last executing test programs: 18.376667768s ago: executing program 0 (id=1106): syz_usb_connect$uac2(0x5, 0x8f, &(0x7f0000000140)=ANY=[@ANYBLOB="1201100300000040732b130040000102030109027d000301053009080b00010107208c09040000000101"], &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0}) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x3, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x320, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) io_uring_setup(0x6e1e, &(0x7f0000000100)={0x0, 0x23d4, 0x800, 0xfffffffc, 0x100087}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x6) ioctl$KVM_GET_XSAVE2(r5, 0x9000aecf, &(0x7f0000ffd000/0x2000)=nil) r6 = socket(0x1e, 0x1, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 00000000000000004093 '], 0x2a, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) connect$tipc(r6, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r6, &(0x7f0000000340), 0x2000011a) syz_usb_connect(0x0, 0x24, 0x0, 0x0) syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) 13.898391513s ago: executing program 0 (id=1112): syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) kexec_load(0x3, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0x5, 0x4}], 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 13.436637867s ago: executing program 0 (id=1114): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000780)={0xfc78, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x20, 0x1, 0x1, 0x1}, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x5b03, 0x0) 12.886456395s ago: executing program 3 (id=1118): syz_open_dev$MSR(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) getsockopt$inet6_buf(r0, 0x3a, 0x20, 0x0, 0x0) socket$kcm(0xa, 0x1, 0x106) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000240)={0xa, 0x4e20, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0) sendmmsg$inet6(r1, 0x0, 0x0, 0x20080058) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x800001000091}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) mount(&(0x7f00000003c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000300)='udf\x00', 0x200480, 0x0) gettid() timer_create(0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x7e) socketpair$unix(0x1, 0x5, 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x80, 0x4) 12.559186746s ago: executing program 2 (id=1119): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_mptcp_buf(r4, 0x11c, 0x4, &(0x7f0000001440)=""/40, &(0x7f0000001480)=0x28) r5 = syz_open_dev$cec(&(0x7f0000002340), 0x0, 0x101441) ioctl$CEC_S_MODE(r5, 0x40046109, 0x0) r6 = syz_open_dev$cec(&(0x7f0000000200), 0x0, 0x20000) ioctl$CEC_S_MODE(r6, 0x40046109, &(0x7f0000000240)=0x82) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x4e, 0x0, 0x100000000007, 0xdb4e, 0x3, 0x2, 0x106c, 0x100, 0x8000000000000, 0x80000004000080, 0x8000000, 0xa, 0x0, 0x4, 0x0, 0x8000], 0x1, 0x3c5210}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c0000001a000100000000000000cf008020200000000000000000000800"], 0x2c}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5}], {0x14}}, 0xa4}}, 0x0) mount$9p_tcp(&(0x7f00000002c0), &(0x7f0000000300)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000004c0), 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="7672616e733d7468702c706f72743d3078303030303030303030303030ee3928346532322c70726976706f72"]) 10.168555903s ago: executing program 2 (id=1120): r0 = userfaultfd(0x80001) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x2}]}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x9}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r2, 0x0, 0x40) close(0x3) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x14}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000280)={{&(0x7f000059e000/0x2000)=nil, 0x2000}, 0x1}) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000000000)={0x0, 0xea60}, 0x10) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x8000000000100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r5 = getpid() sched_setscheduler(r5, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)) write$cgroup_int(r4, &(0x7f0000000040)=0x1f00, 0x12) 10.114744914s ago: executing program 3 (id=1121): syz_usb_connect$uac2(0x5, 0x8f, &(0x7f0000000140)=ANY=[@ANYBLOB="1201100300000040732b130040000102030109027d000301053009080b00010107208c09040000000101"], &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0}) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x3, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x320, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) io_uring_setup(0x6e1e, &(0x7f0000000100)={0x0, 0x23d4, 0x800, 0xfffffffc, 0x100087}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x6) ioctl$KVM_GET_XSAVE2(r5, 0x9000aecf, &(0x7f0000ffd000/0x2000)=nil) socket(0x1e, 0x1, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 00000000000000004093 '], 0x2a, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) 9.991715708s ago: executing program 0 (id=1122): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) unshare(0x2c020400) r0 = io_uring_setup(0x13d8, &(0x7f0000000180)={0x0, 0x3abe, 0x10, 0x0, 0x145}) r1 = creat(&(0x7f0000000280)='./file0\x00', 0xa8) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f00000002c0)=r1, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r2 = fsopen(&(0x7f0000000280)='ntfs3\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) close(0x3) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={0x0}, 0x0) sched_setaffinity(r3, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'veth0_macvtap\x00'}) r5 = socket(0x2a, 0x1, 0xbb) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x20000000) sendmsg$nl_route_sched(r5, 0x0, 0x10) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) mount$9p_fd(0x0, 0x0, 0x0, 0x218888, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) r7 = socket$netlink(0x10, 0x3, 0x0) writev(r7, &(0x7f00000003c0)=[{0x0}], 0x1) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x20, 0x25, 0x109, 0x870bd22, 0xfffffff9, {0x2}, [@typed={0xc, 0x163, 0x0, 0x0, @u64=0x12}]}, 0x20}, 0x1, 0x0, 0x0, 0x1000c957}, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000280)=[@tclass={{0x14, 0x29, 0x43, 0x2}}, @hoplimit={{0x14, 0x29, 0x34, 0x9}}], 0x30}, 0x0) ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0xffffffffffffffff) 8.69963528s ago: executing program 2 (id=1123): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@acquire], 0xffffffffffffff47, 0x0, 0x0}) dup3(r1, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0xfffffffffffffffd}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xffffffffffffff67, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000400)={@ptr={0x66642a85, 0x0, 0x0, 0x0, 0x2, 0x3e}, @ptr={0x70742a85, 0x20000000, &(0x7f0000000580)=""/236, 0x20, 0x1, 0x26}, @fda={0x66646185, 0x8, 0x1, 0xb8}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1040}], 0x0, 0x0, 0x0}) 8.163628548s ago: executing program 2 (id=1125): syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f0000000800)='./file0\x00', 0x2204806, &(0x7f0000000000)=ANY=[@ANYBLOB='map=off,overriderockperm\x00iocharset=iso8859-3,showassoc,session=0x0000000000000062,utf8Amap=acorn,iocharset=cp1250,dmode=0x0000000000380000,showassoc,mode=0x0000000000000002,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c6673636f6e74657a743d73746166665f752c7065726d06005f646972656374696f2c00"], 0xfa, 0x69f, &(0x7f0000000f00)="$eJzs3c9v2+Ydx/EP5V+yOwTFNhRBkB9PkhVwsEyR5MaBkQEtR1E2N0kUSHmwgQFF1thFEDndkg5YfOl82Q+gA3berZcddts/MKDn/he7bUCx3QZsBw4kRVmyRMlqHLdZ3y8jEUV++Txfkgq/oSU+EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkOXUyuWKpYbX2t4x+Zxa4DcnLE9bW9CtdOLW1H4lK/6jYlEX01kXv328+I34rxu6nD67rGL8UNTha2+8fv9b84Vs/QkJfRGatcFnzw8fP+h2956eInZOMzf/ZVLhFEGbbssLfa9pb7rGC32zsb5evrNVD03da7jhbthxm8YJ3ELHD8yqc8tUNjbWjFva9bdbmzW74WYz732vWi6vmx8upQdaUil0trxGw2ttJjHx4jjmnvn4J2mAazeN2X/U3VublmQcVMlbWBgIqk5rqVquViuVarWyfnfj7r1yeX5kRjlmlfs0EnHmL1q8Ys7u5A28oEJc//9mSQ0V1dK2dmTG/jiqKZCvZs7ynqz+v3nHndjvYP3PqvxF6e3e4ktK6v/V9NnVvPqfk4uRSVYYt8TKmT/bz0KSkdEzPdehHuuBuupqT0/PoG0jc+1MWjmHn025aslTKF+emrKTOaY3x2hD61pXWe9qS3WFMqrLU0OuQu0qVEdu8opyFMiVrY58BTJalaNbMqpoQxtak5Grknbla1stbaomW/+Oomhfj5L9vjYhR2VBlZyApcGg6oSW8ur/Tz9KX6e9+l+m/n9dpa+DpfThs0kxwFdA1Lv+n9G1l5MNAAAAAAB4Gazkt+9W8t79FUmR6l7DLeevsHie2QEAAAAAgLNgKVrSZVnx9b+kK7KmXP8DAAAAAIBXjpXcY2dJWkk+1G8d3wl1ml8CzJ1DigAAAAAA4AUld/5fXZSiZNCKa7Jmuv4HAAAAAACvgN8OjLE/n42xG2Vv6xckhe0l66//XFKwYB21d75jHdjxEvtgrpCEjHwCoFO/ZIV/SAfqTcbrXZSUPHPcy1avt94gmP1xBz/fnzbWvxWcSGBxbrCBEwlc6K1txT2vz/ee6WNdf3so9uFhQcmStJeVutdwS47fuF+RbV8odNydzi+ePPqlFPS3c/9Rd6/03gfdh0kuR/Gso4M4j4+ydP6y2Nt1w7kkD/1c/hulpCtjt3hZ9azL37WaK1bSbznb/jnZB4XjY5S7/cN96te6kR6zGytp7Mphf8T9ePuL8fZXSskhG9r6YME6zqJycsvHHYicLIpJFjfTmJurN9OHLL+4nYJV/O6cVC2NHoOhLKqDWUzfF9a/RvbFpCx6+2ItzuLTuKGcLNZmy2LkiADAl2U/GfUnufMvGcR8pO5m5SE7qX2hujO9ur8zXN0//GNcGdP/Xsz33puY2EtR8Rl91Urq0KKSE+v8pZEzerY19oWics7o5ReobnFffz7+DqRe2iNZ/CeKovuVpN/fn6iqn8QrfJLbb9hId/udDw9+lgyAH3t/7/29J9Xq2nr5rXL5blULyWb0HuZE7QEAjJj+HTtTI6y3dD2NuP7wH2+mU0MV75v9jxSU9J4+UFcPtZB9hcC18a2uDHwM4XZ61aqBq1bzxuv3l6WTsRXdzr2qS2rpQGy1H7ugbJXhSn0cu/aSjwIAAOfrxpQ6PL7+F4fq/22tphGrl8Zedw/X8t7Vcf+SPi+2Mj35d856bwAA8PXgBp9bK53fWEHgtd+tbGxU7M6WawLf+ZEJvNqma7xWxw2cLbu16Zp24Hd8x2+YdqAlr+aGJtxut/2gY+p+YNp+6O0k3/xuel/9HrpNu9XxnLDdcO3QNY7f6thOx9S80DHt7R80vHDLDZKVw7breHXPsTue3zKhvx04bsmY0HUHAr2a2+p4dS+ebJl24DXtYNf82G9sN11Tc0Mn8NodP20w68tr1f2gmTRbUjTzFx0CAPD/6Nnzw8cPut29pycnluNL83TOkXJiRicWxzTIGEEAAHzFHJfrGVYq9qc+jV5KVgAAAAAAAAAAAAAAAAAAAAAAYND0W/pmnFgYd7Og1J/z8wu9OfqVjm8xHGnH0lknNstEYda1slsiDh9/NiF4uT8n2/2DMUfntoF//4b0WjJH6Zz5ccHF/Has6X0tTzi4p5yYi3fQaYO/v5/u0dyYeOHYRUv9YzF/9v8c4oknf8pZFEVRNHn1peF9uDhpA4cn5iU9XXyBQ3D+5yIA5+t/AQAA//+xxzz3") r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x20a02, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x30a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000040000010000000000000000000700000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a0000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163763461700000000900010073797a310000000014000000020a0103020000000000000025e600000006140000001100010000000000"], 0xb0}}, 0x0) r4 = syz_io_uring_setup(0xd03, &(0x7f0000002900)={0x0, 0xf25d, 0x10, 0x0, 0x3}, &(0x7f0000000440), &(0x7f0000000140), &(0x7f0000000180)) io_uring_enter(r4, 0x88e, 0x1f, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r4, 0x13, 0x0, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0) 7.859726537s ago: executing program 0 (id=1126): r0 = getpgrp(0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x8000000000001, r0, 0x2, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000140)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 5.432153895s ago: executing program 3 (id=1128): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, 0x0, 0xc000) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3800000012140100a5bd7000fcdbdf25080001000000000008004b001300000008001500010000000800"], 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x80) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x14) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004f40)={{0x14}, [@NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x58}}, 0x0) socket$l2tp(0x2, 0x2, 0x73) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000001040)={0x60, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_0\x00'}}]}, 0x60}, 0x1, 0x0, 0x0, 0x854}, 0x844) prlimit64(r2, 0xc, &(0x7f0000000180)={0x8, 0x6}, &(0x7f0000000f80)) 4.99981627s ago: executing program 1 (id=1129): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000200)={@dev={0xac, 0x14, 0x14, 0x1f}, @private=0xa010101, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0x880b2, 0xfffffff3, 0x4, 0x40000006}, 0x3c) 2.639083935s ago: executing program 3 (id=1130): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) socket$inet(0x2, 0xa, 0x401) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, 0x0, 0x40014) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="050000000a0000004200000040"], 0x50) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x5, 0x8, 0x40, 0x42, 0x1}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0), 0x111, 0x5}}, 0x20) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) ppoll(&(0x7f0000000300)=[{r2, 0x4236}], 0x1, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x8000001, &(0x7f0000000300), 0x2, 0x1}}, 0x20) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) 2.623320976s ago: executing program 0 (id=1131): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0xc806, 0x0, 0x0) r1 = fsopen(&(0x7f00000003c0)='tmpfs\x00', 0x1) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x4064, &(0x7f0000000000)='\x00\x00\x00\x00\x00o-\xeem&\xa6\x90y\x7f$o\x8b\xd0\x88d\xc5x\xd7\x99\xac\xfc\x1b%\xe6\x87\xb7i\x12\xe3\xba\xe5\x1a\a\x00\x00\x00\x00\x00\x00\x82c\xab8\xf3LJ\n\xd85\x98\xb7-\xf8GU\x02\xd9\xf9n\xa2\x82\x1a\x1f+.(I \xfe\x87\xf4\xc0\xc4\xac\x01\x9a\x12\x00,\xd6X\xda\x01oU9c4\xd2 \xd4\xdcr\xe9/\x87\x80f,*-\xb0h\x11\xd0;\xc9\xfb\x99\xef\x02\xb5\xffg\xb8\x80\x94\xf36\xa6\xe8\xe9\xbd_\x97\x00\xe1\xd9\xa2\xbd(\xf7n\xef\xc8\x9e(O\xa3\x18\x9d.\x1fx(k\r\xa1\x15\xf7\x8dN\xde\xc2\xb4\xa4UG\xc0\xd0\x8fc\x00\xc7\x80\x06/\x86\xcb\xb5:\xec\xb3\xd2\xb8\xbfA\xd0\x1b\x8f/x\x1f\t\xe6g_\x02\xe9n\xb7S}\xfcD\x19\xe1\x9bPU\x05vg\xf1\x80\xf7\xc5@e3\xbfV\x9c4\x92\xf6\xccPX\xe7\xa3\x80\f\xea\xb9\x18\xb1\x95.\xba\xfa\x96\x8eW=|\\\xf3\xc4\xecHM\x978/\xfd\xf7\x9c\xdf\x9c\xc2\x01!\xb6\xb7\xa6Z\xbc\xa1\a{g\xb2\x9a\xfe\x8a\aA\x8a\x00\x00\x00\x00\x00\x00\x00\x00\xd3\xf2\xb6\xb8\xce\x91|\xa7\x06\xe0\a+-\xae\xceK\xb1@\x94\xe8\xe4\x8b!n5\xad\x80\xec{M\xb3\x1d\x90\xc4F\xc7X\xc1#h\xc2\xaa@\xfdjY\xe4\x1c\xc0\x8a\xea\x1a\xad\xa7\xba@\xc6F\x10(\x9f\xb0\x9d\x1e\xe2\x8eP\xae\x03\xd9\xd4.\x9f\x9d\x97\x88KP\xad\xa1\x11?\xa1\xaf\tNH\x18\x83\x8d\xab\x13t\xfd@|R\xd8\xf5Z\xc2\n\x14\xa98\x9e.\x04\xbc\x05\x82\xb4^k\xdd\x880\xec\xd2\x15_s{~\xa6-88_\xa2\x8e\xee 0\xd5\xd8\xbb\xfc\x86h \x92\xdf\xd5\x94@I\x88B=g%>fL\x93\xa8\xa7\x89\x84_\x7f\x8c\xe6\xf6\xb8f\x19\x1f\xfe\x14\xfa\x04`\x00\x00\x00\x00\x00\xf9(\xaaE.&\xe0\xd8\x15\x93\x1b\xf1\x1e,y\x12\x82\x85q\xe7c\x15rh|Mb\x06=\x1e\x0f\x1d\x10') mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000007, 0x32, 0xffffffffffffffff, 0x10000000) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0xf) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5393, &(0x7f0000000000)) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_dev$sndctrl(0x0, 0x0, 0x0) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x809}, {0xa, 0x8, 0x0, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe, 0x0, 0xffffffff, 0x8]}}, 0x5c) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) sendmsg$NFT_BATCH(r3, 0x0, 0x0) 2.51172711s ago: executing program 1 (id=1132): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x1539, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15) 2.312107306s ago: executing program 3 (id=1133): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r0, 0x3b87, &(0x7f00000005c0)={0x18, 0x0, 0x1, 0x0, 0x2000000}) 1.513026242s ago: executing program 1 (id=1134): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x10, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffb}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xa7}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) 1.407647365s ago: executing program 1 (id=1135): openat$tun(0xffffffffffffff9c, 0x0, 0x20400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x40) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a0) mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) chdir(&(0x7f00000000c0)='./bus\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r4 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000280)=[0x8000, 0x8], 0x0, 0x0, 0x2, 0x1}}, 0x40) mmap(&(0x7f00001f8000/0x4000)=nil, 0x4000, 0x0, 0x12012, r5, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r7, 0x0) r8 = creat(&(0x7f0000000580)='./file1\x00', 0x0) r9 = fanotify_init(0xf00, 0x1) fanotify_mark(r9, 0x105, 0x40009975, r8, 0x0) fallocate(r3, 0x0, 0x1000000, 0x3) 1.383778776s ago: executing program 3 (id=1136): socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x5, 0x24, 0x0, 0x0) r0 = socket(0x2a, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000100)="f2435f0100088000000000950800", 0xe, 0x1, &(0x7f0000000200)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}}, 0x14) syncfs(r0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000013000100000000000000000000000002", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r2, @ANYBLOB="1400350064756d6d7930"], 0x3c}, 0x1, 0x0, 0x0, 0x8080}, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000080)={'dummy0\x00', 0x1}) 1.152865914s ago: executing program 2 (id=1137): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x79) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_POWER(r2, 0x112, 0x9, 0x0, 0x0) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x20, 0x8, 0xb, 0xfffff024}, {0x6, 0xfe, 0x0, 0x2000000}]}, 0x10) sendmmsg(r3, &(0x7f0000001c00), 0x400000000000159, 0x40840) r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) getsockopt$IP_VS_SO_GET_SERVICES(r5, 0x12, 0x482, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r6 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000180), r0) sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x14, r6, 