last executing test programs: 3.183246219s ago: executing program 4 (id=1297): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000080)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, 0x0}, 0x8) r2 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r1, 0x4) bpf$LINK_DETACH(0x22, &(0x7f0000000600)=r2, 0x4) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000c80)={r2, r0, 0x4, r0}, 0x10) 3.05015356s ago: executing program 4 (id=1301): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r2) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000001080)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000340)={'wpan1\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x40, r4, 0x852dd6c070cd7e4d, 0x70bd28, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r6}]}, 0x40}, 0x4, 0x700000002000000}, 0x0) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)={0x20, r1, 0x5, 0x40000000, 0x0, {0x22}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x2008c0d4) 2.595697496s ago: executing program 4 (id=1308): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000200), 0xffffffc1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f00007a6000/0x3000)=nil, 0x3000, 0x100000c, 0x22051, r0, 0x0) 2.448242058s ago: executing program 0 (id=1310): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x11, r0, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)={&(0x7f00000007c0)={0x14, 0x0, 0x9, 0x401, 0x0, 0x0, {0xa, 0x0, 0x8}}, 0x14}}, 0x4084) sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000240)="784e8532bc51d9778e4bbb81e255693d2832f3802728ed763aacf318e80e1b19cf30c5f4214185052aab22dea830553c6db324352d6edce6927f9e747f08a659c1365f8b318c734936b24ccb80c8b9892cf2d5f5e6f9bd14951b8dac37e3c51873f21eb6a3d5b0f6852ef05a094926bd00f74ab5d68f2dbec3a6471ec5517ea7973b0eadd203e9d651881048bf4102cc30729aae5c8a1b3a4223a29d92aa550723d99f6596f26bfc66e02de540c397a62d50bb060246300520caddf20ae6701bac03fe94aec0bb32b8ee92dd974bb54ea2ccc2959f4f07e91cb2f22e8e16b11cee681e1f909bc6edfd7d05f7c914a76c9c99879bc728e358d8fcd7e3767117482364ed76b0bd26fca5cc821dfcc0320e2da567cf8e266adcfa020bdc376bb0e3a3cc9725682a957265884a6705f12b04414779837b8fe1ac5457fc005d8609efe3a00007d08ac5a9c7442bbd775f9d7ff490b3fb820e2f4e64c31cfa2101de770ad8d0903c2cf7f907fccfadad58b54d3e76d855ccc9e69fa067578ef929d153e148f0e611a40fe480ee02c2c6880a3ebf78f949e53ffef9aab25fb2816e2933f480d6d60a91c045b70211934ace2695a867eb88d29b2253174baaa56ce64db43e4f5cc822d371c92fd49dec3ac483d904343b3549e529cac2b8be9532f073d7e7c742cf7fa09b030b36671b397e03b9aca2dea714e57b7b429bd064b3c5406b960dfceba3b624c67490309875a87a93250a9113c7e051c506ecb935ed7beef8b644e7725c473250b4b88c78a33c7329ae801e09fed0a408a4e7af19c2fe674b1a56da16c8aad062b00dc84ea79442cfca1645ee35e9bc22ce3199862506cb15cd79c2704c5b86bd992045fe4f8b3e07a9fe59f7b829a232a5fa15b8bcc971857e036afa9651cf114ac34600be4f663f07067e1e55ed8aa1641f6381cb6ce2cb751f032bd6588835acf67ddf7a3af75526ca75bdcfc7a5566044af497610e79987c61d8e5d8292a88107a5b4ee93a34eac880433585092356f76f2633db86b1a1412e10d3932bb7a52d3007dd635bda34a82769e5a9bdade27aed4f9c68f8527924b07749980e1e15c708010274a6c6ebc5213fe31d3bc459051823b7ee6c32797239e40d4821209b498c95080a2ca90c479da86c164304e02a7e71b8f55586292cc9fafa4c5bda285a9de792d6a6a03e5a1f2a13eac02a95f87f13fbfbedc6533b78cf5ac5ce562ef504f95465814f9bb35495196b73780c0a5fc7c6a006ee2d34123c1224d9c08baf0611ba9e7ceb3ccf887e58a78fe236947c4a486c83e49e0070d4fa81a9652e690dcdae169ebd65c281a863905a7ecf9c8f19fe059b2022ef75ab1e9c7c1ad532ff25da12c5e250f601ce95844223310d9959fddc0e684979c6f15d7673512237239b9eb48f72a930e5cc64c382c662db18581eb0069b2242058812f1ae092e139411fc8ec242e8f7dd4da10bcd3f92c0715edf775ffaabd181a36d2a39ceb192e3ebdff02c0c75bd259e725fd4cd5c2722efc41f37ab25706485a265d683c8569c3209a930e05047074b3941f41003d550d923e6dd50110e18d965763727739902067e73a520270c5cb53d6fd22ec4ea8853d113451cb3da2a7a698c807ec394c1da0b9de2a1d62f24a2292c65640ef6a0924191133e80aa60e4f8f5adbae3131956b38c997085f25f54338653d65847f1602e1ad7eb9501f9867e1bfc2410c3fc6402a1f605c0088ef13db8cf967a868e7ae2713b1dc297a5ab33b27566df656d954ee44ffed8a15bac40262099a3287f40425cd146c4a9639321fd46dd85dab9000bce3558f7c99de2849d57041d79082b82faf85abf5ac0c325ca3645500d2bb04809ac3ab33c24b738765d80c610c917b756a1cd4da3ce0921ae1789ea8c3f00532fe97c435cda5a2f5013b90ea596389af1fbba1510ce50d3476019d70be6634ddabdc925324e0bf6914a803c9bccb9f4daa61e9250e05a0d6e906d68418f906dfdcc416441828680bc9160a932168adf51240bce901a1eee84f69dce9cee3378f8414188afc484cfb92043b352271552a152ecac0ec1ba19f1dc72db5d4155d5bf6a63aee9a702f1e194082e609bb30419901349d244a11617795b4580a849196f5c67ed4b060e42b394bbfb4bbfa601d2c8ddff5986563df99b5f02a0f61d56d11a47095651d7337c7c167a04e4a71596fe58486d74bc8ef0a82c370c9ed24e58ed5950b119664767fd6742e967199c4671f5b48a2d723dabc77fc7f9ac57cc36d95b0e336032ccb4647a5502e44db059bb0bce58e4ed4bdd6931cc92c782c75d44d4a1f25e6f6ca076f2ea586ac5daadc5599aa6e5bb26206ffc1310779cba10d72bdbb7ef62b9d22bec948b2153afa5a8e1c1d8d724fc673069c74564102400417452c5eb5350e2a50a732f76122a5648525fa1793a0af6e0a3dcb568a598f7c179e908b40f19fc10a16d53b112692adc1e4dc954009f726057acf04a9740f6bb66327e746dcd7b8b8851e622f9da2c9ddd124e300f03f07e77cf04a263329b435ed04eadb9dc91cfe396f41114283eccbf58f2dccfe32f908cea6678f7490bacbe60c75eb2754e9722b2c58771537966bfe1066c4d28bcceccdca07eb60ddc355aa710266da85e456aa83739fea4ad7dadf461c682201391fa550e12e01be5a2a2c55c3b697aa2e176aad4be5a8dbfb8043f72c5743992e5c7000608a2cf86d88885bf6e1e2173b1361cec282ef35bde24cf99c11110c16c1678c38b74738911ec3eac23067500103f0f5d7dff122fca66852126ce9ac10c7c065992b3fcd81f7d94adad6fcb45872d3fa97f5d704f1653dad962c16daa6978e2fcf41f10257c306fc05fe4cd20e30989b37b19e874f27a065c8d62f2b4194a1540199be22b7e267ce6d2ffc8243421d9f629f5048587ff5d91f8c7bbb9049b40d859e6d382926ba8f005deb18727cefd76198d00d92ef680b56864c9eea9dca35b0e90d0afe1440af704bf00bd68ca088c568088d6aa34a42d66645743ad481b9e5490cfcee486f456490a0e9c3a0bff49b528871a4dfb104a18ba6a22df288349b6fca36b1908c548e90cec26fa28a0772fa4e9418c8d02a3319bc9e8f3892fc933f465ccb6ec683fdc9dd5854bb1295d114bde2e84d04513897ed3ee41ecc1d6d0354c57046c58e390836f11b3e6d4712f7d61b221aa147a58c3903b319a3da746296e576ae21bca4c1c939986fe04145093c4b9173e1936e54c4bfd9aaa4efdd39f2a39e9554fe1bfee4597ce8c798b6233e22a8dcdc7e610ddf6a8c810e7429bb2fcd60f7108119112b3cc5a71fef1fac311afa0d034fd00954111ded4cf381d6a73cc4f6165052325e04566fbb2c644e8bd7e7cf3923af608af8f3537deaaef891bdc258a8341e742f62727444c2cb28ccf8c7e3d79d1162c29af2914627830fe3433c8beb27efc8e08f14581ee0acb0a761a2b0a1f219601c9bae3c6d92f2d3d712e9c239d2910e9ea0f539bc069b7e8a1e36abb4e3ec20ca1677fa0cf3c4d2d3180d15a3c808d0421b564fcb180316df4f46b33df1e57ca2644d8b3fcdd13fef43a3ab76982887a4751615e7665d639854c8c3a8bdceb6cee0fb00fb19f98c42cd6a555da3c4d6a5c6c3ca9f7ccece5bee4907e8676a05aaf4213d4e60c4f5f0bf1a8126b6555ec137dc5f7ca56901bf21329da5a6ad30ebd1d454d7ee3110ae88de0109084e1cdc6342b68883a5205ef763645cdf26815e9f99f8c4bcc5227142ba4e9da752abe3ce3a11f2df8aff40ea3db731c8c1992fc0ab2681c9613861f61f8173d7fafd7a3516e169a8c0541d7632a59641ad3c67ca2cde8dcfcababaa676e25f113d0a6bf3274fc532fafb6042b633051039d682d87477f3a14fa77a7966a6f019738c0a8eb737eea7464d4477f7be1a4553ae736f0dde836688cd4d90e0d207cb82b33f1207d893b1c720d3070c73d6a9b1e52634aea9117ba6a3c063c28e46a687ab0e239b0d95cc2eb76f2b1b6fa6963bb11489e490e70d7f2394cb350f952170a0f6c6338e8460579a1013d9bbc9cc438f617551803af00700e636d0545a4a6877698441b5961cf86d5c40fbbf95775d13dbb50de6a565bd98c3fc8db86278de0bdada8860917ae00345191f96cdffb43216705048851b9bb9cca1e14d394bd9ecd6f567cb16a17592535b0322d143e14f0f982262d5ea7f6790e16c49f6e8740c40be3ae70bf21e5691a175b0060e72c8025f46a439732b8cb8239a5e6823846838f54cb939beca1ca0425c3e43027b3526fc1ffe5e71b72a908002e2e5090e343e87c82cbf2f162f2fef4081c4212b9e4eed4f746a85859f33bcca464667b850851c6e6aafacf930c2f70e777133c651c1851ea8015a9f01cf7c41bf37af677dcd6ad9b0a8eb235f73db7f72007b9d12044451725c559f47deb4bf5054f154e805788a39e69754a054aff979122800365765843cce90a93a3bc6955963594e02da9f7fad62743419870c04751fcd7d8800fc17d6c1566fd1c35f9b464d235d7569f2d0cceeee1c5adbff3e87f3e67bc4beaa4a3fb948b2241b315d0d2a2060bdb2514eaae67a0add5ff446c8291c69d3acd9b7ffa4d01490994bf0135759ba56973d703883c4736c76f5dacb2629bdb429e41bce829bf72b13c0c3d0163efff66b3cde89a61ec6d4a0c3269924934575ff6a6656fc89e9d0d5a5d2a093022b9791763c14a76581e5e1e9f0cf56803e3a29fa93610cff5473a9299dff90e5bfd0e078bc0c4f48a7e379c63b5b048a5ddaeddb495c1631b871f053ad863e832fdc250c1de5242375734feb2895f905d77a1cb3219bb48c3a1403173e401f99d30e5af3731a08fc47186657353cef9e0a628cbf2f67bbe297c9e5bc1b99968f6d744e338a9b3618f180e49d1b641290b2beeaba720abdf6ef0391ab5499d15b5ee5480060e05bb1b50e6516f1f28588343c73c037f410a413cddaecaca940072844ad343a497984d45aa9b8e2be120b8bd0c6e786f5541e7d400d58431417001694a990af3270f82e4a8717e29514f78d0f8e8d9fb373268656b60c0c1c81999f86343a5271481bdf7b724b55d8ae05cb2ef6d81a7688d2f13a087b4759f3dae8762f76b4cd1fd61cf5b50667e1010c1ae5cd00761b7e077238647ba9206513bf9c62b507088c2d60e76030d572a86a217eca7480886aa9c3a93019316ffcb1555d978a1ed048adbdfd0b128eb073e5eb9593789b7474a8fe1695a7176deb561cd8cd656fd852df410aa4642f1c1534a272b9a0a6e6f1d660d035a4ed6f566678b83775f359a1119643b28b2466c1d192b54bcd3c2e7104ecf1d5fa70544bd38a0edbf26e9a6844bd9adade62cc76be8f2840c50afb9fe95698b945fe2fe17080f4c296b474e47179583f4cdf36fb93c4d53ff4d0697a221d497ce4240db574b53f60dd38862e7e04e64bfdd53639ea6c4b60ec39f7425dab78c7635fac31685b626b67119e3afb3e682fe3476e82b18f115b4b45366816012fb579d67e1f01028622ab891d3a44db13fb8b15ceb4aa88be06c80b049176fd368d32d06975d402b3f4078828edeb8ea49220e888ef3aec7f572aec2ad09c216626a9121f9533b6cb0e5084ebbc1c8b77ddd0021cf749310ab316c285090b50315e51eb6ea04411c77ed685ca0a674aafbb5d39e7752de1956b5811a8e6dc259a5bf1cc43ff94e0eca9bee7452bb81d52480b3760f3563617cd0a5a297cff0da357f678f95ce433de5cca614114916a3b35d4a911c0", 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000000080)}}], 0x2, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000006480)={&(0x7f0000b9a000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb8, 0x0, 0x0, 0xfffffffffffffed8}, &(0x7f00000064c0)=0x40) 2.251997091s ago: executing program 4 (id=1315): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000180)={0x0, 0x2, 0x5, 0x5}) 1.600341149s ago: executing program 1 (id=1322): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) r0 = socket(0x8, 0x3, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, 0x0) 1.563539919s ago: executing program 0 (id=1324): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000240)={0x0, 0x9f}, 0x8) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="5000000002060104000000959c0db71041be0500050005000000000016000300686173683a6e00000000000000086611b2e500000900020073797a300000000005000400000000000500010007"], 0x50}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6, 0x3, 0x80}, @IFLA_GRE_IKEY={0x8, 0x4, 0x3}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}]}}}]}, 0x4c}}, 0x0) socket$inet6(0xa, 0x2, 0x6d) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)={0x3c, 0x3, 0x6, 0x202, 0x0, 0x0, {0x5, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000040) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b800000019000100000000f7ffffff00e000000200"/43, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000700000000000000000000000000000000000000000000000200000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000ffff"], 0xb8}}, 0x4004) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x11, &(0x7f0000000540)=0x8, 0x4) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c000280050001000000090024000280"], 0xa8}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00', @ANYBLOB="010000000000000000004400000008000300", @ANYRES32, @ANYBLOB="08002700851600000a00180000000000000000001c005a801800"], 0x4c}}, 0x4000804) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.436125431s ago: executing program 3 (id=1326): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x2f, 0x0, 0x0, 0xfffffffe, 0x0, @mcast1, @mcast1, 0x0, 0x0, 0x6, 0x1006}}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a80200003e000701feffffff00000000017c0000040042808802018006000600800a00007b02018020ef82972c4a888fa13836e811c4cd03b722b4ceca8be06b765000fcffffffffffff7eb6b5009a881fd61885956a03d9a9dc8452516454a3d167abf84c778c4df8237c0c0860693c5060dfea16df72653289de5ae7f1f3a2746c7e0900000011b9b91ed5687f850c00c8007d25212b2b4a2d000800a500", @ANYRES32, @ANYBLOB="590123809542d4912acea6c2a67d2baa4aa8043fe21dae7c2c095655b2fa25cc65a17fc77fa653210b7c0fce9c96f3e60f82eaa7bd8dbb3fff64c0f3b6029345ad92ce2bc4f40a4ef463dfa58d4b002f2f9ba78811a69294da38c9d1f56bf4a8c60e8a8f852036a60aba986804009f8008001e000600000067ca43cec3ad3fffcb4f4ead06be3ff342037b3565bb4e6a7408e629e42e4e80cccad28015d25cbe59315c3bbb49e2bc2d5f3d36708a8023c3401d3dd8a348b591d9654f94e8965119f7355ec5b058b1599b9daffeee0056088600be00708f351745d53e502e56356916b733c51db948d6769ce7f52e7c5cd4a32d898f5cbb7776d60a9d41972931ddaf957cef1388b3775364d48e2bc64798a17a43"], 0x2a8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 1.276251483s ago: executing program 3 (id=1328): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000012180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x0, 0x0, 0x0, {0xa, 0x0, 0xa}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}]}, @NFT_MSG_DELSETELEM={0x64, 0xe, 0xa, 0x301, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x44, 0x3, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x18, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x13, 0x1, "5a6cfa7bb2699b870d1ea224f6f616"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}, {0x4}, {0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPR={0x14, 0x7, 0x0, 0x1, @queue={{0xa}, @val={0x4}}}]}]}]}, @NFT_MSG_DELCHAIN={0x124, 0x5, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_USERDATA={0xda, 0xc, "6717340d6ed39a7e7500efd133c7ca417e785fb38c2e60161f662ba753fdf9d86db63dea284ddb7702f8f4dad974c03cfa8ab28c3d9100edd9e6d8a4e3f5a035310b69462c92f5f28f2dac4c71ef1f9cfe91dece9434028d22596e5fd6243d76ab9ef7ba74fd68c4db844cb53c281628e981147b0533fa5689d534d4b67a891ee38bea4e86dc47cc032e0da03c400c0d27011df6125b5411ae179e33cb8ff30eef90b04cb58f831d55e9159f98f4fec7c66d641979c26ac45f9894b78744f7069eaff338cbc52a89a2887a7d1adc912d9fffa057d9c1"}, @NFTA_CHAIN_COUNTERS={0x28, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x4}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x6}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xffffffffffffffff}]}]}, @NFT_MSG_NEWFLOWTABLE={0x14, 0x16, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x7}}, @NFT_MSG_DELTABLE={0x24, 0x2, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_USERDATA={0x4}]}, @NFT_MSG_NEWCHAIN={0x1c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffc}]}, @NFT_MSG_DELTABLE={0x24, 0x2, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_USERDATA={0xf, 0x6, "4e9241e74454c761391d96"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x248}}, 0x24040054) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0x3fe3aa0262d8c58b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) ioctl$FS_IOC_GETFSLABEL(r1, 0x800452d2, &(0x7f0000000100)) 1.234483054s ago: executing program 4 (id=1329): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000800}, 0x40010) socket(0x10, 0x3, 0x0) recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeca}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000001940)=""/189, 0xbc}, {&(0x7f0000000840)=""/245, 0xf5}, {&(0x7f0000000140)=""/45, 0x2d}, {&(0x7f0000000440)=""/84, 0x54}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f00000004c0)=""/6, 0x6}, {&(0x7f0000000340)=""/254, 0xf3}, {&(0x7f0000000240)=""/87, 0x57}, {&(0x7f0000000500)=""/216, 0xd8}], 0x9}, 0x80000000}], 0x4, 0x20, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1.222180544s ago: executing program 1 (id=1330): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0xfffffffc, @empty, 0x2}, 0x1c) listen(r0, 0x9) accept4$inet6(r1, 0x0, 0x0, 0x80000) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) 1.145943995s ago: executing program 0 (id=1331): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @empty}}, {0x14, 0x2, @in={0x2, 0x8, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x54}}, 0x0) 1.145593555s ago: executing program 3 (id=1333): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x50, 0x2, 0x6, 0x3, 0x0, 0x0, {0xd}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xd3}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x50}}, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x1c, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x4, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) 1.043924856s ago: executing program 3 (id=1334): r0 = socket(0x2a, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bond_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r2, {}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) 982.513897ms ago: executing program 0 (id=1335): r0 = syz_genetlink_get_family_id$fou(&(0x7f00000002c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x38, r0, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e20}, @FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_PEER_V6={0x14, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x38}}, 0x0) 910.871228ms ago: executing program 3 (id=1337): r0 = socket$kcm(0x2, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r1}, 0x10) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f00000002c0)) sendmsg$inet(r0, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/181, 0xb5}, {0x0}], 0x2) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000}, 0x38) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(0xffffffffffffffff, 0x0, 0x0) 910.776608ms ago: executing program 1 (id=1338): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000980)={0x20, r1, 0x405, 0x70bd27, 0x25dfdbfd, {}, [{{0x8, 0x1, r2}, {0x4}}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) 806.229539ms ago: executing program 0 (id=1340): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) pipe(&(0x7f00000000c0)) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r6, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010024bd7000fcdbdf252100000008000300", @ANYRES32=r8], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x9590f6cc3ea35512) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) 764.19862ms ago: executing program 1 (id=1341): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x50}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x11, 0xc, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000100)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34c8, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) 763.71288ms ago: executing program 2 (id=1342): r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, 0x0, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000021401002abd700001dcdf25080001000000000005005400"], 0x20}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810) 686.328951ms ago: executing program 2 (id=1343): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'ipvlan1\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000340)={0x0, 