last executing test programs: 31.576401362s ago: executing program 3 (id=2478): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001e00)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) close(0xffffffffffffffff) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) 31.282968506s ago: executing program 3 (id=2479): socketpair(0x1, 0x1, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0xec}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) ioctl$KDSETKEYCODE(r2, 0x4b4d, &(0x7f0000000000)={0xb585, 0x6}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={0xffffffffffffffff, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6, &(0x7f0000000280)=[0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xf7, &(0x7f0000000340)=[{}, {}], 0x10, 0x10, &(0x7f0000000380), &(0x7f00000005c0), 0x8, 0xb3, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000800)={'syztnl0\x00', &(0x7f0000000780)={'syztnl1\x00', r3, 0x0, 0xff, 0x2, 0x80, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7, 0x7800, 0x10, 0x8}}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==") r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4) fadvise64(r7, 0xe0ffff, 0x9, 0x3) 28.749300241s ago: executing program 3 (id=2484): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETQUEUE(r0, 0x400454d9, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) 27.865603972s ago: executing program 3 (id=2486): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="ec00000021000100feffffff000000000000000000000000000000000000000000000000007c0000000000000000000000000000000000001700a0", @ANYRES32=0x0], 0xec}}, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='schedstat\x00') bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="250a00000018000061027000000000001800000000000000000000000000000095000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x94) 25.805478449s ago: executing program 3 (id=2489): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x31) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000000400007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70400000000000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0xfffffffffffffdf3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 25.622120674s ago: executing program 3 (id=2491): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080000000000000010000009400000007ad4160850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000b00007910000000000000c310001001000000950074000000000031fb0d3a42319fa204399d17d34e075fdcda533ab1aa71ab1d764152e6cb25dadc7ded5dbe11b60ac5ea9fca11027d19e93adb603deb92de3141e8fd7ac5b87a2070213cdfdc5d6c4890cdeb50347c32060581172b94c6ba22a2b58eb6cbad46ed6e7965a2ba5fc4a5a17d103b0b36f790bb41931f9a3d4dd127c1b4e49f7468f5e603950c6367587e8ece17d5c6e7c7514386f5125c0e2aa441cda5630047b770bc93868c63db6b6c27786aaff609c902fd65b951074957e967a8a3a405eaafbfafacdb7c2f6f32c251fadcd5a2e34b2efc310dae213aaad007975c26f6001f9b9dd2bf699781e0bbff554630fd9f9fff61813814a65b8e3bb2156ea642519206f26eb7359f732d497c0d4fdb4a735b9a7edd66"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)=0x3, 0x12) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/packet\x00') r4 = bpf$MAP_CREATE(0x0, &(0x7f0000002480)=ANY=[@ANYBLOB="0600000004006496f2f7ea95972000000000e665c2ca340e2d3d0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x13, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0xfffffff9}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x38, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00('], 0x48) r6 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) waitid(0x0, r1, &(0x7f0000002340), 0x4, &(0x7f00000023c0)) pread64(r6, &(0x7f0000002240)=""/237, 0xed, 0x4eb) 18.321783702s ago: executing program 0 (id=2502): socket(0x10, 0x803, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) socket(0xf, 0x3, 0xfffffffd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001400)={{r7}, 0x0, &(0x7f00000003c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000680)=ANY=[@ANYRESDEC, @ANYBLOB="e81d95b7e9bb5e7c85e8a3b47c63e3713e533f4deb5623a37a9e7bc2fb1817a23270dcab22bf85f1db69d27210e5e9517f7fe7e464fefa848d45aa295a8f1bd9a9e15cfcc888efbd886bb9645523ff065cd032b719c2463ac4a610a7e42e91c41f1f8f66c153d813b08007ed1a807ae66b264a5aa1399cef79132d1066783b1210dd094a5b03539f7373961a6f9f66ed21219837c6f86623f35a1480746f2a83daa477d9de2ef8e503da1f300c66d1fcc1098c1fdabaee7fc8658154782757a6813b980cb30a26d3ce461684a0d5775c3208ca04d5d975bb"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', r2, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]}) r8 = socket$inet(0x2, 0x2, 0x1) connect$inet(r8, 0x0, 0x0) sendmmsg$inet(r8, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="08001497733f5d3e", 0x8}], 0x1}}], 0x1, 0x2004000) recvfrom(r8, 0x0, 0x0, 0x10000, &(0x7f0000000e80)=@generic={0xa, "b5ff761cab18a604a264797b9e34c76a32929c1cc776cda79edece299cdfd873343befdc4b7e810a83672c85a58bbf591d960cf7d89b273bf547252972e6ef54d473f87594a896a480e4603f32e27b77c0a533cf46aa6473b4fb77d62ae0fc89b8166b005c1f47765112ce5f0abc3e2f48b2f8025cb55b8f5f394814e00e"}, 0x80) setreuid(0xee01, 0x0) 16.610480171s ago: executing program 0 (id=2506): socket$pppl2tp(0x18, 0x1, 0x1) syz_mount_image$ext4(0x0, &(0x7f0000000580)='./file0\x00', 0x19560c0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000f0000000000000c00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000000000000000000000500150002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 14.38446035s ago: executing program 0 (id=2507): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r4}, 0x18) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x2, 0x0, 0x2}}}}]}, 0x4c}}, 0x20000000) socket(0x80000000000000a, 0x2, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8) sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) fdatasync(0xffffffffffffffff) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) syz_open_procfs(0x0, 0x0) 11.964773005s ago: executing program 1 (id=2512): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) getpid() sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x24) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_setup(0x403, &(0x7f00000004c0)=0x0) io_pgetevents(r5, 0x4, 0x4, &(0x7f0000000240)=[{}, {}, {}, {}], &(0x7f0000000080)={0x0, 0x989680}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 9.428174549s ago: executing program 1 (id=2515): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$6lowpan_control(r3, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRESDEC], 0x50) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0x4f27, 0x0, 0x4, 0x4, 0x5, 0x5, 0x4, 0x7, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]}) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x10000041, 0x8527, 0x9, 0x6, 0x2e, 0x0, 0x3, 0xa3}, 0x0) bind$x25(r5, &(0x7f0000000e00), 0x12) write(r5, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) syz_clone(0x70001400, &(0x7f0000000680)="b8d66760bc0870ad3834c2ead03d359a819561cb517b7714f47d11a2f175da420e7f9ceeffb0dbf9f9fd154a0762cf98125df49371810000000000000041d07407de319f451dc4978accc886238862c1b0ede1b85191e06d59bbc98db860a0d4908bf1e555e2e0a6fc53a6e3aaf587d8223557f455443f1ffc7d13376bb4dc1c9e89f0b2015146ea53676242e70be79bd3f13fb62b465812c1a151fa1162d106f4b5bc5247440765cd3017f24b140cd6d04a4c92841bc738cc66127532a48f7ad6d207d47f82d8a7616d4ffa91570220947ed32a00baba86f463943b5877013fad53027c58e48900801cf05b69186fab6efdb8bd2ef11ea5b3019fa92f5cccc4e2cdc7a805a6d8608d82f5cf0101bbcc6da72efc0bd4", 0x116, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000e40)="a96f1d7b4dd9769cd098ca712fe44e01c165aef383e88501f2637635c93ecb91d6c93279bd209a65d8f7b6b32e2fc3e84495e5a1bd64280fb4af194b4062828f403945130770d6e75bd68786a97391c6082086a701796ea5bf169a24105cdff577a5464e85e2004b11bc251176efe619ce8a5f0aaf348220b35daa8f3b5553924c4854d9d57d2a280db1d291a8a09b1246ae38a389649e1159ae3c030524fef2f72f8b626c2dd8ae28b2848b86ad887df1fdb7a205e39ed8c213da6f3d676558db61f2a89d4021e52eadf88bd31f97bce710b90d7e3603e56a15a37047720ae74b32443849f332867f17d6a02d5980cc1648ebfa6149134832696d202ea8eae4b4f7e4dc8f7939675bad4ec93e499a2d7f672d32d2a1dc3029faa1e8b6a2b3c7b2fe53d9b58392832e5673aeedc682993ca32187f78f1cc2b9184c10ce3e236b9a248a3976eeaa9d73b45ec67d59a74887bac269e4b7c5d46a8e7d89b38f4af654f292508fbccd4318e8ef5ecbd6ebf5fc4dd17808ba97e303e82485ce7f5f9452034c49daec6a1da149be76e1b7cc6887c95a76cfc6f3056a1c316f7fa850760c3fab4dee90c76eaa6c0c309677981a7d6cfbc79d7a6ea9223090b62acccb4c147bca8028296c019a7300bc278ff946c5341dbc3556a1c1b9be38e97029027863e4633721b6dc17b90abd36e80fddbec467d1cd29fbf584cc6a6b3d026f408bb3b11cdd3918ff3f8f8a7b2ec280a2fc4785fed9914ccb81ac62131bf9563be5418b3efd7d1e34604cf0326d4ec817e66b417829abbc58120507fdd51b3dc013f03fc4b506cab9017d749e4174627a7ce39b63378c786a1e82fcd49e2998f351b7a43610435a54966c3400ad6e02910c5c02e5153914bebfa78e1db89d9668c1be2fc68e99a21f6fdbba9c53b49167a42937a40aae02fc1eccbb95fed863460da1ccdd61e7a6ae4fdbf1a2dbe3116e589792e7adc75c36868544911c8d766c10bfc4bb80a99ec68065474107a511e59ad7748579b4ab491f5e44023c117b21458e1a0ef33a5f7eae738c50e1890c3b49269c87ed9cc0c736c5f60dc25be602d5ed4fca3dfb02a91e3751f5f2eb8aed32886b5321c1d7f0c1526afab89527d87e5d3a2d9b1ab231fa2ea4ede63b901222f6fb99bc3480039e75ef617ae059b06318b07ac11dde43d829dca72a2e9c09d75bdc3926fe1913ec6aea95cce95e472e74c777f3b1c6e0c6ccd0c513e7c4c672b8e4d608b11f8a7d900e1db64f21c9430bb0dc9a99cb98ec151b3c0a7f1f2fa465e0b6be1eb665d98828ca6a92d7fc02c8b4701bf9589f6fd22a8112587fabcec76435c119ad7a18de597b566a2e07c34a29e3776a94a04e6e74a25cf3786c695d913dc33b4181c9698acc108605a5389e23be60651ec8eb691dbbe3f3dee3a80fe890ddb92e64e9cba5fcd089d9824889d2ea757d632e71a3d127a439f4017f42e81767b86aabcc4ec70720beb6d701ad53ec7c4b2dd98a35522621478f6d9eb27bf762f1bb74ebb8668d5e0f3d0875065a32ba721198bda832264a89be1774caea7da4bc13630f429519aa9a6e28bd8878b9733efe59a377e519574d8c5a8eb472a1093f7c478c29dfebbf6a22a907fef7e25327e680d66ec37c6b7f6708358584d98857f1de9ef312f05847403320e32996bd88d8b7e24d26693ecd0c54df9e2cecfc946476226ba7c9abab4bd06372fe74791c6e43e74dde06e958fc3a64c5303f1c8b285447dc8b2d40f25b3a2a992420d6655bb15c8305dd81a1eea9ce6f432e6c63613c95a6fe1c93463aeb8574ed4a7883687d3fdb6e80dfe1f73219da717fb1d1b3eab3b534eeb41aa605c044fd69c1057eeb111390cead31a451ae7633cca027944d37cf378f389d69d4fcb8c16e32c1706ae8780948176a4a872f118e47ce7a39485db4b6f582308b9305c3952779a666329a613787053587a0b129dc997a4a2ebfab0d719eae7f260ab8c9e10dbbbc7176753116c5264f7c45a00397b317d42a85f6c6d03d5cc42fca20e5ff46f7679ac9087a9b3d1ff551178ffc1d5095d69cc522cce3f3539d143bc8a715209dc2742a43f230bbb06f72be894849072699a7ecd4f56b94550b223f4614a2cbd9e8241469631996ad6022009f0b4fe23f8dcb3539844e706f599ef17283e05e27c403d00fc028117512f208b3eaaaae6425fd815c9856c4eb0de9ba7d43bee8e945710259285890e12d8610635281c0a5028748549be0a155b2d6dcefd2359432bff080b6558a1b82168111e4e4499e2860265a358d74dad2f1ed931001fb03c432a9aaeb2fdb5a2f77310bd5eedafce0e351328162685745bc0d894e041558e4a824b9f4fe3493e63eecc4bd33c043ff77305d2fdcbf75d46458f24bfa355225286ce82d28ed1ac71adca3950a62a3030bcaaa0c9d9445d88d1d0fa007b5908e932f3f3c07e53a41dff8a3ef3a481e60190a015322ddf025d3197abd802a9d2e0c197e5b9871d714bc1357c4caee2a22cac6c2087c5472deed9442e4c9a10d6b1744ad8360ee8d3d7cad7e8f9f6fddf28b3b253cb789d3bdc1e3557ab15f24cbd369e4cf3a9f401de7484e80ae82da731199b9dee55599833d67b1a98772582600b4e3cc59796242445ca54c3200a1f794fc8527b4711d62bd020686d12fc12190de6535a30d54bbca23066d8181add5781c5c60201e9075d57cf250d2589b025ece634612311588e90dbc0082d1b68079f55b882c8d6d304f13e97d7ea1f20570e118d53924d6e01feb8804da4104cc5f71ca9ce41e704a53aee2662a32dc4a693d650b4324997b5f2ece387ca130dbbd52db4dada694b967e9b06cd04804dad1907f326ae80440a218b97d5534417259920f442bd6ce9b4387343cc410e692bd94cf3ca3b973673005233e011936e307dd677a6654412a51b87526a4bf0da067b67e176d7239422f7f6d9dc4b885bd72bf3dda3acff44b40278f6223795bc29826031df87b03f9a63e07bdf96ab1e5f135ee681ac9e9bbe135ce282c902866fa650c454fc6e73054c5b5f1318094e71f113afe8c68f962a584a14a2b696af2477a7585b8b0ffbefbe6e045d292fd9e89a722fe26b386c85fc5fc8e3516037570faabb112470f84b161f7cec61cc9532bca17a64a13f6c7cdb2fb8900dd0636750a5cf9783e4de77c5f83d0412712bf9b9bbec8739a6a5688e97dd34dd586d8ff7647d981418cd3a62ba6e42d14477b0b2ec05bf2e0bc68989464b3b3a75a6ade41bf3832459ee878e61c3f9f6713f15c67a06cd0e99101853fa52bf491a8c91346196e60a0952022f5a7b06fc31f27aa6909a1f55d980d5ba93dedc861e792d6f01ad64b11e3b15e97eb59514e9c26895a2e7f716b5af18de822d15e06d5c92a9fb84e56a80766695fc46d980a83b4a11fa1c3ce2283a813aa406750554c675004e0759dcc86e0abf3054fcc06dd7c8c01595ada51343d26ad8f68b72ab9fd526d737c7889f5cb2404122f8fd60e9772f621602330a9cd86b8e7c9fd883e5a319100bbb39ecfc0ebd4207d0aadb37e53d26a7c1709b423646faf5629dd29718efee2d0f98923546344e9ffa4045500cd5bfe7466ee71dbe68fa924861f1ab75d2404f980c8c0dc5321983ef4b774b9dca9dea456a290f1975a4d46717bb27d2fc273e4916964f130547821cd246d651cef93c714f55afc09d36278f8739ef1b72a9b7489f99d3a25142792210ad34024e53545ac19ad263992d3af6a37e059bb5996d139e5d28af6b12724ea95eadda6911a1ea398d3591ede85692da6abeb6a20370e360865b32781480420d612be268ede1a449218c6073a5629c828c976a2901e52d6de4bda7b2d6a88d26910aa3340d68e466144d600f32d3fc0b83d08fc7e3b71270a60fe923ba91949916f5d6c6c908c24ad0174458c1e4ce775a0faf9c957222d17c7af0944b481e9267bb318b1fd09838052821a60d31e16a879c6fa790c11bb7673223cdd5e70415072458274ca4e0c77908e8f4faa991cfaeee9c339a357e3a4890d511b2b8e6e843b4e19ed8ae77ffcc0eddbad27c6f753fd6cdb64c81508a1c80028b0b88f8c3fefaa2077858e54466136ce89c8da397c75b282e41e678b4b02250c55d173177e293dc15cc666bbcbe657ca9cdc1bb5925efe24c0007abf38b8f64ec58ef52c4dcd555473c12c6cce15c05d656e10660768e9af41642a2c2744765ef394a777644f52d0d10f90bd31cfd8c29efec88fa8333b4aeb8f2d364dc7ad36c561c649446cdf289e420a93aab274a9d3a3f96f95f8c0624ce12d59aa8eac684bdbeb52c5f12cfb532432746155ed5d99ac6caca224ce218c2d7592794b76872c8f63f5243fecbd1cda2f416543f9da24a75bf87faaa4d782307eeddb387b63afcdb546cf7942bc2eb5ba6097c8ee7c0171546b97f6c94cfbbe8470a2502332c4adcbca4d54cac7d9d82f04797cae90d1d53eafa6f74cce247106561522b45767c8bc92ae35515b6089750a1b3d9980599c43efc9fb5800344158d020bd16ab42bea94023f87bedb887156f1935c2c9b03d8768cb3e857ff0e84b250a093bd584f7901b39488dcfe5871144d94e7d0932a3ffde58be0bab66a349758fbcc58aeac2e95e7985d9cc640a32c50aa6e58cbc2e8e6cf42fd6ff5fac7912f95edaf5f1d7c3cf81541f4e416726c0717195e7be75a4141b3b94bc1aa5fb10bf3bd11bc7227fd6bd4d570ff81a74d7d6504c6ab46b501b332d3c6bf98d013aa264d635843df0ed68dd1611670f542bee4f7d0882fbb42ae6ca720b1350e3d22847d13231835b7be74b0f7b4a044104c3256b8406e3c47444144e44d4eb93a6779cb98cee41168e22ec7ac198727d7de7a3b1040200e4b68198f98afeb76c1994288eb5ace80ac82a1715458a1bc054900d98c4d309b5fd3d8fd3dfb6cd90b6381a5d738140cac757755efd057e3c918640d7c59d5f310c90ebca72ed4d125c46ff5bd3dba5bb7d07957f6872cd5e145ce786626706787cbd77aa99cddec96b7e00f4ab1bb15adb394a834ac18b194828babb3f64023dca386b0461b36b944d04e8cf897b65ed09636e0b66ccab622ce098fe6f1a90b12709f897439f2551c19e848611cc7ab494871256daad0321abec170da9d87dac86e6284063f39568ffb99bb8c9e36d4e7a1c13c5c52f46c5452816a46bdf9d2ffd9fb56d9ba8c096ba4f3aac971469d9e9b330d16b1e042cf9ea7177dd334a3a9639c7c3fcf1175f58b5620761d1b747b42fc3542740b91803e182a58f270153a2bef46410030e8c63a5b4405d719fd302510857adb7e6d10933e6aa2f48c0ef71bea443836e0bd551b33b983f8d5af2df42e2472bfb62572e9ae07fb5701f9484795f95b3a9ca9d7ed17393c92011469b7438646221e24ee3a141c9a5e9a21a261abec973320db12351638f4037f51d7712c63aeae9c5af6d9c82f2012c7b4445c76f1a72091621f2e8a623e93103ee2aade2c4fb4dd2eb5b688411433f5ae7a9c35e12b58726161a0ac60dfe819b4d2edb067781cb1955da714f82763f888169b6b1d0e06b2a578581f9326c8d5e73ed4af7c565b61d976d0a9ca4610264850c16f09bcaf91f3ece5ec1a7fb1b2437a27450d82b0b46434ea8336b895c86e22d7ea2ce6878238c404ab3b5d612827c3aeecd6faf1445134f891038464135131716a04c2b984b8c49a6ec7399705f4e115e3965dcf5eb89bcf5653f9b40721073773b6c46e2677cec5728962c9d7be7bf9c8ea520cf691e") r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="310300000000000008001b0000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00'}) sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, 0x0, 0x1) 7.408134342s ago: executing program 1 (id=2517): r0 = open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x88) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x8, 0x395, 0x5, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000300)={0x0, 0x0}) sched_setscheduler(r1, 0x1, &(0x7f0000000280)=0x3) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = io_uring_setup(0x332, &(0x7f0000000080)={0x0, 0x21e, 0x10}) io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r6, 0x8b04, 0x0) 7.341628978s ago: executing program 0 (id=2518): ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) listen(0xffffffffffffffff, 0x2) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x1000, 0x0, 0x4000, 0x0, 0xfffc, 0x0, 0x800, 0x0, 0x3d3, 0x7}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) 6.858088207s ago: executing program 2 (id=2520): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) mkdir(0x0, 0x0) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, 0x0, 0x0, 0xc002a0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_subtree(r1, 0x0, 0x2, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, 0x0, 0x8) connect$inet6(r2, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r3, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'}) 6.508018035s ago: executing program 2 (id=2521): mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0) mount$cgroup2(0x0, 0x0, 0x0, 0x80000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() rt_sigprocmask(0x2, 0x0, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f0000000400)={0x1, 0x5, 0xffffffff, 0x30000, 0x80000001, 0x8, 0x4, 0x5e5e}, &(0x7f0000000480), 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x8cb2b000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x1, 0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x41480}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x5}, 0x0) 6.31641469s ago: executing program 0 (id=2522): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) ioctl$PPPIOCSNPMODE(0xffffffffffffffff, 0x4008744b, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) socket(0x22, 0xa, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) 4.843708249s ago: executing program 0 (id=2523): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@tail_call={{}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) recvmmsg(r4, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c40)=""/110, 0x6e}, {&(0x7f0000001ac0)=""/4096, 0x1000}], 0x2}, 0xffff}], 0x1, 0x0, 0x0) 4.83550571s ago: executing program 2 (id=2524): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$6lowpan_control(r3, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRESDEC], 