0x401, 0x70bd2c, 0x25dfdbfd, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) 188.177245ms ago: executing program 1 (id=1138): r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/route\x00') read$snapshot(r0, &(0x7f0000000040)=""/235, 0xeb) 1.061851ms ago: executing program 1 (id=1139): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@multicast2, 0x4e22, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x1}, {0xfffffffffffffffd, 0x1, 0x6, 0x0, 0x9, 0x80000000, 0x0, 0x7fffffdfffffffff}, {0x0, 0x0, 0xffffffffffffffff, 0x20000000000000}, 0x8, 0x0, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x4d4, 0x6c}, 0xa, @in=@dev={0xac, 0x14, 0x14, 0xb}, 0x3500, 0x4, 0x3, 0x0, 0x0, 0x800, 0x200000}}, 0xe8) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x2000000000000) 0s ago: executing program 2 (id=1140): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) dup(r0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50) ioctl$SNDCTL_SYNTH_ID(r2, 0xc08c5114, &(0x7f00000003c0)={"637bf629b5896eeb77e137c6e7f24b7891d6f012acc9fe23b2a34566bb56", 0x2, 0x1, 0x0, 0x101, 0x81, 0x5, 0x1, 0x6, [0x5, 0x4, 0x1, 0x401, 0x3, 0x2ab9, 0x4e2edc8b, 0x80000001, 0x8, 0x7, 0x3, 0x4, 0x7ef, 0xc, 0xffff0000, 0x2, 0x6, 0x7, 0x6]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) syz_io_uring_setup(0x48, &(0x7f0000000300)={0x0, 0xf20f, 0x40, 0x2, 0x1b}, &(0x7f0000000100)=0x0, &(0x7f00000000c0), &(0x7f0000000000)) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi5\x00', 0x101001, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000200)={0x28f, 0xfff, 0xa}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000000)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r7, 0xc01c64a3, &(0x7f0000000340)={0x3, r8, 0x7ffffff6, 0x4, 0xb, 0x1fd, 0x1}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0xfffe, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003580)=ANY=[@ANYRES64=r3], 0x20}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010) r9 = socket$nl_rdma(0x10, 0x3, 0x14) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000580)={@map=r2, 0x36, 0x0, 0x1, &(0x7f00000001c0)=[0x0], 0x1, 0x0, &(0x7f0000000480)=[0x0], &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000640)=ANY=[@ANYRES32=r6, @ANYRES32=r2, @ANYBLOB='6\x00'/12, @ANYRES32=r2, @ANYBLOB="7744003d1c42bbbf5585481f5bbebca9b2f629aaff93bbcb72fe456308ce041701d014bd296888cb9c78a507b05930052948b0ef1d844b312f5ebfb475c2cc6eaa09ce4a3359e074f46d7db213fddac962f43b3475e0a538f40e397d03db34408cbd055b680c837b98a7b3e3f79903f8c42445400ccff486f003712c179c2595d77e26dcf4558cb3ae2a095d1b31a7f7691800"/156, @ANYRES64=r10], 0x20) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r9, 0x0, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08786eb8", @ANYRESOCT, @ANYRES32=r4], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b73964}, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.122' (ED25519) to the list of known hosts. [ 76.825808][ T5758] cgroup: Unknown subsys name 'net' [ 76.939463][ T5758] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 78.586026][ T5758] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 80.878631][ T5778] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.908353][ T5778] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.916183][ T5778] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.924917][ T5778] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.932876][ T5778] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.940221][ T5778] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.957022][ T5781] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.964487][ T5780] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.973265][ T5780] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 80.981304][ T5781] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.989095][ T5780] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.997528][ T5780] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.005909][ T5780] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.017724][ T5780] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.030356][ T5786] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.037997][ T5779] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 81.045135][ T5780] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.053309][ T5786] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.061868][ T5780] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.068993][ T5781] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.080330][ T5781] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.089825][ T5082] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.101785][ T5780] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 81.113645][ T5780] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.536014][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 81.618527][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 81.726190][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.734098][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.741935][ T5770] bridge_slave_0: entered allmulticast mode [ 81.748976][ T5770] bridge_slave_0: entered promiscuous mode [ 81.757816][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 81.789804][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.797276][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.804619][ T5770] bridge_slave_1: entered allmulticast mode [ 81.812124][ T5770] bridge_slave_1: entered promiscuous mode [ 81.857584][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.866757][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.874189][ T5771] bridge_slave_0: entered allmulticast mode [ 81.881615][ T5771] bridge_slave_0: entered promiscuous mode [ 81.912888][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.920161][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.927680][ T5771] bridge_slave_1: entered allmulticast mode [ 81.935161][ T5771] bridge_slave_1: entered promiscuous mode [ 81.956041][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.972576][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.016169][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 82.078267][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.092700][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.113216][ T5770] team0: Port device team_slave_0 added [ 82.131924][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.139116][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.149354][ T5773] bridge_slave_0: entered allmulticast mode [ 82.156551][ T5773] bridge_slave_0: entered promiscuous mode [ 82.176671][ T5770] team0: Port device team_slave_1 added [ 82.195077][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.202923][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.210075][ T5773] bridge_slave_1: entered allmulticast mode [ 82.218135][ T5773] bridge_slave_1: entered promiscuous mode [ 82.261355][ T5771] team0: Port device team_slave_0 added [ 82.297515][ T5771] team0: Port device team_slave_1 added [ 82.314592][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.322994][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.349536][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.363893][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.376763][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.417758][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.424878][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.452178][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.477151][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.484265][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.510370][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.523014][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.530241][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.537565][ T5772] bridge_slave_0: entered allmulticast mode [ 82.545307][ T5772] bridge_slave_0: entered promiscuous mode [ 82.560190][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.567789][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.575651][ T5772] bridge_slave_1: entered allmulticast mode [ 82.583818][ T5772] bridge_slave_1: entered promiscuous mode [ 82.610798][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.617796][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.644304][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.716042][ T5773] team0: Port device team_slave_0 added [ 82.741012][ T5771] hsr_slave_0: entered promiscuous mode [ 82.747430][ T5771] hsr_slave_1: entered promiscuous mode [ 82.759471][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.782233][ T5773] team0: Port device team_slave_1 added [ 82.800707][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.816324][ T5770] hsr_slave_0: entered promiscuous mode [ 82.823453][ T5770] hsr_slave_1: entered promiscuous mode [ 82.829566][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.837756][ T5770] Cannot create hsr debugfs directory [ 82.911511][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.918518][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.944793][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.958585][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.965851][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.992227][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.006795][ T5772] team0: Port device team_slave_0 added [ 83.015807][ T5772] team0: Port device team_slave_1 added [ 83.071647][ T5777] Bluetooth: hci2: command tx timeout [ 83.150121][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.151020][ T5777] Bluetooth: hci3: command tx timeout [ 83.163590][ T5780] Bluetooth: hci1: command tx timeout [ 83.167307][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.169433][ T5780] Bluetooth: hci0: command tx timeout [ 83.202670][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.242792][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.249791][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.276474][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.324069][ T5773] hsr_slave_0: entered promiscuous mode [ 83.331425][ T5773] hsr_slave_1: entered promiscuous mode [ 83.337879][ T5773] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.345629][ T5773] Cannot create hsr debugfs directory [ 83.420190][ T5772] hsr_slave_0: entered promiscuous mode [ 83.426641][ T5772] hsr_slave_1: entered promiscuous mode [ 83.433652][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.441397][ T5772] Cannot create hsr debugfs directory [ 83.597068][ T5771] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 83.644608][ T5771] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 83.678434][ T5771] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 83.715225][ T5771] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 83.837680][ T5770] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.848145][ T5770] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.873879][ T5770] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.898106][ T5770] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.018467][ T5772] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.044152][ T5772] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.059965][ T5772] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.072685][ T5772] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.117835][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.167718][ T5773] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 84.204275][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.211701][ T5773] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 84.223981][ T5773] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 84.236650][ T5773] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 84.308818][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.316194][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.342858][ T3430] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.350007][ T3430] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.423816][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.442405][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.489421][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.502348][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.535051][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.542265][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.585937][ T3430] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.593183][ T3430] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.611641][ T3430] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.618758][ T3430] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.629594][ T3430] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.636794][ T3430] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.684540][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.807334][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.850200][ T3430] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.857507][ T3430] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.887574][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.894774][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.045069][ T5773] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 85.070886][ T5773] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 85.126313][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.152009][ T5780] Bluetooth: hci2: command tx timeout [ 85.233252][ T5780] Bluetooth: hci3: command tx timeout [ 85.233271][ T5082] Bluetooth: hci1: command tx timeout [ 85.238752][ T5780] Bluetooth: hci0: command tx timeout [ 85.305047][ T5771] veth0_vlan: entered promiscuous mode [ 85.323189][ T5771] veth1_vlan: entered promiscuous mode [ 85.447628][ T5771] veth0_macvtap: entered promiscuous mode [ 85.463003][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.478026][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.507311][ T5771] veth1_macvtap: entered promiscuous mode [ 85.571812][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.597623][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.629359][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.646933][ T5771] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.656931][ T5771] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.666229][ T5771] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.675263][ T5771] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.733945][ T5772] veth0_vlan: entered promiscuous mode [ 85.762506][ T5772] veth1_vlan: entered promiscuous mode [ 85.774062][ T5770] veth0_vlan: entered promiscuous mode [ 85.859574][ T5773] veth0_vlan: entered promiscuous mode [ 85.868853][ T5770] veth1_vlan: entered promiscuous mode [ 85.908974][ T5773] veth1_vlan: entered promiscuous mode [ 85.925873][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.936986][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.011220][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.019099][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.028278][ T5772] veth0_macvtap: entered promiscuous mode [ 86.074142][ T5773] veth0_macvtap: entered promiscuous mode [ 86.085543][ T5772] veth1_macvtap: entered promiscuous mode [ 86.109236][ T5773] veth1_macvtap: entered promiscuous mode [ 86.150719][ T5770] veth0_macvtap: entered promiscuous mode [ 86.184159][ T5770] veth1_macvtap: entered promiscuous mode [ 86.204470][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.222137][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.237032][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.268975][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.290212][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.304110][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.327830][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.344840][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.357081][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.368471][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.382686][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.398447][ T5772] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.408959][ T5772] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.423357][ T5772] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.435979][ T5772] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.463744][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.475698][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.487092][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.498578][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.509931][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.523109][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.535383][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.547662][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.562071][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.572348][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.583955][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.597543][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.648410][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.664853][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.687412][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.698372][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.709442][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.720105][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.736950][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.766684][ T5773] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.776800][ T5773] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.785596][ T5773] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.795177][ T5773] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.854985][ T5770] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.867786][ T5770] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.880760][ T5770] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.889528][ T5770] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.100680][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.126605][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.232532][ T5780] Bluetooth: hci2: command tx timeout [ 87.264055][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.295776][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.310517][ T5780] Bluetooth: hci0: command tx timeout [ 87.315985][ T5780] Bluetooth: hci1: command tx timeout [ 87.321552][ T5780] Bluetooth: hci3: command tx timeout [ 87.457756][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.491204][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.599123][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.650492][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.701463][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.709355][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.805583][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.848846][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.831637][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.228767][ T5780] Bluetooth: hci2: command tx timeout [ 90.234747][ T5777] Bluetooth: hci1: command tx timeout [ 90.241014][ T5082] Bluetooth: hci0: command tx timeout [ 90.246476][ T5777] Bluetooth: hci3: command tx timeout [ 90.685417][ T5858] syz.1.6[5858]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.188642][ T9] cfg80211: failed to load regulatory.db [ 94.950964][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.360692][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.574888][ T5858] loop1: detected capacity change from 0 to 32768 [ 95.663623][ T5858] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.6 (5858) [ 96.017172][ T5858] BTRFS error (device loop1): open_ctree failed: -4 [ 97.245001][ T5889] warning: `syz.1.14' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 98.192028][ T5900] Illegal XDP return value 4294967274 on prog (id 4) dev syz_tun, expect packet loss! [ 100.070853][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.935617][ T5932] loop2: detected capacity change from 0 to 2048 [ 101.983805][ T5934] loop0: detected capacity change from 0 to 16 [ 102.018341][ T5934] ======================================================= [ 102.018341][ T5934] WARNING: The mand mount option has been deprecated and [ 102.018341][ T5934] and is ignored by this kernel. Remove the mand [ 102.018341][ T5934] option from the mount to silence this warning. [ 102.018341][ T5934] ======================================================= [ 102.082252][ T5932] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.099656][ T5934] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 102.134687][ T5932] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.433873][ T5942] loop1: detected capacity change from 0 to 512 [ 102.464305][ T5942] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 102.474365][ T5942] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 102.491766][ T5945] netlink: 8 bytes leftover after parsing attributes in process `syz.2.29'. [ 102.504371][ T5942] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 102.512066][ T5780] Bluetooth: hci2: command tx timeout [ 102.774830][ T5942] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 102.820642][ T5942] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e11c, mo2=0000] [ 102.849730][ T5942] EXT4-fs (loop1): orphan cleanup on readonly fs [ 102.945079][ T5946] loop0: detected capacity change from 0 to 1024 [ 102.963916][ T5942] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.32: bg 0: block 34: padding at end of block bitmap is not set [ 103.052619][ T5946] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 103.071105][ T5942] Quota error (device loop1): write_blk: dquota write failed [ 103.078753][ T5942] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota [ 103.115704][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.127896][ T5942] EXT4-fs error (device loop1): ext4_acquire_dquot:6953: comm syz.1.32: Failed to acquire dquot type 1 [ 103.201462][ T5942] EXT4-fs (loop1): 1 truncate cleaned up [ 103.233748][ T5942] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 103.286886][ T5942] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.516601][ T5939] loop3: detected capacity change from 0 to 32768 [ 104.618590][ T5939] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 104.770994][ T5939] XFS (loop3): Ending clean mount [ 104.805533][ T5939] XFS (loop3): Quotacheck needed: Please wait. [ 104.948326][ T5939] XFS (loop3): Quotacheck: Done. [ 104.967712][ T5968] loop2: detected capacity change from 0 to 512 [ 105.007550][ T5968] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.126257][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.161265][ T28] audit: type=1804 audit(1779671979.984:2): pid=5939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.31" name="/newroot/9/file0/bus" dev="loop3" ino=9291 res=1 errno=0 [ 105.310262][ T5773] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 105.881120][ T5760] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 106.122245][ T5760] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 106.233797][ T5760] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 106.376971][ T5760] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 106.599013][ T5760] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 106.663893][ T5760] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.705044][ T5760] usb 2-1: Product: syz [ 106.709285][ T5760] usb 2-1: Manufacturer: syz [ 106.750619][ T5760] usb 2-1: SerialNumber: syz [ 106.793156][ T5760] usb 2-1: config 0 descriptor?? [ 106.863395][ T5986] loop2: detected capacity change from 0 to 512 [ 106.938332][ T5986] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.992973][ T5986] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.303102][ T5760] adutux 2-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 108.318600][ T5760] usb 2-1: USB disconnect, device number 2 [ 108.540515][ T27] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 108.587517][ T6001] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 108.613514][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.734300][ T27] usb 4-1: config 0 has no interfaces? [ 108.739867][ T27] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 108.750480][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.762978][ T27] usb 4-1: config 0 descriptor?? [ 109.192816][ T23] usb 4-1: USB disconnect, device number 2 [ 110.018180][ T6027] raw_sendmsg: syz.1.54 forgot to set AF_INET. Fix it! [ 110.550490][ T6037] process 'syz.1.57' launched './file2' with NULL argv: empty string added [ 115.815617][ T6065] loop3: detected capacity change from 0 to 40427 [ 116.607994][ T6065] F2FS-fs (loop3): Corrupted extension count (327717 + 1 > 64) [ 116.758468][ T6065] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 116.796961][ T6065] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x7ffff [ 116.927778][ T6065] F2FS-fs (loop3): invalid crc value [ 116.941535][ T6065] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-4) [ 116.959214][ T6086] syzkaller0: entered promiscuous mode [ 116.967153][ T6086] syzkaller0: entered allmulticast mode [ 117.012605][ T6091] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 65487 [ 117.159744][ T6091] netlink: 'syz.0.74': attribute type 3 has an invalid length. [ 117.260544][ T6091] netlink: 3 bytes leftover after parsing attributes in process `syz.0.74'. [ 119.830438][ C0] sched: RT throttling activated [ 120.960458][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 121.834280][ T6122] loop2: detected capacity change from 0 to 164 [ 122.372151][ T6128] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 125.670873][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 128.193482][ T6165] loop0: detected capacity change from 0 to 2048 [ 128.268660][ T6165] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.314248][ T6165] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 128.326683][ T28] audit: type=1804 audit(1779672003.134:3): pid=6165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.98" name="/newroot/20/file1/cgroup.controllers" dev="loop0" ino=18 res=1 errno=0 [ 128.380759][ T6165] EXT4-fs (loop0): Remounting filesystem read-only [ 128.500202][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.438607][ T6187] Zero length message leads to an empty skb [ 131.832655][ T6202] loop1: detected capacity change from 0 to 2048 [ 132.090039][ T6202] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.147613][ T28] audit: type=1804 audit(1779672006.974:4): pid=6202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.108" name="/newroot/25/file1/cgroup.controllers" dev="loop1" ino=18 res=1 errno=0 [ 132.622478][ T35] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 132.783993][ T35] EXT4-fs (loop1): Remounting filesystem read-only [ 132.832999][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.010980][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.017716][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.040932][ T6213] netlink: 4 bytes leftover after parsing attributes in process `syz.3.105'. [ 136.240696][ T28] audit: type=1400 audit(1779672011.064:5): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=6240 comm="syz.1.116" [ 144.809004][ T6266] loop2: detected capacity change from 0 to 1024 [ 151.048173][ T6295] bridge_slave_0: left allmulticast mode [ 151.086535][ T6295] bridge_slave_0: left promiscuous mode [ 151.105081][ T6295] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.243370][ T6295] batman_adv: batadv0: Adding interface: bridge_slave_0 [ 151.290619][ T6295] batman_adv: batadv0: The MTU of interface bridge_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.366883][ T6295] batman_adv: batadv0: Interface activated: bridge_slave_0 [ 153.036695][ T6304] syzkaller0: entered promiscuous mode [ 153.043546][ T6304] syzkaller0: entered allmulticast mode [ 153.061168][ T6304] netlink: 'syz.3.131': attribute type 3 has an invalid length. [ 153.090515][ T6304] netlink: 3 bytes leftover after parsing attributes in process `syz.3.131'. [ 155.203740][ T6315] loop1: detected capacity change from 0 to 40427 [ 155.224658][ T6315] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 155.232552][ T6315] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 155.293773][ T6315] F2FS-fs (loop1): Found nat_bits in checkpoint [ 155.366965][ T6315] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 155.374759][ T6315] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 155.415811][ T6315] F2FS-fs (loop1): Stopped filesystem due to reason: 0 [ 158.950797][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 162.054595][ T6368] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 163.997842][ T28] audit: type=1326 audit(1779672037.764:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6369 comm="syz.3.147" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8dfaf9ce59 code=0x0 [ 164.254381][ T6365] loop2: detected capacity change from 0 to 32768 [ 164.341366][ T6365] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 164.676662][ T6365] XFS (loop2): Ending clean mount [ 164.739643][ T6365] XFS (loop2): Quotacheck needed: Please wait. [ 164.929177][ T6365] XFS (loop2): Quotacheck: Done. [ 164.933057][ T6395] syzkaller0: entered promiscuous mode [ 164.939711][ T6395] syzkaller0: entered allmulticast mode [ 164.984307][ T5771] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 165.377474][ T6399] loop0: detected capacity change from 0 to 256 [ 165.647890][ T6404] loop2: detected capacity change from 0 to 128 [ 167.170776][ T6410] netlink: 710 bytes leftover after parsing attributes in process `syz.0.160'. [ 172.896042][ T6445] loop1: detected capacity change from 0 to 131072 [ 172.966670][ T6445] F2FS-fs (loop1): invalid crc value [ 173.419530][ T6445] F2FS-fs (loop1): Found nat_bits in checkpoint [ 173.485409][ T6445] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 174.721442][ T6466] netlink: 'syz.3.177': attribute type 12 has an invalid length. [ 174.900728][ T5812] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 176.333783][ T5812] usb 1-1: Using ep0 maxpacket: 32 [ 176.628521][ T5812] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 176.660546][ T5812] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 176.685620][ T5812] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 176.695149][ T5812] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 176.725793][ T5812] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 176.757289][ T5812] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 176.857602][ T5812] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 178.380603][ T5812] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.481122][ T5812] usb 1-1: config 0 descriptor?? [ 178.512651][ T5812] usb 1-1: can't set config #0, error -71 [ 178.532204][ T5812] usb 1-1: USB disconnect, device number 2 [ 179.430796][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 181.836270][ T6493] loop2: detected capacity change from 0 to 2048 [ 182.442116][ T6493] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.640938][ T6500] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 182.739492][ T6504] syz.3.186: vmalloc error: size 9223372036854775807, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 182.755061][ T6504] CPU: 0 PID: 6504 Comm: syz.3.186 Not tainted syzkaller #0 [ 182.762398][ T6504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 182.772498][ T6504] Call Trace: [ 182.775822][ T6504] [ 182.778806][ T6504] dump_stack_lvl+0x18c/0x250 [ 182.783557][ T6504] ? show_regs_print_info+0x20/0x20 [ 182.788802][ T6504] ? load_image+0x420/0x420 [ 182.793365][ T6504] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 182.799828][ T6504] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 182.806380][ T6504] warn_alloc+0x246/0x340 [ 182.810778][ T6504] ? zone_watermark_ok_safe+0x230/0x230 [ 182.816412][ T6504] ? __mutex_trylock_common+0x159/0x260 [ 182.822012][ T6504] __vmalloc_node_range+0x126/0x1330 [ 182.827355][ T6504] ? tomoyo_path_number_perm+0x217/0x620 [ 182.833032][ T6504] ? rcu_is_watching+0x15/0xb0 [ 182.837854][ T6504] ? trace_contention_end+0x39/0xe0 [ 182.843104][ T6504] ? __mutex_lock+0x315/0xcc0 [ 182.847845][ T6504] ? tomoyo_path_number_perm+0x5b4/0x620 [ 182.853520][ T6504] ? dvb_dvr_do_ioctl+0x79/0x220 [ 182.858501][ T6504] ? tomoyo_path_number_perm+0x217/0x620 [ 182.864179][ T6504] ? free_vm_area+0x50/0x50 [ 182.868740][ T6504] ? dvb_dvr_do_ioctl+0x12e/0x220 [ 182.873839][ T6504] vmalloc+0x79/0x90 [ 182.877789][ T6504] ? dvb_dvr_do_ioctl+0x12e/0x220 [ 182.882870][ T6504] dvb_dvr_do_ioctl+0x12e/0x220 [ 182.887778][ T6504] dvb_usercopy+0x195/0x2b0 [ 182.892334][ T6504] ? dvb_dvr_release+0x3e0/0x3e0 [ 182.897319][ T6504] ? dvb_generic_ioctl+0xb0/0xb0 [ 182.902326][ T6504] ? dvb_dvr_poll+0x230/0x230 [ 182.907053][ T6504] dvb_dvr_ioctl+0x29/0x30 [ 182.911519][ T6504] __se_sys_ioctl+0xfd/0x170 [ 182.916166][ T6504] do_syscall_64+0x55/0xb0 [ 182.920628][ T6504] ? clear_bhb_loop+0x40/0x90 [ 182.925350][ T6504] ? clear_bhb_loop+0x40/0x90 [ 182.930080][ T6504] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 182.936019][ T6504] RIP: 0033:0x7f8dfaf9ce59 [ 182.940502][ T6504] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 182.960152][ T6504] RSP: 002b:00007f8dfbe44028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 182.968612][ T6504] RAX: ffffffffffffffda RBX: 00007f8dfb215fa0 RCX: 00007f8dfaf9ce59 [ 182.976623][ T6504] RDX: 7fffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000004 [ 182.984628][ T6504] RBP: 00007f8dfb032d6f R08: 0000000000000000 R09: 0000000000000000 [ 182.992635][ T6504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 183.002212][ T6504] R13: 00007f8dfb216038 R14: 00007f8dfb215fa0 R15: 00007fffc3916038 [ 183.010249][ T6504] [ 183.015005][ T6504] Mem-Info: [ 183.018168][ T6504] active_anon:10916 inactive_anon:0 isolated_anon:0 [ 183.018168][ T6504] active_file:18526 inactive_file:39983 isolated_file:0 [ 183.018168][ T6504] unevictable:768 dirty:106 writeback:0 [ 183.018168][ T6504] slab_reclaimable:10889 