated [ 280.341054][ T8544] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 280.678998][ T5838] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 281.006318][ T5874] usb 3-1: USB disconnect, device number 23 [ 281.018932][ T5838] usb 4-1: Using ep0 maxpacket: 32 [ 281.051102][ T5838] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 281.128584][ T5838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 281.144658][ T5206] Dev loop2: unable to read RDB block 7 [ 281.155156][ T5206] loop2: unable to read partition table [ 281.170394][ T5206] loop2: partition table beyond EOD, truncated [ 281.179340][ T5838] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 281.195580][ T5838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.218983][ T5838] usb 4-1: Product: syz [ 281.223229][ T5838] usb 4-1: Manufacturer: syz [ 281.227859][ T5838] usb 4-1: SerialNumber: syz [ 281.289744][ T5838] usb 4-1: config 0 descriptor?? [ 281.310728][ T5838] usb 4-1: no audio or video endpoints found [ 281.515562][ T8544] netlink: 452 bytes leftover after parsing attributes in process `syz.3.753'. [ 281.527215][ T8544] netlink: 452 bytes leftover after parsing attributes in process `syz.3.753'. [ 281.560558][ T5913] usb 4-1: USB disconnect, device number 27 [ 283.564481][ T8579] netlink: 8 bytes leftover after parsing attributes in process `syz.3.763'. [ 283.608557][ T8579] vlan2: entered allmulticast mode [ 283.696616][ T8584] xt_hashlimit: size too large, truncated to 1048576 [ 283.705277][ T8584] xt_hashlimit: overflow, try lower: 9223336852482686975/36028797018968064 [ 283.736687][ T8585] netlink: 8 bytes leftover after parsing attributes in process `syz.4.764'. [ 283.747422][ T8585] netlink: 24 bytes leftover after parsing attributes in process `syz.4.764'. [ 283.757275][ T8585] IPVS: length: 147 != 1672 [ 283.852651][ T3080] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 283.994075][ T8590] loop6: detected capacity change from 0 to 7 [ 284.003715][ T8590] Dev loop6: unable to read RDB block 7 [ 284.013955][ T8590] loop6: unable to read partition table [ 284.022411][ T8590] loop6: partition table beyond EOD, truncated [ 284.028810][ T8590] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 284.039083][ T3080] usb 1-1: Using ep0 maxpacket: 8 [ 284.140582][ T3080] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 284.204500][ T3080] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 284.245903][ T3080] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 284.276318][ T3080] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 284.319242][ T3080] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 284.348336][ T3080] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.598526][ T3080] usb 1-1: GET_CAPABILITIES returned 0 [ 284.631733][ T3080] usbtmc 1-1:16.0: can't read capabilities [ 284.684333][ T8598] random: crng reseeded on system resumption [ 284.766075][ T8598] netlink: 20 bytes leftover after parsing attributes in process `syz.4.770'. [ 284.816810][ T3080] usb 1-1: USB disconnect, device number 29 [ 284.837855][ T8602] netlink: 4 bytes leftover after parsing attributes in process `syz.3.772'. [ 284.891257][ T8598] vlan2: entered promiscuous mode [ 285.017570][ T8604] netlink: 20 bytes leftover after parsing attributes in process `syz.2.773'. [ 285.364388][ T8615] ALSA: mixer_oss: invalid OSS volume '' [ 285.403544][ T8615] xt_connbytes: Forcing CT accounting to be enabled [ 285.459542][ T8615] xt_CT: You must specify a L4 protocol and not use inversions on it [ 285.732109][ T8624] netlink: 'syz.2.782': attribute type 1 has an invalid length. [ 285.981703][ T8624] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 286.070821][ T8629] 8021q: adding VLAN 0 to HW filter on device bond1 [ 286.078807][ T49] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 286.609267][ T49] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 286.689820][ T8636] veth3: entered promiscuous mode [ 286.702877][ T8636] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 286.748971][ T8639] tipc: Started in network mode [ 286.777594][ T8639] tipc: Node identity , cluster identity 4711 [ 288.112059][ T8658] FAULT_INJECTION: forcing a failure. [ 288.112059][ T8658] name failslab, interval 1, probability 0, space 0, times 0 [ 288.177111][ T8658] CPU: 1 UID: 0 PID: 8658 Comm: syz.3.788 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 288.177135][ T8658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 288.177145][ T8658] Call Trace: [ 288.177151][ T8658] [ 288.177159][ T8658] dump_stack_lvl+0x189/0x250 [ 288.177189][ T8658] ? __pfx____ratelimit+0x10/0x10 [ 288.177213][ T8658] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.177237][ T8658] ? __pfx__printk+0x10/0x10 [ 288.177259][ T8658] ? ref_tracker_alloc+0x318/0x460 [ 288.177283][ T8658] should_fail_ex+0x414/0x560 [ 288.177306][ T8658] should_failslab+0xa8/0x100 [ 288.177333][ T8658] kmem_cache_alloc_noprof+0x73/0x3c0 [ 288.177358][ T8658] ? skb_clone+0x212/0x3a0 [ 288.177384][ T8658] skb_clone+0x212/0x3a0 [ 288.177408][ T8658] __netlink_deliver_tap+0x404/0x850 [ 288.177436][ T8658] ? netlink_deliver_tap+0x2e/0x1b0 [ 288.177455][ T8658] netlink_deliver_tap+0x19c/0x1b0 [ 288.177474][ T8658] netlink_unicast+0x72f/0x8d0 [ 288.177498][ T8658] netlink_sendmsg+0x805/0xb30 [ 288.177524][ T8658] ? __pfx_netlink_sendmsg+0x10/0x10 [ 288.177545][ T8658] ? __import_iovec+0x5d4/0x7f0 [ 288.177558][ T8658] ? aa_sock_msg_perm+0x94/0x160 [ 288.177580][ T8658] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 288.177601][ T8658] ? __pfx_netlink_sendmsg+0x10/0x10 [ 288.177625][ T8658] __sock_sendmsg+0x21c/0x270 [ 288.177652][ T8658] ____sys_sendmsg+0x505/0x830 [ 288.177676][ T8658] ? __pfx_____sys_sendmsg+0x10/0x10 [ 288.177707][ T8658] ___sys_sendmsg+0x21f/0x2a0 [ 288.177729][ T8658] ? __pfx____sys_sendmsg+0x10/0x10 [ 288.177776][ T8658] ? __fget_files+0x2a/0x420 [ 288.177793][ T8658] ? __fget_files+0x3a0/0x420 [ 288.177818][ T8658] __sys_sendmsg+0x164/0x220 [ 288.177839][ T8658] ? __pfx___sys_sendmsg+0x10/0x10 [ 288.177870][ T8658] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 288.177896][ T8658] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.177922][ T8658] __do_fast_syscall_32+0xb6/0x2b0 [ 288.177937][ T8658] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.177963][ T8658] do_fast_syscall_32+0x34/0x80 [ 288.177977][ T8658] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 288.177997][ T8658] RIP: 0023:0xf7fb6539 [ 288.178010][ T8658] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 288.178024][ T8658] RSP: 002b:00000000f50d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 288.178040][ T8658] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480 [ 288.178051][ T8658] RDX: 0000000020088004 RSI: 0000000000000000 RDI: 0000000000000000 [ 288.178060][ T8658] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 288.178070][ T8658] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 288.178080][ T8658] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 288.178101][ T8658] [ 288.706910][ T8658] tipc: Started in network mode [ 288.712209][ T8658] tipc: Node identity , cluster identity 4711 [ 288.803593][ T8662] tipc: Started in network mode [ 288.822173][ T8662] tipc: Node identity , cluster identity 4711 [ 288.891181][ T8665] loop6: detected capacity change from 0 to 524287999 [ 288.913498][ T8665] buffer_io_error: 7 callbacks suppressed [ 288.913515][ T8665] Buffer I/O error on dev loop6, logical block 0, async page read [ 288.936405][ T8665] Buffer I/O error on dev loop6, logical block 0, async page read [ 288.944755][ T8665] Buffer I/O error on dev loop6, logical block 0, async page read [ 288.953042][ T8665] Buffer I/O error on dev loop6, logical block 0, async page read [ 288.968607][ T8667] loop2: detected capacity change from 0 to 524287998 [ 288.987479][ T8668] netlink: 8 bytes leftover after parsing attributes in process `syz.0.792'. [ 288.998217][ T8665] Buffer I/O error on dev loop6, logical block 0, async page read [ 289.022214][ T12] Buffer I/O error on dev loop6, logical block 65535968, async page read [ 289.022573][ T8670] tipc: Started in network mode [ 289.032502][ T8665] Buffer I/O error on dev loop6, logical block 0, async page read [ 289.041870][ T8670] tipc: Node identity , cluster identity 4711 [ 289.052548][ T8665] Buffer I/O error on dev loop6, logical block 0, async page read [ 289.061453][ C0] I/O error, dev loop2, sector 524287744 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 0 [ 289.071904][ T6694] Buffer I/O error on dev loop2, logical block 65535968, async page read [ 289.072408][ T8665] Buffer I/O error on dev loop6, logical block 0, async page read [ 289.104098][ T8665] ldm_validate_partition_table(): Disk read failed. [ 289.136390][ T8665] Dev loop6: unable to read RDB block 0 [ 289.158777][ T8665] loop6: unable to read partition table [ 289.181975][ T8665] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 289.575597][ T8684] loop2: detected capacity change from 0 to 7 [ 289.583496][ T8684] Dev loop2: unable to read RDB block 7 [ 289.596894][ T8684] loop2: unable to read partition table [ 289.604234][ T8684] loop2: partition table beyond EOD, truncated [ 289.611839][ T8684] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 289.661512][ T5206] Dev loop2: unable to read RDB block 7 [ 289.672192][ T5206] loop2: unable to read partition table [ 289.682638][ T5206] loop2: partition table beyond EOD, truncated [ 289.827790][ T8686] vivid-000: ================= START STATUS ================= [ 289.842150][ T8686] vivid-000: Test Pattern: 75% Colorbar [ 289.853204][ T8686] vivid-000: Fill Percentage of Frame: 100 [ 289.864126][ T8686] vivid-000: Horizontal Movement: No Movement [ 289.888319][ T8686] vivid-000: Vertical Movement: No Movement [ 289.906382][ T8686] vivid-000: OSD Text Mode: All [ 289.921905][ T8686] vivid-000: Show Border: false [ 289.939207][ T8686] vivid-000: Show Square: false [ 289.956275][ T8686] vivid-000: Sensor Flipped Horizontally: false [ 289.972421][ T8686] vivid-000: Sensor Flipped Vertically: false [ 289.985827][ T8686] vivid-000: Insert SAV Code in Image: false [ 290.011450][ T8686] vivid-000: Insert EAV Code in Image: false [ 290.021729][ T8686] vivid-000: Insert Video Guard Band: false [ 290.033966][ T8686] vivid-000: Reduced Framerate: false [ 290.045519][ T8686] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 290.064630][ T8686] vivid-000: S-Video 000-0 Is Connected To: None [ 290.069648][ T5920] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 290.082628][ T8686] vivid-000: Enable Capture Cropping: true grabbed [ 290.099784][ T8686] vivid-000: Enable Capture Composing: true grabbed [ 290.134384][ T8686] vivid-000: Enable Capture Scaler: true grabbed [ 290.160391][ T8686] vivid-000: Timestamp Source: End of Frame [ 290.175740][ T8686] vivid-000: Colorspace: SMPTE 170M [ 290.192255][ T8686] vivid-000: Transfer Function: Default [ 290.208656][ T8686] vivid-000: Y'CbCr Encoding: Default [ 290.224423][ T8686] vivid-000: HSV Encoding: Hue 0-179 [ 290.244958][ T8686] vivid-000: Quantization: Default [ 290.257972][ T8686] vivid-000: Apply Alpha To Red Only: false [ 290.274894][ T8686] vivid-000: Standard Aspect Ratio: 4x3 [ 290.284475][ T8686] vivid-000: DV Timings Signal Mode: Current DV Timings [ 290.289602][ T5920] usb 4-1: Using ep0 maxpacket: 32 [ 290.301892][ T8686] inactive [ 290.314549][ T8686] vivid-000: DV Timings: 640x480p59 inactive [ 290.335757][ T8686] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 290.351480][ T5920] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 290.353371][ T8686] vivid-000: Maximum EDID Blocks: 2 [ 290.372278][ T8686] vivid-000: Limited RGB Range (16-235): false [ 290.388765][ T8686] vivid-000: Rx RGB Quantization Range: Automatic [ 290.406755][ T8686] vivid-000: Power Present: 0x00000001 [ 290.415717][ T8686] tpg source WxH: 720x576 (R'G'B) [ 290.427009][ T8686] tpg field: 2 [ 290.436935][ T8686] tpg crop: (0,0)/64x64 [ 290.442048][ T8686] tpg compose: (0,0)/16x16 [ 290.450087][ T8686] tpg colorspace: 1 [ 290.454711][ T8686] tpg transfer function: 0/1 [ 290.484313][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 290.525956][ T8686] tpg quantization: 0/1 [ 290.530471][ T8686] tpg RGB range: 0/2 [ 290.534921][ T8686] vivid-000: ================== END STATUS ================== [ 290.594358][ T5920] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 290.624916][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.671180][ T5920] usb 4-1: Product: syz [ 290.681386][ T5920] usb 4-1: Manufacturer: syz [ 290.697360][ T5206] Dev loop2: unable to read RDB block 7 [ 290.703277][ T5920] usb 4-1: SerialNumber: syz [ 290.711565][ T5206] loop2: unable to read partition table [ 290.717577][ T5206] loop2: partition table beyond EOD, truncated [ 290.732443][ T5920] usb 4-1: config 0 descriptor?? [ 290.740681][ T5920] usb 4-1: no audio or video endpoints found [ 290.761928][ T8702] netlink: 4 bytes leftover after parsing attributes in process `syz.1.801'. [ 290.956323][ T8689] netlink: 452 bytes leftover after parsing attributes in process `syz.3.800'. [ 291.084548][ T8689] netlink: 452 bytes leftover after parsing attributes in process `syz.3.800'. [ 291.166018][ T5920] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 291.188605][ T5913] usb 4-1: USB disconnect, device number 28 [ 291.349497][ T5920] usb 2-1: Using ep0 maxpacket: 32 [ 291.358224][ T8716] tipc: Started in network mode [ 291.363817][ T8716] tipc: Node identity , cluster identity 4711 [ 291.373199][ T5920] usb 2-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=10.ae [ 291.385138][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.474234][ T5920] usb 2-1: Product: syz [ 291.482579][ T5920] usb 2-1: Manufacturer: syz [ 291.503632][ T5920] usb 2-1: SerialNumber: syz [ 291.551326][ T5920] usb 2-1: config 0 descriptor?? [ 291.566038][ T5920] ums_eneub6250 2-1:0.0: USB Mass Storage device detected [ 292.174512][ T8726] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 292.705649][ T8730] syzkaller1: entered promiscuous mode [ 292.711791][ T8730] syzkaller1: entered allmulticast mode [ 293.009934][ T5913] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 293.030542][ T8735] loop2: detected capacity change from 0 to 7 [ 293.041238][ T8735] Dev loop2: unable to read RDB block 7 [ 293.048791][ T8735] loop2: unable to read partition table [ 293.055922][ T8735] loop2: partition table beyond EOD, truncated [ 293.075855][ T8735] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 293.181459][ T5913] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 293.219829][ T8732] input: syz0 as /devices/virtual/input/input10 [ 293.236477][ T5913] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 293.310792][ T5913] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 293.363503][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.392323][ T8730] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 293.417956][ T5913] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 293.632636][ T3080] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 293.820001][ T5913] usb 2-1: USB disconnect, device number 32 [ 293.910105][ T3080] usb 3-1: Using ep0 maxpacket: 8 [ 293.977316][ T3080] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 294.026732][ T3080] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 294.082967][ T3080] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 294.097855][ T3080] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 294.110718][ T3080] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 294.125400][ T3080] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 294.135625][ T3080] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.358567][ T3080] usb 3-1: GET_CAPABILITIES returned 0 [ 294.451790][ T3080] usbtmc 3-1:16.0: can't read capabilities [ 294.609572][ T8738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 294.644579][ T3080] usb 3-1: USB disconnect, device number 24 [ 294.679017][ T5913] usb 5-1: new full-speed USB device number 27 using dummy_hcd [ 294.706470][ T8738] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 294.879640][ T5913] usb 5-1: config 0 has no interfaces? [ 294.899845][ T5913] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 294.909258][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.922125][ T5913] usb 5-1: Product: syz [ 294.929661][ T5913] usb 5-1: Manufacturer: syz [ 294.937194][ T5913] usb 5-1: SerialNumber: syz [ 294.976861][ T5913] usb 5-1: config 0 descriptor?? [ 295.644282][ T5899] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 295.648999][ T5844] Bluetooth: hci1: command 0x0406 tx timeout [ 295.702593][ T8769] loop6: detected capacity change from 0 to 7 [ 295.740598][ T8769] Dev loop6: unable to read RDB block 7 [ 295.750261][ T8769] loop6: unable to read partition table [ 295.756828][ T8769] loop6: partition table beyond EOD, truncated [ 295.767863][ T8769] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 295.781134][ T5899] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 295.930475][ T10] usb 4-1: USB disconnect, device number 29 [ 296.122025][ T8775] netlink: 16 bytes leftover after parsing attributes in process `syz.2.817'. [ 296.370590][ T8777] loop2: detected capacity change from 0 to 7 [ 296.498785][ T6000] Dev loop2: unable to read RDB block 7 [ 296.556668][ T6000] loop2: unable to read partition table [ 296.575912][ T6000] loop2: partition table beyond EOD, truncated [ 296.643041][ T8777] Dev loop2: unable to read RDB block 7 [ 296.648712][ T8777] loop2: unable to read partition table [ 296.657456][ T49] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 296.675887][ T49] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 296.684880][ T5874] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 296.700069][ T8777] loop2: partition table beyond EOD, truncated [ 296.717229][ T8777] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 296.745338][ T5206] Dev loop2: unable to read RDB block 7 [ 296.751294][ T5206] loop2: unable to read partition table [ 296.760677][ T5206] loop2: partition table beyond EOD, truncated [ 296.779528][ T8785] netlink: 12 bytes leftover