last executing test programs: 4m5.649165324s ago: executing program 3 (id=128): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, 0x0, 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) mount$cgroup(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000340), 0x3008000, &(0x7f0000000b00)={[{@xattr}]}) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) rmdir(&(0x7f0000000040)='./control\x00') 4m3.728124178s ago: executing program 3 (id=134): syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)={0x0, 0xa, 0x2, {0x2, 0xc}}, 0x0, 0x0, 0x0, 0x0}, 0x0) getpid() fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) getgid() socketpair$tipc(0x1e, 0x7, 0x0, &(0x7f0000004040)) r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000480)={0xa1, 0x9, 0x4, 0x0, 0x0, 0x0, 0x0}) ioctl$USBDEVFS_ALLOC_STREAMS(r0, 0x8008551c, &(0x7f0000000140)={0xdc87, 0x16, [{0x2}, {0xd}, {0xb}, {0x3, 0x1}, {0xf, 0x1}, {}, {0xf, 0x1}, {0x5, 0x1}, {0xf}, {0xd, 0x1}, {0x7}, {0x2, 0x1}, {0x9, 0x1}, {0xc}, {0x7, 0x1}, {0x7}, {0x2}, {0x26, 0x1}, {0x4, 0x1}, {0x4}, {0x7}, {0x7, 0x1}]}) bpf$PROG_LOAD(0x5, &(0x7f00000043c0)={0x14, 0x2a, &(0x7f0000004080)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x59}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@btf_id={0x18, 0x3, 0x3, 0x0, 0x5}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2800}}, @map_idx={0x18, 0x0, 0x5, 0x0, 0xd}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x100}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd9c}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000004200)='syzkaller\x00', 0x8, 0xf4, &(0x7f0000004240)=""/244, 0x41000, 0x19, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000004340)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000004380)={0x1, 0xd, 0x4, 0x80}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) lstat(&(0x7f0000004480)='./file0\x00', &(0x7f00000044c0)) accept(0xffffffffffffffff, &(0x7f0000004540)=@tipc=@id, &(0x7f00000045c0)=0x80) socket$inet_tcp(0x2, 0x1, 0x0) openat$ttynull(0xffffffffffffff9c, &(0x7f0000004600), 0x2200, 0x0) getpgrp(0xffffffffffffffff) read$FUSE(0xffffffffffffffff, &(0x7f0000004640)={0x2020}, 0x2020) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000006680)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r3}, 0x18) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x810410, &(0x7f0000000600)=ANY=[@ANYRES32, @ANYBLOB="749235c63bc001e29d7d09ef375f63128afacfe8f0ceeecb4e94d802fcf7fb224c8e9d9df582f661c26d2970f7ab1e0f14f11584b083ba27367e9700cdb013122b6f248e89447aa3b0ffba27c76545e41126f8c5b59b3e9a839669f2a212105589ad1abd707ddc", @ANYRES32, @ANYRES64, @ANYRES16, @ANYBLOB="e2d3defc6ea7d9d6f5261ad72a34630b954e0eaaca3369568145e8bb6cf6bb3f8698a1a86cd1bee9cebd9f8142b89a175e9a2795a5f787d7836a75c24cb6a25df7aee443ed4af428a9a8b8b9a74879740bcf7064014e47b7b06ec12b27580f0a3d8eac4e5dfe605ce84878dc09ad02e8463647ffbd8f614da3de7683442fe9eddfe0b70b6daace110c94e77d1cd34a83cab18695117b21398bfcf9a25c9b19737d417b2af1feea342c954e5d56122b88646cf159b58d6d97dd3a71bdd7297327efd7a96d3509aeacc78cb68f6f1ccf48f84bed5ff4db110968c09bef597ff7c5f67d2a0378db144d369785c09a8d1e9bb7cab1d8b8edc638a8d4df64625b2c299adb9d328cdbcef5c07130950b834b47ec9a32eb95efec40f750a60a777dc17a229a452c444a88cc9708d138d2030e20d957d4408cf4f3febf13536b9c54fbf540ae88da9399ccec8155d8e1cb1f2ee5d633c4730ed582df2b4118eea97ec0e78d5a5fac0a7eefd94f77384522ee218df4d5ed694d21b3566cedec20599b9ad6c90497397a3e73fa51ee6ddc63b6d7db7464e1d3ad51428b655c77be73369c35f85a9d42e247ce91834dae86fe0fef0b8a041151ac397525a1823139f7d1503ee9c6be4faa0a242ce2272c5e219bbb7e908ba029b575e24a920250f365d8e5c71e1f42050248b1622e6675a52e05724fe70c54c1961605c46bd3b6a89394a98de71edb8cd64ee5caebb386d4ebf36563809b58a98d139c93b6d788711d30d2bc53502a7f1ac12345604c9196f0adb45aa0ab816cf32eaaa4423845b851136fbfa7d215676bfcf0611b451ad130c6ef71f4251445dfa406630810417500381c11b9b530321ae7ab7705451942220d8a55369c052adf74d4701f3833a53bde2ea826957e593b0c0b82140c6f2ed9f3b3f871f19a3c310115f664c7b1ba920613ce8958a7ce1da17aec341d151f06edaaa80469bf9e912aff7f004579d5df0e192d9a37526e4f0d955e6d195f3be7fab9967431c67bdf0c57c80b58ab708e0a899a5f48960dd38486efde7a806cc6b05baf79a4b5538023823d5f2708d2404879f090633645c0814b325aba300dbbbf1d0df9d878901a44e6c3045d715dfe5e1b543a29088eb23cbf64206c67f88eec79cb0741af1e5a2bca8b05fc3ceb16e872abd8caaffa47077be13cc8f8e04670ae278958abce5432359935fbaa7d2c5df08a4c9258a020ae9ac6d439a64df94c8008abeca0c5210727a2c8ac5090bfe488adf07bc84a7467416b79f17006a94afe07fffad50b4e2f0bcb9668770b82d4e9f3a7f9cb2ed6fdee964c3da87dd9c1ebea024dcbb5a3a081a62e4c0bbf9dc7d537036415ca1d81044ef6398a9bc4009c0e0287a1a0900364024b5939b8d681d1829b0c6a40ba5206a8b779350f2765e6fdfe401b445f1610eb4b5538f4a263e5540a16e7979b4fb5058b0dad06e1305404f4a1b4e27f36a6ecb58cf328de0bfd06d4b828239a3f71c8eb31bb93f9b9ddacdfda53bd03958652667060cdd073b398eb4946b2670c8ef8f27ba16af189375ab72c8b46104ccce6b4f3708c75effd964664e5811c3afd204dbccf967191c07025a53be6b3bc41509d5daac37ecc08d459d56bbb86444c88ef5a42413d743e285972e7bb781e0c83a3bfa9c2191809a5da156141073e902711b139a8d27246dd19bb3eabd2dc61f6a78eb3a9b6f5d2a59f327fe69d4f1887eb488f2ecd281d0bd3088ef53ff1f2238729dec679f2a9c2a381e1dcac9b86780eba8813ab8a7a427336489c42d0496b6f6833c7153b346f56a60e39e6d903440961743fe14c0be9bdc9b479c19aceb64b04e28c15fb5dee3b461004f01595140614c7db2297a171379a34072ff2087c2196a2499d82533cf476e827428a8465cde6dc277d2c232d3da09dc7d5e94aed1ffa4de2b36a79c7bdee724cc75c7f27a0e5002c4b92fdf76ebef5ffc602fd027dbe1acef58ce6fa9a2d34ee22732161bd055539b0f7980f1509f4c6e650d052842b455829b02016f2086c2fc3f4ff494b9b9fef32c83f93fe85e3b6743cd8c522bc2e6505c2fd936f715c5f596da2352f4ddbadf536fe7e9140f8a1eec5f2e0333cd84f1255d50d879c53025d805d6b14f82f871178faa8bc798c2f0bb7671ce185c60ae7957d223b3f641f9a306795a818e60c89002537bd225bb2d9687f329114201207b7840e4ed394d1fbc6e9c4efd6a0a68db1096076dce6a0075417e06e40cc9d5df31a3c7ea2dbee5a369bbff556a5caae847f517d0fbb473d5275d0ba06da7e8a62802e43253838168befd6fbcc012f12076e6e6972d1f1826d4834b3940ddf374898d1af97e1903f37cbe83438511387d239c6d4edeb3884a9c587d21ed226ac648f83595bbb5cd37448c2cd259636e2610ad8427e4f7c7c90dbb43cbc2815df305e85f7e307fff0715d2582f152a0f7c5322238ab570f1b9bbe4092da115979fe0a5753fdfb7ee53b4de13a767d16c4507d2e7f6f58cc216a03012abdba49a01a1dd4bd1ebb936e9bde78cd1b2e987d2d7296dd7aeb37fbfb270e235bc29c025ba6c4693d09f901f1ef6b7a2142ed3a24c35817dcc9d3c3ede970eecd9d19993673ade157b8933c8dcd259bf6537827d7368e73c73e1dbea3a10a28281eba05e3f3d6f78b48a12141977f312f45bccb964c3ef8f89efad2e4413bdbdd59162b6ff6aab57a76c10618824f487a6f3077d8bad06ce39e118247b4ec7fd681ef95db0f2d3dbd142dc2090e926eae454f52d091cc24f62391461e6267bc1b084aa05b28c8c6b5cb16d8fbb87c993de873a7dc28cc44ede3cd02ee73dae39cbf472ddebfcc506d9a7a833cfd7b45e813c251110d206148c4e1cfb68ed20d80cfa6c7e4677037eb9e1bc021b34f9dcaaded11dfad1c59a1d52fd046610134fc80335a7ac0e2083ad945a49e30565cff09b8d200d9370461def8bff3d223a75370554210314af46adf26532159fd681e55ae9193df30276d87c44ba3aaaeab62013b0da5f972ced7e6d84e26394a230e35a7bb2a1ab0f8533e2109a173299352414c744fa59a118cca99c0bca930117b84e7c735cf6d879c1a7e151ef9f08f1518cd249115387247d2f9471d07a94324a13073142d8c3cf804528038d9c898492dd0b2d3ffd5f15c2e391c35f45d34be4b1a520fca923b97a74e84212f6b11a71d1fbc40add864257d2205cdd7a71335af471a66a494ba3ca51f2348c4cf99170ec026e195667c1ca4975618785bf8a3b6b107d2bdaaef86681bac9cd5f00cc5e08c1e6f65a50061a1c6a02d6ce3f2879c77f88d9df98d6049f5e062dec3316e5982b6dd582d34ffe0c4330dd40c99256934a5c03fb1b94c370091572283bb2367f5c8af689d4fe201f5602a1c77c9d9fa7f687f3cd7edba0fe2d475345ca6e5aa370261ee83ed014d3f13f90ced4ad63f7c7037a7bc77da5f8d87aa2c97fdae951e1e3be2b1c5402f570ce34494e7e28d40a45a208800b165919ce9282fd261dfa61367ea2518859a269418b70bf8de06f966ff12f7cd9057011d5d71d03b8ed4768a48ba7f0cb259ad66067078e681d894f876101abc02370069b9ba567e942444222993e252cf6a682831db337edf676190b8aeb95c9fadebb5b880357700ed570d309b835fba9c411664186f2ef4388768473caa93e32ea3b41408507fb2cec956b859ee6628dacc32dede23ac4430aa94c4feb976f8e0b07ac1dfe28c69cb31190d31779d5868f82145a6bf4e691179d576ccc23e2412d23cc12b50734a0d55f929624411c6ffb38005cc915caf9e7d38dc99f3e5ccf90c32e51cb440ba2c828da2819b275601b3aee0a795b5535c27b1fd6b0a1e4c047afbb692eff7e81d9ae59ecdef60e689b3b7d5344c3e08089bd12d18e37956a7a3c708414b5d3a2b7a480b992384972a17bdc68d824bc0769cab5ab6411b27306fcc5ff6ff8dfe4efc260eaf82618efb7f1e7163fe7a1fc5975950b6d0da5622eba102fa747cacaf19358f8da0168bd8c921aa16b4f4c21b4067d7c3d61b0608206246d029174b14f4c8161fa0d0110533718cbc1b852ffae92ffa4d142a0c47fe15f7ae783bbb05568c2a2a7ad61b9037c8f31dd786431ad303d6b720fd05731494f635b2842ef530e83b1ccc23dfebb200a8a51ed70fc206e29723f0a45bbce0165ec9fdffb532545b900acef2c6902d1907f2b6d9aaefd243cc543be85e56920ad16463b91d4825d71a9abbec204264a5172d5cc9f167861a2176baa96fc85e29ec32db32e9400bfdbfb106e5c695ba9dd4f58c229db69cb1f0c810fee425b1c1e95e8b30e1de94d78e0b7b814a7e3c5210f3dde21a3ef2574796af33c71f986847a0355f5ac6d8ff4475ce55747db603580ef35383a5161847875a306d8cf627927a5143c839a5892156cf8874b46e27d2bfb6abefe00c6bd830dba307116fed2ce23bb0a9731d13c2dd9fe39574702ff12a2d57a21c960e3ae48719840646ef482994d8749b28049e5a16da9a468a79ad6664a7bdb65e7725e5afaf5283a0c708f825d1a6d818bf3c8689187f28eebff58275422f60c718594981c6d3760beff9ea7f1fa5db08df7443f193505678d7b190b2ccca961d9ca3dcd9dffff27f26d067a0a6d64661b07d668880a9234963f67d8e8ad06778e896b297d2dfd3c8a0b98936474e1f443f338cef670097d491697f14de8d089092429929c885c57af2e400ebc600b524912436f796bd7bd76e9d93df3e68f597061727ee25fc1844be45a46b2d7efdee22b26b0bf25b8549bdb414c611b964e4003f6371f7b8e380cd1ed24cb5f9ec061b1b5b926a9f8630e0502a5d5a7541cc6dc992b7f6068015722a66a7d907bb52269bdafa12f24e27f005fd1d57f4b402ffc775751de2bba9d04ad77db0bbb27e7496c6b5c0b586f42c83247d54cb8f07130d50b196607d3ee56d6dbd314786ecf143d4209c570a3ffe0cd170c23a79dfde969441f60665eb6f0d6415e1c2fa7f58b86fffb8cbb1f227cbef3fb069dd29f9d36d0ae43d893aa72cf37c44bd24c208f364a55d630cedd0927062e136206210936e744ebd93a2a5f6cd383126b2dfaa2dfd864a0aea6b911f41c9dd2d87d04608dfe0665f1ba4c3a078c6c87e74f257b71e0cb5bbb7b519b4d1c708e41baedfeac26af0170c47331b3f44a7ef4e3b730bbbe4bc76f53691c1fbb567f4ec434db2cb8e598a37ef7781868ab7214e4010e298e82c74bd836e811db92a7f1dd399adf60b679ee875b96a5741e5909a3d245597fdead150e27c8f01826c90c81d56a57169bcd22473200ebed427c8e8a3caf0ad34460ad0ad2f109ac45f4edd9426d5caeda4a29dfa8728a1aae45d627e7e38ad6edb3d90df98d5720cd2982071a43e681f523b6b79fb20f1c0e688829c657f5d858a0c2b482f2aa236aca4853d1c51742b78d46efce6ba118f08bd3e00d7538401c5a4356b5436a99a03c8444e838606dd853c89103bf9c0e8a0248f374dac905f898aa87f9a402f039630f65d88094ef0eb8884576fa2eb181628285ae16bda2a6a87eb9eb1b2301dd2b07fe07e0c35836a82f0e71b91acc2b51d197d6883a9614cd461a58c0a61c4f3adb8545837d0bde445b87cc912ec4b38276d408605b9e866ede8a629cd3068fa4a759a7c87c78eb6ce521d014edcb67b5896e339b237dc09430205c34b6c194a6994556c5ca8a33ac62043d795b774cc1aa0033001d0dde0f2c98d008545f99e98606145f3aecb5097e661296f5222c7841695086bf329", @ANYRESDEC, @ANYRES8], 0x2, 0x1d6, &(0x7f0000000200)="$eJzsmb/P0kAYx7937Quvb4yJi4OLg68Ro5S2qGEhBhN3E/DXJpFK0AIGagIkDsTFxdHBxNV/wMHBycHNzVUHNTFxkNG55o5re7ZAwKmJz2c4vvfc3XPPHfAloSAI4r/l+7ffX59frbUuADiKQxRV/KeRzOHa/C8vH59/Ub/26s3n1x8Gx55cSedjAMJw+/2PAHjfMBBEnRSH6rUFHusb4Din9C0wnFH6LjhuKu2B4Y7SDzQ9jPbwPeve0O/c7/meLRpHNK5oqvr+JoDFnKEDYF+eLQyZNj6ezh62fd8bpcVeGO2TGdpVbLo/WV+Do676oj7xft1+9nQuKrZU3NbuzwGHo3QVDE2layjCsqzkSrTznzST/MY258+DOF7ORRkk8iVYOiK+0HHkxOLdx+yqH3kp/h+ENC4AmaFPB7vkEQ7wd6SgTGDlqsSfmAmc1fzJhBn7RyXoP6qMp7Nyr9/uel1v4LrVy/ZF277kVqQRLdsN/rcv/elAy7+XtUhJgRUwaQfByJkAwciJ++6y1Ry3+Xb4S67h0v84SqeXOcRHRR67uLqe6LeBSy16JWNt8QRBEARBEARBEARBEARBEDtxCkz+C6oeVIVrcK/L2X8CAAD//+lAY1E=") getresgid(&(0x7f00000066c0), &(0x7f0000006700), &(0x7f0000006740)) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006840), 0x0, 0x20000000) 4m2.233720263s ago: executing program 3 (id=137): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540)={[{@test_dummy_encryption}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") syz_emit_ethernet(0x1aa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f00000004c0)={0xf, {{0x2, 0x20, @multicast2}}}, 0x88) openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) socket$tipc(0x1e, 0x5, 0x0) 3m59.231290593s ago: executing program 3 (id=143): socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000d40)=[{{&(0x7f0000000080)=@abs={0x1, 0x30, 0x30}, 0x6e, 0x0}}], 0x1, 0x0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000240), &(0x7f0000000280)=0x4) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200010, &(0x7f0000000300)={[{@jqfmt_vfsold}]}, 0xfe, 0x55d, &(0x7f0000000980)="$eJzs3d9rW1UcAPDvTX/sp66DMdQHKezByVy6tv6Y4MN8FB0O9H2G9q6Mpsto0rHWgduDe9mLDEHEgfgH+O7j8B/wrxjoYMgo+uBL5aY3XbYmbZZlSzSfD9ztnPuj55yce07OyUm4AQytyeyfQsSrEfFNEnGo6dho5AcnN89bf3htLtuS2Nj47M8kknxf4/wk//9AHnklIn79OuJEYXu61dW1xVK5nC7n8ana0uWp6urayYtLpYV0Ib00Mzt7+p3Zmfffe7dnZX3z3N/ff3r3o9O3jq1/9/P9w7eTOBMH82PN5XgG15sjkzGZvyZjceaJE6d7kNggSfqdAboykrfzscj6gEMxkrd64P/vq4jYAIZUov3DkGqMAxpz+x7Ng/8zHny4OQHaXv7Rzc9GYm99brR/PXlsZpTNdyd6kH6Wxi9/3LmdbdG7zyEAdnX9RkScGh3d3v8lef/XvVMdnPNkGvo/eHHuZuOft1qNfwpb459oMf450KLtdmP39l+43+KypFefUmfjvw9ajn+3Fq0mRvLYS/Ux31hy4WI5zfq2lyPieIztyeI7reecXr+30e5Y8/gv27L0G2PBPB/3R/c8fs18qVZ6ljI3e3Aj4rWW499kq/6TFvWfvR7nOkzjaHrn9XbHdi//87XxU8QbLev/0YpWsvP65FT9fphq3BXb/XXz6G/t0u93+bP6379z+SeS5vXa6tOn8ePef9J2x7q9/8eTz+vh8Xzf1VKttjwdMZ58sn3/zKNrG/HG+Vn5jx/buf9rdf/vi4gvOiz/zSM32546CPU//1T1//SBex9/+UO79Dur/7froeP5nk76v04z+CyvHQAAAAAAAAyaQkQcjKRQ3AoXCsXi5vc7jsT+QrlSrZ24UFm5NB/138pOxFihsdJ9qOn7ENP592Eb8Zkn4rMRcTgivh3ZV48X5yrl+X4XHgAAAAAAAAAAAAAAAAAAAAbEgTa//8/8PtLykvEXm0PgufLIbxheu7b/XjzpCRhI3v9heHXV/vf1Ph/Ai+f9H4bUWL8zAPST938YXto/DC/tH4aX9g8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9de7s2WzbWH94bS6Lz19ZXVmsXDk5n1YXi0src8W5yvLl4kKlslBOi3OVpd3+XrlSuTw9EytXp2pptTZVXV07v1RZuVQ7f3GptJCeTz1tCAAAAAAAAAAAAAAAAAAAALarrq4tlsrldFlAoKvA6GBkQ6ApcKsHrbvPHRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANPk3AAD//0unNek=") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b) r2 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r2, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000000)}, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r3, &(0x7f0000000080), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17) kcmp(0x0, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002001100000004000100080004"], 0x44}}, 0x0) 3m57.592327833s ago: executing program 3 (id=148): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) getpid() r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r6, 0x0, 0x0) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r7) mkdir(0x0, 0x0) rmdir(&(0x7f0000000040)='./control\x00') openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) 3m53.406516685s ago: executing program 3 (id=163): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008d}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) r1 = socket$pppl2tp(0x18, 0x1, 0x1) sendmmsg$inet(r1, &(0x7f0000005f80), 0x0, 0x8040) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r0, 0x4, 0x4002) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x1d0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r4, 0xffffffffffffffff}, &(0x7f0000000800), &(0x7f0000000840)=r5}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$F2FS_IOC_MOVE_RANGE(r6, 0xc020f509, &(0x7f00000001c0)={r3, 0xc, 0x2, 0x3}) setsockopt$inet_MCAST_MSFILTER(r8, 0x0, 0x30, &(0x7f0000000a40)={0xffffffff, {{0x2, 0x4e20, @rand_addr=0x64010101}}, 0x1, 0x4, [{{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x26}}}, {{0x2, 0x4e21, @private=0xa010102}}, {{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {{0x2, 0x4e21, @broadcast}}]}, 0x290) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a0010000400000007000000000000000000ff0f", @ANYRESHEX=r3, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000000000000300000000000000e6000000000f90a538660df9403ed051d88d1bf519a89917c2798fee773c8800db9a457a06204f4d3a45e659f9f15575c42ba5012044f57bdaae56d8b9ea719f4f647c7e7e38753444470550300047137adac3fc2edca000787a0c67b2a53d1c27e3cd44c3ba32bbbda2c000c8c74ab8167d1d6e84621fe6fc56"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r10}, &(0x7f0000000200), &(0x7f0000000380)='%pi6 \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000004ffffffff00000000030000000600000000000000000000020000000000000000000000090200000000007eebc7f4074c7eba745c817809fd4c181ff0e786cdae119ee47500db517f9cfbc95899db184fe424fb85cc299a2cbc9a2c4e828c8cc8ca60e8ff4175483e1d486f990dbf8d165ee8c30fc18650a7c06bd3c567936008b1dd30d6cad7f1d56a37419517a541e4602ab4a6cd7d8e777c2622b6b5ed6fe785b1dd0ff6d3f725232b3e995e8fa7f4b6d9435e3b581712b8968d3cb6c810276c6d9755d03529faa1b6c86b547dbdb7e00ffefc1a9455e9ef8f0a838acfa4e398f1bb58b58559a2387b51c482219c79a16a8b5288c350f5f05c467bfd35d22858f85919a2bbb82c26e5e56d762211c090837fe4d21c9c3b059331173f38062529ff09164cf6ccc0abc31cc1907fa26f4c7bcc55a34d7bf0762bedbdac9a7fe4b6a513737fdb124d0de7bdb589f235d9432b49fe86e8927f8d9927a99d0e375f79a1149468c1f9"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) 3m52.981561673s ago: executing program 32 (id=163): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008d}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) r1 = socket$pppl2tp(0x18, 0x1, 0x1) sendmmsg$inet(r1, &(0x7f0000005f80), 0x0, 0x8040) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r0, 0x4, 0x4002) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x1d0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r4, 0xffffffffffffffff}, &(0x7f0000000800), &(0x7f0000000840)=r5}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$F2FS_IOC_MOVE_RANGE(r6, 0xc020f509, &(0x7f00000001c0)={r3, 0xc, 0x2, 0x3}) setsockopt$inet_MCAST_MSFILTER(r8, 0x0, 0x30, &(0x7f0000000a40)={0xffffffff, {{0x2, 0x4e20, @rand_addr=0x64010101}}, 0x1, 0x4, [{{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x26}}}, {{0x2, 0x4e21, @private=0xa010102}}, {{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {{0x2, 0x4e21, @broadcast}}]}, 0x290) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a0010000400000007000000000000000000ff0f", @ANYRESHEX=r3, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000000000000300000000000000e6000000000f90a538660df9403ed051d88d1bf519a89917c2798fee773c8800db9a457a06204f4d3a45e659f9f15575c42ba5012044f57bdaae56d8b9ea719f4f647c7e7e38753444470550300047137adac3fc2edca000787a0c67b2a53d1c27e3cd44c3ba32bbbda2c000c8c74ab8167d1d6e84621fe6fc56"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r10}, &(0x7f0000000200), &(0x7f0000000380)='%pi6 \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000004ffffffff00000000030000000600000000000000000000020000000000000000000000090200000000007eebc7f4074c7eba745c817809fd4c181ff0e786cdae119ee47500db517f9cfbc95899db184fe424fb85cc299a2cbc9a2c4e828c8cc8ca60e8ff4175483e1d486f990dbf8d165ee8c30fc18650a7c06bd3c567936008b1dd30d6cad7f1d56a37419517a541e4602ab4a6cd7d8e777c2622b6b5ed6fe785b1dd0ff6d3f725232b3e995e8fa7f4b6d9435e3b581712b8968d3cb6c810276c6d9755d03529faa1b6c86b547dbdb7e00ffefc1a9455e9ef8f0a838acfa4e398f1bb58b58559a2387b51c482219c79a16a8b5288c350f5f05c467bfd35d22858f85919a2bbb82c26e5e56d762211c090837fe4d21c9c3b059331173f38062529ff09164cf6ccc0abc31cc1907fa26f4c7bcc55a34d7bf0762bedbdac9a7fe4b6a513737fdb124d0de7bdb589f235d9432b49fe86e8927f8d9927a99d0e375f79a1149468c1f9"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) 6.390909253s ago: executing program 4 (id=1273): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000000300)=@filter={'filter\x00', 0xe, 0x0, 0x90, [0x0, 