slab_unreclaimable:90747 [ 183.018168][ T6504] mapped:29621 shmem:6758 pagetables:608 [ 183.018168][ T6504] sec_pagetables:0 bounce:0 [ 183.018168][ T6504] kernel_misc_reclaimable:0 [ 183.018168][ T6504] free:1341084 free_pcp:10883 free_cma:0 [ 183.063716][ T6504] Node 0 active_anon:44664kB inactive_anon:0kB active_file:74104kB inactive_file:159732kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119384kB dirty:424kB writeback:0kB shmem:26396kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10544kB pagetables:2432kB sec_pagetables:0kB all_unreclaimable? no [ 183.096228][ T6504] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 183.127360][ T6504] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 183.154556][ T6504] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 183.160436][ T6504] Node 0 DMA32 free:1460328kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:46124kB inactive_anon:0kB active_file:74104kB inactive_file:158908kB unevictable:1536kB writepending:424kB present:3129332kB managed:2586940kB mlocked:0kB bounce:0kB free_pcp:21744kB local_pcp:20804kB free_cma:0kB [ 183.191110][ T6504] lowmem_reserve[]: 0 0 0 0 0 [ 183.195895][ T6504] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 183.223654][ T6504] lowmem_reserve[]: 0 0 0 0 0 [ 183.228499][ T6504] Node 1 Normal free:3886380kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:21572kB local_pcp:14756kB free_cma:0kB [ 183.258143][ T6504] lowmem_reserve[]: 0 0 0 0 0 [ 183.262963][ T6504] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 183.275838][ T6504] Node 0 DMA32: 4*4kB (ME) 853*8kB (UE) 588*16kB (UME) 796*32kB (UME) 696*64kB (UME) 107*128kB (UME) 67*256kB (UME) 55*512kB (UME) 24*1024kB (UM) 8*2048kB (UM) 311*4096kB (UM) = 1460088kB [ 183.294621][ T6504] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 183.306299][ T6504] Node 1 Normal: 255*4kB (UM) 54*8kB (UME) 50*16kB (UME) 59*32kB (UME) 16*64kB (UE) 4*128kB (UME) 1*256kB (U) 3*512kB (UME) 0*1024kB 2*2048kB (UE) 946*4096kB (M) = 3886380kB [ 183.313649][ T6500] EXT4-fs (loop2): Remounting filesystem read-only [ 183.324575][ T6504] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 183.341722][ T6504] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 183.351242][ T6504] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 183.360918][ T6504] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 183.370244][ T6504] 65891 total pagecache pages [ 183.375011][ T6504] 0 pages in swap cache [ 183.379208][ T6504] Free swap = 124996kB [ 183.383527][ T6504] Total swap = 124996kB [ 183.387717][ T6504] 2097051 pages RAM [ 183.391645][ T6504] 0 pages HighMem/MovableOnly [ 183.396364][ T6504] 416930 pages reserved [ 183.400756][ T6504] 0 pages cma reserved [ 183.432885][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.398090][ T6539] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 193.776237][ T6564] loop3: detected capacity change from 0 to 32768 [ 193.855253][ T6564] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 193.953931][ T6564] XFS (loop3): Ending clean mount [ 193.966980][ T6564] XFS (loop3): Quotacheck needed: Please wait. [ 194.016082][ T6564] XFS (loop3): Quotacheck: Done. [ 194.386916][ T28] audit: type=1800 audit(1779672069.214:7): pid=6578 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.203" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=4428 res=0 errno=0 [ 194.454230][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.479124][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.870078][ T5773] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 195.092382][ T6580] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 196.756145][ T6589] loop1: detected capacity change from 0 to 512 [ 196.766594][ T6590] fuse: Bad value for 'user_id' [ 196.783045][ T6589] EXT4-fs: Ignoring removed oldalloc option [ 197.221141][ T6589] EXT4-fs (loop1): Test dummy encryption mode enabled [ 197.228148][ T6589] EXT4-fs (loop1): Cannot use DAX on a filesystem that may contain inline data [ 199.910934][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 203.658284][ T6625] fuse: Bad value for 'fd' [ 205.030806][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 207.630662][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 207.636759][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 207.643129][ T5781] Bluetooth: hci3: command 0x0406 tx timeout [ 210.459722][ T6663] fuse: Bad value for 'fd' [ 213.054767][ T6679] loop3: detected capacity change from 0 to 256 [ 213.120945][ T5760] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 213.199958][ T6679] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x68afaf67, utbl_chksum : 0xe619d30d) [ 213.335435][ T5760] usb 2-1: config 0 has no interfaces? [ 213.350503][ T5760] usb 2-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 213.508658][ T5760] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.537160][ T5760] usb 2-1: Product: syz [ 213.545958][ T5760] usb 2-1: Manufacturer: syz [ 213.560661][ T5760] usb 2-1: SerialNumber: syz [ 214.175664][ T5760] usb 2-1: config 0 descriptor?? [ 214.417037][ T9] usb 2-1: USB disconnect, device number 3 [ 214.849813][ T6685] loop2: detected capacity change from 0 to 32768 [ 214.908160][ T6685] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 215.026292][ T6696] loop0: detected capacity change from 0 to 764 [ 215.099445][ T6696] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 215.196251][ T6685] XFS (loop2): Ending clean mount [ 215.214002][ T6685] XFS (loop2): Quotacheck needed: Please wait. [ 215.330779][ T6685] XFS (loop2): Quotacheck: Done. [ 215.973995][ T5771] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 218.442609][ T6709] fuse: Bad value for 'fd' [ 220.042554][ T6722] netlink: 24 bytes leftover after parsing attributes in process `syz.0.242'. [ 220.983453][ T6724] hub 8-0:1.0: USB hub found [ 220.989518][ T6724] hub 8-0:1.0: 1 port detected [ 223.930172][ T5777] Bluetooth: hci2: command 0x0406 tx timeout [ 226.404822][ T6765] Set syz0 is full, maxelem 0 reached [ 228.990956][ T6782] loop1: detected capacity change from 0 to 32768 [ 229.119654][ T6782] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 229.432572][ T6782] XFS (loop1): Ending clean mount [ 229.441855][ T6782] XFS (loop1): Quotacheck needed: Please wait. [ 229.640711][ T6782] XFS (loop1): Quotacheck: Done. [ 230.966294][ T5772] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 233.868292][ T5780] Bluetooth: hci2: unexpected event for opcode 0x0000 [ 238.020736][ T5780] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 238.029459][ T5780] Bluetooth: hci2: Injecting HCI hardware error event [ 238.038646][ T5780] Bluetooth: hci2: hardware error 0x00 [ 241.191891][ T5780] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 243.130604][ T5831] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 243.572991][ T5831] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 243.583158][ T5831] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 243.607298][ T5831] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 243.624002][ T5831] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 243.644658][ T5831] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 243.665917][ T5831] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 243.676657][ T5831] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 243.690933][ T5831] usb 2-1: Product: syz [ 243.697182][ T5831] usb 2-1: Manufacturer: syz [ 243.714191][ T5831] cdc_wdm 2-1:1.0: skipping garbage [ 243.720016][ T5831] cdc_wdm 2-1:1.0: skipping garbage [ 243.756525][ T5831] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 243.767016][ T5831] cdc_wdm 2-1:1.0: Unknown control protocol [ 243.960998][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 243.967902][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 243.974251][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 243.980886][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 243.987228][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 243.993879][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 244.000379][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 244.007019][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 244.013410][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 244.020036][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 244.027402][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 244.034058][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 244.040489][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 244.047123][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 244.060994][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 244.067619][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 244.080639][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 244.087292][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 244.096271][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 244.102942][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 244.114709][ T5831] usb 2-1: USB disconnect, device number 4 [ 244.120765][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 244.353956][ T6872] cdc_wdm 2-1:1.0: Tx URB error: -19 [ 248.488306][ T6883] loop1: detected capacity change from 0 to 4096 [ 248.626451][ T6883] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 248.849901][ T6886] loop0: detected capacity change from 0 to 256 [ 248.858587][ T6883] ntfs3: loop1: Failed to load $Extend (-22). [ 248.946660][ T6883] ntfs3: loop1: Failed to initialize $Extend. [ 248.962306][ T6886] FAT-fs (loop0): bogus logical sector size 128 [ 248.969688][ T6886] FAT-fs (loop0): Can't find a valid FAT filesystem [ 249.740288][ T6896] loop2: detected capacity change from 0 to 128 [ 249.892212][ T6896] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 250.012481][ T6896] ext4 filesystem being mounted at /70/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 250.188346][ T6901] syz.2.286 (pid 6901) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 250.513523][ T5771] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 253.803228][ T6925] fuse: Bad value for 'rootmode' [ 254.270503][ T27] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 254.305488][ T6929] loop1: detected capacity change from 0 to 2048 [ 254.366997][ T6929] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 254.562591][ T27] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 254.593389][ T27] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 254.621605][ T27] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 254.640385][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.666274][ T6927] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 254.677584][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.737745][ T27] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 254.956015][ T27] usb 4-1: USB disconnect, device number 3 [ 255.873767][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.880238][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.852787][ T6952] syz.1.302 uses obsolete (PF_INET,SOCK_PACKET) [ 257.085156][ T6954] fuse: Bad value for 'rootmode' [ 257.547559][ T6958] loop2: detected capacity change from 0 to 4096 [ 257.735578][ T6958] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 257.993957][ T5831] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 258.142299][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.200466][ T5812] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 258.221078][ T5831] usb 2-1: Using ep0 maxpacket: 16 [ 258.228678][ T5831] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 258.253795][ T5831] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 258.283499][ T5831] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 258.303155][ T5831] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.946187][ T5831] usb 2-1: Product: syz [ 259.950993][ T5831] usb 2-1: Manufacturer: syz [ 259.955673][ T5831] usb 2-1: SerialNumber: syz [ 259.992429][ T5812] usb 1-1: Using ep0 maxpacket: 16 [ 260.007438][ T5812] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.070602][ T5812] usb 1-1: config 0 interface 0 has no altsetting 0 [ 260.093027][ T5812] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 260.117410][ T5812] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.151309][ T5812] usb 1-1: config 0 descriptor?? [ 260.198557][ T5831] usb 2-1: 0:2 : does not exist [ 260.244257][ T5831] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 260.301076][ T5831] usb 2-1: USB disconnect, device number 5 [ 260.388289][ T5783] udevd[5783]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 260.615039][ T5812] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0 [ 260.640662][ T5812] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0 [ 260.658688][ T5812] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0 [ 260.678548][ T5812] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0 [ 260.721483][ T5812] nzxt-smart2 0003:1E71:2009.0001: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.0-1/input0 [ 260.899130][ T5812] usb 1-1: USB disconnect, device number 3 [ 260.993187][ T6972] fido_id[6972]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 261.536937][ T6983] fuse: Bad value for 'rootmode' [ 263.003762][ T27] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 263.076899][ T6999] loop2: detected capacity change from 0 to 128 [ 263.950306][ T27] usb 4-1: Using ep0 maxpacket: 16 [ 264.003222][ T27] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 264.018839][ T27] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 264.044445][ T27] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 264.065209][ T27] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 264.074642][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.086845][ T27] usb 4-1: config 0 descriptor?? [ 264.664895][ T7008] No such timeout policy "syz1" [ 264.679916][ T7008] program syz.1.322 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 264.690515][ T7008] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 266.828744][ T27] usbhid 4-1:0.0: can't add hid device: -71 [ 266.855042][ T27] usbhid: probe of 4-1:0.0 failed with error -71 [ 266.883181][ T27] usb 4-1: USB disconnect, device number 4 [ 266.928952][ T7011] fuse: Unknown parameter 'use00000000000000000000' [ 267.902941][ T7028] CIFS: iocharset name too long [ 270.204892][ T7034] netlink: 40 bytes leftover after parsing attributes in process `syz.3.333'. [ 274.169797][ T7073] fuse: Bad value for 'fd' [ 275.976527][ T7077] loop3: detected capacity change from 0 to 512 [ 276.147041][ T7077] EXT4-fs error (device loop3): ext4_orphan_get:1404: inode #15: comm syz.3.345: inode has both inline data and extents flags [ 276.223769][ T7077] EXT4-fs error (device loop3): ext4_orphan_get:1409: comm syz.3.345: couldn't read orphan inode 15 (err -117) [ 276.242421][ T7077] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 277.292160][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.411606][ T7102] fuse: Unknown parameter 'use00000000000000000000' [ 280.614146][ T7106] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.521275][ T7130] fuse: Unknown parameter 'user_i00000000000000000000' [ 289.880878][ T5831] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 290.365928][ T5831] usb 4-1: Using ep0 maxpacket: 16 [ 290.384665][ T5831] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 290.462970][ T5831] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 290.472657][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.927718][ T5831] usb 4-1: Product: syz [ 290.940416][ T5831] usb 4-1: Manufacturer: syz [ 290.945848][ T5831] usb 4-1: SerialNumber: syz [ 290.986255][ T5831] usb 4-1: config 0 descriptor?? [ 291.095720][ T5831] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 291.266642][ T5831] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 291.459117][ T7168] loop1: detected capacity change from 0 to 256 [ 291.768330][ T5831] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 293.113694][ T5831] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 293.125920][ T5831] em28xx 4-1:0.0: board has no eeprom [ 294.300421][ T5831] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 294.316778][ T5831] em28xx 4-1:0.0: dvb set to bulk mode. [ 294.342257][ T5760] em28xx 4-1:0.0: Binding DVB extension [ 294.395078][ T5831] usb 4-1: USB disconnect, device number 5 [ 294.406129][ T5831] em28xx 4-1:0.0: Disconnecting em28xx [ 295.277566][ T5760] em28xx 4-1:0.0: Registering input extension [ 295.287702][ T5831] em28xx 4-1:0.0: Closing input extension [ 295.324223][ T5831] em28xx 4-1:0.0: Freeing device [ 297.635167][ T7197] loop1: detected capacity change from 0 to 128 [ 297.671949][ T7197] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 297.792435][ T7197] FAT-fs (loop1): error, parent dir link count too low (2) [ 297.830394][ T7197] FAT-fs (loop1): Filesystem has been set read-only [ 297.939186][ T5772] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 298.184960][ T7201] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 306.070823][ T7237] binder: BINDER_SET_CONTEXT_MGR