last executing test programs: 10.225389124s ago: executing program 3 (id=1687): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x80800) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 8.026680583s ago: executing program 2 (id=1692): syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000180)=0x1) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) socket$igmp(0x2, 0x3, 0x2) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r4 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r4, &(0x7f0000019440), 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="e80000003f00070100000000fddbdf25027c0000d100378013000300717472283414d6bba919736d34290000080008"], 0xe8}, 0x1, 0x0, 0x0, 0xc880}, 0x0) syz_genetlink_get_family_id$smc(&(0x7f0000000140), r4) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c900"], 0x16) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4) 6.595545914s ago: executing program 0 (id=1694): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x204, @loopback, 0x7}, 0x1c) sendto$inet6(r0, &(0x7f0000000300)='\x00', 0x1, 0x2002c144, &(0x7f00000001c0)={0xa, 0x2, 0x0, @loopback, 0xb}, 0x1c) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='yeah', 0x4) shutdown(r0, 0x1) 5.619604792s ago: executing program 3 (id=1695): socket$packet(0x11, 0x3, 0x300) socket(0x10, 0x803, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x1d) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/18, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r3], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYRES32], 0x50}}, 0x2) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r5}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 5.531775217s ago: executing program 1 (id=1696): ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0xc2, 0x4f, 0x19, 0x7, 0xc0, 0x1, 0x2, 0x6, 0xc, 0x0, 0x9}, {0x0, 0xaef3, 0x6, 0x8, 0x9, 0xff, 0x8, 0x3, 0x4, 0xd, 0xff, 0x6, 0x1bf}, {0x1fb, 0x7, 0x0, 0x10, 0x25, 0x9, 0xd, 0x0, 0x8, 0x1, 0x1, 0x3, 0x40000000000001}], 0x9}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.390071584s ago: executing program 0 (id=1697): r0 = socket$rds(0x15, 0x5, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, 0x0) r1 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x2ffe, 0x2) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x4b, 0x89}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x8894}, 0x8000) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r2, 0xc0305710, &(0x7f0000000000)={0x0, 0x399a, 0x5, 0x1, 0x2}) arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x2) ioctl$XFS_IOC_PATH_TO_HANDLE(r2, 0xc0385869, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000540), r3) sendmsg$TIPC_CMD_GET_NODES(r3, 0x0, 0x20040891) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SSUBSCRIP(r5, 0x89e1, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a0104000000000000000002000028090001007379622a000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000"], 0xdc}, 0x1, 0x0, 0x0, 0x5c30b8d635994bae}, 0x0) syz_emit_ethernet(0x2a, 0x0, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1}) socket$nl_generic(0x10, 0x3, 0x10) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f00000002c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xef}, 0xa) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, 0x0, 0x0) 5.245986871s ago: executing program 3 (id=1698): openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xa, 0x6, 0x4, 0x7, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0xfec00000, 0x3000, 0x8, 0x13, 0x1, 0x8, 0x7, 0x8, 0x3, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0xe7, 0x3, 0x6, 0x7, 0x3}, {0x2, 0x0, 0xe, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x1, 0x6}, {0x40000, 0x8000000, 0xe, 0xd, 0x59, 0x5, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xfc}, {0x2, 0xeeef0000, 0x8, 0xbe, 0x6, 0x7, 0x10, 0x1, 0x0, 0x18, 0x2, 0x4}, {0x5000, 0x8000000, 0x4, 0x9, 0xff, 0xf, 0x0, 0x3, 0x8, 0x4, 0x80, 0x2}, {0x2, 0x4, 0x10, 0x4, 0x8, 0x1, 0x0, 0xf9, 0x3, 0x7, 0x0, 0xfe}, {0x1, 0xedd8}, {0xffff1000, 0x17}, 0x60050018, 0x0, 0x0, 0x222, 0x100000002, 0x0, 0xdddd1000, [0x6, 0x4, 0x4000000000000009, 0x7]}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000100)={0x5}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x0, 0x20, 0x3, 0x1, 0x106e, 0xc, 0x8000000000000, 0x80000004000080, 0x0, 0xfffffffffffffff9, 0x4, 0x4, 0x6, 0x7ffd], 0x41000, 0x3c4210}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.230131941s ago: executing program 1 (id=1699): r0 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000540)={0x3, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x2, 0x1, "b6855a32474ffa64f778ddcf29c94337"}) 4.123439076s ago: executing program 1 (id=1700): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$xdp(0x2c, 0x3, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000001ac0), 0x6) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) ioctl$sock_bt_hci(r0, 0x400448ca, 0x0) 4.123080926s ago: executing program 2 (id=1701): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) capset(0x0, &(0x7f0000000040)={0x200000, 0x200003, 0x3, 0x0, 0x7, 0x400}) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200), 0x2000, 0x0) ioctl$TIOCMIWAIT(r4, 0x545c, 0x7cb7562f2d67) ioctl$TIOCMSET(r4, 0x5418, &(0x7f00000000c0)=0xfff7bdff) mkdir(0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)) syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x18, 0x3, &(0x7f0000000300)=@framed, &(0x7f0000000140)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94) 3.84466726s ago: executing program 0 (id=1702): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957e2013d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b000"], 0x208}, 0x0) r2 = memfd_create(&(0x7f0000000380)='\x103q}2\x9a\xce\xaf\x03\xdfyR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7R\x94\xaf\xbb\xdcM\x90k\xd6\x05\r\x84\x87\x1e?\x10\x95SWFO{\x1f\x1b!\xd5\x991D\x1c\b\x8c`\xeaSA\x90m\xb6&\xd0\xf1\xb3\xed:\x82\xbd\xe3i|BL\x1f\x9d\x00\x00\xc5\xb8$\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\r\xd6h\x80\x8fQ|\xf5d\x10\x10\xd7\t\x00\x00\x00\x00\x00\x00\x00<\xfeeS\xb2l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfaa\xd3\xf1\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7~x\xb8vo\xe6\x15@\xc9\"CY\x11\xb9u\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D4E^7%8\x94y\x90\xf0l\xa0\'L%\xd4\xda\xee\x81\x98\xcc\xfd\xa2\x89$\x9by\xf1\xbb\x01\xb7\xcd\xbf\x99\x1f\x90@b\x03\xb3\xe0CfU\x16{\xbey\xa1cs\x96U\x11\xdb*\xdf\xcdG\xc7z\x85\x8aE\xf7\xd5\x9dAj\xe3\xfb\xc4\xa0\x14\x87\x19\x17\xed\xd1\x185%Q%\x81\xfaK\x82\xec=\xa3\xb8~\xb6O\xbd\x19*\xdb\x1c\x10\xa4\x8dIl\xc1\xceG\xd0h\xa1\xab:dP\xb6\xa0BR\xbe\x03\xac\xd9\x87\x00@\x80\x94\xd88\xc9\x03\x97\x17r\x85#\x7f\x8cu\x8f\xcc\x7fF\xb5\xea\xa6\xc1\x9d\xac\x89\xc9\xa1tuJw\xee\x1a\xe73\xa8\xadS\xd1\x11#d\xc2\xcfdj\x9ec\x93\xd5K\x90*_3\x89\v\xab\x04ih\x12\x93\xc5m\x8f~{\xe5\x85\xa5g\x00\x00\x00\xe45Q\xab%\xa8[\xf3\x17\x94\xf8\xdfq\xff\xd2?\xafW\xde\x1bW]\x1f\aaV\xc5\xc82*\xc7\xc5\"C}L\x10e\xc6\x90\xc0\xf9z\xb6+/d\x86\xf2\xbe\xc9:u\t\\e\x05)\xe4\xd2\xc4\x1a\xc9\xac\xdb\x925\x02\x94@\xa2\xe1\xee\x16\xb4\x98\xff\x0f\xbb\xb2\x81\xcf\x13g6l\xcc\xc8\x02\v\xa2\xb2\xf6\xbf@d\xcecC\x9fVz\xf4\x14\xa5\x8b|\xe1\xc0\xfa3X\xf4\xd9L\xe6\x8f\x9dy\x0fX.\xc5EQ\xd1/\xa1\xd0\x03>\xf0\x90\x13B\xe2\x97\x8b!\xf7\"\xecX\x92\xab\xbc^\xb2\x80@\xcc+\xbbp\xdc|N\xd3[=G\xb2\xe1\x9c\xc5\x81y\x84\xef\xacQ\x01\xdd\xe7<\xb8\xf1Hn\x86\xa6\xe3\x18N\x19\"[-\xdb\xef\xc3\xe0\xa8}', 0x0) r3 = fanotify_init(0x8, 0x80000) fanotify_mark(r3, 0x1, 0x40001012, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x3) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000940)={0x3, 0x0, [{0x0, 0x0, 0x0}, {0x4000, 0x0, 0x0}, {0x30000, 0x0, 0x0}]}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) statx(r1, &(0x7f0000000680)='./file0\x00', 0x4000, 0x0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000006c0)=0x0, &(0x7f0000000700), &(0x7f00000008c0)) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000ac0)={{0x1, 0x0, 0x0, r5, r6, 0x110, 0x7fff}, 0x0, 0x0, 0x4, 0x8000000000000001, 0x6, 0x9, 0xadb, 0x5, 0x8, 0x2, r0}) link(&(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='./file0\x00') socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)) r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) r8 = ioctl$LOOP_CTL_GET_FREE(r7, 0x4c82) ioctl$LOOP_CTL_REMOVE(r7, 0x4c81, r8) 3.493962328s ago: executing program 1 (id=1703): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x101001, 0x200) write$tun(r3, &(0x7f0000000000)={@val={0x0, 0x886c}, @void, @eth={@random="000000f400", @empty, @val={@void, {0x8100, 0x0, 0x1, 0x2}}, {@llc_tr={0x11, {@llc={0xaa, 0xe, "d8"}}}}}}, 0x19) gettid() mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r4, &(0x7f0000000100)='cpuacct.usage\x00', 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r5, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000000)={0x2c, r6, 0x1, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x10004000) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r7) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x1c, r8, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000054) 2.797773492s ago: executing program 2 (id=1704): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f00000002c0)={0x1, 0x0, [{0x4b564d05}]}) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000040)=0x3) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x4, 0xfffffffc, 0x0, 0xeffffdff, 0x0, [{0x6, 0x0, 0xfd, '\x00', 0xff}, {0x0, 0x8, 0x0, '\x00', 0x7c}, {0xec, 0x13, 0x4, '\x00', 0xbb}, {0x13, 0xb}, {0x0, 0xfd, 0x0, '\x00', 0xfd}, {0xfe, 0x0, 0x6, '\x00', 0x2}, {0xfd, 0x0, 0x6}, {0x6f, 0x0, 0x0, '\x00', 0x7}, {0x0, 0x8f, 0xf5, '\x00', 0xfc}, {0xb5, 0x6, 0x0, '\x00', 0x9}, {0xb, 0x0, 0x0, '\x00', 0xd}, {0x0, 0x99, 0x81, '\x00', 0x1}, {0x0, 0x49, 0x2, '\x00', 0x3}, {0x2, 0x0, 0x3}, {0xc3, 0x0, 0x0, '\x00', 0x1}, {0x0, 0x6, 0x0, '\x00', 0xff}, {0x3, 0x0, 0xec}, {0x0, 0x2, 0x6, '\x00', 0x10}, {0xfe, 0x0, 0xd}, {0x0, 0x80, 0x0, '\x00', 0x1}, {0x4, 0x2, 0x0, '\x00', 0x37}, {0x0, 0x9, 0x0, '\x00', 0x5}, {0x0, 0x2, 0x9}, {0x4a, 0xff, 0x3}]}}) 2.797077972s ago: executing program 3 (id=1705): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000300)='\x00', 0x1, 0x2002c144, &(0x7f00000001c0)={0xa, 0x2, 0x0, @loopback, 0xb}, 0x1c) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='yeah', 0x4) shutdown(r0, 0x1) 2.21942877s ago: executing program 0 (id=1706): socket$packet(0x11, 0x3, 0x300) socket(0x10, 0x803, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x1d) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/18, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r3], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32], 0x50}}, 0x2) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r5}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 1.294891847s ago: executing program 1 (id=1707): ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0xc2, 0x4f, 0x19, 0x7, 0xc0, 0x1, 0x2, 0x6, 0xc, 0x0, 0x9}, {0x0, 0xaef3, 0x6, 0x8, 0x9, 0xff, 0x8, 0x3, 0x4, 0xd, 0xff, 0x6, 0x1bf}, {0x1fb, 0x7, 0x0, 0x10, 0x25, 0x9, 0xd, 0x0, 0x8, 0x1, 0x1, 0x3, 0x40000000000001}], 0x9}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.294766356s ago: executing program 2 (id=1708): io_uring_setup(0x4126, &(0x7f00000007c0)={0x0, 0x0, 0x2, 0x0, 0x1000000}) 1.128837414s ago: executing program 3 (id=1709): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, 0x0, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}]}, 0x2c}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x20000, 0x0, 'queue1\x00', 0x2}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0xffffff3f, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x92, @time={0xffffff3f, 0x1000000}}) 969.112212ms ago: executing program 2 (id=1710): mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00') syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x2, 0x0, 0x300) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 855.508528ms ago: executing program 1 (id=1711): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) syz_open_dev$char_usb(0xc, 0xb4, 0x80000000) 735.960874ms ago: executing program 2 (id=1712): r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) writev(r1, &(0x7f0000000640)=[{&(0x7f00000007c0)="bd", 0x1}], 0x1) 648.838438ms ago: executing program 3 (id=1713): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x9) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) r1 = mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\"Zm\x1c\x18\x11\x93\xb5z \xc2\x8b\xa9\xc5\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x2c, &(0x7f0000000300)={0x0, 0x1, 0x3}) mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0xa, 0x0) mq_timedreceive(r1, &(0x7f0000000340)=""/200, 0xc8, 0x0, 0x0) 577.515402ms ago: executing program 0 (id=1714): ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, &(0x7f0000000300)=@vmx={0x1, 0x0, 0x2080, {0x70000, 0x100000, {0x2}, 0x0, 0x9}, {"c03274ac57b7322edacc2ec9d2ef14f1fad842cf9250df5940a343dc81344bd124b68b7aeff9200ce0896a9f36fd231be081837aab804ad9405f8b9e475905a471c6d59e09963933c99900915f7b6ce890b4aa75be7f5ec23a5bf4966f688bb1957cdaf11fbc8ee3ea50bcfdc571b89cfe94ddcb861157a47784a090e638c6f9209c15e097df8a5ea611c892cdd442fe82c0391d0b51ef8497bc1b17fea437b14e5258690df4752a3c270556a7ba0ccf45023c578b7bfce31c95d184087cc0ad17f776839554d35c96b53c01efac601edd57d95cdc9eb2e291fd188c514731038efbd9277609ad7372b1dcb4301126a99329aa26663634c17a43dcdc17b40a8c7cf7f80a579ac86752a08db06936cc08e285f1e36706640f124cdbef36cfe1a61ec16bb130d0a91a53e61c795915b7b59f4f3fbf70b9f7c397bb3c3f36d7f5e7b9c15c79ca3fbff8a10b9e4067fdbf5589a430b70003ce4bcfe6a611e83e7abc18df424116922baa212024f222e2befdad10ec3ea2a4c35fbf86be236bd11b636dfee48b75054a9cd3920b687df7b00aec77d562c8123d81238f1c1b2ce2c2224bbc49c1f6ae1e1b63e8848a50234230ae0eeb46af438d70319f8bf158fe12f5f4ac5ba499d082e36ae0706029bf2f37ab55b6d5b76dedff1f6fd228705320fb01ce788f53b5931f447a260f06ea43db2cf874a5aba7ed540c16dbf9b37a44ed197522cca8b4fdc02d558a3c44417ff4c512f9469a5193240f9c266a4546ec247e1fbb2fca898650c160b2e2f41dff9137f4691f4dc5114f4d7ec75c727017a6e8cfa567f064daffd9bce73986903ce53e04b073cf054c3aaa557bf532fce37f87fe50886f3231a917feaf7901fc2f74955bafd592f6eb6b4e65fda5266db3e3b3398bdb38c3b0a4e82926f5218eecfce4f179900cc0df8afc5e3153c2839b21d0c116dff80146061b24217c9799ca52d6f631074154715977587ef3f2dbd5d8ad88000a033e2777c0ee9d5062119a118ad177e1b6f175fa680b705799f0b84fd4c1354eb441cb9410e802a0fcb351a2bc3beb84e043392bdb5f9225b43e9b922e8462819a20d22a7c126d82b3c04989ef56cdae47a5981956ffd993b904ee96ec3c958f9a6eae29da4c9e1617a564ca7b577b98ce7c6c184edaec042a26218e8d111be028fa3883002932f76e991aaad092f60b9d24255442b599feee901cb9dc360e070d976c9fdb3705e52bfe04c50579e2b88ed44243f5f3ede549e3a34e35000ce0a63b103f516bdf56bbde225333f3f8fc952f87486025695ccd1776a6be416b43cfcbb880969a9f995182d825c5017916e2c74d15edc23609ba1156e232193847996cff927a9c4aa0d6b1d882e999c7a3afc69de7fe7e1208217e7408106f5dede7008d488d7373ed4e49faa5c7a923fe60f2c3ef232d032f82bed59d5e05fde133ff5e9d135feae248f66f4aa119cb12c5279004c90703c580c6b53d354bfa667eca8802fac65f0352e83c9aeba3114dfc886dcd99ac740e6937a06698f4e7cf4e619cb09274e9f3ee6d024d8601b6c688164f449adc22e671b2863320f35e9fbf9ae553a9cdf2dd406d84e2cbd67da959a0bc7b3b01a24a2b172383e4c1a8ac42152404a4a8d6e2034874da429e1f59a5b78b5dbd19c751c6d2850a23d85ae9606f2e6005475fefec09fcb5aa6eb43a481c0662d6118fd195340160241689e849147164149c3c3706ea85eb3de1eeca3d85d74ef87741710d89958cbb7475ff66606b8610247434970e7a59fa89ff69adc68a8aa7bec63670ea6bcb66dd881c00a7f9de1344a99ac84c11ab938f0c3e36a458d6f69153dcbe1ece1cd2a224ce50ec9e51f2675765d61bd7400ead2db057f4c4f00e6a1df8f30b38105b21f1c68ec81c7eb59b4d71c1bbd95ca18378c812878d771024999e328a0030d2e98250e75a41cb57075fd6a6bb3b7689eda1a54458b43b528360abe22e04711f6166181807ca96c7d918b9f090e19fda60597629ae2d72de91ac000924d601eb5e7f4854dd3b8c86f01035eae07d559c19e3f70d86c371169e464d7f09c3d9ecb976c2d2b5bbe19adbf6bbd09afa07d906cf18bc8b5867570182851ba939baeb4ac195064ec429b9d7cefd5030ddc880b4700a2feea9cbab7a80414b0eb4389a65cdcf3566472024475817b8490f31cce0f46be34dbce6a1494d64ab1f2f44c4ccd7a6aa3537d2724132298e97a1b7b69a45d495eed39ccf057079e44b24e8af6c9b15b1e53c526482586b42edb1ffba7f2052b852b73facb9cacf30965937619e65abc77025a0d7fb07e294a1d4a14a9dfb4777785e0ad35acde09d5cf971c284542070cc5baf01b286b3941ec9f01531ae63a086d563433ce881f091f67993c12fa8d8c65fbfe7c8849b6d0b725d03a225075ea322d568a9d682e771149d48fbb8a392f3da6d3e087c86bb04ec8eaf6963cf628e30f7e33c2622d2f41edfc882b3112ee18ffc0f2ee486cd8f837c590ba4674c91ab8142802894d0d53a00a0da9dd17a5d4eaf120b696d4b48c35fa74fa016eb3bc91d32b419ee4cbaa9344856c93d8054b2d083dd81544f310a6d26b396152b82832f4ab4b23fb323245c2c2c99ac350074e4c0443907885fa41e71aed548dc3c6fe3112ab8c956aeb817dd439b20f9b131cb845653931c4142edc76edd9c4f20471b322ad7c50063bda7436e6c4c3415c951722bc0a3fc759c081fef35ab1435bd69191fab79bfcc2f251207f73d2bbd048aff90ada93dcaed98fd0b8a422f653d70e48066b6256d3c444685f20d619f6f7addc8807d3e23e89e8beaa0fdfb472e2cf09fb45eb5c0760bef15827bd72d25f8d1fbf517b2b493f83f22f8ddc05b546e8dbc2eedaaa3916fdad853f845881d327153b613754e2ad71983d2ab583dcf654d5959e9760e21af181d1172cba71d63f9296fe98846c1823a176f86c9d8bb0ad206629dfd88ebf6b8e7489c63efac3d0618b1026f90eba4119d37c89adecb205e418684153d973f843e7e0aaf235d932a6942711266df85f8d1ae7e6eb698d215d2baffb24c8606b99e1487d187f3b95c6454665da11b74418843013b08b29957e2a4a4ee205d4b74ba04e691508721ec718bee6670cce9a43259b08fe3fdb143c960dd4096024f3762b751b35506156beb62fb58fa0f86e242cd6a85c0aa42d4aaa81dd93794aa22df0a11c957f630df7753487c7eb08b3c9d782301ac906834b97de6a8a92d26ba6fcad1a3201b3b3611579