0x20000240, 0x20000270, 0x200002a0], 0x0, 0x0, &(0x7f0000000240)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0x108) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x24, r7, 0x1, 0x70bd24, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x380b}]}, 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x9590f6cc3aa755b6) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000001040)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010025bd7000fbdbdf252e00000008000300a2263dbbf11864182fb8941dd194c7df3a5d7941894e8d33c2da551e41a0a475b5ec125f7b8ee8b17719351b782d8ce2e427e489f590d91ee033c4510b9c5f51058c26b33d04e2b4853b08833367d6f9c5", @ANYRES32=r8, @ANYBLOB="0c009900020000000c0000000400af000400e200040046001e0094000800000600000000000000070003000c0000000600b70000000400000400cc0010009d00000700000900030004000200"], 0x68}, 0x1, 0x0, 0x0, 0x44004090}, 0x80) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0x8, {"d1b3d695ebf1e3f3f8dc14bb7182b7fb6672df0ef699827552823f27b2fe09a4675e977037acd83eac275c94e133f9daa5cb9f6105eb64378a738493908a6a3e466779df631746ea061f940d1c31878b5564c6f08edf60beefa935b1b1f7a958d921824f3b40e84cc8b06b616a96c03abdc765984750dd8126803d726373a630fcf901f0f30ee0d0eb3bca88896d2e8a06e3a271c2e648690d513cc1083caf3b7e05feb094c1f05292c53c8685e423bb3910cfbfeb680b8e28b008912e020de8ebd922db9e634ec5951dc23c496262c811e61304a5109b6b31a087417d2f7a14c0a7950fd3f568a1b856b3b9ee2a458c3c8d55b93e8c6e68647fc4cd7b74da727a24c30456d48d3fd2eec6a871d853e7947893411228678b239d5f6ec0b43c5cbd755cc33eb3b208e2a12dd8d95a94353b954cf6d31cfb7151eb43fdd925bd13d10457d7562b3b0b89576c273154fa2ecd70bae1e4580734ddc11eb56d7e3bbe3c501cf4157fa24422ba06b2bd488a6795635614855a4f31767db029c02b73268845429d177a52b7ade4f12d77849a42b1b357d8aa5d1f912585b1586c50916681b881a08267f1513cc83ec54e0fdc091d0fdd23ec682c7ef36eb2ef27531d5092f43c4e5a77eaf2678371109b90e3147c9fdef304c46a083e849fd904a57af4784345bf395f0132301e69c7434354062459987c4f17f57b14f2ca3b7c53ef60e2488615c9e7de6e92ac83d629f1e98cecbf345e97e62ed9d65eb79414072837f82a73c6fcb4d82b585df17f45139c4c6b3e3a82ffe54cb573e631284962a406e5531e5cbe0fc2742219e51debc030d0c011fb7f380e52fbe54cb520c1e425cce2a305a6d2c84bff11f17d8f382579a2311b5e128e97f4f5c661e1b9b1c6ecf2c52cd38ec05e98fc59d211925db90519f127a748897bb1dd2b317881b7e2c3e0a92a93bbeff14825b0b992ce8af3dbe7ca47a90f80e325e1fa727aefbcf767b52a9f5f1963d4b5f42f5ed01d86e88dda18f78d849e38f81173a5f5d58441c0e00d7d90d201e4955644090c2946323081d81ab408a582c80e836cdf7103f37fd30b23092d3d3f69874150794f1f9f0e2970b107717ed476071f9a3eb2d936dad5650f9ad2c2e5abc4f7999a00f777d0391d0b2f18d7981f0acce09f6eaec0285cf4004d0d776786050c279f1f528fefe0943b0d5ce92c7726f4e7e66192c532aaf484165254c54e25e9abf426f814ccb94475e518ce3a536f9d71603e44748136178ddf9dc641a0d796f43abb1446fc27871222a6aabccfeae79cd0ebb71accd71d48fffe74c4873a349759a9d6b2119050640c7813f72625e7cf6f004dc6b21738e63cbe8f2227489b01243837475ffd1981b3e573b2062b71df889048f90e16205a94a4fef1efa5f664d26d5a1e83719464563b302176bbdbf6627979d899b13a59ba376f96d304d7c2322e80e0fc9ce3e946f69569be5cf5f440a0a33df0a01eadff62e968c7dd8b91abd942bd4a577444039e972cedea4897729ea5726b487c63ca6978d8ca502835a7e2b203c64cb68c7c9d256ce39af7d6621c7242f0d1281a50d643c89b0ad277bd0f537c521f6a28e2ad38839f2484a140092d214bc4e4b73ce1cca765accc8ef0a651e0c1ec755210df8213f613bdc71c831db84ce27ba56ee1b66c30f103cdbabbabe8ea8de919c8370cc6bf6c87e9b81a8efb7ef434550ade405ff63717655fa725c668e43397f9ca568317eea97dbad6fe24392429ec0f73430baf5ffe8372e5494e12003dc8a31d20afce1ad76ee68a501dfe2d9c2820462c784627756ec5ec6d54bf64f8e3693b1a9577ce7652b2ee26e795263c4202aacb4b5eeebbc611c68831170898ab319e9be1793a8280672f1a029d58d5051605832d8231f355c0b8d1d6f34463316b70eb40e64ebd08a6abd532d6d26fbfbabadd8ef424eb712681bc816c6182308cceaabad0baa4102997462d51b72e04faa593e34797be1ea13780fe5a69cf13d0137aecb1328c6bfd9f66793db5edc36088460818023a5de66e130c98e11e8802580e2d9324d8ea2e4d81dd93de12ff6b1dfd5beca9187b0fb02e5ab5c26a196ed91894ce94a978a3a31ca7fd80711234c00bf65aaee2e338cf1cfb4bc0364c93ba3012f596fccf6e29ff162630493dc617e2a7ea02b23118bd3d61ae4f92a8a0333d529e2ef6e46e12b21f6cf74b34a2f85d42dd13d09b8ae93685e4aea8ef27765dd176d0ce43565abf964738632d50308f8a876f9f55eec14e9e7432bd2b404726f9e85d2856cf39916b872d9d1e68db06bf45be11ef36278bd2ceb9bbb6b64f239ceaea182b11cabeac228a0e8293753772975b4c50ea6c549184c6fc32a392d180ce902e30bd47a9ec46d7cc9a7c48eb443cda67334eafa22dc5f3426a6085f42aa310d99c7959b103ddc1fb6e5e4621aa37669c96fa81c9d3fcfd07f5aca3a19c80704b58843dd27a1e997aa6fb3a807e409b22991ff584dd9372d282f1b6d3020a1876fe67568769dec766a52e4a266104f963b68a1912eaa40f491175d3dea21471ec6a4ba6b8bb55e2a59d86e192348ab693558c93d81b039f8e44fff87b753087908b72890e6fa90e9bb7636b810c3175534028a0a9d2978500074a70df5ea55fde86e03ede4dcc105add716dbf6d205dcbed423c8e50cf8011065982707e8dbc10c3de5c0f21f80bfcbe60819a828aa6b02af29afcd6b5ba3640212e57b0ac1adcb380046ff2e959cc133726bf53b2c2e6eee98f1e9d30a908370a6889d293fae20edf23e179ff35b3fc243e13e94f8f81ff1e35da1d6460f1883c0900f165dc76c62d40af1b8b2b02029a3f87e9333e8fec90053b2ce3edad4aba752631b0cc062038856ec2938135320a38beec0444765d6d7a63204afc4f69fe3c77ba85dce392040cf7a6c8b60eb42f722eca4c2cedfc1b7a016d7dbffc13769f7561c9332f36f9a83ad69b75b2c3050befd624136bc95a8e845a30e05b2f71937e77a22d45c16a28b6cf02e0c3c71f2d18ca605890f7431d9f8d9c5eb8fb10afbf5d9b16423afff55bfa481ab5b3ffb7c54e925d589bad14e1f4cfa1fa2434bd53115258e90685b131440f19e78670b1b9df204c70ca74cea2e325a6850c5a5d1fa7b1da18b5287afba5cbcec770131027ce91a4e919356af5b033bbeb6a4c48dafed367ba93cadde2fca773e384fd747b984db12c613282d234e2875da5946cc05679626e4d3439f28204af872a93a6ba630c180054cfdbb334b6d5ec96b8ff6362fddee1f0b61e7d41e1456aaeb01fe6af202273dd14cddff4a3cfacbb58d00fae3a9785723aedf41f07f866f84ef61db5fcebcd4e2c7e86ce486df7a479d90df9ef9a11d220e2f7622197868a7998f4827106e4cfda7c125bde4cf1389afdd02d3c4dc2dc9efbd8f56f42fb3fdca3e44a142e6ccecdd7105f9ad75fb4ac7a2df6d623e8ca24bb848b026b585d90b6c98587a59812a72e84c8ca102032f7500f5f3effd25108531b6ff38083f77a1acb40057dc75bf1b6cbca26dcd520f3838fb48aa168c875448beebc2f794cece7ca64a48492ad2dc6b498b6deb304b3552428b32964ad65a175bb8eaf9b95cc53c073185f5158dc52d7232c0de792921c794e5def26df78b154b26a69d110d4cbe8b2f17fde0026903ce2a1d3cda7b7b0114b8c97e8a11ec4e96a1fa6d146fbe0b942edc9841577751ad70db443216e7428ce82030b06d49a4019507ea001dd38c5123e65f77f4c8402415f700084c6f1527a5f5499e8dcd222da12ed0121aac9c81c5a2949de569f6956b56c5572de5205ad7e4365657708aeabd44d9a64c09b51510941ed4358a916b56b5e9bcaf10e2e6cb3cc67023a5dfe86a88dd73f5f101a6fb7cff7156ea8e0b8cdac7b94a63978665747b7c7504cb113e5dc8fd4d8b8d22112e23c16dd57385b8fb654ae0940f81dbc8e8b175e5e0ac4b19e6524b56c34457523f4d97b08859a6213bcf6f3ecfb714e311579d2d8f8a2f1f37dfaa3b9ea0af347085c496e62886d55d41e59aecabc1aac12a8de088de3558458cb1b33495ffdb8f81b23f0f8ccf27d4b66b2bc3633a55b16b94f6af81f8795ded6c829d835e68258dbe287cff6ef3c155800409ac3f02056ae9ecac5e487c91fb1a4ada1739cd232aeb6bbc6c6aabea959f1b97802b4df9b83cc4abf704f1c65a469fc0801994b9191e3fdd7f719ccf1143ecd9440ec1a130d25500c374cf1e81563e5909f73989c427f4cb9ddd39ac5723d2f3d56bd7aab9511479e50fbc9eb58388b838c95c315859f60ab4ceb44903b4f05aea845fbac61d162e23bc7e814e464d3c580c255a03246e227d4d5d1d05c75c4cb73454774fd2c9777781ae60a3610be2c00ef168c06309da21f7ec714717e326e75ac5b107da0d55d1eb7e7a1c00523136e40ac59406e93a044c209890b20405bfc8861655ebd99ac867b8e1217b973304e93f6b4f30c268d242c6f2770f3417735240d61d08d37393960c14cea24e9f28b42ce207c3edaac67b85571d661b5f92d0a85735072a026e56c7c05a53aabfc65cc38f513f9e622cd25923ed31891ca8a05a552652c24162776b9cdce4c03dfd3a6e39a609127916ba84d76af06b660eff40d807814a126cbcad4bb703b054c9780065901357a9e54bd513bc9aa3d3801cffb298c8e4d0b809986a950d7a156b8e9323e050ae7174d9a62b305f2933f794d2a58da904469cf61ac112f6c8f3482423c5de3a60c504525967bb16f89258447a7dddc53e1b188fb0e9ced2a51548158e871edd4d931ecd50c95ab00fe40d0fdccc4b79f795752e2272e3e785586d01f7d3ae16642330f9937840503b4e47e80a87086cb05c87f18aa6aca2ade4b6a7d2c69ab3ff0bfa78f34dfa598eea50c375577ff85ccbe02ec10208c09ab14f7e602a197416a6d1963b8e2b86170dea2c1e3f2447df105aa62036906fdf1c6b10c5d8134ecfb1b06638b12ce0fe6c7d0f3fc91382a570c1934c7fe1a5da829fcc226bb3734da68d18a742eac2ab40800771b89254cf5ebee7022f5a4c5b23fd24d618c0d896544254c8b9ae71e6ce143d3fd3f6355161f643f827717eb8332b311ea6cd72649213c69271f4f5faae6f1fdeed26e2b445d4b0f10efb33cf315ba475d2d7c3dff2e9dcc8c4aecf2d9fa997c054a4350b715f8d5eaf0fa7ec67e03259dfe0a9ac64e2c23b284a30343c8cb18947b6779debb4ef5a46d95c330b5d4940cafa0246e2447472d1be9fd9853f7c68daa0a819c0f768e30f5e4c9ab5de6b99095e6922610800b751c41cd65a79d584c605e30edf0e8a775cf9c2b91bf719875d7fe6a0b15311a8a745c487526ebbe6e2e0e6b26347bc7af7536b70272099e1479d012d7bec46ea69e60d057d5338235772dd85ac0d44d8f1968582719d5396c2f820b6fc21080aff60d36903d44779fc6b932a08cbadf1a59e7ebfe3f88266d5dd18be781c7b1b5327ece4b7326c0926280794d14ec1124985b55ac4266f756f007e9ca991a9c4bda99f175f5e5b571e9bbca4980c72376dd218d4991e4cbbb0a542b6705af5b89f0e38dbe3fcc2d7e778e4e0495b0d935e2f13237c60a0775782174c924e0e57055dd1ee8b4fc7c72e90282d6f61f56e31a453b5119abe0387b7fe3b289e48323dcf5e20a7b5ab27d48345fe978f2a739b394965336c71b932dc7a163fc8a202c7bd35110103f1a08fca303338b2edb85549f3a94dfa41727196dff2acec4b0a6550e255c0faa5e1513fe9dd0d9aad58e", 0x1023}}, 0x1006) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f0000000180), 0xfefc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r10, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) 4.591040395s ago: executing program 4 (id=1285): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r2, &(0x7f0000000480)=[{&(0x7f0000000080)='4', 0x1}], 0x1) 3.356899504s ago: executing program 1 (id=1291): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0xb, &(0x7f0000000040)=0x1c, 0x4) sendmsg$netlink(r0, &(0x7f0000002b40)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)={0x1c, 0x1e, 0x723, 0x0, 0x0, "", [@generic="e996cdfc468dd980cd"]}, 0x1c}], 0x1, 0x0, 0x0, 0x24008015}, 0x0) 3.236583015s ago: executing program 0 (id=1292): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@sack_info={r1, 0x3, 0xffffffff}, &(0x7f0000000180)=0xc) 3.019398572s ago: executing program 1 (id=1293): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x4}, @NFTA_EXTHDR_SREG={0x8, 0x7, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) 3.007101193s ago: executing program 0 (id=1294): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000180)="440f20c0350500b800440f22c0c4438dceb56fe057000005056044240000000080ee80ee2402dc190000c744240600000000cc0f011c2424420f38f0e748b87a57bc6a591409330f23d00f21a5f8f8300000040f23f8c33e673e0f01fbfb695895298f6870cedd746544db00b9800000c00f3235008000000f30", 0x7a}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x10, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, '\x00', 0x0, 0x4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.731385183s ago: executing program 1 (id=1295): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={0x6c, r1, 0x1, 0xfffffffe, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2, 0x8003}}, {0x4, 0x2, @in6={0xa, 0x4e1f, 0x1, @private1}}}}]}]}, 0x6c}}, 0x800) 2.429924711s ago: executing program 1 (id=1296): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xd, &(0x7f0000000000)) r0 = getpgid(0x0) sched_getattr(r0, &(0x7f00000011c0)={0x38}, 0x38, 0x0) 2.37144574s ago: executing program 2 (id=1297): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) recvmmsg(r0, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=""/180, 0xffb0}], 0x1}}, {{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000001400)=""/94, 0x5e}], 0x1}}], 0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4) sendto(r0, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) 2.351872903s ago: executing program 0 (id=1298): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002240)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0020000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26ffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c1f860d050d694cc7806d294d3665016a7b29da0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d40887c58559b7dcb98a6273b8c651e57f727041c62cea5b7bd24d9f679e4fbe948dfb4cc4a389469608241630459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b83720eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb89872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebed161980f2fde4f9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc3600040543a34b195c6a8fc054282cd41b264906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e4bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af41000000000000007f5ab0d534b8d63e4ca3be71f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733097f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99e85b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5359dbdfbf31a562395020becaf3fd1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4b28288e78980c1184d8223edbc4bf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b5524642c248aa813edaa626f0000000000000000000000000000000003ba5bac34b611569a451564d3a5400f9097ffe7a37e765bc652be71ee24250d6d9cf19878dd62c53062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89ad07963acbd4dd4dc5b4552591edde7a22ad06f7567e6fec2f65011b579bf609d61a3ff4d6f490824bb035995449fc34106ae6889f036d67b6aaee784f855ebc746ac871b5d2031ac0a252ac1f86e93e245f3793cea80b6de773899d49d11d3b1ed79163b111c976cf840a2ef6214a43338fba8c9edb6be26e68fcc5d47ed74a66ce8aba726ab955b9b32ab1890e84a5e2d7476252af25e5c95c5a8b2b1b5c8a2645b017d23c0f169d6ab529cc889bb07889d9e155114cf3e26a50c527ec6d4021cd2cacfea6d7e41e39e26b3967cad65c648b170f12ea9cc69dcee64be0c27b1f4f7f5ce3e62c35602c9d2921326891901661c85b9ee4a0a0b9636bef4c23788494f094abb91ed813b42828aa93105896e0aee851a8087e169a1d69e841257d9053d0cdc3a6ac4f12084cc6470abebe8b344b1f56690a2687b428686c854c21831da277e8b8a21b7b91a46d22ba083eca7b1f8268048cde7d6f237dca42035881b29ca9c8c2937971821b613894297ff6f7796053a4de1fd77e180cc22b205d43bb4a1b59962c1f605ea1b74587100e8d579f157cb45561c357f9976cec6a43388b3049a0d9c171ff6145266ba119d00000000001ef3794a930eb12f3a6215c510bf0bca70c127e9c70cc7bef921249a7f18a0034ce3264a9e96656b47233e2ed7c76520e649c3fd550bdafd77c5cd72b4446d3e157ddd97e7622a6891fb739acd3b2cdaf65ac78490f0641be6e8c6f55bf3d228786895ff5fd5970faacd8a5025aca0aa1931f477ba06aa60051298c8bf7f3b399194f98dc3f4e8513ad06da09dc393c1284515986b8c70ac69512f6c0c04f42edb3a097a11f2ab480e3e391abffae097752300576337c6dd24c4a98280684aa1fe8c7b43ee8bce05fe979b34da18cdb44dbb030b8009cd3b3b44fd8e7b534acd3f1839cb54817668ab446d3d47848429ea831a57f26c8b05dedddceb24483f8f998b05c3ddf85c3799c9000000000000000000000000001e57cf839eb3150d6a076fb7b86fae98dbb46014f483aecb4ec4f0877371bcae8912c78aff857c669760f0e55041563c5c3e8ee4a0eef885fd43fe34a1febc82370d1d07fdfe705ada4764320889000000000000000000000000000000a790af4fc17872b55b10db99e212d18193235659df45627da300959eafc8bfb44f70d250f8f2e86532700254c9a8b14999f59c8b9034c4bb2448eaeff5db21d4a7f3d974790d4c3cba7c402f50585b9289d86400679e5c2bcacb2841ca074d51fdb4a29e84d72b6c996cfbee06aa52cd632e82ba068e8e1572ef2eb414ba5fccfc3c03e64df6a9cc3936c604aa2c0e2ec7b777475023f29b146af003472ce146a5ff997ba53c51026c0096154f9280a34bbf21d66f57a250b5397766122fc86950ce5252e96868cd04df54764cf2082153d6cedd8aaf9700c734aa4a1cb33a2e0a13c5687be4de327511bff9816d13c3219dac1c1535f10243db6f96960ea6a621f5e1b7babbedf0a6bf0cf74123d2e78d01be2b048883a2459eec630fb0293d28d9799fd3a792caff693fd9f002f14c43fb5a1051cc686b7f114d7927eed559bdf2e8ddea3e61d5d942b63fe90230b2e1948fc563ef94d437281671d2fe5032d2a091fa842b0af2e116ba"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r0, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000840)={r1}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x2f00020b, 0xd, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b9", 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.150916s ago: executing program 1 (id=1300): memfd_create(0x0, 0x2) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000183b9220b113420016580102030109021b00010000000009040000012e459e00090504"], 0x0) syz_emit_vhci(0x0, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)) pipe2(0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x500, 0x0, &(0x7f0000000040)={0x0, 0x50}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = gettid() madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x65) prctl$PR_SCHED_CORE(0x53564d41, 0x0, r0, 0x2, 0x0) syz_create_resource$binfmt(&(0x7f0000000000)='./file0\x00') msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6) 2.150699589s ago: executing program 5 (id=1301): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x194, 0x65, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xffe0}}, [@TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0x134, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x120, 0x6, [@m_simple={0xe8, 0xe, 0x0, 0x0, {{0xb}, {0x3c, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, '\\}#\x00'}, @TCA_DEF_DATA={0xd, 0x3, '/dev/kvm\x00'}, @TCA_DEF_DATA={0x7, 0x3, '&&\x00'}, @TCA_DEF_DATA={0x15, 0x3, '+{%^/\xa9{$+*\xad&)!%\'\x00'}]}, {0x81, 0x6, "fe5a2070be52f0035382619e6cb23eefc87329b3b2ddf2f1abcb28f900804dbc701d717ed71dd1fcfb88dad905899a1ec43e1e3a515ca2eb0774d7ba1859fd1b230d96606ce59c18977b874df89f812968658e86ed2227b583c11e7e17de60d1536b09f47a2c3a5c98687257648ee2f5daf28ba52f8fe8b4ad68d67b4e"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x6}}}}, @m_connmark={0x34, 0x3ffd, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x6}}}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0xfffffffe}, @TCA_CHAIN={0x8, 0xb, 0xfffffffd}, @filter_kind_options=@f_flower={{0xb}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x8, 0x6}}]}, 0x194}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0xc5}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 2.150530931s ago: executing program 0 (id=1302): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@acquire], 0x0, 0x0, 0x0}) r2 = syz_io_uring_setup(0x1339, &(0x7f0000000480)={0x0, 0x3a52, 0x800}, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, 0x0) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) 2.01194357s ago: executing program 5 (id=1303): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="17890000000000000000010000000500070000000000080009000000000008000a0000000000060002000000000014001f00ffe400000000000000000000000000001400200000000000000000000100ffff001414bb06001b004e"], 0x64}}, 0x0) 1.82311677s ago: executing program 5 (id=1304): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@sack_info={r1, 0x3, 0xffffffff}, &(0x7f0000000180)=0xc) 1.806862238s ago: executing program 0 (id=1305): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r1, &(0x7f0000000280)={0x1d, 0x0, 0x0, {}, 0xfe}, 0x18) sendmsg$can_j1939(r1, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) 1.586899693s ago: executing program 5 (id=1306): socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) socket$can_raw(0x1d, 0x3, 0x1) socket$nl_rdma(0x10, 0x3, 0x14) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r2], 0x90}}, 0x0) 1.554547046s ago: executing program 4 (id=1307): keyctl$get_keyring_id(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_io_uring_setup(0x1028c4, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x109301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f00000001c0)=@urb_type_iso={0x0, {0x1, 0x1}, 0xffffffff, 0xe7, 0x0, 0x0, 0xfffffffe, 0x0, 0x1, 0xfffffffd, 0x5, 0x0, [{0x1, 0x5, 0x6}]}) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xfff3, 0x4}, {0x0, 0x1b}}}, 0x24}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0x401, 0xd, 0x5, 0x404, r1, 0x40, '\x00', r5, 0xffffffffffffffff, 0x2, 0x3, 0x3, 0x0, @void, @value, @void, @value}, 0x50) 1.414213113s ago: executing program 2 (id=1308): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x0, 0x80000, 0x0, 0x0, 0x0, 0xfffffffc, 0x6}, 0x1c) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) bind$packet(r0, &(0x7f0000000500)={0x11, 0x18, r2, 0x1, 0x8}, 0x14) 977.584868ms ago: executing program 5 (id=1309): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd) r0 = dup(0xffffffffffffffff) write$6lowpan_enable(r0, &(0x7f0000000000)='0', 0xfffffd2c) 599.452698ms ago: executing program 2 (id=1310): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88ad9925}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_ID={0x8}]}}}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x30}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004011}, 0x0) 469.073626ms ago: executing program 4 (id=1311): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.parent_freezing\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000004c0)={'#! ', './bus'}, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x3, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff7827, 0x0, 0x0, 0x0, 0x101}}, &(0x7f0000000200)='GPL\x00', 0x4, 0x100b, &(0x7f0000001e40)=""/4107, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 387.756086ms ago: executing program 2 (id=1312): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xcc}}, 0x0) 217.405373ms ago: executing program 4 (id=1313): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x194, 0x65, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xffe0}}, [@TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0x134, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x120, 0x6, [@m_simple={0xe8, 0xe, 0x0, 0x0, {{0xb}, {0x3c, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, '\\}#\x00'}, @TCA_DEF_DATA={0xd, 0x3, '/dev/kvm\x00'}, @TCA_DEF_DATA={0x7, 0x3, '&&\x00'}, @TCA_DEF_DATA={0x15, 0x3, '+{%^/\xa9{$+*\xad&)!