after parsing attributes in process `syz.2.819'. [ 296.839046][ T1210] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 296.919369][ T10] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 296.945357][ T5206] Dev loop2: unable to read RDB block 7 [ 296.962928][ T5206] loop2: unable to read partition table [ 296.977728][ T5206] loop2: partition table beyond EOD, truncated [ 296.988927][ T1210] usb 4-1: Using ep0 maxpacket: 32 [ 296.996643][ T1210] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 297.028873][ T1210] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 297.073008][ T1210] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 297.095894][ T1210] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.104465][ T10] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 297.122505][ T1210] usb 4-1: Product: syz [ 297.132517][ T1210] usb 4-1: Manufacturer: syz [ 297.144538][ T1210] usb 4-1: SerialNumber: syz [ 297.160745][ T1210] usb 4-1: config 0 descriptor?? [ 297.173584][ T1210] usb 4-1: no audio or video endpoints found [ 297.206532][ T8792] vivid-000: ================= START STATUS ================= [ 297.217490][ T8792] vivid-000: Test Pattern: 75% Colorbar [ 297.235680][ T8792] vivid-000: Fill Percentage of Frame: 100 [ 297.248625][ T8792] vivid-000: Horizontal Movement: No Movement [ 297.257995][ T8792] vivid-000: Vertical Movement: No Movement [ 297.288965][ T8792] vivid-000: OSD Text Mode: All [ 297.294087][ T8792] vivid-000: Show Border: false [ 297.303892][ T8792] vivid-000: Show Square: false [ 297.311992][ T8792] vivid-000: Sensor Flipped Horizontally: false [ 297.327071][ T8792] vivid-000: Sensor Flipped Vertically: false [ 297.338646][ T8792] vivid-000: Insert SAV Code in Image: false [ 297.354704][ T8792] vivid-000: Insert EAV Code in Image: false [ 297.366238][ T8792] vivid-000: Insert Video Guard Band: false [ 297.374131][ T8792] vivid-000: Reduced Framerate: false [ 297.377927][ T8777] netlink: 452 bytes leftover after parsing attributes in process `syz.3.818'. [ 297.402586][ T8792] [ 297.402987][ T8777] netlink: 452 bytes leftover after parsing attributes in process `syz.3.818'. [ 297.414650][ T8792] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 297.418327][ T1210] usb 4-1: USB disconnect, device number 30 [ 297.434774][ T8792] [ 297.441962][ T8792] vivid-000: S-Video 000-0 Is Connected To: None [ 297.450222][ T8792] vivid-000: Enable Capture Cropping: true grabbed [ 297.463072][ T8792] vivid-000: Enable Capture Composing: true grabbed [ 297.476615][ T8792] vivid-000: Enable Capture Scaler: true grabbed [ 297.498169][ T8792] vivid-000: Timestamp Source: End of Frame [ 297.512692][ T8792] vivid-000: Colorspace: SMPTE 170M [ 297.526994][ T8792] vivid-000: Transfer Function: Default [ 297.539166][ T8792] vivid-000: Y'CbCr Encoding: Default [ 297.550967][ T8792] vivid-000: HSV Encoding: Hue 0-179 [ 297.560042][ T8792] vivid-000: Quantization: Default [ 297.571534][ T8792] vivid-000: Apply Alpha To Red Only: false [ 297.587243][ T8792] vivid-000: Standard Aspect Ratio: 4x3 [ 297.598620][ T8792] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 297.621367][ T8792] vivid-000: DV Timings: 640x480p59 inactive [ 297.644321][ T8792] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 297.662833][ T8792] vivid-000: Maximum EDID Blocks: 2 [ 297.674689][ T8792] vivid-000: Limited RGB Range (16-235): false [ 297.686962][ T8792] vivid-000: Rx RGB Quantization Range: Automatic [ 297.694998][ T8792] vivid-000: Power Present: 0x00000001 [ 297.706128][ T8792] tpg source WxH: 720x576 (R'G'B) [ 297.712340][ T8792] tpg field: 2 [ 297.715800][ T8792] tpg crop: (0,0)/64x64 [ 297.723894][ T8792] tpg compose: (0,0)/16x16 [ 297.735242][ T8792] tpg colorspace: 1 [ 297.742035][ T8792] tpg transfer function: 0/1 [ 297.752642][ T8792] tpg quantization: 0/1 [ 297.762380][ T8792] tpg RGB range: 0/2 [ 297.770450][ T8792] vivid-000: ================== END STATUS ================== [ 297.959963][ T5844] Bluetooth: hci2: command 0x0406 tx timeout [ 297.966989][ T5899] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 298.009058][ T5899] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 298.082388][ T10] usb 5-1: USB disconnect, device number 27 [ 300.124775][ T5844] Bluetooth: hci3: command 0x0406 tx timeout [ 300.137481][ T5899] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 300.154833][ T5899] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 300.336712][ T8843] netlink: 20 bytes leftover after parsing attributes in process `syz.0.827'. [ 300.599556][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 301.340065][ T8870] loop2: detected capacity change from 0 to 7 [ 301.348018][ T8870] Dev loop2: unable to read RDB block 7 [ 301.357285][ T8870] loop2: unable to read partition table [ 301.363591][ T8870] loop2: partition table beyond EOD, truncated [ 301.370990][ T8870] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 301.875388][ T8862] netlink: 'syz.0.831': attribute type 27 has an invalid length. [ 302.359103][ T5844] Bluetooth: hci4: command 0x0406 tx timeout [ 302.359103][ T5899] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 302.371974][ T5899] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 304.519195][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 304.524250][ T5899] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 304.531668][ T5899] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 308.919148][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 322.362415][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.368859][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 324.279868][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 353.082487][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 383.804868][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.813474][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 414.519091][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 445.242810][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.249396][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 451.639244][ T31] INFO: task kworker/0:4:5899 blocked for more than 143 seconds. [ 451.647152][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 451.654919][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 451.663823][ T31] task:kworker/0:4 state:D stack:22760 pid:5899 tgid:5899 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 451.675977][ T31] Workqueue: events rfkill_op_handler [ 451.681454][ T31] Call Trace: [ 451.684745][ T31] [ 451.687683][ T31] __schedule+0x16f5/0x4d00 [ 451.692334][ T31] ? __lock_acquire+0xa91/0xd20 [ 451.697271][ T31] ? schedule+0x165/0x360 [ 451.701760][ T31] ? __pfx___schedule+0x10/0x10 [ 451.706686][ T31] ? schedule+0x91/0x360 [ 451.711053][ T31] schedule+0x165/0x360 [ 451.715265][ T31] schedule_preempt_disabled+0x13/0x30 [ 451.721247][ T31] __mutex_lock+0x724/0xe80 [ 451.725789][ T31] ? __lock_acquire+0xab9/0xd20 [ 451.730726][ T31] ? __mutex_lock+0x51b/0xe80 [ 451.735437][ T31] ? nfc_rfkill_set_block+0x50/0x2e0 [ 451.740890][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 451.745954][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 451.751248][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 451.757182][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 451.763622][ T31] ? kobject_uevent_env+0x36b/0x8c0 [ 451.768942][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 451.774713][ T31] nfc_rfkill_set_block+0x50/0x2e0 [ 451.779961][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 451.785719][ T31] rfkill_set_block+0x1d2/0x440 [ 451.790661][ T31] rfkill_epo+0x7e/0x180 [ 451.794941][ T31] rfkill_op_handler+0x84/0x240 [ 451.799905][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 451.805669][ T31] process_scheduled_works+0xae1/0x17b0 [ 451.811369][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 451.817422][ T31] worker_thread+0x8a0/0xda0 [ 451.822121][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 451.828477][ T31] ? __kthread_parkme+0x7b/0x200 [ 451.833760][ T31] kthread+0x70e/0x8a0 [ 451.837883][ T31] ? __pfx_worker_thread+0x10/0x10 [ 451.843137][ T31] ? __pfx_kthread+0x10/0x10 [ 451.847776][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 451.853075][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 451.858316][ T31] ? __pfx_kthread+0x10/0x10 [ 451.863019][ T31] ret_from_fork+0x3fc/0x770 [ 451.867656][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 451.872841][ T31] ? __switch_to_asm+0x39/0x70 [ 451.877639][ T31] ? __switch_to_asm+0x33/0x70 [ 451.882594][ T31] ? __pfx_kthread+0x10/0x10 [ 451.887363][ T31] ret_from_fork_asm+0x1a/0x30 [ 451.892255][ T31] [ 451.895333][ T31] INFO: task kworker/0:6:5920 blocked for more than 143 seconds. [ 451.903165][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 451.910854][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 451.919714][ T31] task:kworker/0:6 state:D stack:20872 pid:5920 tgid:5920 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 451.931838][ T31] Workqueue: events rfkill_global_led_trigger_worker [ 451.938544][ T31] Call