0x8000, 0x1800, 0x83, 0x2}, 0x20) 671.973691ms ago: executing program 1 (id=1344): r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x3}, 0x8) sendto$inet(r0, &(0x7f0000000100)="ab", 0x34000, 0x4004815, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10) 570.345542ms ago: executing program 1 (id=1345): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f00000006c0)=[{0x2, 0x3, {0x1, 0x1, 0x3}, {0x1, 0x1, 0x4}, 0x8d582fc6ec6e7987}, {0x2, 0x10000000000000, {0x0, 0x1, 0x4}, {0x2, 0x0, 0x4}, 0x1, 0xff}], 0x40) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r2, {0xfffd, 0xfff1}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) 528.221523ms ago: executing program 0 (id=1346): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x0) recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000840)=""/245, 0xf5}, {&(0x7f00000002c0)=""/35, 0x23}, {&(0x7f0000000440)=""/84, 0x54}, {&(0x7f0000001940)=""/4090, 0xffa}, {&(0x7f00000006c0)=""/243, 0xf3}], 0x5}, 0x5}], 0x4, 0x20, 0x0) 475.239774ms ago: executing program 2 (id=1347): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)={0x24, r1, 0xdac7a804b810efff, 0x70bd2b, 0x0, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}]}]}]}, 0x24}}, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r0, 0x8982, 0x0) 396.057505ms ago: executing program 2 (id=1348): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)={0x50, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x34, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x7f62}, @device_b, @device_a, @from_mac, {0x9, 0x9}, @value=@ver_80211n={0x0, 0x5, 0x3, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1}}, 0x3f, @val={0x8c, 0x10, {0x78c, "03f257529efc", @short="5b5faf851e03d3a9"}}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000800}, 0x4000004) 312.297046ms ago: executing program 2 (id=1349): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "2265d77eca70ffeb", "2a7490afedc2507756cce4cf72480364", "27c800", "00000000000085bc"}, 0x28) sendto$inet6(r0, &(0x7f0000000340)="d1", 0x1, 0x8000, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) sendto$inet6(r0, &(0x7f0000000100)='\fE', 0x2, 0x8000, 0x0, 0x0) 145.785178ms ago: executing program 4 (id=1350): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r2, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) r4 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc) setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f00000001c0)=@bpq0, 0x10) bind$ax25(r4, &(0x7f0000000f00)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x3}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) 49.965749ms ago: executing program 3 (id=1351): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0xa) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100), 0x1c) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000400)={@in6={{0xa, 0x4e24, 0x91, @remote, 0x1}}, 0x0, 0x0, 0x32, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000500)={@in6={{0xa, 0x4e24, 0x0, @loopback, 0x2}}, 0x0, 0x0, 0x4, 0x0, "a1c1dd75a6843e10951cd4b347113e55eb499519becf7542c90bc21470e441225642855b5f2faed4a18d67efd5f2fdf98328de94410300"}, 0xd8) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x1, @mcast2, 0x4}}, 0x0, 0x0, 0x11, 0x0, "2b20a9a47cddc63b223be606d7fa19f22a369ae751de81ca4d11e10450d766feb63b382d54ba4bb57a219cad5ddfc1e4fe760a1ce2ca64196953e92a07b3937730a33b6deca160d8c2fbff48eb964283"}, 0xd8) listen(r6, 0x0) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1) 0s ago: executing program 2 (id=1352): bind$xdp(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000006c0), r0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0xc0) kernel console output (not intermixed with test programs): 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 251.666830][ T4978] usb 3-1: USB disconnect, device number 11 [ 251.729694][ T4978] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 251.829775][ T4982] usb 4-1: USB disconnect, device number 14 [ 251.858014][ T4978] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 251.950517][ T4978] quatech2 3-1:0.51: device disconnected [ 254.811970][ T6442] loop3: detected capacity change from 0 to 262144 [ 255.094215][ T26] audit: type=1804 audit(1748429267.636:8): pid=6470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.635" name="/newroot/114/file1" dev="fuse" ino=1 res=1 errno=0 [ 255.186282][ T26] audit: type=1800 audit(1748429267.676:9): pid=6470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.635" name="/" dev="fuse" ino=1 res=0 errno=0 [ 255.276786][ T26] audit: type=1804 audit(1748429267.676:10): pid=6470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.635" name="/newroot/114/file1" dev="fuse" ino=1 res=1 errno=0 [ 255.344901][ T6476] loop2: detected capacity change from 0 to 8192 [ 255.381900][ T26] audit: type=1800 audit(1748429267.686:11): pid=6470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.635" name="/" dev="fuse" ino=1 res=0 errno=0 [ 255.453045][ T6476] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 255.453312][ T6490] netlink: 40 bytes leftover after parsing attributes in process `syz.3.642'. [ 255.473533][ T6476] REISERFS (device loop2): using ordered data mode [ 255.486366][ T6476] reiserfs: using flush barriers [ 255.526256][ T6476] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 255.547183][ T6458] loop1: detected capacity change from 0 to 32768 [ 255.563819][ T6476] REISERFS (device loop2): checking transaction log (loop2) [ 255.596350][ T4978] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 255.612628][ T6476] REISERFS (device loop2): Using r5 hash to sort names [ 255.673693][ T6458] XFS (loop1): Mounting V5 Filesystem [ 255.678570][ T6476] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 255.686452][ T4982] usb 1-1: new low-speed USB device number 18 using dummy_hcd [ 255.708569][ T6476] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 255.847075][ T6458] XFS (loop1): Ending clean mount [ 256.045058][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.051517][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.058187][ T4982] usb 1-1: device descriptor read/64, error -71 [ 257.506468][ T4218] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 257.662150][ T4978] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 257.666224][ T4170] XFS (loop1): Unmounting Filesystem [ 257.673141][ T4978] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 257.736223][ T4982] usb 1-1: new low-speed USB device number 19 using dummy_hcd [ 257.846453][ T4978] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 257.866004][ T4978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.874795][ T4978] usb 5-1: Product: syz [ 257.891813][ T4978] usb 5-1: Manufacturer: syz [ 257.899827][ T4978] usb 5-1: SerialNumber: syz [ 257.912094][ T4218] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 257.930331][ T4982] usb 1-1: device descriptor read/64, error -71 [ 257.936606][ T4218] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 257.936667][ T4218] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 257.936692][ T4218] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.996998][ T6476] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 258.075379][ T6512] loop3: detected capacity change from 0 to 40427 [ 258.127936][ T4982] usb usb1-port1: attempt power cycle [ 258.132535][ T4218] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 258.158441][ T6512] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff [ 258.168175][ T4218] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input10 [ 258.203996][ T6512] F2FS-fs (loop3): invalid crc value [ 258.246715][ T4218] usb 3-1: USB disconnect, device number 12 [ 258.247649][ T6512] F2FS-fs (loop3): Found nat_bits in checkpoint [ 258.259602][ T4978] usb 5-1: 0:2 : does not exist [ 258.264556][ T4978] usb 5-1: unit 6 not found! [ 258.352874][ T4978] usb 5-1: USB disconnect, device number 12 [ 258.727289][ T6512] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 258.822552][ T4188] udevd[4188]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 259.258242][ T6524] xt_l2tp: v2 tid > 0xffff: 262144 [ 259.823761][ T6529] loop4: detected capacity change from 0 to 512 [ 261.313145][ T6529] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 261.386167][ T6529] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 261.398312][ T6530] loop2: detected capacity change from 0 to 262144 [ 261.408278][ T6534] loop1: detected capacity change from 0 to 128 [ 261.425115][ T6529] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 261.460525][ T6529] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 261.482062][ T6534] EXT4-fs (loop1): Unrecognized mount option "euid>00000000000000000000" or missing value [ 261.531500][ T6530] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 261.540879][ T6530] BTRFS error (device loop2): unrecognized mount option 'subj_role=' [ 261.549791][ T6530] BTRFS error (device loop2): open_ctree failed: -22 [ 261.553308][ T6529] EXT4-fs (loop4): orphan cleanup on readonly fs [ 261.564901][ T6539] netlink: set zone limit has 8 unknown bytes [ 261.652932][ T6543] netlink: 40 bytes leftover after parsing attributes in process `syz.3.655'. [ 261.677896][ T6529] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.649: bg 0: block 34: padding at end of block bitmap is not set [ 261.803105][ T6529] Quota error (device loop4): write_blk: dquota write failed [ 261.838845][ T6529] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 261.849115][ T6547] netlink: 64 bytes leftover after parsing attributes in process `syz.3.656'. [ 261.889417][ T6529] EXT4-fs error (device loop4): ext4_acquire_dquot:6204: comm syz.4.649: Failed to acquire dquot type 1 [ 261.951423][ T6529] EXT4-fs (loop4): 1 truncate cleaned up [ 261.981633][ T4163] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 scanned by udevd (4163) [ 262.003260][ T6529] EXT4-fs (loop4): mounted filesystem without journal. Opts: norecovery,resuid=0x0000000000000000,minixdf,journal_ioprio=0x0000000000000003,nojournal_checksum,noblock_validity,,errors=continue. Quota mode: writeback. [ 262.346770][ T4979] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 262.896779][ T6565] netlink: 8 bytes leftover after parsing attributes in process `syz.4.662'. [ 262.929110][ T6563] loop1: detected capacity change from 0 to 164 [ 262.986427][ T6571] IPv6: addrconf: prefix option has invalid lifetime [ 263.496576][ T5537] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 263.806215][ T5537] usb 5-1: Using ep0 maxpacket: 16 [ 263.946606][ T5537] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 263.967492][ T5537] usb 5-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00 [ 264.006232][ T5537] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.030022][ T5537] usb 5-1: config 0 descriptor?? [ 264.046460][ T4979] usb 1-1: config 0 has too many interfaces: 255, using maximum allowed: 32 [ 264.055295][ T4979] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 255 [ 264.098678][ T4979] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF8, skipping [ 264.117880][ T6579] netlink: 4 bytes leftover after parsing attributes in process `syz.1.666'. [ 264.136180][ T4979] usb 1-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice= 0.00 [ 264.165367][ T6580] netlink: 4 bytes leftover after parsing attributes in process `syz.1.666'. [ 264.174279][ T4979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.187573][ T4979] usb 1-1: config 0 descriptor?? [ 264.228238][ T4979] ttusbir 1-1:0.0: cannot find expected altsetting [ 264.232174][ T6579] netlink: 20 bytes leftover after parsing attributes in process `syz.1.666'. [ 264.235647][ T4979] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 264.253401][ T6581] netlink: 20 bytes leftover after parsing attributes in process `syz.1.666'. [ 264.411477][ T6108] usb 1-1: USB disconnect, device number 21 [ 264.845778][ T6565] udc-core: couldn't find an available UDC or it's busy [ 264.866206][ T6565] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 265.158670][ T6573] loop2: detected capacity change from 0 to 32768 [ 265.435864][ T6575] loop3: detected capacity change from 0 to 40427 [ 265.545438][ T6575] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff [ 265.642552][ T6575] F2FS-fs (loop3): invalid crc value [ 265.748205][ T6575] F2FS-fs (loop3): Found nat_bits in checkpoint [ 265.964507][ T6575] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 266.215497][ T6584] loop1: detected capacity change from 0 to 262144 [ 266.253623][ T5537] greenasia 0003:0E8F:0012.0007: hidraw0: USB HID v0.05 Device [HID 0e8f:0012] on usb-dummy_hcd.4-1/input0 [ 266.300843][ T5537] greenasia 0003:0E8F:0012.0007: no inputs found [ 266.373105][ T6593] xt_l2tp: v2 tid > 0xffff: 262144 [ 266.902424][ T5537] usb 5-1: USB disconnect, device number 13 [ 266.921624][ T6584] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 266.931343][ T6584] BTRFS error (device loop1): unrecognized mount option 'subj_role=' [ 266.940428][ T6584] BTRFS error (device loop1): open_ctree failed: -22 [ 267.032722][ T6598] netlink: 40 bytes leftover after parsing attributes in process `syz.4.672'. [ 267.061749][ T4318] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop1 scanned by udevd (4318) [ 267.209847][ T6599] fido_id[6599]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 267.497010][ T6608] tipc: Started in network mode [ 267.516247][ T6608] tipc: Node identity 5f4c3a21e191f5aa403a, cluster identity 4711 [ 267.579359][ T6615] netlink: 64 bytes leftover after parsing attributes in process `syz.4.676'. [ 268.780685][ T4218] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 269.156598][ T4218] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 269.220057][ T4218] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 269.506196][ T4979] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 269.891995][ T4979] usb 1-1: config 7 has an invalid interface number: 170 but max is 0 [ 269.910753][ T4979] usb 1-1: config 7 has no interface number 0 [ 269.963867][ T6628] loop1: detected capacity change from 0 to 40427 [ 270.098728][ T4979] usb 1-1: New USB device found, idVendor=0979, idProduct=0227, bcdDevice=24.83 [ 270.118697][ T4979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.149792][ T4979] usb 1-1: Product: syz [ 270.154000][ T4979] usb 1-1: Manufacturer: syz [ 270.169453][ T4979] usb 1-1: SerialNumber: syz [ 270.633353][ T6641] netlink: 40 bytes leftover after parsing attributes in process `syz.4.685'. [ 270.663789][ T6628] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff [ 270.715162][ T6628] F2FS-fs (loop1): invalid crc value [ 270.817653][ T4218] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 270.833557][ T4218] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.851363][ T4218] usb 4-1: Product: syz [ 270.865197][ T4218] usb 4-1: Manufacturer: syz [ 270.875918][ T4218] usb 4-1: SerialNumber: syz [ 270.983033][ T6628] F2FS-fs (loop1): Found nat_bits in checkpoint [ 271.095199][ T6638] loop2: detected capacity change from 0 to 262144 [ 271.124521][ T6628] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 271.134585][ T6638] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 271.144042][ T6638] BTRFS error (device loop2): unrecognized mount option 'subj_role=' [ 271.152871][ T6638] BTRFS error (device loop2): open_ctree failed: -22 [ 271.256583][ T4218] usb 4-1: 0:2 : does not exist [ 271.325839][ T6648] loop4: detected capacity change from 0 to 128 [ 271.355643][ T4218] usb 4-1: USB disconnect, device number 15 [ 271.487597][ T6652] xt_l2tp: v2 tid > 0xffff: 262144 [ 271.562985][ T6648] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 271.764368][ T6648] ext4 filesystem being mounted at /125/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 271.895274][ T4163] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 scanned by udevd (4163) [ 272.053028][ T6656] netlink: 64 bytes leftover after parsing attributes in process `syz.3.688'. [ 272.329140][ T4979] gspca_main: jl2005bcd-2.14.0 probing 0979:0227 [ 272.335619][ T4979] command write [95] error -22 [ 272.340779][ T4982] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 272.349494][ T6663] autofs4:pid:6663:autofs_fill_super: called with bogus options [ 272.453645][ T4979] usb 1-1: USB disconnect, device number 22 [ 272.606225][ T4982] usb 3-1: Using ep0 maxpacket: 32 [ 272.746363][ T4218] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 272.802181][ T6673] loop1: detected capacity change from 0 to 8192 [ 272.886549][ T4982] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe [ 272.910976][ T4982] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.928070][ T6673] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 272.943022][ T4982] usb 3-1: Product: syz [ 272.955299][ T4982] usb 3-1: Manufacturer: syz [ 272.969413][ T4982] usb 3-1: SerialNumber: syz [ 272.978572][ T26] audit: type=1800 audit(1748429285.526:12): pid=6673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.694" name="file2" dev="loop1" ino=1048600 res=0 errno=0 [ 273.001129][ T6673] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 273.006360][ T4218] usb 4-1: Using ep0 maxpacket: 32 [ 273.041984][ T4982] usb 3-1: config 0 descriptor?? [ 273.047854][ T6673] FAT-fs (loop1): Filesystem has been set read-only [ 273.156398][ T4218] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 273.188109][ T4218] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 273.228762][ T4218] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 273.294923][ T4218] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.326409][ T4982] snd-usb-6fire 3-1:0.0: unknown device firmware state received from device: [ 273.345544][ T4982] eb 9a 47 80 9b f8 7a f0 [ 273.351677][ T4982] snd-usb-6fire: probe of 3-1:0.0 failed with error -5 [ 273.352316][ T4218] usb 4-1: config 0 descriptor?? [ 273.428491][ T6694] loop4: detected capacity change from 0 to 2048 [ 273.465160][ T4218] hub 4-1:0.0: USB hub found [ 273.525181][ T6694] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 273.542756][ T6654] loop2: detected capacity change from 0 to 1024 [ 273.666343][ T4218] hub 4-1:0.0: 1 port detected [ 273.746286][ T4216] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 273.765568][ T6654] hfsplus: unable to parse mount options [ 274.516004][ T6654] netlink: 60 bytes leftover after parsing attributes in process `syz.2.687'. [ 274.543953][ T4218] usb 4-1: USB disconnect, device number 16 [ 274.579573][ T4978] usb 3-1: USB disconnect, device number 13 [ 274.700925][ T4216] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.712053][ T4216] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.721895][ T4216] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 274.735120][ T4216] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 274.744314][ T4216] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.754503][ T4216] usb 2-1: config 0 descriptor?? [ 275.549021][ T4216] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 275.938210][ T4216] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 276.918945][ T4384] usb 2-1: USB disconnect, device number 22 [ 277.443464][ T6722] cifs: Unknown parameter 'h}# [ 277.443464][ T6722] [bIT&:"1:ӭ'4,Zz-#F<]%gC [ 277.443464][ T6722] SȘȞZ6' [ 277.647014][ T6719] fido_id[6719]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 277.687897][ T6724] netlink: 40 bytes leftover after parsing attributes in process `syz.1.709'. [ 278.107512][ T6726] bridge0: port 3(batadv1) entered blocking state [ 278.191129][ T6726] bridge0: port 3(batadv1) entered disabled state [ 278.333100][ T6726] device batadv1 entered promiscuous mode [ 278.380643][ T6734] loop4: detected capacity change from 0 to 128 [ 278.494250][ T6734] EXT4-fs (loop4): Unrecognized mount option "audit" or missing value [ 278.607615][ T4260] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 278.617873][ T4260] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 278.627440][ T4216] usb 1-1: new full-speed USB device number 23 using dummy_hcd [ 278.681716][ T6710] loop2: detected capacity change from 0 to 262144 [ 278.777034][ T6710] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 278.786426][ T6710] BTRFS error (device loop2): unrecognized mount option 'subj_role=' [ 278.795166][ T6710] BTRFS error (device loop2): open_ctree failed: -22 [ 279.055114][ T4323] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 scanned by udevd (4323) [ 279.958666][ T4216] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 280.016087][ T4216] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 280.026684][ T6744] input: syz1 as /devices/virtual/input/input12 [ 280.277144][ T4216] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 280.307816][ T4216] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.379458][ T4216] usb 1-1: Product: syz [ 280.426517][ T4216] usb 1-1: Manufacturer: syz [ 280.470903][ T4216] usb 1-1: SerialNumber: syz [ 280.633575][ T6747] netlink: 64 bytes leftover after parsing attributes in process `syz.2.718'. [ 280.657004][ T6730] loop1: detected capacity change from 0 to 40427 [ 280.683430][ T6730] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff [ 280.733766][ T6730] F2FS-fs (loop1): invalid crc value [ 280.820610][ T6730] F2FS-fs (loop1): Found nat_bits in checkpoint [ 280.880078][ T6755] loop3: detected capacity change from 0 to 24 [ 280.896144][ T4978] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 280.927847][ T6755] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 280.940496][ T4216] usb 1-1: 0:2 : does not exist [ 280.967894][ T6730] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 280.985842][ T6755] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 281.015453][ T4216] usb 1-1: USB disconnect, device number 23 [ 281.286358][ T4978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 281.306518][ T4978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 281.324845][ T4318] udevd[4318]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 281.388995][ T4978] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 281.470688][ T4978] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 281.685953][ T4978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.584781][ T4978] usb 5-1: config 0 descriptor?? [ 284.462592][ T6768] loop3: detected capacity change from 0 to 262144 [ 284.703374][ T6770] validate_nla: 63 callbacks suppressed [ 284.703394][ T6770] netlink: 'syz.1.722': attribute type 9 has an invalid length. [ 284.733813][ T6768] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 284.743235][ T6768] BTRFS error (device loop3): unrecognized mount option 'subj_role=' [ 284.752315][ T6768] BTRFS error (device loop3): open_ctree failed: -22 [ 284.766233][ T4978] usbhid 5-1:0.0: can't add hid device: -71 [ 284.772352][ T4978] usbhid: probe of 5-1:0.0 failed with error -71 [ 285.649811][ T4318] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop3 scanned by udevd (4318) [ 285.676833][ T4978] usb 5-1: USB disconnect, device number 14 [ 285.796381][ T4216] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 285.975791][ T6791] loop3: detected capacity change from 0 to 128 [ 286.291066][ T6791] EXT4-fs (loop3): Test dummy encryption mode enabled [ 286.986518][ T4216] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 287.036996][ T4216] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 287.065274][ T4216] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 287.161846][ T4216] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 287.218604][ T6776] loop4: detected capacity change from 0 to 40427 [ 287.534827][ T6776] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff [ 287.918354][ T6776] F2FS-fs (loop4): invalid crc value [ 287.976301][ T6776] F2FS-fs (loop4): Failed to start F2FS issue_checkpoint_thread (-12) [ 288.006182][ T4216] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.035861][ T4216] usb 3-1: config 0 descriptor?? [ 288.518949][ T4216] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 288.568443][ T4216] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 289.750194][ T6805] loop1: detected capacity change from 0 to 32768 [ 290.161680][ T6808] loop4: detected capacity change from 0 to 32768 [ 290.175788][ T6805] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 290.407369][ T6808] XFS (loop4): Mounting V5 Filesystem [ 290.623501][ T6805] (syz.1.735,6805,0):ocfs2_remount:624 ERROR: Cannot change heartbeat mode on remount [ 290.660762][ T6826] program syz.2.739 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 290.698433][ T4216] usb 3-1: USB disconnect, device number 14 [ 290.751956][ T6808] XFS (loop4): Ending clean mount [ 290.779517][ T6808] XFS (loop4): Quotacheck needed: Please wait. [ 290.814047][ T6825] loop2: detected capacity change from 0 to 2048 [ 290.842650][ T4976] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 290.855471][ T4170] ocfs2: Unmounting device (7,1) on (node local) [ 290.862844][ T6808] XFS (loop4): Quotacheck: Done. [ 290.912016][ T6825] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 290.921453][ T26] audit: type=1800 audit(1748429303.466:13): pid=6808 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.736" name="file2" dev="loop4" ino=9287 res=0 errno=0 [ 290.935258][ T6825] NILFS (loop2): mounting unchecked fs [ 290.980464][ T6825] NILFS (loop2): recovery complete [ 291.036195][ T6828] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 291.077515][ T26] audit: type=1804 audit(1748429303.626:14): pid=6808 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.736" name="file2" dev="loop4" ino=9287 res=1 errno=0 [ 291.260577][ T4169] XFS (loop4): Unmounting Filesystem [ 291.367943][ T4976] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 291.379398][ T4976] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 291.389399][ T4976] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 291.404922][ T4976] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 291.422790][ T4976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.464718][ T6834] loop1: detected capacity change from 0 to 256 [ 291.485279][ T6834] exfat: Unknown parameter 'keep_last_dots' [ 291.558279][ T4976] usb 4-1: config 0 descriptor?? [ 293.491206][ T4976] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 293.751739][ T6843] loop1: detected capacity change from 0 to 32768 [ 293.837593][ T4976] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 293.950885][ T6843] ERROR: (device loop1): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1 [ 293.950885][ T6843] [ 294.456879][ T4982] usb 4-1: USB disconnect, device number 17 [ 294.996562][ T4979] usb 1-1: new full-speed USB device number 24 using dummy_hcd [ 295.073820][ T6861] loop2: detected capacity change from 0 to 2048 [ 295.195624][ T6856] fido_id[6856]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 295.303160][ T6861] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 295.437133][ T6869] loop3: detected capacity change from 0 to 1024 [ 295.496506][ T4979] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 295.578222][ T6872] loop4: detected capacity change from 0 to 1024 [ 295.643928][ T6869] hfsplus: failed to load catalog file [ 295.683767][ T4979] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 295.743211][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 295.751154][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 295.795527][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 295.803403][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 295.838050][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 295.845461][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 295.868753][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 295.876163][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 295.902492][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 295.910087][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 295.945680][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 295.953420][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 295.989498][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 295.997041][ T6872] hfsplus: request for non-existent node 33423360 in B*Tree [ 296.046987][ T4979] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 296.141218][ T4979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.270741][ T4979] usb 1-1: Product: syz [ 296.323034][ T4979] usb 1-1: Manufacturer: syz [ 296.376528][ T4979] usb 1-1: SerialNumber: syz [ 297.063317][ T4979] usb 1-1: 0:2 : does not exist [ 297.111604][ T4979] usb 1-1: USB disconnect, device number 24 [ 297.399279][ T4323] udevd[4323]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 298.764006][ T6878] loop3: detected capacity change from 0 to 32768 [ 298.793724][ T6888] netlink: 'syz.0.758': attribute type 1 has an invalid length. [ 298.847216][ T6888] netlink: 12 bytes leftover after parsing attributes in process `syz.0.758'. [ 298.947372][ T6878] XFS (loop3): Mounting V5 Filesystem [ 299.029876][ T6881] loop2: detected capacity change from 0 to 262144 [ 299.065279][ T6878] XFS (loop3): Ending clean mount [ 299.122765][ T6878] XFS (loop3): Quotacheck needed: Please wait. [ 299.147160][ T6881] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 299.156594][ T6881] BTRFS error (device loop2): unrecognized mount option 'subj_role=' [ 299.204571][ T6881] BTRFS error (device loop2): open_ctree failed: -22 [ 299.336310][ T6878] XFS (loop3): Quotacheck: Done. [ 299.349169][ T6899] loop4: detected capacity change from 0 to 4096 [ 299.392263][ T6899] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 299.433051][ T26] audit: type=1800 audit(1748429311.976:15): pid=6878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.755" name="file2" dev="loop3" ino=9287 res=0 errno=0 [ 299.538427][ T4323] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 scanned by udevd (4323) [ 299.616148][ T4982] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 299.685615][ T26] audit: type=1804 audit(1748429312.226:16): pid=6878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.755" name="file2" dev="loop3" ino=9287 res=1 errno=0 [ 301.436307][ T4982] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 301.447982][ T4183] XFS (loop3): Unmounting Filesystem [ 301.488114][ T4982] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 301.501631][ T4982] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 301.531160][ T4982] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 301.540632][ T4982] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.573123][ T4982] usb 2-1: config 0 descriptor?? [ 301.722561][ T6921] loop2: detected capacity change from 0 to 1024 [ 301.880168][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 301.887752][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 301.912190][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 301.919625][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 301.941349][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 301.948811][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 301.968450][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 301.975841][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 302.002605][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 302.010237][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 302.038108][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 302.045487][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 302.070920][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 302.078469][ T6921] hfsplus: request for non-existent node 33423360 in B*Tree [ 302.142420][ T4982] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 302.417596][ T4982] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 302.628779][ T4979] usb 2-1: USB disconnect, device number 23 [ 302.795260][ T6929] fido_id[6929]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 302.962156][ T6931] netlink: 40 bytes leftover after parsing attributes in process `syz.2.768'. [ 302.976200][ T4982] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 303.216433][ T4979] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 304.360613][ T6936] loop1: detected capacity change from 0 to 131072 [ 304.476334][ T4979] usb 1-1: Using ep0 maxpacket: 16 [ 304.515602][ T6936] F2FS-fs (loop1): Found nat_bits in checkpoint [ 304.623538][ T6936] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [ 305.558378][ T4982] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 305.567634][ T4258] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 305.575315][ T4982] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.583831][ T4982] usb 5-1: Product: syz [ 305.588361][ T4982] usb 5-1: Manufacturer: syz [ 305.592974][ T4982] usb 5-1: SerialNumber: syz [ 305.927016][ T6953] loop4: detected capacity change from 0 to 4096 [ 305.978306][ T6953] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 306.344019][ T6949] loop2: detected capacity change from 0 to 262144 [ 306.350998][ T4979] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 145, changing to 11 [ 306.362580][ T4982] usb 5-1: can't set config #1, error -71 [ 306.369294][ T4979] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42783, setting to 1024 [ 306.380697][ T4982] usb 5-1: USB disconnect, device number 15 [ 306.387717][ T4979] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 306.400578][ T4979] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 306.412348][ T4979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.442524][ T4979] usb 1-1: config 0 descriptor?? [ 306.492002][ T4979] usb 1-1: can't set config #0, error -71 [ 306.516315][ T4258] usb 4-1: device descriptor read/64, error -71 [ 306.543084][ T4979] usb 1-1: USB disconnect, device number 25 [ 306.557251][ T6949] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 306.566774][ T6949] BTRFS error (device loop2): unrecognized mount option 'subj_role=' [ 306.581805][ T6949] BTRFS error (device loop2): open_ctree failed: -22 [ 306.692506][ T4188] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 scanned by udevd (4188) [ 306.696621][ T6964] netlink: 16 bytes leftover after parsing attributes in process `syz.4.772'. [ 306.716235][ T6964] netlink: 4 bytes leftover after parsing attributes in process `syz.4.772'. [ 306.816408][ T4258] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 307.026255][ T4258] usb 4-1: device descriptor read/64, error -71 [ 307.165501][ T4258] usb usb4-port1: attempt power cycle [ 307.588880][ T6973] loop1: detected capacity change from 0 to 4096 [ 307.613606][ T6967] loop2: detected capacity change from 0 to 32768 [ 307.656375][ T4979] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 307.705708][ T6973] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 307.764014][ T6967] XFS (loop2): Mounting V5 Filesystem [ 307.936327][ T4978] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 307.936440][ T4979] usb 1-1: Using ep0 maxpacket: 16 [ 308.187041][ T4979] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 308.250119][ T4979] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 308.326791][ T4978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 308.395685][ T4978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 308.468301][ T4978] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 308.532701][ T4978] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 308.550426][ T4978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.563389][ T4979] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 308.593208][ T4979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.610352][ T4978] usb 5-1: config 0 descriptor?? [ 308.625678][ T4979] usb 1-1: Product: syz [ 308.635981][ T4979] usb 1-1: Manufacturer: syz [ 308.645935][ T4979] usb 1-1: SerialNumber: syz [ 308.684155][ T6967] XFS (loop2): Ending clean mount [ 308.694180][ T6967] XFS (loop2): Quotacheck needed: Please wait. [ 308.777620][ T6967] XFS (loop2): Quotacheck: Done. [ 308.822346][ T26] audit: type=1800 audit(1748429321.366:17): pid=6967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.774" name="file2" dev="loop2" ino=9287 res=0 errno=0 [ 308.882304][ T6978] loop3: detected capacity change from 0 to 32768 [ 308.989994][ T4177] XFS (loop2): Unmounting Filesystem [ 309.008010][ T4979] usb 1-1: 0:2 : does not exist [ 309.073541][ T4979] usb 1-1: USB disconnect, device number 26 [ 309.236999][ T6978] XFS (loop3): Mounting V5 Filesystem [ 309.239680][ T4978] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 309.286264][ T4978] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 309.371449][ T4318] udevd[4318]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 309.972310][ T6978] XFS (loop3): Ending clean mount [ 310.141692][ T6978] XFS (loop3): Quotacheck needed: Please wait. [ 310.377224][ T6978] XFS (loop3): Quotacheck: Done. [ 311.042675][ T7024] netlink: 64 bytes leftover after parsing attributes in process `syz.2.783'. [ 311.064351][ T4183] XFS (loop3): Unmounting Filesystem [ 311.757155][ T4978] usb 5-1: USB disconnect, device number 16 [ 311.831537][ T7031] netlink: 4 bytes leftover after parsing attributes in process `syz.4.791'. [ 311.908798][ T7009] loop1: detected capacity change from 0 to 262144 [ 312.007362][ T7039] netlink: 40 bytes leftover after parsing attributes in process `syz.0.794'. [ 312.017369][ T4258] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 312.027069][ T7009] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 312.036436][ T7009] BTRFS error (device loop1): unrecognized mount option 'subj_role=' [ 312.047717][ T7009] BTRFS error (device loop1): open_ctree failed: -22 [ 312.334850][ T7049] loop3: detected capacity change from 0 to 22 [ 312.371976][ T4188] udevd[4188]: incorrect romfs checksum on /dev/loop3 [ 312.546695][ T5537] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 