%\'\x00'}]}, {0x81, 0x6, "fe5a2070be52f0035382619e6cb23eefc87329b3b2ddf2f1abcb28f900804dbc701d717ed71dd1fcfb88dad905899a1ec43e1e3a515ca2eb0774d7ba1859fd1b230d96606ce59c18977b874df89f812968658e86ed2227b583c11e7e17de60d1536b09f47a2c3a5c98687257648ee2f5daf28ba52f8fe8b4ad68d67b4e"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x6}}}}, @m_connmark={0x34, 0x3ffd, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x6}}}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0xfffffffe}, @TCA_CHAIN={0x8, 0xb, 0xfffffffd}, @filter_kind_options=@f_flower={{0xb}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x8, 0x6}}]}, 0x194}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0xc5}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 216.586295ms ago: executing program 2 (id=1314): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f00000031c0)="50aee705a512", 0x6, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20, @loopback}, 0x10) ioctl$sock_TIOCINQ(r0, 0x8905, &(0x7f0000000000)) 75.481946ms ago: executing program 0 (id=1315): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@acquire], 0x0, 0x0, 0x0}) r2 = syz_io_uring_setup(0x1339, &(0x7f0000000480)={0x0, 0x3a52, 0x800}, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 75.363018ms ago: executing program 5 (id=1316): r0 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xbe93, 0x0, 0x0, 0x40000333}, &(0x7f0000000340), &(0x7f0000000580)) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0) 46.395128ms ago: executing program 2 (id=1317): r0 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f00000000c0)=0x1005, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 45.783013ms ago: executing program 4 (id=1318): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0xe8c}, 0x2d, 0xfffffffffffffff9) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'default', 0x20, 'trusted:', 's}z', 0x20, 0x3fb}, 0x2f, 0xfffffffffffffffa) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) 0s ago: executing program 1 (id=1319): socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) socket$can_raw(0x1d, 0x3, 0x1) socket$nl_rdma(0x10, 0x3, 0x14) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r2], 0x90}}, 0x0) kernel console output (not intermixed with test programs): loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 174.908113][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 174.917213][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 174.926566][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 174.936773][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 174.946025][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 174.957661][ T7076] Dev loop6: unable to read RDB block 0 [ 174.973242][ T7076] loop6: unable to read partition table [ 174.979210][ T7076] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 175.382200][ T7090] loop4: detected capacity change from 0 to 1024 [ 175.421940][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.518523][ T7090] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.540440][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 176.099669][ T7109] loop1: detected capacity change from 0 to 16 [ 176.282931][ T7109] erofs (device loop1): mounted with root inode @ nid 36. [ 176.363105][ T7101] vlan2: entered promiscuous mode [ 176.368441][ T7101] bridge0: entered promiscuous mode [ 176.404816][ T7101] bridge0: port 3(vlan2) entered blocking state [ 176.420914][ T7101] bridge0: port 3(vlan2) entered disabled state [ 176.435283][ T7101] vlan2: entered allmulticast mode [ 176.442281][ T7101] bridge0: entered allmulticast mode [ 176.479570][ T7101] vlan2: left allmulticast mode [ 176.492199][ T7101] bridge0: left allmulticast mode [ 176.513391][ T6632] udevd[6632]: symlink '../../loop1' '/dev/disk/by-uuid/dc99752b-953d-459c-b2db-a5c46e0e7dba.tmp-b7:1' failed: Read-only file system [ 176.534042][ T7101] bridge0: left promiscuous mode [ 177.661015][ T7091] loop2: detected capacity change from 0 to 40427 [ 177.787996][ T7091] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x1fffff [ 177.831726][ T7091] F2FS-fs (loop2): invalid crc value [ 177.950741][ T6632] udevd[6632]: symlink '../../loop2' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:2' failed: Read-only file system [ 177.982817][ T7091] F2FS-fs (loop2): Found nat_bits in checkpoint [ 178.179654][ T7128] loop0: detected capacity change from 0 to 512 [ 178.235086][ T7128] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 178.252383][ T6632] udevd[6632]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 178.340558][ T7128] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 178.394883][ T7128] System zones: 1-12 [ 178.432694][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.474803][ T7128] EXT4-fs (loop0): 1 truncate cleaned up [ 178.514803][ T7128] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 179.295866][ T29] audit: type=1326 audit(1733900579.750:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7127 comm="syz.0.269" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd4d157ff19 code=0x0 [ 179.980018][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.980025][ T7150] loop1: detected capacity change from 0 to 1024 [ 179.980857][ T7150] EXT4-fs: Ignoring removed orlov option [ 180.038689][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 180.089539][ T7150] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 180.237816][ T7150] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.343830][ T7163] loop6: detected capacity change from 0 to 524287999 [ 180.358174][ C1] blk_print_req_error: 7 callbacks suppressed [ 180.358196][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.373524][ C1] buffer_io_error: 7 callbacks suppressed [ 180.373540][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 180.448625][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.457912][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 180.473058][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.482318][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 180.528740][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.537989][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 180.547139][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.556331][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 180.567009][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.576216][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 180.589305][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.598505][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 180.622154][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.631442][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 180.689209][ T7163] ldm_validate_partition_table(): Disk read failed. [ 180.726183][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.735426][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 180.746549][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.755788][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 180.764464][ T7163] Dev loop6: unable to read RDB block 0 [ 180.776408][ T7163] loop6: unable to read partition table [ 180.782721][ T7163] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 181.803424][ T5825] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.913381][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 182.265827][ T7201] loop0: detected capacity change from 0 to 1024 [ 182.286717][ T7201] EXT4-fs: Ignoring removed orlov option [ 182.385288][ T6632] udevd[6632]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 182.518446][ T5880] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 182.520799][ T7201] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 182.544496][ T7192] kvm: kvm [7191]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0xb800100c000 [ 182.623737][ T7207] loop5: detected capacity change from 0 to 512 [ 183.071744][ T7201] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.095216][ T6632] udevd[6632]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 183.111390][ T7207] EXT4-fs error (device loop5): ext4_orphan_get:1389: inode #15: comm syz.5.286: casefold flag without casefold feature [ 183.124709][ T7207] EXT4-fs error (device loop5): ext4_orphan_get:1394: comm syz.5.286: couldn't read orphan inode 15 (err -117) [ 183.141273][ T7207] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.239623][ T5880] usb 2-1: Using ep0 maxpacket: 16 [ 183.252164][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.361769][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 183.399277][ T5880] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 183.552388][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.597619][ T5880] usb 2-1: config 0 descriptor?? [ 184.100067][ T5880] hid-multitouch 0003:1FD2:6007.0005: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.1-1/input0 [ 184.203316][ T6555] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.287238][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.363043][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 184.561962][ T5878] usb 2-1: USB disconnect, device number 5 [ 184.563102][ T6037] udevd[6037]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 184.585744][ T7239] netlink: 'syz.0.293': attribute type 12 has an invalid length. [ 184.625922][ T7222] loop4: detected capacity change from 0 to 512 [ 184.649005][ T7222] EXT4-fs error (device loop4): ext4_orphan_get:1389: inode #15: comm syz.4.290: casefold flag without casefold feature [ 184.662885][ T7222] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.290: couldn't read orphan inode 15 (err -117) [ 184.678299][ T7222] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 184.773339][ T6037] udevd[6037]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 185.601651][ T5842] Bluetooth: hci1: Unable to find connection with handle 0x00c8 [ 188.059456][ T7334] netlink: 40 bytes leftover after parsing attributes in process `syz.0.313'. [ 190.974774][ T7362] IPv6: Can't replace route, no match found [ 191.974081][ T7388] loop5: detected capacity change from 0 to 512 [ 192.211479][ T7388] EXT4-fs error (device loop5): ext4_orphan_get:1389: inode #15: comm syz.5.326: casefold flag without casefold feature [ 192.225813][ T7388] EXT4-fs error (device loop5): ext4_orphan_get:1394: comm syz.5.326: couldn't read orphan inode 15 (err -117) [ 192.244309][ T7388] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.257596][ T6037] udevd[6037]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 193.362817][ T7400] netlink: 40 bytes leftover after parsing attributes in process `syz.2.327'. [ 194.734116][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.740541][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.345421][ T6555] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.724207][ T7412] netlink: 56 bytes leftover after parsing attributes in process `syz.0.331'. [ 195.903439][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 196.650374][ T7427] netlink: 56 bytes leftover after parsing attributes in process `syz.5.332'. [ 196.699941][ T7434] netlink: 12 bytes leftover after parsing attributes in process `syz.2.336'. [ 197.066429][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.134962][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 197.279530][ T5921] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 197.461326][ T5878] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 197.640144][ T5921] usb 6-1: Using ep0 maxpacket: 16 [ 198.339425][ T5878] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 198.352122][ T5878] usb 2-1: config 0 has no interfaces? [ 198.362200][ T5921] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 198.375410][ T5921] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.384031][ T5878] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 198.419166][ T5921] usb 6-1: Product: syz [ 198.439006][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.457775][ T7465] netlink: 56 bytes leftover after parsing attributes in process `syz.0.345'. [ 198.479141][ T5921] usb 6-1: Manufacturer: syz [ 198.483782][ T5921] usb 6-1: SerialNumber: syz [ 198.495907][ T5878] usb 2-1: Product: syz [ 198.502385][ T5878] usb 2-1: Manufacturer: syz [ 198.517123][ T5921] r8152-cfgselector 6-1: Unknown version 0x0000 [ 198.523948][ T5878] usb 2-1: SerialNumber: syz [ 198.528577][ T5921] r8152-cfgselector 6-1: config 0 descriptor?? [ 198.538014][ T5878] usb 2-1: config 0 descriptor?? [ 199.185621][ T5921] r8152-cfgselector 6-1: USB disconnect, device number 2 [ 199.672016][ T7484] netlink: 277 bytes leftover after parsing attributes in process `syz.4.349'. [ 200.075112][ T7492] netlink: 4 bytes leftover after parsing attributes in process `syz.0.354'. [ 201.433724][ T5880] usb 2-1: USB disconnect, device number 6 [ 201.498184][ T7501] netlink: 56 bytes leftover after parsing attributes in process `syz.1.356'. [ 201.885112][ T7510] netlink: 'syz.2.359': attribute type 10 has an invalid length. [ 202.332249][ T7510] team0: Port device netdevsim0 added [ 203.374985][ T7525] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 203.388799][ T7525] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 203.398676][ T7525] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 203.408673][ T7525] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 203.424786][ T7525] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 203.432109][ T7525] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 203.442089][ T7525] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 204.531599][ T7550] netlink: 56 bytes leftover after parsing attributes in process `syz.5.372'. [ 205.037313][ T7563] netlink: 28 bytes leftover after parsing attributes in process `syz.5.378'. [ 205.149620][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 205.389804][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout [ 205.471585][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout [ 205.471604][ T53] Bluetooth: hci2: command 0x0c1a tx timeout [ 205.483836][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout [ 205.558348][ T7583] netlink: 56 bytes leftover after parsing attributes in process `syz.5.385'. [ 206.457279][ T7573] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 206.481381][ T7573] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 206.510536][ T7573] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 206.518785][ T7573] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 206.525321][ T7573] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 206.626501][ T7594] loop2: detected capacity change from 0 to 1024 [ 206.653527][ T7594] EXT4-fs: Ignoring removed orlov option [ 206.675170][ T7595] netlink: 56 bytes leftover after parsing attributes in process `syz.4.388'. [ 206.709820][ T7594] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 206.748874][ T7594] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 207.206195][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.301181][ T7612] serio: Serial port ptm0 [ 207.469315][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 207.588052][ T7622] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.595526][ T7622] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.604594][ T7622] bridge0: entered allmulticast mode [ 208.514459][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout [ 208.590389][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout [ 208.596510][ T5842] Bluetooth: hci4: command 0x0c1a tx timeout [ 208.603415][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 208.849483][ T7637] netlink: 56 bytes leftover after parsing attributes in process `syz.5.402'. [ 208.898857][ T7644] loop2: detected capacity change from 0 to 1024 [ 208.906591][ T7644] EXT4-fs: Ignoring removed orlov option [ 208.913476][ T7641] netlink: 'syz.1.404': attribute type 30 has an invalid length. [ 208.957475][ T7644] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 209.001695][ T7644] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.049636][ T6632] udevd[6632]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system [ 209.696264][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.710291][ T7660] netlink: 28 bytes leftover after parsing attributes in process `syz.5.409'. [ 209.977880][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system [ 210.424323][ T7660] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.433643][ T7660] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.674272][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout [ 211.255554][ T5880] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 211.525304][ T5880] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 211.619847][ T5880] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 211.702595][ T5880] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 211.732766][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.735463][ T7696] hsr0: entered promiscuous mode [ 211.752197][ T5880] usb 2-1: Product: syz [ 211.756448][ T5880] usb 2-1: Manufacturer: syz [ 211.761470][ T5880] usb 2-1: SerialNumber: syz [ 211.783301][ T7694] input: syz0 as /devices/virtual/input/input6 [ 211.896133][ T7700] netlink: 'syz.0.422': attribute type 30 has an invalid length. [ 211.992922][ T5880] usb 2-1: 0:2 : does not exist [ 