0x50) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0x4f27, 0x0, 0x4, 0x4, 0x5, 0x5, 0x4, 0x7, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]}) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x10000041, 0x8527, 0x9, 0x6, 0x2e, 0x0, 0x3, 0xa3}, 0x0) bind$x25(r5, &(0x7f0000000e00), 0x12) write(r5, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) syz_clone(0x70001400, &(0x7f0000000680)="b8d66760bc0870ad3834c2ead03d359a819561cb517b7714f47d11a2f175da420e7f9ceeffb0dbf9f9fd154a0762cf98125df49371810000000000000041d07407de319f451dc4978accc886238862c1b0ede1b85191e06d59bbc98db860a0d4908bf1e555e2e0a6fc53a6e3aaf587d8223557f455443f1ffc7d13376bb4dc1c9e89f0b2015146ea53676242e70be79bd3f13fb62b465812c1a151fa1162d106f4b5bc5247440765cd3017f24b140cd6d04a4c92841bc738cc66127532a48f7ad6d207d47f82d8a7616d4ffa91570220947ed32a00baba86f463943b5877013fad53027c58e48900801cf05b69186fab6efdb8bd2ef11ea5b3019fa92f5cccc4e2cdc7a805a6d8608d82f5cf0101bbcc6da72efc0bd4", 0x116, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000e40)="a96f1d7b4dd9769cd098ca712fe44e01c165aef383e88501f2637635c93ecb91d6c93279bd209a65d8f7b6b32e2fc3e84495e5a1bd64280fb4af194b4062828f403945130770d6e75bd68786a97391c6082086a701796ea5bf169a24105cdff577a5464e85e2004b11bc251176efe619ce8a5f0aaf348220b35daa8f3b5553924c4854d9d57d2a280db1d291a8a09b1246ae38a389649e1159ae3c030524fef2f72f8b626c2dd8ae28b2848b86ad887df1fdb7a205e39ed8c213da6f3d676558db61f2a89d4021e52eadf88bd31f97bce710b90d7e3603e56a15a37047720ae74b32443849f332867f17d6a02d5980cc1648ebfa6149134832696d202ea8eae4b4f7e4dc8f7939675bad4ec93e499a2d7f672d32d2a1dc3029faa1e8b6a2b3c7b2fe53d9b58392832e5673aeedc682993ca32187f78f1cc2b9184c10ce3e236b9a248a3976eeaa9d73b45ec67d59a74887bac269e4b7c5d46a8e7d89b38f4af654f292508fbccd4318e8ef5ecbd6ebf5fc4dd17808ba97e303e82485ce7f5f9452034c49daec6a1da149be76e1b7cc6887c95a76cfc6f3056a1c316f7fa850760c3fab4dee90c76eaa6c0c309677981a7d6cfbc79d7a6ea9223090b62acccb4c147bca8028296c019a7300bc278ff946c5341dbc3556a1c1b9be38e97029027863e4633721b6dc17b90abd36e80fddbec467d1cd29fbf584cc6a6b3d026f408bb3b11cdd3918ff3f8f8a7b2ec280a2fc4785fed9914ccb81ac62131bf9563be5418b3efd7d1e34604cf0326d4ec817e66b417829abbc58120507fdd51b3dc013f03fc4b506cab9017d749e4174627a7ce39b63378c786a1e82fcd49e2998f351b7a43610435a54966c3400ad6e02910c5c02e5153914bebfa78e1db89d9668c1be2fc68e99a21f6fdbba9c53b49167a42937a40aae02fc1eccbb95fed863460da1ccdd61e7a6ae4fdbf1a2dbe3116e589792e7adc75c36868544911c8d766c10bfc4bb80a99ec68065474107a511e59ad7748579b4ab491f5e44023c117b21458e1a0ef33a5f7eae738c50e1890c3b49269c87ed9cc0c736c5f60dc25be602d5ed4fca3dfb02a91e3751f5f2eb8aed32886b5321c1d7f0c1526afab89527d87e5d3a2d9b1ab231fa2ea4ede63b901222f6fb99bc3480039e75ef617ae059b06318b07ac11dde43d829dca72a2e9c09d75bdc3926fe1913ec6aea95cce95e472e74c777f3b1c6e0c6ccd0c513e7c4c672b8e4d608b11f8a7d900e1db64f21c9430bb0dc9a99cb98ec151b3c0a7f1f2fa465e0b6be1eb665d98828ca6a92d7fc02c8b4701bf9589f6fd22a8112587fabcec76435c119ad7a18de597b566a2e07c34a29e3776a94a04e6e74a25cf3786c695d913dc33b4181c9698acc108605a5389e23be60651ec8eb691dbbe3f3dee3a80fe890ddb92e64e9cba5fcd089d9824889d2ea757d632e71a3d127a439f4017f42e81767b86aabcc4ec70720beb6d701ad53ec7c4b2dd98a35522621478f6d9eb27bf762f1bb74ebb8668d5e0f3d0875065a32ba721198bda832264a89be1774caea7da4bc13630f429519aa9a6e28bd8878b9733efe59a377e519574d8c5a8eb472a1093f7c478c29dfebbf6a22a907fef7e25327e680d66ec37c6b7f6708358584d98857f1de9ef312f05847403320e32996bd88d8b7e24d26693ecd0c54df9e2cecfc946476226ba7c9abab4bd06372fe74791c6e43e74dde06e958fc3a64c5303f1c8b285447dc8b2d40f25b3a2a992420d6655bb15c8305dd81a1eea9ce6f432e6c63613c95a6fe1c93463aeb8574ed4a7883687d3fdb6e80dfe1f73219da717fb1d1b3eab3b534eeb41aa605c044fd69c1057eeb111390cead31a451ae7633cca027944d37cf378f389d69d4fcb8c16e32c1706ae8780948176a4a872f118e47ce7a39485db4b6f582308b9305c3952779a666329a613787053587a0b129dc997a4a2ebfab0d719eae7f260ab8c9e10dbbbc7176753116c5264f7c45a00397b317d42a85f6c6d03d5cc42fca20e5ff46f7679ac9087a9b3d1ff551178ffc1d5095d69cc522cce3f3539d143bc8a715209dc2742a43f230bbb06f72be894849072699a7ecd4f56b94550b223f4614a2cbd9e8241469631996ad6022009f0b4fe23f8dcb3539844e706f599ef17283e05e27c403d00fc028117512f208b3eaaaae6425fd815c9856c4eb0de9ba7d43bee8e945710259285890e12d8610635281c0a5028748549be0a155b2d6dcefd2359432bff080b6558a1b82168111e4e4499e2860265a358d74dad2f1ed931001fb03c432a9aaeb2fdb5a2f77310bd5eedafce0e351328162685745bc0d894e041558e4a824b9f4fe3493e63eecc4bd33c043ff77305d2fdcbf75d46458f24bfa355225286ce82d28ed1ac71adca3950a62a3030bcaaa0c9d9445d88d1d0fa007b5908e932f3f3c07e53a41dff8a3ef3a481e60190a015322ddf025d3197abd802a9d2e0c197e5b9871d714bc1357c4caee2a22cac6c2087c5472deed9442e4c9a10d6b1744ad8360ee8d3d7cad7e8f9f6fddf28b3b253cb789d3bdc1e3557ab15f24cbd369e4cf3a9f401de7484e80ae82da731199b9dee55599833d67b1a98772582600b4e3cc59796242445ca54c3200a1f794fc8527b4711d62bd020686d12fc12190de6535a30d54bbca23066d8181add5781c5c60201e9075d57cf250d2589b025ece634612311588e90dbc0082d1b68079f55b882c8d6d304f13e97d7ea1f20570e118d53924d6e01feb8804da4104cc5f71ca9ce41e704a53aee2662a32dc4a693d650b4324997b5f2ece387ca130dbbd52db4dada694b967e9b06cd04804dad1907f326ae80440a218b97d5534417259920f442bd6ce9b4387343cc410e692bd94cf3ca3b973673005233e011936e307dd677a6654412a51b87526a4bf0da067b67e176d7239422f7f6d9dc4b885bd72bf3dda3acff44b40278f6223795bc29826031df87b03f9a63e07bdf96ab1e5f135ee681ac9e9bbe135ce282c902866fa650c454fc6e73054c5b5f1318094e71f113afe8c68f962a584a14a2b696af2477a7585b8b0ffbefbe6e045d292fd9e89a722fe26b386c85fc5fc8e3516037570faabb112470f84b161f7cec61cc9532bca17a64a13f6c7cdb2fb8900dd0636750a5cf9783e4de77c5f83d0412712bf9b9bbec8739a6a5688e97dd34dd586d8ff7647d981418cd3a62ba6e42d14477b0b2ec05bf2e0bc68989464b3b3a75a6ade41bf3832459ee878e61c3f9f6713f15c67a06cd0e99101853fa52bf491a8c91346196e60a0952022f5a7b06fc31f27aa6909a1f55d980d5ba93dedc861e792d6f01ad64b11e3b15e97eb59514e9c26895a2e7f716b5af18de822d15e06d5c92a9fb84e56a80766695fc46d980a83b4a11fa1c3ce2283a813aa406750554c675004e0759dcc86e0abf3054fcc06dd7c8c01595ada51343d26ad8f68b72ab9fd526d737c7889f5cb2404122f8fd60e9772f621602330a9cd86b8e7c9fd883e5a319100bbb39ecfc0ebd4207d0aadb37e53d26a7c1709b423646faf5629dd29718efee2d0f98923546344e9ffa4045500cd5bfe7466ee71dbe68fa924861f1ab75d2404f980c8c0dc5321983ef4b774b9dca9dea456a290f1975a4d46717bb27d2fc273e4916964f130547821cd246d651cef93c714f55afc09d36278f8739ef1b72a9b7489f99d3a25142792210ad34024e53545ac19ad263992d3af6a37e059bb5996d139e5d28af6b12724ea95eadda6911a1ea398d3591ede85692da6abeb6a20370e360865b32781480420d612be268ede1a449218c6073a5629c828c976a2901e52d6de4bda7b2d6a88d26910aa3340d68e466144d600f32d3fc0b83d08fc7e3b71270a60fe923ba91949916f5d6c6c908c24ad0174458c1e4ce775a0faf9c957222d17c7af0944b481e9267bb318b1fd09838052821a60d31e16a879c6fa790c11bb7673223cdd5e70415072458274ca4e0c77908e8f4faa991cfaeee9c339a357e3a4890d511b2b8e6e843b4e19ed8ae77ffcc0eddbad27c6f753fd6cdb64c81508a1c80028b0b88f8c3fefaa2077858e54466136ce89c8da397c75b282e41e678b4b02250c55d173177e293dc15cc666bbcbe657ca9cdc1bb5925efe24c0007abf38b8f64ec58ef52c4dcd555473c12c6cce15c05d656e10660768e9af41642a2c2744765ef394a777644f52d0d10f90bd31cfd8c29efec88fa8333b4aeb8f2d364dc7ad36c561c649446cdf289e420a93aab274a9d3a3f96f95f8c0624ce12d59aa8eac684bdbeb52c5f12cfb532432746155ed5d99ac6caca224ce218c2d7592794b76872c8f63f5243fecbd1cda2f416543f9da24a75bf87faaa4d782307eeddb387b63afcdb546cf7942bc2eb5ba6097c8ee7c0171546b97f6c94cfbbe8470a2502332c4adcbca4d54cac7d9d82f04797cae90d1d53eafa6f74cce247106561522b45767c8bc92ae35515b6089750a1b3d9980599c43efc9fb5800344158d020bd16ab42bea94023f87bedb887156f1935c2c9b03d8768cb3e857ff0e84b250a093bd584f7901b39488dcfe5871144d94e7d0932a3ffde58be0bab66a349758fbcc58aeac2e95e7985d9cc640a32c50aa6e58cbc2e8e6cf42fd6ff5fac7912f95edaf5f1d7c3cf81541f4e416726c0717195e7be75a4141b3b94bc1aa5fb10bf3bd11bc7227fd6bd4d570ff81a74d7d6504c6ab46b501b332d3c6bf98d013aa264d635843df0ed68dd1611670f542bee4f7d0882fbb42ae6ca720b1350e3d22847d13231835b7be74b0f7b4a044104c3256b8406e3c47444144e44d4eb93a6779cb98cee41168e22ec7ac198727d7de7a3b1040200e4b68198f98afeb76c1994288eb5ace80ac82a1715458a1bc054900d98c4d309b5fd3d8fd3dfb6cd90b6381a5d738140cac757755efd057e3c918640d7c59d5f310c90ebca72ed4d125c46ff5bd3dba5bb7d07957f6872cd5e145ce786626706787cbd77aa99cddec96b7e00f4ab1bb15adb394a834ac18b194828babb3f64023dca386b0461b36b944d04e8cf897b65ed09636e0b66ccab622ce098fe6f1a90b12709f897439f2551c19e848611cc7ab494871256daad0321abec170da9d87dac86e6284063f39568ffb99bb8c9e36d4e7a1c13c5c52f46c5452816a46bdf9d2ffd9fb56d9ba8c096ba4f3aac971469d9e9b330d16b1e042cf9ea7177dd334a3a9639c7c3fcf1175f58b5620761d1b747b42fc3542740b91803e182a58f270153a2bef46410030e8c63a5b4405d719fd302510857adb7e6d10933e6aa2f48c0ef71bea443836e0bd551b33b983f8d5af2df42e2472bfb62572e9ae07fb5701f9484795f95b3a9ca9d7ed17393c92011469b7438646221e24ee3a141c9a5e9a21a261abec973320db12351638f4037f51d7712c63aeae9c5af6d9c82f2012c7b4445c76f1a72091621f2e8a623e93103ee2aade2c4fb4dd2eb5b688411433f5ae7a9c35e12b58726161a0ac60dfe819b4d2edb067781cb1955da714f82763f888169b6b1d0e06b2a578581f9326c8d5e73ed4af7c565b61d976d0a9ca4610264850c16f09bcaf91f3ece5ec1a7fb1b2437a27450d82b0b46434ea8336b895c86e22d7ea2ce6878238c404ab3b5d612827c3aeecd6faf1445134f891038464135131716a04c2b984b8c49a6ec7399705f4e115e3965dcf5eb89bcf5653f9b40721073773b6c46e2677cec5728962c9d7be7bf9c8ea520cf691e") r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="310300000000000008001b0000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00'}) sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, 0x0, 0x1) 3.355920409s ago: executing program 2 (id=2525): write(0xffffffffffffffff, &(0x7f00000000c0)="3c00000058001f00032ae4f9002304000a04d65f080001000201000217d1ae", 0x1f) r0 = openat$kvm(0xffffff9c, 0x0, 0x101, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x8, 0xfffffffffffffffd, 0x0, 0x10000, 0xb0, 0x4002004c4, 0x1000, 0x0, 0x800000004, 0x7, 0x5, 0x0, 0x9, 0x0, 0x7], 0x5000, 0x2113c0}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/address_bits', 0x0, 0x0) getdents(r5, &(0x7f0000000340)=""/220, 0xdc) setsockopt$bt_BT_SNDMTU(r5, 0x112, 0xc, &(0x7f0000000140)=0x4, 0x2) r6 = socket$inet_udp(0x2, 0x2, 0x0) close(r6) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r8, @ANYBLOB, @ANYRES32=r10, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0) write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc) splice(r3, 0x0, r6, 0x0, 0x4ffe6, 0x0) 2.951507791s ago: executing program 1 (id=2526): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x183001, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000014000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x9, 0x5, 0x0, 0x0, 0x2004cb, 0x200000000000, 0x0, 0x16, 0xfffffffffffffffd, 0x0, 0x5], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.415877845s ago: executing program 1 (id=2527): r0 = socket$kcm(0x2, 0x1, 0x84) sendmsg$sock(r0, &(0x7f0000000300)={&(0x7f0000000000)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000340)}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x24, 0x0, 0x0) 2.365878489s ago: executing program 2 (id=2528): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ec00000021000100feffffff000000000000000000000000000000000000000000000000007c0000000000000000000000000000000000001700a00000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c00110000000000000000000000000000000000fe8000000000000000000000000000bbac1414210000000000000000000000002001000000000000000000000000000000000000000000000000020000000000000000000000000000000000fe8000000000000000000000000000bb"], 0xec}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) syz_open_procfs(r1, 0x0) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==") r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4) fadvise64(r7, 0xe0ffff, 0x9, 0x3) io_submit(0x0, 0x2, &(0x7f0000000b00)=[&(0x7f0000000a40)={0x0, 0x0, 0x0, 0x6, 0x2, r6, &(0x7f0000000a00)="8333b85d85ed6cb0a20f71a86a07", 0xe, 0x100, 0x0, 0x3}, 0x0]) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/18, @ANYRES32=0x0, @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) 2.128509398s ago: executing program 1 (id=2529): ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000140)=ANY=[@ANYBLOB="12013301020000082505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a000008090511ee40000000000904010000020d00000904010102020d0000090582020002000000090503020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x1000, 0x0, 0x4000, 0x0, 0xfffc, 0x0, 0x800, 0x0, 0x3d3, 0x7}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 0s ago: executing program 2 (id=2530): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) ioctl$PPPIOCSNPMODE(0xffffffffffffffff, 0x4008744b, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) socket(0x22, 0xa, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) kernel console output (not intermixed with test programs): You must specify a L4 protocol and not use inversions on it [ 866.724319][T12426] loop3: detected capacity change from 0 to 1024 [ 868.700117][T12433] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1813'. [ 870.962126][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.968515][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.604449][T12463] xt_CT: You must specify a L4 protocol and not use inversions on it [ 871.627548][T12463] loop3: detected capacity change from 0 to 1024 [ 872.435703][T12468] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1823'. [ 873.821287][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 873.821303][ T28] audit: type=1800 audit(1755051147.657:521): pid=12492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1831" name="bus" dev="overlay" ino=2437 res=0 errno=0 [ 874.289619][T12500] xt_CT: You must specify a L4 protocol and not use inversions on it [ 874.313430][T12500] loop2: detected capacity change from 0 to 1024 [ 875.233314][T10604] block nbd3: Possible stuck request ffff888021a70000: control (read@0,1024B). Runtime 330 seconds [ 875.244220][T10604] block nbd3: Possible stuck request ffff888021a70200: control (read@1024,1024B). Runtime 330 seconds [ 875.255543][T10604] block nbd3: Possible stuck request ffff888021a70400: control (read@2048,1024B). Runtime 330 seconds [ 875.266733][T10604] block nbd3: Possible stuck request ffff888021a70600: control (read@3072,1024B). Runtime 330 seconds [ 875.937453][ T5932] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 876.298415][T12508] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1836'. [ 876.952854][T12508] NILFS (nullb0): couldn't find nilfs on the device [ 876.961753][T12511] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1835'. [ 878.354238][ T28] audit: type=1800 audit(1755051152.197:522): pid=12529 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1841" name="bus" dev="overlay" ino=2510 res=0 errno=0 [ 878.947569][T12533] xt_CT: You must specify a L4 protocol and not use inversions on it [ 878.970223][T12533] loop1: detected capacity change from 0 to 1024 [ 879.182373][T12542] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1845'. [ 880.263347][T12552] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1847'. [ 880.546208][T12552] NILFS (nullb0): couldn't find nilfs on the device [ 880.967996][T12561] binder_alloc: 12559: binder_alloc_buf, no vma [ 881.001631][ T28] audit: type=1800 audit(1755051154.837:523): pid=12562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1850" name="bus" dev="overlay" ino=2320 res=0 errno=0 [ 881.949633][T12581] xt_CT: You must specify a L4 protocol and not use inversions on it [ 881.972753][T12581] loop1: detected capacity change from 0 to 1024 [ 883.503765][T12582] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1855'. [ 883.532097][ T5932] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 884.211669][ T28] audit: type=1800 audit(1755051158.047:524): pid=12591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1860" name="bus" dev="overlay" ino=2566 res=0 errno=0 [ 884.350476][T12592] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1861'. [ 884.804048][T12590] NILFS (nullb0): couldn't find nilfs on the device [ 885.282142][ T9921] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 885.291983][ T9921] CPU: 1 PID: 9921 Comm: kworker/u5:0 Not tainted 6.6.101-syzkaller #0 [ 885.300241][ T9921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 885.310316][ T9921] Workqueue: hci3 hci_rx_work [ 885.315023][ T9921] Call Trace: [ 885.318321][ T9921] [ 885.322768][ T9921] dump_stack_lvl+0x16c/0x230 [ 885.327476][ T9921] ? show_regs_print_info+0x20/0x20 [ 885.332790][ T9921] ? load_image+0x3b0/0x3b0 [ 885.337334][ T9921] sysfs_create_dir_ns+0x256/0x280 [ 885.342479][ T9921] ? hci_rx_work+0x43a/0xd80 [ 885.347141][ T9921] ? sysfs_warn_dup+0xa0/0xa0 [ 885.351875][ T9921] ? do_raw_spin_unlock+0x121/0x230 [ 885.357135][ T9921] kobject_add_internal+0x6b8/0xc70 [ 885.362400][ T9921] kobject_add+0x156/0x220 [ 885.366849][ T9921] ? __rwlock_init+0x150/0x150 [ 885.371645][ T9921] ? kobject_init+0x1e0/0x1e0 [ 885.376353][ T9921] ? _raw_spin_unlock+0x28/0x40 [ 885.381245][ T9921] ? get_device_parent+0x366/0x390 [ 885.386389][ T9921] device_add+0x408/0xc20 [ 885.390755][ T9921] hci_conn_add_sysfs+0xd5/0x1e0 [ 885.395734][ T9921] le_conn_complete_evt+0xc37/0x1220 [ 885.401038][ T9921] ? hci_event_packet+0x4a7/0x1210 [ 885.406187][ T9921] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 885.412448][ T9921] ? __copy_skb_header+0xa7/0x550 [ 885.417498][ T9921] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 885.423156][ T9921] ? skb_pull_data+0xfb/0x200 [ 885.427859][ T9921] hci_le_conn_complete_evt+0x187/0x440 [ 885.433473][ T9921] ? hci_remote_host_features_evt+0x160/0x160 [ 885.439580][ T9921] hci_event_packet+0x795/0x1210 [ 885.444552][ T9921] ? bis_list+0x290/0x290 [ 885.448929][ T9921] hci_rx_work+0x43a/0xd80 [ 885.453375][ T9921] ? process_scheduled_works+0x957/0x15b0 [ 885.459111][ T9921] process_scheduled_works+0xa45/0x15b0 [ 885.464698][ T9921] ? assign_work+0x400/0x400 [ 885.469316][ T9921] ? assign_work+0x39e/0x400 [ 885.473940][ T9921] worker_thread+0xa55/0xfc0 [ 885.478811][ T9921] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 885.484726][ T9921] ? _raw_spin_unlock+0x40/0x40 [ 885.489592][ T9921] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 885.495526][ T9921] kthread+0x2fa/0x390 [ 885.499608][ T9921] ? pr_cont_work+0x560/0x560 [ 885.504307][ T9921] ? kthread_blkcg+0xd0/0xd0 [ 885.508920][ T9921] ret_from_fork+0x48/0x80 [ 885.513354][ T9921] ? kthread_blkcg+0xd0/0xd0 [ 885.517958][ T9921] ret_from_fork_asm+0x11/0x20 [ 885.522759][ T9921] [ 885.531638][ T9921] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 885.545879][ T9921] Bluetooth: hci3: failed to register connection device [ 888.026709][ T28] audit: type=1326 audit(1755051161.857:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12620 comm="syz.3.1870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce7638ebe9 code=0x7ffc0000 [ 888.175945][ T28] audit: type=1326 audit(1755051161.857:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12620 comm="syz.3.1870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce7638ebe9 code=0x7ffc0000 [ 888.771123][ T28] audit: type=1326 audit(1755051161.857:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12620 comm="syz.3.1870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fce7638ebe9 code=0x7ffc0000 [ 888.811759][ T28] audit: type=1326 audit(1755051161.857:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12620 comm="syz.3.1870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce7638ebe9 code=0x7ffc0000 [ 888.990063][ T28] audit: type=1326 audit(1755051161.867:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12620 comm="syz.3.1870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce7638ebe9 code=0x7ffc0000 [ 889.187879][ T28] audit: type=1326 audit(1755051161.867:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12620 comm="syz.3.1870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fce7638ebe9 code=0x7ffc0000 [ 889.244027][ T28] audit: type=1326 audit(1755051161.867:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12620 comm="syz.3.1870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce7638ebe9 code=0x7ffc0000 [ 889.267735][ T28] audit: type=1326 audit(1755051161.867:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12620 comm="syz.3.1870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce7638ebe9 code=0x7ffc0000 [ 889.290969][ T28] audit: type=1326 audit(1755051161.867:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12620 comm="syz.3.1870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fce7638ebe9 code=0x7ffc0000 [ 890.032824][T12627] xt_CT: You must specify a L4 protocol and not use inversions on it [ 890.045468][ T28] audit: type=1326 audit(1755051161.867:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12620 comm="syz.3.1870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce7638ebe9 code=0x7ffc0000 [ 890.057160][T12627] loop1: detected capacity change from 0 to 1024 [ 890.851634][ T5932] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 892.368777][T12645] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1876'. [ 895.715713][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 895.715727][ T28] audit: type=1326 audit(1755051169.537:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.1.