313.006420][ T5537] usb 5-1: Using ep0 maxpacket: 16 [ 313.044732][ T4323] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop1 scanned by udevd (4323) [ 313.068105][ T4188] udevd[4188]: incorrect romfs checksum on /dev/loop3 [ 313.136651][ T5537] usb 5-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 313.172116][ T5537] usb 5-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 313.210701][ T5537] usb 5-1: config 0 interface 0 has no altsetting 0 [ 313.236230][ T5537] usb 5-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 313.335567][ T7062] netlink: 64 bytes leftover after parsing attributes in process `syz.0.800'. [ 313.346925][ T5537] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.396451][ T4258] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 313.411904][ T4258] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 313.436415][ T7064] netlink: 12 bytes leftover after parsing attributes in process `syz.3.799'. [ 313.437647][ T5537] usb 5-1: config 0 descriptor?? [ 313.587824][ T4258] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 313.604112][ T4258] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.612699][ T4258] usb 3-1: Product: syz [ 313.617860][ T4258] usb 3-1: Manufacturer: syz [ 313.622571][ T4258] usb 3-1: SerialNumber: syz [ 313.786455][ T4975] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 314.126215][ T5537] holtek_kbd 0003:04D9:A055.000D: item fetching failed at offset 0/4 [ 314.211041][ T5537] holtek_kbd: probe of 0003:04D9:A055.000D failed with error -22 [ 314.402525][ T5537] usb 5-1: USB disconnect, device number 17 [ 315.093221][ T4258] usb 3-1: 0:2 : does not exist [ 315.116471][ T4975] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 315.138750][ T4975] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 315.175692][ T4258] usb 3-1: USB disconnect, device number 15 [ 315.178759][ T7087] netlink: 8 bytes leftover after parsing attributes in process `syz.4.807'. [ 315.221803][ T7092] netlink: 40 bytes leftover after parsing attributes in process `syz.2.808'. [ 315.236694][ T4975] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 315.278720][ T4975] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 315.328704][ T4975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.441317][ T4975] usb 1-1: config 0 descriptor?? [ 315.501967][ T4188] udevd[4188]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 315.976206][ T7103] netlink: 64 bytes leftover after parsing attributes in process `syz.4.812'. [ 316.028860][ T4975] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving [ 316.201394][ T4975] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 316.388655][ T7105] loop2: detected capacity change from 0 to 128 [ 316.451982][ T7105] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 316.558465][ T7105] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 317.048030][ T7105] autofs4:pid:7105:autofs_fill_super: called with bogus options [ 317.416173][ T4975] usb 1-1: reset high-speed USB device number 27 using dummy_hcd [ 317.470817][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.481727][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.648045][ T7117] loop4: detected capacity change from 0 to 4096 [ 317.693730][ T7117] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 317.898462][ T4169] ntfs3: loop4: ntfs_sync_fs r=1a failed, -22. [ 317.916285][ T4169] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 317.969543][ T4169] ntfs3: loop4: ntfs_evict_inode r=1a failed, -22. [ 318.169813][ T7123] process 'syz.0.821' launched './file0/file0' with NULL argv: empty string added [ 318.363058][ T4979] usb 1-1: USB disconnect, device number 27 [ 318.496980][ T7115] loop3: detected capacity change from 0 to 40427 [ 318.522791][ T7132] netlink: 20 bytes leftover after parsing attributes in process `syz.0.823'. [ 318.570329][ T7119] loop2: detected capacity change from 0 to 32768 [ 318.580038][ T7115] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff [ 318.608170][ T7132] netlink: 28 bytes leftover after parsing attributes in process `syz.0.823'. [ 318.631246][ T7115] F2FS-fs (loop3): invalid crc value [ 318.645617][ T7115] F2FS-fs (loop3): Found nat_bits in checkpoint [ 318.664478][ T7132] device gretap0 entered promiscuous mode [ 318.731122][ T7119] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 318.740611][ T7132] device batadv_slave_1 entered promiscuous mode [ 318.764691][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 318.766254][ T7119] BTRFS info (device loop2): using free space tree [ 318.809494][ T7115] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 318.839483][ T7119] BTRFS info (device loop2): has skinny extents [ 319.209480][ T7152] xt_l2tp: v2 tid > 0xffff: 262144 [ 319.286339][ T7125] loop4: detected capacity change from 0 to 32768 [ 319.441060][ T7155] ipt_ECN: cannot use operation on non-tcp rule [ 319.644203][ T4979] Bluetooth: hci4: command 0x0406 tx timeout [ 320.452374][ T7125] jfs_mount: Mount Failure: superblock is corrupt! [ 320.507495][ T7125] Mount JFS Failure: -22 [ 320.550328][ T7119] BTRFS info (device loop2): enabling ssd optimizations [ 320.680315][ T7175] loop1: detected capacity change from 0 to 1024 [ 320.831105][ T7178] netlink: 64 bytes leftover after parsing attributes in process `syz.4.833'. [ 320.969353][ T7181] sch_tbf: burst 7710 is lower than device lo mtu (65550) ! [ 321.056000][ T7183] netlink: 20 bytes leftover after parsing attributes in process `syz.4.834'. [ 321.711851][ T7206] netlink: 40 bytes leftover after parsing attributes in process `syz.0.838'. [ 321.790237][ T7212] netlink: 32 bytes leftover after parsing attributes in process `syz.2.831'. [ 321.986840][ T7218] netem: change failed [ 321.995719][ T7219] netem: change failed [ 323.039060][ T7230] netlink: 64 bytes leftover after parsing attributes in process `syz.0.846'. [ 323.116321][ T4218] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 323.139960][ T7204] loop1: detected capacity change from 0 to 40427 [ 323.158689][ T7204] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff [ 323.235813][ T7232] loop4: detected capacity change from 0 to 128 [ 323.236757][ T7204] F2FS-fs (loop1): invalid crc value [ 323.264804][ T7234] netlink: 25 bytes leftover after parsing attributes in process `syz.0.848'. [ 323.329323][ T7204] F2FS-fs (loop1): Found nat_bits in checkpoint [ 323.337323][ T7234] netlink: 5 bytes leftover after parsing attributes in process `syz.0.848'. [ 323.376476][ T7234] 0XD: renamed from gretap0 [ 323.476515][ T4218] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 323.510693][ T4218] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 323.514876][ T7204] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 323.696408][ T4218] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 323.723312][ T4218] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.784051][ T4218] usb 3-1: Product: syz [ 323.813597][ T4218] usb 3-1: Manufacturer: syz [ 323.826116][ T7194] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 323.855740][ T4218] usb 3-1: SerialNumber: syz [ 323.887722][ T7243] xt_l2tp: v2 tid > 0xffff: 262144 [ 324.317603][ T4218] usb 3-1: 0:2 : does not exist [ 324.336468][ T7194] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 324.367797][ T7194] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 325.155992][ T7246] loop3: detected capacity change from 0 to 131072 [ 325.164723][ T7194] usb 5-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 325.173849][ T7194] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.205662][ T4218] usb 3-1: USB disconnect, device number 16 [ 325.224833][ T7194] usb 5-1: config 0 descriptor?? [ 325.290758][ T7246] F2FS-fs (loop3): QUOTA feature is enabled, so ignore qf_name [ 325.298569][ T7246] F2FS-fs (loop3): QUOTA feature is enabled, so ignore jquota_fmt [ 325.362572][ T7246] F2FS-fs (loop3): Found nat_bits in checkpoint [ 325.402738][ T7246] F2FS-fs (loop3): sanity_check_inode: corrupted inode ino=3, run fsck to fix. [ 325.411975][ T7246] F2FS-fs (loop3): Failed to read root inode [ 325.748313][ T7194] zydacron 0003:13EC:0006.000F: unknown main item tag 0x0 [ 325.749018][ T7251] loop1: detected capacity change from 0 to 131072 [ 325.765368][ T7246] IPv6: addrconf: prefix option has invalid lifetime [ 325.875144][ T7194] zydacron 0003:13EC:0006.000F: unknown main item tag 0x0 [ 325.882683][ T7194] zydacron 0003:13EC:0006.000F: unknown main item tag 0x0 [ 325.905256][ T7194] zydacron 0003:13EC:0006.000F: unknown main item tag 0x0 [ 325.910008][ T4323] udevd[4323]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 325.935311][ T7194] zydacron 0003:13EC:0006.000F: unknown main item tag 0x0 [ 325.965650][ T7251] F2FS-fs (loop1): QUOTA feature is enabled, so ignore qf_name [ 325.973418][ T7251] F2FS-fs (loop1): QUOTA feature is enabled, so ignore jquota_fmt [ 325.976722][ T7194] zydacron 0003:13EC:0006.000F: unknown main item tag 0x0 [ 326.028956][ T7194] zydacron 0003:13EC:0006.000F: unknown main item tag 0x0 [ 326.051310][ T7194] zydacron 0003:13EC:0006.000F: hidraw0: USB HID v0.00 Device [HID 13ec:0006] on usb-dummy_hcd.4-1/input0 [ 326.083587][ T7251] F2FS-fs (loop1): Found nat_bits in checkpoint [ 326.122118][ T7251] F2FS-fs (loop1): sanity_check_inode: corrupted inode ino=3, run fsck to fix. [ 326.131305][ T7251] F2FS-fs (loop1): Failed to read root inode [ 326.159292][ T7194] usb 5-1: USB disconnect, device number 18 [ 326.216820][ T7271] netlink: 64 bytes leftover after parsing attributes in process `syz.2.858'. [ 327.162978][ T7273] fido_id[7273]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 327.404039][ T7251] IPv6: addrconf: prefix option has invalid lifetime [ 327.745888][ T7287] loop4: detected capacity change from 0 to 4096 [ 327.835101][ T7287] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 327.903592][ T26] audit: type=1800 audit(1748429340.446:18): pid=7287 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.863" name="file0" dev="loop4" ino=0 res=0 errno=0 [ 328.033206][ T7288] [U] v3f"S/4:XTzWtlW= [ 328.068246][ T7288] [U] J"e:" [ 328.276291][ T4982] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 328.504270][ T7283] loop2: detected capacity change from 0 to 40427 [ 328.513408][ T7295] netlink: 40 bytes leftover after parsing attributes in process `syz.0.866'. [ 328.583885][ T7283] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1ffff [ 328.608568][ T7283] F2FS-fs (loop2): invalid crc value [ 328.630817][ T7283] F2FS-fs (loop2): Found nat_bits in checkpoint [ 328.916390][ T7283] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 329.179440][ T4979] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 329.226578][ T4982] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 330.139666][ T7302] xt_l2tp: v2 tid > 0xffff: 262144 [ 330.404321][ T4982] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 330.415143][ T4982] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 330.428624][ T4982] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 330.437945][ T4982] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.566334][ T4982] usb 2-1: config 0 descriptor?? [ 330.575629][ T7304] IPv6: addrconf: prefix option has invalid lifetime [ 330.676496][ T4979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 330.721361][ T4979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 330.787361][ T4979] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 330.856377][ T4979] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 330.902884][ T4979] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.934621][ T4979] usb 5-1: config 0 descriptor?? [ 331.058617][ T4982] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving [ 331.089189][ T4982] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 331.207748][ T26] audit: type=1326 audit(1748429343.756:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7314 comm="syz.3.872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90fc134969 code=0x7ffc0000 [ 331.248655][ T26] audit: type=1326 audit(1748429343.756:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7314 comm="syz.3.872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90fc134969 code=0x7ffc0000 [ 331.293438][ T7317] loop3: detected capacity change from 0 to 128 [ 331.307925][ T26] audit: type=1326 audit(1748429343.756:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7314 comm="syz.3.872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90fc134969 code=0x7ffc0000 [ 331.339701][ T26] audit: type=1326 audit(1748429343.756:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7314 comm="syz.3.872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90fc134969 code=0x7ffc0000 [ 331.371005][ T26] audit: type=1326 audit(1748429343.756:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7314 comm="syz.3.872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90fc134969 code=0x7ffc0000 [ 331.400772][ T26] audit: type=1326 audit(1748429343.756:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7314 comm="syz.3.872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90fc134969 code=0x7ffc0000 [ 331.423397][ T26] audit: type=1326 audit(1748429343.876:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7314 comm="syz.3.872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90fc134969 code=0x7ffc0000 [ 331.446271][ T26] audit: type=1326 audit(1748429343.876:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7314 comm="syz.3.872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90fc134969 code=0x7ffc0000 [ 331.473506][ T4979] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving [ 331.481977][ T7317] ufs: ufs_fill_super(): fragment size 3263967611 is not a power of 2 [ 331.502705][ T4979] plantronics 0003:047F:FFFF.0011: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 331.957124][ T7326] loop2: detected capacity change from 0 to 128 [ 332.092417][ T7326] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 332.146386][ T7326] ext4 filesystem being mounted at /175/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 332.450659][ T4258] usb 5-1: USB disconnect, device number 19 [ 332.517784][ T7341] loop2: detected capacity change from 0 to 2048 [ 332.634174][ T7341] UDF-fs: bad mount option "utfI" or missing value [ 333.438396][ T7343] loop1: detected capacity change from 0 to 131072 [ 333.609801][ T7343] F2FS-fs (loop1): QUOTA feature is enabled, so ignore qf_name [ 333.617542][ T7343] F2FS-fs (loop1): QUOTA feature is enabled, so ignore jquota_fmt [ 333.665284][ T7343] F2FS-fs (loop1): Found nat_bits in checkpoint [ 333.709184][ T7343] F2FS-fs (loop1): sanity_check_inode: corrupted inode ino=3, run fsck to fix. [ 333.718452][ T7343] F2FS-fs (loop1): Failed to read root inode [ 333.784147][ T7343] IPv6: addrconf: prefix option has invalid lifetime [ 334.005329][ T7339] loop3: detected capacity change from 0 to 40427 [ 334.026207][ T7194] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 334.055852][ T7339] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff [ 334.108955][ T7339] F2FS-fs (loop3): invalid crc value [ 334.122295][ T7365] loop1: detected capacity change from 0 to 128 [ 334.157543][ T4982] usb 2-1: USB disconnect, device number 24 [ 334.177149][ T7339] F2FS-fs (loop3): Found nat_bits in checkpoint [ 334.297966][ T7365] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 334.334559][ T7339] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 334.344573][ T7365] ext4 filesystem being mounted at /180/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 334.396416][ T7194] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 334.595336][ T7194] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 334.605281][ T7194] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 334.618252][ T7194] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 334.644859][ T7194] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.751396][ T7376] syz.4.890[7376] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 334.752098][ T7376] syz.4.890[7376] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 336.066226][ T7378] xt_l2tp: v2 tid > 0xffff: 262144 [ 336.545950][ T7380] netlink: 40 bytes leftover after parsing attributes in process `syz.4.891'. [ 336.588899][ T7194] usb 3-1: config 0 descriptor?? [ 336.626247][ T7194] usb 3-1: can't set config #0, error -71 [ 336.645856][ T7194] usb 3-1: USB disconnect, device number 17 [ 336.693491][ T7382] netlink: 64 bytes leftover after parsing attributes in process `syz.2.894'. [ 336.759698][ T7384] loop4: detected capacity change from 0 to 512 [ 336.976607][ T7396] loop2: detected capacity change from 0 to 512 [ 336.989703][ T7391] netlink: 'syz.0.896': attribute type 10 has an invalid length. [ 337.088693][ T7391] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 337.362128][ T7396] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 337.373359][ T4982] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 337.454640][ T7396] ext4 filesystem being mounted at /182/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 337.776491][ T4982] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 337.819231][ T4982] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 338.011920][ T7398] loop4: detected capacity change from 0 to 131072 [ 338.076395][ T4982] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 338.081324][ T7398] F2FS-fs (loop4): QUOTA feature is enabled, so ignore qf_name [ 338.093324][ T7398] F2FS-fs (loop4): QUOTA feature is enabled, so ignore jquota_fmt [ 338.110586][ T4982] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.125898][ T7398] F2FS-fs (loop4): Found nat_bits in checkpoint [ 338.164360][ T7398] F2FS-fs (loop4): sanity_check_inode: corrupted inode ino=3, run fsck to fix. [ 338.173680][ T7398] F2FS-fs (loop4): Failed to read root inode [ 338.185720][ T4982] usb 1-1: Product: syz [ 338.223389][ T4982] usb 1-1: Manufacturer: syz [ 338.245642][ T4982] usb 1-1: SerialNumber: syz [ 338.292814][ T7415] IPv6: addrconf: prefix option has invalid lifetime [ 338.590407][ T7394] loop1: detected capacity change from 0 to 32768 [ 338.607259][ T4982] usb 1-1: 0:2 : does not exist [ 338.832917][ T7423] loop4: detected capacity change from 0 to 512 [ 338.853314][ T4982] usb 1-1: USB disconnect, device number 28 [ 338.884767][ T7423] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 338.895116][ T7394] XFS (loop1): Mounting V5 Filesystem [ 339.494366][ T7423] EXT4-fs (loop4): 1 truncate cleaned up [ 339.525858][ T7423] EXT4-fs (loop4): mounted filesystem without journal. Opts: quota,resuid=0x000000000000ee01,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: writeback. [ 339.549978][ T4188] udevd[4188]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 339.721720][ T7394] XFS (loop1): Ending clean mount [ 339.737677][ T7394] XFS (loop1): Quotacheck needed: Please wait. [ 339.746965][ T7441] loop3: detected capacity change