Trace: [ 451.942100][ T31] [ 451.945160][ T31] __schedule+0x16f5/0x4d00 [ 451.949843][ T31] ? schedule+0x165/0x360 [ 451.954221][ T31] ? __pfx___schedule+0x10/0x10 [ 451.959618][ T31] ? schedule+0x91/0x360 [ 451.964026][ T31] schedule+0x165/0x360 [ 451.968223][ T31] schedule_preempt_disabled+0x13/0x30 [ 451.973799][ T31] __mutex_lock+0x724/0xe80 [ 451.978368][ T31] ? look_up_lock_class+0x74/0x170 [ 451.983663][ T31] ? __mutex_lock+0x51b/0xe80 [ 451.988389][ T31] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 451.994740][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 451.999910][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 452.005703][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 452.011571][ T31] rfkill_global_led_trigger_worker+0x27/0xd0 [ 452.017674][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 452.023513][ T31] process_scheduled_works+0xae1/0x17b0 [ 452.029213][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 452.035254][ T31] worker_thread+0x8a0/0xda0 [ 452.040021][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 452.046426][ T31] ? __kthread_parkme+0x7b/0x200 [ 452.051471][ T31] kthread+0x70e/0x8a0 [ 452.055585][ T31] ? __pfx_worker_thread+0x10/0x10 [ 452.061006][ T31] ? __pfx_kthread+0x10/0x10 [ 452.065640][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 452.070933][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 452.076171][ T31] ? __pfx_kthread+0x10/0x10 [ 452.080919][ T31] ret_from_fork+0x3fc/0x770 [ 452.085573][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 452.090826][ T31] ? __switch_to_asm+0x39/0x70 [ 452.095643][ T31] ? __switch_to_asm+0x33/0x70 [ 452.100577][ T31] ? __pfx_kthread+0x10/0x10 [ 452.105219][ T31] ret_from_fork_asm+0x1a/0x30 [ 452.110113][ T31] [ 452.113182][ T31] INFO: task syz.1.507:7753 blocked for more than 143 seconds. [ 452.120871][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 452.128528][ T31] Blocked by coredump. [ 452.133201][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 452.141954][ T31] task:syz.1.507 state:D stack:26136 pid:7753 tgid:7753 ppid:5853 task_flags:0x40044c flags:0x20004006 [ 452.153966][ T31] Call Trace: [ 452.157277][ T31] [ 452.160307][ T31] __schedule+0x16f5/0x4d00 [ 452.164862][ T31] ? __lock_acquire+0xa91/0xd20 [ 452.170012][ T31] ? schedule+0x165/0x360 [ 452.174388][ T31] ? __pfx___schedule+0x10/0x10 [ 452.179379][ T31] ? schedule+0x91/0x360 [ 452.183662][ T31] schedule+0x165/0x360 [ 452.187833][ T31] schedule_preempt_disabled+0x13/0x30 [ 452.193390][ T31] __mutex_lock+0x724/0xe80 [ 452.198055][ T31] ? kobject_put+0x43f/0x480 [ 452.202808][ T31] ? __mutex_lock+0x51b/0xe80 [ 452.207529][ T31] ? rfkill_unregister+0xc8/0x220 [ 452.212884][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 452.218002][ T31] ? __pfx_device_del+0x10/0x10 [ 452.222984][ T31] ? hci_sock_dev_event+0x42d/0x600 [ 452.228290][ T31] rfkill_unregister+0xc8/0x220 [ 452.233294][ T31] hci_unregister_dev+0x360/0x500 [ 452.238365][ T31] vhci_release+0x80/0xd0 [ 452.242823][ T31] ? __pfx_vhci_release+0x10/0x10 [ 452.247888][ T31] __fput+0x44c/0xa70 [ 452.251957][ T31] task_work_run+0x1d1/0x260 [ 452.256585][ T31] ? __pfx_task_work_run+0x10/0x10 [ 452.261819][ T31] ? kmem_cache_free+0x18f/0x400 [ 452.266791][ T31] do_exit+0x6ad/0x22e0 [ 452.271037][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 452.276448][ T31] ? do_raw_spin_lock+0x121/0x290 [ 452.282064][ T31] ? __pfx_do_exit+0x10/0x10 [ 452.286831][ T31] do_group_exit+0x21c/0x2d0 [ 452.291541][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 452.296792][ T31] get_signal+0x1286/0x1340 [ 452.301453][ T31] arch_do_signal_or_restart+0x9a/0x750 [ 452.307049][ T31] ? __pfx_get_old_timespec32+0x10/0x10 [ 452.312705][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 452.318993][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 452.324495][ T31] exit_to_user_mode_loop+0x75/0x110 [ 452.329868][ T31] __do_fast_syscall_32+0x1f4/0x2b0 [ 452.335096][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 452.340384][ T31] do_fast_syscall_32+0x34/0x80 [ 452.345265][ T31] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 452.351710][ T31] RIP: 0023:0xf7fd8539 [ 452.355821][ T31] RSP: 002b:00000000f50f6460 EFLAGS: 00000206 ORIG_RAX: 000000000000010b [ 452.365370][ T31] RAX: fffffffffffffdfc RBX: 0000000000000000 RCX: 0000000000000000 [ 452.373597][ T31] RDX: 00000000f50f6494 RSI: 00000000f50f648c RDI: 00000000f50f6494 [ 452.381876][ T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 452.390157][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 452.398163][ T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 452.406237][ T31] [ 452.409942][ T31] INFO: task syz.1.801:8698 blocked for more than 144 seconds. [ 452.417530][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 452.425745][ T31] Blocked by coredump. [ 452.430611][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 452.439439][ T31] task:syz.1.801 state:D stack:24536 pid:8698 tgid:8697 ppid:5853 task_flags:0x40044c flags:0x20004006 [ 452.451764][ T31] Call Trace: [ 452.455075][ T31] [ 452.458016][ T31] __schedule+0x16f5/0x4d00 [ 452.462626][ T31] ? schedule+0x165/0x360 [ 452.467031][ T31] ? __pfx___schedule+0x10/0x10 [ 452.472941][ T31] ? schedule+0x91/0x360 [ 452.477225][ T31] schedule+0x165/0x360 [ 452.481843][ T31] schedule_preempt_disabled+0x13/0x30 [ 452.487368][ T31] __mutex_lock+0x724/0xe80 [ 452.492595][ T31] ? kobject_put+0x43f/0x480 [ 452.497235][ T31] ? __mutex_lock+0x51b/0xe80 [ 452.502280][ T31] ? rfkill_unregister+0xc8/0x220 [ 452.507361][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 452.512481][ T31] ? __pfx_device_del+0x10/0x10 [ 452.517374][ T31] rfkill_unregister+0xc8/0x220 [ 452.522401][ T31] nfc_unregister_device+0x96/0x2a0 [ 452.527646][ T31] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 452.533764][ T31] virtual_ncidev_close+0x56/0x90 [ 452.539406][ T31] __fput+0x44c/0xa70 [ 452.543448][ T31] task_work_run+0x1d1/0x260 [ 452.548064][ T31] ? __pfx_task_work_run+0x10/0x10 [ 452.553344][ T31] do_exit+0x6ad/0x22e0 [ 452.557551][ T31] ? do_raw_spin_lock+0x121/0x290 [ 452.562693][ T31] ? __pfx_do_exit+0x10/0x10 [ 452.567337][ T31] do_group_exit+0x21c/0x2d0 [ 452.572338][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 452.577568][ T31] get_signal+0x1286/0x1340 [ 452.582284][ T31] arch_do_signal_or_restart+0x9a/0x750 [ 452.587908][ T31] ? __pfx___sys_connect+0x10/0x10 [ 452.593109][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 452.599722][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 452.605236][ T31] exit_to_user_mode_loop+0x75/0x110 [ 452.610618][ T31] __do_fast_syscall_32+0x1f4/0x2b0 [ 452.615867][ T31] do_fast_syscall_32+0x34/0x80 [ 452.620808][ T31] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 452.627177][ T31] RIP: 0023:0xf7fd8539 [ 452.631741][ T31] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 000000000000016a [ 452.640302][ T31] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 0000000080000000 [ 452.648305][ T31] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 452.656342][ T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 452.664624][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 452.672681][ T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 452.680976][ T31] [ 452.684044][ T31] INFO: task syz.3.822:8815 blocked for more than 144 seconds. [ 452.691968][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 452.699691][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 452.708379][ T31] task:syz.3.822 state:D stack:28296 pid:8815 tgid:8802 ppid:5851 task_flags:0x400140 flags:0x20004004 [ 452.720712][ T31] Call Trace: [ 452.724056][ T31] [ 452.727120][ T31] __schedule+0x16f5/0x4d00 [ 452.731866][ T31] ? schedule+0x165/0x360 [ 452.736263][ T31] ? __pfx___schedule+0x10/0x10 [ 452.741266][ T31] ? schedule+0x91/0x360 [ 452.745570][ T31] schedule+0x165/0x360 [ 452.750183][ T31] schedule_preempt_disabled+0x13/0x30 [ 452.755698][ T31] __mutex_lock+0x724/0xe80 [ 452.760293][ T31] ? __mutex_lock+0x51b/0xe80 [ 452.765004][ T31] ? misc_open+0x51/0x330 [ 452.769436][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 452.774510][ T31] misc_open+0x51/0x330 [ 452.778683][ T31] chrdev_open+0x4cc/0x5e0 [ 452.783545][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 452.788533][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 452.793590][ T31] do_dentry_open+0xdf3/0x1970 [ 452.798414][ T31] vfs_open+0x3b/0x340 [ 452.802600][ T31] ? path_openat+0x2ecd/0x3830 [ 452.807422][ T31] path_openat+0x2ee5/0x3830 [ 452.812392][ T31] ? arch_stack_walk+0xfc/0x150 [ 452.817297][ T31] ? __pfx_path_openat+0x10/0x10 [ 452.822322][ T31] ? do_fast_syscall_32+0x34/0x80 [ 452.827382][ T31] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 452.833970][ T31] do_filp_open+0x1fa/0x410 [ 452.838513][ T31] ? __lock_acquire+0xab9/0xd20 [ 452.843748][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 452.848885][ T31] ? _raw_spin_unlock+0x28/0x50 [ 452.853789][ T31] ? alloc_fd+0x64c/0x6c0 [ 452.858260][ T31] do_sys_openat2+0x121/0x1c0 [ 