already set [ 306.097255][ T7237] binder: 7236:7237 ioctl 4018620d 200000004a80 returned -16 [ 313.518137][ T7270] loop3: detected capacity change from 0 to 512 [ 313.526706][ T7270] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 313.540145][ T7270] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 313.553445][ T7270] EXT4-fs error (device loop3): ext4_init_orphan_info:621: comm syz.3.401: orphan file block 0: bad magic [ 313.565403][ T7270] EXT4-fs (loop3): mount failed [ 313.678727][ T5783] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 317.155245][ T7294] syzkaller0: entered promiscuous mode [ 317.170710][ T7294] syzkaller0: entered allmulticast mode [ 317.334345][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.341263][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.355335][ T7294] netlink: 'syz.0.403': attribute type 3 has an invalid length. [ 317.370431][ T7294] netlink: 3 bytes leftover after parsing attributes in process `syz.0.403'. [ 326.392579][ T5854] usb 2-1: new low-speed USB device number 6 using dummy_hcd [ 326.620002][ T5854] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 326.660403][ T5854] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 326.699867][ T5854] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 326.730516][ T5854] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 326.770510][ T5854] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.823116][ T7334] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 326.861894][ T5854] hub 2-1:1.0: bad descriptor, ignoring hub [ 326.867883][ T5854] hub: probe of 2-1:1.0 failed with error -5 [ 326.910937][ T5854] cdc_wdm 2-1:1.0: skipping garbage [ 326.916218][ T5854] cdc_wdm 2-1:1.0: skipping garbage [ 326.964185][ T5854] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 326.970176][ T5854] cdc_wdm 2-1:1.0: Unknown control protocol [ 327.108519][ C1] wdm_int_callback: 29 callbacks suppressed [ 327.108534][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 327.121065][ C1] wdm_int_callback: 29 callbacks suppressed [ 327.121082][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 327.133269][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 327.139873][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 327.146323][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 327.152976][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 327.159287][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 327.165921][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 327.172385][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 327.179019][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 327.185328][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 327.191960][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 327.199920][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 327.206575][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 327.212977][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 327.219617][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 327.225956][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 327.232594][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 327.238916][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 327.245551][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 327.274795][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 327.880698][ T5854] usb 2-1: USB disconnect, device number 6 [ 328.091989][ T5780] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 328.315449][ T7350] netlink: 'syz.2.421': attribute type 3 has an invalid length. [ 328.339159][ T7350] netlink: 3 bytes leftover after parsing attributes in process `syz.2.421'. [ 329.775507][ T7357] Can't find ip_set type has [ 331.257422][ T7367] loop1: detected capacity change from 0 to 2048 [ 331.292179][ T7367] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 331.340506][ T7367] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 331.395189][ T7367] UDF-fs: bad mount option "gad" or missing value [ 332.370288][ T7374] syzkaller0: entered promiscuous mode [ 332.377985][ T7374] syzkaller0: entered allmulticast mode [ 332.481191][ T7378] netlink: 'syz.3.430': attribute type 3 has an invalid length. [ 332.513144][ T7378] netlink: 3 bytes leftover after parsing attributes in process `syz.3.430'. [ 334.004248][ T7390] fuse: Bad value for 'fd' [ 338.453576][ T7414] loop3: detected capacity change from 0 to 128 [ 338.744008][ T5783] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 338.782418][ T7412] loop1: detected capacity change from 0 to 4096 [ 338.883699][ T7412] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 338.951841][ T7412] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=8842c019, mo2=0003] [ 339.094585][ T7412] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 339.383921][ T7422] futex_wake_op: syz.3.443 tries to shift op by 144; fix this program [ 340.850477][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 341.107588][ T7428] syzkaller0: entered promiscuous mode [ 341.113324][ T7428] syzkaller0: entered allmulticast mode [ 341.170894][ T7428] netlink: 'syz.1.444': attribute type 3 has an invalid length. [ 341.178701][ T7428] netlink: 3 bytes leftover after parsing attributes in process `syz.1.444'. [ 342.469530][ T7438] loop0: detected capacity change from 0 to 32768 [ 342.484357][ T7438] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.448 (7438) [ 342.554485][ T7438] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 342.587325][ T7438] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 342.599698][ T7438] BTRFS info (device loop0): force clearing of disk cache [ 342.609270][ T7438] BTRFS info (device loop0): metadata ratio 0 [ 342.617169][ T7438] BTRFS info (device loop0): enabling ssd optimizations [ 342.637079][ T7438] BTRFS info (device loop0): using spread ssd allocation scheme [ 342.646314][ T7438] BTRFS info (device loop0): using free space tree [ 344.690120][ T7438] BTRFS error (device loop0): open_ctree failed: -4 [ 345.437151][ T7474] syzkaller0: entered promiscuous mode [ 345.476939][ T7474] syzkaller0: entered allmulticast mode [ 345.585284][ T7479] netlink: 'syz.3.455': attribute type 3 has an invalid length. [ 345.611778][ T7479] netlink: 3 bytes leftover after parsing attributes in process `syz.3.455'. [ 346.690886][ T7482] loop1: detected capacity change from 0 to 32768 [ 346.714330][ T7482] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 346.722903][ T7482] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 346.774796][ T7482] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 346.796191][ T5812] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 346.815754][ T5812] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 346.878431][ T5812] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 62ms [ 346.899573][ T5812] gfs2: fsid=syz:syz.0: jid=0: Done [ 346.913911][ T7482] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 348.577533][ T7482] gfs2: fsid=syz:syz.0: found 1 quota changes [ 348.750422][ T5772] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error [ 348.750422][ T5772] inode = 11 2339 [ 348.750422][ T5772] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 421 [ 348.927288][ T5772] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 348.970371][ T5772] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5772 [syz-executor] gfs2_quota_sync+0x411/0x5a0 [ 349.022883][ T5772] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 349.044503][ T5772] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 349.083212][ T5772] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 349.171445][ T5772] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 349.190644][ T5772] gfs2: fsid=syz:syz.0: File system withdrawn [ 349.196826][ T5772] CPU: 1 PID: 5772 Comm: syz-executor Not tainted syzkaller #0 [ 349.204421][ T5772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 349.214533][ T5772] Call Trace: [ 349.217848][ T5772] [ 349.220810][ T5772] dump_stack_lvl+0x18c/0x250 [ 349.225540][ T5772] ? kobject_uevent_env+0x363/0x8b0 [ 349.230793][ T5772] ? show_regs_print_info+0x20/0x20 [ 349.236039][ T5772] ? load_image+0x420/0x420 [ 349.240611][ T5772] ? kobject_uevent_env+0x363/0x8b0 [ 349.245871][ T5772] gfs2_withdraw+0xb24/0x13d0 [ 349.250612][ T5772] ? gfs2_lm+0x240/0x240 [ 349.254906][ T5772] ? queue_delayed_work_on+0x114/0x200 [ 349.260427][ T5772] ? gfs2_consist_inode_i+0xf5/0x110 [ 349.265787][ T5772] gfs2_inode_refresh+0xc50/0x1160 [ 349.270991][ T5772] ? gfs2_inode_metasync+0xf0/0xf0 [ 349.276164][ T5772] ? gfs2_glock_nq+0xd4f/0x1420 [ 349.281085][ T5772] gfs2_instantiate+0x162/0x220 [ 349.286000][ T5772] gfs2_glock_wait+0x1d4/0x2a0 [ 349.290819][ T5772] do_sync+0x4c6/0xe50 [ 349.294942][ T5772] ? gfs2_quota_sync+0x411/0x5a0 [ 349.299937][ T5772] ? bh_get+0x760/0x760 [ 349.304147][ T5772] ? __lock_acquire+0x7d40/0x7d40 [ 349.309227][ T5772] ? do_raw_spin_lock+0x11f/0x2c0 [ 349.314306][ T5772] ? gfs2_quota_sync+0x411/0x5a0 [ 349.319290][ T5772] ? do_raw_spin_unlock+0x121/0x230 [ 349.324547][ T5772] gfs2_quota_sync+0x411/0x5a0 [ 349.329377][ T5772] gfs2_sync_fs+0x4c/0xb0 [ 349.333768][ T5772] sync_filesystem+0xea/0x220 [ 349.338601][ T5772] generic_shutdown_super+0x6f/0x2b0 [ 349.343938][ T5772] kill_block_super+0x44/0x90 [ 349.348666][ T5772] deactivate_locked_super+0x97/0x100 [ 349.354084][ T5772] cleanup_mnt+0x43b/0x4d0 [ 349.358554][ T5772] task_work_run+0x1d4/0x260 [ 349.363234][ T5772] ? task_work_cancel+0x220/0x220 [ 349.368319][ T5772] ? exit_to_user_mode_loop+0x3b/0x110 [ 349.375269][ T5772] exit_to_user_mode_loop+0xe6/0x110 [ 349.375334][ T5772] exit_to_user_mode_prepare+0xee/0x180 [ 349.375365][ T5772] syscall_exit_to_user_mode+0x1a/0x50 [ 349.375393][ T5772] do_syscall_64+0x61/0xb0 [ 349.375411][ T5772] ? clear_bhb_loop+0x40/0x90 [ 349.375436][ T5772] ? clear_bhb_loop+0x40/0x90 [ 349.375463][ T5772] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 349.375488][ T5772] RIP: 0033:0x7ff36ad9e097 [ 349.375508][ T5772] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 349.375525][ T5772] RSP: 002b:00007ffdfb836558 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 349.375548][ T5772] RAX: 0000000000000000 RBX: 00007ff36ae321ca RCX: 00007ff36ad9e097 [ 349.375563][ T5772] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdfb836610 [ 349.375576][ T5772] RBP: 00007ffdfb836610 R08: 00007ffdfb837610 R09: 00000000ffffffff [ 349.375590][ T5772] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdfb8376a0 [ 349.375602][ T5772] R13: 00007ff36ae321ca R14: 00000000000551a5 R15: 00007ffdfb8376e0 [ 349.375629][ T5772] [ 349.375793][ C1] vkms_vblank_simulate: vblank timer overrun [ 350.241806][ T7501] trusted_key: encrypted_key: master key parameter 'BìÞ' is invalid [ 351.457028][ T7515] comedi comedi2: dt2815: I/O port conflict (0xfffffffffffffff2,2) [ 351.470773][ T5760] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 351.944652][ T7518] netlink: 'syz.2.468': attribute type 3 has an invalid length. [ 352.667048][ T7518] netlink: 3 bytes leftover after parsing attributes in process `syz.2.468'. [ 353.970428][ T5760] usb 4-1: Using ep0 maxpacket: 8 [ 354.006841][ T5760] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 354.096128][ T5760] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 354.155485][ T5760] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.209897][ T5760] usb 4-1: config 0 descriptor?? [ 354.269575][ T5760] usb 4-1: can't set config #0, error -71 [ 354.305170][ T5760] usb 4-1: USB disconnect, device number 6 [ 355.336035][ T5780] Bluetooth: hci0: unexpected event for opcode 0x4889 [ 356.043200][ T7548] loop2: detected capacity change from 0 to 7 [ 356.066614][ T7548] Dev loop2: unable to read RDB block 7 [ 356.073673][ T7548] loop2: unable to read partition table [ 356.079687][ T7548] loop2: partition table beyond EOD, truncated [ 356.096451][ T7548] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 356.766296][ T5831] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 357.064598][ T5831] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 357.165405][ T5831] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 357.205027][ T5831] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 358.535576][ T5831] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 358.560391][ T5831] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 358.587953][ T5831] usb 2-1: Product: syz [ 358.608633][ T5831] usb 2-1: Manufacturer: syz [ 358.624921][ T5831] usb 2-1: SerialNumber: syz [ 358.632074][ T7562] netlink: 'syz.2.479': attribute type 3 has an invalid length. [ 358.640391][ T7562] netlink: 3 bytes leftover after parsing attributes in process `syz.2.479'. [ 359.067806][ T5831] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 359.515207][ T5831] usb 2-1: USB disconnect, device number 7 [ 360.125949][ T5831] usblp0: removed [ 361.451851][ T7580] loop0: detected capacity change from 0 to 64 [ 369.138262][ T7627] syzkaller0: entered promiscuous mode [ 369.144057][ T7627] syzkaller0: entered allmulticast mode [ 369.187996][ T7627] netlink: 'syz.0.491': attribute type 3 has an invalid length. [ 369.195946][ T7627] netlink: 3 bytes leftover after parsing attributes in process `syz.0.491'. [ 370.070516][ T1200] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 370.092657][ T5780] Bluetooth: hci0: Malformed LE Event: 0x1d [ 371.022894][ T1200] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 371.090431][ T1200] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.098592][ T1200] usb 4-1: Product: syz [ 371.103086][ T1200] usb 4-1: Manufacturer: syz [ 371.107733][ T1200] usb 4-1: SerialNumber: syz [ 371.491082][ T1200] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 371.517752][ T1200] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 373.442507][ T1200] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 373.510450][ T1200] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 373.540727][ T1200] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 373.576833][ T1200] lan78xx: probe of 4-1:1.0 failed with error -71 [ 373.598699][ T7660] syzkaller0: entered promiscuous mode [ 373.640477][ T7660] syzkaller0: entered allmulticast mode [ 373.647170][ T1200] usb 4-1: USB disconnect, device number 7 [ 373.750559][ T7662] netlink: 'syz.1.510': attribute type 3 has an invalid length. [ 373.786419][ T7662] netlink: 3 bytes leftover after parsing attributes in process `syz.1.510'. [ 374.083959][ T5780] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 374.095027][ T5780] CPU: 1 PID: 5780 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 374.102650][ T5780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 374.112762][ T5780] Workqueue: hci1 hci_rx_work [ 374.117506][ T5780] Call Trace: [ 374.120833][ T5780] [ 374.123809][ T5780] dump_stack_lvl+0x18c/0x250 [ 374.128540][ T5780] ? show_regs_print_info+0x20/0x20 [ 374.133795][ T5780] ? load_image+0x420/0x420 [ 374.138382][ T5780] sysfs_create_dir_ns+0x26e/0x2a0 [ 374.143568][ T5780] ? sysfs_warn_dup+0xa0/0xa0 [ 374.148314][ T5780] ? do_raw_spin_unlock+0x121/0x230 [ 374.153582][ T5780] kobject_add_internal+0x61c/0xcc0 [ 374.158854][ T5780] kobject_add+0x164/0x240 [ 374.163328][ T5780] ? __rwlock_init+0x150/0x150 [ 374.168166][ T5780] ? kobject_init+0x1e0/0x1e0 [ 374.172916][ T5780] ? _raw_spin_unlock+0x28/0x40 [ 374.177833][ T5780] ? get_device_parent+0x366/0x390 [ 374.183038][ T5780] device_add+0x408/0xc50 [ 374.187442][ T5780] hci_conn_add_sysfs+0xd5/0x1e0 [ 374.192447][ T5780] le_conn_complete_evt+0xf5d/0x1540 [ 374.197811][ T5780] ? hci_event_packet+0x4cb/0x1270 [ 374.203025][ T5780] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 374.209324][ T5780] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 374.215009][ T5780] ? skb_pull_data+0xfb/0x200 [ 374.219730][ T5780] hci_le_conn_complete_evt+0x187/0x440 [ 374.225318][ T5780] ? hci_remote_host_features_evt+0x150/0x150 [ 374.231427][ T5780] hci_event_packet+0x7ba/0x1270 [ 374.236458][ T5780] ? bis_list+0x290/0x290 [ 374.240838][ T5780] ? lockdep_hardirqs_on+0x98/0x150 [ 374.246073][ T5780] ? hci_send_to_monitor+0xd7/0x4f0 [ 374.251313][ T5780] hci_rx_work+0x43a/0xd60 [ 374.255777][ T5780] ? process_scheduled_works+0x96f/0x15d0 [ 374.261536][ T5780] process_scheduled_works+0xa5d/0x15d0 [ 374.267139][ T5780] ? worker_attach_to_pool+0x380/0x380 [ 374.272634][ T5780] ? assign_work+0x3d2/0x5d0 [ 374.277263][ T5780] worker_thread+0xa55/0xfc0 [ 374.281911][ T5780] kthread+0x2fa/0x390 [ 374.286012][ T5780] ? pr_cont_work+0x560/0x560 [ 374.290725][ T5780] ? kthread_blkcg+0xd0/0xd0 [ 374.295363][ T5780] ret_from_fork+0x48/0x80 [ 374.299827][ T5780] ? kthread_blkcg+0xd0/0xd0 [ 374.304464][ T5780] ret_from_fork_asm+0x11/0x20 [ 374.309301][ T5780] [ 374.313990][ T5780] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 374.328370][ T5780] Bluetooth: hci1: failed to register connection device [ 377.389103][ T7672] netlink: 12 bytes leftover after parsing attributes in process `syz.1.515'. [ 378.758269][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.765221][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.305959][ T1200] IPVS: starting estimator thread 0... [ 380.881476][ T5780] Bluetooth: hci1: command 0x0406 tx timeout [ 380.940567][ T7701] IPVS: using max 18 ests per chain, 43200 per kthread [ 381.718156][ T7716] loop0: detected capacity change from 0 to 64 [ 385.200220][ T7748] loop1: detected capacity change from 0 to 512 [ 385.237787][ T7748] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 385.270603][ T7748] UDF-fs: Scanning with blocksize 512 failed [ 385.313745][ T7748] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 385.332889][ T7748] UDF-fs: Scanning with blocksize 1024 failed [ 385.350249][ T7748] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 385.394196][ T7748] UDF-fs: Scanning with blocksize 2048 failed [ 385.453560][ T7748] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 385.557902][ T7748] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 387.991163][ T7762] loop3: detected capacity change from 0 to 512 [ 388.010231][ T7762] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 388.115992][ T7762] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002] [ 388.157283][ T7762] System zones: 1-12 [ 388.207758][ T7762] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2855: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 388.228912][ T7768] loop0: detected capacity change from 0 to 64 [ 388.242311][ T7762] EXT4-fs (loop3): 1 truncate cleaned up [ 388.254934][ T7762] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 388.460053][ T7770] netlink: 48 bytes leftover after parsing attributes in process `syz.1.539'. [ 388.794108][ T7768] hfs: request for non-existent node 131072 in B*Tree [ 388.849793][ T7768] hfs: request for non-existent node 131072 in B*Tree [ 388.924720][ T7774] hfs: request for non-existent node 131072 in B*Tree [ 388.955794][ T7774] hfs: request for non-existent node 131072 in B*Tree [ 389.009026][ T7775] hfs: request for non-existent node 131072 in B*Tree [ 389.050696][ T7775] hfs: request for non-existent node 131072 in B*Tree [ 389.091002][ T7768] hfs: request for non-existent node 131072 in B*Tree [ 389.119032][ T7768] hfs: request for non-existent node 131072 in B*Tree [ 389.160234][ T7768] hfs: request for non-existent node 131072 in B*Tree [ 389.219674][ T7768] hfs: request for non-existent node 131072 in B*Tree [ 389.307746][ T7779] 9pnet_fd: Insufficient options for proto=fd [ 389.321568][ T7768] hfs: request for non-existent node 131072 in B*Tree [ 389.338293][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 389.352194][ T7768] hfs: request for non-existent node 131072 in B*Tree [ 389.364480][ T7768] hfs: request for non-existent node 12 in B*Tree [ 389.374752][ T7768] hfs: request for non-existent node 12 in B*Tree [ 389.388172][ T7768] hfs: request for non-existent node 13 in B*Tree [ 389.397480][ T7768] hfs: request for non-existent node 13 in B*Tree [ 389.407346][ T7768] hfs: request for non-existent node 14 in B*Tree [ 389.426448][ T7768] hfs: request for non-existent node 14 in B*Tree [ 390.259650][ T7783] loop3: detected capacity change from 0 to 4096 [ 390.294806][ T7783] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 390.553394][ T7783] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 390.561930][ T7783] ntfs3: loop3: Failed to initialize $Extend/$Reparse. [ 391.518960][ T7789] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 391.525617][ T7789] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 391.610787][ T7783] ntfs3: loop3: ino=1a, ntfs_sync_fs failed, -22. [ 391.621869][ T7789] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 391.627939][ T7789] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 391.654479][ T7789] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 391.682639][ T7789] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 391.688737][ T7789] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 391.710797][ T5773] ntfs3: loop3: ino=1a, ntfs_sync_fs failed, -22. [ 391.884340][ T7799] netlink: 12 bytes leftover after parsing attributes in process `syz.0.548'. [ 392.520399][ T5777] Bluetooth: hci0: command 0x0406 tx timeout [ 393.403486][ T28] audit: type=1326 audit(3927155916.169:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7809 comm="syz.3.550" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dfaf9ce59 code=0x7ffc0000 [ 393.647075][ T5777] Bluetooth: hci1: command 0x0406 tx timeout [ 393.710514][ T5777] Bluetooth: hci3: command 0x0406 tx timeout [ 393.792542][ T5777] Bluetooth: hci4: command 0xfc11 tx timeout [ 393.940504][ T5780] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 394.193107][ T28] audit: type=1326 audit(3927155916.169:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7809 comm="syz.3.550" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dfaf9ce59 code=0x7ffc0000 [ 394.341998][ T28] audit: type=1326 audit(3927155916.169:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7809 comm="syz.3.550" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8dfaf5d68e code=0x7ffc0000 [ 394.366788][ T28] audit: type=1326 audit(3927155916.179:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7809 comm="syz.3.550" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dfaf9ce59 code=0x7ffc0000 [ 394.884528][ T28] audit: type=1326 audit(3927155916.179:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7809 comm="syz.3.550" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dfaf9ce59 code=0x7ffc0000 [ 394.910509][ T5780] Bluetooth: hci0: command 0x0406 tx timeout [ 395.028593][ T7822] loop1: detected capacity change from 0 to 164 [ 395.063674][ T28] audit: type=1326 audit(3927155916.179:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7809 comm="syz.3.550" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8dfaf9ce59 code=0x7ffc0000 [ 395.403444][ T7827] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 395.506856][ T28] audit: type=1326 audit(3927155916.179:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7809 comm="syz.3.550" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dfaf9ce59 code=0x7ffc0000 [ 395.665683][ T28] audit: type=1326 audit(3927155916.179:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7809 comm="syz.3.550" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dfaf9ce59 code=0x7ffc0000 [ 395.716674][ T5780] Bluetooth: hci1: command 0x0406 tx timeout [ 395.736514][ T7829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.555'. [ 395.772797][ T7829] netlink: 12 bytes leftover after parsing attributes in process `syz.3.555'. [ 395.790397][ T5780] Bluetooth: hci3: command 0x0406 tx timeout [ 395.812609][ T28] audit: type=1326 audit(3927155916.189:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7809 comm="syz.3.550" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8dfaf9ce59 code=0x7ffc0000 [ 395.864651][ T7829] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 395.874142][ T7829] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 395.882941][ T7829] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 395.891821][ T7829] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 395.938431][ T28] audit: type=1326 audit(3927155916.189:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7809 comm="syz.3.550" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dfaf9ce59 code=0x7ffc0000 [ 396.790981][ T7829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.555'. [ 396.807227][ T7829] netlink: 12 bytes leftover after parsing attributes in process `syz.3.555'. [ 397.890336][ T5780] Bluetooth: hci1: command 0x0406 tx timeout [ 402.531537][ T27] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 402.725987][ T27] usb 1-1: Using ep0 maxpacket: 16 [ 402.736908][ T27] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 402.760603][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.790148][ T27] usb 1-1: config 0 descriptor?? [ 402.807743][ T27] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 403.132424][ T27] usb 1-1: Detected FT232B [ 403.235083][ T27] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 403.273737][ T27] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 403.457963][ T27] usb 1-1: USB disconnect, device number 4 [ 403.494898][ T27] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 403.518301][ T27] ftdi_sio 1-1:0.0: device disconnected [ 403.632984][ T5831] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 403.999953][ T5831] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 404.020393][ T5831] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.033180][ T5831] usb 4-1: config 0 descriptor?? [ 404.047489][ T5831] cp210x 4-1:0.0: cp210x converter detected [ 404.675848][ T5831] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 404.764731][ T5831] usb 4-1: cp210x converter now attached to ttyUSB0 [ 404.893332][ T5854] usb 4-1: USB disconnect, device number 8 [ 404.916831][ T5854] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 406.114161][ T5854] cp210x 4-1:0.0: device disconnected [ 407.465865][ T7929] loop3: detected capacity change from 0 to 256 [ 407.517517][ T7929] exfat: Deprecated parameter 'utf8' [ 407.603287][ T7929] exfat filesystem being mounted at /136/file7 supports timestamps until 2107-12-31 (0x10391447f) [ 418.630580][ T7992] loop1: detected capacity change from 0 to 2048 [ 418.732005][ T7993] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 423.468981][ T8017] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 423.477881][ T8017] bridge1: entered promiscuous mode [ 423.483293][ T8017] bridge1: entered allmulticast mode [ 424.335198][ T8023] netlink: 8 bytes leftover after parsing attributes in process `syz.0.610'. [ 424.708751][ T8036] syzkaller0: entered promiscuous mode [ 424.715096][ T8036] syzkaller0: entered allmulticast mode [ 424.758760][ T8036] netlink: 'syz.3.611': attribute type 3 has an invalid length. [ 424.766859][ T8036] netlink: 3 bytes leftover after parsing attributes in process `syz.3.611'. [ 428.032835][ T8048] loop0: detected capacity change from 0 to 2048 [ 428.155498][ T8049] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 429.656721][ T8062] syzkaller0: entered promiscuous mode [ 429.664825][ T8062] syzkaller0: entered allmulticast mode [ 429.742193][ T8064] netlink: 'syz.3.627': attribute type 3 has an invalid length. [ 429.749947][ T8064] netlink: 3 bytes leftover after parsing attributes in process `syz.3.627'. [ 431.294759][ T8080] random: crng reseeded on system resumption [ 431.973361][ T8080] Restarting kernel threads ... done. [ 436.280460][ T8094] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 436.903267][ T8099] netlink: 20 bytes leftover after parsing attributes in process `syz.1.634'. [ 437.295268][ T8099] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 437.304161][ T8099] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 437.313019][ T8099] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 437.321799][ T8099] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 440.194416][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.213812][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 443.812284][ T8135] syzkaller0: entered promiscuous mode [ 443.873804][ T8137] CIFS: iocharset name too long [ 444.550411][ T8135] syzkaller0: entered allmulticast mode [ 444.675524][ T8138] netlink: 'syz.0.638': attribute type 3 has an invalid length. [ 445.130956][ T8138] netlink: 3 bytes leftover after parsing attributes in process `syz.0.638'. [ 445.264597][ T8144] loop1: detected capacity change from 0 to 64 [ 445.332077][ T8144] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 445.361855][ T8144] bfs filesystem being mounted at /168/bus supports timestamps until 2106-02-07 (0xffffffff) [ 451.502263][ T8174] syzkaller0: entered promiscuous mode [ 451.534813][ T8174] syzkaller0: entered allmulticast mode [ 451.670608][ T8177] netlink: 'syz.3.657': attribute type 3 has an invalid length. [ 451.731344][ T8177] netlink: 3 bytes leftover after parsing attributes in process `syz.3.657'. [ 452.162114][ T5780] Bluetooth: hci3: unexpected event for opcode 0x4889 [ 459.095115][ T8215] syzkaller0: entered promiscuous mode [ 459.140436][ T8215] syzkaller0: entered allmulticast mode [ 460.140458][ T8219] netlink: 'syz.0.669': attribute type 3 has an invalid length. [ 460.148193][ T8219] netlink: 3 bytes leftover after parsing attributes in process `syz.0.669'. [ 461.314983][ T8234] loop3: detected capacity change from 0 to 164 [ 462.006357][ T8234] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 462.506372][ T8245] loop3: detected capacity change from 0 to 4096 [ 462.742992][ T8245] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 462.947520][ T8245] ntfs3: loop3: Failed to load $Extend (-22). [ 463.064560][ T8245] ntfs3: loop3: Failed to initialize $Extend. [ 464.268970][ T8259] syzkaller0: entered promiscuous mode [ 464.286074][ T8259] syzkaller0: entered allmulticast mode [ 464.390583][ T8260] netlink: 'syz.3.684': attribute type 3 has an invalid length. [ 464.515215][ T8260] netlink: 3 bytes leftover after parsing attributes in process `syz.3.684'. [ 465.639803][ T8264] QAT: Invalid ioctl 21531 [ 466.585582][ T8272] team0: entered promiscuous mode [ 466.604523][ T8272] team_slave_0: entered promiscuous mode [ 466.613772][ T8274] loop0: detected capacity change from 0 to 164 [ 466.622076][ T8272] team_slave_1: entered promiscuous mode [ 466.631017][ T8272] team0: entered allmulticast mode [ 466.636200][ T8272] team_slave_0: entered allmulticast mode [ 466.720371][ T8272] team_slave_1: entered allmulticast mode [ 466.759701][ T8274] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 467.683659][ T8290] syz.2.693 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 467.697994][ T8290] netlink: 16 bytes leftover after parsing attributes in process `syz.2.693'. [ 467.709102][ T5780] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 468.345913][ T8292] capability: warning: `syz.3.694' uses deprecated v2 capabilities in a way that may be insecure [ 468.769133][ T8301] loop3: detected capacity change from 0 to 164 [ 468.862103][ T8301] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 472.495985][ T8326] tmpfs: Bad value for 'mpol' [ 473.563462][ T8329] Can't find ip_set type has [ 473.595772][ T8333] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 476.054012][ T8358] loop3: detected capacity change from 0 to 164 [ 476.082484][ T8359] loop0: detected capacity change from 0 to 2048 [ 476.372961][ T8360] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 476.459445][ T8362] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 482.347232][ T8394] netlink: 48 bytes leftover after parsing attributes in process `syz.0.727'. [ 483.730492][ T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 483.922466][ T9] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 483.932577][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 483.970442][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 483.989837][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 484.022756][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 484.045690][ T9] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 484.056339][ T9] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 484.079779][ T9] usb 4-1: Product: syz [ 484.088771][ T9] usb 4-1: Manufacturer: syz [ 484.623351][ T9] cdc_wdm 4-1:1.0: skipping garbage [ 484.628660][ T9] cdc_wdm 4-1:1.0: skipping garbage [ 484.741979][ T9] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 484.750479][ T9] cdc_wdm 4-1:1.0: Unknown control protocol [ 484.864384][ T8402] cdc_wdm 4-1:1.0: Error submitting int urb - -90 [ 485.246647][ T8413] netlink: 16 bytes leftover after parsing attributes in process `syz.3.731'. [ 485.257500][ T8413] ubi31: attaching mtd0 [ 485.265631][ T8413] ubi31: scanning is finished [ 485.270401][ T8413] ubi31: empty MTD device detected [ 485.322095][ T5780] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 486.029849][ T8413] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 486.037791][ T8413] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 486.045251][ T8413] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 486.052405][ T8413] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 486.059906][ T8413] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 486.066915][ T8413] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 486.075073][ T8413] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 192791424 [ 486.085190][ T8413] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 486.104518][ T8416] ubi31: background thread "ubi_bgt31d" started, PID 8416 [ 487.374562][ T5831] usb 4-1: USB disconnect, device number 9 [ 489.888451][ T8434] netlink: 48 bytes leftover after parsing attributes in process `syz.0.738'. [ 489.991174][ T8438] loop1: detected capacity change from 0 to 164 [ 490.629235][ T8446] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 492.028713][ T8456] loop3: detected capacity change from 0 to 2048 [ 492.054424][ T8457] syzkaller0: entered promiscuous mode [ 492.081131][ T8457] syzkaller0: entered allmulticast mode [ 492.132943][ T8458] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 