bf91c01941200dfb29c685d86db48d69e858aeb73d2d226659e32ab0e6dcadf15ed629dd1197bec7401fb9f01a0204c41dea6258a04ed299d6759d4cb38b78c302d810445015c4f952e0f70eebe2fad82d8aa908b7faf6fb126e98ede2bc8aed1cdd99c3e8e24546a4678418f4743578e2bbb9a27dbc10f2fd320871bb097260a30bcbaacb950b43f0a55b63d6d0fa4078981fe47a0da347802afed73dd90ea2d03923ecefa4a03e0220034984ca53be19c1f88a92c3f535361c0ae8107975c7d1f8383cabe14ff0771fa71384043b0635e16a152f54e8f02804e121d6d944da492763fb49a578b1f4687c010508bf01315aca3c29233dba4e006378ff9e263bab196422b3244b1fa37e191ffbb9dc87d093561471a040d41520ce23b4e5cc514c16d28775e73cf22adcd5f9bae222895d5636e8ce69bf7c3a127f470fc9637fff5719f65acfdcaeaf8bcc7628866a437d4bef0df1d5455941d4b41e242744323d00282aa0f515ac7eef64edc3885b125e0ee88b45ca0971f1264dc3bb9b62de0d5ed3ed43f4b47d8078f2b5a21123423921cb3729402ec172eb693bc561f12149875250fe5d7a3cf57ced04cb56315006a9bd1c30d7954b2047f945e028f164d477ca4817bdbbdc20afa93c353c1970fc9a5893c69d39cd08e64b3cd9d94a90d047a8ae2db3850ca0b32e8690012393cc4f0c1b36e9e3d1c70cea9ad82db7a5784e19547f5ece36a87ddb87a595ac0a451b3e57a8ee996644f3ef6fcea1e98207719bb438ae86e9302fd4fb6e5f6799f4c56184a5668859979a4fd3f13026ba51386efaa2a5fbff96f3290292a7a7ddfa923975ad477cf6e0b13f7fe74df029e54d55302dffd07f2fc7bd11d2b1813c8adbc76557d36b7f9f99a04bca6179a9f887dbfa1304814981bb1657c5b06f80b86fa7743c269e8af31dc5a6311ae4261a49762b4cee3971b269fa551ec03a1eabe2900a4be5489cab8e5adfc156335e2d906da60e761e39b2b460fdca2591e4109e1a380428a0a91e39215435a79ccc7cc8452438c1d12a62644a220dd419b338f02c12bbd10b15379f9a6c6f9ea3f3dcf03bfbcfd727f5f1da467f552bdbc16770d8bc2874940452b355fbf12b6d7e027d47da48f8df0085fc076363f9b81f737186cb09219ebefe2141abd4b339b0c158b0ab2a2e288cb213ab44dca03158051b74981de05039f00a7c2890b8d342e75eb4ec99f8671064f9c13b39b3d5d0cd3b51c6e07ed3f59fedfb61f7af12dd436d633d4c94d5964c65836b2deceac6f03f60aa63d280cb6bf0f2262139305ee7c266024408d53e06bf83fe2cab6e51720957680092478b5666882e8c62f2671ed41d310f6191b78c006c1e581c68916d061bb36007e81f5000781c893cf39f32e48b6e3cb8a6212200eec37568f9c5ee47ff6e6457934415dba01f83fef5534a8b512a60360df092249455b290feaaad8a1c6cc35522484dfb2036985680b04921b8e069d450b4a3fbef9b281a9c5a186b111e6772c5e7e6c128e14cae9a98571c1fa48e9e2e3f621ca7d1acf847060fdd73f7951dffef89acae73729445b9962e6ff3e6ec1708b7db8221ce4cc3285e25b66ddb235ebc1454598fdd1345ed4258ef9a656768041564d969c16f490792b4e218a3d4ee7d208c49849b44973c0f5f2a03506fc217ce94f384cdc9072ae121481359b10fb5ef462f6b3c2cd5439ec7498567d101675303886ad01d9f8d42e64965146ad121512c4c268fd1b6612939003ec7f15179ca66584ddcf8cdac0eea68b784cb33a94ef7a72fde599f041f54633c5c9dd945be0030bedfce1d9145da95ad1fa8c2b97eecf465bbf5ff1c3b0b301ae2e19ee4fcaee8fa5c2a3aa14e5369bd191a8d6eedc5502542b4d719125d8f49d038ad384c20f336b55661c388833edb8589a365defc89077040fc13f64bc943debd03f1c9d01c03af5e55bd2a6eea88687ae079bc1dc7734d2bbac595a60fff56aa33d4a82bb7bd898532c95ec923f8bc041656255700be1d0b100a6053601c36cc51a080dbd12624ccacac4773e747e3b0a9c2223abd943da11bfe89a61dd20bb0c174afb071692f01fd927ef09e2a043bd691554e757009e2eae2fab61385f9f9f12d96e4877a036aa8b69089e3741148bcbd6abc8c79770d47a57e74ecacb05a094a58c2e5d3cb3cbb010d76cc73dea4292fbc463ebd21d2353c75531b950eb1604eb9eb0b5c7214875c2256cea022caf0eee574bb72275fc97d85c9c19665bf4bbf6fcc88c58e3c8ac56101cbe3a1738cb303fc407725bab9ac5ed9bdaf01838a358a63523ba86eeba9ae12b88ca9010551ecea16b45a200eaeeee35f546cb93f84759ba8ff9dd985d320b6b477721c821aa5c10cf46c241d99e56e7da296da338872cd38bda664012fe7e44b052a36bbeb4d3f5f53ba7a8642dab777de240ab951ada45c7bd100c97a143003e9055a6ce5c8f9405e8c74ef3ffb6e8b03917c3febf63ea836ef42fa8da7eccec76", "1b9d06912ceaa96b815ba9d33d3d3608b426e315a428e2838c6b688365dc01ff890883e21f0a08049c846fc2454d00b7c2334b10ecab16f7812beb8200fefd2b17b06018b3e3875b095328586917434bb554db2886af50bc857fe714661a9588aa706fc672f1d30aa29d44e28818ac94ac334ab2045434bff76e486dd57d44d09228ec90e21978b26a4ee2d9b6e37f601f0d5d472de94c15cf24890686eea181d59c5b0fbb464f29830b00094b01f44de4ba8f7c25acdf7a62d2449f33c4a400284fbd4a8fea287f76ba12829c22e3875cb6942fea21037a0b1c54fd0590484656f7527a9a79bc66f10143f6a83393f050180b6d9d3bf4e3e092f673707b7c2654306ecb5320f5d6ad107f8f583cc78f7fd8af69def6b56ee3c0d0280e47da582b600027efb5e7cb1ded49883f72f34bfa911e16d33fe330f4a5670f0502b6160baa8b4baf1b5a45a2e3644b219f10d69a5f28014f5d6ff164a88a6a6df5e31af77e1c73985a29a8a3d449b31a06ae3b14d9ceab7a3da1e4e10e6481cccbaaa7590f1f1ccf27a7fc1428289858eb82306e43ddb4b22b8f3bd7d638e50566f16eb76bc480bc298025716b3ef0617baa977e9d29b4f283f2a53aa0ca3a2183cd258ca8c102d7d047a468fdac34b86b68fca75d7377d17ea4c260a143dc12ac780156fe21d9d1eb0bf16940119bc898898fa011864b5732d7ef715c48bb1871553e4d61e7512fdf15923ac86c1fe113b3045227bb49319332f355f2c0d133c3fb7c6375ceeb10875ae31a5a3eb269badcf4337127bd38fb4c880f1e2bdadee6404fdb8e9607de2133e3e7dc55a026c901767af52dfa40dfc334c36fcfdaf9a8122b74a0f154ecf9c9f04c0d7cc7a7a3fd9741db93c09b7bddb6130b58ae901b05384398bbeeb582423e6950d0a9cfcd826ddba4200bc8e51f282700ab2897561799e1cf5c90973a86998e002fa1fd49b1a7c293944a2f0de606a45980a40bf7035408ed649ba5c68d94427f825353cd187959d75ac6560c8f3e13b06b81b2fd3cfa2494ee559149310f11437afac0920d970eb3454fc31e00db16f246988a6a195e2bfc204192a75b5bfa716693bc0dbe39f8ddde0dfe0e5a77647e689fe38514db5410724b345a13a9ae68755df4164b5732f7a4b80c140265ff6e574342b10033eb86ebc137f4623e8a5315d40e72d79167e6fb3442d2051375dd50c61ba3ef55a7e8c1811a35b6714443fe2716c03892042309cf4ba268acb11c368b0f82fc28f8410383768247fba45d9498218367ffc962af8e2d99b236e3d060d6ab86e38d1766f0d026222bc20b8b4ccdc8a72db1f909d0acee062bea41186a9c96e064a926df072da559b589daed0d9baaba32182ed798ded847ab6ea3a6004e1efd75718978f42aedfd08a4673b49c36d342daa3e0148a081218408e649298060b200c403d33402784344724754e3a813340297fb54b013c5844c96fbc4ac871789334be2badfb5de45b2c27411b3210b4b81bb39c78743c9d81d744af24588096c18a15553d176a317056ba6110a20dbcb41a14472d142f40ee4d39bd30e2e4663b024f34f382a14576540dce2fd31d9cfa8427d6232f3154d290b64051431eb113c9b07d20e1a56a6858206efcfa045ec7630991fff3b7fc30b561ad037727e62d2428e5f6a8db0607d99123971879facfc5d83456030b0ea56ef31da654575dbd3a152ea5ebda5b8f778f8bde012409478a584b99fa2a9830fc995339c9db6aff276b0e9c54e601a8514bf7450cf1ba06b5016aa84bc0f0c2530a51264e01985ce0e799b92e0da08ba120915eb26ca1259c258971d640f5f49e8ccc7f9ee9f16880a8560f056d953198f157e17ff5430038c223c8036c26d84c573df93661e4746a650271d198cfae82eb8c5ed051a160427559ba29495a3f31b5deca9948bf5296d9d65b463ea506ade440166ca3b059da802d15c36396ecfcabf4481e0b7eeabfd52f0ad664d29f6d873d962094836696f93ab8b1b2e580b84f15e321252461f62b684e13630e10195a92fa446e455f339298994ac5fb674f37763ff8d2b8f02a34645c77b66665b9b3230027c06ae6dd8c55bbaaa5f0d64a8952f49ef943cbc70e6873d1624f07fb32629cbbe201eafbbd96078f2e8135069e5204afb56ff2e83b7067aaade3bce31bcf1df2d884636c7184a4781e705f2fc2b74b282062ebb7fa15fc4c3bdc5e824d6d962a3a8d22eb6e11e3ec89e84c2bc3516cc36fdcaa18d0517666d34cb12eb01bca3009a4bf285a898c79e3a1103ce77e1464db71adb07fa899d1bd7d9163a704194bdc88d8d25c24e7879e836e665a3f0887e546e507f62e2863a7cec3143db72668d2c39aae4c4da33773f6a9d41cbb8616c7660d8bec264222f3234c4b195fb7e0ede93e764d488c7d64514b49c68b75deaaa947ae68961b4a804c5f651d57495d95cd3d180067839dcc89072c0a04762ed8d434a75aad3761150e48f6b9764cf8edc0b6c5690e6c3bcd9304799835e9c4920f3603d1b43ed295366ad63a356a7eaa8525cb2c818362a95352aff0b223755095ce888b27707ed39de7debba0c86f2167ed3403941026d46cd8e7e58737719539b49dfa0a76c9fe22499813185e6e8d6681ab83789d376795afbb8fe669dbd85695a6b203b79a2a7f5230de46307106010dc349e18eead7a21c1e202693033d350981285b2a552cd02c6fce3bbf0ddae58fb73bce21849a800b2a4236ed984d473dffa0ce2f3c07227995506b8be7c837a872d5965f8b7d32550219e3f8f0a03080085ca88ecb226b0f3f99ecf8299ef473d7cb8e598ee16d38fb69657554cc708d02371b3df8605bf68e6990351aa24f6b2dd2036eea56a5c6981c9ca7622d4fc6d23db721df39ddac5f0c928a4809f142d89c7aff04ddfc85925c6a2e3d279abf6a3f78f949d91f0d05c300e9e3d047634ade46d2166fa9e87131b03fb1b2ed2efbac87657275ec580b5a7233198370357233f199955b3338d7ea17c813ce704ebd2beb134b2b1488bb8aade942604bc3173b668bc60a799f24f8196e50e3f1c907e9463dbab72634698bc640dd80602077930c47a44d78fbffc13b0f1eda750e5008a23504c14bbecb361c76e73d0c6f88892d3812ed275f511374c0675965f8281b7f781d090e960c06332fc5797912dc2d44302d4e80d1597ea274dd70840c79f5e3f2014da47176a29fce4818671ec95fea52a1ef1a300339ffb70c70afcb57541436521d92e0eff7c48d854b5bc6042aba348630751772ea827134e1519fbb6eb7b57f512d6192f995c7b40a64b2cfc1c306c5c2d04b171a492fb2c804eebdf815b7f714b8a091f77ea92d8269b297fa08b323057a55f0413446d518c984072662d42edbb609730d449662a8f44b6b4eaf5dcc9e7db4897dae1349d82ec45e3eabe55f63e2585ac5b0888fb8c135ccabf96d0227800e19e0b337e61744fe2a8219d635d687111f082f998c856c2081c8a5e99caa61073eb1aff84f4dd2b3219c30c752824f583d9743e5d668673932199a5a4fbf152cb622a9366d0a82fa3b3747a95cfd6af09f952da04fb2f04b483827788c9158cec3bd80281b8f5666bf878f2659d458af906ec5d78f341912a0fdb3afa38472950ac3e0c52dc5cb6422bca97556e13fa4a15fd2bc003965396b39c836a6ec8a18daf86efa94348776f9db0fbb7721c96ea4b74f53c1f23332c0c157000e9cdb40cd2e9ee0d67d494bf04f1be7ecf0b1c95282db7c50c66b9220722577a22b515855ed3b81ce0d585e8ae447f936ebab73878a5791e3814b7992a510b245095c638a0b05723b7ce7bce244017bd2ee8f9b589c23cccb664cb7222c1bbf31690f5efb36c033680cd4195c7cebe104b1232c81dcaae2589b10e9ee9827f6c1dc216450470594c9d8217f127847551165f38ea87c7386c6dd3b0a9d478efbe6d5f95ab1ca944c8ac4c15043ea6d2c49c8502404d034776517fedeefeccf92037123b9c3053f2d30e52c413e1065c0a8b21a7eab3de3b63e96d8a79166ecd6c3d7b2891353c4a02c9435df3f5f2bd9844b5e00bb6ac6b712fb5350d6d42db1aa9151cca8946e5bc471cd8a86e507a92da18dbb3881ac242c32335d66aa73a218621824a3e504006da26616f0d837a4c8cf9cf441fba4ff8c22b028204deb0dbc0726b29dd0aa1a59f8600961b85d07d6fdb9ee5b08b422f4a53f7fb6fb0734814d347fec9cd2f8e584ea43ed94f03a8ae772726c4fcd32ec5c583f67fbdab87f8275ac9a3fffe4ca875f6f289a7d876ab4347c3a00cf955d9b0dfe1b1bd5597c91740d6f5bb4599e0bcb558ca71db4c26de70862d16420c1e6f55318f9d409d6badf9ee5a4c873c537cb107b10a4222452d9515106eb1585981e6e5ad87ab58fcdded0a1447450b0c18113eee90049c43ed8522e40f414632cdf7e0756d7b86aed0a11ce4b82d246696202e855fa8785f340e23b6e7bfd8fed846e883a84bb2d9036888f1956d9e9f796560a002fca834806c97486911439c2ebd150c90ede9152e867fcb0e6392403a9a9f32009623f8575cb69ed246c1c8d2b30cab8b85b94a24e771ce9e98a903de12fced2d2e43533169702b81923cf41170ac6130ca255ec4fd85fa7c18b4034bad323afe501941b060d36f1c1d36605f0f204395cc290b717ce873f730b023557e0421c87a8480c2cdca983287fcfeab2fd7198564f2dc1ccd23f2314cc3d960041c004dad8baf9d7516b8097211ed611b9a89317760e45b739a8569bb4fdb71730e6922d8c2b735c774d14db3b2debcc2e6b6dd4f71fbd998a1cc29d7ee9347d236874831180cb011ef1f2c2f7ea353841ffb7f80e08b9bd03f77a8bacd2bc2ec28efe0b3d6d481ee1c662cf9560c2af37ccf6e6e3a245c12a1d3936bda87f921b207c929319ff53a3c2b367f9248764808e10d1a3f381422e6fd838f8edda17a215d261d5fd226d7708c91e15bcd38b47da4274eb464d57ca7c06c876d6356817e2fdb7d561e2d081c3f4974dbe005cdb111ebda118cadd93ddd10c2bdbd60f52aa513123c04a9572d73b6277b041b51edb495118f58c8c19797c8c1df4ba2ea09271d2d136904439220c65f12885d5684d9abd5a5b20a671916b7561a87e453a44261a822a42c1e13a77ebf95ffbb5224cbbebaa2d9f80bbd2f16e6936f94158c57922975506c5fc5b80e35f55de87961d3c8e59cc5059f6b3ba76882fb555a362a3da1c50e20b0e0ae2801144f12a899af9a38b0b3c18b0363ac38056f1e68e10dd30ab127a97ff7b115da9ea87fda961f8350d70241121ef5585ae52968a4cd67898579734737d9cdbc5c8e67238afec9a8d9f7633baec805f92f80d53399557fa0d08235d16dc411d1af249b206b8e0f1dc59285a5acd42ba3dcb5167ba500b1a70fd368e863771024d18b8f716da1b62bcc5d60ec1b25cb0c602a5a16183e1be3d864c0c138ec182a04b6f1bb4f4b3af1438cd8678a3d0e397a635d358f91832ac5175512ddd63534eeb67a9705963a0e8ab3942014920bd82fe2eb7ebf74ed46433a65a7c2a4f0b713e43f9f6c2f12bc8406911d9051f604d20f56620579ae8153953a3b1c5775aeb856e417f0e467a19d852181bb364a6977dd85c22011bc885cefe57b365c50175e17c232041fbf5c45068abf4b4b2089036de57ab562df519b5c881330314b24d7fd39ad889f4de86a10154486ae8188898751534c79de7d7ead78515715f5fe503caac9b068c3eddbf4df477341577cac371ebcd37358"}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0xfffff000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 0 (id=1715): openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000002100)='/proc/bus/input/devices\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.25' (ED25519) to the list of known hosts. [ 86.554552][ T5757] cgroup: Unknown subsys name 'net' [ 86.719823][ T5757] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 88.492891][ T5757] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.295279][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.305765][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.316079][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.325746][ T5782] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.325962][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.340840][ T5782] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.346248][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.356968][ T5784] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.371747][ T5784] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.381104][ T5784] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 90.389603][ T5784] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.399351][ T5784] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.408816][ T5784] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 90.417939][ T5784] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.439553][ T5782] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.448576][ T5084] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.449440][ T5782] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.471137][ T5782] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.481231][ T5084] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.489265][ T5084] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.497623][ T5084] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 90.506264][ T5776] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.514654][ T5776] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 90.523310][ T5777] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.017365][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 91.105598][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 91.158898][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 91.307546][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.315581][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.324155][ T5772] bridge_slave_0: entered allmulticast mode [ 91.331629][ T5772] bridge_slave_0: entered promiscuous mode [ 91.342443][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.349731][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.357318][ T5772] bridge_slave_1: entered allmulticast mode [ 91.364890][ T5772] bridge_slave_1: entered promiscuous mode [ 91.379449][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 91.405409][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.413237][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.421814][ T5769] bridge_slave_0: entered allmulticast mode [ 91.429894][ T5769] bridge_slave_0: entered promiscuous mode [ 91.478091][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.487753][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.495818][ T5769] bridge_slave_1: entered allmulticast mode [ 91.503268][ T5769] bridge_slave_1: entered promiscuous mode [ 91.544526][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.558058][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.568328][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.576366][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.583888][ T5771] bridge_slave_0: entered allmulticast mode [ 91.591838][ T5771] bridge_slave_0: entered promiscuous mode [ 91.614537][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.646624][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.655606][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.664324][ T5771] bridge_slave_1: entered allmulticast mode [ 91.672928][ T5771] bridge_slave_1: entered promiscuous mode [ 91.694078][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.762278][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.781011][ T5772] team0: Port device team_slave_0 added [ 91.793313][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.806246][ T5769] team0: Port device team_slave_0 added [ 91.816553][ T5769] team0: Port device team_slave_1 added [ 91.824274][ T5772] team0: Port device team_slave_1 added [ 91.927039][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.934329][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.961734][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.975742][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.983086][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.010083][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.032288][ T5771] team0: Port device team_slave_0 added [ 92.038839][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.050291][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.058177][ T5770] bridge_slave_0: entered allmulticast mode [ 92.066862][ T5770] bridge_slave_0: entered promiscuous mode [ 92.076251][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.084030][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.110810][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.124338][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.131751][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.158697][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.190577][ T5771] team0: Port device team_slave_1 added [ 92.207779][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.221737][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.229185][ T5770] bridge_slave_1: entered allmulticast mode [ 92.239410][ T5770] bridge_slave_1: entered promiscuous mode [ 92.301752][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.320980][ T5769] hsr_slave_0: entered promiscuous mode [ 92.327576][ T5769] hsr_slave_1: entered promiscuous mode [ 92.336874][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.345805][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.372996][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.398503][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.422043][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.429531][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.457551][ T5780] Bluetooth: hci0: command tx timeout [ 92.465362][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.525776][ T5772] hsr_slave_0: entered promiscuous mode [ 92.532957][ T5772] hsr_slave_1: entered promiscuous mode [ 92.539465][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.547615][ T5780] Bluetooth: hci2: command tx timeout [ 92.556853][ T5772] Cannot create hsr debugfs directory [ 92.574028][ T5770] team0: Port device team_slave_0 added [ 92.610206][ T5777] Bluetooth: hci1: command tx timeout [ 92.616104][ T5780] Bluetooth: hci3: command tx timeout [ 92.624059][ T5770] team0: Port device team_slave_1 added [ 92.717040][ T5771] hsr_slave_0: entered promiscuous mode [ 92.724239][ T5771] hsr_slave_1: entered promiscuous mode [ 92.737275][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.746096][ T5771] Cannot create hsr debugfs directory [ 92.811808][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.819152][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.864107][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.878812][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.889358][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.922875][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.226084][ T5770] hsr_slave_0: entered promiscuous mode [ 93.235066][ T5770] hsr_slave_1: entered promiscuous mode [ 93.245260][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.265399][ T5770] Cannot create hsr debugfs directory [ 93.550330][ T5772] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.575749][ T5772] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.588850][ T5772] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.603677][ T5772] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.675090][ T5771] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.695860][ T5771] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.707281][ T5771] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.718912][ T5771] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.840861][ T5769] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.857007][ T5769] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.895947][ T5769] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.929006][ T5769] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.987493][ T5770] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.022167][ T5770] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.034130][ T5770] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.046066][ T5770] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.084338][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.097702][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.137833][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.178939][ T2908] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.186610][ T2908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.215221][ T2928] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.222761][ T2928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.244229][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.324086][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.331623][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.353014][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.360288][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.435477][ T5771] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.518787][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.539302][ T5780] Bluetooth: hci0: command tx timeout [ 94.548790][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.610359][ T5780] Bluetooth: hci2: command tx timeout [ 94.628727][ T5772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.675462][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.691192][ T5780] Bluetooth: hci3: command tx timeout [ 94.697148][ T5780] Bluetooth: hci1: command tx timeout [ 94.699118][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.724713][ T2945] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.732140][ T2945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.744321][ T2945] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.752733][ T2945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.764029][ T2945] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.771503][ T2945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.857135][ T2908] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.864776][ T2908] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.049397][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.232909][ T5771] veth0_vlan: entered promiscuous mode [ 95.252381][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.267306][ T5771] veth1_vlan: entered promiscuous mode [ 95.393155][ T5771] veth0_macvtap: entered promiscuous mode [ 95.444840][ T5771] veth1_macvtap: entered promiscuous mode [ 95.505855][ T5772] veth0_vlan: entered promiscuous mode [ 95.534261][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.567787][ T5772] veth1_vlan: entered promiscuous mode [ 95.596218][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.649088][ T5771] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.659697][ T5771] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.669326][ T5771] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.678546][ T5771] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.698271][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.713756][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.756058][ T5772] veth0_macvtap: entered promiscuous mode [ 95.874909][ T5772] veth1_macvtap: entered promiscuous mode [ 95.918982][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.937309][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.949555][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.961549][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.976853][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.995261][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.006729][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.018801][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.039643][ T5770] veth0_vlan: entered promiscuous mode [ 96.092956][ T5772] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.106567][ T5772] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.116742][ T5772] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.126458][ T5772] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.158437][ T5770] veth1_vlan: entered promiscuous mode [ 96.184341][ T5769] veth0_vlan: entered promiscuous mode [ 96.213953][ T2928] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.223751][ T2928] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.324934][ T5769] veth1_vlan: entered promiscuous mode [ 96.370374][ T1002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.386835][ T5770] veth0_macvtap: entered promiscuous mode [ 96.403468][ T1002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.455561][ T5770] veth1_macvtap: entered promiscuous mode [ 96.502033][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.526818][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.596330][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.610239][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.610671][ T5777] Bluetooth: hci0: command tx timeout [ 96.622968][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.643741][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.672879][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.691306][ T5777] Bluetooth: hci2: command tx timeout [ 96.697027][ T5769] veth0_macvtap: entered promiscuous mode [ 96.744448][ T5769] veth1_macvtap: entered promiscuous mode [ 96.776299][ T5777] Bluetooth: hci1: command tx timeout [ 96.788329][ T5780] Bluetooth: hci3: command tx timeout [ 96.960318][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.203109][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.292826][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.424264][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.438970][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.457714][ T5770] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.474357][ T5770] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.487217][ T5770] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.511062][ T5770] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.530651][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.701438][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.712869][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.724930][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.739140][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.754452][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.765932][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.784844][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.797591][ T5847] syz.1.5[5847]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 97.810268][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 97.816844][ T5847] loop1: detected capacity change from 0 to 256 [ 97.869146][ T787] cfg80211: failed to load regulatory.db [ 98.485254][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.508662][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.519613][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.534032][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.545523][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.556964][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.571275][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.649537][ T5769] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.691536][ T5780] Bluetooth: hci0: command tx timeout [ 98.700964][ T5769] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.718441][ T5769] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.770398][ T5780] Bluetooth: hci2: command tx timeout [ 98.779380][ T5769] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.852673][ T5780] Bluetooth: hci3: command tx timeout [ 98.858984][ T5780] Bluetooth: hci1: command tx timeout [ 99.129664][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.153414][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.217760][ T5858] random: crng reseeded on system resumption [ 100.210930][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 100.845233][ T2945] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.871251][ T2945] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.983777][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.005278][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.079793][ T2987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.125578][ T2987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.113628][ T5867] syz.1.10 (5867) used greatest stack depth: 16720 bytes left [ 103.750033][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 103.770384][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.780459][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.824273][ T5884] loop1: detected capacity change from 0 to 256 [ 103.852020][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 103.853870][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 103.862359][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 104.210025][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 105.783644][ T5869] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 106.240116][ T5869] usb 2-1: Using ep0 maxpacket: 32 [ 106.981155][ T5869] usb 2-1: unable to get BOS descriptor or descriptor too short [ 107.111892][ T5906] process 'syz.0.20' launched './file0' with NULL argv: empty string added [ 107.141566][ T5869] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 186, changing to 7 [ 107.401873][ T5869] usb 2-1: New USB device found, idVendor=0582, idProduct=0145, bcdDevice= 0.40 [ 107.441515][ T5869] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.484529][ T5869] usb 2-1: Product: syz [ 107.488898][ T5869] usb 2-1: Manufacturer: syz [ 107.611605][ T5869] usb 2-1: SerialNumber: syz [ 108.239305][ T5869] usb 2-1: unit 255 not found! [ 108.779017][ T5869] usb 2-1: USB disconnect, device number 2 [ 109.294797][ T5786] udevd[5786]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 112.821152][ T5816] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 112.905511][ T5959] Zero length message leads to an empty skb [ 113.385988][ T5836] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 113.672229][ T5836] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 113.689466][ T5816] usb 4-1: unable to get BOS descriptor or descriptor too short [ 113.708579][ T5836] usb 2-1: config 0 has no interface number 0 [ 113.755582][ T5816] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 113.842153][ T5836] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 113.897565][ T5816] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 113.943222][ T5836] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.953795][ T5816] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 113.999738][ T5836] usb 2-1: Product: syz [ 114.005924][ T5836] usb 2-1: Manufacturer: syz [ 114.016074][ T5816] usb 4-1: New USB device found, idVendor=041e, idProduct=3020, bcdDevice= 0.40 [ 114.034596][ T5836] usb 2-1: SerialNumber: syz [ 114.041161][ T5816] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.049911][ T5816] usb 4-1: Product: syz [ 114.060165][ T5816] usb 4-1: Manufacturer: syz [ 114.067814][ T5836] usb 2-1: config 0 descriptor?? [ 114.074399][ T5816] usb 4-1: SerialNumber: syz [ 114.282242][ T5967] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12) [ 114.289605][ T5967] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 114.336490][ T5967] vhci_hcd vhci_hcd.0: Device attached [ 115.182085][ T5968] vhci_hcd: connection closed [ 115.331250][ T787] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 115.492688][ T3532] vhci_hcd: stop threads [ 115.687266][ T3532] vhci_hcd: release socket [ 115.774762][ T3532] vhci_hcd: disconnect device [ 115.794603][ T5836] usb 2-1: can't set config #0, error -71 [ 115.850466][ T5836] usb 2-1: USB disconnect, device number 3 [ 115.856820][ T5816] usb 4-1: can't set config #1, error -71 [ 115.890422][ T5816] usb 4-1: USB disconnect, device number 2 [ 116.330555][ T5814] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 116.430235][ T5836] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 116.640328][ T5814] usb 3-1: Using ep0 maxpacket: 8 [ 116.690554][ T5836] usb 2-1: Using ep0 maxpacket: 32 [ 116.782793][ T5814] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 117.092843][ T5814] usb 3-1: config 0 has no interface number 0 [ 117.118107][ T5836] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.133005][ T5814] usb 3-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 117.147273][ T5836] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.170418][ T5814] usb 3-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 117.187990][ T5836] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 117.205066][ T5814] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 117.227661][ T5836] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 117.247088][ T5814] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 117.274590][ T5836] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.285780][ T5814] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.303241][ T5836] usb 2-1: config 0 descriptor?? [ 117.317335][ T5814] usb 3-1: config 0 descriptor?? [ 117.414476][ T5814] ldusb 3-1:0.55: Interrupt in endpoint not found [ 119.176171][ T9] usb 3-1: USB disconnect, device number 2 [ 119.278557][ T5836] usbhid 2-1:0.0: can't add hid device: -71 [ 119.304201][ T5836] usbhid: probe of 2-1:0.0 failed with error -71 [ 119.393421][ T5836] usb 2-1: USB disconnect, device number 4 [ 119.539775][ T5992] loop1: detected capacity change from 0 to 512 [ 119.573251][ T5992] EXT4-fs: Ignoring removed nomblk_io_submit option [ 119.590729][ T5992] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 120.502091][ T5995] Bluetooth: MGMT ver 1.22 [ 120.657258][ T5992] EXT4-fs (loop1): 1 truncate cleaned up [ 120.683167][ T5992] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.558172][ T787] vhci_hcd: vhci_device speed not set [ 121.712055][ T6005] netlink: 8 bytes leftover after parsing attributes in process `syz.3.49'. [ 121.914020][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.993192][ T6014] loop3: detected capacity change from 0 to 64 [ 122.016051][ T6002] loop2: detected capacity change from 0 to 2048 [ 122.025340][ T6002] EXT4-fs: Ignoring removed mblk_io_submit option [ 122.137110][ T6002] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.188620][ T6020] vlan2: entered promiscuous mode [ 122.199155][ T6020] vlan2: entered allmulticast mode [ 122.205401][ T6020] hsr_slave_1: entered allmulticast mode [ 122.253498][ T6020] netlink: 4 bytes leftover after parsing attributes in process `syz.0.54'. [ 122.264794][ T6002] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.612300][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.771078][ T5770] Trying to free block not in datazone [ 122.830478][ T5770] Trying to free block not in datazone [ 125.853583][ T6044] loop3: detected capacity change from 0 to 128 [ 126.113354][ T6044] ext4: Unknown parameter 'hash' [ 126.204993][ T6046] Cannot find add_set index 0 as target [ 130.275659][ T6072] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 133.528998][ T787] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 133.739390][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.754921][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.353234][ T787] usb 1-1: unable to get BOS descriptor or descriptor too short [ 134.442360][ T787] usb 1-1: not running at top speed; connect to a high speed hub [ 134.479687][ T787] usb 1-1: config 5 has 1 interface, different from the descriptor's value: 2 [ 134.490062][ T787] usb 1-1: config 5 interface 0 has no altsetting 1 [ 134.510332][ T787] usb 1-1: New USB device found, idVendor=0582, idProduct=0074, bcdDevice=2a.70 [ 134.521271][ T787] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.538392][ T787] usb 1-1: Product: syz [ 134.552964][ T787] usb 1-1: Manufacturer: syz [ 134.558268][ T787] usb 1-1: SerialNumber: syz [ 134.562664][ T6105] loop1: detected capacity change from 0 to 1024 [ 134.633777][ T6105] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.713275][ T787] usb 1-1: USB disconnect, device number 2 [ 135.820016][ T5786] udevd[5786]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:5.