212.012534][ T5880] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 212.028312][ T7704] loop5: detected capacity change from 0 to 1024 [ 212.040098][ T7704] EXT4-fs: Ignoring removed orlov option [ 212.075556][ T7704] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 212.113569][ T6037] udevd[6037]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 212.134892][ T7704] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 212.171031][ T5880] usb 2-1: USB disconnect, device number 7 [ 212.616296][ T6632] udevd[6632]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 212.899848][ T6555] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.164562][ T7728] netlink: 104 bytes leftover after parsing attributes in process `syz.5.432'. [ 213.245874][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 213.520776][ T7736] loop6: detected capacity change from 0 to 524287999 [ 213.528315][ C0] blk_print_req_error: 7 callbacks suppressed [ 213.528334][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 213.543578][ C0] buffer_io_error: 7 callbacks suppressed [ 213.543588][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 213.559450][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 213.568639][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 213.582558][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 213.591726][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 213.617728][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 213.626904][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 213.638336][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 213.647488][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 213.658378][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 213.667529][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 213.675877][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 213.685009][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 213.693211][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 213.702374][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 213.710272][ T7736] ldm_validate_partition_table(): Disk read failed. [ 213.718412][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 213.727577][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 213.739370][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 213.748514][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 213.759303][ T7736] Dev loop6: unable to read RDB block 0 [ 213.772001][ T7736] loop6: unable to read partition table [ 213.777749][ T7736] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 213.876819][ T7742] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 213.895994][ T7742] batadv_slave_1: entered allmulticast mode [ 215.401368][ T7769] loop4: detected capacity change from 0 to 1024 [ 215.446028][ T7769] EXT4-fs: Ignoring removed orlov option [ 215.476861][ T29] audit: type=1326 audit(1733900616.160:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7774 comm="syz.5.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0d57ff19 code=0x7ffc0000 [ 215.503988][ T7769] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 215.516535][ T29] audit: type=1326 audit(1733900616.190:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7774 comm="syz.5.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0d57ff19 code=0x7ffc0000 [ 215.550086][ T6037] udevd[6037]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 215.568965][ T29] audit: type=1326 audit(1733900616.250:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7774 comm="syz.5.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f6f0d57ff19 code=0x7ffc0000 [ 215.598753][ T29] audit: type=1326 audit(1733900616.250:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7774 comm="syz.5.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0d57ff19 code=0x7ffc0000 [ 215.621499][ T29] audit: type=1326 audit(1733900616.250:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7774 comm="syz.5.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0d57ff19 code=0x7ffc0000 [ 215.645569][ T29] audit: type=1326 audit(1733900616.250:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7774 comm="syz.5.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6f0d57ff19 code=0x7ffc0000 [ 215.668129][ T29] audit: type=1326 audit(1733900616.250:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7774 comm="syz.5.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0d57ff19 code=0x7ffc0000 [ 215.685578][ T7769] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 215.690726][ T29] audit: type=1326 audit(1733900616.250:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7774 comm="syz.5.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0d57ff19 code=0x7ffc0000 [ 215.729284][ T29] audit: type=1326 audit(1733900616.250:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7774 comm="syz.5.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f6f0d57ff19 code=0x7ffc0000 [ 215.751796][ T29] audit: type=1326 audit(1733900616.250:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7774 comm="syz.5.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0d57ff19 code=0x7ffc0000 [ 215.789368][ T5880] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 216.039563][ T5880] usb 1-1: Using ep0 maxpacket: 32 [ 216.074464][ T5880] usb 1-1: config 0 has an invalid interface number: 146 but max is 0 [ 216.099284][ T5880] usb 1-1: config 0 has no interface number 0 [ 216.203366][ T5880] usb 1-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 216.269799][ T5880] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 216.418416][ T5880] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 216.500896][ T5880] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 216.528615][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.538960][ T5880] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 216.582408][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 216.594008][ T5880] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 216.606420][ T5880] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 216.616534][ T5880] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 216.626919][ T5880] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 216.637320][ T5880] usb 1-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 216.750625][ T5880] usb 1-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 216.764208][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.856701][ T5880] usb 1-1: Product: syz [ 216.861243][ T5880] usb 1-1: Manufacturer: syz [ 216.865871][ T5880] usb 1-1: SerialNumber: syz [ 216.887725][ T5880] usb 1-1: config 0 descriptor?? [ 216.899428][ T7777] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 216.911328][ T5880] microtek usb (rev 0.4.3): will this work? Response EP is not usually 3 [ 217.004795][ T5880] microtek usb (rev 0.4.3): will this work? Image data EP is not usually 2 [ 217.044273][ T5880] scsi host1: microtekX6 [ 217.188516][ T6050] microtek usb (rev 0.4.3): error -90 submitting URB [ 217.260782][ T58] microtek usb (rev 0.4.3): error -90 submitting URB [ 217.273365][ T5880] usb 1-1: USB disconnect, device number 3 [ 217.309328][ T58] microtek usb (rev 0.4.3): error -19 submitting URB [ 217.359263][ T58] microtek usb (rev 0.4.3): error -19 submitting URB [ 217.489221][ T5876] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 217.899395][ T7821] loop6: detected capacity change from 0 to 524287999 [ 217.946663][ T7821] ldm_validate_partition_table(): Disk read failed. [ 218.009472][ T7821] Dev loop6: unable to read RDB block 0 [ 218.018615][ T7821] loop6: unable to read partition table [ 218.025461][ T7821] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 218.479257][ T5876] usb 5-1: Using ep0 maxpacket: 16 [ 218.491770][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.523699][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 218.586954][ T5876] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 218.606592][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.631938][ T5876] usb 5-1: config 0 descriptor?? [ 218.682099][ T7824] loop5: detected capacity change from 0 to 1024 [ 218.700931][ T7824] EXT4-fs: Ignoring removed orlov option [ 218.709022][ T7824] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 218.711567][ T6632] udevd[6632]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 218.781062][ T7824] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 219.116444][ T5876] usbhid 5-1:0.0: can't add hid device: -71 [ 219.123926][ T5876] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 219.149530][ T5876] usb 5-1: USB disconnect, device number 5 [ 219.344816][ T6555] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.393859][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 219.414810][ T5880] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 219.578183][ T5880] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 219.618686][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.665442][ T5880] usb 1-1: config 0 descriptor?? [ 220.060383][ T5880] cp210x 1-1:0.0: cp210x converter detected [ 220.257703][ T7850] capability: warning: `syz.4.472' uses 32-bit capabilities (legacy support in use) [ 220.502692][ T5880] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 220.689299][ T5880] usb 1-1: cp210x converter now attached to ttyUSB0 [ 220.758570][ T5876] usb 1-1: USB disconnect, device number 4 [ 220.766971][ T5876] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 220.794707][ T5876] cp210x 1-1:0.0: device disconnected [ 221.436923][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 221.436941][ T29] audit: type=1326 audit(1733900622.120:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7880 comm="syz.0.485" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd4d157ff19 code=0x0 [ 222.473597][ T7895] netlink: 'syz.2.489': attribute type 30 has an invalid length. [ 222.684319][ T7902] process 'syz.0.491' launched './file1' with NULL argv: empty string added [ 222.999257][ T5876] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 223.159258][ T5876] usb 3-1: device descriptor read/64, error -71 [ 223.480214][ T7920] loop6: detected capacity change from 0 to 524287999 [ 223.492768][ C1] blk_print_req_error: 24 callbacks suppressed [ 223.492790][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 223.508227][ C1] buffer_io_error: 24 callbacks suppressed [ 223.508243][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 223.523400][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 223.532649][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 223.550090][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 223.559329][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 223.570211][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 223.579479][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 223.590657][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 223.599917][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 223.610842][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 223.620063][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 223.628948][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 223.638187][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 223.647602][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 223.656837][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 223.664824][ T7920] ldm_validate_partition_table(): Disk read failed. [ 223.673997][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 223.683270][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 223.695382][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 223.704561][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 223.715469][ T7920] Dev loop6: unable to read RDB block 0 [ 223.734704][ T7920] loop6: unable to read partition table [ 223.740868][ T7920] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 223.889268][ T5876] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 224.019251][ T5876] usb 3-1: device descriptor read/64, error -71 [ 224.128365][ T7931] syz.1.501 uses obsolete (PF_INET,SOCK_PACKET) [ 224.129464][ T5876] usb usb3-port1: attempt power cycle [ 224.217891][ T7923] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 224.233457][ T7923] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 224.244409][ T7923] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 224.250712][ T7923] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 224.256863][ T7923] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 224.380491][ T7938] netlink: 'syz.4.503': attribute type 30 has an invalid length. [ 224.490688][ T5876] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 224.565296][ T5876] usb 3-1: device descriptor read/8, error -71 [ 224.627575][ T7948] loop0: detected capacity change from 0 to 1024 [ 224.638149][ T7948] EXT4-fs: Ignoring removed orlov option [ 224.647421][ T7948] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 224.808280][ T6632] udevd[6632]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 224.831514][ T5876] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 224.892889][ T5876] usb 3-1: device descriptor read/8, error -71 [ 224.900962][ T7948] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.009844][ T5876] usb usb3-port1: unable to enumerate USB device [ 225.399306][ T7966] netlink: 68 bytes leftover after parsing attributes in process `syz.4.508'. [ 225.432723][ T7966] binder: 7949:7966 ioctl c0306201 20000280 returned -14 [ 225.496237][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.673478][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 226.223391][ T7968] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 226.229705][ T7968] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 226.235712][ T7968] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 226.259347][ T7968] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 226.265720][ T7968] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 226.343109][ T7987] loop6: detected capacity change from 0 to 524287999 [ 226.363211][ T7987] ldm_validate_partition_table(): Disk read failed. [ 226.373104][ T7987] Dev loop6: unable to read RDB block 0 [ 226.383967][ T7987] loop6: unable to read partition table [ 226.391023][ T7987] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 227.332941][ T8001] loop1: detected capacity change from 0 to 1024 [ 227.376908][ T8001] EXT4-fs: Ignoring removed orlov option [ 227.469644][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 227.702280][ T8001] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 228.035926][ T8001] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.359800][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout [ 228.366052][ T5842] Bluetooth: hci4: command 0x0c1a tx timeout [ 228.372397][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 228.378531][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout [ 228.529571][ T940] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 228.689496][ T940] usb 1-1: device descriptor read/64, error -71 [ 228.797999][ T8024] loop4: detected capacity change from 0 to 512 [ 228.811779][ T5825] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.852550][ T8024] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 228.868968][ T8024] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 228.898361][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 228.927977][ T6037] udevd[6037]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 228.949532][ T940] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 229.012925][ T6037] udevd[6037]: symlink '../../loop4' '/dev/disk/by-uuid/00000000-0000-0000-0000-000000d40000.tmp-b7:4' failed: Read-only file system [ 229.090520][ T940] usb 1-1: device descriptor read/64, error -71 [ 229.210004][ T940] usb usb1-port1: attempt power cycle [ 229.559499][ T940] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 229.589456][ T8040] @ÿ: renamed from bond_slave_0 (while UP) [ 229.821494][ T940] usb 1-1: device descriptor read/8, error -71 [ 229.822822][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 229.960942][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 230.041595][ T8042] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.073422][ T8042] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.089487][ T940] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 230.130841][ T940] usb 1-1: device descriptor read/8, error -71 [ 230.269897][ T940] usb usb1-port1: unable to enumerate USB device [ 231.437751][ T8066] netlink: 68 bytes leftover after parsing attributes in process `syz.4.538'. [ 231.499931][ T8066] binder: 8054:8066 ioctl c0306201 20000280 returned -14 [ 232.277369][ T8068] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 232.284017][ T8068] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 232.309345][ T8068] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 232.331472][ T8068] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 232.337553][ T8068] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 233.112874][ T29] audit: type=1326 audit(1733900633.790:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 233.141606][ T29] audit: type=1326 audit(1733900633.790:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 233.164351][ T29] audit: type=1326 audit(1733900633.830:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 233.186538][ T29] audit: type=1326 audit(1733900633.830:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 233.208950][ T29] audit: type=1326 audit(1733900633.830:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 233.232063][ T29] audit: type=1326 audit(1733900633.830:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 233.254779][ T29] audit: type=1326 audit(1733900633.830:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 233.277063][ T29] audit: type=1326 audit(1733900633.830:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 233.299302][ T29] audit: type=1326 audit(1733900633.830:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 233.322101][ T29] audit: type=1326 audit(1733900633.830:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 233.549356][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 233.670223][ T8129] netlink: 68 bytes leftover after parsing attributes in process `syz.4.562'. [ 233.747354][ T8129] binder: 8117:8129 ioctl c0306201 20000280 returned -14 [ 234.407895][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout [ 234.414450][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout [ 234.427918][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 234.443651][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 234.499436][ T8121] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 234.611909][ T8121] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 234.828646][ T8121] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 234.866449][ T8121] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 234.959929][ T8121] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 235.619380][ T5876] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 235.629248][ T53] Bluetooth: hci0: command 0x0c1a tx timeout [ 235.715288][ T8156] geneve0: entered promiscuous mode [ 235.777357][ T8156] geneve0: left promiscuous mode [ 235.803335][ T5876] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 235.818330][ T5876] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 235.843436][ T5876] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 235.859378][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 235.869228][ T5876] usb 2-1: SerialNumber: syz [ 235.957469][ T8165] loop2: detected capacity change from 0 to 1024 [ 235.964953][ T8165] EXT4-fs: Ignoring removed orlov option [ 235.984370][ T8165] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 236.006071][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system [ 236.027032][ T8165] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 236.199243][ T5876] usb 2-1: 0:2 : does not exist [ 236.204512][ T5876] usb 2-1: unit 5: unexpected type 0x0a [ 236.288786][ T5876] usb 2-1: USB disconnect, device number 8 [ 236.580277][ T6632] udevd[6632]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 236.597890][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.670460][ T53] Bluetooth: hci1: command 0x0c1a tx timeout [ 236.704541][ T6037] udevd[6037]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system [ 236.934262][ T53] Bluetooth: hci2: command 0x0c1a tx timeout [ 236.940645][ T53] Bluetooth: hci4: command 0x0c1a tx timeout [ 237.933914][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 239.348504][ T8208] loop2: detected capacity change from 0 to 1024 [ 239.399881][ T8208] EXT4-fs: Ignoring removed orlov option [ 239.450123][ T8208] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 239.570683][ T8208] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 239.717825][ T6632] udevd[6632]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system [ 240.230999][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.313140][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system [ 240.624467][ T8228] netlink: 4092 bytes leftover after parsing attributes in process `syz.2.596'. [ 240.654200][ T8228] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 240.786821][ T8236] netlink: 4 bytes leftover after parsing attributes in process `syz.4.597'. [ 241.100228][ T8243] netlink: 104 bytes leftover after parsing attributes in process `syz.5.603'. [ 241.470932][ T8257] loop5: detected capacity change from 0 to 1024 [ 241.498342][ T8257] EXT4-fs: Ignoring removed orlov option [ 241.527926][ T8257] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 241.588019][ T6632] udevd[6632]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 241.624011][ T8257] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 241.699747][ T5877] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 241.870174][ T5877] usb 1-1: Using ep0 maxpacket: 8 [ 241.888743][ T5877] usb 1-1: unable to get BOS descriptor or descriptor too short [ 241.902992][ T5877] usb 1-1: too many configurations: 21, using maximum allowed: 8 [ 241.956484][ T5877] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 241.965943][ T5877] usb 1-1: can't read configurations, error -61 [ 242.129414][ T5877] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 242.272182][ T6555] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.323875][ T5877] usb 1-1: Using ep0 maxpacket: 8 [ 242.336946][ T5877] usb 1-1: unable to get BOS descriptor or descriptor too short [ 242.355505][ T5877] usb 1-1: too many configurations: 21, using maximum allowed: 8 [ 242.377179][ T5877] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 242.394739][ T5877] usb 1-1: can't read configurations, error -61 [ 242.419476][ T5877] usb usb1-port1: attempt power cycle [ 242.440781][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 242.789462][ T5877] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 242.860751][ T5877] usb 1-1: Using ep0 maxpacket: 8 [ 242.867876][ T5877] usb 1-1: unable to get BOS descriptor or descriptor too short [ 242.876504][ T5877] usb 1-1: too many configurations: 21, using maximum allowed: 8 [ 242.892331][ T5877] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 242.904400][ T5877] usb 1-1: can't read configurations, error -61 [ 243.051940][ T5877] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 243.091368][ T5877] usb 1-1: Using ep0 maxpacket: 8 [ 243.115829][ T5877] usb 1-1: unable to get BOS descriptor or descriptor too short [ 243.148816][ T5877] usb 1-1: too many configurations: 21, using maximum allowed: 8 [ 243.186515][ T5911] IPVS: starting estimator thread 0... [ 243.194342][ T5877] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 243.212972][ T5877] usb 1-1: can't read configurations, error -61 [ 243.226624][ T5877] usb usb1-port1: unable to enumerate USB device [ 243.319719][ T8278] IPVS: using max 23 ests per chain, 55200 per kthread [ 243.500699][ T8287] netlink: 104 bytes leftover after parsing attributes in process `syz.5.614'. [ 245.127683][ T8310] netlink: 104 bytes leftover after parsing attributes in process `syz.4.627'. [ 246.380318][ T8342] netlink: 104 bytes leftover after parsing attributes in process `syz.2.638'. [ 246.427373][ T8344] bridge0: port 3(vxlan0) entered blocking state [ 246.475155][ T8344] bridge0: port 3(vxlan0) entered disabled state [ 246.485395][ T8344] vxlan0: entered allmulticast mode [ 246.501701][ T8344] vxlan0: entered promiscuous mode [ 246.725426][ T8360] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 246.899244][ T5911] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 247.049269][ T5911] usb 3-1: Using ep0 maxpacket: 16 [ 247.066213][ T5911] usb 3-1: New USB device found, idVendor=0456, idProduct=f000, bcdDevice=f3.7f [ 247.081520][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.111571][ T5911] usb 3-1: Product: syz [ 247.119962][ T5911] usb 3-1: Manufacturer: syz [ 247.128131][ T5911] usb 3-1: SerialNumber: syz [ 247.161092][ T5911] usb 3-1: config 0 descriptor?? [ 247.176582][ T5911] ftdi_sio 3-1:0.0: Ignoring interface reserved for JTAG [ 247.367015][ T8377] netlink: 104 bytes leftover after parsing attributes in process `syz.0.652'. [ 247.398094][ T5911] usb 3-1: USB disconnect, device number 8 [ 248.669277][ T5911] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 248.769481][ T5878] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 248.849262][ T5911] usb 3-1: Using ep0 maxpacket: 16 [ 248.875625][ T5911] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 248.876238][ T8413] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 248.899641][ T5911] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 248.923046][ T5911] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 248.932275][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.947268][ T5911] usb 3-1: Product: syz [ 248.951792][ T5911] usb 3-1: Manufacturer: syz [ 248.952948][ T5878] usb 1-1: too many endpoints for config 1 interface 0 altsetting 253: 68, using maximum allowed: 30 [ 248.956394][ T5911] usb 3-1: SerialNumber: syz [ 248.977085][ T5878] usb 1-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 68 [ 248.991012][ T5878] usb 1-1: config 1 interface 0 has no altsetting 0 [ 249.024052][ T5878] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 249.033385][ T5878] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.041599][ T5878] usb 1-1: Product: syz [ 249.046050][ T5878] usb 1-1: Manufacturer: syz [ 249.051823][ T5878] usb 1-1: SerialNumber: syz [ 249.175656][ T8419] netlink: 16 bytes leftover after parsing attributes in process `syz.1.670'. [ 249.185884][ T8419] netlink: 16 bytes leftover after parsing attributes in process `syz.1.670'. [ 249.195213][ T8419] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 249.219831][ T8419] (unnamed net_device) (uninitialized): option arp_validate: invalid value (17) [ 249.449366][ T5911] usb 3-1: cannot find UAC_HEADER [ 249.561762][ T5911] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 249.572642][ T5911] usb 3-1: USB disconnect, device number 9 [ 249.731357][ T5878] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 250.475268][ T8435] loop5: detected capacity change from 0 to 1024 [ 250.506642][ T8435] EXT4-fs: Ignoring removed orlov option [ 250.566318][ T8435] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 250.710173][ T6037] udevd[6037]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 250.730405][ T8435] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 250.737626][ T6632] udevd[6632]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 251.004395][ T8449] loop6: detected capacity change from 0 to 524287999 [ 251.130564][ C1] blk_print_req_error: 24 callbacks suppressed [ 251.130586][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 251.145943][ C1] buffer_io_error: 24 callbacks suppressed [ 251.145959][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 251.181000][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 251.190225][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 251.213449][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 251.222654][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 251.235781][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 251.245014][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 251.283879][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 251.293092][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 251.331593][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 251.340824][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 251.355757][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 251.364966][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 251.375438][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 251.384641][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 251.392955][ T8449] ldm_validate_partition_table(): Disk read failed. [ 251.401835][ T6555] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.409382][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 251.419981][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 251.462076][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 251.471322][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 251.496535][ T8449] Dev loop6: unable to read RDB block 0 [ 251.525699][ T8449] loop6: unable to read partition table [ 251.531643][ T8449] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 251.536102][ T5911] usb 1-1: USB disconnect, device number 13 [ 251.567532][ T5911] usblp0: removed [ 251.684512][ T5833] udevd[5833]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 252.055007][ T8469] bridge0: left allmulticast mode [ 252.079345][ T8469] netlink: 'syz.0.686': attribute type 10 has an invalid length. [ 252.102603][ T8469] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.109823][ T8469] bridge0: port 2(bridge_slave_1) entered listening state [ 252.117201][ T8469] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.124367][ T8469] bridge0: port 1(bridge_slave_0) entered listening state [ 252.140452][ T8469] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 253.147410][ T8480] loop0: detected capacity change from 0 to 1024 [ 253.174985][ T8480] EXT4-fs: Ignoring removed orlov option [ 253.221938][ T8480] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 253.372094][ T8480] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 253.518757][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.959881][ T5911] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 254.126516][ T5911] usb 1-1: config 0 has an invalid interface number: 82 but max is 0 [ 254.188846][ T5911] usb 1-1: config 0 has no interface number 0 [ 254.336884][ T5911] usb 1-1: New USB device found, idVendor=0506, idProduct=11f8, bcdDevice=b6.28 [ 254.613553][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.672816][ T5911] usb 1-1: Product: syz [ 254.717758][ T5911] usb 1-1: Manufacturer: syz [ 254.748127][ T5911] usb 1-1: SerialNumber: syz [ 254.785737][ T5911] usb 1-1: config 0 descriptor?? [ 254.825897][ T8513] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 8513 comm: syz.2.699) [ 255.049955][ T29] kauditd_printk_skb: 26 callbacks suppressed [ 255.050001][ T29] audit: type=1800 audit(1733900655.730:104): pid=8513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.699" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=19000 res=0 errno=0 [ 255.350584][ T5911] kaweth 1-1:0.82: Firmware present in device. [ 255.574026][ T5911] kaweth 1-1:0.82: Statistics collection: 0 [ 255.727451][ T5911] kaweth 1-1:0.82: Multicast filter limit: 0 [ 255.855660][ T8513] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 255.965184][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.992642][ T5911] kaweth 1-1:0.82: MTU: 0 [ 256.003329][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.060022][ T8530] netlink: 104 bytes leftover after parsing attributes in process `syz.2.699'. [ 256.091676][ T5911] kaweth 1-1:0.82: Read MAC address 00:00:00:00:00:00 [ 256.480837][ T5911] kaweth 1-1:0.82: Error setting SOFS wait [ 256.487626][ T5911] kaweth 1-1:0.82: probe with driver kaweth failed with error -5 [ 256.810696][ T5911] usb 1-1: USB disconnect, device number 14 [ 257.129466][ T5878] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 257.925647][ T8533] bridge_slave_0: left allmulticast mode [ 257.990137][ T8533] bridge_slave_0: left promiscuous mode [ 257.997039][ T8533] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.121508][ T8533] bridge_slave_1: left allmulticast mode [ 258.139531][ T8533] bridge_slave_1: left promiscuous mode [ 258.158854][ T8539] loop0: detected capacity change from 0 to 1024 [ 258.161104][ T8533] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.207914][ T8539] EXT4-fs: Ignoring removed orlov option [ 258.244232][ T8539] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 258.277237][ T6632] udevd[6632]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 258.340280][ T8533] bond0: (slave bond_slave_0): Releasing backup interface [ 258.357928][ T8539] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 258.575655][ T8533] bond0: (slave bond_slave_1): Releasing backup interface [ 258.671605][ T8533] team0: Port device team_slave_0 removed [ 258.761864][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.138800][ T8533] team0: Port device team_slave_1 removed [ 259.145563][ T8533] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 259.161547][ T8533] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 259.175328][ T8533] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 259.341588][ T8533] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 259.483509][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 260.489349][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 261.229543][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 261.243430][ T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 261.449404][ T9] usb 6-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 262.050237][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.085757][ T9] usb 6-1: config 0 descriptor?? [ 262.108797][ T9] usb 6-1: bad CDC descriptors [ 262.485114][ T8583] netlink: 68 bytes leftover after parsing attributes in process `syz.1.713'. [ 263.404749][ T8583] binder: 8560:8583 ioctl c0306201 20000280 returned -14 [ 263.450364][ T8587] loop4: detected capacity change from 0 to 1024 [ 263.488597][ T8587] EXT4-fs: Ignoring removed orlov option [ 263.529675][ T8587] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 263.572110][ T6632] udevd[6632]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 263.705124][ T8587] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 264.699384][ T9] usb 6-1: USB disconnect, device number 4 [ 264.849439][ T8591] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 264.878319][ T8591] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 264.908335][ T8591] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 264.927760][ T8591] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 264.978537][ T8591] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 265.342670][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.545925][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 265.579346][ T8609] GUP no longer grows the stack in syz.2.726 (8609): 20004000-20005000 (20001000) [ 265.588890][ T8609] CPU: 1 UID: 0 PID: 8609 Comm: syz.2.726 Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 265.598950][ T8609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 265.608999][ T8609] Call Trace: [ 265.612275][ T8609] [ 265.615204][ T8609] dump_stack_lvl+0x241/0x360 [ 265.619889][ T8609] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.625112][ T8609] ? __pfx__printk+0x10/0x10 [ 265.629709][ T8609] ? find_vma+0xf9/0x170 [ 265.633982][ T8609] ? vma_is_secretmem+0xd/0x50 [ 265.638750][ T8609] ? check_vma_flags+0x4de/0x550 [ 265.643693][ T8609] __get_user_pages+0x3cd8/0x4370 [ 265.648724][ T8609] ? 