452.863061][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 452.868319][ T31] ? exc_page_fault+0x76/0xf0 [ 452.873456][ T31] __ia32_compat_sys_openat+0x131/0x160 [ 452.879211][ T31] __do_fast_syscall_32+0xb6/0x2b0 [ 452.884369][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 452.889657][ T31] do_fast_syscall_32+0x34/0x80 [ 452.894632][ T31] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 452.901392][ T31] RIP: 0023:0xf7fb6539 [ 452.905491][ T31] RSP: 002b:00000000f5092460 EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 452.914020][ T31] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f72c65ac [ 452.922138][ T31] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f7442ff4 [ 452.930504][ T31] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 452.938521][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 452.946650][ T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 452.954707][ T31] [ 452.957738][ T31] INFO: task syz.4.823:8806 blocked for more than 144 seconds. [ 452.965651][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 452.973357][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 452.982125][ T31] task:syz.4.823 state:D stack:26072 pid:8806 tgid:8805 ppid:5846 task_flags:0x400040 flags:0x20004004 [ 452.994471][ T31] Call Trace: [ 452.997808][ T31] [ 453.000991][ T31] __schedule+0x16f5/0x4d00 [ 453.005559][ T31] ? __lock_acquire+0xa90/0xd20 [ 453.010499][ T31] ? schedule+0x165/0x360 [ 453.014887][ T31] ? __pfx___schedule+0x10/0x10 [ 453.020179][ T31] ? schedule+0x91/0x360 [ 453.024459][ T31] schedule+0x165/0x360 [ 453.028637][ T31] schedule_preempt_disabled+0x13/0x30 [ 453.034250][ T31] __mutex_lock+0x724/0xe80 [ 453.038869][ T31] ? __mutex_lock+0x51b/0xe80 [ 453.043584][ T31] ? rfkill_register+0x37/0x8e0 [ 453.048459][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 453.053875][ T31] ? __init_waitqueue_head+0xa9/0x150 [ 453.059377][ T31] ? device_initialize+0x24b/0x440 [ 453.064528][ T31] rfkill_register+0x37/0x8e0 [ 453.069306][ T31] nfc_register_device+0x14a/0x320 [ 453.074459][ T31] nci_register_device+0x87f/0x9d0 [ 453.080178][ T31] ? __pfx_nci_register_device+0x10/0x10 [ 453.085863][ T31] ? __raw_spin_lock_init+0x45/0x100 [ 453.091366][ T31] ? __init_waitqueue_head+0xa9/0x150 [ 453.096780][ T31] virtual_ncidev_open+0x129/0x1a0 [ 453.101989][ T31] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 453.107663][ T31] misc_open+0x2bc/0x330 [ 453.112375][ T31] chrdev_open+0x4cc/0x5e0 [ 453.116849][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 453.121926][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 453.126902][ T31] do_dentry_open+0xdf3/0x1970 [ 453.131751][ T31] vfs_open+0x3b/0x340 [ 453.135859][ T31] ? path_openat+0x2ecd/0x3830 [ 453.141090][ T31] path_openat+0x2ee5/0x3830 [ 453.145731][ T31] ? arch_stack_walk+0xfc/0x150 [ 453.150793][ T31] ? __pfx_path_openat+0x10/0x10 [ 453.155922][ T31] ? do_fast_syscall_32+0x34/0x80 [ 453.161034][ T31] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 453.167589][ T31] do_filp_open+0x1fa/0x410 [ 453.172492][ T31] ? __lock_acquire+0xab9/0xd20 [ 453.177370][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 453.182511][ T31] ? _raw_spin_unlock+0x28/0x50 [ 453.187399][ T31] ? alloc_fd+0x64c/0x6c0 [ 453.191810][ T31] do_sys_openat2+0x121/0x1c0 [ 453.196527][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 453.202219][ T31] ? rcu_is_watching+0x15/0xb0 [ 453.207035][ T31] __ia32_compat_sys_openat+0x131/0x160 [ 453.212688][ T31] __do_fast_syscall_32+0xb6/0x2b0 [ 453.217833][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 453.223128][ T31] do_fast_syscall_32+0x34/0x80 [ 453.228104][ T31] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 453.234819][ T31] RIP: 0023:0xf70ce539 [ 453.239438][ T31] RSP: 002b:00000000f50be55c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 453.247921][ T31] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000500 [ 453.256493][ T31] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 453.264906][ T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 453.273000][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 453.281073][ T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 453.289520][ T31] [ 453.292666][ T31] INFO: task syz.4.823:8814 blocked for more than 145 seconds. [ 453.300314][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 453.307965][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 453.316728][ T31] task:syz.4.823 state:D stack:27272 pid:8814 tgid:8805 ppid:5846 task_flags:0x400140 flags:0x20004004 [ 453.335494][ T31] Call Trace: [ 453.338895][ T31] [ 453.341857][ T31] __schedule+0x16f5/0x4d00 [ 453.346385][ T31] ? __kasan_slab_free+0x62/0x70 [ 453.351416][ T31] ? security_file_open+0xb1/0x270 [ 453.356572][ T31] ? __lock_acquire+0xa91/0xd20 [ 453.361866][ T31] ? schedule+0x165/0x360 [ 453.366245][ T31] ? __pfx___schedule+0x10/0x10 [ 453.371253][ T31] ? schedule+0x91/0x360 [ 453.375544][ T31] schedule+0x165/0x360 [ 453.379809][ T31] schedule_preempt_disabled+0x13/0x30 [ 453.385309][ T31] __mutex_lock+0x724/0xe80 [ 453.390241][ T31] ? __mutex_lock+0x51b/0xe80 [ 453.394951][ T31] ? misc_open+0x51/0x330 [ 453.399568][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 453.404646][ T31] misc_open+0x51/0x330 [ 453.408910][ T31] chrdev_open+0x4cc/0x5e0 [ 453.413379][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 453.418371][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 453.423872][ T31] do_dentry_open+0xdf3/0x1970 [ 453.428920][ T31] vfs_open+0x3b/0x340 [ 453.433076][ T31] ? path_openat+0x2ecd/0x3830 [ 453.437871][ T31] path_openat+0x2ee5/0x3830 [ 453.442527][ T31] ? arch_stack_walk+0xfc/0x150 [ 453.447437][ T31] ? __pfx_path_openat+0x10/0x10 [ 453.452780][ T31] ? do_fast_syscall_32+0x34/0x80 [ 453.457824][ T31] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 453.464421][ T31] do_filp_open+0x1fa/0x410 [ 453.469047][ T31] ? __lock_acquire+0xab9/0xd20 [ 453.473961][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 453.479543][ T31] ? _raw_spin_unlock+0x28/0x50 [ 453.484438][ T31] ? alloc_fd+0x64c/0x6c0 [ 453.488884][ T31] do_sys_openat2+0x121/0x1c0 [ 453.493602][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 453.498907][ T31] ? rcu_is_watching+0x15/0xb0 [ 453.503720][ T31] __ia32_compat_sys_openat+0x131/0x160 [ 453.509727][ T31] __do_fast_syscall_32+0xb6/0x2b0 [ 453.514880][ T31] do_fast_syscall_32+0x34/0x80 [ 453.519812][ T31] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 453.526179][ T31] RIP: 0023:0xf70ce539 [ 453.530335][ T31] RSP: 002b:00000000f509d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 453.539278][ T31] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080002dc0 [ 453.547294][ T31] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 453.555389][ T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 453.563693][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 453.572788][ T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 453.581041][ T31] [ 453.584110][ T31] INFO: task syz.0.831:8859 blocked for more than 145 seconds. [ 453.591753][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 453.599849][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 453.608545][ T31] task:syz.0.831 state:D stack:28296 pid:8859 tgid:8858 ppid:5848 task_flags:0x400040 flags:0x20004004 [ 453.620606][ T31] Call Trace: [ 453.623911][ T31] [ 453.626853][ T31] __schedule+0x16f5/0x4d00 [ 453.631806][ T31] ? schedule+0x165/0x360 [ 453.636184][ T31] ? __pfx___schedule+0x10/0x10 [ 453.641162][ T31] ? schedule+0x91/0x360 [ 453.645459][ T31] schedule+0x165/0x360 [ 453.649712][ T31] schedule_preempt_disabled+0x13/0x30 [ 453.655206][ T31] __mutex_lock+0x724/0xe80 [ 453.660161][ T31] ? __mutex_lock+0x51b/0xe80 [ 453.664875][ T31] ? misc_open+0x51/0x330 [ 453.669291][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 453.674360][ T31] misc_open+0x51/0x330 [ 453.678536][ T31] chrdev_open+0x4cc/0x5e0 [ 453.683057][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 453.688049][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 453.693386][ T31] do_dentry_open+0xdf3/0x1970 [ 453.698197][ T31] vfs_open+0x3b/0x340 [ 453.702392][ T31] ? path_openat+0x2ecd/0x3830 [ 453.707301][ T31] path_openat+0x2ee5/0x3830 [ 453.712007][ T31] ? arch_stack_walk+0xfc/0x150 [ 453.716928][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 453.723267][ T31] ? __pfx_path_openat+0x10/0x10 [ 453.728266][ T31] ? do_fast_syscall_32+0x34/0x80 [ 453.733359][ T31] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 453.739997][ T31] do_filp_open+0x1fa/0x410 [ 453.744576][ T31] ? __lock_acquire+0xab9/0xd20 [ 453.749878][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 453.754965][ T31] ? _raw_spin_unlock+0x28/0x50 [ 453.759918][ T31] ? alloc_fd+0x64c/0x6c0 [ 453.764393][ T31] do_sys_openat2+0x121/0x1c0 [ 453.769184][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 453.774429][ T31] ? rcu_is_watching+0x15/0xb0 [ 453.779648][ T31] __ia32_compat_sys_openat+0x131/0x160 [ 453.785246][ T31] __do_fast_syscall_32+0xb6/0x2b0 [ 453.790438][ T31] do_fast_syscall_32+0x34/0x80 [ 453.795324][ T31] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 453.801875][ T31] RIP: 0023:0xf70de539 [ 453.805975][ T31] RSP: 002b:00000000f50ce55c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 453.814770][ T31] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000740 [ 453.822841][ T31] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 453.830925][ T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 453.839338][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 453.847374][ T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 453.855485][ T31] [ 453.858541][ T31] INFO: task syz.0.831:8862 blocked for more than 145 seconds. [ 453.866185][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 453.874245][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 453.883026][ T31] task:syz.0.831 state:D stack:26024 pid:8862 tgid:8858 ppid:5848 task_flags:0x400140 flags:0x20004004 [ 453.895031][ T31] Call Trace: [ 453.898319][ T31] [ 453.901638][ T31] __schedule+0x16f5/0x4d00 [ 453.906252][ T31] ? __kasan_slab_free+0x62/0x70 [ 453.911295][ T31] ? security_file_open+0xb1/0x270 [ 453.916446][ T31] ? __lock_acquire+0xa90/0xd20 [ 453.921410][ T31] ? schedule+0x165/0x360 [ 453.925786][ T31] ? __pfx___schedule+0x10/0x10 [ 453.931038][ T31] ? schedule+0x91/0x360 [ 453.935310][ T31] schedule+0x165/0x360 [ 453.939581][ T31] schedule_preempt_disabled+0x13/0x30 [ 453.945082][ T31] __mutex_lock+0x724/0xe80 [ 453.949679][ T31] ? __mutex_lock+0x51b/0xe80 [ 453.954388][ T31] ? misc_open+0x51/0x330 [ 453.958734][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 453.964475][ T31] misc_open+0x51/0x330 [ 453.968821][ T31] chrdev_open+0x4cc/0x5e0 [ 453.973286][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 453.978258][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 453.983277][ T31] do_dentry_open+0xdf3/0x1970 [ 453.988088][ T31] vfs_open+0x3b/0x340 [ 453.992549][ T31] ? path_openat+0x2ecd/0x3830 [ 453.997341][ T31] path_openat+0x2ee5/0x3830 [ 454.002052][ T31] ? arch_stack_walk+0xfc/0x150 [ 454.006974][ T31] ? preempt_schedule+0xae/0xc0 [ 454.011917][ T31] ? __pfx_path_openat+0x10/0x10 [ 454.016894][ T31] ? do_fast_syscall_32+0x34/0x80 [ 454.022317][ T31] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 454.028914][ T31] do_filp_open+0x1fa/0x410 [ 454.033499][ T31] ? __lock_acquire+0xab9/0xd20 [ 454.038371][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 454.043512][ T31] ? _raw_spin_unlock+0x28/0x50 [ 454.048434][ T31] ? alloc_fd+0x64c/0x6c0 [ 454.053240][ T31] do_sys_openat2+0x121/0x1c0 [ 454.058018][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 454.063364][ T31] ? rcu_is_watching+0x15/0xb0 [ 454.068175][ T31] __ia32_compat_sys_openat+0x131/0x160 [ 454.073809][ T31] __do_fast_syscall_32+0xb6/0x2b0 [ 454.079364][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 454.084625][ T31] do_fast_syscall_32+0x34/0x80 [ 454.089572][ T31] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 454.095947][ T31] RIP: 0023:0xf70de539 [ 454.100132][ T31] RSP: 002b:00000000f50ad55c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 454.108580][ T31] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000800003c0 [ 454.116924][ T31] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 454.125135][ T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 454.133170][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 454.141553][ T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 454.149691][ T31] [ 454.152723][ T31] INFO: task syz.0.831:8863 blocked for more than 145 seconds. [ 454.160557][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 454.168210][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 454.177285][ T31] task:syz.0.831 state:D stack:25240 pid:8863 tgid:8858 ppid:5848 task_flags:0x400040 flags:0x20004004 [ 454.189313][ T31] Call Trace: [ 454.192619][ T31] [ 454.195560][ T31] __schedule+0x16f5/0x4d00 [ 454.200583][ T31] ? __kasan_slab_free+0x62/0x70 [ 454.205688][ T31] ? security_file_open+0xb1/0x270 [ 454.211053][ T31] ? __lock_acquire+0xa90/0xd20 [ 454.215979][ T31] ? schedule+0x165/0x360 [ 454.220415][ T31] ? __pfx___schedule+0x10/0x10 [ 454.225334][ T31] ? schedule+0x91/0x360 [ 454.230039][ T31] schedule+0x165/0x360 [ 454.234257][ T31] schedule_preempt_disabled+0x13/0x30 [ 454.239782][ T31] __mutex_lock+0x724/0xe80 [ 454.244319][ T31] ? __mutex_lock+0x51b/0xe80 [ 454.249440][ T31] ? misc_open+0x51/0x330 [ 454.253842][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 454.259298][ T31] misc_open+0x51/0x330 [ 454.263501][ T31] chrdev_open+0x4cc/0x5e0 [ 454.267932][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 454.272960][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 454.277935][ T31] do_dentry_open+0xdf3/0x1970 [ 454.282905][ T31] vfs_open+0x3b/0x340 [ 454.287014][ T31] ? path_openat+0x2ecd/0x3830 [ 454.292227][ T31] path_openat+0x2ee5/0x3830 [ 454.296950][ T31] ? arch_stack_walk+0xfc/0x150 [ 454.301923][ T31] ? __pfx_path_openat+0x10/0x10 [ 454.306920][ T31] ? do_fast_syscall_32+0x34/0x80 [ 454.312022][ T31] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 454.318580][ T31] do_filp_open+0x1fa/0x410 [ 454.323646][ T31] ? __lock_acquire+0xab9/0xd20 [ 454.328547][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 454.333898][ T31] ? _raw_spin_unlock+0x28/0x50 [ 454.339122][ T31] ? alloc_fd+0x64c/0x6c0 [ 454.343573][ T31] do_sys_openat2+0x121/0x1c0 [ 454.348323][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 454.353976][ T31] ? rcu_is_watching+0x15/0xb0 [ 454.365272][ T31] __ia32_compat_sys_openat+0x131/0x160 [ 454.371008][ T31] __do_fast_syscall_32+0xb6/0x2b0 [ 454.376158][ T31] do_fast_syscall_32+0x34/0x80 [ 454.381402][ T31] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 454.387754][ T31] RIP: 0023:0xf70de539 [ 454.391936][ T31] RSP: 002b:00000000f508c55c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 454.400436][ T31] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000180 [ 454.408420][ T31] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 454.416794][ T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 454.424941][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 454.433139][ T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 454.441576][ T31] [ 454.444634][ T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 454.453908][ T31] INFO: task syz.0.831:8880 blocked for more than 146 seconds. [ 454.461651][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 454.469728][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 454.478425][ T31] task:syz.0.831 state:D stack:28296 pid:8880 tgid:8858 ppid:5848 task_flags:0x400040 flags:0x20004004 [ 454.490451][ T31] Call Trace: [ 454.493757][ T31] [ 454.496702][ T31] __schedule+0x16f5/0x4d00 [ 454.501643][ T31] ? __kasan_slab_free+0x62/0x70 [ 454.506618][ T31] ? security_file_open+0xb1/0x270 [ 454.511823][ T31] ? __lock_acquire+0xa90/0xd20 [ 454.516717][ T31] ? schedule+0x165/0x360 [ 454.521296][ T31] ? __pfx___schedule+0x10/0x10 [ 454.526311][ T31] ? schedule+0x91/0x360 [ 454.531054][ T31] schedule+0x165/0x360 [ 454.535269][ T31] schedule_preempt_disabled+0x13/0x30 [ 454.540835][ T31] __mutex_lock+0x724/0xe80 [ 454.545382][ T31] ? __mutex_lock+0x51b/0xe80 [ 454.550176][ T31] ? misc_open+0x51/0x330 [ 454.554556][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 454.560049][ T31] misc_open+0x51/0x330 [ 454.564277][ T31] chrdev_open+0x4cc/0x5e0 [ 454.568710][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 454.573761][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 454.578735][ T31] do_dentry_open+0xdf3/0x1970 [ 454.583635][ T31] vfs_open+0x3b/0x340 [ 454.587781][ T31] ? path_openat+0x2ecd/0x3830 [ 454.592927][ T31] path_openat+0x2ee5/0x3830 [ 454.597557][ T31] ? arch_stack_walk+0xfc/0x150 [ 454.602546][ T31] ? __pfx_path_openat+0x10/0x10 [ 454.607523][ T31] ? do_fast_syscall_32+0x34/0x80 [ 454.612668][ T31] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 454.619730][ T31] do_filp_open+0x1fa/0x410 [ 454.624277][ T31] ? __lock_acquire+0xab9/0xd20 [ 454.629239][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 454.634316][ T31] ? _raw_spin_unlock+0x28/0x50 [ 454.639268][ T31] ? alloc_fd+0x64c/0x6c0 [ 454.643640][ T31] do_sys_openat2+0x121/0x1c0 [ 454.648340][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 454.653962][ T31] ? rcu_is_watching+0x15/0xb0 [ 454.658829][ T31] __ia32_compat_sys_openat+0x131/0x160 [ 454.664434][ T31] __do_fast_syscall_32+0xb6/0x2b0 [ 454.669663][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 454.674901][ T31] do_fast_syscall_32+0x34/0x80 [ 454.680168][ T31] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 454.686543][ T31] RIP: 0023:0xf70de539 [ 454.690713][ T31] RSP: 002b:00000000f4c6955c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 454.699209][ T31] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000 [ 454.707189][ T31] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 454.715664][ T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 454.723770][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 454.731841][ T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 454.740250][ T31] [ 454.743299][ T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 454.752469][ T31] INFO: task syz.0.831:8889 blocked for more than 146 seconds. [ 454.760198][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 454.767857][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 454.776923][ T31] task:syz.0.831 state:D stack:27832 pid:8889 tgid:8858 ppid:5848 task_flags:0x400040 flags:0x20004004 [ 454.788991][ T31] Call Trace: [ 454.792281][ T31] [ 454.795226][ T31] __schedule+0x16f5/0x4d00 [ 454.800159][ T31] ? __kasan_slab_free+0x62/0x70 [ 454.805143][ T31] ? security_file_open+0xb1/0x270 [ 454.810350][ T31] ? __lock_acquire+0xa90/0xd20 [ 454.815261][ T31] ? schedule+0x165/0x360 [ 454.819665][ T31] ? __pfx___schedule+0x10/0x10 [ 454.824593][ T31] ? schedule+0x91/0x360 [ 454.829294][ T31] schedule+0x165/0x360 [ 454.833850][ T31] schedule_preempt_disabled+0x13/0x30 [ 454.839419][ T31] __mutex_lock+0x724/0xe80 [ 454.843935][ T31] ? __mutex_lock+0x51b/0xe80 [ 454.848676][ T31] ? misc_open+0x51/0x330 [ 454.853130][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 454.858226][ T31] misc_open+0x51/0x330 [ 454.862842][ T31] chrdev_open+0x4cc/0x5e0 [ 454.867314][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 454.872366][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 454.877346][ T31] do_dentry_open+0xdf3/0x1970 [ 454.882235][ T31] vfs_open+0x3b/0x340 [ 454.886344][ T31] ? path_openat+0x2ecd/0x3830 [ 454.891564][ T31] path_openat+0x2ee5/0x3830 [ 454.896225][ T31] ? arch_stack_walk+0xfc/0x150 [ 454.901195][ T31] ? __pfx_path_openat+0x10/0x10 [ 454.906262][ T31] ? do_fast_syscall_32+0x34/0x80 [ 454.911394][ T31] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 454.917949][ T31] do_filp_open+0x1fa/0x410 [ 454.922920][ T31] ? __lock_acquire+0xab9/0xd20 [ 454.927825][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 454.932978][ T31] ? _raw_spin_unlock+0x28/0x50 [ 454.937872][ T31] ? alloc_fd+0x64c/0x6c0 [ 454.942292][ T31] do_sys_openat2+0x121/0x1c0 [ 454.947028][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 454.952682][ T31] ? exc_page_fault+0x76/0xf0 [ 454.957416][ T31] __ia32_compat_sys_openat+0x131/0x160 [ 454.963052][ T31] __do_fast_syscall_32+0xb6/0x2b0 [ 454.968198][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 454.973496][ T31] do_fast_syscall_32+0x34/0x80 [ 454.978380][ T31] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 454.985192][ T31] RIP: 0023:0xf70de539 [ 454.989376][ T31] RSP: 002b:00000000f4844460 EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 454.997839][ T31] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f72c65ac [ 455.006107][ T31] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f7442ff4 [ 455.014512][ T31] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 455.022586][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 455.030668][ T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 455.038682][ T31] [ 455.042151][ T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 455.051295][ T31] INFO: task syz.2.833:8870 blocked for more than 146 seconds. [ 455.058961][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 455.066620][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 455.075723][ T31] task:syz.2.833 state:D stack:22456 pid:8870 tgid:8869 ppid:6000 task_flags:0x400140 flags:0x20004004 [ 455.087756][ T31] Call Trace: [ 455.091177][ T31] [ 455.094245][ T31] __schedule+0x16f5/0x4d00 [ 455.099379][ T31] ? __kasan_slab_free+0x62/0x70 [ 455.104645][ T31] ? security_file_open+0xb1/0x270 [ 455.109972][ T31] ? __lock_acquire+0xa90/0xd20 [ 455.114883][ T31] ? schedule+0x165/0x360 [ 455.119322][ T31] ? __pfx___schedule+0x10/0x10 [ 455.124252][ T31] ? schedule+0x91/0x360 [ 455.128542][ T31] schedule+0x165/0x360 [ 455.133126][ T31] schedule_preempt_disabled+0x13/0x30 [ 455.138648][ T31] __mutex_lock+0x724/0xe80 [ 455.143237][ T31] ? __mutex_lock+0x51b/0xe80 [ 455.147929][ T31] ? misc_open+0x51/0x330 [ 455.152401][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 455.157631][ T31] misc_open+0x51/0x330 [ 455.162216][ T31] chrdev_open+0x4cc/0x5e0 [ 455.166666][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 455.171725][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 455.176714][ T31] do_dentry_open+0xdf3/0x1970 [ 455.181634][ T31] vfs_open+0x3b/0x340 [ 455.185844][ T31] ? path_openat+0x2ecd/0x3830 [ 455.191102][ T31] path_openat+0x2ee5/0x3830 [ 455.195756][ T31] ? arch_stack_walk+0xfc/0x150 [ 455.200731][ T31] ? __pfx_path_openat+0x10/0x10 [ 455.205714][ T31] ? do_fast_syscall_32+0x34/0x80 [ 455.210838][ T31] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 455.217405][ T31] do_filp_open+0x1fa/0x410 [ 455.222326][ T31] ? __lock_acquire+0xab9/0xd20 [ 455.227214][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 455.232370][ T31] ? _raw_spin_unlock+0x28/0x50 [ 455.237264][ T31] ? alloc_fd+0x64c/0x6c0 [ 455.241720][ T31] do_sys_openat2+0x121/0x1c0 [ 455.246472][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 455.252121][ T31] ? exc_page_fault+0x76/0xf0 [ 455.256880][ T31] __ia32_compat_sys_openat+0x131/0x160 [ 455.262551][ T31] __do_fast_syscall_32+0xb6/0x2b0 [ 455.267703][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 455.273010][ T31] do_fast_syscall_32+0x34/0x80 [ 455.277975][ T31] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 455.285261][ T31] RIP: 0023:0xf7fc4539 [ 455.289416][ T31] RSP: 002b:00000000f50e4460 EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 455.297844][ T31] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f72d65ac [ 455.305906][ T31] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f7452ff4 [ 455.314193][ T31] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 455.322293][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 455.330382][ T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 455.338399][ T31] [ 455.341815][ T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 455.350943][ T31] INFO: task syz-executor:8891 blocked for more than 147 seconds. [ 455.358833][ T31] Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 [ 455.366519][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 455.375608][ T31] task:syz-executor state:D stack:24136 pid:8891 tgid:8891 ppid:5826 task_flags:0x400000 flags:0x20004004 [ 455.387672][ T31] Call Trace: [ 455.391042][ T31] [ 455.394071][ T31] __schedule+0x16f5/0x4d00 [ 455.398632][ T31] ? __kasan_slab_free+0x62/0x70 [ 455.404524][ T31] ? security_file_open+0xb1/0x270 [ 455.410689][ T31] ? __lock_acquire+0xa91/0xd20 [ 455.415620][ T31] ? schedule+0x165/0x360 [ 455.420087][ T31] ? __pfx___schedule+0x10/0x10 [ 455.424997][ T31] ? schedule+0x91/0x360 [ 455.429697][ T31] schedule+0x165/0x360 [ 455.433918][ T31] schedule_preempt_disabled+0x13/0x30 [ 455.439498][ T31] __mutex_lock+0x724/0xe80 [ 455.444052][ T31] ? __mutex_lock+0x51b/0xe80 [ 455.448917][ T31] ? misc_open+0x51/0x330 [ 455.453328][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 455.458408][ T31] misc_open+0x51/0x330 [ 455.463087][ T31] chrdev_open+0x4cc/0x5e0 [ 455.467532][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 455.472565][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 455.477538][ T31] do_dentry_open+0xdf3/0x1970 [ 455.489201][ T31] vfs_open+0x3b/0x340 [ 455.493347][ T31] ? path_openat+0x2ecd/0x3830 [ 455.498158][ T31] path_openat+0x2ee5/0x3830 [ 455.503407][ T31] ? arch_stack_walk+0xfc/0x150 [ 455.508359][ T31] ? __pfx_path_openat+0x10/0x10 [ 455.518936][ T31] ? do_fast_syscall_32+0x34/0x80 [ 455.524039][ T31] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 455.535883][ T31] do_filp_open+0x1fa/0x410 [ 455.541957][ T31] ? __lock_acquire+0xab9/0xd20 [ 455.546893][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 455.556418][ T31] ? _raw_spin_unlock+0x28/0x50 [ 455.564149][ T31] ? alloc_fd+0x64c/0x6c0 [ 455.568553][ T31] do_sys_openat2+0x121/0x1c0 [ 455.578546][ T31] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 455.585084][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 455.594442][ T31] ? __fget_files+0x2a/0x420 [ 455.599372][ T31] ? __fget_files+0x2a/0x420 [ 455.604051][ T31] __ia32_compat_sys_openat+0x131/0x160 [ 455.613931][ T31] __do_fast_syscall_32+0xb6/0x2b0 [ 455.619384][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 455.624643][ T31] do_fast_syscall_32+0x34/0x80 [ 455.634298][ T31] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 455.642930][ T31] RIP: 0023:0xf7fd3539 [ 455.647059][ T31] RSP: 002b:00000000ffdbb100 EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 455.658847][ T31] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f72e721e [ 455.667088][ T31] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f7462ff4 [ 455.681017][ T31] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 455.691889][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 455.702397][ T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 455.712117][ T31] [ 455.715179][ T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 455.726611][ T31] [ 455.726611][ T31] Showing all