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 141.856065][ T5777] Bluetooth: hci2: unexpected Set CIG Parameters response data [ 143.990975][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.368114][ T6173] tty tty2: ldisc open failed (-12), clearing slot 1 [ 147.482071][ T6186] loop2: detected capacity change from 0 to 16 [ 148.560271][ T6186] erofs: (device loop2): mounted with root inode @ nid 36. [ 150.734070][ T6209] netlink: 4 bytes leftover after parsing attributes in process `syz.0.103'. [ 151.136723][ T6219] loop2: detected capacity change from 0 to 256 [ 151.513852][ T6220] warning: `syz.2.106' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 163.815630][ T5777] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 163.832688][ T5777] CPU: 0 PID: 5777 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 163.840437][ T5777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 163.851404][ T5777] Workqueue: hci3 hci_rx_work [ 163.856299][ T5777] Call Trace: [ 163.860224][ T5777] [ 163.863521][ T5777] dump_stack_lvl+0x18c/0x250 [ 163.868381][ T5777] ? show_regs_print_info+0x20/0x20 [ 163.873897][ T5777] ? load_image+0x400/0x400 [ 163.878855][ T5777] sysfs_create_dir_ns+0x26e/0x2a0 [ 163.884663][ T5777] ? sysfs_warn_dup+0xa0/0xa0 [ 163.889417][ T5777] ? do_raw_spin_unlock+0x121/0x230 [ 163.894983][ T5777] kobject_add_internal+0x61c/0xcc0 [ 163.900869][ T5777] kobject_add+0x164/0x240 [ 163.905915][ T5777] ? __rwlock_init+0x150/0x150 [ 163.911177][ T5777] ? kobject_init+0x1e0/0x1e0 [ 163.917189][ T5777] ? _raw_spin_unlock+0x28/0x40 [ 163.923263][ T5777] ? get_device_parent+0x366/0x390 [ 163.929002][ T5777] device_add+0x408/0xc20 [ 163.934443][ T5777] hci_conn_add_sysfs+0xd5/0x1e0 [ 163.940195][ T5777] le_conn_complete_evt+0xf5d/0x1540 [ 163.945964][ T5777] ? hci_event_packet+0x4cb/0x1270 [ 163.952051][ T5777] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 163.958646][ T5777] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 163.964778][ T5777] ? skb_pull_data+0xfb/0x200 [ 163.969615][ T5777] hci_le_conn_complete_evt+0x187/0x440 [ 163.975531][ T5777] ? hci_remote_host_features_evt+0x150/0x150 [ 163.982036][ T5777] hci_event_packet+0x7ba/0x1270 [ 163.987164][ T5777] ? bis_list+0x290/0x290 [ 163.991834][ T5777] ? lockdep_hardirqs_on+0x98/0x150 [ 163.998605][ T5777] ? hci_send_to_monitor+0xd7/0x4f0 [ 164.004412][ T5777] hci_rx_work+0x43a/0xd60 [ 164.009173][ T5777] ? process_scheduled_works+0x96f/0x15d0 [ 164.015045][ T5777] process_scheduled_works+0xa5d/0x15d0 [ 164.021059][ T5777] ? worker_attach_to_pool+0x380/0x380 [ 164.027065][ T5777] ? assign_work+0x3d2/0x5d0 [ 164.031824][ T5777] worker_thread+0xa55/0xfc0 [ 164.036900][ T5777] kthread+0x2fa/0x390 [ 164.041233][ T5777] ? pr_cont_work+0x560/0x560 [ 164.046079][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 164.050840][ T5777] ret_from_fork+0x48/0x80 [ 164.055418][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 164.060180][ T5777] ret_from_fork_asm+0x11/0x20 [ 164.065126][ T5777] [ 164.136606][ T5777] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 164.158922][ T5777] Bluetooth: hci3: failed to register connection device [ 171.491077][ T5780] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 171.502239][ T5780] CPU: 1 PID: 5780 Comm: kworker/u5:4 Not tainted syzkaller #0 [ 171.509964][ T5780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 171.520476][ T5780] Workqueue: hci1 hci_rx_work [ 171.525238][ T5780] Call Trace: [ 171.528739][ T5780] [ 171.531840][ T5780] dump_stack_lvl+0x18c/0x250 [ 171.537054][ T5780] ? show_regs_print_info+0x20/0x20 [ 171.542421][ T5780] ? load_image+0x400/0x400 [ 171.547266][ T5780] sysfs_create_dir_ns+0x26e/0x2a0 [ 171.553051][ T5780] ? sysfs_warn_dup+0xa0/0xa0 [ 171.557871][ T5780] ? do_raw_spin_unlock+0x121/0x230 [ 171.563158][ T5780] kobject_add_internal+0x61c/0xcc0 [ 171.568566][ T5780] kobject_add+0x164/0x240 [ 171.573157][ T5780] ? __rwlock_init+0x150/0x150 [ 171.578179][ T5780] ? kobject_init+0x1e0/0x1e0 [ 171.582939][ T5780] ? _raw_spin_unlock+0x28/0x40 [ 171.588065][ T5780] ? get_device_parent+0x366/0x390 [ 171.593340][ T5780] device_add+0x408/0xc20 [ 171.597834][ T5780] hci_conn_add_sysfs+0xd5/0x1e0 [ 171.603274][ T5780] le_conn_complete_evt+0xf5d/0x1540 [ 171.608919][ T5780] ? hci_event_packet+0x4cb/0x1270 [ 171.614217][ T5780] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 171.620927][ T5780] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 171.626754][ T5780] ? skb_pull_data+0xfb/0x200 [ 171.631520][ T5780] hci_le_conn_complete_evt+0x187/0x440 [ 171.637528][ T5780] ? hci_remote_host_features_evt+0x150/0x150 [ 171.643769][ T5780] hci_event_packet+0x7ba/0x1270 [ 171.649115][ T5780] ? bis_list+0x290/0x290 [ 171.654237][ T5780] ? kcov_remote_start+0x2b/0x7e0 [ 171.659423][ T5780] ? hci_send_to_monitor+0xd7/0x4f0 [ 171.665221][ T5780] hci_rx_work+0x43a/0xd60 [ 171.670044][ T5780] ? process_scheduled_works+0x96f/0x15d0 [ 171.676499][ T5780] process_scheduled_works+0xa5d/0x15d0 [ 171.682910][ T5780] ? worker_attach_to_pool+0x380/0x380 [ 171.689606][ T5780] ? assign_work+0x3d2/0x5d0 [ 171.695313][ T5780] worker_thread+0xa55/0xfc0 [ 171.700248][ T5780] kthread+0x2fa/0x390 [ 171.705280][ T5780] ? pr_cont_work+0x560/0x560 [ 171.710750][ T5780] ? kthread_blkcg+0xd0/0xd0 [ 171.715488][ T5780] ret_from_fork+0x48/0x80 [ 171.720149][ T5780] ? kthread_blkcg+0xd0/0xd0 [ 171.724930][ T5780] ret_from_fork_asm+0x11/0x20 [ 171.729787][ T5780] [ 172.137641][ T5780] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 172.155828][ T5780] Bluetooth: hci1: failed to register connection device [ 184.670316][ T6478] vxcan1: tx drop: invalid sa for name 0x0000000000000002 [ 186.473666][ T6494] netlink: 4 bytes leftover after parsing attributes in process `syz.0.187'. [ 188.708282][ T6509] sctp: [Deprecated]: syz.2.185 (pid 6509) Use of struct sctp_assoc_value in delayed_ack socket option. [ 188.708282][ T6509] Use struct sctp_sack_info instead [ 191.820916][ T6537] netlink: 4 bytes leftover after parsing attributes in process `syz.0.199'. [ 193.137530][ T6556] netlink: 96 bytes leftover after parsing attributes in process `syz.1.204'. [ 195.096166][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.103766][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.787100][ T6593] vlan2: entered promiscuous mode [ 197.809577][ T6593] vlan2: entered allmulticast mode [ 197.824010][ T6593] hsr_slave_1: entered allmulticast mode [ 197.861205][ T6593] netlink: 4 bytes leftover after parsing attributes in process `syz.1.214'. [ 200.731009][ T6616] sched: RT throttling activated [ 205.368049][ T5780] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 205.378763][ T5780] CPU: 0 PID: 5780 Comm: kworker/u5:4 Not tainted syzkaller #0 [ 205.386837][ T5780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 205.397406][ T5780] Workqueue: hci2 hci_rx_work [ 205.402604][ T5780] Call Trace: [ 205.405996][ T5780] [ 205.408979][ T5780] dump_stack_lvl+0x18c/0x250 [ 205.414168][ T5780] ? show_regs_print_info+0x20/0x20 [ 205.419644][ T5780] ? load_image+0x400/0x400 [ 205.424855][ T5780] sysfs_create_dir_ns+0x26e/0x2a0 [ 205.430223][ T5780] ? sysfs_warn_dup+0xa0/0xa0 [ 205.435233][ T5780] ? do_raw_spin_unlock+0x121/0x230 [ 205.440680][ T5780] kobject_add_internal+0x61c/0xcc0 [ 205.446154][ T5780] kobject_add+0x164/0x240 [ 205.450922][ T5780] ? kobject_init+0x1e0/0x1e0 [ 205.455678][ T5780] ? _raw_spin_unlock+0x3a/0x40 [ 205.460861][ T5780] ? get_device_parent+0x366/0x390 [ 205.466293][ T5780] device_add+0x408/0xc20 [ 205.470914][ T5780] hci_conn_add_sysfs+0xd5/0x1e0 [ 205.476100][ T5780] le_conn_complete_evt+0xf5d/0x1540 [ 205.481824][ T5780] ? hci_event_packet+0x4cb/0x1270 [ 205.487285][ T5780] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 205.493957][ T5780] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 205.500225][ T5780] ? skb_pull_data+0xfb/0x200 [ 205.505061][ T5780] hci_le_conn_complete_evt+0x187/0x440 [ 205.510876][ T5780] ? hci_remote_host_features_evt+0x150/0x150 [ 205.517366][ T5780] hci_event_packet+0x7ba/0x1270 [ 205.522708][ T5780] ? bis_list+0x290/0x290 [ 205.527297][ T5780] ? kcov_remote_start+0x2b/0x7e0 [ 205.532582][ T5780] ? hci_send_to_monitor+0xd7/0x4f0 [ 205.538135][ T5780] hci_rx_work+0x43a/0xd60 [ 205.543020][ T5780] ? process_scheduled_works+0x96f/0x15d0 [ 205.549170][ T5780] process_scheduled_works+0xa5d/0x15d0 [ 205.555179][ T5780] ? worker_attach_to_pool+0x380/0x380 [ 205.560913][ T5780] ? assign_work+0x3d2/0x5d0 [ 205.565781][ T5780] worker_thread+0xa55/0xfc0 [ 205.570656][ T5780] kthread+0x2fa/0x390 [ 205.574887][ T5780] ? pr_cont_work+0x560/0x560 [ 205.579695][ T5780] ? kthread_blkcg+0xd0/0xd0 [ 205.584539][ T5780] ret_from_fork+0x48/0x80 [ 205.589393][ T5780] ? kthread_blkcg+0xd0/0xd0 [ 205.594348][ T5780] ret_from_fork_asm+0x11/0x20 [ 205.599667][ T5780] [ 205.620368][ T5780] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 205.641501][ T5780] Bluetooth: hci2: failed to register connection device [ 205.708363][ T5812] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 208.778014][ T6667] netlink: 4 bytes leftover after parsing attributes in process `syz.1.234'. [ 212.532519][ T5084] Bluetooth: hci0: command 0x0406 tx timeout [ 214.533638][ T5777] Bluetooth: hci2: command 0x0406 tx timeout [ 216.931930][ T6727] netlink: 4 bytes leftover after parsing attributes in process `syz.1.249'. [ 217.656810][ T5776] Bluetooth: hci2: command 0x0406 tx timeout [ 217.656846][ T5084] Bluetooth: hci1: command 0x0406 tx timeout [ 218.840683][ T5777] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 224.738294][ T6789] sctp: [Deprecated]: syz.3.262 (pid 6789) Use of struct sctp_assoc_value in delayed_ack socket option. [ 224.738294][ T6789] Use struct sctp_sack_info instead [ 226.028241][ T5777] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 226.045357][ T5777] CPU: 0 PID: 5777 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 226.055318][ T5777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 226.066901][ T5777] Workqueue: hci0 hci_rx_work [ 226.072468][ T5777] Call Trace: [ 226.076397][ T5777] [ 226.080688][ T5777] dump_stack_lvl+0x18c/0x250 [ 226.086850][ T5777] ? show_regs_print_info+0x20/0x20 [ 226.092503][ T5777] ? load_image+0x400/0x400 [ 226.100144][ T5777] sysfs_create_dir_ns+0x26e/0x2a0 [ 226.106916][ T5777] ? sysfs_warn_dup+0xa0/0xa0 [ 226.112682][ T5777] ? do_raw_spin_unlock+0x121/0x230 [ 226.118870][ T5777] kobject_add_internal+0x61c/0xcc0 [ 226.125212][ T5777] kobject_add+0x164/0x240 [ 226.131612][ T5777] ? __rwlock_init+0x150/0x150 [ 226.138709][ T5777] ? kobject_init+0x1e0/0x1e0 [ 226.145460][ T5777] ? _raw_spin_unlock+0x28/0x40 [ 226.152045][ T5777] ? get_device_parent+0x366/0x390 [ 226.159398][ T5777] device_add+0x408/0xc20 [ 226.164674][ T5777] hci_conn_add_sysfs+0xd5/0x1e0 [ 226.172459][ T5777] le_conn_complete_evt+0xf5d/0x1540 [ 226.180378][ T5777] ? hci_event_packet+0x4cb/0x1270 [ 226.187174][ T5777] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 226.194341][ T5777] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 226.200601][ T5777] ? skb_pull_data+0xfb/0x200 [ 226.206590][ T5777] hci_le_conn_complete_evt+0x187/0x440 [ 226.214172][ T5777] ? hci_remote_host_features_evt+0x150/0x150 [ 226.222577][ T5777] hci_event_packet+0x7ba/0x1270 [ 226.228396][ T5777] ? bis_list+0x290/0x290 [ 226.233774][ T5777] ? lockdep_hardirqs_on+0x98/0x150 [ 226.240456][ T5777] ? hci_send_to_monitor+0xd7/0x4f0 [ 226.246354][ T5777] hci_rx_work+0x43a/0xd60 [ 226.251184][ T5777] ? process_scheduled_works+0x96f/0x15d0 [ 226.257606][ T5777] process_scheduled_works+0xa5d/0x15d0 [ 226.264947][ T5777] ? worker_attach_to_pool+0x380/0x380 [ 226.272836][ T5777] ? assign_work+0x3d2/0x5d0 [ 226.278655][ T5777] worker_thread+0xa55/0xfc0 [ 226.285229][ T5777] kthread+0x2fa/0x390 [ 226.289961][ T5777] ? pr_cont_work+0x560/0x560 [ 226.294977][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 226.300077][ T5777] ret_from_fork+0x48/0x80 [ 226.304922][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 226.309822][ T5777] ret_from_fork_asm+0x11/0x20 [ 226.314883][ T5777] [ 226.716108][ T5777] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 226.734727][ T5777] Bluetooth: hci0: failed to register connection device [ 229.447760][ T5777] Bluetooth: hci0: command 0x0406 tx timeout [ 232.920246][ T6822] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12) [ 232.928612][ T6822] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 232.985876][ T6824] vhci_hcd: connection closed [ 232.991339][ T6822] vhci_hcd vhci_hcd.0: Device attached [ 233.007347][ T2987] vhci_hcd: stop threads [ 233.024348][ T2987] vhci_hcd: release socket [ 233.061250][ T2987] vhci_hcd: disconnect device [ 236.467309][ T5777] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 236.477849][ T5777] CPU: 1 PID: 5777 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 236.485644][ T5777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 236.496379][ T5777] Workqueue: hci1 hci_rx_work [ 236.501148][ T5777] Call Trace: [ 236.504473][ T5777] [ 236.507452][ T5777] dump_stack_lvl+0x18c/0x250 [ 236.512295][ T5777] ? show_regs_print_info+0x20/0x20 [ 236.517666][ T5777] ? load_image+0x400/0x400 [ 236.522438][ T5777] sysfs_create_dir_ns+0x26e/0x2a0 [ 236.527706][ T5777] ? sysfs_warn_dup+0xa0/0xa0 [ 236.533027][ T5777] ? do_raw_spin_unlock+0x121/0x230 [ 236.538617][ T5777] kobject_add_internal+0x61c/0xcc0 [ 236.544168][ T5777] kobject_add+0x164/0x240 [ 236.548828][ T5777] ? kobject_init+0x1e0/0x1e0 [ 236.553774][ T5777] ? _raw_spin_unlock+0x3a/0x40 [ 236.559232][ T5777] ? get_device_parent+0x366/0x390 [ 236.564905][ T5777] device_add+0x408/0xc20 [ 236.569856][ T5777] hci_conn_add_sysfs+0xd5/0x1e0 [ 236.574888][ T5777] le_conn_complete_evt+0xf5d/0x1540 [ 236.580509][ T5777] ? hci_event_packet+0x4cb/0x1270 [ 236.585780][ T5777] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 236.592280][ T5777] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 236.598078][ T5777] ? skb_pull_data+0xfb/0x200 [ 236.602852][ T5777] hci_le_conn_complete_evt+0x187/0x440 [ 236.608566][ T5777] ? hci_remote_host_features_evt+0x150/0x150 [ 236.615494][ T5777] hci_event_packet+0x7ba/0x1270 [ 236.620606][ T5777] ? bis_list+0x290/0x290 [ 236.625008][ T5777] ? lockdep_hardirqs_on+0x98/0x150 [ 236.630299][ T5777] ? hci_send_to_monitor+0xd7/0x4f0 [ 236.635748][ T5777] hci_rx_work+0x43a/0xd60 [ 236.640438][ T5777] ? process_scheduled_works+0x96f/0x15d0 [ 236.646397][ T5777] process_scheduled_works+0xa5d/0x15d0 [ 236.652566][ T5777] ? worker_attach_to_pool+0x380/0x380 [ 236.658508][ T5777] ? assign_work+0x3d2/0x5d0 [ 236.663385][ T5777] worker_thread+0xa55/0xfc0 [ 236.668179][ T5777] kthread+0x2fa/0x390 [ 236.672741][ T5777] ? pr_cont_work+0x560/0x560 [ 236.677664][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 236.682506][ T5777] ret_from_fork+0x48/0x80 [ 236.686992][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 236.692092][ T5777] ret_from_fork_asm+0x11/0x20 [ 236.697030][ T5777] [ 236.731602][ T5777] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 236.751406][ T5777] Bluetooth: hci1: failed to register connection device [ 238.770280][ T5777] Bluetooth: hci1: command 0x0406 tx timeout [ 241.611095][ T6880] kvm: pic: non byte write [ 246.548951][ T5777] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 246.558952][ T5777] CPU: 1 PID: 5777 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 246.567296][ T5777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 246.577766][ T5777] Workqueue: hci1 hci_rx_work [ 246.583287][ T5777] Call Trace: [ 246.586632][ T5777] [ 246.590288][ T5777] dump_stack_lvl+0x18c/0x250 [ 246.595643][ T5777] ? show_regs_print_info+0x20/0x20 [ 246.601194][ T5777] ? load_image+0x400/0x400 [ 246.606980][ T5777] sysfs_create_dir_ns+0x26e/0x2a0 [ 246.614047][ T5777] ? sysfs_warn_dup+0xa0/0xa0 [ 246.619688][ T5777] ? do_raw_spin_unlock+0x121/0x230 [ 246.626536][ T5777] kobject_add_internal+0x61c/0xcc0 [ 246.632473][ T5777] kobject_add+0x164/0x240 [ 246.637092][ T5777] ? __rwlock_init+0x150/0x150 [ 246.641893][ T5777] ? kobject_init+0x1e0/0x1e0 [ 246.646968][ T5777] ? _raw_spin_unlock+0x28/0x40 [ 246.652492][ T5777] ? get_device_parent+0x366/0x390 [ 246.658737][ T5777] device_add+0x408/0xc20 [ 246.663658][ T5777] hci_conn_add_sysfs+0xd5/0x1e0 [ 246.668975][ T5777] le_conn_complete_evt+0xf5d/0x1540 [ 246.674815][ T5777] ? hci_event_packet+0x4cb/0x1270 [ 246.680138][ T5777] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 246.686663][ T5777] ? __copy_skb_header+0xa3/0x4a0 [ 246.691990][ T5777] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 246.698489][ T5777] ? skb_pull_data+0xfb/0x200 [ 246.703447][ T5777] hci_le_conn_complete_evt+0x187/0x440 [ 246.709163][ T5777] ? hci_remote_host_features_evt+0x150/0x150 [ 246.715706][ T5777] hci_event_packet+0x7ba/0x1270 [ 246.721205][ T5777] ? bis_list+0x290/0x290 [ 246.725952][ T5777] ? lockdep_hardirqs_on+0x98/0x150 [ 246.731465][ T5777] ? hci_send_to_monitor+0xd7/0x4f0 [ 246.737048][ T5777] hci_rx_work+0x43a/0xd60 [ 246.741518][ T5777] ? process_scheduled_works+0x96f/0x15d0 [ 246.747746][ T5777] process_scheduled_works+0xa5d/0x15d0 [ 246.753657][ T5777] ? worker_attach_to_pool+0x380/0x380 [ 246.760058][ T5777] ? assign_work+0x3d2/0x5d0 [ 246.764901][ T5777] worker_thread+0xa55/0xfc0 [ 246.769716][ T5777] kthread+0x2fa/0x390 [ 246.774591][ T5777] ? pr_cont_work+0x560/0x560 [ 246.779528][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 246.784650][ T5777] ret_from_fork+0x48/0x80 [ 246.789331][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 246.794358][ T5777] ret_from_fork_asm+0x11/0x20 [ 246.799511][ T5777] [ 246.804675][ T5777] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 246.820268][ T5777] Bluetooth: hci1: failed to register connection device [ 248.850540][ T5777] Bluetooth: hci1: command 0x0406 tx timeout [ 249.444753][ T6930] sctp: [Deprecated]: syz.3.299 (pid 6930) Use of struct sctp_assoc_value in delayed_ack socket option. [ 249.444753][ T6930] Use struct sctp_sack_info instead [ 251.745971][ T5777] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 252.389189][ T6950] orangefs_mount: mount request failed with -4 [ 255.097415][ T6967] capability: warning: `syz.0.310' uses 32-bit capabilities (legacy support in use) [ 256.740973][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.750421][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.940747][ T6989] kvm: pic: non byte write [ 259.200275][ T5777] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 260.183932][ T5777] CPU: 1 PID: 5777 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 260.195492][ T5777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 260.209337][ T5777] Workqueue: hci0 hci_rx_work [ 260.216271][ T5777] Call Trace: [ 260.221868][ T5777] [ 260.225808][ T5777] dump_stack_lvl+0x18c/0x250 [ 260.232535][ T5777] ? show_regs_print_info+0x20/0x20 [ 260.240211][ T5777] ? load_image+0x400/0x400 [ 260.246591][ T5777] sysfs_create_dir_ns+0x26e/0x2a0 [ 260.253780][ T5777] ? sysfs_warn_dup+0xa0/0xa0 [ 260.262739][ T5777] ? do_raw_spin_unlock+0x121/0x230 [ 260.271043][ T5777] kobject_add_internal+0x61c/0xcc0 [ 260.279157][ T5777] kobject_add+0x164/0x240 [ 260.285705][ T5777] ? __rwlock_init+0x150/0x150 [ 260.293404][ T5777] ? kobject_init+0x1e0/0x1e0 [ 260.300709][ T5777] ? _raw_spin_unlock+0x28/0x40 [ 260.307777][ T5777] ? get_device_parent+0x366/0x390 [ 260.314562][ T5777] device_add+0x408/0xc20 [ 260.320221][ T5777] hci_conn_add_sysfs+0xd5/0x1e0 [ 260.326597][ T5777] le_conn_complete_evt+0xf5d/0x1540 [ 260.336094][ T5777] ? hci_event_packet+0x4cb/0x1270 [ 260.344030][ T5777] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 260.354024][ T5777] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 260.363089][ T5777] ? skb_pull_data+0xfb/0x200 [ 260.369192][ T5777] hci_le_conn_complete_evt+0x187/0x440 [ 260.378417][ T5777] ? hci_remote_host_features_evt+0x150/0x150 [ 260.387685][ T5777] hci_event_packet+0x7ba/0x1270 [ 260.395905][ T5777] ? bis_list+0x290/0x290 [ 260.402326][ T5777] ? lockdep_hardirqs_on+0x98/0x150 [ 260.409996][ T5777] ? hci_send_to_monitor+0xd7/0x4f0 [ 260.418784][ T5777] hci_rx_work+0x43a/0xd60 [ 260.424572][ T5777] ? process_scheduled_works+0x96f/0x15d0 [ 260.433042][ T5777] process_scheduled_works+0xa5d/0x15d0 [ 260.440092][ T5777] ? worker_attach_to_pool+0x380/0x380 [ 260.448573][ T5777] ? assign_work+0x3d2/0x5d0 [ 260.454568][ T5777] worker_thread+0xa55/0xfc0 [ 260.461662][ T5777] kthread+0x2fa/0x390 [ 260.468172][ T5777] ? pr_cont_work+0x560/0x560 [ 260.475233][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 260.481929][ T5777] ret_from_fork+0x48/0x80 [ 260.487827][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 260.494573][ T5777] ret_from_fork_asm+0x11/0x20 [ 260.501747][ T5777] [ 260.532696][ T5777] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 260.553086][ T5777] Bluetooth: hci0: failed to register connection device [ 265.429735][ T7039] kvm: pic: non byte write [ 265.649060][ T7054] sctp: [Deprecated]: syz.1.326 (pid 7054) Use of struct sctp_assoc_value in delayed_ack socket option. [ 265.649060][ T7054] Use struct sctp_sack_info instead [ 268.621598][ T7085] netlink: 4 bytes leftover after parsing attributes in process `syz.0.340'. [ 269.276128][ T7092] sctp: [Deprecated]: syz.3.341 (pid 7092) Use of struct sctp_assoc_value in delayed_ack socket option. [ 269.276128][ T7092] Use struct sctp_sack_info instead [ 269.570201][ T5780] Bluetooth: hci0: command 0x0406 tx timeout [ 271.834727][ T7120] netlink: 4 bytes leftover after parsing attributes in process `syz.2.353'. [ 272.384675][ T7125] sctp: [Deprecated]: syz.0.354 (pid 7125) Use of struct sctp_assoc_value in delayed_ack socket option. [ 272.384675][ T7125] Use struct sctp_sack_info instead [ 272.529378][ T7120] hsr_slave_1 (unregistering): left promiscuous mode [ 279.528794][ T7167] netlink: 4 bytes leftover after parsing attributes in process `syz.0.368'. [ 283.955614][ T7196] sctp: [Deprecated]: syz.1.376 (pid 7196) Use of struct sctp_assoc_value in delayed_ack socket option. [ 283.955614][ T7196] Use struct sctp_sack_info instead [ 286.718928][ T7218] netlink: 4 bytes leftover after parsing attributes in process `syz.0.382'. [ 291.890868][ T7256] sctp: [Deprecated]: syz.1.392 (pid 7256) Use of struct sctp_assoc_value in delayed_ack socket option. [ 291.890868][ T7256] Use struct sctp_sack_info instead [ 292.280647][ T7264] netlink: 4 bytes leftover after parsing attributes in process `syz.2.394'. [ 296.621215][ T7300] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(17) [ 296.627946][ T7300] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 296.636242][ T7300] vhci_hcd vhci_hcd.0: Device attached [ 296.930812][ T5812] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 297.273234][ T7301] vhci_hcd: connection reset by peer [ 297.625845][ T48] vhci_hcd: stop threads [ 297.811134][ T48] vhci_hcd: release socket [ 297.840132][ T48] vhci_hcd: disconnect device [ 300.206820][ T7324] netlink: 4 bytes leftover after parsing attributes in process `syz.3.409'. [ 301.601035][ T7324] hsr_slave_1 (unregistering): left promiscuous mode [ 304.016711][ T5812] vhci_hcd: vhci_device speed not set [ 306.107005][ T7373] loop0: detected capacity change from 0 to 40427 [ 306.564303][ T7373] F2FS-fs (loop0): invalid crc value [ 306.587594][ T7373] F2FS-fs (loop0): Found nat_bits in checkpoint [ 306.700163][ T7373] F2FS-fs (loop0): Start checkpoint disabled! [ 306.770955][ T7373] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 307.109088][ T28] audit: type=1800 audit(1773945018.140:2): pid=7373 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.422" name="bus" dev="loop0" ino=10 res=0 errno=0 [ 307.178376][ T7373] syz.0.422: attempt to access beyond end of device [ 307.178376][ T7373] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 307.201241][ T7373] syz.0.422: attempt to access beyond end of device [ 307.201241][ T7373] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 307.222980][ T7373] syz.0.422: attempt to access beyond end of device [ 307.222980][ T7373] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 307.241005][ T7373] syz.0.422: attempt to access beyond end of device [ 307.241005][ T7373] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 307.259449][ T7373] syz.0.422: attempt to access beyond end of device [ 307.259449][ T7373] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 307.279113][ T7373] syz.0.422: attempt to access beyond end of device [ 307.279113][ T7373] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 307.299030][ T7373] syz.0.422: attempt to access beyond end of device [ 307.299030][ T7373] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 307.317210][ T7373] syz.0.422: attempt to access beyond end of device [ 307.317210][ T7373] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 307.334584][ T7373] syz.0.422: attempt to access beyond end of device [ 307.334584][ T7373] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 307.351143][ T7373] syz.0.422: attempt to access beyond end of device [ 307.351143][ T7373] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 307.550850][ T7390] netlink: 4 bytes leftover after parsing attributes in process `syz.2.426'. [ 307.894431][ T1314] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 307.950182][ T1314] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 310.890223][ T7417] orangefs_mount: mount request failed with -4 [ 311.531898][ T7431] netlink: 4 bytes leftover after parsing attributes in process `syz.0.440'. [ 312.068679][ T7436] Cannot find add_set index 0 as target [ 315.291596][ T7465] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12) [ 315.298822][ T7465] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 315.311033][ T7465] vhci_hcd vhci_hcd.0: Device attached [ 315.636956][ T5759] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 317.692070][ T7466] vhci_hcd: connection reset by peer [ 317.864218][ T59] vhci_hcd: stop threads [ 317.975972][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.993041][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.015563][ T59] vhci_hcd: release socket [ 318.128206][ T59] vhci_hcd: disconnect device [ 318.423572][ T7482] netlink: 4 bytes leftover after parsing attributes in process `syz.1.455'. [ 319.610557][ T7491] netlink: 4 bytes leftover after parsing attributes in process `syz.2.457'. [ 319.690815][ T5780] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 319.785251][ T7491] nbd: socks must be embedded in a SOCK_ITEM attr [ 322.230090][ T5759] vhci_hcd: vhci_device speed not set [ 322.269395][ T7499] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 322.277351][ T7499] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 322.286472][ T7499] vhci_hcd vhci_hcd.0: Device attached [ 324.399212][ T7500] vhci_hcd: connection closed [ 324.560139][ T5813] usb 39-1: new low-speed USB device number 3 using vhci_hcd [ 324.580265][ T3532] vhci_hcd: stop threads [ 324.680140][ T3532] vhci_hcd: release socket [ 324.792703][ T3532] vhci_hcd: disconnect device [ 324.801728][ T5813] usb 39-1: enqueue for inactive port 0 [ 324.884347][ T7313] udevd[7313]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 324.922307][ T5813] vhci_hcd: vhci_device speed not set [ 324.928759][ T7320] udevd[7320]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 325.717313][ T7516] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 326.013146][ T7531] netlink: 12 bytes leftover after parsing attributes in process `syz.2.465'. [ 326.025901][ T7531] netlink: 12 bytes leftover after parsing attributes in process `syz.2.465'. [ 326.310143][ T5759] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 326.537948][ T5759] usb 4-1: unable to get BOS descriptor or descriptor too short [ 326.555937][ T5759] usb 4-1: not running at top speed; connect to a high speed hub [ 326.605126][ T5759] usb 4-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice= 0.40 [ 326.615475][ T5759] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.665562][ T5759] usb 4-1: Product: syz [ 326.684678][ T5759] usb 4-1: Manufacturer: syz [ 326.706242][ T5759] usb 4-1: SerialNumber: syz [ 327.076400][ T7539] kvm: kvm [7538]: vcpu3, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0xffffff [ 327.107982][ T7539] kvm: kvm [7538]: vcpu3, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0x3 [ 328.232708][ T5759] us122l: couldn't allocate write buffer [ 328.241933][ T5759] snd-usb-us122l: probe of 4-1:1.1 failed with error -22 [ 328.292627][ T5759] usb 4-1: USB disconnect, device number 3 [ 329.512298][ T7559] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12) [ 329.519882][ T7559] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 329.528880][ T7559] vhci_hcd vhci_hcd.0: Device attached [ 330.725861][ T5759] usb 35-1: new low-speed USB device number 3 using vhci_hcd [ 330.772649][ T7560] vhci_hcd: connection closed [ 330.887169][ T3532] vhci_hcd: stop threads [ 330.988792][ T3532] vhci_hcd: release socket [ 331.066899][ T3532] vhci_hcd: disconnect device [ 331.597904][ T7568] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 331.605042][ T7568] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 331.613393][ T7568] vhci_hcd vhci_hcd.0: Device attached [ 331.892555][ T7573] Cannot find add_set index 0 as target [ 332.144609][ T7569] vhci_hcd: connection closed [ 332.280057][ T5813] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 332.294490][ T7571] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 332.342510][ T59] vhci_hcd: stop threads [ 332.347141][ T59] vhci_hcd: release socket [ 332.376651][ T59] vhci_hcd: disconnect device [ 336.371062][ T5759] vhci_hcd: vhci_device speed not set [ 337.420045][ T5813] vhci_hcd: vhci_device speed not set [ 337.513300][ T7594] udevd[7594]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 342.010421][ T7651] sctp: [Deprecated]: syz.1.497 (pid 7651) Use of struct sctp_assoc_value in delayed_ack socket option. [ 342.010421][ T7651] Use struct sctp_sack_info instead [ 344.506372][ T7668] loop0: detected capacity change from 0 to 40427 [ 344.540707][ T7668] F2FS-fs (loop0): invalid crc value [ 344.560033][ T7668] F2FS-fs (loop0): Found nat_bits in checkpoint [ 344.621329][ T7668] F2FS-fs (loop0): Start checkpoint disabled! [ 344.651005][ T7668] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 344.757462][ T28] audit: type=1800 audit(1773945055.790:3): pid=7681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.504" name="bus" dev="loop0" ino=10 res=0 errno=0 [ 344.848129][ T7681] bio_check_eod: 1 callbacks suppressed [ 344.848149][ T7681] syz.0.504: attempt to access beyond end of device [ 344.848149][ T7681] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 344.978268][ T7681] syz.0.504: attempt to access beyond end of device [ 344.978268][ T7681] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 345.076185][ T7681] syz.0.504: attempt to access beyond end of device [ 345.076185][ T7681] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 345.335695][ T7681] syz.0.504: attempt to access beyond end of device [ 345.335695][ T7681] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 345.718805][ T7681] syz.0.504: attempt to access beyond end of device [ 345.718805][ T7681] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 345.766606][ T7684] sctp: [Deprecated]: syz.2.509 (pid 7684) Use of struct sctp_assoc_value in delayed_ack socket option. [ 345.766606][ T7684] Use struct sctp_sack_info instead [ 346.970905][ T2928] kworker/u4:9: attempt to access beyond end of device [ 346.970905][ T2928] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 347.014934][ T7638] udevd[7638]: inotify_add_watch(7, /dev/loop1, 10) failed: No such file or directory [ 347.030868][ T2928] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 347.086864][ T2928] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 353.905981][ T7753] sctp: [Deprecated]: syz.3.532 (pid 7753) Use of struct sctp_assoc_value in delayed_ack socket option. [ 353.905981][ T7753] Use struct sctp_sack_info instead [ 358.082224][ T7776] loop0: detected capacity change from 0 to 40427 [ 358.143129][ T7776] F2FS-fs (loop0): invalid crc value [ 358.162368][ T7788] sctp: [Deprecated]: syz.1.544 (pid 7788) Use of struct sctp_assoc_value in delayed_ack socket option. [ 358.162368][ T7788] Use struct sctp_sack_info instead [ 358.321302][ T7776] F2FS-fs (loop0): Found nat_bits in checkpoint [ 358.358683][ T7790] Cannot find add_set index 0 as target [ 358.913559][ T7776] F2FS-fs (loop0): Start checkpoint disabled! [ 358.990953][ T7776] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 359.129743][ T28] audit: type=1800 audit(1773945070.160:4): pid=7776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.540" name="bus" dev="loop0" ino=10 res=0 errno=0 [ 359.185598][ T7776] syz.0.540: attempt to access beyond end of device [ 359.185598][ T7776] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 359.231712][ T7776] syz.0.540: attempt to access beyond end of device [ 359.231712][ T7776] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 359.272860][ T7776] syz.0.540: attempt to access beyond end of device [ 359.272860][ T7776] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 359.312949][ T7776] syz.0.540: attempt to access beyond end of device [ 359.312949][ T7776] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 