0xffffffffa0003b40 [ 265.652899][ T8609] ? __kernel_text_address+0xd/0x40 [ 265.658127][ T8609] ? __pfx___get_user_pages+0x10/0x10 [ 265.663521][ T8609] __gup_longterm_locked+0x49a/0x17f0 [ 265.668898][ T8609] ? __pfx___might_resched+0x10/0x10 [ 265.674221][ T8609] ? __pfx___gup_longterm_locked+0x10/0x10 [ 265.680046][ T8609] ? down_read+0x82b/0xa40 [ 265.684469][ T8609] ? is_valid_gup_args+0x124/0x200 [ 265.689588][ T8609] pin_user_pages+0x137/0x1f0 [ 265.694265][ T8609] ? __pfx_pin_user_pages+0x10/0x10 [ 265.699464][ T8609] ? trace_kmalloc+0x1f/0xd0 [ 265.704059][ T8609] xdp_umem_create+0x978/0xf30 [ 265.708828][ T8609] xsk_setsockopt+0x732/0x950 [ 265.713509][ T8609] ? __pfx_xsk_setsockopt+0x10/0x10 [ 265.718714][ T8609] ? __pfx_lock_acquire+0x10/0x10 [ 265.723737][ T8609] ? aa_sock_opt_perm+0x79/0x120 [ 265.728681][ T8609] ? __pfx_xsk_setsockopt+0x10/0x10 [ 265.733883][ T8609] do_sock_setsockopt+0x3af/0x720 [ 265.738914][ T8609] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 265.744469][ T8609] ? __fget_files+0x395/0x410 [ 265.749148][ T8609] ? __fget_files+0x2a/0x410 [ 265.753748][ T8609] __x64_sys_setsockopt+0x1ee/0x280 [ 265.758953][ T8609] do_syscall_64+0xf3/0x230 [ 265.763459][ T8609] ? clear_bhb_loop+0x35/0x90 [ 265.768138][ T8609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.774039][ T8609] RIP: 0033:0x7f2d01f7ff19 [ 265.778468][ T8609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.798076][ T8609] RSP: 002b:00007f2d02e0e058 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 265.806494][ T8609] RAX: ffffffffffffffda RBX: 00007f2d02145fa0 RCX: 00007f2d01f7ff19 [ 265.814462][ T8609] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000009 [ 265.822430][ T8609] RBP: 00007f2d01ff3cc8 R08: 000000000000001c R09: 0000000000000000 [ 265.830400][ T8609] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 265.838367][ T8609] R13: 0000000000000000 R14: 00007f2d02145fa0 R15: 00007ffefd6fe908 [ 265.846346][ T8609] [ 265.899570][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 266.009616][ T8609] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.726'. [ 267.348541][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 267.354715][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 267.360874][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 267.366889][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout [ 267.470885][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 267.478904][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 269.349437][ T940] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 270.749472][ T8638] netlink: 4 bytes leftover after parsing attributes in process `syz.0.733'. [ 270.769368][ T940] usb 2-1: Using ep0 maxpacket: 32 [ 270.775942][ T940] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 270.795068][ T940] usb 2-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 270.817076][ T940] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.872954][ T940] usb 2-1: config 0 descriptor?? [ 270.884406][ T940] usb 2-1: bad CDC descriptors [ 270.958066][ T8653] capability: warning: `syz.5.737' uses deprecated v2 capabilities in a way that may be insecure [ 271.144620][ T8657] netlink: 16 bytes leftover after parsing attributes in process `syz.0.740'. [ 271.559475][ T5880] usb 2-1: USB disconnect, device number 9 [ 271.670569][ T8643] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 271.677348][ T8643] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 271.708657][ T8643] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 271.761978][ T8643] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 271.780749][ T8643] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 272.113342][ T8689] netlink: 16 bytes leftover after parsing attributes in process `syz.2.752'. [ 272.296143][ T8691] tunl0: entered promiscuous mode [ 272.312184][ T8691] vlan0: entered promiscuous mode [ 272.329446][ T8691] vlan0: entered allmulticast mode [ 272.356459][ T8691] tunl0: entered allmulticast mode [ 272.542366][ T8691] tunl0: left allmulticast mode [ 272.547745][ T8691] tunl0: left promiscuous mode [ 272.990138][ T53] Bluetooth: hci0: command 0x0c1a tx timeout [ 273.732370][ T53] Bluetooth: hci2: command 0x0c1a tx timeout [ 273.738542][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 273.799714][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 273.805774][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout [ 273.879191][ T5880] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 274.065375][ T5880] usb 3-1: Using ep0 maxpacket: 32 [ 274.113324][ T8724] netlink: 16 bytes leftover after parsing attributes in process `syz.1.765'. [ 274.176372][ T5880] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 274.187139][ T8726] netlink: 28 bytes leftover after parsing attributes in process `syz.1.766'. [ 274.196580][ T8726] netlink: 28 bytes leftover after parsing attributes in process `syz.1.766'. [ 274.205942][ T5880] usb 3-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 274.205974][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.240068][ T8713] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 274.246132][ T8713] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 274.246964][ T5880] usb 3-1: config 0 descriptor?? [ 274.277386][ T5880] usb 3-1: bad CDC descriptors [ 274.299727][ T8713] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 274.305884][ T8713] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 274.315277][ T8713] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 274.351945][ T8726] erspan0: entered promiscuous mode [ 274.402821][ T8726] erspan0: left promiscuous mode [ 275.539949][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 276.222745][ T8758] netlink: 8 bytes leftover after parsing attributes in process `syz.5.777'. [ 276.292854][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout [ 276.349197][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout [ 276.350070][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout [ 276.355292][ T53] Bluetooth: hci2: command 0x0c1a tx timeout [ 277.169393][ T5911] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 277.341432][ T5911] usb 5-1: too many endpoints for config 1 interface 0 altsetting 253: 68, using maximum allowed: 30 [ 277.384217][ T5911] usb 5-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 68 [ 277.397416][ T5911] usb 5-1: config 1 interface 0 has no altsetting 0 [ 277.415762][ T5911] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 277.435271][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.449010][ T5911] usb 5-1: Product: syz [ 277.460874][ T5911] usb 5-1: Manufacturer: syz [ 277.465506][ T5911] usb 5-1: SerialNumber: syz [ 277.483389][ T8781] netlink: 8 bytes leftover after parsing attributes in process `syz.5.788'. [ 277.759010][ T5878] usb 3-1: USB disconnect, device number 10 [ 277.885844][ T29] audit: type=1326 audit(1733900678.500:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8787 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 277.909639][ T29] audit: type=1326 audit(1733900678.500:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8787 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 277.932167][ T29] audit: type=1326 audit(1733900678.510:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8787 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 277.954553][ T29] audit: type=1326 audit(1733900678.510:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8787 comm="syz.1.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ece77ff19 code=0x7ffc0000 [ 278.206532][ T5911] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 279.266689][ T5880] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 279.549822][ T5880] usb 3-1: Using ep0 maxpacket: 32 [ 279.668557][ T5880] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 279.843403][ T5880] usb 3-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 279.992793][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.027202][ T5911] usb 5-1: USB disconnect, device number 6 [ 280.794235][ T5911] usblp0: removed [ 281.163432][ T5880] usb 3-1: config 0 descriptor?? [ 281.424576][ T5880] usb 3-1: bad CDC descriptors [ 281.589995][ T8824] netlink: 8 bytes leftover after parsing attributes in process `syz.4.804'. [ 282.636513][ T5876] usb 3-1: USB disconnect, device number 11 [ 282.830651][ C0] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.837929][ C0] bridge0: topology change detected, propagating [ 282.844628][ C0] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.851900][ C0] bridge0: topology change detected, propagating [ 283.849741][ T8858] netlink: 8 bytes leftover after parsing attributes in process `syz.4.816'. [ 287.130093][ T940] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 287.309478][ T940] usb 3-1: Using ep0 maxpacket: 32 [ 287.469060][ T8875] syzkaller0: entered allmulticast mode [ 287.503840][ T8875] syzkaller0 (unregistering): left allmulticast mode [ 287.652224][ T940] usb 3-1: device descriptor read/all, error -71 [ 287.843144][ T8884] binder: 8882:8884 unknown command 0 [ 287.848573][ T8884] binder: 8882:8884 ioctl c0306201 20000080 returned -22 [ 288.032912][ T8891] loop5: detected capacity change from 0 to 1024 [ 288.040250][ T8891] EXT4-fs: Ignoring removed orlov option [ 288.046865][ T8891] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 288.076063][ T6632] udevd[6632]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 288.148232][ T8891] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 288.780623][ T8887] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 288.788962][ T8887] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 288.797248][ T8887] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 288.804685][ T8887] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 288.820485][ T8887] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 289.905182][ T8935] netlink: 28 bytes leftover after parsing attributes in process `syz.4.844'. [ 289.920481][ T8935] netlink: 28 bytes leftover after parsing attributes in process `syz.4.844'. [ 289.953030][ T8935] team0: entered promiscuous mode [ 289.958219][ T8935] team_slave_0: entered promiscuous mode [ 289.981670][ T8935] team_slave_1: entered promiscuous mode [ 290.015085][ T8935] bridge0: entered promiscuous mode [ 290.031146][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 290.049921][ T8935] hsr1: Slave A (team0) is not up; please bring it up to get a fully working HSR network [ 290.073625][ T8935] hsr1: Slave B (bridge0) is not up; please bring it up to get a fully working HSR network [ 290.392821][ T8948] batman_adv: batadv0: Adding interface: vxlan0 [ 290.411167][ T8948] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 290.446510][ T6555] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 290.469831][ T8948] batman_adv: batadv0: Not using interface vxlan0 (retrying later): interface not active [ 290.524808][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 290.829786][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout [ 290.830007][ T53] Bluetooth: hci4: command 0x0c1a tx timeout [ 290.835884][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 290.841955][ T53] Bluetooth: hci1: command 0x0c1a tx timeout [ 291.366006][ T8971] netlink: 28 bytes leftover after parsing attributes in process `syz.4.859'. [ 291.379286][ T5876] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 291.401893][ T8971] netlink: 28 bytes leftover after parsing attributes in process `syz.4.859'. [ 291.539584][ T5876] usb 3-1: Using ep0 maxpacket: 32 [ 291.607048][ T5876] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 291.656700][ T5876] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 291.706661][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.758963][ T5876] usb 3-1: config 0 descriptor?? [ 291.849698][ T8981] loop4: detected capacity change from 0 to 1024 [ 291.869918][ T8981] EXT4-fs: Ignoring removed orlov option [ 291.886800][ T8981] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 291.913844][ T6632] udevd[6632]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 292.028622][ T8981] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 292.079603][ T5876] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 293.163729][ T5876] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 293.173540][ T5876] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 293.185650][ T5876] usb 1-1: New USB device found, idVendor=2c7c, idProduct=0191, bcdDevice=cd.0d [ 293.194978][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.958807][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.154574][ T5876] usb 1-1: Product: syz [ 294.158786][ T5876] usb 1-1: Manufacturer: syz [ 294.163482][ T5876] usb 1-1: SerialNumber: syz [ 294.171243][ T5876] usb 1-1: config 0 descriptor?? [ 294.180906][ T5876] option 1-1:0.0: GSM modem (1-port) converter detected [ 294.235163][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 294.434174][ T9012] netlink: 28 bytes leftover after parsing attributes in process `syz.1.873'. [ 294.443358][ T9012] netlink: 28 bytes leftover after parsing attributes in process `syz.1.873'. [ 294.463486][ T9012] team0: entered promiscuous mode [ 294.472011][ T5878] usb 3-1: USB disconnect, device number 14 [ 294.482685][ T9012] bridge0: entered promiscuous mode [ 294.496938][ T9012] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 294.526399][ T9012] Cannot create hsr debugfs directory [ 294.557412][ T9012] hsr1: Slave A (team0) is not up; please bring it up to get a fully working HSR network [ 294.605070][ T9012] hsr1: Slave B (bridge0) is not up; please bring it up to get a fully working HSR network [ 294.903246][ T940] usb 1-1: USB disconnect, device number 15 [ 294.941257][ T940] option 1-1:0.0: device disconnected [ 297.583758][ T9062] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 297.608122][ T9062] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 297.639623][ T9062] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 297.645978][ T9062] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 297.659426][ T9062] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 298.845336][ T53] Bluetooth: hci0: command 0x0c1a tx timeout [ 299.182128][ T9103] batadv_slave_1: entered allmulticast mode [ 299.631982][ T53] Bluetooth: hci1: command 0x0c1a tx timeout [ 299.747727][ T53] Bluetooth: hci3: command 0x0c1a tx timeout [ 299.753924][ T53] Bluetooth: hci4: command 0x0c1a tx timeout [ 299.760022][ T53] Bluetooth: hci2: command 0x0c1a tx timeout [ 299.874891][ T9108] netlink: 68 bytes leftover after parsing attributes in process `syz.0.904'. [ 299.927510][ T9108] binder: 9100:9108 ioctl c0306201 20000280 returned -14 [ 301.619622][ T9146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.917'. [ 302.079693][ T5921] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 302.325020][ T5921] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 302.338598][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 302.369253][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 302.389378][ T5921] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 302.425540][ T5921] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 302.452016][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.492497][ T5921] usb 3-1: config 0 descriptor?? [ 302.498435][ T9156] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 303.023441][ T5911] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 303.034329][ T5921] plantronics 0003:047F:FFFF.0006: unknown main item tag 0xd [ 303.042910][ T5921] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 303.076790][ T5921] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 303.120667][ T5921] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 303.199908][ T5911] usb 6-1: Using ep0 maxpacket: 8 [ 303.258107][ T5911] usb 6-1: config 2 interface 0 has no altsetting 0 [ 303.279492][ T5921] usb 3-1: USB disconnect, device number 15 [ 303.284673][ T5911] usb 6-1: New USB device found, idVendor=04e2, idProduct=1412, bcdDevice=ca.10 [ 303.317880][ T5911] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.339973][ T5911] usb 6-1: Product: syz [ 303.352588][ T5911] usb 6-1: Manufacturer: syz [ 303.367614][ T5911] usb 6-1: SerialNumber: syz [ 303.479300][ T5876] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 303.639267][ T5876] usb 5-1: Using ep0 maxpacket: 16 [ 303.664111][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 303.783086][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 303.876887][ T5876] usb 5-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 303.887110][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.926831][ T5876] usb 5-1: config 0 descriptor?? [ 304.043943][ T9] IPVS: starting estimator thread 0... [ 304.141044][ T9181] IPVS: using max 38 ests per chain, 91200 per kthread [ 304.152190][ T5876] usbhid 5-1:0.0: can't add hid device: -71 [ 304.166405][ T5876] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 304.200045][ T5876] usb 5-1: USB disconnect, device number 7 [ 304.699338][ T5921] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 304.905569][ T5921] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 304.979760][ T5921] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 305.177279][ T5921] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 305.331124][ T5921] usb 3-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 305.411855][ T5921] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 305.511349][ T5921] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 305.569747][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.586483][ T9196] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 305.587989][ T5921] usb 3-1: Product: syz [ 305.593346][ T9196] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 305.607501][ T9199] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(6) [ 305.614048][ T9199] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 305.634745][ T5921] usb 3-1: Manufacturer: syz [ 305.673909][ T9196] vhci_hcd vhci_hcd.0: Device attached [ 305.741193][ T9204] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 305.829342][ T9] vhci_hcd: vhci_device speed not set [ 305.834699][ T5921] usb 3-1: SerialNumber: syz [ 305.878892][ T9199] vhci_hcd vhci_hcd.0: Device attached [ 305.899443][ T9] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 305.924500][ T9206] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(5) [ 305.931071][ T9206] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 306.028267][ T9206] vhci_hcd vhci_hcd.0: Device attached [ 306.072690][ T9197] vhci_hcd: connection reset by peer [ 306.078270][ T9200] vhci_hcd: connection closed [ 306.086011][ T9208] vhci_hcd: connection closed [ 306.099143][ T1000] vhci_hcd: stop threads [ 306.147288][ T5921] usb 3-1: 0:2 : does not exist [ 306.160726][ T1000] vhci_hcd: release socket [ 306.162494][ T5921] usb 3-1: USB disconnect, device number 16 [ 306.213702][ T1000] vhci_hcd: disconnect device [ 306.242158][ T1000] vhci_hcd: stop threads [ 306.246463][ T1000] vhci_hcd: release socket [ 306.252806][ T1000] vhci_hcd: disconnect device [ 306.263307][ T1000] vhci_hcd: stop threads [ 306.268867][ T1000] vhci_hcd: release socket [ 306.276719][ T1000] vhci_hcd: disconnect device [ 306.348517][ T5911] usb 6-1: USB disconnect, device number 5 [ 306.380918][ T6037] udevd[6037]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 306.592402][ T9215] netlink: 'syz.5.938': attribute type 10 has an invalid length. [ 306.618626][ T9215] bridge0: port 2(bridge_slave_1) entered blocking state [ 306.625846][ T9215] bridge0: port 2(bridge_slave_1) entered listening state [ 306.633244][ T9215] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.640430][ T9215] bridge0: port 1(bridge_slave_0) entered listening state [ 306.720997][ T9215] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 307.016908][ T9225] netlink: 28 bytes leftover after parsing attributes in process `syz.4.944'. [ 307.032580][ T9225] netlink: 28 bytes leftover after parsing attributes in process `syz.4.944'. [ 307.703166][ T9245] IPVS: Scheduler module ip_vs_ not found [ 308.555091][ T29] audit: type=1326 audit(1733900709.240:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9267 comm="syz.4.959" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7effcf17ff19 code=0x0 [ 309.049283][ T5911] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 309.390724][ T5911] usb 3-1: Using ep0 maxpacket: 32 [ 309.420677][ T5911] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 309.460341][ T5911] usb 3-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 309.513955][ T5911] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.536319][ T5911] usb 3-1: config 0 descriptor?? [ 309.550459][ T5911] usb 3-1: bad CDC descriptors [ 309.839309][ T9295] loop6: detected capacity change from 0 to 524287999 [ 309.861145][ C0] blk_print_req_error: 7 callbacks suppressed [ 309.861167][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 309.876442][ C0] buffer_io_error: 7 callbacks suppressed [ 309.876459][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 309.897413][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 309.906681][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 309.931820][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 309.941131][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 309.969636][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 309.978890][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 309.989188][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 309.998397][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 310.007734][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.016935][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 