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78698ebe9 code=0x7ffc0000 [ 895.802966][ T28] audit: type=1326 audit(1755051169.537:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.1.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78698ebe9 code=0x7ffc0000 [ 895.951640][ T28] audit: type=1326 audit(1755051169.547:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.1.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff78698ebe9 code=0x7ffc0000 [ 896.821694][ T28] audit: type=1326 audit(1755051169.547:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.1.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78698ebe9 code=0x7ffc0000 [ 896.844238][ T28] audit: type=1326 audit(1755051169.547:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.1.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78698ebe9 code=0x7ffc0000 [ 896.871684][ T28] audit: type=1326 audit(1755051169.547:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.1.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7ff78698ebe9 code=0x7ffc0000 [ 896.954744][ T28] audit: type=1326 audit(1755051169.547:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.1.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78698ebe9 code=0x7ffc0000 [ 897.091751][ T28] audit: type=1326 audit(1755051169.547:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.1.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78698ebe9 code=0x7ffc0000 [ 897.171747][ T28] audit: type=1326 audit(1755051169.547:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.1.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7ff78698ebe9 code=0x7ffc0000 [ 897.261496][ T28] audit: type=1326 audit(1755051169.547:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.1.1882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78698ebe9 code=0x7ffc0000 [ 898.178473][T12693] xt_CT: You must specify a L4 protocol and not use inversions on it [ 899.074122][T12693] loop0: detected capacity change from 0 to 1024 [ 899.623139][ T5791] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 899.741955][T12702] tipc: Enabled bearer , priority 0 [ 899.751374][T12702] syzkaller0: entered promiscuous mode [ 899.759112][T12702] syzkaller0: entered allmulticast mode [ 899.962394][T12697] tipc: Resetting bearer [ 900.211924][T12697] tipc: Disabling bearer [ 900.357626][T12705] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1888'. [ 903.381813][T12736] xt_hashlimit: max too large, truncated to 1048576 [ 905.510531][ T96] block nbd3: Possible stuck request ffff888021a70000: control (read@0,1024B). Runtime 360 seconds [ 905.521461][ T96] block nbd3: Possible stuck request ffff888021a70200: control (read@1024,1024B). Runtime 360 seconds [ 905.533519][ T96] block nbd3: Possible stuck request ffff888021a70400: control (read@2048,1024B). Runtime 360 seconds [ 905.912002][ T96] block nbd3: Possible stuck request ffff888021a70600: control (read@3072,1024B). Runtime 360 seconds [ 906.240407][T12745] xt_CT: You must specify a L4 protocol and not use inversions on it [ 906.264218][T12745] loop2: detected capacity change from 0 to 1024 [ 907.262675][ T5932] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 908.303165][T12756] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1901'. [ 909.164943][T12759] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 911.312713][ T9921] Bluetooth: hci2: command 0x0405 tx timeout [ 911.880272][T12782] xt_hashlimit: max too large, truncated to 1048576 [ 912.061486][ T9921] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 912.441414][T12790] xt_CT: You must specify a L4 protocol and not use inversions on it [ 912.464968][T12790] loop3: detected capacity change from 0 to 1024 [ 913.351837][T12761] Bluetooth: hci2: command 0x0405 tx timeout [ 913.625581][T12797] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1911'. [ 914.074140][T12799] infiniband syz1: set active [ 914.459530][T12799] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 917.223767][T12821] tipc: Enabling of bearer rejected, failed to enable media [ 918.501443][T12836] loop2: detected capacity change from 0 to 512 [ 918.603886][T12836] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 918.818235][T12836] ext4 filesystem being mounted at /482/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 918.885528][T12843] xt_CT: You must specify a L4 protocol and not use inversions on it [ 918.910181][T12843] loop0: detected capacity change from 0 to 1024 [ 919.822907][ T5791] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 920.552601][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 921.012628][T12857] xt_hashlimit: max too large, truncated to 1048576 [ 921.167203][T12859] infiniband syz1: set active [ 921.530867][T12859] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 922.903965][T12877] binder: BINDER_SET_CONTEXT_MGR already set [ 922.911090][T12877] binder: 12876:12877 ioctl 4018620d 200000000040 returned -16 [ 923.297649][T12882] loop3: detected capacity change from 0 to 512 [ 923.409151][T12882] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 923.534787][T12887] xt_CT: You must specify a L4 protocol and not use inversions on it [ 923.560315][T12887] loop2: detected capacity change from 0 to 1024 [ 923.582239][T12882] ext4 filesystem being mounted at /496/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 926.545906][ T5932] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 928.128565][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 928.527669][T12906] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 928.861984][T12912] random: crng reseeded on system resumption [ 929.840834][T12922] xt_CT: You must specify a L4 protocol and not use inversions on it [ 929.867800][T12922] loop3: detected capacity change from 0 to 1024 [ 931.719823][ T5932] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 932.385331][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.394947][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 935.582807][ T96] block nbd3: Possible stuck request ffff888021a70000: control (read@0,1024B). Runtime 390 seconds [ 935.597621][ T96] block nbd3: Possible stuck request ffff888021a70200: control (read@1024,1024B). Runtime 390 seconds [ 935.615230][ T96] block nbd3: Possible stuck request ffff888021a70400: control (read@2048,1024B). Runtime 390 seconds [ 935.715996][T12943] loop3: detected capacity change from 0 to 512 [ 935.788053][T12943] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 935.826913][T12943] ext4 filesystem being mounted at /501/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 935.961648][ T96] block nbd3: Possible stuck request ffff888021a70600: control (read@3072,1024B). Runtime 390 seconds [ 936.768672][T12957] xt_CT: You must specify a L4 protocol and not use inversions on it [ 936.801024][T12957] loop0: detected capacity change from 0 to 1024 [ 937.721928][ T5932] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 937.831216][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 939.815730][T12971] xt_hashlimit: max too large, truncated to 1048576 [ 941.525499][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 941.525516][ T28] audit: type=1800 audit(1755051215.367:559): pid=12981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1957" name="bus" dev="overlay" ino=2604 res=0 errno=0 [ 942.141110][T12987] loop2: detected capacity change from 0 to 512 [ 942.224083][T12987] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 942.313471][T12987] ext4 filesystem being mounted at /495/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 944.659815][T12995] xt_CT: You must specify a L4 protocol and not use inversions on it [ 944.686969][T12995] loop0: detected capacity change from 0 to 1024 [ 945.315766][T13003] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1963'. [ 945.574485][T13005] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1963'. [ 945.696965][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 947.497352][ T28] audit: type=1800 audit(1755051221.337:560): pid=13017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1967" name="bus" dev="overlay" ino=2648 res=0 errno=0 [ 947.764004][T12761] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 948.380040][T13032] xt_CT: You must specify a L4 protocol and not use inversions on it [ 948.427276][T13032] loop0: detected capacity change from 0 to 1024 [ 949.024101][T13034] loop3: detected capacity change from 0 to 512 [ 949.342716][T13034] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 949.402059][T13034] ext4 filesystem being mounted at /504/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 949.575197][T13041] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1975'. [ 949.687208][T13044] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1975'. [ 952.499917][ T28] audit: type=1800 audit(1755051226.337:561): pid=13061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1980" name="bus" dev="overlay" ino=2537 res=0 errno=0 [ 953.437020][T13069] xt_CT: You must specify a L4 protocol and not use inversions on it [ 953.464728][T13069] loop1: detected capacity change from 0 to 1024 [ 955.504281][ T5932] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 956.050188][T13072] binder: BINDER_SET_CONTEXT_MGR already set [ 956.071828][T13072] binder: 13071:13072 ioctl 4018620d 200000000040 returned -16 [ 956.662217][T13077] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1985'. [ 957.022674][T13080] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1985'. [ 959.734962][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 960.897375][T13101] xt_hashlimit: max too large, truncated to 1048576 [ 961.779672][T13107] xt_CT: You must specify a L4 protocol and not use inversions on it [ 961.811392][T13107] loop3: detected capacity change from 0 to 1024 [ 965.647648][T13120] binder: BINDER_SET_CONTEXT_MGR already set [ 965.675249][ T96] block nbd3: Possible stuck request ffff888021a70000: control (read@0,1024B). Runtime 420 seconds [ 965.682232][T13120] binder: 13118:13120 ioctl 4018620d 200000000040 returned -16 [ 965.699163][ T96] block nbd3: Possible stuck request ffff888021a70200: control (read@1024,1024B). Runtime 420 seconds [ 965.713152][ T96] block nbd3: Possible stuck request ffff888021a70400: control (read@2048,1024B). Runtime 420 seconds [ 965.863874][T13125] loop3: detected capacity change from 0 to 512 [ 965.982247][ T96] block nbd3: Possible stuck request ffff888021a70600: control (read@3072,1024B). Runtime 420 seconds [ 966.079404][T13125] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 966.161792][T13125] ext4 filesystem being mounted at /508/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 968.055188][T13142] netlink: 'syz.0.2000': attribute type 72 has an invalid length. [ 969.143824][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 969.595501][T13140] xt_hashlimit: max too large, truncated to 1048576 [ 969.681191][T13151] xt_CT: You must specify a L4 protocol and not use inversions on it [ 969.712308][T13151] loop3: detected capacity change from 0 to 1024 [ 971.761713][ T5932] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 975.495044][T13170] netlink: 'syz.2.2009': attribute type 72 has an invalid length. [ 975.819673][T13173] loop2: detected capacity change from 0 to 512 [ 976.077341][T13173] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 976.181785][T13173] ext4 filesystem being mounted at /505/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 979.509324][T13194] xt_CT: You must specify a L4 protocol and not use inversions on it [ 979.533213][T13194] loop3: detected capacity change from 0 to 1024 [ 979.579273][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 979.731637][ T5932] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 981.861585][T13210] netlink: 'syz.2.2018': attribute type 72 has an invalid length. [ 982.854182][T13219] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2021'. [ 983.022844][T13221] NILFS (nullb0): couldn't find nilfs on the device [ 983.545767][T13227] loop3: detected capacity change from 0 to 512 [ 983.564151][T13228] xt_hashlimit: max too large, truncated to 1048576 [ 983.630710][T13227] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 983.720952][T13227] ext4 filesystem being mounted at /515/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 985.316360][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 985.602263][T13253] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.2030'. [ 986.738428][T13264] xt_hashlimit: max too large, truncated to 1048576 [ 987.703613][T13275] loop0: detected capacity change from 0 to 512 [ 987.773477][T13275] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 987.824386][T13275] ext4 filesystem being mounted at /512/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 987.957110][T12761] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 989.004842][T13291] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2041'. [ 989.505130][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 991.827908][T13306] xt_hashlimit: max too large, truncated to 1048576 [ 992.283441][ T9921] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 992.295743][ T9921] CPU: 1 PID: 9921 Comm: kworker/u5:0 Not tainted 6.6.101-syzkaller #0 [ 992.305297][ T9921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 992.316873][ T9921] Workqueue: hci2 hci_rx_work [ 992.322069][ T9921] Call Trace: [ 992.326058][ T9921] [ 992.329451][ T9921] dump_stack_lvl+0x16c/0x230 [ 992.335136][ T9921] ? show_regs_print_info+0x20/0x20 [ 992.342240][ T9921] ? load_image+0x3b0/0x3b0 [ 992.347470][ T9921] sysfs_create_dir_ns+0x256/0x280 [ 992.353436][ T9921] ? hci_rx_work+0x43a/0xd80 [ 992.358685][ T9921] ? sysfs_warn_dup+0xa0/0xa0 [ 992.363684][ T9921] ? do_raw_spin_unlock+0x121/0x230 [ 992.369296][ T9921] kobject_add_internal+0x6b8/0xc70 [ 992.374830][ T9921] kobject_add+0x156/0x220 [ 992.379737][ T9921] ? __rwlock_init+0x150/0x150 [ 992.384996][ T9921] ? kobject_init+0x1e0/0x1e0 [ 992.390086][ T9921] ? _raw_spin_unlock+0x28/0x40 [ 992.395393][ T9921] ? get_device_parent+0x366/0x390 [ 992.401170][ T9921] device_add+0x408/0xc20 [ 992.405857][ T9921] hci_conn_add_sysfs+0xd5/0x1e0 [ 992.410954][ T9921] le_conn_complete_evt+0xc37/0x1220 [ 992.417629][ T9921] ? hci_event_packet+0x4a7/0x1210 [ 992.423704][ T9921] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 992.430634][ T9921] ? __copy_skb_header+0xa7/0x550 [ 992.435894][ T9921] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 992.442201][ T9921] ? skb_pull_data+0xfb/0x200 [ 992.447669][ T9921] hci_le_conn_complete_evt+0x187/0x440 [ 992.453945][ T9921] ? hci_remote_host_features_evt+0x160/0x160 [ 992.461441][ T9921] hci_event_packet+0x795/0x1210 [ 992.467543][ T9921] ? bis_list+0x290/0x290 [ 992.473276][ T9921] hci_rx_work+0x43a/0xd80 [ 992.479374][ T9921] ? process_scheduled_works+0x957/0x15b0 [ 992.489370][ T9921] process_scheduled_works+0xa45/0x15b0 [ 992.497898][ T9921] ? assign_work+0x400/0x400 [ 992.505240][ T9921] ? assign_work+0x39e/0x400 [ 992.510669][ T9921] worker_thread+0xa55/0xfc0 [ 992.515974][ T9921] kthread+0x2fa/0x390 [ 992.521158][ T9921] ? pr_cont_work+0x560/0x560 [ 992.530706][ T9921] ? kthread_blkcg+0xd0/0xd0 [ 992.538007][ T9921] ret_from_fork+0x48/0x80 [ 992.545272][ T9921] ? kthread_blkcg+0xd0/0xd0 [ 992.551097][ T9921] ret_from_fork_asm+0x11/0x20 [ 992.556965][ T9921] [ 992.562353][ T9921] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 992.583970][ T9921] Bluetooth: hci2: failed to register connection device [ 993.970921][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.991784][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 995.193429][T13336] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 