359.328328][ T7776] syz.0.540: attempt to access beyond end of device [ 359.328328][ T7776] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 359.346504][ T7776] syz.0.540: attempt to access beyond end of device [ 359.346504][ T7776] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 359.367007][ T7776] syz.0.540: attempt to access beyond end of device [ 359.367007][ T7776] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 359.417816][ T7776] syz.0.540: attempt to access beyond end of device [ 359.417816][ T7776] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 359.705273][ T59] kworker/u4:4: attempt to access beyond end of device [ 359.705273][ T59] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 359.720253][ T59] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 359.728621][ T59] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 364.172668][ T7823] sctp: [Deprecated]: syz.2.554 (pid 7823) Use of struct sctp_assoc_value in delayed_ack socket option. [ 364.172668][ T7823] Use struct sctp_sack_info instead [ 366.763099][ T7836] Cannot find add_set index 0 as target [ 368.443034][ T7853] sctp: [Deprecated]: syz.2.563 (pid 7853) Use of struct sctp_assoc_value in delayed_ack socket option. [ 368.443034][ T7853] Use struct sctp_sack_info instead [ 369.156314][ T7854] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 369.163948][ T7854] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 369.200593][ T7854] vhci_hcd vhci_hcd.0: Device attached [ 369.327383][ T7855] vhci_hcd: connection closed [ 369.329596][ T1314] vhci_hcd: stop threads [ 369.356204][ T1314] vhci_hcd: release socket [ 369.369320][ T1314] vhci_hcd: disconnect device [ 369.399990][ T5759] vhci_hcd: vhci_device speed not set [ 371.992230][ T7885] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 371.999923][ T7885] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 372.036022][ T7885] vhci_hcd vhci_hcd.0: Device attached [ 372.338053][ T7886] vhci_hcd: connection closed [ 372.341614][ T2945] vhci_hcd: stop threads [ 372.354108][ T2945] vhci_hcd: release socket [ 372.361242][ T2945] vhci_hcd: disconnect device [ 373.086054][ T9] vhci_hcd: vhci_device speed not set [ 373.127632][ T7899] Cannot find add_set index 0 as target [ 373.135985][ T7896] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 373.143200][ T7896] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 373.175748][ T7896] vhci_hcd vhci_hcd.0: Device attached [ 373.331347][ T7900] vhci_hcd: connection closed [ 373.331757][ T166] vhci_hcd: stop threads [ 373.349083][ T166] vhci_hcd: release socket [ 373.354584][ T166] vhci_hcd: disconnect device [ 373.420153][ T7535] vhci_hcd: vhci_device speed not set [ 374.172405][ T7909] netlink: 12 bytes leftover after parsing attributes in process `syz.2.578'. [ 374.210496][ T7909] netlink: 12 bytes leftover after parsing attributes in process `syz.2.578'. [ 374.939395][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e336000: rx timeout, send abort [ 375.449597][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e336000: abort rx timeout. Force session deactivation [ 376.725561][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e336c00: rx timeout, send abort [ 377.236926][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e336c00: abort rx timeout. Force session deactivation [ 377.759278][ T7931] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 377.766629][ T7931] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 378.555163][ T7931] vhci_hcd vhci_hcd.0: Device attached [ 378.703753][ T7936] vhci_hcd: connection closed [ 378.708191][ T48] vhci_hcd: stop threads [ 378.717722][ T7881] udevd[7881]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 378.763908][ T48] vhci_hcd: release socket [ 378.793152][ T48] vhci_hcd: disconnect device [ 378.840333][ T5836] vhci_hcd: vhci_device speed not set [ 379.515159][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.535510][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 382.489124][ T7968] udevd[7968]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 382.786313][ T7968] udevd[7968]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 382.837761][ T7980] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12) [ 382.844704][ T7980] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 382.873371][ T7980] vhci_hcd vhci_hcd.0: Device attached [ 383.570487][ T7535] usb 35-1: new low-speed USB device number 4 using vhci_hcd [ 383.616209][ T7981] vhci_hcd: connection closed [ 383.658707][ T166] vhci_hcd: stop threads [ 383.766484][ T166] vhci_hcd: release socket [ 383.771849][ T166] vhci_hcd: disconnect device [ 386.065961][ T8015] udevd[8015]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 388.641912][ T8041] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12) [ 388.648897][ T8041] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 388.850462][ T7535] vhci_hcd: vhci_device speed not set [ 389.180186][ T8043] vhci_hcd: connection closed [ 389.214977][ T8041] vhci_hcd vhci_hcd.0: Device attached [ 389.230341][ T8009] vhci_hcd: stop threads [ 389.235370][ T8009] vhci_hcd: release socket [ 389.268189][ T8009] vhci_hcd: disconnect device [ 389.500919][ T8015] udevd[8015]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 390.454502][ T8062] netlink: 4 bytes leftover after parsing attributes in process `syz.0.621'. [ 393.511891][ T8094] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 393.519711][ T8094] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 393.529434][ T8094] vhci_hcd vhci_hcd.0: Device attached [ 393.850223][ T7535] usb 39-1: new low-speed USB device number 7 using vhci_hcd [ 394.160103][ T8095] vhci_hcd: connection reset by peer [ 394.171334][ T3532] vhci_hcd: stop threads [ 394.176086][ T3532] vhci_hcd: release socket [ 394.181552][ T3532] vhci_hcd: disconnect device [ 395.520523][ T8111] netlink: 4 bytes leftover after parsing attributes in process `syz.0.634'. [ 399.019980][ T7535] vhci_hcd: vhci_device speed not set [ 399.793840][ C0] vcan0: j1939_tp_rxtimer: 0xffff888021792000: rx timeout, send abort [ 400.288268][ T8150] netlink: 4 bytes leftover after parsing attributes in process `syz.0.645'. [ 400.307964][ C0] vcan0: j1939_tp_rxtimer: 0xffff888021792000: abort rx timeout. Force session deactivation [ 400.329954][ T8148] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 400.340689][ T8148] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 400.372684][ T8148] vhci_hcd vhci_hcd.0: Device attached [ 400.800762][ T7535] usb 39-1: new low-speed USB device number 8 using vhci_hcd [ 401.073182][ T8149] vhci_hcd: connection closed [ 401.111664][ T1002] vhci_hcd: stop threads [ 401.130077][ T1002] vhci_hcd: release socket [ 401.140973][ T1002] vhci_hcd: disconnect device [ 404.373687][ T8194] netlink: 4 bytes leftover after parsing attributes in process `syz.0.656'. [ 406.400101][ T7535] vhci_hcd: vhci_device speed not set [ 408.509428][ T8224] netlink: 12 bytes leftover after parsing attributes in process `syz.2.665'. [ 408.543729][ T8224] netlink: 12 bytes leftover after parsing attributes in process `syz.2.665'. [ 409.451206][ T8234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.668'. [ 413.682118][ T8292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.685'. [ 415.525292][ T8314] udevd[8314]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 416.936474][ T8330] Cannot find add_set index 0 as target [ 424.415739][ T8383] Cannot find add_set index 0 as target [ 425.110998][ T8385] netlink: 12 bytes leftover after parsing attributes in process `syz.3.713'. [ 425.121019][ T8385] netlink: 12 bytes leftover after parsing attributes in process `syz.3.713'. [ 429.671313][ T8421] netlink: 68 bytes leftover after parsing attributes in process `syz.0.723'. [ 429.998630][ T8427] netlink: 4 bytes leftover after parsing attributes in process `syz.0.724'. [ 432.511946][ T8454] netlink: 68 bytes leftover after parsing attributes in process `syz.2.732'. [ 432.620913][ T8458] netlink: 12 bytes leftover after parsing attributes in process `syz.0.733'. [ 432.637194][ T8458] netlink: 12 bytes leftover after parsing attributes in process `syz.0.733'. [ 434.114478][ T8468] netlink: 4 bytes leftover after parsing attributes in process `syz.3.736'. [ 436.162416][ T8491] netlink: 68 bytes leftover after parsing attributes in process `syz.0.743'. [ 436.319547][ T8496] netlink: 12 bytes leftover after parsing attributes in process `syz.0.745'. [ 436.333807][ T8496] netlink: 12 bytes leftover after parsing attributes in process `syz.0.745'. [ 438.250337][ T5777] Bluetooth: hci3: command 0x0406 tx timeout [ 438.291725][ T8509] netlink: 4 bytes leftover after parsing attributes in process `syz.2.748'. [ 439.848540][ T8531] netlink: 68 bytes leftover after parsing attributes in process `syz.0.753'. [ 440.468609][ T8547] netlink: 4 bytes leftover after parsing attributes in process `syz.0.758'. [ 440.856263][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.863105][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 443.919889][ T8569] netlink: 68 bytes leftover after parsing attributes in process `syz.3.764'. [ 447.553175][ T8613] netlink: 68 bytes leftover after parsing attributes in process `syz.3.775'. [ 450.075451][ T8647] netlink: 68 bytes leftover after parsing attributes in process `syz.0.786'. [ 452.399062][ T8665] udevd[8665]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 452.849128][ T8677] netlink: 12 bytes leftover after parsing attributes in process `syz.3.797'. [ 452.890050][ T8677] netlink: 12 bytes leftover after parsing attributes in process `syz.3.797'. [ 453.643984][ T8681] netlink: 68 bytes leftover after parsing attributes in process `syz.1.798'. [ 456.431050][ T8717] netlink: 68 bytes leftover after parsing attributes in process `syz.1.810'. [ 456.511876][ T8719] Cannot find add_set index 0 as target [ 456.610018][ T5777] Bluetooth: hci3: command 0x0406 tx timeout [ 456.764862][ T8724] netlink: 12 bytes leftover after parsing attributes in process `syz.3.812'. [ 456.809942][ T8724] netlink: 12 bytes leftover after parsing attributes in process `syz.3.812'. [ 459.381908][ T8749] netlink: 68 bytes leftover after parsing attributes in process `syz.2.819'. [ 459.971567][ T5780] Bluetooth: hci3: command 0x0406 tx timeout [ 464.593428][ T8778] netlink: 60 bytes leftover after parsing attributes in process `syz.0.828'. [ 465.327540][ T8791] netlink: 68 bytes leftover after parsing attributes in process `syz.1.832'. [ 466.530022][ T5777] Bluetooth: hci3: command 0x0406 tx timeout [ 470.296405][ T8812] netlink: 60 bytes leftover after parsing attributes in process `syz.1.839'. [ 470.639442][ T8817] netlink: 68 bytes leftover after parsing attributes in process `syz.3.842'. [ 472.530188][ T5780] Bluetooth: hci3: command 0x0406 tx timeout [ 472.766177][ T8844] netlink: 12 bytes leftover after parsing attributes in process `syz.0.849'. [ 472.800012][ T8844] netlink: 12 bytes leftover after parsing attributes in process `syz.0.849'. [ 475.036940][ T8863] netlink: 68 bytes leftover after parsing attributes in process `syz.3.855'. [ 475.903958][ T5777] Bluetooth: hci3: command 0x0406 tx timeout [ 476.334031][ T8888] netlink: 68 bytes leftover after parsing attributes in process `syz.1.863'. [ 478.253557][ T8904] netlink: 68 bytes leftover after parsing attributes in process `syz.0.868'. [ 479.650615][ T5777] Bluetooth: hci3: command 0x0406 tx timeout [ 480.445159][ T8919] netlink: 68 bytes leftover after parsing attributes in process `syz.2.873'. [ 483.133584][ T8821] udevd[8821]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 483.232370][ T8941] netlink: 68 bytes leftover after parsing attributes in process `syz.1.880'. [ 483.367567][ T8944] netlink: 68 bytes leftover after parsing attributes in process `syz.2.882'. [ 486.388791][ T8970] netlink: 4 bytes leftover after parsing attributes in process `syz.0.887'. [ 486.902821][ T8977] netlink: 68 bytes leftover after parsing attributes in process `syz.2.892'. [ 489.425985][ T8998] netlink: 4 bytes leftover after parsing attributes in process `syz.2.899'. [ 489.502558][ T9000] Cannot find add_set index 0 as target [ 493.523149][ T9038] netlink: 4 bytes leftover after parsing attributes in process `syz.0.909'. [ 494.405050][ T9053] Cannot find add_set index 0 as target [ 496.881017][ T9026] udevd[9026]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 497.115695][ T9085] netlink: 4 bytes leftover after parsing attributes in process `syz.0.924'. [ 500.280602][ T9026] udevd[9026]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 500.770135][ T5780] Bluetooth: hci3: command 0x0406 tx timeout [ 501.132991][ T9077] udevd[9077]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 501.260364][ T9128] netlink: 4 bytes leftover after parsing attributes in process `syz.2.937'. [ 501.949060][ T9135] ERROR: device name not specified. [ 502.293811][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.301061][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.831881][ T9172] udevd[9172]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 507.622372][ T9161] udevd[9161]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 507.904567][ T9181] Cannot find add_set index 0 as target [ 507.997813][ T9189] netlink: 4 bytes leftover after parsing attributes in process `syz.3.953'. [ 511.140629][ T9213] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12) [ 511.147431][ T9213] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 511.155653][ T9213] vhci_hcd vhci_hcd.0: Device attached [ 511.322299][ T9214] vhci_hcd: connection closed [ 511.334904][ T8009] vhci_hcd: stop threads [ 511.540063][ T5812] usb 35-1: new low-speed USB device number 5 using vhci_hcd [ 511.598027][ T8009] vhci_hcd: release socket [ 511.969953][ T8009] vhci_hcd: disconnect device [ 512.197349][ T9211] udevd[9211]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 512.424823][ T9229] Cannot find add_set index 0 as target [ 516.192412][ T9272] Cannot find add_set index 0 as target [ 517.320326][ T5812] vhci_hcd: vhci_device speed not set [ 520.836483][ T9311] Cannot find add_set index 0 as target [ 523.249958][ T5780] Bluetooth: hci3: command 0x0406 tx timeout [ 528.564983][ T9358] Cannot find add_set index 0 as target [ 529.943372][ T9371] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1001'. [ 529.957843][ T9371] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1001'. [ 533.585320][ T9398] Cannot find add_set index 0 as target [ 535.750043][ T9420] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1017'. [ 535.759399][ T9420] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1017'. [ 539.689149][ T9463] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1031'. [ 539.698826][ T9463] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1031'. [ 539.880690][ T9464] Cannot find add_set index 0 as target [ 539.932383][ T9463] usb usb7: usbfs: process 9463 (syz.3.1031) did not claim interface 0 before use [ 548.134650][ T9546] Cannot find add_set index 0 as target [ 551.973300][ T9564] loop0: detected capacity change from 0 to 40427 [ 552.047910][ T9564] F2FS-fs (loop0): invalid crc value [ 552.229857][ T9583] Cannot find add_set index 0 as target [ 552.247281][ T9564] F2FS-fs (loop0): Found nat_bits in checkpoint [ 552.558763][ T9564] F2FS-fs (loop0): Start checkpoint disabled! [ 552.603267][ T9564] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 552.859713][ T28] audit: type=1800 audit(1773945263.890:5): pid=9564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1060" name="bus" dev="loop0" ino=10 res=0 errno=0 [ 552.907759][ T9564] syz.0.1060: attempt to access beyond end of device [ 552.907759][ T9564] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 552.975997][ T9564] syz.0.1060: attempt to access beyond end of device [ 552.975997][ T9564] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 553.037176][ T9564] syz.0.1060: attempt to access beyond end of device [ 553.037176][ T9564] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 553.061986][ T9591] udevd[9591]: inotify_add_watch(7, /dev/loop1, 10) failed: No such file or directory [ 553.077545][ T9564] syz.0.1060: attempt to access beyond end of device [ 553.077545][ T9564] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 553.150779][ T9564] syz.0.1060: attempt to access beyond end of device [ 553.150779][ T9564] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 553.190675][ T9564] syz.0.1060: attempt to access beyond end of device [ 553.190675][ T9564] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 553.641033][ T9564] syz.0.1060: attempt to access beyond end of device [ 553.641033][ T9564] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 554.115884][ T1314] kworker/u4:7: attempt to access beyond end of device [ 554.115884][ T1314] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 554.142268][ T1314] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 554.162088][ T1314] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 555.318912][ T9615] Cannot find add_set index 0 as target [ 557.272489][ T9627] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1080'. [ 557.290063][ T9627] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1080'. [ 558.337585][ T9348] udevd[9348]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 561.961197][ T9696] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1104'. [ 561.971066][ T9696] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1104'. [ 