310.027067][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.036270][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 310.045390][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.054590][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 310.062503][ T9295] ldm_validate_partition_table(): Disk read failed. [ 310.074341][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.083553][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 310.092537][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 310.101740][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 310.112903][ T9295] Dev loop6: unable to read RDB block 0 [ 310.149216][ T9295] loop6: unable to read partition table [ 310.156774][ T9295] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 310.326168][ T5203] ldm_validate_partition_table(): Disk read failed. [ 310.334823][ T9303] warning: `syz.1.970' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 310.351379][ T5203] Dev loop6: unable to read RDB block 0 [ 310.361338][ T5203] loop6: unable to read partition table [ 311.669241][ T9] vhci_hcd: vhci_device speed not set [ 311.719995][ T5911] usb 3-1: USB disconnect, device number 17 [ 311.770315][ T9313] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 311.776418][ T9313] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 311.810500][ T9313] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 311.851717][ T9313] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 311.885865][ T9313] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 313.629582][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 313.909306][ T53] Bluetooth: hci4: command 0x0c1a tx timeout [ 313.915376][ T53] Bluetooth: hci2: command 0x0c1a tx timeout [ 313.921562][ T53] Bluetooth: hci1: command 0x0c1a tx timeout [ 313.956058][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout [ 314.069195][ T5876] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 314.239224][ T5876] usb 6-1: Using ep0 maxpacket: 32 [ 314.267175][ T5876] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 314.351135][ T5876] usb 6-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 314.403237][ T5876] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.475702][ T5876] usb 6-1: config 0 descriptor?? [ 314.535514][ T5876] usb 6-1: bad CDC descriptors [ 314.791481][ T9362] netlink: 32 bytes leftover after parsing attributes in process `syz.4.990'. [ 315.294021][ T9378] loop6: detected capacity change from 0 to 524287999 [ 315.319638][ C1] blk_print_req_error: 24 callbacks suppressed [ 315.319658][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.335106][ C1] buffer_io_error: 24 callbacks suppressed [ 315.335123][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 315.358990][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.368233][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 315.428670][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.437913][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 315.447130][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.456366][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 315.479469][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.488672][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 315.509589][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.518792][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 315.725220][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.725261][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 315.725443][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.725474][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 315.725512][ T9378] ldm_validate_partition_table(): Disk read failed. [ 315.726980][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.727016][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 315.727532][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.727563][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 315.730581][ T9378] Dev loop6: unable to read RDB block 0 [ 315.732190][ T9378] loop6: unable to read partition table [ 315.732344][ T9378] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 316.531546][ T5876] usb 6-1: USB disconnect, device number 6 [ 317.374057][ T9406] loop4: detected capacity change from 0 to 512 [ 317.394991][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.401598][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.570512][ T6632] udevd[6632]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 317.606688][ T6632] udevd[6632]: symlink '../../loop4' '/dev/disk/by-uuid/00000000-0000-0000-0000-000000d40000.tmp-b7:4' failed: Read-only file system [ 317.635494][ T9406] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 317.651074][ T9406] ext4 filesystem being mounted at /207/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 318.249046][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 318.334825][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 320.924159][ T9454] loop0: detected capacity change from 0 to 512 [ 320.974566][ T9454] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 321.031590][ T9454] ext4 filesystem being mounted at /188/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 321.162695][ T6632] udevd[6632]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 321.197769][ T6632] udevd[6632]: symlink '../../loop0' '/dev/disk/by-uuid/00000000-0000-0000-0000-000000d40000.tmp-b7:0' failed: Read-only file system [ 321.324773][ T9459] @ÿ: renamed from bond_slave_0 (while UP) [ 321.547657][ T9461] loop4: detected capacity change from 0 to 1024 [ 321.555082][ T9461] EXT4-fs: Ignoring removed orlov option [ 321.612928][ T9461] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 321.650468][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 321.693526][ T9461] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 321.765146][ T6632] udevd[6632]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 321.769042][ T6037] udevd[6037]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 321.851350][ T6632] udevd[6632]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 322.110187][ T9476] loop6: detected capacity change from 0 to 524287999 [ 322.282611][ C1] blk_print_req_error: 7 callbacks suppressed [ 322.282633][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 322.297928][ C1] buffer_io_error: 7 callbacks suppressed [ 322.297945][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 322.324209][ T9484] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1027'. [ 322.334084][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 322.343300][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 322.376841][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 322.386079][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 322.406698][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 322.415971][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 322.424424][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 322.433588][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 322.442476][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 322.451647][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 322.461383][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 322.470731][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 322.479972][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 322.489283][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 322.497309][ T9476] ldm_validate_partition_table(): Disk read failed. [ 322.624015][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 322.633237][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 322.642670][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 322.651874][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 322.669409][ T9476] Dev loop6: unable to read RDB block 0 [ 322.702647][ T9476] loop6: unable to read partition table [ 322.751023][ T9476] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 324.453337][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 324.595075][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 324.678394][ T9512] loop4: detected capacity change from 0 to 512 [ 324.726642][ T6632] udevd[6632]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 324.741841][ T9512] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 324.743834][ T6632] udevd[6632]: symlink '../../loop4' '/dev/disk/by-uuid/00000000-0000-0000-0000-000000d40000.tmp-b7:4' failed: Read-only file system [ 324.797935][ T9512] ext4 filesystem being mounted at /211/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 324.830186][ T6632] udevd[6632]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 324.843866][ T6632] udevd[6632]: symlink '../../loop4' '/dev/disk/by-uuid/00000000-0000-0000-0000-000000d40000.tmp-b7:4' failed: Read-only file system [ 325.299178][ T5876] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 325.469400][ T5876] usb 1-1: Using ep0 maxpacket: 16 [ 325.483321][ T5876] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 325.492929][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.572833][ T5876] usb 1-1: Product: syz [ 325.580919][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 325.589194][ T5876] usb 1-1: Manufacturer: syz [ 325.594492][ T5876] usb 1-1: SerialNumber: syz [ 325.672124][ T5876] usb 1-1: config 0 descriptor?? [ 325.766924][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 325.851248][ T9537] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 326.003458][ T9541] loop2: detected capacity change from 0 to 1024 [ 326.017861][ T9541] EXT4-fs: Ignoring removed orlov option [ 326.034558][ T5878] usb 1-1: USB disconnect, device number 16 [ 326.048681][ T9541] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 326.130187][ T9541] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 326.680523][ T9] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 326.801838][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 326.863914][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 326.863950][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 326.863974][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 326.864012][ T9] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 326.864037][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.876972][ T9] usb 6-1: config 0 descriptor?? [ 327.250935][ T9573] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 327.343455][ T9] usbhid 6-1:0.0: can't add hid device: -71 [ 327.349724][ T9] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 327.394386][ T9] usb 6-1: USB disconnect, device number 7 [ 327.947012][ T9586] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1058'. [ 327.959233][ T5876] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 327.994707][ T9586] binder: 9578:9586 ioctl c0306201 20000280 returned -14 [ 328.113600][ T5876] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 328.135527][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 328.169273][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 328.208675][ T5876] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 328.250666][ T5876] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 328.291122][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.311667][ T5876] usb 2-1: config 0 descriptor?? [ 328.317998][ T9583] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 328.587147][ T9602] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 328.772698][ T5876] usbhid 2-1:0.0: can't add hid device: -71 [ 328.789706][ T5876] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 328.808786][ T5876] usb 2-1: USB disconnect, device number 10 [ 329.149567][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 329.332669][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 329.345638][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 329.385095][ T29] audit: type=1400 audit(1733900730.060:110): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=2626200D3A03 pid=9614 comm="syz.1.1073" [ 329.415592][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 329.483546][ T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 329.532903][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.614514][ T9] usb 5-1: config 0 descriptor?? [ 329.628876][ T9615] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1073' sets config #1 [ 330.041260][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 330.073715][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 330.115024][ T9] usb 5-1: USB disconnect, device number 8 [ 330.162619][ T9629] netlink: 'syz.5.1077': attribute type 2 has an invalid length. [ 330.228384][ T9634] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 330.520590][ T9638] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 330.611404][ T9639] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1079'. [ 330.659204][ T9639] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1079'. [ 330.728921][ T9639] team0: entered promiscuous mode [ 330.744485][ T9639] team_slave_0: entered promiscuous mode [ 330.751383][ T9639] team_slave_1: entered promiscuous mode [ 330.759808][ T9639] ip6gretap0: entered promiscuous mode [ 330.770441][ T9639] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 330.790297][ T9639] Cannot create hsr debugfs directory [ 330.959388][ T5877] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 331.107744][ T9657] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1087'. [ 331.142644][ T5877] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 331.155307][ T5877] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 331.166686][ T5877] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 331.177901][ T5877] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 331.191135][ T5877] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 331.200457][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.211144][ T5877] usb 2-1: config 0 descriptor?? [ 331.216748][ T9644] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 331.269225][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807b158000: rx timeout, send abort [ 331.631624][ T5877] usbhid 2-1:0.0: can't add hid device: -71 [ 331.637787][ T5877] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 331.652212][ T5877] usb 2-1: USB disconnect, device number 11 [ 331.779058][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807b158000: abort rx timeout. Force session deactivation [ 332.229356][ T5876] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 332.246170][ T9674] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 332.411361][ T5876] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 332.496837][ T5876] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 332.527969][ T5876] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 332.583018][ T5876] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 332.616478][ T5876] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.641733][ T5876] usb 6-1: config 0 descriptor?? [ 332.714454][ T29] audit: type=1326 audit(1733900733.400:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effcf17ff19 code=0x7ffc0000 [ 332.726341][ T5842] Bluetooth: hci2: unexpected event for opcode 0x0809 [ 332.736709][ C1] vkms_vblank_simulate: vblank timer overrun [ 332.790362][ T29] audit: type=1326 audit(1733900733.400:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effcf17ff19 code=0x7ffc0000 [ 332.895405][ T29] audit: type=1326 audit(1733900733.410:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7effcf17ff19 code=0x7ffc0000 [ 332.934017][ T29] audit: type=1326 audit(1733900733.410:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effcf17ff19 code=0x7ffc0000 [ 332.993651][ T29] audit: type=1326 audit(1733900733.410:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effcf17ff19 code=0x7ffc0000 [ 333.039429][ T9692] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1101'. [ 333.061184][ T9694] sg_read: process 595 (syz.0.1102) changed security contexts after opening file descriptor, this is not allowed. [ 333.063190][ T9692] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1101'. [ 333.086552][ T29] audit: type=1326 audit(1733900733.410:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7effcf17ff19 code=0x7ffc0000 [ 333.109260][ T5876] usbhid 6-1:0.0: can't add hid device: -71 [ 333.115268][ T5876] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 333.128639][ T5876] usb 6-1: USB disconnect, device number 8 [ 333.144739][ T29] audit: type=1326 audit(1733900733.410:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effcf17ff19 code=0x7ffc0000 [ 333.183944][ T29] audit: type=1326 audit(1733900733.410:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effcf17ff19 code=0x7ffc0000 [ 333.222253][ T29] audit: type=1326 audit(1733900733.410:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7effcf17ff19 code=0x7ffc0000 [ 333.499907][ T5878] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 333.666475][ T5878] usb 1-1: too many endpoints for config 1 interface 0 altsetting 253: 68, using maximum allowed: 30 [ 333.699484][ T5878] usb 1-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 68 [ 333.726182][ T5878] usb 1-1: config 1 interface 0 has no altsetting 0 [ 333.735818][ T5878] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 333.749188][ T5878] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.757250][ T5878] usb 1-1: Product: syz [ 333.769804][ T5878] usb 1-1: Manufacturer: syz [ 333.779466][ T5878] usb 1-1: SerialNumber: syz [ 334.050909][ T9728] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1116'. [ 334.079498][ T9728] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1116'. [ 334.138913][ T9730] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1117'. [ 334.159428][ T9730] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1117'. [ 334.550770][ T5876] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 334.687963][ T9751] loop6: detected capacity change from 0 to 524287999 [ 334.727096][ C1] blk_print_req_error: 7 callbacks suppressed [ 334.727118][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 334.742522][ C1] buffer_io_error: 7 callbacks suppressed [ 334.742537][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 334.772833][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 334.782098][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 334.822463][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 334.831731][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 334.846412][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 334.855763][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 334.865095][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 334.874346][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 334.883711][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 334.892916][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 334.903086][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 334.912279][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 334.926205][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 334.935457][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 334.943437][ T9751] ldm_validate_partition_table(): Disk read failed. [ 334.953799][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 334.963130][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 