from 0 to 128 [ 339.808803][ T7441] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 339.872902][ T7413] loop2: detected capacity change from 0 to 40427 [ 339.936287][ T7441] ext4 filesystem being mounted at /192/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 339.968073][ T7413] F2FS-fs (loop2): Fix alignment : done, start(4096) end(16896) block(12288) [ 339.970412][ T7394] XFS (loop1): Quotacheck: Done. [ 339.987300][ T7444] netlink: 40 bytes leftover after parsing attributes in process `syz.4.907'. [ 340.013780][ T7413] F2FS-fs (loop2): invalid crc value [ 340.044727][ T7413] F2FS-fs (loop2): invalid crc value [ 340.075540][ T7413] F2FS-fs (loop2): Failed to get valid F2FS checkpoint [ 340.089194][ T4170] XFS (loop1): Unmounting Filesystem [ 340.710822][ T7451] loop2: detected capacity change from 0 to 4096 [ 340.745534][ T7451] ntfs3: Unknown parameter 'windows_names' [ 341.522501][ T7455] loop4: detected capacity change from 0 to 131072 [ 341.629126][ T7461] loop1: detected capacity change from 0 to 1024 [ 341.676057][ T7455] F2FS-fs (loop4): QUOTA feature is enabled, so ignore qf_name [ 341.683777][ T7455] F2FS-fs (loop4): QUOTA feature is enabled, so ignore jquota_fmt [ 342.036076][ T7455] F2FS-fs (loop4): Found nat_bits in checkpoint [ 342.087802][ T7455] F2FS-fs (loop4): sanity_check_inode: corrupted inode ino=3, run fsck to fix. [ 342.097117][ T7455] F2FS-fs (loop4): Failed to read root inode [ 342.344594][ T7455] IPv6: addrconf: prefix option has invalid lifetime [ 342.703322][ T4329] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.998474][ T7475] syz.4.917[7475] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 342.999181][ T7475] syz.4.917[7475] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 343.327983][ T4329] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.750723][ T4329] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.865648][ T4329] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.944103][ T7480] netlink: 40 bytes leftover after parsing attributes in process `syz.4.921'. [ 344.139240][ T7482] loop4: detected capacity change from 0 to 1024 [ 344.588829][ T4329] tipc: Left network mode [ 344.846862][ T7482] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 344.921491][ T154] hfsplus: b-tree write err: -5, ino 4 [ 345.127101][ T7506] loop1: detected capacity change from 0 to 128 [ 345.550835][ T7487] chnl_net:caif_netlink_parms(): no params data found [ 345.967559][ T7519] syz.1.930[7519] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 345.968263][ T7519] syz.1.930[7519] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 347.064036][ T7527] sctp: [Deprecated]: syz.1.932 (pid 7527) Use of int in max_burst socket option. [ 347.064036][ T7527] Use struct sctp_assoc_value instead [ 347.177754][ T7487] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.218003][ T7487] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.254302][ T7487] device bridge_slave_0 entered promiscuous mode [ 347.273110][ T7528] loop1: detected capacity change from 0 to 16 [ 347.305841][ T7487] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.367776][ T7528] erofs: (device loop1): mounted with root inode @ nid 36. [ 347.416245][ T7487] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.477691][ T7487] device bridge_slave_1 entered promiscuous mode [ 347.588904][ T4975] Bluetooth: hci3: command 0x0409 tx timeout [ 347.788049][ T7487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 347.827565][ T7487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 347.988998][ T7487] team0: Port device team_slave_0 added [ 348.032618][ T7487] team0: Port device team_slave_1 added [ 348.180556][ T7512] loop4: detected capacity change from 0 to 40427 [ 348.219654][ T7487] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 348.224434][ T7512] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff [ 348.235586][ T7533] netlink: 40 bytes leftover after parsing attributes in process `syz.1.933'. [ 348.275377][ T7487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 348.286070][ T7512] F2FS-fs (loop4): invalid crc value [ 348.358435][ T7487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 348.404750][ T7487] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 348.418802][ T7512] F2FS-fs (loop4): Found nat_bits in checkpoint [ 348.423502][ T7487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 348.500776][ T7487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 348.712969][ T7487] device hsr_slave_0 entered promiscuous mode [ 348.776453][ T7487] device hsr_slave_1 entered promiscuous mode [ 348.804085][ T7559] loop1: detected capacity change from 0 to 512 [ 348.815090][ T7487] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 348.847416][ T7487] Cannot create hsr debugfs directory [ 348.928718][ T7563] 9pnet: Insufficient options for proto=fd [ 348.940223][ T7559] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 349.046254][ T7559] ext4 filesystem being mounted at /191/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 349.112345][ T7563] netlink: 12 bytes leftover after parsing attributes in process `syz.0.941'. [ 349.492296][ T4329] device hsr_slave_0 left promiscuous mode [ 349.626390][ T4975] Bluetooth: hci3: command 0x041b tx timeout [ 349.819516][ T4329] device hsr_slave_1 left promiscuous mode [ 349.836952][ T4329] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 349.844594][ T4329] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 349.865262][ T7595] netlink: 40 bytes leftover after parsing attributes in process `syz.0.945'. [ 349.955830][ T7593] loop1: detected capacity change from 0 to 2048 [ 349.968105][ T4329] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 350.016105][ T4329] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 350.109156][ T7593] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 350.171701][ T4329] device bridge_slave_1 left promiscuous mode [ 350.188130][ T4329] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.417798][ T4329] device bridge_slave_0 left promiscuous mode [ 350.464661][ T4329] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.486218][ T4975] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 350.570837][ T7607] x_tables: duplicate underflow at hook 1 [ 350.639479][ T4329] device bridge0 left promiscuous mode [ 350.686071][ T4329] device veth1_macvtap left promiscuous mode [ 350.713836][ T4329] device veth0_macvtap left promiscuous mode [ 350.756580][ T4975] usb 1-1: Using ep0 maxpacket: 16 [ 350.766421][ T4329] device veth1_vlan left promiscuous mode [ 350.772556][ T4329] device veth0_vlan left promiscuous mode [ 350.876470][ T4975] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 350.918231][ T4975] usb 1-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00 [ 350.981929][ T4975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.034836][ T4975] usb 1-1: config 0 descriptor?? [ 351.369154][ T7585] loop4: detected capacity change from 0 to 262144 [ 351.474681][ T7585] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 351.484204][ T7585] BTRFS error (device loop4): unrecognized mount option 'subj_role=' [ 351.496774][ T7585] BTRFS error (device loop4): open_ctree failed: -22 [ 351.677491][ T4188] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop4 scanned by udevd (4188) [ 351.716396][ T4982] Bluetooth: hci3: command 0x040f tx timeout [ 352.222424][ T7625] loop1: detected capacity change from 0 to 2048 [ 352.261474][ T7625] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 352.277128][ T4329] team0 (unregistering): Port device team_slave_1 removed [ 352.285162][ T7625] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 352.304560][ T4329] team0 (unregistering): Port device team_slave_0 removed [ 352.313092][ T7625] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 160: 0x0b != 0xd4 [ 352.326163][ T7194] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 352.339834][ T7625] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 352.363652][ T4329] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 352.438424][ T4329] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 352.566331][ T7194] usb 5-1: Using ep0 maxpacket: 32 [ 352.646924][ T7629] kcapi: manufacturer command 3084 unknown. [ 352.687114][ T7194] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.706936][ T7194] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 352.756123][ T7194] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 352.786089][ T7194] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 352.846189][ T7194] usb 5-1: config 0 interface 0 has no altsetting 0 [ 352.886282][ T7194] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 352.926274][ T7194] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.966901][ T7194] usb 5-1: config 0 descriptor?? [ 353.488448][ T7194] hid-thrustmaster 0003:044F:B65D.0012: item fetching failed at offset 1/5 [ 353.516729][ T7194] hid-thrustmaster 0003:044F:B65D.0012: parse failed with error -22 [ 353.545433][ T7194] hid-thrustmaster: probe of 0003:044F:B65D.0012 failed with error -22 [ 353.724324][ T7194] usb 5-1: USB disconnect, device number 20 [ 353.970161][ T4976] Bluetooth: hci3: command 0x0419 tx timeout [ 353.984973][ T4329] bond0 (unregistering): Released all slaves [ 354.236279][ T4975] usbhid 1-1:0.0: can't add hid device: -71 [ 354.242306][ T4975] usbhid: probe of 1-1:0.0 failed with error -71 [ 354.266389][ T4979] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 354.305846][ T4975] usb 1-1: USB disconnect, device number 29 [ 354.485059][ T4979] usb 2-1: device descriptor read/64, error -71 [ 354.910722][ T7635] loop4: detected capacity change from 0 to 4096 [ 355.526304][ T7194] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 355.896329][ T4979] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 356.466470][ T7194] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 356.507293][ T7194] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 356.614513][ T7487] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 356.704515][ T7666] loop1: detected capacity change from 0 to 2048 [ 356.726502][ T7194] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 356.744866][ T7666] UDF-fs: bad mount option "uid=00000000000000006" or missing value [ 356.763580][ T7194] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 356.826183][ T7194] usb 5-1: Product: syz [ 356.846218][ T7194] usb 5-1: Manufacturer: syz [ 356.866329][ T7194] usb 5-1: SerialNumber: syz [ 357.292576][ T7672] netlink: 64 bytes leftover after parsing attributes in process `syz.1.965'. [ 357.853491][ T7487] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 357.995201][ T7487] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 358.061822][ T7487] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 358.336450][ T7194] usb 5-1: 0:2 : does not exist [ 359.272287][ T7194] usb 5-1: USB disconnect, device number 21 [ 359.487253][ T7487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 359.690086][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 359.749761][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 359.791257][ T7487] 8021q: adding VLAN 0 to HW filter on device team0 [ 359.806251][ T4218] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 359.832247][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 359.855115][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 359.885541][ T4450] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.892739][ T4450] bridge0: port 1(bridge_slave_0) entered forwarding state [ 359.968907][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 359.987683][ T7715] netlink: 64 bytes leftover after parsing attributes in process `syz.4.977'. [ 359.993054][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 360.037062][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 360.133274][ T4450] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.140468][ T4450] bridge0: port 2(bridge_slave_1) entered forwarding state [ 360.219268][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 360.466301][ T4979] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 360.736185][ T4979] usb 5-1: Using ep0 maxpacket: 16 [ 360.856524][ T4979] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 360.883962][ T4979] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 361.129567][ T4979] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 361.149184][ T4979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 361.180769][ T4979] usb 5-1: Product: syz [ 361.203693][ T4979] usb 5-1: Manufacturer: syz [ 361.229317][ T4979] usb 5-1: SerialNumber: syz [ 361.665036][ T7722] device wg2 entered promiscuous mode [ 361.672583][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 361.701447][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 361.776063][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 361.816819][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 361.852023][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 361.876468][ T4979] usb 5-1: cannot find UAC_HEADER [ 361.889528][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 361.932469][ T4979] snd-usb-audio: probe of 5-1:1.0 failed with error -22 [ 361.985752][ T4979] usb 5-1: USB disconnect, device number 22 [ 362.487377][ T4218] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 362.527267][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 362.561199][ T4218] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 362.584937][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 362.611139][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 362.629113][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 362.646301][ T4218] usb 2-1: string descriptor 0 read error: -71 [ 362.653944][ T4218] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 362.670589][ T4218] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.746333][ T4218] usb 2-1: can't set config #1, error -71 [ 362.763922][ T4218] usb 2-1: USB disconnect, device number 27 [ 363.527931][ T4323] udevd[4323]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 363.593405][ T7762] netlink: 12 bytes leftover after parsing attributes in process `syz.1.986'. [ 363.911342][ T7487] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 363.941097][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 363.969753][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 364.027122][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 364.050247][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 364.132825][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 364.151916][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 364.182186][ T7487] device veth0_vlan entered promiscuous mode [ 364.189641][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 364.213879][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 364.245432][ T7487] device veth1_vlan entered promiscuous mode [ 364.343066][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 364.354305][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 364.383325][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 364.403748][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 364.428870][ T7763] loop1: detected capacity change from 0 to 32768 [ 364.435315][ T7487] device veth0_macvtap entered promiscuous mode [ 364.444361][ T7487] device veth1_macvtap entered promiscuous mode [ 364.508078][ T7763] (syz.1.986,7763,1):ocfs2_parse_options:1459 ERROR: Invalid heartbeat mount options [ 364.541027][ T7487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.552797][ T7763] (syz.1.986,7763,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 364.572631][ T7487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.609814][ T7487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.644049][ T7487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.674798][ T7487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.716204][ T7487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.756067][ T7487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.786174][ T7487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.805043][ T7487] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 364.826890][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 364.836327][ T4218] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 364.876656][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 364.917444][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 364.954234][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 364.983379][ T7487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 365.016158][ T7487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.048021][ T7487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 365.086160][ T7487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.116125][ T7487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 365.166439][ T7487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.187645][ T7487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 365.206340][ T4218] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 365.218369][ T4218] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 365.236066][ T7487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.247575][ T4218] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 365.262050][ T7487] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 365.279708][ T4218] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 365.307389][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 365.332836][ T4329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 365.336210][ T4218] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.375423][ T4218] usb 5-1: config 0 descriptor?? [ 365.444802][ T7487] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.485397][ T7487] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.545665][ T7487] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.638844][ T7815] syz.0.995[7815] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 365.639501][ T7815] syz.0.995[7815] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 365.697091][ T7487] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.420526][ T7817] loop4: detected capacity change from 0 to 2048 [ 366.498867][ T4218] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 366.540438][ T4218] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 368.121375][ T7824] xt_l2tp: v2 tid > 0xffff: 262144 [ 368.499612][ T4450] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.510124][ T4259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.592250][ T7817] EXT4-fs warning (device loop4): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop4. [ 368.612071][ T4450] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 368.626809][ T4450] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 368.635495][ T4259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 