563.738503][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.749262][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.741686][ T9741] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1123'. [ 564.751432][ T9741] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1123'. [ 565.400420][ T9750] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1127'. [ 565.465304][ T9752] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1127'. [ 566.707943][ T9758] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1128'. [ 568.823192][ T9792] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1138'. [ 569.478343][ T9794] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1138'. [ 575.400852][ T9837] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1150'. [ 575.645727][ T9837] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1150'. [ 578.051858][ T9879] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1162'. [ 579.120219][ T9884] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1162'. [ 581.723343][ T9923] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1175'. [ 581.784042][ T9923] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1175'. [ 582.526826][ T9931] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1177'. [ 582.631399][ T9933] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1177'. [ 583.716390][ T9950] fuse: Bad value for 'fd' [ 586.484538][ T9973] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1191'. [ 586.602222][ T9976] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1191'. [ 587.203031][ T9985] fuse: Bad value for 'fd' [ 589.157643][T10010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1203'. [ 589.234125][T10013] fuse: Bad value for 'fd' [ 589.271187][T10016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1203'. [ 592.200830][T10049] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11) [ 592.208091][T10049] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 592.216685][T10049] vhci_hcd vhci_hcd.0: Device attached [ 592.621045][T10054] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1215'. [ 592.654669][ T5814] usb 33-1: new low-speed USB device number 3 using vhci_hcd [ 592.694261][T10050] vhci_hcd: connection closed [ 592.727293][ T2987] vhci_hcd: stop threads [ 592.862672][ T2987] vhci_hcd: release socket [ 592.939291][T10055] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1215'. [ 592.975336][ T2987] vhci_hcd: disconnect device [ 596.576420][T10091] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1226'. [ 596.723461][T10093] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 596.731404][T10093] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 596.741457][T10093] vhci_hcd vhci_hcd.0: Device attached [ 597.080818][ T27] usb 39-1: new low-speed USB device number 9 using vhci_hcd [ 597.374368][T10094] vhci_hcd: connection reset by peer [ 597.889932][ T5814] vhci_hcd: vhci_device speed not set [ 599.725504][ T166] vhci_hcd: stop threads [ 599.730522][ T166] vhci_hcd: release socket [ 599.735523][ T166] vhci_hcd: disconnect device [ 602.281470][T10142] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1239'. [ 602.379895][ T27] vhci_hcd: vhci_device speed not set [ 604.212005][T10159] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 604.218986][T10159] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 604.227264][T10159] vhci_hcd vhci_hcd.0: Device attached [ 604.407010][T10160] vhci_hcd: connection closed [ 604.440092][ T8009] vhci_hcd: stop threads [ 604.576904][ T8009] vhci_hcd: release socket [ 604.678582][ T8009] vhci_hcd: disconnect device [ 609.743044][T10192] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1252'. [ 610.777586][T10206] udevd[10206]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 614.090698][T10241] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1266'. [ 614.181062][T10248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1266'. [ 618.918007][T10288] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1279'. [ 619.684786][T10297] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1279'. [ 621.277744][T10317] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 621.285215][T10317] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 621.294489][T10317] vhci_hcd vhci_hcd.0: Device attached [ 622.169172][ T5814] usb 37-1: new low-speed USB device number 4 using vhci_hcd [ 622.329915][T10318] vhci_hcd: connection reset by peer [ 622.336967][ T2928] vhci_hcd: stop threads [ 622.345088][ T2928] vhci_hcd: release socket [ 622.350582][ T2928] vhci_hcd: disconnect device [ 623.393590][T10330] udevd[10330]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 625.330672][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.337228][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.497620][ T5814] vhci_hcd: vhci_device speed not set [ 634.698071][T10409] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 634.705149][T10409] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 634.714050][T10409] vhci_hcd vhci_hcd.0: Device attached [ 634.867368][T10411] vhci_hcd: connection closed [ 634.919359][ T3532] vhci_hcd: stop threads [ 634.936835][ T3532] vhci_hcd: release socket [ 635.059909][ T3532] vhci_hcd: disconnect device [ 638.490923][T10449] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 638.498817][T10449] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 638.507796][T10449] vhci_hcd vhci_hcd.0: Device attached [ 639.980994][T10450] vhci_hcd: connection closed [ 640.311615][ T2945] vhci_hcd: stop threads [ 640.702554][ T2945] vhci_hcd: release socket [ 640.710367][ T2945] vhci_hcd: disconnect device [ 640.770015][ T5816] vhci_hcd: vhci_device speed not set [ 646.526445][T10503] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 646.534648][T10503] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 646.544530][T10503] vhci_hcd vhci_hcd.0: Device attached [ 646.555680][T10505] vhci_hcd: connection closed [ 646.597102][ T2908] vhci_hcd: stop threads [ 646.810152][ T2908] vhci_hcd: release socket [ 646.865942][ T2908] vhci_hcd: disconnect device [ 647.930541][T10520] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1343'. [ 651.979954][T10551] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 651.986747][T10551] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 652.028245][T10551] vhci_hcd vhci_hcd.0: Device attached [ 652.320389][ T9] usb 37-1: new low-speed USB device number 5 using vhci_hcd [ 652.574214][T10553] vhci_hcd: connection closed [ 652.585745][ T1314] vhci_hcd: stop threads [ 653.088786][ T1314] vhci_hcd: release socket [ 653.094148][ T1314] vhci_hcd: disconnect device [ 653.801042][T10565] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1355'. [ 656.821105][T10599] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 656.828131][T10599] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 656.836423][T10599] vhci_hcd vhci_hcd.0: Device attached [ 657.015850][T10600] vhci_hcd: connection closed [ 657.022641][ T2945] vhci_hcd: stop threads [ 657.510334][ T7535] usb 35-1: new low-speed USB device number 6 using vhci_hcd [ 657.567454][ T2945] vhci_hcd: release socket [ 657.651969][ T2945] vhci_hcd: disconnect device [ 657.729974][ T9] vhci_hcd: vhci_device speed not set [ 659.032013][T10604] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1367'. [ 659.268246][T10617] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1367'. [ 659.853223][T10419] udevd[10419]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 660.314943][T10632] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 661.162879][T10652] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1381'. [ 661.385028][T10659] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1381'. [ 663.093968][ T7535] vhci_hcd: vhci_device speed not set [ 663.683000][T10685] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 663.824832][T10685] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 664.036483][T10696] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1392'. [ 664.102677][T10698] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1392'. [ 665.499050][T10736] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1404'. [ 667.541144][T10750] kvm: kvm [10749]: vcpu3, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0xffffff [ 667.581910][T10750] kvm: kvm [10749]: vcpu3, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0xffffff [ 667.719373][T10750] kvm: kvm [10749]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0xbffffffffffffffd [ 667.952493][T10772] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1414'. [ 668.041714][T10775] kvm: emulating exchange as write [ 668.097081][T10774] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 670.428063][T10805] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1424'. [ 673.859593][T10849] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1436'. [ 674.580142][T10864] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 674.587545][T10864] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 674.595692][T10864] vhci_hcd vhci_hcd.0: Device attached [ 674.960294][ T5814] usb 35-1: new low-speed USB device number 7 using vhci_hcd [ 676.938665][T10865] vhci_hcd: connection reset by peer [ 676.969499][ T2945] vhci_hcd: stop threads [ 676.974535][ T2945] vhci_hcd: release socket [ 676.979458][ T2945] vhci_hcd: disconnect device [ 678.740129][T10885] fuse: Unknown parameter 'grou00000000000000000000' [ 680.132229][ T5814] vhci_hcd: vhci_device speed not set [ 680.778493][T10914] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 680.785618][T10914] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 680.793729][T10914] vhci_hcd vhci_hcd.0: Device attached [ 681.090301][ T27] usb 33-1: new low-speed USB device number 4 using vhci_hcd [ 681.167012][T10915] vhci_hcd: connection reset by peer [ 681.195442][ T1314] vhci_hcd: stop threads [ 681.402271][ T1314] vhci_hcd: release socket [ 682.509384][ T1314] vhci_hcd: disconnect device [ 686.210769][ T27] vhci_hcd: vhci_device speed not set [ 686.635273][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.650170][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 689.754644][T10975] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 689.761857][T10975] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 689.775430][T10977] vhci_hcd: connection closed [ 689.776777][T10975] vhci_hcd vhci_hcd.0: Device attached [ 689.825603][ T3532] vhci_hcd: stop threads [ 689.830184][ T3532] vhci_hcd: release socket [ 689.840010][ T3532] vhci_hcd: disconnect device [ 692.680100][ T5813] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 692.705363][T11022] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 692.713143][T11022] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 692.759063][T11022] vhci_hcd vhci_hcd.0: Device attached [ 693.097434][ T5813] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 693.220084][ T5836] usb 35-1: new low-speed USB device number 8 using vhci_hcd [ 693.252130][ T5813] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 693.351181][ T5813] usb 3-1: Product: syz [ 693.384323][T11023] vhci_hcd: connection reset by peer [ 693.403372][ T5813] usb 3-1: Manufacturer: syz [ 693.453480][ T5813] usb 3-1: SerialNumber: syz [ 694.022733][ T5813] usb 3-1: config 0 descriptor?? [ 694.039107][ T2908] vhci_hcd: stop threads [ 694.097586][ T2908] vhci_hcd: release socket [ 694.123601][T11029] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 694.130775][T11029] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 694.139390][T11029] vhci_hcd vhci_hcd.0: Device attached [ 694.194999][ T2908] vhci_hcd: disconnect device [ 694.327519][T11030] vhci_hcd: connection closed [ 694.400056][ T2928] vhci_hcd: stop threads [ 694.733464][ T2928] vhci_hcd: release socket [ 694.852722][ T2928] vhci_hcd: disconnect device [ 695.620156][ T5813] usb 3-1: Firmware version (0.0) predates our first public release. [ 695.643507][ T5813] usb 3-1: Please update to version 0.2 or newer [ 695.836815][ T5813] usb 3-1: USB disconnect, device number 4 [ 695.990019][T11047] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1494'. [ 696.056158][T11047] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1494'. [ 696.331318][T11059] fuse: Unknown parameter 'group_id00000000000000000000' [ 698.059154][ T5777] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 698.208516][T11083] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1507'. [ 698.287898][T11086] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1507'. [ 698.450360][ T5836] vhci_hcd: vhci_device speed not set [ 698.753709][T11093] fuse: Unknown parameter 'group_id00000000000000000000' [ 699.545247][T11116] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1517'. [ 699.608079][T11119] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1517'. [ 699.696124][T11121] fuse: Unknown parameter 'group_id00000000000000000000' [ 699.771189][T11080] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 700.710076][T11147] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1527'. [ 700.840426][T11153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1527'. [ 701.887844][T11080] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 703.125755][T11193] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1540'. [ 703.189222][T11195] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1540'. [ 705.597604][T11080] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 705.772342][T11240] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1554'. [ 705.843336][T11242] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1554'. [ 708.181256][T11265] loop0: detected capacity change from 0 to 4096 [ 708.595971][T11277] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1565'. [ 708.717923][T11281] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1565'. [ 708.740089][ T7535] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 708.994709][ T7535] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 709.019395][ T7535] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 709.052966][ T7535] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 709.072868][ T7535] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 709.094421][ T7535] usb 3-1: SerialNumber: syz [ 709.136096][T11080] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 709.371982][ T7535] usb 3-1: 0:2 : does not exist [ 709.443314][ T7535] usb 3-1: USB disconnect, device number 5 [ 709.551967][T11014] udevd[11014]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 713.782805][T11080] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 716.422301][ T28] audit: type=1326 audit(1773945427.450:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11315 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a5439c799 code=0x7ffc0000 [ 717.515974][ T28] audit: type=1326 audit(1773945427.470:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11315 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a5433db19 code=0x7ffc0000 [ 717.665434][ T28] audit: type=1326 audit(1773945427.470:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11315 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a5433db19 code=0x7ffc0000 [ 717.799907][ T28] audit: type=1326 audit(1773945427.470:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11315 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a5433db19 code=0x7ffc0000 [ 717.855179][ T28] audit: type=1326 audit(1773945427.470:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11315 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a5433db19 code=0x7ffc0000 [ 717.885874][ T28] audit: type=1326 audit(1773945427.470:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11315 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a5433db19 code=0x7ffc0000 [ 717.939384][ T28] audit: type=1326 audit(1773945427.470:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11315 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a5433db19 code=0x7ffc0000 [ 718.067110][ T28] audit: type=1326 audit(1773945427.470:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11315 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a5433db19 code=0x7ffc0000 [ 718.080118][T11357] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1591'. [ 718.181777][T11357] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1591'. [ 718.216672][ T28] audit: type=1326 audit(1773945427.470:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11315 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a5433db19 code=0x7ffc0000 [ 718.311904][ T28] audit: type=1326 audit(1773945427.470:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11315 comm="syz.1.1579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a5433db19 code=0x7ffc0000 [ 718.970002][T11080] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 727.135374][T11419] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1609'. [ 727.157150][T11419] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1609'. [ 733.024348][T11465] vivid-000: ================= START STATUS ================= [ 733.034893][T11465] vivid-000: Generate PTS: true [ 733.040666][T11465] vivid-000: Generate SCR: true [ 733.047258][T11465] tpg source WxH: 640x360 (Y'CbCr) [ 733.053147][T11465] tpg field: 1 [ 733.056767][T11465] tpg crop: 640x360@0x0 [ 733.061192][T11465] tpg compose: 640x360@0x0 [ 733.065816][T11465] tpg colorspace: 8 [ 733.070025][T11465] tpg transfer function: 0/0 [ 733.075082][T11465] tpg Y'CbCr encoding: 0/0 [ 733.080298][T11465] tpg quantization: 0/0 [ 733.084868][T11465] tpg RGB range: 0/2 [ 733.089523][T11465] vivid-000: ================== END STATUS ================== [ 