995.742330][ T96] block nbd3: Possible stuck request ffff888021a70000: control (read@0,1024B). Runtime 450 seconds [ 995.756273][ T96] block nbd3: Possible stuck request ffff888021a70200: control (read@1024,1024B). Runtime 450 seconds [ 995.768938][ T96] block nbd3: Possible stuck request ffff888021a70400: control (read@2048,1024B). Runtime 450 seconds [ 996.033341][ T96] block nbd3: Possible stuck request ffff888021a70600: control (read@3072,1024B). Runtime 450 seconds [ 997.181723][T12761] Bluetooth: hci2: command 0x0405 tx timeout [ 997.432095][T13354] tipc: Enabled bearer , priority 0 [ 998.773785][T13354] tipc: Resetting bearer [ 998.893790][T13351] tipc: Disabling bearer [ 1001.050339][T13372] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2063'. [ 1001.346433][T13372] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2063'. [ 1001.423622][T13382] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1002.200057][T13389] tipc: Cannot configure node identity twice [ 1002.307756][T13391] loop0: detected capacity change from 0 to 512 [ 1002.332876][T13391] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1002.368722][T13391] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1002.386489][T13391] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:512: comm syz.0.2069: Block bitmap for bg 0 marked uninitialized [ 1002.451359][T13391] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1002.468499][T13391] EXT4-fs (loop0): 1 orphan inode deleted [ 1002.684900][T13391] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1003.593314][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1003.616330][T13401] tipc: Enabled bearer , priority 0 [ 1003.676267][T13401] tipc: Resetting bearer [ 1004.463346][T13400] tipc: Disabling bearer [ 1006.282158][T13426] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1006.329651][T13428] netlink: 176 bytes leftover after parsing attributes in process `syz.1.2075'. [ 1007.066709][T13437] loop0: detected capacity change from 0 to 512 [ 1007.127723][T13437] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1007.280811][T13437] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1007.360240][T13437] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:512: comm syz.0.2080: Block bitmap for bg 0 marked uninitialized [ 1007.477419][T13437] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1007.514432][T13437] EXT4-fs (loop0): 1 orphan inode deleted [ 1007.527476][T13437] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1008.389406][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1008.513452][T13450] loop3: detected capacity change from 0 to 512 [ 1008.633246][T13450] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1008.653263][T13452] tipc: Enabled bearer , priority 0 [ 1008.696595][T13452] tipc: Resetting bearer [ 1008.705551][T13450] ext4 filesystem being mounted at /532/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1008.833537][T13451] tipc: Disabling bearer [ 1010.076501][T13468] random: crng reseeded on system resumption [ 1010.496347][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1010.831054][T13475] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1011.436681][T13481] netlink: 176 bytes leftover after parsing attributes in process `syz.3.2089'. [ 1011.756143][T13486] loop0: detected capacity change from 0 to 512 [ 1011.801726][T13486] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1011.835298][T13486] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1011.910378][T13486] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:512: comm syz.0.2091: Block bitmap for bg 0 marked uninitialized [ 1011.992688][T13486] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1012.079014][T13486] EXT4-fs (loop0): 1 orphan inode deleted [ 1012.156684][T13486] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1014.532896][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1015.831946][T12761] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 1016.839356][T13512] loop1: detected capacity change from 0 to 512 [ 1016.915630][T13513] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1017.142096][T13512] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1017.160161][T13512] ext4 filesystem being mounted at /509/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1017.226625][T13520] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1018.662140][T13520] loop2: detected capacity change from 0 to 1024 [ 1019.142344][ T5932] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1020.212053][T13532] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2101'. [ 1020.695419][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1021.292209][T13541] loop3: detected capacity change from 0 to 512 [ 1021.649746][T13541] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1022.083887][T13541] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1022.277354][T13541] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:512: comm syz.3.2102: Block bitmap for bg 0 marked uninitialized [ 1022.351583][T13541] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1022.438265][T13541] EXT4-fs (loop3): 1 orphan inode deleted [ 1022.508571][T13541] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1024.455841][ T9921] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 1024.476873][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1024.878744][T13562] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1025.845904][T13574] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1025.873936][T13574] loop2: detected capacity change from 0 to 1024 [ 1025.887157][ T96] block nbd3: Possible stuck request ffff888021a70000: control (read@0,1024B). Runtime 480 seconds [ 1025.898930][ T96] block nbd3: Possible stuck request ffff888021a70200: control (read@1024,1024B). Runtime 480 seconds [ 1025.911631][ T96] block nbd3: Possible stuck request ffff888021a70400: control (read@2048,1024B). Runtime 480 seconds [ 1026.238003][ T96] block nbd3: Possible stuck request ffff888021a70600: control (read@3072,1024B). Runtime 480 seconds [ 1026.798632][T13576] loop2: detected capacity change from 0 to 512 [ 1026.916152][T13576] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1027.006540][T13576] ext4 filesystem being mounted at /526/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1029.088364][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1029.476511][T13596] loop2: detected capacity change from 0 to 512 [ 1029.704622][T13596] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1030.123043][T13596] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1030.148814][T13596] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:512: comm syz.2.2115: Block bitmap for bg 0 marked uninitialized [ 1030.273098][T13596] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1030.336967][T13596] EXT4-fs (loop2): 1 orphan inode deleted [ 1030.345971][T13596] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1031.562304][T13614] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1033.040619][T13614] loop0: detected capacity change from 0 to 1024 [ 1037.155316][T13615] infiniband syz1: set active [ 1037.680241][ T5932] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1037.848567][T13615] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1038.013289][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1038.212706][T13620] loop1: detected capacity change from 0 to 512 [ 1038.337043][T13620] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1038.393052][T13620] ext4 filesystem being mounted at /512/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1039.449336][T13638] loop0: detected capacity change from 0 to 512 [ 1039.518993][T13638] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1039.762902][T13638] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1040.051999][T13638] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:512: comm syz.0.2129: Block bitmap for bg 0 marked uninitialized [ 1040.284549][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1040.316962][T13638] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1040.327494][T13638] EXT4-fs (loop0): 1 orphan inode deleted [ 1040.338495][T13638] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1041.251165][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1042.331765][T13656] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1043.607645][T13668] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2135'. [ 1043.933483][T13667] NILFS (nullb0): couldn't find nilfs on the device [ 1044.376244][T13680] loop1: detected capacity change from 0 to 512 [ 1044.386284][T13680] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1044.443480][T13680] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1044.657091][T13680] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:512: comm syz.1.2140: Block bitmap for bg 0 marked uninitialized [ 1045.493717][T13680] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1045.523526][T13687] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1045.701183][T13680] EXT4-fs (loop1): 1 orphan inode deleted [ 1045.723745][T13680] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1046.763662][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1049.571758][T13722] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1050.202120][T13731] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1050.228627][T13731] loop2: detected capacity change from 0 to 1024 [ 1052.472634][T13735] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2154'. [ 1053.611100][T13745] can: request_module (can-proto-0) failed. [ 1055.575388][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1055.582540][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.653207][T13760] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1055.901836][ T96] block nbd3: Possible stuck request ffff888021a70000: control (read@0,1024B). Runtime 510 seconds [ 1055.921773][ T96] block nbd3: Possible stuck request ffff888021a70200: control (read@1024,1024B). Runtime 510 seconds [ 1055.933998][ T96] block nbd3: Possible stuck request ffff888021a70400: control (read@2048,1024B). Runtime 510 seconds [ 1056.300635][ T96] block nbd3: Possible stuck request ffff888021a70600: control (read@3072,1024B). Runtime 510 seconds [ 1057.070941][T13776] loop2: detected capacity change from 0 to 512 [ 1057.105887][T13776] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1057.154859][T13776] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1057.192047][T13776] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:512: comm syz.2.2166: Block bitmap for bg 0 marked uninitialized [ 1057.219122][T13776] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1057.236372][T13776] EXT4-fs (loop2): 1 orphan inode deleted [ 1057.253126][T13776] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1057.360560][T13784] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2167'. [ 1058.223845][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1058.478765][T13790] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2169'. [ 1058.553493][T13792] tipc: Enabling of bearer rejected, failed to enable media [ 1059.836490][T13812] infiniband syz1: set active [ 1060.275387][T13812] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1060.920200][T13822] xt_hashlimit: max too large, truncated to 1048576 [ 1063.563512][T13836] loop0: detected capacity change from 0 to 512 [ 1063.629168][T13836] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1063.735699][T13836] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1063.791992][T13836] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:512: comm syz.0.2179: Block bitmap for bg 0 marked uninitialized [ 1063.848437][T13836] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1063.877028][T13836] EXT4-fs (loop0): 1 orphan inode deleted [ 1063.895561][T13836] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1064.956440][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1065.774303][ T27] libceph: connect (1)[c::]:6789 error -101 [ 1066.046189][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 1066.376161][ T5886] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 1066.652759][ T27] libceph: connect (1)[c::]:6789 error -101 [ 1066.674695][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 1066.761995][ T9921] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1066.774249][T13847] ceph: No mds server is up or the cluster is laggy [ 1066.963044][ T5886] usb 3-1: device descriptor read/all, error -71 [ 1067.144632][T13863] tipc: Enabling of bearer rejected, failed to enable media [ 1068.441247][T13879] loop2: detected capacity change from 0 to 512 [ 1068.468048][T13879] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1068.505618][T13879] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1068.517787][T13879] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:512: comm syz.2.2190: Block bitmap for bg 0 marked uninitialized [ 1068.540101][T13879] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1068.551350][T13879] EXT4-fs (loop2): 1 orphan inode deleted [ 1068.560748][T13879] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1069.558848][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1069.959793][ T9921] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 1069.969926][ T9921] CPU: 0 PID: 9921 Comm: kworker/u5:0 Not tainted 6.6.101-syzkaller #0 [ 1069.978231][ T9921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1069.988542][ T9921] Workqueue: hci1 hci_rx_work [ 1069.993445][ T9921] Call Trace: [ 1069.996778][ T9921] [ 1069.999889][ T9921] dump_stack_lvl+0x16c/0x230 [ 1070.005082][ T9921] ? show_regs_print_info+0x20/0x20 [ 1070.010680][ T9921] ? load_image+0x3b0/0x3b0 [ 1070.015423][ T9921] sysfs_create_dir_ns+0x256/0x280 [ 1070.020899][ T9921] ? hci_rx_work+0x43a/0xd80 [ 1070.025993][ T9921] ? sysfs_warn_dup+0xa0/0xa0 [ 1070.031011][ T9921] ? do_raw_spin_unlock+0x121/0x230 [ 1070.036491][ T9921] kobject_add_internal+0x6b8/0xc70 [ 1070.042095][ T9921] kobject_add+0x156/0x220 [ 1070.046595][ T9921] ? __rwlock_init+0x150/0x150 [ 1070.051923][ T9921] ? kobject_init+0x1e0/0x1e0 [ 1070.056745][ T9921] ? _raw_spin_unlock+0x28/0x40 [ 1070.061743][ T9921] ? get_device_parent+0x366/0x390 [ 1070.066925][ T9921] device_add+0x408/0xc20 [ 1070.071345][ T9921] hci_conn_add_sysfs+0xd5/0x1e0 [ 1070.076408][ T9921] le_conn_complete_evt+0xc37/0x1220 [ 1070.081823][ T9921] ? hci_event_packet+0x4a7/0x1210 [ 1070.087086][ T9921] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 1070.093352][ T9921] ? __copy_skb_header+0xa7/0x550 [ 1070.098693][ T9921] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 1070.104783][ T9921] ? skb_pull_data+0xfb/0x200 [ 1070.110375][ T9921] hci_le_conn_complete_evt+0x187/0x440 [ 1070.116681][ T9921] ? hci_remote_host_features_evt+0x160/0x160 [ 1070.122903][ T9921] hci_event_packet+0x795/0x1210 [ 1070.128008][ T9921] ? bis_list+0x290/0x290 [ 1070.132497][ T9921] hci_rx_work+0x43a/0xd80 [ 1070.137373][ T9921] ? process_scheduled_works+0x957/0x15b0 [ 1070.143511][ T9921] process_scheduled_works+0xa45/0x15b0 [ 1070.150170][ T9921] ? assign_work+0x400/0x400 [ 1070.155268][ T9921] ? assign_work+0x39e/0x400 [ 1070.160004][ T9921] worker_thread+0xa55/0xfc0 [ 1070.164924][ T9921] kthread+0x2fa/0x390 [ 1070.169323][ T9921] ? pr_cont_work+0x560/0x560 [ 1070.174340][ T9921] ? kthread_blkcg+0xd0/0xd0 [ 1070.179278][ T9921] ret_from_fork+0x48/0x80 [ 1070.183952][ T9921] ? kthread_blkcg+0xd0/0xd0 [ 1070.188740][ T9921] ret_from_fork_asm+0x11/0x20 [ 1070.193792][ T9921] [ 1070.198779][ T9921] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1070.213932][ T9921] Bluetooth: hci1: failed to register connection device [ 1072.372178][ T5886] libceph: connect (1)[c::]:6789 error -101 [ 1072.378714][ T5886] libceph: mon0 (1)[c::]:6789 connect error [ 1072.632127][ T27] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 1072.643137][ T5886] libceph: connect (1)[c::]:6789 error -101 [ 1072.649521][ T5886] libceph: mon0 (1)[c::]:6789 connect error [ 1073.579580][ T5854] libceph: connect (1)[c::]:6789 error -101 [ 1073.602006][ T5854] libceph: mon0 (1)[c::]:6789 connect error [ 1074.090752][T13907] ceph: No mds server is up or the cluster is laggy [ 1074.379245][ T27] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1074.391967][ T27] usb 4-1: can't read configurations, error -71 [ 1075.111187][T13924] loop3: detected capacity change from 0 to 512 [ 1075.167989][T13924] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1075.233748][T13924] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1075.241155][T13924] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:512: comm syz.3.2200: Block bitmap for bg 0 marked uninitialized [ 1075.381382][T13924] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1075.406087][T13924] EXT4-fs (loop3): 1 orphan inode deleted [ 1075.463290][T13924] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1076.543642][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1079.797353][ T27] libceph: connect (1)[c::]:6789 error -101 [ 1079.798280][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 1080.065020][ T5854] libceph: connect (1)[c::]:6789 error -101 [ 1080.151978][ T27] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 1080.175644][ T5854] libceph: mon0 (1)[c::]:6789 connect error [ 1080.365445][ T27] usb 2-1: not running at top speed; connect to a high speed hub [ 1080.393529][ T27] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1080.411965][ T27] usb 2-1: config 1 has no interface number 1 [ 1080.418272][ T27] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1080.455633][ T27] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1080.481555][ T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1080.489672][ T27] usb 2-1: Product: syz [ 1080.509498][ T27] usb 2-1: Manufacturer: syz [ 1080.534600][ T27] usb 2-1: SerialNumber: syz [ 1080.540645][T13969] loop3: detected capacity change from 0 to 512 [ 1080.561595][T13969] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1080.601370][T13969] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1080.610539][T13969] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:512: comm syz.3.2210: Block bitmap for bg 0 marked uninitialized [ 1080.628293][T13969] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1080.645468][T13969] EXT4-fs (loop3): 1 orphan inode deleted [ 1080.653907][T13969] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1080.892395][ T5886] libceph: connect (1)[c::]:6789 error -101 [ 1080.898929][ T5886] libceph: mon0 (1)[c::]:6789 connect error [ 1081.733507][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1082.048293][T13959] ceph: No mds server is up or the cluster is laggy [ 1082.169952][ T27] usb 2-1: 2:1: All rates were zero [ 1082.442627][ T27] usb 2-1: USB disconnect, device number 12 [ 1082.855452][ T5932] udevd[5932]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1086.191617][ T96] block nbd3: Possible stuck request ffff888021a70000: control (read@0,1024B). Runtime 540 seconds [ 1086.202875][ T96] block nbd3: Possible stuck request ffff888021a70200: control (read@1024,1024B). Runtime 540 seconds [ 1086.214990][ T96] block nbd3: Possible stuck request ffff888021a70400: control (read@2048,1024B). Runtime 540 seconds [ 1086.322169][ T96] block nbd3: Possible stuck request ffff888021a70600: control (read@3072,1024B). Runtime 540 seconds [ 1086.616475][T14010] loop1: detected capacity change from 0 to 512 [ 1086.632300][T14010] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1086.673626][T14010] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1086.700124][T14010] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:512: comm syz.1.2220: Block bitmap for bg 0 marked uninitialized [ 1086.743098][T14010] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1086.795497][T14010] EXT4-fs (loop1): 1 orphan inode deleted [ 1086.836818][T14010] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1088.339480][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1089.734025][T14030] netlink: 'syz.3.2224': attribute type 1 has an invalid length. [ 1090.553597][ T5901] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 1090.561882][T14030] netlink: 'syz.3.2224': attribute type 4 has an invalid length. [ 1090.569700][T14030] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2224'. [ 1095.330349][ T5886] libceph: connect (1)[c::]:6789 error -101 [ 1095.360245][ T5886] libceph: mon0 (1)[c::]:6789 connect error [ 1095.511024][ T9921] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 1095.521843][T12020] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 1095.622062][ T5886] libceph: connect (1)[c::]:6789 error -101 [ 1095.628392][ T5886] libceph: mon0 (1)[c::]:6789 connect error [ 1096.152172][ T5854] libceph: connect (1)[c::]:6789 error -101 [ 1096.158467][ T5854] libceph: mon0 (1)[c::]:6789 connect error [ 1096.854758][T14064] ceph: No mds server is up or the cluster is laggy [ 1096.996122][T12020] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 1097.009795][T12020] usb 3-1: can't read configurations, error -71 [ 1098.893352][T14097] netlink: 892 bytes leftover after parsing attributes in process `syz.1.2243'. [ 1099.122375][T14100] netlink: 892 bytes leftover after parsing attributes in process `syz.1.2243'. [ 1101.147324][T14116] xt_hashlimit: max too large, truncated to 1048576 [ 1102.053603][T14119] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2248'. [ 1102.085016][T14119] NILFS (nullb0): couldn't find nilfs on the device [ 1102.533064][T14122] KVM: debugfs: duplicate directory 14122-10 [ 1102.876203][T14135] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2253'. [ 1104.176112][T14150] xt_hashlimit: max too large, truncated to 1048576 [ 1105.273970][T14154] kvm: kvm [14153]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0xc1) = 0x800 [ 1105.297217][T14154] kvm: kvm [14153]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0xc2) = 0x800 [ 1105.349260][T14154] kvm: kvm [14153]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0x11e) = 0xbe702911 [ 1105.391091][T14154] kvm: kvm [14153]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0x186) = 0x800 [ 1105.419729][T14154] kvm: kvm [14153]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0x187) = 0x800 [ 1106.942315][T14169] vxfs: WRONG superblock magic 00000000 at 1 [ 1106.948652][T14169] vxfs: WRONG superblock magic 00000000 at 8 [ 1106.954801][T14169] vxfs: can't find superblock. [ 1107.921631][ T5886] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 1109.090932][T14185] xt_hashlimit: max too large, truncated to 1048576 [ 1110.133030][ T5886] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 1110.148185][ T5886] usb 3-1: can't read configurations, error -71 [ 1110.778612][T14201] netlink: 892 bytes leftover after parsing attributes in process `syz.3.2273'. [ 1110.863491][T14204] netlink: 892 bytes leftover after parsing attributes in process `syz.3.2273'. [ 1111.922820][T14214] xt_hashlimit: max too large, truncated to 1048576 [ 1113.262253][T14218] vxfs: WRONG superblock magic 00000000 at 1 [ 1113.268502][T14218] vxfs: WRONG superblock magic 00000000 at 8 [ 1113.274609][T14218] vxfs: can't find superblock. [ 1113.910443][ T27] libceph: connect (1)[c::]:6789 error -101 [ 1113.921730][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 1114.189435][ T5901] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 1114.198786][ T5886] libceph: connect (1)[c::]:6789 error -101 [ 1114.205059][ T5886] libceph: mon0 (1)[c::]:6789 connect error [ 1114.666615][T14216] ceph: No mds server is up or the cluster is laggy [ 1114.950031][ T5854] libceph: connect (1)[c::]:6789 error -101 [ 1114.956248][ T5854] libceph: mon0 (1)[c::]:6789 connect error [ 1115.208660][ T5901] usb 3-1: device descriptor read/all, error -71 [ 1116.225375][T14244] infiniband syz1: set active [ 1116.462367][T14244] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1116.705282][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.712016][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.730669][ T96] block nbd3: Possible stuck request ffff888021a70000: control (read@0,1024B). Runtime 570 seconds [ 1116.741706][ T96] block nbd3: Possible stuck request ffff888021a70200: control (read@1024,1024B). Runtime 570 seconds [ 1116.753030][ T96] block nbd3: Possible stuck request ffff888021a70400: control (read@2048,1024B). Runtime 570 seconds [ 1116.773024][ T96] block nbd3: Possible stuck request ffff888021a70600: control (read@3072,1024B). Runtime 570 seconds [ 1117.086316][T14255] netlink: 892 bytes leftover after parsing attributes in process `syz.1.2287'. [ 1117.359902][T14255] netlink: 892 bytes leftover after parsing attributes in process `syz.1.2287'. [ 1118.466071][T12761] Bluetooth: hci2: command 0x0405 tx timeout [ 1119.652091][T14274] vxfs: WRONG superblock magic 00000000 at 1 [ 1119.652257][T14274] vxfs: WRONG superblock magic 00000000 at 8 [ 1119.652266][T14274] vxfs: can't find superblock. [ 1120.729313][ T5901] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 1120.801652][ T27] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 1120.933252][ T5901] usb 2-1: not running at top speed; connect to a high speed hub [ 1120.947083][ T5901] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1120.956415][ T5901] usb 2-1: config 1 has no interface number 1 [ 1120.993718][ T5901] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1121.038959][ T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1121.071911][ T27] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1121.088337][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1121.088978][ T5901] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1121.122970][ T27] usb 3-1: config 0 descriptor?? [ 1121.131937][T14277] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1121.151589][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1121.159806][ T5901] usb 2-1: Product: syz [ 1121.192461][ T5901] usb 2-1: Manufacturer: syz [ 1121.197242][ T5901] usb 2-1: SerialNumber: syz [ 1122.181027][T14283] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1122.323057][ T27] elan 0003:04F3:0755.0002: unexpected long global item [ 1122.339449][ T27] elan 0003:04F3:0755.0002: Hid Parse failed [ 1122.349619][ T27] elan: probe of 0003:04F3:0755.0002 failed with error -22 [ 1122.381687][ T27] usb 3-1: USB disconnect, device number 19 [ 1123.261898][ T5901] usb 2-1: 2:1: All rates were zero [ 1123.283785][ T5901] usb 2-1: USB disconnect, device number 13 [ 1124.374386][ T5932] udevd[5932]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1125.151759][ T5901] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1125.364795][ T5901] usb 3-1: New USB device found, idVendor=05d1, idProduct=2021, bcdDevice=31.00 [ 1125.406139][ T5901] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1125.443881][ T5901] usb 3-1: Product: syz [ 1125.462746][ T5901] usb 3-1: Manufacturer: syz [ 1125.476361][ T5901] usb 3-1: SerialNumber: syz [ 1125.494671][ T5901] usb 3-1: config 0 descriptor?? [ 1125.506454][ T5901] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 1125.531111][ T5901] usb 3-1: Detected FT4232HP [ 1125.730984][ T5901] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 1125.809886][ T5901] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1126.062130][ T5901] usb 3-1: USB disconnect, device number 20 [ 1126.101713][ T5901] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1126.124063][ T5901] ftdi_sio 3-1:0.0: device disconnected [ 1127.180802][T14318] binder: 14317:14318 ioctl c0306201 0 returned -14 [ 1129.101666][ T27] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 1129.553653][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1129.602450][ T27] usb 2-1: New USB device found, idVendor=056a, idProduct=0029, bcdDevice= 0.00 [ 1129.648194][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1129.927722][ T27] usb 2-1: config 0 descriptor?? [ 1129.962560][T14329] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1130.516962][T14344] binder: 14343:14344 ioctl c0306201 0 returned -14 [ 1130.533262][ T27] wacom 0003:056A:0029.0003: Unknown device_type for 'HID 056a:0029'. Assuming pen. [ 1130.554950][ T27] wacom 0003:056A:0029.0003: hidraw0: USB HID v1.01 Device [HID 056a:0029] on usb-dummy_hcd.1-1/input0 [ 1130.568306][ T27] input: Wacom Intuos5 S Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0029.0003/input/input61 [ 1130.730813][ T27] usb 2-1: USB disconnect, device number 14 [ 1130.861393][T14347] capability: warning: `syz.0.2317' uses deprecated v2 capabilities in a way that may be insecure [ 1131.234711][T14345] fido_id[14345]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 1139.722314][T14422] GUP no longer grows the stack in syz.3.2341 (14422): 200000004000-20000000a000 (200000002000) [ 1139.775612][T14422] CPU: 1 PID: 14422 Comm: syz.3.2341 Not tainted 6.6.101-syzkaller #0 [ 1139.783863][T14422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1139.793973][T14422] Call Trace: [ 1139.797310][T14422] [ 1139.800290][T14422] dump_stack_lvl+0x16c/0x230 [ 1139.805031][T14422] ? show_regs_print_info+0x20/0x20 [ 1139.810286][T14422] ? load_image+0x3b0/0x3b0 [ 1139.814888][T14422] ? find_vma+0x12e/0x1b0 [ 1139.819289][T14422] __get_user_pages+0xfb9/0x1470 [ 1139.824303][T14422] ? populate_vma_page_range+0x370/0x370 [ 1139.830009][T14422] get_user_pages_remote+0x3de/0xc10 [ 1139.835368][T14422] ? get_dump_page+0x200/0x200 [ 1139.840205][T14422] __access_remote_vm+0x1ff/0x570 [ 1139.845286][T14422] ? generic_access_phys+0x650/0x650 [ 1139.850623][T14422] ? alloc_pages+0x4dc/0x740 [ 1139.855269][T14422] ? do_raw_spin_unlock+0x121/0x230 [ 1139.860504][T14422] proc_pid_cmdline_read+0x551/0x830 [ 1139.865818][T14422] ? schedule+0xc7/0x170 [ 1139.870090][T14422] ? comm_show+0x150/0x150 [ 1139.874615][T14422] ? common_file_perm+0x190/0x1f0 [ 1139.879665][T14422] ? fsnotify_perm+0x271/0x5e0 [ 1139.884460][T14422] do_iter_read+0x506/0xc80 [ 1139.889009][T14422] ? comm_show+0x150/0x150 [ 1139.893447][T14422] ? vfs_iter_read+0xa0/0xa0 [ 1139.898056][T14422] ? __import_iovec+0x5f2/0x860 [ 1139.902941][T14422] ? import_iovec+0x73/0xa0 [ 1139.907477][T14422] do_preadv+0x1fa/0x330 [ 1139.911749][T14422] ? do_writev+0x410/0x410 [ 1139.916208][T14422] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1139.922212][T14422] ? lock_chain_count+0x20/0x20 [ 1139.927091][T14422] ? lockdep_hardirqs_on+0x98/0x150 [ 1139.932315][T14422] do_syscall_64+0x55/0xb0 [ 1139.936752][T14422] ? clear_bhb_loop+0x40/0x90 [ 1139.941449][T14422] ? clear_bhb_loop+0x40/0x90 [ 1139.946146][T14422] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1139.952101][T14422] RIP: 0033:0x7fce7638ebe9 [ 1139.956568][T14422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1139.976234][T14422] RSP: 002b:00007fce772de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1139.984677][T14422] RAX: ffffffffffffffda RBX: 00007fce765b5fa0 RCX: 00007fce7638ebe9 [ 1139.992667][T14422] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 1140.000651][T14422] RBP: 00007fce76411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1140.008641][T14422] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 1140.016653][T14422] R13: 00007fce765b6038 R14: 00007fce765b5fa0 R15: 00007ffd89869b78 [ 1140.024657][T14422] [ 1140.027759][ C1] vkms_vblank_simulate: vblank timer overrun [ 1140.701959][ T5839] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 1140.906663][ T5839] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1140.945171][ T5839] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1141.028180][ T5839] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1141.088916][ T5839] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1141.104463][ T5839] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1141.131581][ T5839] usb 4-1: Product: syz [ 1141.141650][ T5839] usb 4-1: Manufacturer: syz [ 1141.146433][ T5839] usb 4-1: SerialNumber: syz [ 1141.991006][T14439] netlink: 860 bytes leftover after parsing attributes in process `syz.0.2347'. [ 1142.058486][T14441] netlink: 860 bytes leftover after parsing attributes in process `syz.0.2347'. [ 1142.220888][ T5839] cdc_ncm 4-1:1.0: bind() failure [ 1142.241799][ T5839] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 1142.261111][ T5839] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 1142.271218][ T5839] usbtest: probe of 4-1:1.1 failed with error -71 [ 1142.285063][ T5839] usb 4-1: USB disconnect, device number 13 [ 1144.432189][T14458] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1145.565550][ T9921] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1145.578775][ T9921] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1145.640469][ T9921] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1145.661978][ T9921] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1145.671567][ T9921] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1145.691979][ T9921] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1145.731631][ T5846] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 1145.774267][T14483] netlink: 860 bytes leftover after parsing attributes in process `syz.2.2360'. [ 1145.853398][T14484] netlink: 860 bytes leftover after parsing attributes in process `syz.2.2360'. [ 1145.922361][ T5846] usb 2-1: Using ep0 maxpacket: 16 [ 1145.934705][ T5846] usb 2-1: config 1 interface 0 altsetting 93 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1145.952786][ T5846] usb 2-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 96 [ 1145.990432][ T5846] usb 2-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 8 [ 1146.016540][ T5846] usb 2-1: config 1 interface 0 altsetting 93 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 1146.048416][ T5846] usb 2-1: config 1 interface 0 has no altsetting 0 [ 1146.066218][ T5846] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1146.085720][ T5846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1146.222527][ T5846] usb 2-1: SerialNumber: syz [ 1146.253980][T14479] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1146.278348][T14479] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1146.849371][T14479] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1146.936945][T14479] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1147.028584][ T42] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1147.151856][ T96] block nbd3: Possible stuck request ffff888021a70000: control (read@0,1024B). Runtime 600 seconds [ 1147.162691][ T96] block nbd3: Possible stuck request ffff888021a70200: control (read@1024,1024B). Runtime 600 seconds [ 1147.175418][ T96] block nbd3: Possible stuck request ffff888021a70400: control (read@2048,1024B). Runtime 600 seconds [ 1147.187024][ T96] block nbd3: Possible stuck request ffff888021a70600: control (read@3072,1024B). Runtime 600 seconds [ 1147.276088][ T42] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1148.198310][ T9921] Bluetooth: hci4: command tx timeout [ 1148.215075][ T5846] cdc_ether 2-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.1-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 1148.241855][T14496] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1148.414600][ T42] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1148.422258][ T5846] usb 2-1: USB disconnect, device number 15 [ 1148.456470][ T5846] cdc_ether 2-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.1-1, CDC Ethernet Device [ 1148.519249][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 1148.564022][ T42] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1148.895038][ T42] tipc: Left network mode [ 1148.935260][T14480] chnl_net:caif_netlink_parms(): no params data found [ 1149.583913][T14480] bridge0: port 1(bridge_slave_0) entered blocking state [ 1149.599835][T14480] bridge0: port 1(bridge_slave_0) entered disabled state [ 1149.617131][T14480] bridge_slave_0: entered allmulticast mode [ 1149.652355][T14480] bridge_slave_0: entered promiscuous mode [ 1149.746705][T14480] bridge0: port 2(bridge_slave_1) entered blocking state [ 1149.754704][T14480] bridge0: port 2(bridge_slave_1) entered disabled state [ 1149.762608][T14480] bridge_slave_1: entered allmulticast mode [ 1149.772986][T14480] bridge_slave_1: entered promiscuous mode [ 1149.898188][T14537] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2369'. [ 1149.952476][T14537] NILFS (nullb0): couldn't find nilfs on the device [ 1150.091107][T14480] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1150.106572][T14480] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1150.278055][T12761] Bluetooth: hci4: command tx timeout [ 1150.541668][T12761] Bluetooth: hci1: command 0x1003 tx timeout [ 1150.651783][ T9921] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1150.850912][T14480] team0: Port device team_slave_0 added [ 1150.932674][T14480] team0: Port