368.674124][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 368.838567][ T7830] netlink: 64 bytes leftover after parsing attributes in process `syz.3.998'. [ 368.898375][ T4976] usb 5-1: USB disconnect, device number 23 [ 369.220261][ T7841] loop2: detected capacity change from 0 to 128 [ 369.307295][ T7840] loop4: detected capacity change from 0 to 64 [ 369.364358][ T7837] fido_id[7837]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 369.481710][ T7854] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1001'. [ 370.138165][ T7878] syz.2.1007[7878] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 370.138850][ T7878] syz.2.1007[7878] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 370.886672][ T4976] usb 1-1: new full-speed USB device number 30 using dummy_hcd [ 371.352829][ T4976] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 371.382763][ T4976] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 371.602074][ T4976] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 371.622048][ T4976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.672225][ T4976] usb 1-1: Product: syz [ 371.697005][ T4976] usb 1-1: Manufacturer: syz [ 371.727381][ T4976] usb 1-1: SerialNumber: syz [ 372.209010][ T7897] loop2: detected capacity change from 0 to 131072 [ 372.306696][ T7897] F2FS-fs (loop2): QUOTA feature is enabled, so ignore qf_name [ 372.314336][ T7897] F2FS-fs (loop2): QUOTA feature is enabled, so ignore jquota_fmt [ 372.353029][ T7897] F2FS-fs (loop2): Found nat_bits in checkpoint [ 372.391372][ T7897] F2FS-fs (loop2): sanity_check_inode: corrupted inode ino=3, run fsck to fix. [ 372.400638][ T7897] F2FS-fs (loop2): Failed to read root inode [ 372.944314][ T7916] loop2: detected capacity change from 0 to 128 [ 373.504783][ T7870] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 373.563102][ T7870] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 374.035409][ T7870] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.045837][ T7870] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.054804][ T7870] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.063875][ T7870] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.547115][ T4976] usb 1-1: 0:2 : does not exist [ 374.586046][ T4976] usb 1-1: USB disconnect, device number 30 [ 375.356500][ T4976] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 375.704438][ T4976] usb 1-1: device descriptor read/64, error -71 [ 376.016209][ T4976] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 376.102096][ T7948] loop1: detected capacity change from 0 to 2048 [ 376.216213][ T4976] usb 1-1: device descriptor read/64, error -71 [ 376.356686][ T4976] usb usb1-port1: attempt power cycle [ 376.547201][ T7933] loop2: detected capacity change from 0 to 40427 [ 376.620069][ T7933] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1ffff [ 376.655382][ T7933] F2FS-fs (loop2): invalid crc value [ 376.704138][ T7933] F2FS-fs (loop2): Found nat_bits in checkpoint [ 376.787604][ T4976] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 376.856184][ T4975] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 376.875027][ T7933] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 376.900194][ T4976] usb 1-1: device descriptor read/8, error -71 [ 377.528530][ T7957] xt_l2tp: v2 tid > 0xffff: 262144 [ 377.606651][ T4976] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 377.984673][ T7959] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1026'. [ 378.086546][ T4975] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 65, using maximum allowed: 30 [ 378.106339][ T4976] usb 1-1: device descriptor read/8, error -71 [ 378.112725][ T4975] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 378.136462][ T4975] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 65 [ 378.156535][ T4975] usb 2-1: New USB device found, idVendor=0dfc, idProduct=010a, bcdDevice= 0.00 [ 378.165618][ T4975] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.208254][ T4975] usb 2-1: config 0 descriptor?? [ 378.228627][ T4976] usb usb1-port1: unable to enumerate USB device [ 378.229487][ T7951] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 378.238384][ T4323] udevd[4323]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 378.591414][ T4975] usbhid 2-1:0.0: can't add hid device: -71 [ 378.600283][ T4975] usbhid: probe of 2-1:0.0 failed with error -71 [ 378.626300][ T4976] usb 1-1: new full-speed USB device number 35 using dummy_hcd [ 378.664316][ T4975] usb 2-1: USB disconnect, device number 28 [ 378.891755][ T7989] syz.3.1032[7989] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 378.892440][ T7989] syz.3.1032[7989] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 378.927884][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.954254][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.644809][ T4258] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 380.185157][ T8003] loop1: detected capacity change from 0 to 4096 [ 380.403523][ T8005] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1039'. [ 381.136281][ T4258] usb 3-1: Using ep0 maxpacket: 8 [ 381.157693][ T8000] loop4: detected capacity change from 0 to 40427 [ 381.176256][ T4976] usb 1-1: unable to read config index 0 descriptor/all [ 381.183310][ T4976] usb 1-1: can't read configurations, error -71 [ 381.216485][ T8000] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff [ 381.266293][ T4258] usb 3-1: config 6 has an invalid interface number: 2 but max is 0 [ 381.274426][ T4258] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 381.300571][ T8000] F2FS-fs (loop4): invalid crc value [ 381.311515][ T4258] usb 3-1: config 6 has no interface number 0 [ 381.339973][ T8000] F2FS-fs (loop4): Found nat_bits in checkpoint [ 381.348768][ T4258] usb 3-1: config 6 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 381.571579][ T8015] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1043'. [ 381.603757][ T8000] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 381.613033][ T8015] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1043'. [ 381.616431][ T4258] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 381.794970][ T8015] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1043'. [ 381.835245][ T8019] netlink: 340 bytes leftover after parsing attributes in process `syz.0.1043'. [ 381.843974][ T4258] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.866180][ T4258] usb 3-1: can't set config #6, error -71 [ 381.875870][ T4258] usb 3-1: USB disconnect, device number 18 [ 381.888191][ T8019] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1043'. [ 381.977335][ T8028] xt_l2tp: v2 tid > 0xffff: 262144 [ 382.336314][ T4258] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 382.671917][ T8037] syz.0.1046[8037] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 382.672564][ T8037] syz.0.1046[8037] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 382.691201][ T4258] usb 3-1: Using ep0 maxpacket: 16 [ 383.157294][ T4258] usb 3-1: config 0 has an invalid interface number: 105 but max is 0 [ 383.314487][ T4258] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 383.370814][ T4258] usb 3-1: config 0 has no interface number 0 [ 383.556391][ T4258] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 383.577946][ T8043] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1050'. [ 383.596153][ T4258] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.644820][ T4258] usb 3-1: Product: syz [ 383.661485][ T4258] usb 3-1: Manufacturer: syz [ 383.673199][ T4258] usb 3-1: SerialNumber: syz [ 383.693505][ T4258] usb 3-1: config 0 descriptor?? [ 383.738470][ T4258] usb 3-1: Found UVC 0.00 device syz (046d:08f3) [ 383.772661][ T4258] usb 3-1: No valid video chain found. [ 383.944414][ T4258] usb 3-1: USB disconnect, device number 19 [ 384.516128][ T4258] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 384.776226][ T4258] usb 2-1: Using ep0 maxpacket: 32 [ 384.896335][ T4258] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 384.922694][ T8078] udc-core: couldn't find an available UDC or it's busy [ 384.938278][ T4258] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.966791][ T8078] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 385.002861][ T4258] usb 2-1: config 0 descriptor?? [ 385.296341][ T4258] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 385.303070][ T4978] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 385.344453][ T4258] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 385.416662][ T4258] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 385.440756][ T4258] usb 2-1: media controller created [ 385.513152][ T4258] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 385.686329][ T4978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10 [ 385.704991][ T4978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 385.826930][ T4258] az6027: usb out operation failed. (-71) [ 385.832870][ T4258] stb0899_attach: Driver disabled by Kconfig [ 385.851232][ T4258] az6027: no front-end attached [ 385.851232][ T4258] [ 385.871173][ T8092] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1064'. [ 385.880615][ T4258] az6027: usb out operation failed. (-71) [ 385.889198][ T4978] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=33.f9 [ 385.902263][ T4258] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 385.914291][ T4978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.937483][ T4258] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input13 [ 385.961940][ T4978] usb 3-1: Product: syz [ 385.973018][ T4978] usb 3-1: Manufacturer: syz [ 385.983009][ T4978] usb 3-1: SerialNumber: syz [ 386.000084][ T4258] dvb-usb: schedule remote query interval to 400 msecs. [ 386.023727][ T4978] usb 3-1: config 0 descriptor?? [ 386.046660][ T4258] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 386.100683][ T4978] input: KB Gear Tablet as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input14 [ 386.116409][ T4258] usb 2-1: USB disconnect, device number 29 [ 386.382788][ T4978] usb 3-1: USB disconnect, device number 20 [ 386.397544][ T4258] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 386.627637][ T8110] loop4: detected capacity change from 0 to 1024 [ 387.056225][ T4258] usb 2-1: new full-speed USB device number 30 using dummy_hcd [ 387.117852][ T8115] xt_l2tp: v2 tid > 0xffff: 262144 [ 387.396514][ T4978] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 387.496340][ T4258] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 387.527559][ T4258] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 387.716390][ T4258] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 387.746345][ T4258] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.754576][ T4258] usb 2-1: Product: syz [ 387.766351][ T4978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 387.806760][ T4978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 387.826067][ T4258] usb 2-1: Manufacturer: syz [ 387.831481][ T4258] usb 2-1: SerialNumber: syz [ 387.836326][ T4978] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 387.859598][ T4978] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 387.879502][ T4978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.901523][ T4978] usb 3-1: config 0 descriptor?? [ 388.097948][ T8105] udc-core: couldn't find an available UDC or it's busy [ 388.117778][ T8105] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 388.138962][ T8105] udc-core: couldn't find an available UDC or it's busy [ 388.148221][ T8124] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1072'. [ 388.170652][ T8105] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 388.278496][ T4258] usb 2-1: 0:2 : does not exist [ 388.325535][ T4258] usb 2-1: USB disconnect, device number 30 [ 388.388467][ T4978] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 388.428936][ T4978] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 388.451610][ T8132] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1075'. [ 388.468990][ T4978] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving [ 388.505827][ T4978] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 388.618283][ T4323] udevd[4323]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 388.858968][ T8146] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1080'. [ 388.883869][ T8147] loop1: detected capacity change from 0 to 512 [ 388.999804][ T8147] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 389.021665][ T8147] ext4 filesystem being mounted at /215/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 389.086131][ T4978] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 389.336162][ T4978] usb 5-1: Using ep0 maxpacket: 8 [ 389.456442][ T4978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 389.490913][ T4978] usb 5-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 389.512573][ T4978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.554911][ T4978] usb 5-1: config 0 descriptor?? [ 389.583175][ T8157] loop1: detected capacity change from 0 to 4096 [ 389.627444][ T8157] ntfs: (device loop1): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 389.664671][ T8157] ntfs: (device loop1): ntfs_read_inode_mount(): $MFT must be uncompressed, non-sparse, and unencrypted but a compressed/sparse/encrypted extent was found. $MFT is corrupt. Run chkdsk. [ 389.710027][ T8157] ntfs: (device loop1): ntfs_read_inode_mount(): Failed. Marking inode as bad. [ 389.757444][ T8157] ntfs: (device loop1): ntfs_fill_super(): Failed to load essential metadata. [ 389.957559][ T8161] loop1: detected capacity change from 0 to 4096 [ 389.988780][ T8161] ntfs: (device loop1): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 390.021615][ T8161] ntfs: (device loop1): ntfs_read_inode_mount(): $MFT must be uncompressed, non-sparse, and unencrypted but a compressed/sparse/encrypted extent was found. $MFT is corrupt. Run chkdsk. [ 390.056392][ T8161] ntfs: (device loop1): ntfs_read_inode_mount(): Failed. Marking inode as bad. [ 390.080446][ T8164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1085'. [ 390.084041][ T8161] ntfs: (device loop1): ntfs_fill_super(): Failed to load essential metadata. [ 390.148992][ T4978] itetech 0003:06CB:73F5.0015: unbalanced delimiter at end of report description [ 390.169972][ T26] audit: type=1326 audit(1748429402.716:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8162 comm="syz.0.1085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd477a1969 code=0x7ffc0000 [ 390.203702][ T4978] itetech: probe of 0003:06CB:73F5.0015 failed with error -22 [ 390.321330][ T26] audit: type=1326 audit(1748429402.716:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8162 comm="syz.0.1085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcd477a1969 code=0x7ffc0000 [ 390.618354][ T4258] usb 3-1: USB disconnect, device number 21 [ 390.620639][ T8171] loop2: detected capacity change from 0 to 1764 [ 390.944758][ T8173] xt_l2tp: v2 tid > 0xffff: 262144 [ 390.999486][ T4258] usb 5-1: USB disconnect, device number 24 [ 391.375797][ T8179] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1088'. [ 391.632037][ T8186] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1092'. [ 391.917466][ T4384] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 392.276395][ T4384] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 392.296049][ T4384] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 392.486957][ T4384] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 392.506310][ T4384] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.514350][ T4384] usb 3-1: Product: syz [ 392.525285][ T8190] loop4: detected capacity change from 0 to 32768 [ 392.542163][ T4384] usb 3-1: Manufacturer: syz [ 392.547222][ T4384] usb 3-1: SerialNumber: syz [ 392.776809][ T8190] XFS (loop4): Mounting V5 Filesystem [ 392.963897][ T8190] XFS (loop4): Ending clean mount [ 392.978534][ T8190] XFS (loop4): Quotacheck needed: Please wait. [ 393.129216][ T8190] XFS (loop4): Quotacheck: Done. [ 393.291779][ T8218] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1102'. [ 393.326481][ T4169] XFS (loop4): Unmounting Filesystem [ 393.486413][ T4384] usb 3-1: 0:2 : does not exist [ 393.583546][ T4384] usb 3-1: USB disconnect, device number 22 [ 393.784553][ T8216] loop1: detected capacity change from 0 to 40427 [ 393.851000][ T8216] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff [ 393.869141][ T8216] F2FS-fs (loop1): invalid crc value [ 393.882954][ T8216] F2FS-fs (loop1): Found nat_bits in checkpoint [ 393.963509][ T4323] udevd[4323]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 394.015058][ T8216] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 394.410912][ T8229] xt_l2tp: v2 tid > 0xffff: 262144 [ 400.693113][ T8235] loop2: detected capacity change from 0 to 512 [ 400.721729][ T8244] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1108'. [ 400.971952][ T8235] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 401.008312][ T8235] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01c, mo2=0002] [ 401.059622][ T8235] EXT4-fs (loop2): orphan cleanup on readonly fs [ 401.097308][ T8235] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 3279949761 > max in inode 13 [ 401.150578][ T8235] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 3279949762 > max in inode 13 [ 401.199962][ T8235] EXT4-fs (loop2): 1 truncate cleaned up [ 401.205716][ T8235] EXT4-fs (loop2): mounted filesystem without journal. Opts: commit=0x0000000000000000,noblock_validity,user_xattr,,errors=continue. Quota mode: none. [ 401.240386][ T8270] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1117'. [ 401.261508][ T8235] EXT4-fs warning (device loop2): dx_probe:893: inode #2: comm syz.2.1107: dx entry: limit 65535 != root limit 120 [ 401.331116][ T8235] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.1107: Corrupt directory, running e2fsck is recommended [ 401.714419][ T8277] overlayfs: failed to get inode (-116) [ 401.732430][ T8277] overlayfs: failed to get inode (-116) [ 401.757670][ T8277] overlayfs: failed to get inode (-116) [ 401.785582][ T8277] overlayfs: failed to get inode (-116) [ 402.785480][ T8290] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1124'. [ 402.966443][ T8302] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1128'. [ 404.328954][ T8288] loop2: detected capacity change from 0 to 40427 [ 404.505401][ T8309] loop4: detected capacity change from 0 to 32768 [ 404.506246][ T8288] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1ffff [ 404.793195][ T8288] F2FS-fs (loop2): invalid crc value [ 404.915421][ T8288] F2FS-fs (loop2): Found nat_bits in checkpoint [ 405.233682][ T8309] XFS (loop4): Mounting V5 Filesystem [ 405.402106][ T8309] XFS (loop4): Ending clean mount [ 405.415690][ T8309] XFS (loop4): Quotacheck needed: Please wait. [ 405.469370][ T8340] loop1: detected capacity change from 0 to 1024 [ 405.508199][ T8342] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1140'. [ 405.595832][ T8309] XFS (loop4): Quotacheck: Done. [ 405.622094][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 405.622109][ T26] audit: type=1800 audit(1748429418.166:36): pid=8309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1132" name="file2" dev="loop4" ino=9287 res=0 errno=0 [ 405.677597][ T1165] hfsplus: b-tree write err: -5, ino 4 [ 405.823615][ T8351] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1143'. [ 405.850076][ T4169] XFS (loop4): Unmounting Filesystem [ 406.815649][ T8363] syz.3.1149[8363] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 406.816407][ T8363] syz.3.1149[8363] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 408.566280][ T6108] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 409.036518][ T6108] usb 5-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 36, changing to 9 [ 409.068530][ T6108] usb 5-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0 [ 409.121724][ T6108] usb 5-1: config 0 interface 0 has no altsetting 0 [ 409.194019][ T6108] usb 5-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 409.256299][ T6108] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.292545][ T6108] usb 5-1: config 0 descriptor?? [ 409.327366][ T8379] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1156'. [ 409.393015][ T8379] device veth1_macvtap left promiscuous mode [ 409.772501][ T8367] loop4: detected capacity change from 0 to 64 [ 410.125082][ T8375] loop2: detected capacity change from 0 to 32768 [ 410.170657][ T4384] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 410.356965][ T8375] XFS (loop2): Mounting V5 Filesystem [ 410.496532][ T6108] usbhid 5-1:0.0: can't add hid device: -71 [ 410.502573][ T6108] usbhid: probe of 5-1:0.0 failed with error -71 [ 410.532279][ T6108] usb 5-1: USB disconnect, device number 25 [ 410.561265][ T8375] XFS (loop2): Ending clean mount [ 410.575057][ T8375] XFS (loop2): Quotacheck needed: Please wait. [ 410.670924][ T8375] XFS (loop2): Quotacheck: Done. [ 410.736231][ T4384] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 410.765696][ T26] audit: type=1800 audit(1748429423.306:37): pid=8375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1155" name="file2" dev="loop2" ino=9287 res=0 errno=0 [ 410.786805][ T4384] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 410.797428][ T4384] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 410.878438][ T8402] xt_l2tp: v2 tid > 0xffff: 262144 [ 411.273907][ T8405] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1162'. [ 411.417108][ T4384] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 411.426821][ T4384] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.443586][ T4384] usb 2-1: config 0 descriptor?? [ 411.472384][ T7487] XFS (loop2): Unmounting Filesystem [ 411.532004][ T8411] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1166'. [ 411.777133][ T8421] loop4: detected capacity change from 0 to 64 [ 411.787351][ T5537] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 411.953192][ T4384] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving [ 412.002489][ T4384] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 412.046138][ T5537] usb 1-1: Using ep0 maxpacket: 16 [ 412.276264][ T5537] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 412.290419][ T5537] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 412.296122][ T4979] usb 5-1: new full-speed USB device number 26 using dummy_hcd [ 412.303253][ T5537] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.319277][ T8426] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 412.549247][ T5537] usb 1-1: config 0 descriptor?? [ 412.584868][ T8428] udc-core: couldn't find an available UDC or it's busy [ 412.595180][ T8428] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 412.936397][ T4979] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 412.946987][ T4979] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 413.029807][ T5537] mcp2221 0003:04D8:00DD.0017: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 413.156244][ T4979] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 413.176119][ T4979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.184203][ T4979] usb 5-1: Product: syz [ 413.196091][ T4979] usb 5-1: Manufacturer: syz [ 413.206504][ T4979] usb 5-1: SerialNumber: syz [ 413.237423][ T4258] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 413.448011][ T4975] usb 1-1: USB disconnect, device number 37 [ 413.506282][ T4258] usb 3-1: Using ep0 maxpacket: 8 [ 413.596855][ T4979] usb 5-1: 0:2 : does not exist [ 413.657573][ T4258] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 413.674457][ T4979] usb 5-1: USB disconnect, device number 26 [ 413.856314][ T4258] usb 3-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 413.886033][ T4258] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.895402][ T4258] usb 3-1: Product: syz [ 413.900428][ T4258] usb 3-1: Manufacturer: syz [ 413.905046][ T4258] usb 3-1: SerialNumber: syz [ 413.921084][ T4258] usb 3-1: config 0 descriptor?? [ 413.928244][ T8353] udevd[8353]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 413.994533][ T4258] ati_remote_probe: Unexpected desc.bNumEndpoints [ 414.008882][ T8435] loop1: detected capacity change from 0 to 128 [ 414.064607][ T8437] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1173'. [ 414.068154][ T8438] syz.0.1173 (8438): drop_caches: 2 [ 414.117264][ T5537] usb 2-1: USB disconnect, device number 31 [ 414.137720][ T8435] EXT4-fs (loop1): Test dummy encryption mode enabled [ 414.148650][ T8435] EXT4-fs (loop1): Test dummy encryption mode enabled [ 414.185255][ T8435] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 414.194824][ T8430] udc-core: couldn't find an available UDC or it's busy [ 414.206465][ T8430] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 414.235322][ T4384] usb 3-1: USB disconnect, device number 23 [ 414.256460][ T8435] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 414.412473][ T8435] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,nomblk_io_submit,nomblk_io_submit,,errors=continue. Quota mode: none. [ 414.447133][ T8435] ext4 filesystem being mounted at /229/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 415.290937][ T8444] loop4: detected capacity change from 0 to 32768 [ 415.410119][ T8462] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1179'. [ 415.446404][ T8462] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 415.454986][ T8462] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 415.505755][ T8462] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 415.567461][ T8444] XFS (loop4): Mounting V5 Filesystem [ 415.586216][ T8462] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 415.736056][ T4384] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 415.858458][ T8444] XFS (loop4): Ending clean mount [ 415.874477][ T8444] XFS (loop4): Quotacheck needed: Please wait. [ 416.041177][ T4384] usb 3-1: Using ep0 maxpacket: 16 [ 416.068428][ T8444] XFS (loop4): Quotacheck: Done. [ 416.094793][ T8470] xt_l2tp: v2 tid > 0xffff: 262144 [ 416.584188][ T26] audit: type=1800 audit(1748429429.126:38): pid=8444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1174" name="file2" dev="loop4" ino=9287 res=0 errno=0 [ 416.777819][ T4384] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 416.786807][ T4169] XFS (loop4): Unmounting Filesystem [ 416.798066][ T4384] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.831949][ T4384] usb 3-1: Product: syz [ 416.838373][ T4384] usb 3-1: Manufacturer: syz [ 416.843125][ T4384] usb 3-1: SerialNumber: syz [ 416.876519][ T4218] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 416.889511][ T4384] usb 3-1: config 0 descriptor?? [ 416.928525][ T4384] visor 3-1:0.0: Sony Clie 3.5 converter detected [ 417.077645][ T4218] usb 1-1: device descriptor read/64, error -71 [ 417.146532][ T4384] usb 3-1: clie_3_5_startup: get config number failed: -71 [ 417.162380][ T4384] visor: probe of 3-1:0.0 failed with error -71 [ 417.174317][ T4384] usb 3-1: USB disconnect, device number 24 [ 417.346176][ T4218] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 417.479173][ T8484] loop4: detected capacity change from 0 to 4096 [ 417.536125][ T4218] usb 1-1: device descriptor read/64, error -71 [ 417.595549][ T8484] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 417.699741][ T4218] usb usb1-port1: attempt power cycle [ 417.878787][ T8492] loop2: detected capacity change from 0 to 1024 [ 418.313021][ T8497] loop2: detected capacity change from 0 to 256 [ 418.448072][ T8497] FAT-fs (loop2): Directory bread(block 64) failed [ 418.494217][ T8497] FAT-fs (loop2): Directory bread(block 65) failed [ 418.531634][ T8497] FAT-fs (loop2): Directory bread(block 66) failed [ 418.572188][ T8497] FAT-fs (loop2): Directory bread(block 67) failed [ 418.612882][ T8497] FAT-fs (loop2): Directory bread(block 68) failed [ 418.646183][ T8497] FAT-fs (loop2): Directory bread(block 69) failed [ 418.652816][ T8497] FAT-fs (loop2): Directory bread(block 70) failed [ 418.702890][ T8497] FAT-fs (loop2): Directory bread(block 71) failed [ 418.731171][ T8497] FAT-fs (loop2): Directory bread(block 72) failed [ 418.761578][ T8497] FAT-fs (loop2): Directory bread(block 73) failed [ 418.927707][ T8494] loop4: detected capacity change from 0 to 131072 [ 418.934573][ T4218] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 419.022973][ T8494] F2FS-fs (loop4): QUOTA feature is enabled, so ignore qf_name [ 419.030725][ T8494] F2FS-fs (loop4): QUOTA feature is enabled, so ignore jquota_fmt [ 419.041231][ T4218] usb 1-1: device descriptor read/8, error -71 [ 419.066277][ T8495] delete_channel: no stack [ 419.079473][ T8500] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1189'. [ 419.090060][ T8494] F2FS-fs (loop4): Found nat_bits in checkpoint [ 419.133026][ T8494] F2FS-fs (loop4): sanity_check_inode: corrupted inode ino=3, run fsck to fix. [ 419.142261][ T8494] F2FS-fs (loop4): Failed to read root inode [ 419.326084][ T4218] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 419.886149][ T4218] usb 1-1: device descriptor read/8, error -71 [ 420.018600][ T4218] usb usb1-port1: unable to enumerate USB device [ 420.497656][ T5537] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 420.871942][ T5537] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 421.058124][ T5537] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c [ 421.086132][ T5537] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.114794][ T5537] usb 5-1: Product: syz [ 421.124924][ T5537] usb 5-1: Manufacturer: syz [ 421.145250][ T5537] usb 5-1: SerialNumber: syz [ 421.171715][ T5537] usb 5-1: config 0 descriptor?? [ 421.204581][ T8517] loop1: detected capacity change from 0 to 40427 [ 421.242863][ T5537] ims_pcu 5-1:0.0: Missing CDC union descriptor [ 421.249394][ T8517] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff [ 421.265183][ T5537] ims_pcu: probe of 5-1:0.0 failed with error -22 [ 421.266867][ T8517] F2FS-fs (loop1): invalid crc value [ 421.368113][ T8517] F2FS-fs (loop1): Found nat_bits in checkpoint [ 421.442916][ T5537] usb 5-1: USB disconnect, device number 27 [ 421.577390][ T8526] xt_l2tp: v2 tid > 0xffff: 262144 [ 421.816496][ T8517] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 422.390668][ T8532] loop4: detected capacity change from 0 to 1024 [ 423.671477][ T8534] xt_l2tp: v2 tid > 0xffff: 262144 [ 424.032554][ T8542] loop2: detected capacity change from 0 to 128 [ 425.102149][ T8542] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 425.192460][ T8542] ext4 filesystem being mounted at /34/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 425.342351][ T154] hfsplus: b-tree write err: -5, ino 3 [ 425.592574][ T8562] loop1: detected capacity change from 0 to 64 [ 425.672686][ T8560] loop4: detected capacity change from 0 to 4096 [ 425.753954][ T8560] ntfs: (device loop4): check_mft_mirror(): Incomplete multi sector transfer detected in mft record 2. [ 425.779551][ T8560] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 425.868485][ T8567] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1208'. [ 425.904089][ T8567] device gretap0 entered promiscuous mode [ 425.911109][ T8560] ntfs: volume version 3.1. [ 425.915786][ T8560] ntfs: (device loop4): map_mft_record_page(): Mft record 0x2 is corrupt. Run chkdsk. [ 425.947182][ T8569] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1208'. [ 425.966101][ T8560] ntfs: (device loop4): map_mft_record(): Failed with error code 5. [ 425.981887][ T8560] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x2 as bad. Run chkdsk. [ 425.999954][ T8569] 0XD: renamed from gretap0 [ 426.005330][ T8560] ntfs: (device loop4): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 426.021599][ T8569] device 00XD left promiscuous mode [ 426.079784][ T8560] ntfs: (device loop4): ntfs_read_locked_inode(): Index block size (0) < NTFS_BLOCK_SIZE (512) is not supported. Sorry. [ 426.102593][ T8570] input: syz0 as /devices/virtual/input/input15 [ 426.135670][ T8560] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -95. Marking corrupt inode 0x40 as bad. Run chkdsk. [ 426.146111][ T4975] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 427.372132][ T26] audit: type=1326 audit(1748429439.916:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8581 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20d1163969 code=0x7ffc0000 [ 427.411766][ T26] audit: type=1326 audit(1748429439.946:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8581 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20d1163969 code=0x7ffc0000 [ 427.486378][ T4975] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 427.517739][ T4975] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 427.544782][ T4975] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 427.581608][ T4975] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 427.614696][ T8589] 9pnet: Insufficient options for proto=fd [ 427.630892][ T4975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.824311][ T8591] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 427.859424][ T8589] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1215'. [ 427.937106][ T8592] xt_l2tp: v2 tid > 0xffff: 262144 [ 429.578827][ T8587] loop4: detected capacity change from 0 to 262144 [ 429.589009][ T4975] usb 1-1: config 0 descriptor?? [ 429.606150][ T4975] usb 1-1: can't set config #0, error -71 [ 429.614791][ T4975] usb 1-1: USB disconnect, device number 42 [ 429.702019][ T8587] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 429.711467][ T8587] BTRFS error (device loop4): unrecognized mount option 'subj_role=' [ 429.733289][ T8617] loop1: detected capacity change from 0 to 128 [ 429.752340][ T8587] BTRFS error (device loop4): open_ctree failed: -22 [ 429.802511][ T8619] 9pnet: Insufficient options for proto=fd [ 429.895541][ T8271] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop4 scanned by udevd (8271) [ 429.917700][ T8617] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 429.946885][ T8617] ext4 filesystem being mounted at /233/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 430.220340][ T8630] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1228'. [ 430.285080][ T8632] syz.3.1226[8632] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 430.285738][ T8632] syz.3.1226[8632] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 431.121325][ T8640] input: syz0 as /devices/virtual/input/input16 [ 431.859967][ T8659] capability: warning: `syz.0.1237' uses 32-bit capabilities (legacy support in use) [ 432.798019][ T8633] loop4: detected capacity change from 0 to 40427 [ 432.906751][ T8633] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff [ 432.955086][ T8633] F2FS-fs (loop4): invalid crc value [ 432.995170][ T8633] F2FS-fs (loop4): Found nat_bits in checkpoint [ 433.304745][ T8686] syz.0.1241[8686] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 433.305395][ T8686] syz.0.1241[8686] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 434.635822][ T8707] fuse: Bad value for 'fd' [ 434.831242][ T8720] bridge0: port 3(batadv1) entered blocking state [ 434.870558][ T8720] bridge0: port 3(batadv1) entered disabled state [ 434.889352][ T8720] device batadv1 entered promiscuous mode [ 435.290154][ T8738] udc-core: couldn't find an available UDC or it's busy [ 435.330527][ T8738] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 435.346251][ T3064] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 435.355551][ T3064] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 435.556266][ T4978] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 435.756051][ T4978] usb 1-1: device descriptor read/64, error -71 [ 436.036140][ T4978] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 436.236066][ T4978] usb 1-1: device descriptor read/64, error -71 [ 436.367017][ T4978] usb usb1-port1: attempt power cycle [ 436.782890][ T4978] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 436.879688][ T4978] usb 1-1: device descriptor read/8, error -71 [ 437.166149][ T4978] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 437.244696][ T8728] loop4: detected capacity change from 0 to 131072 [ 437.256415][ T4978] usb 1-1: device descriptor read/8, error -71 [ 437.277520][ T8780] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1274'. [ 437.318530][ T8728] F2FS-fs (loop4): QUOTA feature is enabled, so ignore qf_name [ 437.353593][ T8728] F2FS-fs (loop4): QUOTA feature is enabled, so ignore jquota_fmt [ 437.381333][ T4978] usb usb1-port1: unable to enumerate USB device [ 437.452813][ T8728] F2FS-fs (loop4): Found nat_bits in checkpoint [ 437.586639][ T8728] F2FS-fs (loop4): sanity_check_inode: corrupted inode ino=3, run fsck to fix. [ 437.615326][ T8728] F2FS-fs (loop4): Failed to read root inode [ 438.092017][ T8798] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 438.176539][ T8798] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 438.205631][ T8798] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 438.414643][ T8805] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 438.526958][ T8805] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 438.549151][ T8805] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 438.789771][ T8821] team0: No ports can be present during mode change [ 438.874233][ T8824] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1293'. [ 439.798274][ T8874] netlink: 'syz.2.1312': attribute type 5 has an invalid length. [ 440.348812][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.855801][ T8950] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1327'. [ 441.037831][ T8956] tipc: Started in network mode [ 441.061592][ T8956] tipc: Node identity , cluster identity 4711 [ 441.079953][ T8956] tipc: Failed to set node id, please configure manually [ 441.100099][ T8956] tipc: Enabling of bearer rejected, failed to enable media [ 441.436423][ T8985] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1340'. [ 441.648167][ T8995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1345'. [ 442.067378][ T9017] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 442.116629][ T9017] [ 442.118996][ T9017] ====================================================== [ 442.126018][ T9017] WARNING: possible circular locking dependency detected [ 442.133051][ T9017] 5.15.184-syzkaller #0 Not tainted [ 442.138258][ T9017] ------------------------------------------------------ [ 442.145281][ T9017] syz.4.1350/9017 is trying to acquire lock: [ 442.151265][ T9017] ffff88801b873120 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_device_event+0x217/0x4f0 [ 442.160701][ T9017] [ 442.160701][ T9017] but task is already holding lock: [ 442.168062][ T9017] ffffffff8d22a848 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x54e/0xe50 [ 442.176373][ T9017] [ 442.176373][ T9017] which lock already depends on the new lock. [ 442.176373][ T9017] [ 442.186771][ T9017] [ 442.186771][ T9017] the existing dependency chain (in reverse order) is: [ 442.195777][ T9017] [ 442.195777][ T9017] -> #1 (rtnl_mutex){+.