locks held in the system: [ 455.736140][ T31] 1 lock held by khungtaskd/31: [ 455.743488][ T31] #0: ffffffff8e13ed60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 455.755052][ T31] 2 locks held by getty/5603: [ 455.764842][ T31] #0: ffff8880307f10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 455.774798][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 455.788876][ T31] 6 locks held by kworker/0:3/5874: [ 455.794135][ T31] 4 locks held by kworker/0:4/5899: [ 455.804043][ T31] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 455.815203][ T31] #1: ffffc900047efbc0 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 455.830238][ T31] #2: ffffffff8f7eac68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_epo+0x4c/0x180 [ 455.842207][ T31] #3: ffff88803251e100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0 [ 455.853567][ T31] 3 locks held by kworker/0:6/5920: [ 455.862288][ T31] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 455.874469][ T31] #1: ffffc90004957bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 455.888587][ T31] #2: ffffffff8f7eac68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 455.900263][ T31] 1 lock held by syz.1.507/7753: [ 455.906374][ T31] #0: ffffffff8f7eac68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220 [ 455.916906][ T31] 2 locks held by syz.1.801/8698: [ 455.922120][ T31] #0: ffff88803251e100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0 [ 455.932230][ T31] #1: ffffffff8f7eac68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220 [ 455.942815][ T31] 1 lock held by syz.3.822/8815: [ 455.947873][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 455.956521][ T31] 3 locks held by syz.4.823/8806: [ 455.961882][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 455.970874][ T31] #1: ffff8880281e7100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320 [ 455.980658][ T31] #2: ffffffff8f7eac68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 455.990763][ T31] 1 lock held by syz.4.823/8814: [ 455.995742][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 456.004694][ T31] 1 lock held by syz.0.831/8859: [ 456.010096][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 456.018646][ T31] 1 lock held by syz.0.831/8862: [ 456.023759][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 456.032824][ T31] 1 lock held by syz.0.831/8863: [ 456.037784][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 456.046428][ T31] 1 lock held by syz.0.831/8880: [ 456.051531][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 456.060467][ T31] 1 lock held by syz.0.831/8889: [ 456.065439][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 456.074057][ T31] 1 lock held by syz.2.833/8870: [ 456.079084][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 456.087619][ T31] 1 lock held by syz-executor/8891: [ 456.093278][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 456.101910][ T31] 1 lock held by syz-executor/8892: [ 456.107145][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 456.115718][ T31] 1 lock held by syz-executor/8893: [ 456.121632][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 456.130342][ T31] 1 lock held by syz-executor/8894: [ 456.135587][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 456.144268][ T31] 1 lock held by syz-executor/8895: [ 456.149951][ T31] #0: ffffffff8e9c26c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 456.158660][ T31] [ 456.161288][ T31] ============================================= [ 456.161288][ T31] [ 456.169943][ T31] NMI backtrace for cpu 1 [ 456.169965][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 456.169991][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 456.170005][ T31] Call Trace: [ 456.170014][ T31] [ 456.170023][ T31] dump_stack_lvl+0x189/0x250 [ 456.170060][ T31] ? __wake_up_klogd+0xd9/0x110 [ 456.170088][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 456.170122][ T31] ? __pfx__printk+0x10/0x10 [ 456.170158][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 456.170190][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 456.170215][ T31] ? _printk+0xcf/0x120 [ 456.170243][ T31] ? __pfx__printk+0x10/0x10 [ 456.170269][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 456.170301][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 456.170332][ T31] watchdog+0xfee/0x1030 [ 456.170363][ T31] ? watchdog+0x1de/0x1030 [ 456.170400][ T31] kthread+0x70e/0x8a0 [ 456.170428][ T31] ? __pfx_watchdog+0x10/0x10 [ 456.170456][ T31] ? __pfx_kthread+0x10/0x10 [ 456.170482][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 456.170512][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 456.170541][ T31] ? __pfx_kthread+0x10/0x10 [ 456.170566][ T31] ret_from_fork+0x3fc/0x770 [ 456.170600][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 456.170632][ T31] ? __switch_to_asm+0x39/0x70 [ 456.170647][ T31] ? __switch_to_asm+0x33/0x70 [ 456.170661][ T31] ? __pfx_kthread+0x10/0x10 [ 456.170679][ T31] ret_from_fork_asm+0x1a/0x30 [ 456.170707][ T31] [ 456.170712][ T31] Sending NMI from CPU 1 to CPUs 0: [ 456.329711][ C0] NMI backtrace for cpu 0 [ 456.329729][ C0] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 456.329752][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 456.329765][ C0] Workqueue: bat_events batadv_nc_worker [ 456.329794][ C0] RIP: 0010:__kasan_check_byte+0x12/0x40 [ 456.329817][ C0] Code: cf fe ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 41 56 53 48 89 f3 49 89 fe e8 5e 14 00 00 <84> c0 75 16 be 01 00 00 00 4c 89 f7 31 d2 48 89 d9 89 c3 e8 c6 03 [ 456.329835][ C0] RSP: 0018:ffffc90000ac7968 EFLAGS: 00000293 [ 456.329850][ C0] RAX: 0000000000000001 RBX: ffffffff8b34140f RCX: 0a5397bf58608100 [ 456.329864][ C0] RDX: 0000000000000000 RSI: ffffffff8b34140f RDI: 1ffffffff1c27dac [ 456.329877][ C0] RBP: ffffffff8b3413f2 R08: 0000000000000000 R09: 0000000000000000 [ 456.329888][ C0] R10: dffffc0000000000 R11: ffffffff8b341320 R12: 0000000000000002 [ 456.329901][ C0] R13: ffffffff8e13ed60 R14: ffffffff8e13ed60 R15: 0000000000000000 [ 456.329915][ C0] FS: 0000000000000000(0000) GS:ffff888125c52000(0000) knlGS:0000000000000000 [ 456.329930][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 456.329942][ C0] CR2: 0000557230479168 CR3: 000000000df38000 CR4: 00000000003526f0 [ 456.329959][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 456.329970][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 456.329981][ C0] Call Trace: [ 456.329988][ C0] [ 456.329996][ C0] lock_acquire+0x8d/0x360 [ 456.330026][ C0] ? batadv_nc_worker+0xd2/0x610 [ 456.330059][ C0] ? batadv_nc_worker+0xd2/0x610 [ 456.330084][ C0] batadv_nc_worker+0xef/0x610 [ 456.330108][ C0] ? batadv_nc_worker+0xd2/0x610 [ 456.330132][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 456.330162][ C0] process_scheduled_works+0xae1/0x17b0 [ 456.330206][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 456.330243][ C0] worker_thread+0x8a0/0xda0 [ 456.330273][ C0] kthread+0x70e/0x8a0 [ 456.330295][ C0] ? __pfx_worker_thread+0x10/0x10 [ 456.330323][ C0] ? __pfx_kthread+0x10/0x10 [ 456.330344][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 456.330370][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 456.330397][ C0] ? __pfx_kthread+0x10/0x10 [ 456.330417][ C0] ret_from_fork+0x3fc/0x770 [ 456.330445][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 456.330474][ C0] ? __switch_to_asm+0x39/0x70 [ 456.330493][ C0] ? __switch_to_asm+0x33/0x70 [ 456.330511][ C0] ? __pfx_kthread+0x10/0x10 [ 456.330531][ C0] ret_from_fork_asm+0x1a/0x30 [ 456.330560][ C0] [ 456.330872][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 456.592918][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 456.604751][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 456.614828][ T31] Call Trace: [ 456.618127][ T31] [ 456.621073][ T31] dump_stack_lvl+0x99/0x250 [ 456.625698][ T31] ? __asan_memcpy+0x40/0x70 [ 456.630314][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 456.635539][ T31] ? __pfx__printk+0x10/0x10 [ 456.640155][ T31] panic+0x2db/0x790 [ 456.644086][ T31] ? __pfx_panic+0x10/0x10 [ 456.648636][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 456.654472][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 456.659873][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 456.666054][ T31] watchdog+0x102d/0x1030 [ 456.670415][ T31] ? watchdog+0x1de/0x1030 [ 456.674881][ T31] kthread+0x70e/0x8a0 [ 456.678992][ T31] ? __pfx_watchdog+0x10/0x10 [ 456.683709][ T31] ? __pfx_kthread+0x10/0x10 [ 456.688415][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 456.693644][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 456.698869][ T31] ? __pfx_kthread+0x10/0x10 [ 456.703478][ T31] ret_from_fork+0x3fc/0x770 [ 456.708097][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 456.713235][ T31] ? __switch_to_asm+0x39/0x70 [ 456.718014][ T31] ? __switch_to_asm+0x33/0x70 [ 456.722791][ T31] ? __pfx_kthread+0x10/0x10 [ 456.727407][ T31] ret_from_fork_asm+0x1a/0x30 [ 456.732204][ T31] [ 456.735513][ T31] Kernel Offset: disabled [ 456.739857][ T31] Rebooting in 86400 seconds..