492.270191][ T8459] netlink: 'syz.0.743': attribute type 3 has an invalid length. [ 492.365743][ T8459] netlink: 3 bytes leftover after parsing attributes in process `syz.0.743'. [ 497.029132][ T1200] IPVS: starting estimator thread 0... [ 497.340123][ T8492] syz.3.753: attempt to access beyond end of device [ 497.340123][ T8492] loop3: rw=0, sector=0, nr_sectors = 8 limit=0 [ 497.353106][ T8492] F2FS-fs (loop3): Unable to read 1th superblock [ 497.361249][ T8492] syz.3.753: attempt to access beyond end of device [ 497.361249][ T8492] loop3: rw=0, sector=8, nr_sectors = 8 limit=0 [ 497.374103][ T8492] F2FS-fs (loop3): Unable to read 2th superblock [ 497.895584][ T8490] IPVS: using max 26 ests per chain, 62400 per kthread [ 498.625660][ T8501] netlink: 48 bytes leftover after parsing attributes in process `syz.2.750'. [ 500.787789][ T8518] tipc: Started in network mode [ 500.793139][ T8518] tipc: Node identity 8, cluster identity 4711 [ 500.799388][ T8518] tipc: Node number set to 8 [ 501.645696][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.655036][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 508.616762][ T8569] tmpfs: Bad value for 'mpol' [ 519.409937][ T8617] netlink: 20 bytes leftover after parsing attributes in process `syz.3.790'. [ 525.207996][ T8646] block device autoloading is deprecated and will be removed. [ 529.258947][ T8653] Bluetooth: hci3: command 0x0406 tx timeout [ 534.078896][ T5854] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 535.910444][ T5854] usb 2-1: device descriptor read/64, error -71 [ 536.232534][ T8719] netlink: 48 bytes leftover after parsing attributes in process `syz.1.818'. [ 536.615805][ T8730] netlink: 24 bytes leftover after parsing attributes in process `syz.1.820'. [ 542.293463][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 542.293479][ T28] audit: type=1326 audit(3927156065.129:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8753 comm="syz.1.831" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=39 compat=0 ip=0x7ff36ad96bd7 code=0x0 [ 545.326219][ T1200] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 545.555787][ T1200] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 546.665341][ T1200] usb 1-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 546.680410][ T1200] usb 1-1: Product: syz [ 546.684642][ T1200] usb 1-1: Manufacturer: syz [ 546.689296][ T1200] usb 1-1: SerialNumber: syz [ 546.821706][ T1200] usb 1-1: config 0 descriptor?? [ 547.604011][ T1200] usb 1-1: can't set config #0, error -71 [ 547.611391][ T1200] usb 1-1: USB disconnect, device number 5 [ 550.535881][ T8812] netlink: 48 bytes leftover after parsing attributes in process `syz.3.841'. [ 553.784110][ T8828] syz.1.849: attempt to access beyond end of device [ 553.784110][ T8828] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 553.828732][ T8828] syz.1.849: attempt to access beyond end of device [ 553.828732][ T8828] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 553.871001][ T8828] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 553.944370][ T8828] syz.1.849: attempt to access beyond end of device [ 553.944370][ T8828] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 553.958626][ T8828] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 553.970119][ T8828] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 553.978080][ T8828] UDF-fs: Scanning with blocksize 512 failed [ 554.015135][ T8828] syz.1.849: attempt to access beyond end of device [ 554.015135][ T8828] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 554.030265][ T8828] syz.1.849: attempt to access beyond end of device [ 554.030265][ T8828] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 554.045822][ T8828] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 554.074307][ T8828] syz.1.849: attempt to access beyond end of device [ 554.074307][ T8828] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 554.103640][ T8828] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 554.118070][ T8828] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 554.130154][ T8828] UDF-fs: Scanning with blocksize 1024 failed [ 554.141064][ T8828] syz.1.849: attempt to access beyond end of device [ 554.141064][ T8828] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 554.155143][ T8828] syz.1.849: attempt to access beyond end of device [ 554.155143][ T8828] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 554.174086][ T8828] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 554.203835][ T8828] syz.1.849: attempt to access beyond end of device [ 554.203835][ T8828] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 554.220254][ T8828] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 554.231597][ T8828] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 554.247861][ T8828] UDF-fs: Scanning with blocksize 2048 failed [ 554.340958][ T8828] syz.1.849: attempt to access beyond end of device [ 554.340958][ T8828] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 554.372428][ T8828] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 554.383231][ T8828] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 554.393059][ T8828] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found [ 554.403724][ T8828] UDF-fs: Scanning with blocksize 4096 failed [ 554.414474][ T8828] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 561.110096][ T8878] fuse: Bad value for 'fd' [ 563.076390][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.082884][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.292308][ T8924] netlink: 12 bytes leftover after parsing attributes in process `syz.0.882'. [ 572.330706][ T8958] input: syz0 as /devices/virtual/input/input7 [ 572.663889][ T8966] misc userio: No port type given on /dev/userio [ 572.818307][ T8963] misc userio: The device must be registered before sending interrupts [ 573.754098][ T8974] loop3: detected capacity change from 0 to 4096 [ 573.760967][ T8978] syzkaller0: entered promiscuous mode [ 573.773046][ T8978] syzkaller0: entered allmulticast mode [ 573.872647][ T8974] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 573.880041][ T8978] netlink: 'syz.1.892': attribute type 3 has an invalid length. [ 573.880063][ T8978] netlink: 3 bytes leftover after parsing attributes in process `syz.1.892'. [ 575.026139][ T8974] ntfs3: loop3: Failed to load $Extend (-22). [ 575.080431][ T8974] ntfs3: loop3: Failed to initialize $Extend. [ 575.396278][ T8986] comedi comedi2: Cannot bond this driver to itself! [ 576.962835][ T5813] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 578.170360][ T5813] usb 2-1: config 0 has no interfaces? [ 578.179548][ T5813] usb 2-1: New USB device found, idVendor=0582, idProduct=000c, bcdDevice= 0.40 [ 578.200282][ T5813] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.208418][ T5813] usb 2-1: Product: syz [ 578.285111][ T5813] usb 2-1: Manufacturer: syz [ 578.289794][ T5813] usb 2-1: SerialNumber: syz [ 578.302478][ T5813] usb 2-1: config 0 descriptor?? [ 578.529016][ T8994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 578.565361][ T8994] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 578.634183][ T8994] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 578.663896][ T5813] usb 2-1: USB disconnect, device number 10 [ 578.797373][ T9012] syzkaller0: entered promiscuous mode [ 578.810552][ T9012] syzkaller0: entered allmulticast mode [ 578.891703][ T9012] netlink: 'syz.0.908': attribute type 3 has an invalid length. [ 578.921204][ T9012] netlink: 3 bytes leftover after parsing attributes in process `syz.0.908'. [ 583.037593][ T9053] syzkaller0: entered promiscuous mode [ 583.048971][ T9053] syzkaller0: entered allmulticast mode [ 583.092977][ T9053] netlink: 'syz.0.918': attribute type 3 has an invalid length. [ 583.101159][ T9053] netlink: 3 bytes leftover after parsing attributes in process `syz.0.918'. [ 583.891098][ T9033] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 587.880987][ T9089] syzkaller0: entered promiscuous mode [ 587.886526][ T9089] syzkaller0: entered allmulticast mode [ 588.085062][ T9089] netlink: 'syz.3.929': attribute type 3 has an invalid length. [ 589.130490][ T9089] netlink: 3 bytes leftover after parsing attributes in process `syz.3.929'. [ 595.594302][ T9123] syzkaller0: entered promiscuous mode [ 595.639207][ T9123] syzkaller0: entered allmulticast mode [ 595.730987][ T9124] netlink: 'syz.3.942': attribute type 3 has an invalid length. [ 595.780490][ T9124] netlink: 3 bytes leftover after parsing attributes in process `syz.3.942'. [ 595.809104][ T9123] netlink: 8 bytes leftover after parsing attributes in process `syz.3.942'. [ 600.516243][ T9158] syzkaller0: entered promiscuous mode [ 600.550353][ T9158] syzkaller0: entered allmulticast mode [ 600.651807][ T9159] netlink: 'syz.3.952': attribute type 3 has an invalid length. [ 600.659527][ T9159] netlink: 3 bytes leftover after parsing attributes in process `syz.3.952'. [ 601.765045][ T9167] netlink: 8 bytes leftover after parsing attributes in process `syz.3.952'. [ 602.509572][ T9172] loop3: detected capacity change from 0 to 4096 [ 602.587564][ T9172] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 602.630649][ T9172] ntfs3: loop3: Failed to load $Extend (-22). [ 602.652529][ T9172] ntfs3: loop3: Failed to initialize $Extend. [ 603.180858][ T9130] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 604.130320][ T9130] usb 4-1: Using ep0 maxpacket: 16 [ 604.152309][ T9130] usb 4-1: unable to get BOS descriptor or descriptor too short [ 604.173125][ T9130] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7 [ 604.192615][ T9130] usb 4-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40 [ 604.205064][ T9130] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 604.223370][ T9130] usb 4-1: Product: syz [ 604.237448][ T9130] usb 4-1: Manufacturer: syz [ 604.254714][ T9130] usb 4-1: SerialNumber: syz [ 604.893296][ T9130] usb 4-1: Audio class v2/v3 interfaces need an interface association [ 604.990855][ T9130] snd-usb-audio: probe of 4-1:1.0 failed with error -22 [ 605.328184][ T9130] usb 4-1: 2:1 : can't get Cluster Descriptor [ 605.629785][ T9130] usb 4-1: USB disconnect, device number 10 [ 606.931930][ T9201] syzkaller0: entered promiscuous mode [ 606.950914][ T9201] syzkaller0: entered allmulticast mode [ 607.020984][ T9202] netlink: 'syz.1.964': attribute type 3 has an invalid length. [ 607.028693][ T9202] netlink: 3 bytes leftover after parsing attributes in process `syz.1.964'. [ 607.096691][ T9201] netlink: 8 bytes leftover after parsing attributes in process `syz.1.964'. [ 608.575080][ T9206] tipc: Enabled bearer , priority 0 [ 608.600060][ T9217] loop0: detected capacity change from 0 to 4096 [ 608.671160][ T8653] Bluetooth: hci3: unexpected event for opcode 0x4889 [ 608.698479][ T9217] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 608.811471][ T9206] syzkaller0: entered promiscuous mode [ 608.844501][ T9217] ntfs3: loop0: Failed to load $Extend (-22). [ 608.871092][ T9206] syzkaller0: entered allmulticast mode [ 608.887273][ T9217] ntfs3: loop0: Failed to initialize $Extend. [ 608.912241][ T9206] tipc: Resetting bearer [ 609.365894][ T9205] tipc: Resetting bearer [ 611.430324][ T9130] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 611.630330][ T9130] usb 1-1: Using ep0 maxpacket: 8 [ 611.639962][ T9130] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 611.659210][ T9130] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 611.683872][ T9130] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.709224][ T9130] usb 1-1: config 0 descriptor?? [ 611.940428][ T9130] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 612.155977][ T9246] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 612.169908][ T9246] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 612.428877][ T9130] usb 1-1: USB disconnect, device number 6 [ 613.369748][ T9255] loop0: detected capacity change from 0 to 4096 [ 613.508079][ T9255] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 613.589135][ T9255] ntfs3: loop0: Failed to load $Extend (-22). [ 613.599401][ T9255] ntfs3: loop0: Failed to initialize $Extend. [ 615.410465][ T9205] tipc: Disabling bearer [ 615.425106][ T9231] netlink: 'syz.2.975': attribute type 3 has an invalid length. [ 615.438184][ T9231] netlink: 3 bytes leftover after parsing attributes in process `syz.2.975'. [ 615.453904][ T9233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.975'. [ 618.171145][ T9293] syzkaller0: entered promiscuous mode [ 618.218986][ T9293] syzkaller0: entered allmulticast mode [ 618.457196][ T9297] Invalid ELF header type: 3 != 1 [ 618.465402][ T9295] netlink: 'syz.1.994': attribute type 3 has an invalid length. [ 618.499806][ T9295] netlink: 3 bytes leftover after parsing attributes in process `syz.1.994'. [ 618.540848][ T9293] netlink: 8 bytes leftover after parsing attributes in process `syz.1.994'. [ 618.990982][ T9305] netlink: 72 bytes leftover after parsing attributes in process `syz.3.999'. [ 621.479528][ T9323] syzkaller0: entered promiscuous mode [ 621.487496][ T9323] syzkaller0: entered allmulticast mode [ 621.642879][ T28] audit: type=1800 audit(3927156144.479:26): pid=9304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1000" name="bus" dev="ramfs" ino=18653 res=0 errno=0 [ 621.736535][ T9329] netlink: 'syz.0.1006': attribute type 3 has an invalid length. [ 621.769219][ T9329] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1006'. [ 621.837055][ T9332] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1009'. [ 621.852524][ T9323] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1006'. [ 622.224289][ T9339] loop3: detected capacity change from 0 to 164 [ 623.427338][ T9350] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 624.529137][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.543260][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.851025][ T9362] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1019'. [ 624.928524][ T9364] syzkaller0: entered promiscuous mode [ 624.935221][ T9364] syzkaller0: entered allmulticast mode [ 624.971879][ T9364] netlink: 'syz.0.1020': attribute type 3 has an invalid length. [ 624.980548][ T9364] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1020'. [ 624.992286][ T9364] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1020'. [ 625.240713][ T9130] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 625.442057][ T9130] usb 2-1: Using ep0 maxpacket: 32 [ 625.462240][ T9130] usb 2-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 625.480964][ T9130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.500402][ T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 625.512586][ T9130] usb 2-1: config 0 descriptor?? [ 625.537367][ T9130] as10x_usb: device has been detected [ 625.551516][ T9130] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 625.636083][ T9130] usb 2-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 625.714451][ T9130] as10x_usb: error during firmware upload part1 [ 625.732173][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 625.741362][ T9130] Registered device nBox DVB-T Dongle [ 625.744950][ T9354] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 625.773392][ T9354] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 625.802039][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 625.854889][ T9] usb 1-1: config 4 has an invalid interface number: 133 but max is 0 [ 625.906044][ T9] usb 1-1: config 4 has no interface number 0 [ 625.934763][ T9] usb 1-1: New USB device found, idVendor=12d1, idProduct=8b88, bcdDevice=f3.59 [ 625.949459][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.967173][ T9385] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1028'. [ 625.977612][ T9] usb 1-1: Product: syz [ 625.981920][ T9] usb 1-1: Manufacturer: syz [ 625.986586][ T9] usb 1-1: SerialNumber: syz [ 626.847334][ T9130] usb 2-1: USB disconnect, device number 11 [ 626.874653][ T9130] Unregistered device nBox DVB-T Dongle [ 626.876426][ T9130] as10x_usb: device has been disconnected [ 626.935832][ T9392] netlink: 'syz.2.1031': attribute type 3 has an invalid length. [ 626.944167][ T9392] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1031'. [ 627.053917][ T9394] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1031'. [ 627.234623][ T9] huawei_cdc_ncm 1-1:4.133: CDC Union missing and no IAD found [ 627.254842][ T9] huawei_cdc_ncm 1-1:4.133: bind() failure [ 627.359699][ T9] usb 1-1: USB disconnect, device number 7 [ 628.145780][ T9407] loop1: detected capacity change from 0 to 164 [ 628.224509][ T9408] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 628.610647][ T9415] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1038'. [ 628.650072][ T9417] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 630.165698][ T9424] syzkaller0: entered promiscuous mode [ 630.178098][ T9424] syzkaller0: entered allmulticast mode [ 630.254479][ T9424] netlink: 'syz.3.1042': attribute type 3 has an invalid length. [ 630.264396][ T9424] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1042'. [ 630.276463][ T9424] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1042'. [ 