device team_slave_1 added [ 1151.232475][T14480] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1151.239458][T14480] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1151.289626][T14480] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1151.409780][T14480] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1151.446951][T14480] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1151.499835][T14480] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1152.301559][ T9921] Bluetooth: hci4: command tx timeout [ 1152.655292][T14480] hsr_slave_0: entered promiscuous mode [ 1152.673639][T14480] hsr_slave_1: entered promiscuous mode [ 1152.699097][T14480] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1152.711290][T14480] Cannot create hsr debugfs directory [ 1153.256356][ T42] hsr_slave_0: left promiscuous mode [ 1153.292148][ T42] hsr_slave_1: left promiscuous mode [ 1153.313253][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1153.336310][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1153.353610][ T42] bridge_slave_1: left allmulticast mode [ 1153.372049][ T42] bridge_slave_1: left promiscuous mode [ 1153.393154][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 1153.425131][ T42] bridge_slave_0: left allmulticast mode [ 1153.432524][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 1153.589046][ T42] veth1_macvtap: left promiscuous mode [ 1153.605558][ T42] veth0_macvtap: left promiscuous mode [ 1153.627986][ T42] veth1_vlan: left promiscuous mode [ 1153.649547][ T42] veth0_vlan: left promiscuous mode [ 1154.234371][ T42] bond2 (unregistering): Released all slaves [ 1154.272667][ T42] bond1 (unregistering): Released all slaves [ 1154.403240][ T9921] Bluetooth: hci4: command tx timeout [ 1155.855153][ T42] team_slave_1 (unregistering): left promiscuous mode [ 1155.862723][ T42] team_slave_1 (unregistering): left allmulticast mode [ 1155.877358][ T42] team0 (unregistering): Port device team_slave_1 removed [ 1155.932604][ T42] team_slave_0 (unregistering): left promiscuous mode [ 1155.939462][ T42] team_slave_0 (unregistering): left allmulticast mode [ 1155.950360][ T42] team0 (unregistering): Port device team_slave_0 removed [ 1156.007104][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1156.016315][ T42] bond_slave_1 (unregistering): left promiscuous mode [ 1156.023563][ T42] bond_slave_1 (unregistering): left allmulticast mode [ 1156.079126][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1156.091985][ T42] bond_slave_0 (unregistering): left promiscuous mode [ 1156.098828][ T42] bond_slave_0 (unregistering): left allmulticast mode [ 1156.462897][ T9921] Bluetooth: hci4: command tx timeout [ 1156.708198][ T42] bond0 (unregistering): Released all slaves [ 1157.135057][T14625] loop2: detected capacity change from 0 to 512 [ 1157.186665][T14625] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1157.262060][T14625] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1157.301851][T14625] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:512: comm syz.2.2385: Block bitmap for bg 0 marked uninitialized [ 1157.331737][T14625] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1157.411144][T14625] EXT4-fs (loop2): 1 orphan inode deleted [ 1157.440984][T14625] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1158.438401][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1158.448847][T14480] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1158.623210][T14480] 8021q: adding VLAN 0 to HW filter on device team0 [ 1158.678791][ T3508] bridge0: port 1(bridge_slave_0) entered blocking state [ 1158.686065][ T3508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1158.711578][ T27] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 1158.837413][T14653] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2389'. [ 1158.865861][ T987] bridge0: port 2(bridge_slave_1) entered blocking state [ 1158.873073][ T987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1158.899498][T14653] NILFS (nullb0): couldn't find nilfs on the device [ 1158.927291][ T27] usb 2-1: Using ep0 maxpacket: 8 [ 1158.995274][ T27] usb 2-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x11, skipping [ 1159.059560][ T27] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1159.089256][ T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1159.129670][ T27] usb 2-1: Product: syz [ 1159.153079][ T27] usb 2-1: Manufacturer: syz [ 1159.181373][ T27] usb 2-1: SerialNumber: syz [ 1159.201734][T14650] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1159.352291][ T5777] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1159.531521][ T5777] usb 3-1: Using ep0 maxpacket: 32 [ 1159.547915][ T5777] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1159.578195][ T5777] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1159.608327][ T5777] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1159.638002][ T5777] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1159.719953][ T5777] usb 3-1: config 0 descriptor?? [ 1159.929741][T14480] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1160.228493][ T5777] savu 0003:1E7D:2D5A.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 1160.269805][ T27] cdc_ncm 2-1:1.0: bind() failure [ 1160.319592][ T27] cdc_ncm: probe of 2-1:1.1 failed with error -71 [ 1160.338380][ T27] cdc_mbim: probe of 2-1:1.1 failed with error -71 [ 1160.360317][ T27] usbtest: probe of 2-1:1.1 failed with error -71 [ 1160.391837][ T27] usb 2-1: USB disconnect, device number 16 [ 1160.606712][ T5854] usb 3-1: USB disconnect, device number 21 [ 1160.848911][T14480] veth0_vlan: entered promiscuous mode [ 1160.914596][T14480] veth1_vlan: entered promiscuous mode [ 1161.060260][T14480] veth0_macvtap: entered promiscuous mode [ 1161.086517][T14480] veth1_macvtap: entered promiscuous mode [ 1161.310442][T14480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1161.332699][T14480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1161.344607][T14480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1161.356240][T14480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1161.367269][T14480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1161.382947][T14480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1161.400106][T14480] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1161.412410][T14480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1161.423657][T14480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1161.434103][T14480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1161.445577][T14480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1161.458528][T14480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1161.479581][T14480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1161.500817][T14480] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1161.537508][T14708] loop1: detected capacity change from 0 to 512 [ 1161.550591][T14708] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1161.595311][T14708] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1161.619212][T14708] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:512: comm syz.1.2396: Block bitmap for bg 0 marked uninitialized [ 1161.656567][T14708] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1161.680559][T14708] EXT4-fs (loop1): 1 orphan inode deleted [ 1161.688359][T14708] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1162.863205][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1162.908334][T13963] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1163.071580][T13963] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1163.626859][T13963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1163.807952][T13963] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1164.416535][ T5846] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1165.311068][ T5846] usb 4-1: Using ep0 maxpacket: 32 [ 1165.320460][ T5846] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 1165.330926][ T5846] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1165.392760][ T5846] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1165.444664][ T5846] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1165.455036][ T5846] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1165.465203][ T5846] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1165.479172][ T5846] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1165.521833][ T5846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1165.632286][ T5846] usb 4-1: config 0 descriptor?? [ 1166.120990][ T5846] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 14 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1166.192022][ T5846] usb 4-1: USB disconnect, device number 14 [ 1166.214020][ T5846] usblp0: removed [ 1167.488109][T12761] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1167.521830][T12761] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1167.538694][T12761] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1167.541569][ T5846] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1167.568024][T12761] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1167.591587][T12761] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1167.599099][T12761] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1169.661872][T12761] Bluetooth: hci1: command tx timeout [ 1169.683164][T14790] tipc: Enabled bearer , priority 0 [ 1169.716748][T14788] tipc: Resetting bearer [ 1170.684174][T14816] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2418'. [ 1170.710348][ T8] tipc: Node number set to 718469539 [ 1170.808771][T14819] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2418'. [ 1171.750912][T12761] Bluetooth: hci1: command tx timeout [ 1173.123834][T14788] tipc: Disabling bearer [ 1173.528799][ T12] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1173.822928][T12761] Bluetooth: hci1: command tx timeout [ 1173.899908][ T12] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1173.995978][T14760] chnl_net:caif_netlink_parms(): no params data found [ 1174.072347][ T12] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1174.420209][ T12] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1174.763242][T14760] bridge0: port 1(bridge_slave_0) entered blocking state [ 1174.773944][T14760] bridge0: port 1(bridge_slave_0) entered disabled state [ 1174.781256][T14760] bridge_slave_0: entered allmulticast mode [ 1174.789269][T14760] bridge_slave_0: entered promiscuous mode [ 1174.846719][T14760] bridge0: port 2(bridge_slave_1) entered blocking state [ 1174.867798][T14760] bridge0: port 2(bridge_slave_1) entered disabled state [ 1174.886356][T14760] bridge_slave_1: entered allmulticast mode [ 1174.905511][T14760] bridge_slave_1: entered promiscuous mode [ 1175.114072][ T12] tipc: Left network mode [ 1175.133650][T14760] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1175.168958][T14760] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1176.342348][T12761] Bluetooth: hci1: command tx timeout [ 1176.396737][T14760] team0: Port device team_slave_0 added [ 1176.545703][T14865] lo: entered promiscuous mode [ 1176.550514][T14865] lo: entered allmulticast mode [ 1176.556001][T14865] tunl0: entered promiscuous mode [ 1176.561040][T14865] tunl0: entered allmulticast mode [ 1176.566965][T14865] gre0: entered promiscuous mode [ 1176.571971][T14865] gre0: entered allmulticast mode [ 1176.577919][T14865] gretap0: entered promiscuous mode [ 1176.583232][T14865] gretap0: entered allmulticast mode [ 1176.589139][T14865] erspan0: entered promiscuous mode [ 1176.594393][T14865] erspan0: entered allmulticast mode [ 1176.600211][T14865] ip_vti0: entered promiscuous mode [ 1176.605488][T14865] ip_vti0: entered allmulticast mode [ 1176.611655][T14865] ip6_vti0: entered promiscuous mode [ 1176.617240][T14865] ip6_vti0: entered allmulticast mode [ 1176.623942][T14865] sit0: entered promiscuous mode [ 1176.628901][T14865] sit0: entered allmulticast mode [ 1176.634821][T14865] ip6tnl0: entered promiscuous mode [ 1176.640034][T14865] ip6tnl0: entered allmulticast mode [ 1176.646194][T14865] ip6gre0: entered promiscuous mode [ 1176.651522][T14865] ip6gre0: entered allmulticast mode [ 1176.657670][T14865] syz_tun: entered promiscuous mode [ 1176.662962][T14865] syz_tun: entered allmulticast mode [ 1176.669308][T14865] ip6gretap0: entered promiscuous mode [ 1176.674827][T14865] ip6gretap0: entered allmulticast mode [ 1176.680905][T14865] bridge0: entered promiscuous mode [ 1176.686194][T14865] bridge0: entered allmulticast mode [ 1176.692089][T14865] vcan0: entered promiscuous mode [ 1176.697130][T14865] vcan0: entered allmulticast mode [ 1176.702796][T14865] bond0: entered promiscuous mode [ 1176.707919][T14865] bond_slave_0: entered promiscuous mode [ 1176.713725][T14865] bond_slave_1: entered promiscuous mode [ 1176.719783][T14865] bond0: entered allmulticast mode [ 1176.724984][T14865] bond_slave_0: entered allmulticast mode [ 1176.730717][T14865] bond_slave_1: entered allmulticast mode [ 1176.737341][T14865] team0: entered promiscuous mode [ 1176.742491][T14865] team_slave_0: entered promiscuous mode [ 1176.748304][T14865] team_slave_1: entered promiscuous mode [ 1176.754107][T14865] team0: entered allmulticast mode [ 1176.759222][T14865] team_slave_0: entered allmulticast mode [ 1176.765039][T14865] team_slave_1: entered allmulticast mode [ 1176.771703][T14865] dummy0: entered promiscuous mode [ 1176.776832][T14865] dummy0: entered allmulticast mode [ 1176.782893][T14865] nlmon0: entered promiscuous mode [ 1176.788016][T14865] nlmon0: entered allmulticast mode [ 1176.794740][T14865] caif0: entered promiscuous mode [ 1176.799790][T14865] caif0: entered allmulticast mode [ 1176.804938][T14865] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1176.972771][T14760] team0: Port device team_slave_1 added [ 1177.117892][T14760] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1177.133783][T14760] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1177.226204][T14760] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1177.254255][T14760] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1177.282019][T14760] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1177.369144][T14760] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1177.486968][T14880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2428'. [ 1177.502410][ T96] block nbd3: Possible stuck request ffff888021a70000: control (read@0,1024B). Runtime 630 seconds [ 1177.513510][ T96] block nbd3: Possible stuck request ffff888021a70200: control (read@1024,1024B). Runtime 630 seconds [ 1177.524712][ T96] block nbd3: Possible stuck request ffff888021a70400: control (read@2048,1024B). Runtime 630 seconds [ 1177.536006][ T96] block nbd3: Possible stuck request ffff888021a70600: control (read@3072,1024B). Runtime 630 seconds [ 1177.588469][T14760] hsr_slave_0: entered promiscuous mode [ 1177.618411][T14760] hsr_slave_1: entered promiscuous mode [ 1177.628253][T14885] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2428'. [ 1177.768729][T14887] kvm: kvm [14886]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0xc1) = 0x800 [ 1177.780163][T14887] kvm: kvm [14886]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0xc2) = 0x800 [ 1177.806506][T14887] kvm: kvm [14886]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0x11e) = 0xbe702911 [ 1177.830134][T14887] kvm: kvm [14886]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0x186) = 0x800 [ 1177.840317][T14887] kvm: kvm [14886]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0x187) = 0x800 [ 1178.222414][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1178.228948][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.383131][ T9921] Bluetooth: hci1: command tx timeout [ 1178.958315][T14892] netlink: 'syz.3.2431': attribute type 4 has an invalid length. [ 1180.257231][T14904] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1182.116701][T14760] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1182.200082][T14760] 8021q: adding VLAN 0 to HW filter on device team0 [ 1182.333099][ T1126] bridge0: port 1(bridge_slave_0) entered blocking state [ 1182.340282][ T1126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1182.435173][ T1126] bridge0: port 2(bridge_slave_1) entered blocking state [ 1182.442381][ T1126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1182.550946][T14930] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2437'. [ 1182.612329][T14934] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2438'. [ 1182.639411][ T12] hsr_slave_0: left promiscuous mode [ 1182.695105][ T12] hsr_slave_1: left promiscuous mode [ 1182.729391][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1182.782326][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1182.805381][T14937] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2438'. [ 1182.825340][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1182.849482][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1182.872612][ T12] bridge_slave_1: left allmulticast mode [ 1182.878329][ T12] bridge_slave_1: left promiscuous mode [ 1182.903782][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1182.932521][ T12] bridge_slave_0: left allmulticast mode [ 1182.938510][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1183.094747][ T12] veth1_macvtap: left promiscuous mode [ 1183.106383][ T12] veth0_macvtap: left promiscuous mode [ 1183.112871][ T12] veth1_vlan: left promiscuous mode [ 1183.118272][ T12] veth0_vlan: left promiscuous mode [ 1184.471097][T14954] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2442'. [ 1184.904195][ T8] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1185.039901][ T12] team_slave_1 (unregistering): left promiscuous mode [ 1185.047376][ T12] team_slave_1 (unregistering): left allmulticast mode [ 1185.060718][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1185.110316][ T12] team_slave_0 (unregistering): left promiscuous mode [ 1185.119200][ T12] team_slave_0 (unregistering): left allmulticast mode [ 1185.129472][ T12] team0 (unregistering): Port device team_slave_0 removed [ 1185.183893][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1185.195086][ T12] bond_slave_1 (unregistering): left promiscuous mode [ 1185.202329][ T12] bond_slave_1 (unregistering): left allmulticast mode [ 1185.259450][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1185.268798][ T12] bond_slave_0 (unregistering): left promiscuous mode [ 1185.277711][ T12] bond_slave_0 (unregistering): left