334.971725][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 334.980919][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 334.998549][ T5921] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 334.998587][ T9751] Dev loop6: unable to read RDB block 0 [ 335.017031][ T9751] loop6: unable to read partition table [ 335.023348][ T9751] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 335.104151][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 335.121350][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 335.131403][ T5876] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 335.144435][ T5876] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 335.153689][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 335.174117][ T5876] usb 2-1: config 0 descriptor?? [ 335.212688][ T5921] usb 6-1: Using ep0 maxpacket: 32 [ 335.242300][ T5921] usb 6-1: config 0 has an invalid interface number: 202 but max is 1 [ 335.251219][ T5921] usb 6-1: config 0 has no interface number 1 [ 335.257381][ T5921] usb 6-1: too many endpoints for config 0 interface 202 altsetting 87: 182, using maximum allowed: 30 [ 335.298282][ T5921] usb 6-1: config 0 interface 202 altsetting 87 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 335.319960][ T5921] usb 6-1: config 0 interface 202 altsetting 87 endpoint 0x5 has invalid wMaxPacketSize 0 [ 335.337160][ T5921] usb 6-1: config 0 interface 202 altsetting 87 has 2 endpoint descriptors, different from the interface descriptor's value: 182 [ 335.359211][ T5921] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 335.375851][ T5921] usb 6-1: config 0 interface 202 has no altsetting 0 [ 335.389547][ T5921] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.2b [ 335.398988][ T5921] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.422450][ T5921] usb 6-1: Product: syz [ 335.426838][ T5921] usb 6-1: Manufacturer: syz [ 335.439036][ T5921] usb 6-1: SerialNumber: syz [ 335.466516][ T5921] usb 6-1: config 0 descriptor?? [ 335.503103][ T5921] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 335.580442][ T5921] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 335.686729][ T35] usb 6-1: Failed to submit usb control message: -71 [ 335.686987][ T5921] usb 6-1: USB disconnect, device number 9 [ 335.695223][ T2992] usb 6-1: Failed to submit usb control message: -71 [ 335.719248][ T35] usb 6-1: unable to send the bmi data to the device: -71 [ 335.726439][ T35] usb 6-1: unable to get target info from device [ 335.746758][ T2992] usb 6-1: unable to send the bmi data to the device: -71 [ 335.751565][ T35] usb 6-1: could not get target info (-71) [ 335.760886][ T35] usb 6-1: could not probe fw (-71) [ 335.780572][ T2992] usb 6-1: unable to get target info from device [ 335.786980][ T2992] usb 6-1: could not get target info (-71) [ 335.809200][ T2992] usb 6-1: could not probe fw (-71) [ 335.883818][ T5876] usbhid 2-1:0.0: can't add hid device: -71 [ 335.897116][ T5876] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 335.967051][ T5876] usb 2-1: USB disconnect, device number 12 [ 336.216223][ T9774] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1130'. [ 336.261092][ T5878] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 17 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 336.461165][ T5878] usb 1-1: USB disconnect, device number 17 [ 336.468651][ T5878] usblp0: removed [ 337.229192][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 337.236415][ C1] bridge0: port 2(bridge_slave_1) entered learning state [ 337.859054][ T9804] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1142'. [ 338.569937][ T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 338.673103][ T9836] IPVS: Scheduler module ip_vs_ not found [ 338.831338][ T9] usb 2-1: config index 0 descriptor too short (expected 63506, got 18) [ 338.841948][ T9] usb 2-1: New USB device found, idVendor=0830, idProduct=0060, bcdDevice=13.2b [ 338.851440][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.895011][ T9] usb 2-1: Product: syz [ 338.945595][ T9] usb 2-1: Manufacturer: syz [ 338.952072][ T9] usb 2-1: SerialNumber: syz [ 339.048308][ T9850] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1161'. [ 339.078076][ T9850] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1161'. [ 339.303407][ T9] visor 2-1:1.0: Handspring Visor / Palm OS converter detected [ 339.313279][ T9] usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 339.326485][ T9] usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 339.564266][ T9] usb 2-1: USB disconnect, device number 13 [ 339.584817][ T9] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 339.621720][ T9] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 339.649920][ T9] visor 2-1:1.0: device disconnected [ 340.396057][ T9879] loop1: detected capacity change from 0 to 1024 [ 340.409933][ T9875] IPVS: Scheduler module ip_vs_ not found [ 340.456796][ T9879] EXT4-fs: Ignoring removed orlov option [ 340.483610][ T9879] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 340.553115][ T9879] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 342.917221][ T5825] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 343.154552][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 343.679706][ T57] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 343.805766][ T9935] loop4: detected capacity change from 0 to 1024 [ 343.820182][ T9935] EXT4-fs: Ignoring removed orlov option [ 343.840546][ T57] usb 2-1: Using ep0 maxpacket: 32 [ 343.853592][ T57] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 343.874580][ T57] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 343.876466][ T9935] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 343.902638][ T57] usb 2-1: New USB device found, idVendor=0079, idProduct=1801, bcdDevice= 0.00 [ 343.907310][ T6632] udevd[6632]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 343.925822][ T57] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.946567][ T57] usb 2-1: config 0 descriptor?? [ 343.964890][ T9935] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 344.260403][ T57] usbhid 2-1:0.0: can't add hid device: -71 [ 344.277662][ T57] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 344.311643][ T57] usb 2-1: USB disconnect, device number 14 [ 344.618625][ T9945] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1193'. [ 344.682164][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 345.088407][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 345.122866][ T9948] tipc: Failed to remove unknown binding: 66,1,1/0:2751195227/2751195229 [ 345.291352][ T9949] tipc: Failed to remove unknown binding: 66,1,1/0:2751195227/2751195229 [ 345.300246][ T9949] tipc: Failed to remove unknown binding: 66,1,1/0:2751195227/2751195229 [ 345.986421][ T9965] netlink: 'syz.1.1202': attribute type 1 has an invalid length. [ 346.101313][ T9967] loop1: detected capacity change from 0 to 1024 [ 346.120406][ T9967] EXT4-fs: Ignoring removed orlov option [ 346.136673][ T9967] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 346.185185][ T9967] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 346.740252][ T5825] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 346.851997][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 347.809960][T10003] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1214'. [ 347.878597][T10003] binder: 9994:10003 ioctl c0306201 20000280 returned -14 [ 349.879855][T10049] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 349.908744][T10052] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1234'. [ 349.974534][T10049] RDS: rds_bind could not find a transport for ::ffff:10.1.1.0, load rds_tcp or rds_rdma? [ 350.452002][T10071] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1237'. [ 350.507552][T10075] binder: 10058:10075 ioctl c0306201 20000280 returned -14 [ 350.769272][ T5921] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 350.943644][ T5921] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 350.968503][ T5921] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 350.998996][ T5921] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 351.023007][ T5921] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 351.087017][ T5921] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.098438][ T5921] usb 2-1: config 0 descriptor?? [ 351.741270][ T5921] usbhid 2-1:0.0: can't add hid device: -71 [ 351.747263][ T5921] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 351.775675][ T5921] usb 2-1: USB disconnect, device number 15 [ 351.962722][T10086] vlan2: entered promiscuous mode [ 351.977970][T10086] hsr0: entered promiscuous mode [ 351.988416][T10086] vlan2: entered allmulticast mode [ 352.004417][T10086] hsr0: entered allmulticast mode [ 352.032579][T10086] hsr_slave_0: entered allmulticast mode [ 352.079223][T10086] hsr_slave_1: entered allmulticast mode [ 352.123861][T10086] hsr0: left allmulticast mode [ 352.128644][T10086] hsr_slave_0: left allmulticast mode [ 352.149542][T10086] hsr_slave_1: left allmulticast mode [ 352.159243][T10086] hsr0: left promiscuous mode [ 352.531917][T10094] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1249'. [ 353.095889][T10106] loop0: detected capacity change from 0 to 1024 [ 353.159615][T10106] EXT4-fs: Ignoring removed orlov option [ 353.186200][ T6632] udevd[6632]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 353.194523][T10106] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 353.268663][T10106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 353.849327][ T5911] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 353.981859][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 354.009226][ T5911] usb 3-1: Using ep0 maxpacket: 8 [ 354.020801][ T5911] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 354.033524][ T6632] udevd[6632]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 354.039520][ T5911] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 354.099891][ T5911] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 354.162603][ T5911] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 354.200565][ T5911] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 354.238357][ T5911] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 354.268779][ T5911] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.487318][ T5911] usb 3-1: usb_control_msg returned -32 [ 354.497987][ T5911] usbtmc 3-1:16.0: can't read capabilities [ 354.809400][T10141] binder: 10139:10141 ioctl 4018620d 0 returned -22 [ 354.964970][T10146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1264'. [ 355.565904][T10160] loop0: detected capacity change from 0 to 1024 [ 355.579904][T10160] EXT4-fs: Ignoring removed orlov option [ 355.588126][T10160] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 355.640266][ T6632] udevd[6632]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 355.656934][T10160] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 356.435541][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 356.453325][ T5921] usb 3-1: USB disconnect, device number 18 [ 356.486697][T10171] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1273'. [ 356.511534][T10171] binder: 10167:10171 ioctl c0306201 20000280 returned -14 [ 356.602845][ T5833] udevd[5833]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 356.820823][T10173] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 356.851425][T10173] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 356.887061][T10173] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 356.907359][T10173] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 356.927603][T10173] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 356.968431][T10173] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 356.988707][T10173] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 357.008526][T10173] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 357.021864][T10173] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 357.039258][T10173] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 357.754281][T10197] ipip0: entered promiscuous mode [ 360.329535][ T5910] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 360.479365][ T5910] usb 2-1: Using ep0 maxpacket: 32 [ 360.492311][ T5910] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 360.516855][ T5910] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 360.539307][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.565532][ T5910] usb 2-1: Product: syz [ 360.583475][ T5910] usb 2-1: Manufacturer: syz [ 360.606356][ T5910] usb 2-1: SerialNumber: syz [ 360.632556][ T5910] usb 2-1: config 0 descriptor?? [ 360.656461][T10256] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1306'. [ 360.679975][ T5910] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 360.710017][T10256] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1306'. [ 361.146005][T10266] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1307'. [ 361.574317][ T5876] usb 2-1: USB disconnect, device number 16 [ 361.584262][ T6663] usb 2-1: Failed to submit usb control message: -71 [ 361.626943][T10272] geneve2: entered promiscuous mode [ 361.663459][ T6663] usb 2-1: unable to send the bmi data to the device: -71 [ 361.694459][ T6663] usb 2-1: unable to get target info from device [ 361.735650][ T6663] usb 2-1: could not get target info (-71) [ 361.759350][ T6663] usb 2-1: could not probe fw (-71) [ 362.249596][T10285] ================================================================== [ 362.257701][T10285] BUG: KASAN: null-ptr-deref in __se_sys_io_uring_register+0x1227/0x3b60 [ 362.260183][T10291] binder: 10282:10291 ioctl c0306201 0 returned -14 [ 362.266119][T10285] Write of size 8 at addr 0000000000000406 by task syz.5.1316/10285 [ 362.266142][T10285] [ 362.266151][T10285] CPU: 1 UID: 0 PID: 10285 Comm: syz.5.1316 Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 362.266173][T10285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 362.289810][T10290] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1319'. [ 362.293249][T10285] Call Trace: [ 362.315537][T10285] [ 362.318484][T10285] dump_stack_lvl+0x241/0x360 [ 362.323186][T10285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 362.328414][T10285] ? __pfx__printk+0x10/0x10 [ 362.329398][T10290] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1319'. [ 362.333013][T10285] ? _printk+0xd5/0x120 [ 362.346104][T10285] print_report+0xe8/0x550 [ 362.350538][T10285] ? __virt_addr_valid+0x58/0x530 [ 362.355584][T10285] ? __se_sys_io_uring_register+0x1227/0x3b60 [ 362.361671][T10285] kasan_report+0x143/0x180 [ 362.366193][T10285] ? __se_sys_io_uring_register+0x1227/0x3b60 [ 362.372281][T10285] kasan_check_range+0x282/0x290 [ 362.377242][T10285] __se_sys_io_uring_register+0x1227/0x3b60 [ 362.383160][T10285] ? __pfx___futex_wait+0x10/0x10 [ 362.388208][T10285] ? __pfx___se_sys_io_uring_register+0x10/0x10 [ 362.394480][T10285] ? futex_hash+0x1e/0x1f0 [ 362.398928][T10285] ? futex_wait+0x285/0x360 [ 362.403454][T10285] ? __pfx_futex_wait+0x10/0x10 [ 362.408352][T10285] ? __mm_populate+0x39a/0x460 [ 362.413139][T10285] ? do_futex+0x33b/0x560 [ 362.417495][T10285] ? __pfx_do_futex+0x10/0x10 [ 362.422192][T10285] ? vm_mmap_pgoff+0x303/0x430 [ 362.426977][T10285] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 362.432976][T10285] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 362.439325][T10285] ? do_syscall_64+0x100/0x230 [ 362.444110][T10285] ? do_syscall_64+0xb6/0x230 [ 362.448817][T10285] do_syscall_64+0xf3/0x230 [ 362.453343][T10285] ? clear_bhb_loop+0x35/0x90 [ 362.458043][T10285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.463955][T10285] RIP: 0033:0x7f6f0d57ff19 [ 362.468382][T10285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.488011][T10285] RSP: 002b:00007f6f0e2fd058 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 362.496449][T10285] RAX: ffffffffffffffda RBX: 00007f6f0d745fa0 RCX: 00007f6f0d57ff19 [ 362.504439][T10285] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000003 [ 362.512426][T10285] RBP: 00007f6f0d5f3cc8 R08: 0000000000000000 R09: 0000000000000000 [ 362.520418][T10285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 362.528409][T10285] R13: 0000000000000000 R14: 00007f6f0d745fa0 R15: 00007fff91a6c5e8 [ 362.536408][T10285] [ 362.539440][T10285] ================================================================== [ 362.561819][T10295] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 362.598514][T10285] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 362.605750][T10285] CPU: 1 UID: 0 PID: 10285 Comm: syz.5.1316 Not tainted 6.13.0-rc1-next-20241205-syzkaller #0 [ 362.616008][T10285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 362.626082][T10285] Call Trace: [ 362.629379][T10285] [ 362.632326][T10285] dump_stack_lvl+0x241/0x360 [ 362.637032][T10285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 362.642253][T10285] ? __pfx__printk+0x10/0x10 [ 362.646871][T10285] ? preempt_schedule+0xe1/0xf0 [ 362.651746][T10285] ? vscnprintf+0x5d/0x90 [ 362.656100][T10285] panic+0x349/0x880 [ 362.660015][T10285] ? check_panic_on_warn+0x21/0xb0 [ 362.665145][T10285] ? __pfx_panic+0x10/0x10 [ 362.669585][T10285] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 362.675586][T10285] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 362.681931][T10285] ? print_report+0xe8/0x550 [ 362.686541][T10285] check_panic_on_warn+0x86/0xb0 [ 362.691495][T10285] ? __se_sys_io_uring_register+0x1227/0x3b60 [ 362.697589][T10285] end_report+0x77/0x160 [ 362.701869][T10285] kasan_report+0x154/0x180 [ 362.706406][T10285] ? __se_sys_io_uring_register+0x1227/0x3b60 [ 362.712499][T10285] kasan_check_range+0x282/0x290 [ 362.717457][T10285] __se_sys_io_uring_register+0x1227/0x3b60 [ 362.723376][T10285] ? __pfx___futex_wait+0x10/0x10 [ 362.728424][T10285] ? __pfx___se_sys_io_uring_register+0x10/0x10 [ 362.734685][T10285] ? futex_hash+0x1e/0x1f0 [ 362.739124][T10285] ? futex_wait+0x285/0x360 [ 362.743645][T10285] ? __pfx_futex_wait+0x10/0x10 [ 362.748515][T10285] ? __mm_populate+0x39a/0x460 [ 362.753312][T10285] ? do_futex+0x33b/0x560 [ 362.757665][T10285] ? __pfx_do_futex+0x10/0x10 [ 362.762360][T10285] ? vm_mmap_pgoff+0x303/0x430 [ 362.767143][T10285] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 362.773140][T10285] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 362.779487][T10285] ? do_syscall_64+0x100/0x230 [ 362.784268][T10285] ? do_syscall_64+0xb6/0x230 [ 362.788966][T10285] do_syscall_64+0xf3/0x230 [ 362.793490][T10285] ? clear_bhb_loop+0x35/0x90 [ 362.798189][T10285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.804101][T10285] RIP: 0033:0x7f6f0d57ff19 [ 362.808530][T10285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.828156][T10285] RSP: 002b:00007f6f0e2fd058 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 362.836594][T10285] RAX: ffffffffffffffda RBX: 00007f6f0d745fa0 RCX: 00007f6f0d57ff19 [ 362.844582][T10285] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000003 [ 362.852569][T10285] RBP: 00007f6f0d5f3cc8 R08: 0000000000000000 R09: 0000000000000000 [ 362.860556][T10285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 362.868543][T10285] R13: 0000000000000000 R14: 00007f6f0d745fa0 R15: 00007fff91a6c5e8 [ 362.876535][T10285] [ 362.879713][T10285] Kernel Offset: disabled [ 362.884029][T10285] Rebooting in 86400 seconds..