+.}-{3:3}: [ 442.203015][ T9017] __mutex_lock_common+0x1eb/0x2390 [ 442.208738][ T9017] mutex_lock_nested+0x17/0x20 [ 442.214019][ T9017] ax25_setsockopt+0x830/0xa40 [ 442.219297][ T9017] __sys_setsockopt+0x3d6/0x5e0 [ 442.224664][ T9017] __x64_sys_setsockopt+0xb1/0xc0 [ 442.230203][ T9017] do_syscall_64+0x4c/0xa0 [ 442.235139][ T9017] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 442.241550][ T9017] [ 442.241550][ T9017] -> #0 (sk_lock-AF_AX25){+.+.}-{0:0}: [ 442.249189][ T9017] __lock_acquire+0x2c33/0x7c60 [ 442.254557][ T9017] lock_acquire+0x197/0x3f0 [ 442.259578][ T9017] lock_sock_nested+0x44/0x100 [ 442.264859][ T9017] ax25_device_event+0x217/0x4f0 [ 442.270313][ T9017] raw_notifier_call_chain+0xcb/0x160 [ 442.276200][ T9017] __dev_notify_flags+0x178/0x2d0 [ 442.281758][ T9017] dev_change_flags+0xe3/0x1a0 [ 442.287054][ T9017] dev_ifsioc+0x147/0xe70 [ 442.291904][ T9017] dev_ioctl+0x55f/0xe50 [ 442.296662][ T9017] sock_do_ioctl+0x222/0x2f0 [ 442.301767][ T9017] sock_ioctl+0x4ed/0x6e0 [ 442.306617][ T9017] __se_sys_ioctl+0xfa/0x170 [ 442.311736][ T9017] do_syscall_64+0x4c/0xa0 [ 442.316675][ T9017] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 442.323114][ T9017] [ 442.323114][ T9017] other info that might help us debug this: [ 442.323114][ T9017] [ 442.333359][ T9017] Possible unsafe locking scenario: [ 442.333359][ T9017] [ 442.340814][ T9017] CPU0 CPU1 [ 442.346177][ T9017] ---- ---- [ 442.351543][ T9017] lock(rtnl_mutex); [ 442.355526][ T9017] lock(sk_lock-AF_AX25); [ 442.362460][ T9017] lock(rtnl_mutex); [ 442.368956][ T9017] lock(sk_lock-AF_AX25); [ 442.373365][ T9017] [ 442.373365][ T9017] *** DEADLOCK *** [ 442.373365][ T9017] [ 442.381496][ T9017] 1 lock held by syz.4.1350/9017: [ 442.386525][ T9017] #0: ffffffff8d22a848 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x54e/0xe50 [ 442.395234][ T9017] [ 442.395234][ T9017] stack backtrace: [ 442.401115][ T9017] CPU: 1 PID: 9017 Comm: syz.4.1350 Not tainted 5.15.184-syzkaller #0 [ 442.409265][ T9017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 442.419317][ T9017] Call Trace: [ 442.422593][ T9017] [ 442.425521][ T9017] dump_stack_lvl+0x168/0x230 [ 442.430200][ T9017] ? load_image+0x3b0/0x3b0 [ 442.434701][ T9017] ? show_regs_print_info+0x20/0x20 [ 442.439897][ T9017] ? print_circular_bug+0x12b/0x1a0 [ 442.445095][ T9017] check_noncircular+0x274/0x310 [ 442.450028][ T9017] ? add_chain_block+0x940/0x940 [ 442.454961][ T9017] ? lockdep_lock+0xdc/0x1e0 [ 442.459553][ T9017] ? lockdep_unlock+0x134/0x2d0 [ 442.464402][ T9017] ? mark_lock+0x94/0x320 [ 442.468741][ T9017] __lock_acquire+0x2c33/0x7c60 [ 442.473630][ T9017] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 442.479632][ T9017] ? verify_lock_unused+0x140/0x140 [ 442.484841][ T9017] ? lock_chain_count+0x20/0x20 [ 442.489700][ T9017] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 442.495858][ T9017] ? lockdep_hardirqs_on+0x94/0x140 [ 442.501062][ T9017] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 442.507221][ T9017] ? mark_lock+0x94/0x320 [ 442.511553][ T9017] lock_acquire+0x197/0x3f0 [ 442.516059][ T9017] ? ax25_device_event+0x217/0x4f0 [ 442.521168][ T9017] ? lock_chain_count+0x20/0x20 [ 442.526024][ T9017] ? read_lock_is_recursive+0x10/0x10 [ 442.531399][ T9017] ? __local_bh_enable_ip+0x12a/0x1b0 [ 442.536785][ T9017] ? lockdep_hardirqs_on+0x94/0x140 [ 442.542076][ T9017] ? __local_bh_enable_ip+0x12a/0x1b0 [ 442.547445][ T9017] ? _local_bh_enable+0xa0/0xa0 [ 442.552292][ T9017] lock_sock_nested+0x44/0x100 [ 442.557051][ T9017] ? ax25_device_event+0x217/0x4f0 [ 442.562159][ T9017] ax25_device_event+0x217/0x4f0 [ 442.567099][ T9017] raw_notifier_call_chain+0xcb/0x160 [ 442.572473][ T9017] __dev_notify_flags+0x178/0x2d0 [ 442.577500][ T9017] ? __dev_change_flags+0x6a0/0x6a0 [ 442.582694][ T9017] ? __dev_change_flags+0x4bb/0x6a0 [ 442.587889][ T9017] ? dev_get_flags+0x1c0/0x1c0 [ 442.592661][ T9017] ? dev_ioctl+0x54e/0xe50 [ 442.597080][ T9017] ? dev_ioctl+0x54e/0xe50 [ 442.601512][ T9017] dev_change_flags+0xe3/0x1a0 [ 442.606293][ T9017] dev_ifsioc+0x147/0xe70 [ 442.610816][ T9017] ? dev_ioctl+0xe50/0xe50 [ 442.615257][ T9017] ? apparmor_capable+0x12c/0x190 [ 442.620287][ T9017] ? full_name_hash+0x8e/0xe0 [ 442.625033][ T9017] dev_ioctl+0x55f/0xe50 [ 442.629287][ T9017] ? _copy_from_user+0x111/0x170 [ 442.634233][ T9017] sock_do_ioctl+0x222/0x2f0 [ 442.638832][ T9017] ? sock_show_fdinfo+0xb0/0xb0 [ 442.643694][ T9017] sock_ioctl+0x4ed/0x6e0 [ 442.648023][ T9017] ? sock_poll+0x3f0/0x3f0 [ 442.652442][ T9017] ? bpf_lsm_file_ioctl+0x5/0x10 [ 442.657377][ T9017] ? security_file_ioctl+0x7c/0xa0 [ 442.662587][ T9017] ? sock_poll+0x3f0/0x3f0 [ 442.667015][ T9017] __se_sys_ioctl+0xfa/0x170 [ 442.671614][ T9017] do_syscall_64+0x4c/0xa0 [ 442.676030][ T9017] ? clear_bhb_loop+0x30/0x80 [ 442.680703][ T9017] ? clear_bhb_loop+0x30/0x80 [ 442.685377][ T9017] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 442.691272][ T9017] RIP: 0033:0x7ff9656a2969 [ 442.695683][ T9017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 442.715287][ T9017] RSP: 002b:00007ff96350a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 442.723699][ T9017] RAX: ffffffffffffffda RBX: 00007ff9658c9fa0 RCX: 00007ff9656a2969 [ 442.731666][ T9017] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004 [ 442.739634][ T9017] RBP: 00007ff965724ab1 R08: 0000000000000000 R09: 0000000000000000 [ 442.747599][ T9017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 442.755563][ T9017] R13: 0000000000000000 R14: 00007ff9658c9fa0 R15: 00007ffd91a0df38 [ 442.763574][ T9017] [ 442.846510][ T9017] ================================================================== [ 442.854610][ T9017] BUG: KASAN: use-after-free in ax25_dev_device_down+0x35e/0x520 [ 442.862351][ T9017] Write of size 4 at addr ffff8880737d83b8 by task syz.4.1350/9017 [ 442.870264][ T9017] [ 442.872605][ T9017] CPU: 1 PID: 9017 Comm: syz.4.1350 Not tainted 5.15.184-syzkaller #0 [ 442.880779][ T9017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 442.890857][ T9017] Call Trace: [ 442.894154][ T9017] [ 442.897099][ T9017] dump_stack_lvl+0x168/0x230 [ 442.901801][ T9017] ? show_regs_print_info+0x20/0x20 [ 442.907018][ T9017] ? load_image+0x3b0/0x3b0 [ 442.911536][ T9017] ? _raw_spin_lock_irqsave+0xb0/0xf0 [ 442.916938][ T9017] print_address_description+0x60/0x2d0 [ 442.922583][ T9017] ? ax25_dev_device_down+0x35e/0x520 [ 442.927977][ T9017] kasan_report+0xdf/0x130 [ 442.932415][ T9017] ? ax25_dev_device_down+0x35e/0x520 [ 442.937795][ T9017] ? kfree+0xef/0x2a0 [ 442.941796][ T9017] kasan_check_range+0x27b/0x290 [ 442.946779][ T9017] ax25_dev_device_down+0x35e/0x520 [ 442.952003][ T9017] ax25_device_event+0x4b4/0x4f0 [ 442.956956][ T9017] raw_notifier_call_chain+0xcb/0x160 [ 442.962348][ T9017] __dev_notify_flags+0x178/0x2d0 [ 442.967391][ T9017] ? __dev_change_flags+0x6a0/0x6a0 [ 442.972601][ T9017] ? __dev_change_flags+0x4bb/0x6a0 [ 442.977814][ T9017] ? dev_get_flags+0x1c0/0x1c0 [ 442.982596][ T9017] ? dev_ioctl+0x54e/0xe50 [ 442.987019][ T9017] ? dev_ioctl+0x54e/0xe50 [ 442.991450][ T9017] dev_change_flags+0xe3/0x1a0 [ 442.996231][ T9017] dev_ifsioc+0x147/0xe70 [ 443.000585][ T9017] ? dev_ioctl+0xe50/0xe50 [ 443.005013][ T9017] ? apparmor_capable+0x12c/0x190 [ 443.010144][ T9017] ? full_name_hash+0x8e/0xe0 [ 443.014854][ T9017] dev_ioctl+0x55f/0xe50 [ 443.019121][ T9017] ? _copy_from_user+0x111/0x170 [ 443.024078][ T9017] sock_do_ioctl+0x222/0x2f0 [ 443.028686][ T9017] ? sock_show_fdinfo+0xb0/0xb0 [ 443.033568][ T9017] sock_ioctl+0x4ed/0x6e0 [ 443.037920][ T9017] ? sock_poll+0x3f0/0x3f0 [ 443.042360][ T9017] ? bpf_lsm_file_ioctl+0x5/0x10 [ 443.047314][ T9017] ? security_file_ioctl+0x7c/0xa0 [ 443.052443][ T9017] ? sock_poll+0x3f0/0x3f0 [ 443.056868][ T9017] __se_sys_ioctl+0xfa/0x170 [ 443.061473][ T9017] do_syscall_64+0x4c/0xa0 [ 443.065897][ T9017] ? clear_bhb_loop+0x30/0x80 [ 443.070583][ T9017] ? clear_bhb_loop+0x30/0x80 [ 443.075253][ T9017] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 443.081233][ T9017] RIP: 0033:0x7ff9656a2969 [ 443.085643][ T9017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 443.105363][ T9017] RSP: 002b:00007ff96350a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 443.113943][ T9017] RAX: ffffffffffffffda RBX: 00007ff9658c9fa0 RCX: 00007ff9656a2969 [ 443.121926][ T9017] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004 [ 443.129896][ T9017] RBP: 00007ff965724ab1 R08: 0000000000000000 R09: 0000000000000000 [ 443.137865][ T9017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 443.145839][ T9017] R13: 0000000000000000 R14: 00007ff9658c9fa0 R15: 00007ffd91a0df38 [ 443.153926][ T9017] [ 443.156944][ T9017] [ 443.159256][ T9017] Allocated by task 9017: [ 443.163706][ T9017] __kasan_kmalloc+0xb5/0xf0 [ 443.168299][ T9017] ax25_dev_device_up+0x50/0x580 [ 443.173236][ T9017] ax25_device_event+0x483/0x4f0 [ 443.178178][ T9017] raw_notifier_call_chain+0xcb/0x160 [ 443.183542][ T9017] __dev_notify_flags+0x178/0x2d0 [ 443.188557][ T9017] dev_change_flags+0xe3/0x1a0 [ 443.193319][ T9017] dev_ifsioc+0x147/0xe70 [ 443.197710][ T9017] dev_ioctl+0x55f/0xe50 [ 443.201960][ T9017] sock_do_ioctl+0x222/0x2f0 [ 443.206657][ T9017] sock_ioctl+0x4ed/0x6e0 [ 443.211013][ T9017] __se_sys_ioctl+0xfa/0x170 [ 443.215595][ T9017] do_syscall_64+0x4c/0xa0 [ 443.220005][ T9017] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 443.225894][ T9017] [ 443.228204][ T9017] Freed by task 9017: [ 443.232173][ T9017] kasan_set_track+0x4b/0x70 [ 443.236759][ T9017] kasan_set_free_info+0x1f/0x40 [ 443.241689][ T9017] ____kasan_slab_free+0xd5/0x110 [ 443.246705][ T9017] slab_free_freelist_hook+0xea/0x170 [ 443.252184][ T9017] kfree+0xef/0x2a0 [ 443.255985][ T9017] ax25_dev_device_down+0x1c0/0x520 [ 443.261184][ T9017] ax25_device_event+0x4b4/0x4f0 [ 443.266111][ T9017] raw_notifier_call_chain+0xcb/0x160 [ 443.271472][ T9017] __dev_notify_flags+0x178/0x2d0 [ 443.276498][ T9017] dev_change_flags+0xe3/0x1a0 [ 443.281251][ T9017] dev_ifsioc+0x147/0xe70 [ 443.285568][ T9017] dev_ioctl+0x55f/0xe50 [ 443.289822][ T9017] sock_do_ioctl+0x222/0x2f0 [ 443.294406][ T9017] sock_ioctl+0x4ed/0x6e0 [ 443.298731][ T9017] __se_sys_ioctl+0xfa/0x170 [ 443.303310][ T9017] do_syscall_64+0x4c/0xa0 [ 443.307714][ T9017] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 443.313607][ T9017] [ 443.315930][ T9017] Last potentially related work creation: [ 443.321632][ T9017] kasan_save_stack+0x35/0x60 [ 443.326420][ T9017] kasan_record_aux_stack+0xb8/0x100 [ 443.331709][ T9017] insert_work+0x54/0x3d0 [ 443.336037][ T9017] __queue_work+0x9c5/0xd50 [ 443.340548][ T9017] queue_work_on+0x11d/0x1d0 [ 443.345137][ T9017] inet6addr_event+0x9c/0xc0 [ 443.349755][ T9017] atomic_notifier_call_chain+0x15d/0x280 [ 443.355494][ T9017] addrconf_ifdown+0xdf4/0x1970 [ 443.360370][ T9017] addrconf_notify+0x445/0xf00 [ 443.365137][ T9017] raw_notifier_call_chain+0xcb/0x160 [ 443.370512][ T9017] __dev_notify_flags+0x178/0x2d0 [ 443.375558][ T9017] dev_change_flags+0xe3/0x1a0 [ 443.380390][ T9017] do_setlink+0xc01/0x3980 [ 443.384859][ T9017] rtnl_setlink+0x35b/0x450 [ 443.389385][ T9017] rtnetlink_rcv_msg+0x9b9/0xe60 [ 443.394363][ T9017] netlink_rcv_skb+0x1e0/0x430 [ 443.399116][ T9017] netlink_unicast+0x77c/0x920 [ 443.403870][ T9017] netlink_sendmsg+0x8ab/0xbc0 [ 443.408623][ T9017] sock_write_iter+0x29c/0x380 [ 443.413375][ T9017] do_iter_readv_writev+0x497/0x600 [ 443.418571][ T9017] do_iter_write+0x205/0x7b0 [ 443.423158][ T9017] do_writev+0x254/0x410 [ 443.427396][ T9017] do_syscall_64+0x4c/0xa0 [ 443.431825][ T9017] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 443.437723][ T9017] [ 443.440153][ T9017] The buggy address belongs to the object at ffff8880737d8300 [ 443.440153][ T9017] which belongs to the cache kmalloc-192 of size 192 [ 443.454217][ T9017] The buggy address is located 184 bytes inside of [ 443.454217][ T9017] 192-byte region [ffff8880737d8300, ffff8880737d83c0) [ 443.467502][ T9017] The buggy address belongs to the page: [ 443.473134][ T9017] page:ffffea0001cdf600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x737d8 [ 443.483294][ T9017] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 443.490847][ T9017] raw: 00fff00000000200 ffffea0000626dc0 0000000200000002 ffff888016841a00 [ 443.499455][ T9017] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 443.508045][ T9017] page dumped because: kasan: bad access detected [ 443.514457][ T9017] page_owner tracks the page as allocated [ 443.520157][ T9017] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 8560, ts 425884348703, free_ts 425227061974 [ 443.537694][ T9017] get_page_from_freelist+0x1b77/0x1c60 [ 443.543314][ T9017] __alloc_pages+0x1e1/0x470 [ 443.547976][ T9017] new_slab+0xb6/0x4b0 [ 443.552135][ T9017] ___slab_alloc+0x81e/0xdf0 [ 443.556722][ T9017] __kmalloc_node+0x200/0x3b0 [ 443.561393][ T9017] memcg_alloc_page_obj_cgroups+0x81/0x120 [ 443.567250][ T9017] slab_post_alloc_hook+0xba/0x380 [ 443.572351][ T9017] kmem_cache_alloc+0x100/0x290 [ 443.577194][ T9017] alloc_buffer_head+0x21/0x100 [ 443.582163][ T9017] alloc_page_buffers+0x341/0x600 [ 443.587186][ T9017] create_empty_buffers+0x3a/0x6d0 [ 443.592290][ T9017] ntfs_readpage+0xc84/0x2220 [ 443.596960][ T9017] do_read_cache_page+0x8a1/0x1030 [ 443.602066][ T9017] ntfs_map_page+0x24/0x390 [ 443.606561][ T9017] load_system_files+0x1d01/0x5560 [ 443.611661][ T9017] ntfs_fill_super+0x19e0/0x2c90 [ 443.616592][ T9017] page last free stack trace: [ 443.621248][ T9017] free_unref_page_prepare+0x637/0x6c0 [ 443.626706][ T9017] free_unref_page+0x94/0x280 [ 443.631380][ T9017] __vunmap+0x8ab/0xa40 [ 443.635557][ T9017] kcov_mmap+0x89/0x120 [ 443.639705][ T9017] mmap_file+0x5d/0xb0 [ 443.643764][ T9017] mmap_region+0xd0d/0x15e0 [ 443.648261][ T9017] do_mmap+0x77a/0xdf0 [ 443.652451][ T9017] vm_mmap_pgoff+0x1b2/0x2b0 [ 443.657048][ T9017] ksys_mmap_pgoff+0x542/0x780 [ 443.662021][ T9017] do_syscall_64+0x4c/0xa0 [ 443.666446][ T9017] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 443.672349][ T9017] [ 443.674662][ T9017] Memory state around the buggy address: [ 443.680285][ T9017] ffff8880737d8280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 443.688343][ T9017] ffff8880737d8300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 443.696398][ T9017] >ffff8880737d8380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 443.704452][ T9017] ^ [ 443.710332][ T9017] ffff8880737d8400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 443.718380][ T9017] ffff8880737d8480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 443.726425][ T9017] ================================================================== [ 443.748666][ T9017] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 443.755885][ T9017] CPU: 1 PID: 9017 Comm: syz.4.1350 Tainted: G B 5.15.184-syzkaller #0 [ 443.765422][ T9017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 443.775487][ T9017] Call Trace: [ 443.778761][ T9017] [ 443.781687][ T9017] dump_stack_lvl+0x168/0x230 [ 443.786364][ T9017] ? show_regs_print_info+0x20/0x20 [ 443.791595][ T9017] ? load_image+0x3b0/0x3b0 [ 443.796107][ T9017] panic+0x2c9/0x7f0 [ 443.800016][ T9017] ? bpf_jit_dump+0xd0/0xd0 [ 443.804514][ T9017] ? _raw_spin_unlock_irqrestore+0xf6/0x100 [ 443.810462][ T9017] ? _raw_spin_unlock+0x40/0x40 [ 443.815339][ T9017] ? ax25_dev_device_down+0x35e/0x520 [ 443.820709][ T9017] check_panic_on_warn+0x80/0xa0 [ 443.825645][ T9017] ? ax25_dev_device_down+0x35e/0x520 [ 443.831021][ T9017] end_report+0x6d/0xf0 [ 443.835200][ T9017] kasan_report+0x102/0x130 [ 443.839705][ T9017] ? ax25_dev_device_down+0x35e/0x520 [ 443.845068][ T9017] ? kfree+0xef/0x2a0 [ 443.849063][ T9017] kasan_check_range+0x27b/0x290 [ 443.854002][ T9017] ax25_dev_device_down+0x35e/0x520 [ 443.859543][ T9017] ax25_device_event+0x4b4/0x4f0 [ 443.864477][ T9017] raw_notifier_call_chain+0xcb/0x160 [ 443.869852][ T9017] __dev_notify_flags+0x178/0x2d0 [ 443.874896][ T9017] ? __dev_change_flags+0x6a0/0x6a0 [ 443.880087][ T9017] ? __dev_change_flags+0x4bb/0x6a0 [ 443.885285][ T9017] ? dev_get_flags+0x1c0/0x1c0 [ 443.890158][ T9017] ? dev_ioctl+0x54e/0xe50 [ 443.894575][ T9017] ? dev_ioctl+0x54e/0xe50 [ 443.899005][ T9017] dev_change_flags+0xe3/0x1a0 [ 443.903795][ T9017] dev_ifsioc+0x147/0xe70 [ 443.908128][ T9017] ? dev_ioctl+0xe50/0xe50 [ 443.912546][ T9017] ? apparmor_capable+0x12c/0x190 [ 443.917579][ T9017] ? full_name_hash+0x8e/0xe0 [ 443.922311][ T9017] dev_ioctl+0x55f/0xe50 [ 443.926550][ T9017] ? _copy_from_user+0x111/0x170 [ 443.931486][ T9017] sock_do_ioctl+0x222/0x2f0 [ 443.936082][ T9017] ? sock_show_fdinfo+0xb0/0xb0 [ 443.940946][ T9017] sock_ioctl+0x4ed/0x6e0 [ 443.945300][ T9017] ? sock_poll+0x3f0/0x3f0 [ 443.949718][ T9017] ? bpf_lsm_file_ioctl+0x5/0x10 [ 443.954652][ T9017] ? security_file_ioctl+0x7c/0xa0 [ 443.959758][ T9017] ? sock_poll+0x3f0/0x3f0 [ 443.964168][ T9017] __se_sys_ioctl+0xfa/0x170 [ 443.968751][ T9017] do_syscall_64+0x4c/0xa0 [ 443.973157][ T9017] ? clear_bhb_loop+0x30/0x80 [ 443.977828][ T9017] ? clear_bhb_loop+0x30/0x80 [ 443.982517][ T9017] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 443.988415][ T9017] RIP: 0033:0x7ff9656a2969 [ 443.992823][ T9017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.012423][ T9017] RSP: 002b:00007ff96350a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 444.020833][ T9017] RAX: ffffffffffffffda RBX: 00007ff9658c9fa0 RCX: 00007ff9656a2969 [ 444.028807][ T9017] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004 [ 444.036792][ T9017] RBP: 00007ff965724ab1 R08: 0000000000000000 R09: 0000000000000000 [ 444.044769][ T9017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 444.052731][ T9017] R13: 0000000000000000 R14: 00007ff9658c9fa0 R15: 00007ffd91a0df38 [ 444.060706][ T9017] [ 444.063924][ T9017] Kernel Offset: disabled [ 444.068249][ T9017] Rebooting in 86400 seconds..