733.270106][T11466] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 735.457825][T11483] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 735.465791][T11483] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 735.475004][T11483] vhci_hcd vhci_hcd.0: Device attached [ 735.808820][ T5836] usb 35-1: new low-speed USB device number 9 using vhci_hcd [ 736.104621][T11484] vhci_hcd: connection reset by peer [ 736.132975][ T8009] vhci_hcd: stop threads [ 736.177872][ T8009] vhci_hcd: release socket [ 736.229379][ T8009] vhci_hcd: disconnect device [ 739.952669][T11526] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 739.959723][T11526] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 739.993874][ T7535] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 740.007772][T11526] vhci_hcd vhci_hcd.0: Device attached [ 741.009873][ T5836] vhci_hcd: vhci_device speed not set [ 741.772244][T11527] vhci_hcd: connection closed [ 742.800251][ T5759] usb 39-1: new low-speed USB device number 12 using vhci_hcd [ 742.822812][ T2987] vhci_hcd: stop threads [ 742.983812][ T2987] vhci_hcd: release socket [ 742.989316][ T2987] vhci_hcd: disconnect device [ 743.060173][ T5759] usb 39-1: enqueue for inactive port 0 [ 743.141916][T11537] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1643'. [ 743.160030][ T5759] vhci_hcd: vhci_device speed not set [ 743.198538][T11537] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1643'. [ 748.068143][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 748.090955][T11573] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 748.097759][T11573] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 748.105998][T11573] vhci_hcd vhci_hcd.0: Device attached [ 748.150188][T11574] vhci_hcd: connection closed [ 748.186676][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.231646][ T48] vhci_hcd: stop threads [ 748.280763][ T48] vhci_hcd: release socket [ 748.342718][ T48] vhci_hcd: disconnect device [ 750.499356][T11590] vivid-000: ================= START STATUS ================= [ 750.508333][T11590] vivid-000: Generate PTS: true [ 750.513885][T11590] vivid-000: Generate SCR: true [ 750.519881][T11590] tpg source WxH: 640x360 (Y'CbCr) [ 750.526284][T11590] tpg field: 1 [ 750.529858][T11590] tpg crop: 640x360@0x0 [ 750.534254][T11590] tpg compose: 640x360@0x0 [ 750.539480][T11590] tpg colorspace: 8 [ 750.543982][T11590] tpg transfer function: 0/0 [ 750.549072][T11590] tpg Y'CbCr encoding: 0/0 [ 750.554314][T11590] tpg quantization: 0/0 [ 750.559276][T11590] tpg RGB range: 0/2 [ 750.563681][T11590] vivid-000: ================== END STATUS ================== [ 751.483889][T11080] Bluetooth: hci1: unexpected event for opcode 0x2019 [ 752.649397][T11609] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 752.829782][T11611] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 752.836488][T11611] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 752.849219][T11611] vhci_hcd vhci_hcd.0: Device attached [ 753.177789][T11621] vivid-000: ================= START STATUS ================= [ 753.186135][T11621] vivid-000: Generate PTS: true [ 753.191613][T11621] vivid-000: Generate SCR: true [ 753.196891][T11621] tpg source WxH: 640x360 (Y'CbCr) [ 753.202469][T11621] tpg field: 1 [ 753.207030][T11621] tpg crop: 640x360@0x0 [ 753.212405][T11621] tpg compose: 640x360@0x0 [ 753.217614][T11621] tpg colorspace: 8 [ 753.222620][T11621] tpg transfer function: 0/0 [ 753.228353][T11621] tpg Y'CbCr encoding: 0/0 [ 753.234555][T11621] tpg quantization: 0/0 [ 753.239418][T11621] tpg RGB range: 0/2 [ 753.244582][T11621] vivid-000: ================== END STATUS ================== [ 753.950197][T11612] vhci_hcd: connection closed [ 754.002030][ T5759] usb 39-1: new low-speed USB device number 13 using vhci_hcd [ 754.060016][ T2928] vhci_hcd: stop threads [ 754.064955][ T2928] vhci_hcd: release socket [ 754.100162][ T2928] vhci_hcd: disconnect device [ 754.146257][T11626] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1670'. [ 754.156489][T11626] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1670'. [ 754.649923][ T7535] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 754.860376][ T7535] usb 1-1: Using ep0 maxpacket: 8 [ 754.879620][ T7535] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 754.895321][ T7535] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.904531][ T7535] usb 1-1: Product: syz [ 754.909564][ T7535] usb 1-1: Manufacturer: syz [ 754.934805][ T7535] usb 1-1: SerialNumber: syz [ 754.957535][ T7535] usb 1-1: config 0 descriptor?? [ 755.194949][ T7535] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 755.492300][T11080] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 755.503963][T11080] Bluetooth: hci1: Injecting HCI hardware error event [ 755.520267][ T5780] Bluetooth: hci1: hardware error 0x00 [ 756.774701][T11080] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 757.735146][ T7535] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -32 [ 758.449825][ T5780] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 759.689846][ T5759] vhci_hcd: vhci_device speed not set [ 759.749258][ T7535] usb 1-1: USB disconnect, device number 3 [ 760.130715][T11662] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1681'. [ 760.150093][T11663] vivid-000: ================= START STATUS ================= [ 760.158133][T11663] vivid-000: Generate PTS: true [ 760.163384][T11663] vivid-000: Generate SCR: true [ 760.168597][T11663] tpg source WxH: 640x360 (Y'CbCr) [ 760.174242][T11663] tpg field: 1 [ 760.178127][T11663] tpg crop: 640x360@0x0 [ 760.182484][T11663] tpg compose: 640x360@0x0 [ 760.187183][T11663] tpg colorspace: 8 [ 760.191349][T11663] tpg transfer function: 0/0 [ 760.196796][T11663] tpg Y'CbCr encoding: 0/0 [ 760.201850][T11663] tpg quantization: 0/0 [ 760.206094][T11663] tpg RGB range: 0/2 [ 760.210874][T11663] vivid-000: ================== END STATUS ================== [ 760.988585][T11662] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1681'. [ 762.290828][T11686] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 762.539843][ T5836] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 763.635425][ T5836] usb 4-1: Using ep0 maxpacket: 32 [ 763.644739][ T5836] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 763.667686][ T5836] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 763.695510][ T5836] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 763.761913][T11701] vivid-000: ================= START STATUS ================= [ 763.770792][T11701] vivid-000: Generate PTS: true [ 763.776354][T11701] vivid-000: Generate SCR: true [ 763.782318][T11701] tpg source WxH: 640x360 (Y'CbCr) [ 763.787859][T11701] tpg field: 1 [ 763.791809][T11701] tpg crop: 640x360@0x0 [ 763.796459][T11701] tpg compose: 640x360@0x0 [ 763.802744][T11701] tpg colorspace: 8 [ 763.807483][T11701] tpg transfer function: 0/0 [ 763.813804][T11701] tpg Y'CbCr encoding: 0/0 [ 763.819270][T11701] tpg quantization: 0/0 [ 763.824552][T11701] tpg RGB range: 0/2 [ 763.828724][T11701] vivid-000: ================== END STATUS ================== [ 764.649003][ T5836] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 764.808443][ T5836] usb 4-1: config 0 descriptor?? [ 765.816615][ T5836] usb 4-1: can't set config #0, error -71 [ 765.825904][ T5836] usb 4-1: USB disconnect, device number 4 [ 765.948740][T11711] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1695'. [ 766.030288][T11715] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1695'. [ 770.276572][T11757] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1706'. [ 770.425069][T11766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1706'. [ 770.960791][ T5814] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 771.149828][ T5759] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 771.169987][ T5814] usb 2-1: Using ep0 maxpacket: 32 [ 771.183697][ T5814] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 771.204532][ T5814] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 771.223849][ T5814] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 771.243538][ T5814] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 771.273218][ T5814] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 771.294329][ T5814] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 771.329772][ T5814] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 771.340381][ T5814] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 771.350123][ T5759] usb 3-1: Using ep0 maxpacket: 16 [ 771.361234][ T5814] usb 2-1: config 0 descriptor?? [ 771.409324][ T5759] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 771.436202][ T5759] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 771.455405][ T5759] usb 3-1: Product: syz [ 771.470343][ T5759] usb 3-1: Manufacturer: syz [ 771.486970][ T5759] usb 3-1: SerialNumber: syz [ 771.518154][ T5759] usb 3-1: config 0 descriptor?? [ 771.615345][ T5814] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 771.968797][ T5759] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 772.067992][ T5759] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 772.085033][ T5759] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 772.095551][ T5759] usb 3-1: media controller created [ 772.240915][ T5759] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 772.529560][ T7535] usb 2-1: USB disconnect, device number 6 [ 772.539603][T11775] ------------[ cut here ]------------ [ 772.546614][T11775] usb 3-1: BOGUS control dir, pipe 80000680 doesn't match bRequestType c0 [ 772.617040][ T7535] usblp0: removed [ 772.841776][T11775] WARNING: CPU: 1 PID: 11775 at drivers/usb/core/urb.c:413 usb_submit_urb+0x10ac/0x17d0 [ 772.854073][T11775] Modules linked in: [ 772.858264][T11775] CPU: 1 PID: 11775 Comm: syz.2.1712 Not tainted syzkaller #0 [ 772.867255][T11775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 772.877694][T11775] RIP: 0010:usb_submit_urb+0x10ac/0x17d0 [ 772.884427][T11775] Code: df 0f b6 44 05 00 84 c0 0f 85 29 06 00 00 45 0f b6 45 00 48 c7 c7 20 46 6b 8b 48 8b 74 24 20 4c 89 fa 44 89 f1 e8 94 38 ef fa <0f> 0b 49 bc 00 00 00 00 00 fc ff df e9 96 f4 ff ff 89 e9 80 e1 07 [ 772.908072][T11775] RSP: 0018:ffffc90003bbf590 EFLAGS: 00010246 [ 772.915810][T11775] RAX: bfba9764f15e6f00 RBX: ffff888142e60c00 RCX: 0000000000080000 [ 772.925606][T11775] RDX: ffffc9000d0c9000 RSI: 000000000000ae1d RDI: 000000000000ae1e [ 772.935470][T11775] RBP: 1ffff110030c8823 R08: ffffc90003bbf187 R09: 1ffff92000777e30 [ 772.947645][T11775] R10: dffffc0000000000 R11: fffff52000777e31 R12: dffffc0000000000 [ 772.957080][T11775] R13: ffff888018644118 R14: 0000000080000680 R15: ffff8880301209b0 [ 772.965727][T11775] FS: 00007f76de6b06c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 772.975156][T11775] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 772.982095][T11775] CR2: 0000200000009000 CR3: 0000000076710000 CR4: 00000000003506e0 [ 772.991256][T11775] DR0: 0000000000000008 DR1: 0000000000000002 DR2: 0000000000000081 [ 773.000318][T11775] DR3: ffffffffefffff14 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 773.009187][T11775] Call Trace: [ 773.013074][T11775] [ 773.016875][T11775] usb_start_wait_urb+0x12c/0x4e0 [ 773.022572][T11775] ? usb_api_blocking_completion+0xb0/0xb0 [ 773.028685][T11775] usb_control_msg+0x233/0x3e0 [ 773.033859][T11775] dtv5100_i2c_msg+0x231/0x2f0 [ 773.039302][T11775] dtv5100_i2c_xfer+0x1a4/0x3b0 [ 773.044454][T11775] ? dtv5100_tuner_attach+0x100/0x100 [ 773.050037][T11775] __i2c_transfer+0x884/0x20c0 [ 773.055503][T11775] ? i2c_cmd+0x110/0x110 [ 773.060190][T11775] ? i2c_transfer+0x11b/0x3a0 [ 773.065493][T11775] i2c_transfer+0x261/0x3a0 [ 773.070519][T11775] ? __i2c_transfer+0x20c0/0x20c0 [ 773.076776][T11775] ? __might_fault+0xaa/0x120 [ 773.081859][T11775] i2c_transfer_buffer_flags+0x10e/0x1a0 [ 773.088050][T11775] ? i2c_transfer+0x3a0/0x3a0 [ 773.093566][T11775] ? __might_fault+0xc6/0x120 [ 773.098505][T11775] ? _copy_from_user+0xa5/0xe0 [ 773.103981][T11775] i2cdev_write+0x8b/0x120 [ 773.108745][T11775] do_iter_write+0x4ea/0xc30 [ 773.114536][T11775] ? i2cdev_read+0x180/0x180 [ 773.120957][T11775] ? vfs_iter_write+0xa0/0xa0 [ 773.126832][T11775] ? __import_iovec+0x5f2/0x850 [ 773.131907][T11775] ? import_iovec+0x73/0xa0 [ 773.136664][T11775] do_writev+0x27f/0x480 [ 773.142008][T11775] ? do_readv+0x460/0x460 [ 773.147037][T11775] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 773.153631][T11775] ? lock_chain_count+0x20/0x20 [ 773.158861][T11775] ? lockdep_hardirqs_on+0x98/0x150 [ 773.165153][T11775] do_syscall_64+0x55/0xa0 [ 773.170568][T11775] ? clear_bhb_loop+0x40/0x90 [ 773.175967][T11775] ? clear_bhb_loop+0x40/0x90 [ 773.181047][T11775] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 773.187625][T11775] RIP: 0033:0x7f76dd79c799 [ 773.192560][T11775] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 773.214051][T11775] RSP: 002b:00007f76de6b0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 773.224749][T11775] RAX: ffffffffffffffda RBX: 00007f76dda15fa0 RCX: 00007f76dd79c799 [ 773.233634][T11775] RDX: 0000000000000001 RSI: 0000200000000640 RDI: 0000000000000004 [ 773.242722][T11775] RBP: 00007f76dd832c99 R08: 0000000000000000 R09: 0000000000000000 [ 773.251591][T11775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 773.260252][T11775] R13: 00007f76dda16038 R14: 00007f76dda15fa0 R15: 00007ffca65f3e78 [ 773.268930][T11775] [ 773.272428][T11775] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 773.280351][T11775] CPU: 1 PID: 11775 Comm: syz.2.1712 Not tainted syzkaller #0 [ 773.288056][T11775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 773.299040][T11775] Call Trace: [ 773.302437][T11775] [ 773.305709][T11775] dump_stack_lvl+0x18c/0x250 [ 773.310494][T11775] ? show_regs_print_info+0x20/0x20 [ 773.315949][T11775] ? load_image+0x400/0x400 [ 773.320647][T11775] panic+0x2dc/0x730 [ 773.324799][T11775] ? bpf_jit_dump+0xd0/0xd0 [ 773.329575][T11775] __warn+0x2e0/0x470 [ 773.334117][T11775] ? usb_submit_urb+0x10ac/0x17d0 [ 773.340840][T11775] ? usb_submit_urb+0x10ac/0x17d0 [ 773.346503][T11775] report_bug+0x2be/0x4f0 [ 773.351807][T11775] ? usb_submit_urb+0x10ac/0x17d0 [ 773.358361][T11775] ? usb_submit_urb+0x10ac/0x17d0 [ 773.363899][T11775] ? usb_submit_urb+0x10ae/0x17d0 [ 773.369782][T11775] handle_bug+0xcf/0x120 [ 773.374815][T11775] exc_invalid_op+0x1a/0x50 [ 773.381486][T11775] asm_exc_invalid_op+0x1a/0x20 [ 773.386809][T11775] RIP: 0010:usb_submit_urb+0x10ac/0x17d0 [ 773.393048][T11775] Code: df 0f b6 44 05 00 84 c0 0f 85 29 06 00 00 45 0f b6 45 00 48 c7 c7 20 46 6b 8b 48 8b 74 24 20 4c 89 fa 44 89 f1 e8 94 38 ef fa <0f> 0b 49 bc 00 00 00 00 00 fc ff df e9 96 f4 ff ff 89 e9 80 e1 07 [ 773.412893][T11775] RSP: 0018:ffffc90003bbf590 EFLAGS: 00010246 [ 773.419487][T11775] RAX: bfba9764f15e6f00 RBX: ffff888142e60c00 RCX: 0000000000080000 [ 773.428132][T11775] RDX: ffffc9000d0c9000 RSI: 000000000000ae1d RDI: 000000000000ae1e [ 773.437050][T11775] RBP: 1ffff110030c8823 R08: ffffc90003bbf187 R09: 1ffff92000777e30 [ 773.446152][T11775] R10: dffffc0000000000 R11: fffff52000777e31 R12: dffffc0000000000 [ 773.454823][T11775] R13: ffff888018644118 R14: 0000000080000680 R15: ffff8880301209b0 [ 773.463538][T11775] usb_start_wait_urb+0x12c/0x4e0 [ 773.468925][T11775] ? usb_api_blocking_completion+0xb0/0xb0 [ 773.475855][T11775] usb_control_msg+0x233/0x3e0 [ 773.480692][T11775] dtv5100_i2c_msg+0x231/0x2f0 [ 773.485518][T11775] dtv5100_i2c_xfer+0x1a4/0x3b0 [ 773.490793][T11775] ? dtv5100_tuner_attach+0x100/0x100 [ 773.496930][T11775] __i2c_transfer+0x884/0x20c0 [ 773.502297][T11775] ? i2c_cmd+0x110/0x110 [ 773.507242][T11775] ? i2c_transfer+0x11b/0x3a0 [ 773.512454][T11775] i2c_transfer+0x261/0x3a0 [ 773.517216][T11775] ? __i2c_transfer+0x20c0/0x20c0 [ 773.522508][T11775] ? __might_fault+0xaa/0x120 [ 773.527431][T11775] i2c_transfer_buffer_flags+0x10e/0x1a0 [ 773.533381][T11775] ? i2c_transfer+0x3a0/0x3a0 [ 773.538232][T11775] ? __might_fault+0xc6/0x120 [ 773.543049][T11775] ? _copy_from_user+0xa5/0xe0 [ 773.548151][T11775] i2cdev_write+0x8b/0x120 [ 773.552728][T11775] do_iter_write+0x4ea/0xc30 [ 773.557651][T11775] ? i2cdev_read+0x180/0x180 [ 773.562738][T11775] ? vfs_iter_write+0xa0/0xa0 [ 773.567625][T11775] ? __import_iovec+0x5f2/0x850 [ 773.572814][T11775] ? import_iovec+0x73/0xa0 [ 773.577459][T11775] do_writev+0x27f/0x480 [ 773.582232][T11775] ? do_readv+0x460/0x460 [ 773.586800][T11775] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 773.593109][T11775] ? lock_chain_count+0x20/0x20 [ 773.598260][T11775] ? lockdep_hardirqs_on+0x98/0x150 [ 773.603936][T11775] do_syscall_64+0x55/0xa0 [ 773.608756][T11775] ? clear_bhb_loop+0x40/0x90 [ 773.613931][T11775] ? clear_bhb_loop+0x40/0x90 [ 773.618881][T11775] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 773.625491][T11775] RIP: 0033:0x7f76dd79c799 [ 773.630402][T11775] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 773.650680][T11775] RSP: 002b:00007f76de6b0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 773.659703][T11775] RAX: ffffffffffffffda RBX: 00007f76dda15fa0 RCX: 00007f76dd79c799 [ 773.669035][T11775] RDX: 0000000000000001 RSI: 0000200000000640 RDI: 0000000000000004 [ 773.677393][T11775] RBP: 00007f76dd832c99 R08: 0000000000000000 R09: 0000000000000000 [ 773.686016][T11775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 773.694741][T11775] R13: 00007f76dda16038 R14: 00007f76dda15fa0 R15: 00007ffca65f3e78 [ 773.703817][T11775] [ 773.707554][T11775] Kernel Offset: disabled [ 773.712241][T11775] Rebooting in 86400 seconds..