632.707167][ T9444] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1050'. [ 635.183675][ T9455] netlink: 'syz.2.1053': attribute type 3 has an invalid length. [ 635.202375][ T9455] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1053'. [ 636.774267][ T9469] tmpfs: Unknown parameter '18446744073709551615' [ 636.943704][ T9471] kvm: kvm [9470]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3 [ 636.954530][ T9471] kvm: kvm [9470]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x13 [ 637.174070][ T9478] loop3: detected capacity change from 0 to 164 [ 638.068765][ T9491] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 638.103458][ T9492] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1064'. [ 639.193500][ T9505] batman_adv: batadv0: Adding interface: dummy0 [ 639.245584][ T9505] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 639.292467][ T9505] batman_adv: batadv0: Interface activated: dummy0 [ 639.393712][ T9508] batadv0: mtu less than device minimum [ 639.403419][ T9508] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 639.415653][ T9508] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 639.427493][ T9508] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 639.439118][ T9508] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 639.450881][ T9508] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 639.462486][ T9508] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 639.474105][ T9508] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 639.485765][ T9508] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 639.497406][ T9508] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 640.409276][ T9525] loop0: detected capacity change from 0 to 164 [ 642.234874][ T9544] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 642.946736][ T8653] Bluetooth: hci3: unexpected event for opcode 0x2011 [ 643.922740][ T9564] loop3: detected capacity change from 0 to 64 [ 644.140390][ T9564] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 644.276637][ T9564] bfs filesystem being mounted at /287/bus supports timestamps until 2106-02-07 (0xffffffff) [ 645.915639][ T9574] binder: 9573:9574 ioctl c0306201 2000000006c0 returned -14 [ 648.680405][ T9] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 648.691065][ T9594] CIFS: iocharset name too long [ 648.749550][ T9596] loop1: detected capacity change from 0 to 64 [ 648.776339][ T9596] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 648.814694][ T9596] bfs filesystem being mounted at /258/bus supports timestamps until 2106-02-07 (0xffffffff) [ 648.885376][ T7098] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 649.107325][ T7098] usb 1-1: not running at top speed; connect to a high speed hub [ 649.115771][ T9] usb 4-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 649.135022][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 649.136844][ T9598] overlayfs: failed to clone upperpath [ 649.153280][ T9] usb 4-1: Product: syz [ 649.790983][ T9] usb 4-1: Manufacturer: syz [ 649.795664][ T9] usb 4-1: SerialNumber: syz [ 649.829431][ T7098] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 649.862399][ T7098] usb 1-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=60.1b [ 649.880374][ T7098] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 649.888789][ T7098] usb 1-1: Product: syz [ 649.893742][ T7098] usb 1-1: Manufacturer: syz [ 649.898379][ T7098] usb 1-1: SerialNumber: syz [ 652.118416][ T9611] 9pnet_fd: Insufficient options for proto=fd [ 652.623450][ T9] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x04B8 pid 0x0202 [ 652.889211][ T9] usb 4-1: USB disconnect, device number 11 [ 652.898025][ T9] usblp0: removed [ 653.361568][ T9619] binder_alloc: 9618: binder_alloc_buf size 1024 failed, no address space [ 653.483228][ T9619] binder_alloc: allocated: 12288 (num: 2 largest: 12280), free: 0 (num: 0 largest: 0) [ 653.936318][ T9630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 654.664126][ T9630] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 654.952629][ T9637] loop3: detected capacity change from 0 to 64 [ 655.155971][ T9637] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 655.196925][ T9637] bfs filesystem being mounted at /294/bus supports timestamps until 2106-02-07 (0xffffffff) [ 655.349693][ T9641] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false [ 657.235621][ T9649] netlink: 'syz.1.1110': attribute type 2 has an invalid length. [ 657.248419][ T9648] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 658.619742][ T9] usb 1-1: USB disconnect, device number 8 [ 659.190599][ T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 659.402141][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 659.496084][ T9667] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 659.512475][ T9667] UDF-fs: Scanning with blocksize 512 failed [ 659.572045][ T9] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 659.610587][ T9667] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 659.621711][ T9667] UDF-fs: Scanning with blocksize 1024 failed [ 659.667319][ T9667] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 659.679790][ T9667] UDF-fs: Scanning with blocksize 2048 failed [ 659.734414][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 659.776225][ T9667] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 659.791784][ T9667] UDF-fs: Scanning with blocksize 4096 failed [ 659.887994][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 659.910323][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 659.940362][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 659.990490][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 660.010306][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.422545][ T9] usb 1-1: usb_control_msg returned -32 [ 660.428199][ T9] usbtmc 1-1:16.0: can't read capabilities [ 662.012286][ T9] usb 1-1: USB disconnect, device number 9 [ 663.334142][ T5854] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 663.561261][ T9692] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 663.720008][ T5854] usb 4-1: unable to get BOS descriptor or descriptor too short [ 663.819000][ T5854] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 663.840456][ T5854] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 663.864701][ T5854] usb 4-1: New USB device found, idVendor=2b73, idProduct=0013, bcdDevice= 0.40 [ 663.878601][ T5854] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.911184][ T5854] usb 4-1: Product: syz [ 663.915539][ T5854] usb 4-1: Manufacturer: syz [ 663.926345][ T5854] usb 4-1: SerialNumber: syz [ 664.881451][ T9705] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false [ 666.611607][ T5854] usb 4-1: cannot find UAC_HEADER [ 666.634844][ T5854] snd-usb-audio: probe of 4-1:1.0 failed with error -22 [ 666.676860][ T5854] usb 4-1: USB disconnect, device number 12 [ 666.785895][ T8713] udevd[8713]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 668.152376][ T9714] (null): rxe_set_mtu: Set mtu to 1024 [ 668.445015][ T9714] infiniband syz1: set active [ 668.450039][ T9714] infiniband syz1: added team_slave_0 [ 668.790496][ T9714] RDS/IB: syz1: added [ 668.795382][ T9714] smc: adding ib device syz1 with port count 1 [ 668.802168][ T9714] smc: ib device syz1 port 1 has pnetid [ 670.794695][ T9732] batman_adv: batadv0: Adding interface: dummy0 [ 670.813602][ T9732] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 670.901918][ T9732] batman_adv: batadv0: Interface activated: dummy0 [ 670.974961][ T9733] net_ratelimit: 10 callbacks suppressed [ 670.974979][ T9733] batadv0: mtu less than device minimum [ 671.014113][ T9733] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 671.026705][ T9733] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 671.039262][ T9733] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 671.051856][ T9733] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 671.064495][ T9733] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 671.077135][ T9733] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 671.089667][ T9733] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 671.102182][ T9733] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 671.114628][ T9733] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304) [ 672.156538][ T9744] smc: removing ib device syz1 [ 672.684788][ T9744] ------------[ cut here ]------------ [ 672.690371][ T9744] WARNING: CPU: 0 PID: 9744 at drivers/infiniband/sw/rxe/rxe_pool.c:116 rxe_pool_cleanup+0x42/0x50 [ 672.701769][ T9744] Modules linked in: [ 672.705699][ T9744] CPU: 0 PID: 9744 Comm: syz.2.1140 Not tainted syzkaller #0 [ 672.713174][ T9744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 672.723306][ T9744] RIP: 0010:rxe_pool_cleanup+0x42/0x50 [ 672.728804][ T9744] Code: 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 f0 49 06 fa 48 83 3b 00 75 07 e8 95 0a ae f9 5b c3 e8 8e 0a ae f9 <0f> 0b 5b c3 66 2e 0f 1f 84 00 00 00 00 00 66 0f 1f 00 55 41 57 41 [ 672.748512][ T9744] RSP: 0018:ffffc9000ba97148 EFLAGS: 00010246 [ 672.754620][ T9744] RAX: ffffffff87d92162 RBX: ffff88807c691298 RCX: 0000000000080000 [ 672.762690][ T9744] RDX: ffffc9000d4fc000 RSI: 000000000007ffff RDI: 0000000000080000 [ 672.770823][ T9744] RBP: 0000000000000002 R08: ffff88807c690743 R09: 1ffff1100f8d20e8 [ 672.778835][ T9744] R10: dffffc0000000000 R11: ffffed100f8d20e9 R12: dffffc0000000000 [ 672.786870][ T9744] R13: 0000000000000008 R14: ffffffff87d76060 R15: dffffc0000000000 [ 672.795451][ T9744] FS: 00007ffb9c7b26c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 672.804462][ T9744] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 672.811101][ T9744] CR2: 0000000000000000 CR3: 000000001b667000 CR4: 00000000003506f0 [ 672.819110][ T9744] Call Trace: [ 672.822473][ T9744] [ 672.825418][ T9744] rxe_dealloc+0x33/0x100 [ 672.829864][ T9744] ? trace_raw_output_rtrs_clt_conn_class+0x240/0x240 [ 672.836821][ T9744] ib_dealloc_device+0x4e/0x1f0 [ 672.841748][ T9744] __ib_unregister_device+0x120/0x170 [ 672.847144][ T9744] ib_unregister_device_and_put+0xb8/0xf0 [ 672.852916][ T9744] nldev_dellink+0x293/0x320 [ 672.857545][ T9744] ? nldev_newlink+0x610/0x610 [ 672.862377][ T9744] ? __lock_acquire+0x1347/0x7d40 [ 672.867511][ T9744] ? apparmor_capable+0x137/0x1a0 [ 672.872623][ T9744] ? bpf_lsm_capable+0x9/0x10 [ 672.877334][ T9744] ? security_capable+0x89/0xb0 [ 672.882426][ T9744] ? nldev_newlink+0x610/0x610 [ 672.887215][ T9744] rdma_nl_rcv+0x6e3/0xa20 [ 672.891727][ T9744] ? rdma_nl_net_init+0x190/0x190 [ 672.897304][ T9744] ? __lock_acquire+0x7d40/0x7d40 [ 672.902421][ T9744] ? net_generic+0x1e/0x240 [ 672.906953][ T9744] ? netlink_deliver_tap+0x2e/0x1b0 [ 672.912266][ T9744] netlink_unicast+0x751/0x8d0 [ 672.917101][ T9744] netlink_sendmsg+0x8d0/0xbf0 [ 672.921955][ T9744] ? netlink_getsockopt+0x590/0x590 [ 672.927201][ T9744] ? aa_sock_msg_perm+0x94/0x150 [ 672.932204][ T9744] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 672.937507][ T9744] ? security_socket_sendmsg+0x80/0xa0 [ 672.943078][ T9744] ? netlink_getsockopt+0x590/0x590 [ 672.948308][ T9744] ____sys_sendmsg+0x5ba/0x960 [ 672.953168][ T9744] ? __asan_memset+0x22/0x40 [ 672.957990][ T9744] ? __sys_sendmsg_sock+0x30/0x30 [ 672.963240][ T9744] ? __import_iovec+0x5f2/0x850 [ 672.968163][ T9744] ? import_iovec+0x73/0xa0 [ 672.972779][ T9744] ___sys_sendmsg+0x2a6/0x360 [ 672.977513][ T9744] ? __sys_sendmsg+0x2a0/0x2a0 [ 672.982389][ T9744] __se_sys_sendmsg+0x1c2/0x2b0 [ 672.987267][ T9744] ? __x64_sys_sendmsg+0x80/0x80 [ 672.992339][ T9744] ? lockdep_hardirqs_on+0x98/0x150 [ 672.997563][ T9744] do_syscall_64+0x55/0xb0 [ 673.002536][ T9744] ? clear_bhb_loop+0x40/0x90 [ 673.007236][ T9744] ? clear_bhb_loop+0x40/0x90 [ 673.011970][ T9744] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 673.017879][ T9744] RIP: 0033:0x7ffb9b99ce59 [ 673.022453][ T9744] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 673.042141][ T9744] RSP: 002b:00007ffb9c7b2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 673.050596][ T9744] RAX: ffffffffffffffda RBX: 00007ffb9bc15fa0 RCX: 00007ffb9b99ce59 [ 673.058591][ T9744] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000007 [ 673.066623][ T9744] RBP: 00007ffb9ba32d6f R08: 0000000000000000 R09: 0000000000000000 [ 673.074731][ T9744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 673.082756][ T9744] R13: 00007ffb9bc16038 R14: 00007ffb9bc15fa0 R15: 00007ffe098596d8 [ 673.090779][ T9744] [ 673.093807][ T9744] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 673.101098][ T9744] CPU: 0 PID: 9744 Comm: syz.2.1140 Not tainted syzkaller #0 [ 673.108508][ T9744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 673.118574][ T9744] Call Trace: [ 673.121864][ T9744] [ 673.124807][ T9744] dump_stack_lvl+0x18c/0x250 [ 673.129500][ T9744] ? show_regs_print_info+0x20/0x20 [ 673.134714][ T9744] ? load_image+0x420/0x420 [ 673.139243][ T9744] panic+0x2dc/0x730 [ 673.143161][ T9744] ? bpf_jit_dump+0xd0/0xd0 [ 673.147708][ T9744] __warn+0x2e0/0x470 [ 673.151703][ T9744] ? rxe_pool_cleanup+0x42/0x50 [ 673.156572][ T9744] ? rxe_pool_cleanup+0x42/0x50 [ 673.161432][ T9744] report_bug+0x2be/0x4f0 [ 673.165772][ T9744] ? rxe_pool_cleanup+0x42/0x50 [ 673.170636][ T9744] ? rxe_pool_cleanup+0x42/0x50 [ 673.175531][ T9744] ? rxe_pool_cleanup+0x44/0x50 [ 673.180421][ T9744] handle_bug+0xcf/0x120 [ 673.184672][ T9744] exc_invalid_op+0x1a/0x50 [ 673.189180][ T9744] asm_exc_invalid_op+0x1a/0x20 [ 673.194049][ T9744] RIP: 0010:rxe_pool_cleanup+0x42/0x50 [ 673.199519][ T9744] Code: 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 f0 49 06 fa 48 83 3b 00 75 07 e8 95 0a ae f9 5b c3 e8 8e 0a ae f9 <0f> 0b 5b c3 66 2e 0f 1f 84 00 00 00 00 00 66 0f 1f 00 55 41 57 41 [ 673.219152][ T9744] RSP: 0018:ffffc9000ba97148 EFLAGS: 00010246 [ 673.225236][ T9744] RAX: ffffffff87d92162 RBX: ffff88807c691298 RCX: 0000000000080000 [ 673.233224][ T9744] RDX: ffffc9000d4fc000 RSI: 000000000007ffff RDI: 0000000000080000 [ 673.241200][ T9744] RBP: 0000000000000002 R08: ffff88807c690743 R09: 1ffff1100f8d20e8 [ 673.249181][ T9744] R10: dffffc0000000000 R11: ffffed100f8d20e9 R12: dffffc0000000000 [ 673.257164][ T9744] R13: 0000000000000008 R14: ffffffff87d76060 R15: dffffc0000000000 [ 673.265145][ T9744] ? trace_raw_output_rtrs_clt_conn_class+0x240/0x240 [ 673.271925][ T9744] ? rxe_pool_cleanup+0x42/0x50 [ 673.276794][ T9744] ? rxe_pool_cleanup+0x42/0x50 [ 673.281652][ T9744] rxe_dealloc+0x33/0x100 [ 673.285987][ T9744] ? trace_raw_output_rtrs_clt_conn_class+0x240/0x240 [ 673.292764][ T9744] ib_dealloc_device+0x4e/0x1f0 [ 673.297622][ T9744] __ib_unregister_device+0x120/0x170 [ 673.302999][ T9744] ib_unregister_device_and_put+0xb8/0xf0 [ 673.308730][ T9744] nldev_dellink+0x293/0x320 [ 673.313348][ T9744] ? nldev_newlink+0x610/0x610 [ 673.318120][ T9744] ? __lock_acquire+0x1347/0x7d40 [ 673.323210][ T9744] ? apparmor_capable+0x137/0x1a0 [ 673.328244][ T9744] ? bpf_lsm_capable+0x9/0x10 [ 673.332929][ T9744] ? security_capable+0x89/0xb0 [ 673.337795][ T9744] ? nldev_newlink+0x610/0x610 [ 673.342568][ T9744] rdma_nl_rcv+0x6e3/0xa20 [ 673.346999][ T9744] ? rdma_nl_net_init+0x190/0x190 [ 673.352044][ T9744] ? __lock_acquire+0x7d40/0x7d40 [ 673.357086][ T9744] ? net_generic+0x1e/0x240 [ 673.361604][ T9744] ? netlink_deliver_tap+0x2e/0x1b0 [ 673.366810][ T9744] netlink_unicast+0x751/0x8d0 [ 673.371594][ T9744] netlink_sendmsg+0x8d0/0xbf0 [ 673.376386][ T9744] ? netlink_getsockopt+0x590/0x590 [ 673.381594][ T9744] ? aa_sock_msg_perm+0x94/0x150 [ 673.386546][ T9744] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 673.391856][ T9744] ? security_socket_sendmsg+0x80/0xa0 [ 673.397318][ T9744] ? netlink_getsockopt+0x590/0x590 [ 673.402524][ T9744] ____sys_sendmsg+0x5ba/0x960 [ 673.407318][ T9744] ? __asan_memset+0x22/0x40 [ 673.411920][ T9744] ? __sys_sendmsg_sock+0x30/0x30 [ 673.417127][ T9744] ? __import_iovec+0x5f2/0x850 [ 673.422014][ T9744] ? import_iovec+0x73/0xa0 [ 673.426526][ T9744] ___sys_sendmsg+0x2a6/0x360 [ 673.431224][ T9744] ? __sys_sendmsg+0x2a0/0x2a0 [ 673.436029][ T9744] __se_sys_sendmsg+0x1c2/0x2b0 [ 673.440899][ T9744] ? __x64_sys_sendmsg+0x80/0x80 [ 673.445852][ T9744] ? lockdep_hardirqs_on+0x98/0x150 [ 673.451063][ T9744] do_syscall_64+0x55/0xb0 [ 673.455487][ T9744] ? clear_bhb_loop+0x40/0x90 [ 673.460197][ T9744] ? clear_bhb_loop+0x40/0x90 [ 673.464900][ T9744] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 673.470803][ T9744] RIP: 0033:0x7ffb9b99ce59 [ 673.475221][ T9744] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 673.494834][ T9744] RSP: 002b:00007ffb9c7b2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 673.503254][ T9744] RAX: ffffffffffffffda RBX: 00007ffb9bc15fa0 RCX: 00007ffb9b99ce59 [ 673.511235][ T9744] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000007 [ 673.519209][ T9744] RBP: 00007ffb9ba32d6f R08: 0000000000000000 R09: 0000000000000000 [ 673.527189][ T9744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 673.535165][ T9744] R13: 00007ffb9bc16038 R14: 00007ffb9bc15fa0 R15: 00007ffe098596d8 [ 673.543179][ T9744] [ 673.546376][ T9744] Kernel Offset: disabled [ 673.550815][ T9744] Rebooting in 86400 seconds..