allmulticast mode [ 1186.236480][ T12] bond0 (unregistering): Released all slaves [ 1186.957837][T14968] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1187.085315][T14968] kvm: pic: level sensitive irq not supported [ 1187.085898][T14968] kvm: pic: non byte read [ 1187.167998][T14968] kvm: pic: level sensitive irq not supported [ 1187.168096][T14968] kvm: pic: non byte read [ 1187.205961][T14968] kvm: pic: level sensitive irq not supported [ 1187.206099][T14968] kvm: pic: non byte read [ 1187.786647][T14760] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1188.987859][T14760] veth0_vlan: entered promiscuous mode [ 1189.095837][T14760] veth1_vlan: entered promiscuous mode [ 1189.275503][T15024] loop1: detected capacity change from 0 to 256 [ 1189.666969][T14760] veth0_macvtap: entered promiscuous mode [ 1189.863134][T14760] veth1_macvtap: entered promiscuous mode [ 1189.999848][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1190.054550][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1190.095229][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1190.148329][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1190.160096][T15030] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2453'. [ 1190.190184][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1190.220751][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1190.259331][T15033] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2453'. [ 1190.284259][T14760] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1190.336831][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1190.367997][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1190.395324][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1190.424666][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1190.450600][T14760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1190.482936][T14760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1190.510605][T14760] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1190.829144][ T1126] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1191.137848][ T1126] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1191.455166][ T3508] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1191.469490][ T3508] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1193.551829][ T5785] infiniband syz1: set down [ 1193.602744][ T5846] infiniband syz1: ib_query_port failed (-19) [ 1193.647791][ T42] smc: removing ib device syz1 [ 1193.723813][T15076] tipc: Enabling of bearer rejected, failed to enable media [ 1193.796652][T15076] syzkaller0: entered promiscuous mode [ 1193.846037][T15076] syzkaller0: entered allmulticast mode [ 1193.973845][T12761] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1194.005460][T12761] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1194.023501][T12761] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1194.052356][T12761] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1194.064187][T12761] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1194.081787][T12761] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1194.266006][T15087] syzkaller0: entered promiscuous mode [ 1194.271719][T15087] syzkaller0: entered allmulticast mode [ 1194.397475][T15084] kvm: kvm [15083]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0xc1) = 0x800 [ 1194.416284][T15084] kvm: kvm [15083]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0xc2) = 0x800 [ 1194.476655][T15084] kvm: kvm [15083]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0x11e) = 0xbe702911 [ 1194.506813][T15084] kvm: kvm [15083]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0x186) = 0x800 [ 1194.554224][T15090] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2463'. [ 1194.575716][T15084] kvm: kvm [15083]: vcpu2, guest rIP: 0x45c Unhandled WRMSR(0x187) = 0x800 [ 1194.648265][T15091] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2463'. [ 1194.684407][T15093] loop0: detected capacity change from 0 to 512 [ 1194.734453][T15093] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1194.787974][T15093] ext4 filesystem being mounted at /21/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1196.141753][T12761] Bluetooth: hci2: command tx timeout [ 1196.279811][T14480] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1196.280601][T15080] chnl_net:caif_netlink_parms(): no params data found [ 1197.355301][T15122] loop0: detected capacity change from 0 to 256 [ 1197.560005][T15130] loop3: detected capacity change from 0 to 512 [ 1197.594952][T15130] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 1197.614337][T15080] bridge0: port 1(bridge_slave_0) entered blocking state [ 1197.634499][T15130] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1197.642184][T15080] bridge0: port 1(bridge_slave_0) entered disabled state [ 1197.690211][T15130] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 1197.710329][T15080] bridge_slave_0: entered allmulticast mode [ 1197.710782][T15130] EXT4-fs (loop3): 1 truncate cleaned up [ 1197.724523][T15130] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1197.903358][T15080] bridge_slave_0: entered promiscuous mode [ 1197.922331][T15080] bridge0: port 2(bridge_slave_1) entered blocking state [ 1197.929845][T15080] bridge0: port 2(bridge_slave_1) entered disabled state [ 1197.942083][T15080] bridge_slave_1: entered allmulticast mode [ 1197.949678][T15080] bridge_slave_1: entered promiscuous mode [ 1198.186853][T15080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1198.225662][T12761] Bluetooth: hci2: command tx timeout [ 1198.257624][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1198.271591][T15080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1198.542893][T15080] team0: Port device team_slave_0 added [ 1198.589814][T15080] team0: Port device team_slave_1 added [ 1198.973020][T15080] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1198.980010][T15080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1199.117091][T15152] loop3: detected capacity change from 0 to 512 [ 1199.132442][T15080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1199.205630][T15080] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1199.247592][T15080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1199.254067][T15152] EXT4-fs error (device loop3): ext4_orphan_get:1425: comm syz.3.2472: bad orphan inode 11862016 [ 1199.295322][T15080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1199.303229][T15152] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 1199.366213][T15152] ext4 filesystem being mounted at /629/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1199.410818][T15080] hsr_slave_0: entered promiscuous mode [ 1199.455241][T15080] hsr_slave_1: entered promiscuous mode [ 1199.469617][T15080] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1199.494997][T15080] Cannot create hsr debugfs directory [ 1199.698259][ T28] audit: type=1800 audit(1755051473.457:562): pid=15152 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2472" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 1199.979545][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 1200.311166][T12761] Bluetooth: hci2: command tx timeout [ 1200.485808][T15080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1200.553949][T15080] 8021q: adding VLAN 0 to HW filter on device team0 [ 1200.595460][ T6995] bridge0: port 1(bridge_slave_0) entered blocking state [ 1200.602758][ T6995] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1200.670479][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 1200.677753][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1200.892457][T15080] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1201.303335][T15080] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1201.380410][T15195] loop3: detected capacity change from 0 to 16 [ 1201.524476][T15195] erofs: (device loop3): mounted with root inode @ nid 36. [ 1201.579694][T15195] syz.3.2479: attempt to access beyond end of device [ 1201.579694][T15195] loop3: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 1201.594496][T15195] syz.3.2479: attempt to access beyond end of device [ 1201.594496][T15195] loop3: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 1202.071718][ T5157] udevd[5157]: worker [5932] terminated by signal 33 (Unknown signal 33) [ 1202.080297][ T5157] udevd[5157]: worker [5932] failed while handling '/devices/virtual/block/loop3' [ 1202.381697][T12761] Bluetooth: hci2: command tx timeout [ 1204.082472][T15080] veth0_vlan: entered promiscuous mode [ 1204.097242][T15080] veth1_vlan: entered promiscuous mode [ 1204.169830][T15080] veth0_macvtap: entered promiscuous mode [ 1204.198972][T15080] veth1_macvtap: entered promiscuous mode [ 1204.284801][T15080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1204.300911][T15080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1204.314616][T15080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1204.335861][T15080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1204.348238][T15080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1204.395116][T15080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1204.420168][T15218] binder: 15214:15218 ioctl 400c620e 200000000240 returned -22 [ 1204.520452][T15080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1204.638513][T15080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1204.790896][T15080] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1205.130956][ T28] audit: type=1800 audit(1755051478.967:563): pid=15218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2485" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 1205.131813][T15218] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 1205.161077][T15218] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 1205.165861][T15080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1205.170710][T15218] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1205.182133][T15080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1205.203477][T15080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1205.214391][T15080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1205.317641][T15080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1205.339380][T15080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1205.359714][T15080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1205.406529][T15080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1205.443786][T15080] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1205.660171][T15224] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2486'. [ 1205.795284][ T5793] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 1206.342282][ T3508] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1206.368823][ T3508] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1206.418125][ T5793] usb 3-1: Using ep0 maxpacket: 8 [ 1206.443598][ T5793] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x11, skipping [ 1206.455063][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1206.476157][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1206.486661][ T5793] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1206.505089][ T5793] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1206.525305][ T5793] usb 3-1: Product: syz [ 1206.544020][ T5793] usb 3-1: Manufacturer: syz [ 1206.561484][ T5793] usb 3-1: SerialNumber: syz [ 1206.584997][T15223] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1208.760736][T13295] block nbd3: Possible stuck request ffff888021a70000: control (read@0,1024B). Runtime 660 seconds [ 1208.773219][T13295] block nbd3: Possible stuck request ffff888021a70200: control (read@1024,1024B). Runtime 660 seconds [ 1208.800618][T13295] block nbd3: Possible stuck request ffff888021a70400: control (read@2048,1024B). Runtime 660 seconds [ 1208.935045][T13295] block nbd3: Possible stuck request ffff888021a70600: control (read@3072,1024B). Runtime 660 seconds [ 1209.027376][T15237] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2457'. [ 1209.123852][T15238] NILFS (nullb0): couldn't find nilfs on the device [ 1209.381630][ T5793] cdc_ncm 3-1:1.0: bind() failure [ 1209.390759][ T5793] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 1209.491472][ T5793] cdc_ncm 3-1:1.1: bind() failure [ 1209.529568][ T5793] usb 3-1: USB disconnect, device number 22 [ 1209.971609][ T5793] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 1210.171473][ T5793] usb 3-1: Using ep0 maxpacket: 32 [ 1210.186435][ T5793] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 1210.195548][ T5793] usb 3-1: config 0 has no interface number 0 [ 1210.207628][ T5793] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1210.219752][ T5793] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1210.231351][ T5793] usb 3-1: Product: syz [ 1210.236410][ T5793] usb 3-1: Manufacturer: syz [ 1210.241145][ T5793] usb 3-1: SerialNumber: syz [ 1210.250838][ T5793] usb 3-1: config 0 descriptor?? [ 1210.266027][ T5793] smsc95xx v2.0.0 [ 1210.317600][ T9921] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1210.328108][ T9921] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1210.336785][ T9921] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1210.345888][ T9921] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1210.355119][ T9921] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1210.362725][ T9921] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1210.583947][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1210.851257][ T5793] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1210.875250][ T5793] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1210.887187][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1211.643151][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1211.745984][T15267] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2499'. [ 1211.770136][T15267] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2499'. [ 1211.785153][T15267] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2499'. [ 1211.831312][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1212.119036][T15254] chnl_net:caif_netlink_parms(): no params data found [ 1212.462426][T12761] Bluetooth: hci0: command tx timeout [ 1212.532260][ T11] tipc: Left network mode [ 1212.681669][T15254] bridge0: port 1(bridge_slave_0) entered blocking state [ 1212.709298][T15254] bridge0: port 1(bridge_slave_0) entered disabled state [ 1212.729586][T15254] bridge_slave_0: entered allmulticast mode [ 1212.751262][T15254] bridge_slave_0: entered promiscuous mode [ 1212.841150][T15254] bridge0: port 2(bridge_slave_1) entered blocking state [ 1212.851247][T15254] bridge0: port 2(bridge_slave_1) entered disabled state [ 1212.881837][T15254] bridge_slave_1: entered allmulticast mode [ 1212.901668][T15254] bridge_slave_1: entered promiscuous mode [ 1213.053416][T15254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1213.163865][T15254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1213.277127][T15254] team0: Port device team_slave_0 added [ 1213.318711][T15254] team0: Port device team_slave_1 added [ 1213.375963][ T5793] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 1213.390399][ T5793] smsc95xx: probe of 3-1:0.67 failed with error -71 [ 1213.404353][ T5793] usb 3-1: USB disconnect, device number 23 [ 1213.451132][T15254] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1213.458461][T15254] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1213.487424][T15254] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1213.503188][T15254] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1213.510349][T15254] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1213.537293][T15254] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1213.592073][T15283] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1213.633310][T15254] hsr_slave_0: entered promiscuous mode [ 1213.642587][T15254] hsr_slave_1: entered promiscuous mode [ 1213.649284][T15254] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1213.657915][T15254] Cannot create hsr debugfs directory [ 1214.292736][ T8] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 1215.275481][T12761] Bluetooth: hci0: command tx timeout [ 1215.295246][ T28] audit: type=1326 audit(1755051488.187:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15293 comm="syz.0.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bff58ebe9 code=0x7ffc0000 [ 1215.317827][ T28] audit: type=1326 audit(1755051488.187:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15293 comm="syz.0.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bff58ebe9 code=0x7ffc0000 [ 1215.343200][ T28] audit: type=1326 audit(1755051488.187:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15293 comm="syz.0.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1bff58ebe9 code=0x7ffc0000 [ 1215.366995][ T28] audit: type=1326 audit(1755051488.187:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15293 comm="syz.0.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bff58ebe9 code=0x7ffc0000 [ 1215.404868][ T28] audit: type=1326 audit(1755051488.187:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15293 comm="syz.0.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bff58ebe9 code=0x7ffc0000 [ 1215.428041][ T28] audit: type=1326 audit(1755051488.187:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15293 comm="syz.0.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f1bff58ebe9 code=0x7ffc0000 [ 1215.571567][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 1215.581729][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1215.608797][ T28] audit: type=1326 audit(1755051488.187:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15293 comm="syz.0.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bff58ebe9 code=0x7ffc0000 [ 1215.609774][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1215.631842][ T28] audit: type=1326 audit(1755051488.187:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15293 comm="syz.0.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bff58ebe9 code=0x7ffc0000 [ 1215.631895][ T28] audit: type=1326 audit(1755051488.187:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15293 comm="syz.0.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f1bff58ebe9 code=0x7ffc0000 [ 1215.631940][ T28] audit: type=1326 audit(1755051488.187:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15293 comm="syz.0.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bff58ebe9 code=0x7ffc0000 [ 1216.881997][T15312] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2506'. [ 1217.055041][ T8] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1217.066848][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1217.341687][T15300] Bluetooth: hci0: command tx timeout [ 1217.803890][ T8] usb 2-1: Product: syz [ 1217.808123][ T8] usb 2-1: Manufacturer: syz [ 1217.812806][ T8] usb 2-1: SerialNumber: syz [ 1217.863984][ T8] usb 2-1: can't set config #1, error -71 [ 1217.887575][ T8] usb 2-1: USB disconnect, device number 17 [ 1217.915469][ T11] hsr_slave_0: left promiscuous mode [ 1217.983646][ T11] hsr_slave_1: left promiscuous mode [ 1218.006379][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1218.028605][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1218.053508][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1218.071692][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1218.089887][ T11] bridge0: port 3(team0) entered disabled state [ 1218.111205][ T11] bridge_slave_1: left allmulticast mode [ 1218.127158][ T11] bridge_slave_1: left promiscuous mode [ 1218.141647][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1218.173949][ T11] bridge_slave_0: left allmulticast mode [ 1218.179845][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1218.265128][T15317] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 1218.333961][ T11] veth1_macvtap: left promiscuous mode [ 1218.339510][ T11] veth0_macvtap: left promiscuous mode [ 1218.365523][ T11] veth1_vlan: left promiscuous mode [ 1218.370942][ T11] veth0_vlan: left promiscuous mode [ 1219.117863][T15326] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1219.214451][T15326] kvm: pic: level sensitive irq not supported [ 1219.214876][T15326] kvm: pic: non byte read [ 1219.421941][T15300] Bluetooth: hci0: command tx timeout [ 1220.450187][T15338] loop2: detected capacity change from 0 to 1024 [ 1220.472519][T15338] EXT4-fs: Ignoring removed bh option [ 1220.477982][T15338] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1220.529734][ T28] kauditd_printk_skb: 19 callbacks suppressed [ 1220.529750][ T28] audit: type=1326 audit(1755051494.347:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15335 comm="syz.1.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb95458ebe9 code=0x7ffc0000 [ 1220.577450][T15338] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1220.590779][ T28] audit: type=1326 audit(1755051494.347:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15335 comm="syz.1.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb95458ebe9 code=0x7ffc0000 [ 1220.637743][T15342] syz.1.2512[15342] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1220.638468][T15342] syz.1.2512[15342] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1220.825239][T15338] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1220.976920][ T28] audit: type=1326 audit(1755051494.367:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15335 comm="syz.1.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fb95458ebe9 code=0x7ffc0000 [ 1221.281592][ T28] audit: type=1326 audit(1755051494.367:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15335 comm="syz.1.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb95458ebe9 code=0x7ffc0000 [ 1221.355758][ T28] audit: type=1326 audit(1755051494.367:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15335 comm="syz.1.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb95458ebe9 code=0x7ffc0000 [ 1221.490045][ T28] audit: type=1326 audit(1755051494.367:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15335 comm="syz.1.2512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fb95458ebe9 code=0x7ffc0000 [ 1222.251059][ T11] team_slave_1 (unregistering): left promiscuous mode [ 1222.281826][ T11] team_slave_1 (unregistering): left allmulticast mode [ 1222.350812][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1222.495217][ T11] team_slave_0 (unregistering): left promiscuous mode [ 1222.502126][ T11] team_slave_0 (unregistering): left allmulticast mode [ 1222.513909][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1222.548506][T15345] loop2: detected capacity change from 0 to 512 [ 1222.561946][T15345] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1222.609966][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1222.620004][ T11] bond_slave_1 (unregistering): left promiscuous mode [ 1222.642076][ T11] bond_slave_1 (unregistering): left allmulticast mode [ 1222.716663][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1222.726181][ T11] bond_slave_0 (unregistering): left promiscuous mode [ 1222.735570][ T11] bond_slave_0 (unregistering): left allmulticast mode [ 1223.047150][T14760] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1224.324245][ T11] bond0 (unregistering): Released all slaves [ 1224.413760][T15351] lo: entered promiscuous mode [ 1224.418639][T15351] lo: entered allmulticast mode [ 1224.424186][T15351] tunl0: entered promiscuous mode [ 1224.429247][T15351] tunl0: entered allmulticast mode [ 1224.435243][T15351] gre0: entered promiscuous mode [ 1224.440947][T15351] gre0: entered allmulticast mode [ 1224.447046][T15351] gretap0: entered promiscuous mode [ 1224.452398][T15351] gretap0: entered allmulticast mode [ 1224.459395][T15351] erspan0: entered promiscuous mode [ 1224.464673][T15351] erspan0: entered allmulticast mode [ 1224.470577][T15351] ip_vti0: entered promiscuous mode [ 1224.475852][T15351] ip_vti0: entered allmulticast mode [ 1224.482113][T15351] ip6_vti0: entered promiscuous mode [ 1224.487444][T15351] ip6_vti0: entered allmulticast mode [ 1224.493799][T15351] sit0: entered promiscuous mode [ 1224.498754][T15351] sit0: entered allmulticast mode [ 1224.504754][T15351] ip6tnl0: entered promiscuous mode [ 1224.509973][T15351] ip6tnl0: entered allmulticast mode [ 1224.516174][T15351] ip6gre0: entered promiscuous mode [ 1224.521462][T15351] ip6gre0: entered allmulticast mode [ 1224.527587][T15351] syz_tun: entered promiscuous mode [ 1224.532838][T15351] syz_tun: entered allmulticast mode [ 1224.538676][T15351] ip6gretap0: entered promiscuous mode [ 1224.544827][T15351] ip6gretap0: entered allmulticast mode [ 1224.550891][T15351] bridge0: entered promiscuous mode [ 1224.556156][T15351] bridge0: entered allmulticast mode [ 1224.562109][T15351] vcan0: entered promiscuous mode [ 1224.567156][T15351] vcan0: entered allmulticast mode [ 1224.572875][T15351] bond0: entered promiscuous mode [ 1224.577915][T15351] bond_slave_0: entered promiscuous mode [ 1224.583725][T15351] bond_slave_1: entered promiscuous mode [ 1224.589486][T15351] bond0: entered allmulticast mode [ 1224.594670][T15351] bond_slave_0: entered allmulticast mode [ 1224.600392][T15351] bond_slave_1: entered allmulticast mode [ 1224.607080][T15351] team0: entered promiscuous mode [ 1224.612183][T15351] team_slave_0: entered promiscuous mode [ 1224.617963][T15351] team_slave_1: entered promiscuous mode [ 1224.623918][T15351] team0: entered allmulticast mode [ 1224.629048][T15351] team_slave_0: entered allmulticast mode [ 1224.634880][T15351] team_slave_1: entered allmulticast mode [ 1224.641571][T15351] dummy0: entered promiscuous mode [ 1224.647363][T15351] dummy0: entered allmulticast mode [ 1224.653555][T15351] nlmon0: entered promiscuous mode [ 1224.658685][T15351] nlmon0: entered allmulticast mode [ 1224.665482][T15351] caif0: entered promiscuous mode [ 1224.670527][T15351] caif0: entered allmulticast mode [ 1224.675697][T15351] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1225.150495][T15254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1225.284411][T15254] 8021q: adding VLAN 0 to HW filter on device team0 [ 1225.331979][ T3508] bridge0: port 1(bridge_slave_0) entered blocking state [ 1225.339152][ T3508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1225.443017][ T3508] bridge0: port 2(bridge_slave_1) entered blocking state [ 1225.450270][ T3508] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1225.807037][T15254] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1225.830055][ T9921] Bluetooth: hci0: command tx timeout [ 1228.471403][T15384] lo: entered promiscuous mode [ 1228.476290][T15384] lo: entered allmulticast mode [ 1228.482084][T15384] tunl0: entered promiscuous mode [ 1228.487152][T15384] tunl0: entered allmulticast mode [ 1228.492856][T15384] gre0: entered promiscuous mode [ 1228.497846][T15384] gre0: entered allmulticast mode [ 1228.503554][T15384] gretap0: entered promiscuous mode [ 1228.508788][T15384] gretap0: entered allmulticast mode [ 1228.514700][T15384] erspan0: entered promiscuous mode [ 1228.519928][T15384] erspan0: entered allmulticast mode [ 1228.525801][T15384] ip_vti0: entered promiscuous mode [ 1228.531014][T15384] ip_vti0: entered allmulticast mode [ 1228.537666][T15384] ip6_vti0: entered promiscuous mode [ 1228.543272][T15384] ip6_vti0: entered allmulticast mode [ 1228.549240][T15384] sit0: entered promiscuous mode [ 1228.554260][T15384] sit0: entered allmulticast mode [ 1228.559894][T15384] ip6tnl0: entered promiscuous mode [ 1228.565201][T15384] ip6tnl0: entered allmulticast mode [ 1228.571031][T15384] ip6gre0: entered promiscuous mode [ 1228.576315][T15384] ip6gre0: entered allmulticast mode [ 1228.582648][T15384] syz_tun: entered promiscuous mode [ 1228.587863][T15384] syz_tun: entered allmulticast mode [ 1228.593772][T15384] ip6gretap0: entered promiscuous mode [ 1228.599244][T15384] ip6gretap0: entered allmulticast mode [ 1228.605408][T15384] bridge0: entered promiscuous mode [ 1228.610620][T15384] bridge0: entered allmulticast mode [ 1228.616495][T15384] vcan0: entered promiscuous mode [ 1228.621604][T15384] vcan0: entered allmulticast mode [ 1228.627041][T15384] bond0: entered promiscuous mode [ 1228.632142][T15384] bond_slave_0: entered promiscuous mode [ 1228.638592][T15384] bond_slave_1: entered promiscuous mode [ 1228.644467][T15384] bond0: entered allmulticast mode [ 1228.649581][T15384] bond_slave_0: entered allmulticast mode [ 1228.655401][T15384] bond_slave_1: entered allmulticast mode [ 1228.662193][T15384] team0: entered promiscuous mode [ 1228.667259][T15384] team_slave_0: entered promiscuous mode [ 1228.673086][T15384] team_slave_1: entered promiscuous mode [ 1228.678957][T15384] team0: entered allmulticast mode [ 1228.684221][T15384] team_slave_0: entered allmulticast mode [ 1228.689954][T15384] team_slave_1: entered allmulticast mode [ 1228.696651][T15384] dummy0: entered promiscuous mode [ 1228.701963][T15384] dummy0: entered allmulticast mode [ 1228.707835][T15384] nlmon0: entered promiscuous mode [ 1228.713006][T15384] nlmon0: entered allmulticast mode [ 1228.720271][T15384] caif0: entered promiscuous mode [ 1228.725432][T15384] caif0: entered allmulticast mode [ 1228.730546][T15384] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1228.978059][T15386] syzkaller0: entered promiscuous mode [ 1228.985921][T15386] syzkaller0: entered allmulticast mode [ 1229.379159][T15394] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1229.414278][T15394] kvm: pic: level sensitive irq not supported [ 1229.414369][T15394] kvm: pic: non byte read [ 1230.255172][T15405] loop2: detected capacity change from 0 to 16 [ 1230.274276][T15405] erofs: (device loop2): mounted with root inode @ nid 36. [ 1230.301072][T15405] syz.2.2528: attempt to access beyond end of device [ 1230.301072][T15405] loop2: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 1230.315756][T15405] syz.2.2528: attempt to access beyond end of device [ 1230.315756][T15405] loop2: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 1230.345009][T15405] syz.2.2528: attempt to access beyond end of device [ 1230.345009][T15405] loop2: rw=0, sector=8, nr_sectors = 16 limit=16 [ 1230.562226][ T27] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 1230.909430][ T27] usb 2-1: Using ep0 maxpacket: 8 [ 1230.925904][ T27] usb 2-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x11, skipping [ 1230.972229][ T27] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1230.987467][ T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1231.015403][ T27] usb 2-1: Product: syz [ 1231.019804][ T27] usb 2-1: Manufacturer: syz [ 1231.051682][ T27] usb 2-1: SerialNumber: syz [ 1231.163935][T15404] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1232.201132][T14760] BUG: Bad page state in process syz-executor pfn:2f382 [ 1232.208789][T14760] page:ffffea0000bce080 refcount:0 mapcount:0 mapping:ffff88805d221278 index:0x2 pfn:0x2f382 [ 1232.219132][T14760] aops:z_erofs_cache_aops ino:0 [ 1232.224359][T14760] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 1232.232306][T14760] page_type: 0xffffffff() [ 1232.236685][T14760] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805d221278 [ 1232.245523][T14760] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 1232.254293][T14760] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 1232.261833][T14760] page_owner tracks the page as allocated [ 1232.267972][T14760] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 15405, tgid 15400 (syz.2.2528), ts 1230298898907, free_ts 1229885222780 [ 1232.290648][T14760] post_alloc_hook+0x1cd/0x210 [ 1232.295547][T14760] get_page_from_freelist+0x195c/0x19f0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1232.301239][T14760] __alloc_pages+0x1e3/0x460 [ 1232.306095][T14760] z_erofs_do_read_page+0x20c0/0x3680 [ 1232.311737][T14760] z_erofs_readahead+0x862/0xd50 [ 1232.316721][T14760] read_pages+0x177/0x840 [ 1232.321095][T14760] page_cache_ra_unbounded+0x692/0x770 [ 1232.326979][T14760] force_page_cache_ra+0x2c1/0x320 [ 1232.332284][T14760] generic_fadvise+0x44f/0x730 [ 1232.337099][T14760] __x64_sys_fadvise64+0x140/0x180 [ 1232.342360][T14760] do_syscall_64+0x55/0xb0 [ 1232.346815][T14760] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1232.353082][T14760] page last free stack trace: [ 1232.357790][T14760] free_unref_page_prepare+0x7ce/0x8e0 [ 1232.363919][T14760] free_unref_page+0x32/0x2e0 [ 1232.368652][T14760] __slab_free+0x35e/0x410 [ 1232.373153][T14760] qlist_free_all+0x75/0xe0 [ 1232.377700][T14760] kasan_quarantine_reduce+0x143/0x160 [ 1232.383346][T14760] __kasan_slab_alloc+0x22/0x80 [ 1232.388248][T14760] slab_post_alloc_hook+0x6e/0x4d0 [ 1232.393443][T14760] kmem_cache_alloc+0x11e/0x2e0 [ 1232.398332][T14760] jbd2__journal_start+0x140/0x5b0 [ 1232.403858][T14760] __ext4_journal_start_sb+0x203/0x570 [ 1232.409380][T14760] ext4_dirty_inode+0x93/0x110 [ 1232.414235][T14760] __mark_inode_dirty+0x2b4/0xc80 [ 1232.419308][T14760] file_update_time+0x197/0x1b0 [ 1232.424469][T14760] ext4_page_mkwrite+0x1f3/0x1210 [ 1232.429546][T14760] do_page_mkwrite+0x153/0x3e0 [ 1232.434445][T14760] handle_mm_fault+0x19b8/0x4920 [ 1232.439482][T14760] Modules linked in: [ 1232.443500][T14760] CPU: 1 PID: 14760 Comm: syz-executor Not tainted 6.6.101-syzkaller #0 [ 1232.451865][T14760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1232.461958][T14760] Call Trace: [ 1232.465274][T14760] [ 1232.468239][T14760] dump_stack_lvl+0x16c/0x230 [ 1232.472971][T14760] ? show_regs_print_info+0x20/0x20 [ 1232.478218][T14760] ? swiotlb_print_info+0x70/0x70 [ 1232.483298][T14760] bad_page+0x14b/0x170 [ 1232.487496][T14760] free_unref_page_prepare+0x887/0x8e0 [ 1232.493013][T14760] free_unref_page+0x32/0x2e0 [ 1232.497737][T14760] ? __folio_put+0xef/0x210 [ 1232.502289][T14760] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 1232.508751][T14760] erofs_shrink_workstation+0x118/0x290 [ 1232.514360][T14760] ? erofs_shrinker_unregister+0x170/0x170 [ 1232.520222][T14760] ? io_schedule+0xd0/0xd0 [ 1232.524682][T14760] ? kobject_put+0x43c/0x470 [ 1232.529328][T14760] erofs_shrinker_unregister+0x5d/0x170 [ 1232.534934][T14760] erofs_put_super+0x4e/0x150 [ 1232.539667][T14760] ? erofs_free_inode+0xb0/0xb0 [ 1232.544558][T14760] generic_shutdown_super+0x134/0x2b0 [ 1232.549984][T14760] kill_block_super+0x44/0x90 [ 1232.554696][T14760] erofs_kill_sb+0x4c/0x140 [ 1232.559259][T14760] deactivate_locked_super+0x97/0x100 [ 1232.564664][T14760] cleanup_mnt+0x429/0x4c0 [ 1232.569135][T14760] task_work_run+0x1ce/0x250 [ 1232.573755][T14760] ? task_work_cancel+0x240/0x240 [ 1232.578816][T14760] ? exit_to_user_mode_loop+0x3b/0x110 [ 1232.584302][T14760] exit_to_user_mode_loop+0xe6/0x110 [ 1232.589612][T14760] exit_to_user_mode_prepare+0xb1/0x140 [ 1232.595184][T14760] syscall_exit_to_user_mode+0x1a/0x50 [ 1232.600668][T14760] do_syscall_64+0x61/0xb0 [ 1232.605113][T14760] ? clear_bhb_loop+0x40/0x90 [ 1232.609801][T14760] ? clear_bhb_loop+0x40/0x90 [ 1232.614492][T14760] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1232.620498][T14760] RIP: 0033:0x7f6cc878ff17 [ 1232.624938][T14760] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 1232.644588][T14760] RSP: 002b:00007fffdaf03ea8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1232.653024][T14760] RAX: 0000000000000000 RBX: 00007f6cc8811c05 RCX: 00007f6cc878ff17 [ 1232.661011][T14760] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffdaf03f60 [ 1232.668995][T14760] RBP: 00007fffdaf03f60 R08: 0000000000000000 R09: 0000000000000000 [ 1232.676994][T14760] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffdaf04ff0 [ 1232.685000][T14760] R13: 00007f6cc8811c05 R14: 000000000012c785 R15: 00007fffdaf05030 [ 1232.693004][T14760] [ 1232.697806][T14760] Disabling lock debugging due to kernel taint [ 1232.704552][ T27] cdc_ncm 2-1:1.0: bind() failure [ 1232.731902][ T27] cdc_ncm: probe of 2-1:1.1 failed with error -71 [ 1232.739262][ T27] cdc_mbim: probe of 2-1:1.1 failed with error -71 [ 1232.747574][ T27] usbtest: probe of 2-1:1.1 failed with error -71 [ 1232.782513][ T27] usb 2-1: USB disconnect, device number 18 [ 1235.824582][ T5157] udevd[5157]: worker [5967] /devices/virtual/block/nbd3 timeout; kill it [ 1235.836732][ T5157] udevd[5157]: seq 13941 '/devices/virtual/block/nbd3' killed [ 1238.942899][T13295] block nbd3: Possible stuck request ffff888021a70000: control (read@0,1024B). Runtime 690 seconds [ 1238.953823][T13295] block nbd3: Possible stuck request ffff888021a70200: control (read@1024,1024B). Runtime 690 seconds [ 1238.965145][T13295] block nbd3: Possible stuck request ffff888021a70400: control (read@2048,1024B). Runtime 690 seconds [ 1238.993333][T13295] block nbd3: Possible stuck request ffff888021a70600: control (read@3072,1024B). Runtime 690 seconds [ 1239.586240][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.594769][ T1288] ieee802154 phy1 wpan1: encryption failed: -22