last executing test programs: 9.977135736s ago: executing program 2 (id=296): pipe2$9p(0x0, 0x0) r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="120186b4000000206e059b010000000000010902240001000070800904000001030000000921f500080122070009058103000207fe00f5c20c340902927afb2765c6615e7ff6e310f764dc5c3d212560a58b574a283e25e49a3eec7ff90b532b6cd14d35"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) io_setup(0x1, &(0x7f0000000040)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'veth1_to_bridge\x00'}) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x1000)=nil, 0x1000, &(0x7f0000000080)='\x00\x00\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r4, 0x4000) close(r4) 7.145041388s ago: executing program 3 (id=308): r0 = socket(0x40000000015, 0x5, 0x0) r1 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x3238, 0x400, 0xffffffff, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000540)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x438}, 0x0, 0x12f4c4729764eade, 0x1}) io_uring_enter(r1, 0x3516, 0xa00100, 0x0, 0x0, 0x0) 6.24523135s ago: executing program 3 (id=309): r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r1, 0x8946, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, 0x0) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x4, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x84) 6.194117603s ago: executing program 3 (id=310): r0 = mq_open(&(0x7f000084dff0)='\xa1sxt\x1a\x00\x00\x00\x00\x00\x00\x00\x01\x88\xbdd', 0x6e93ebbbcc0884f2, 0x100, &(0x7f0000000300)={0xfffffffffffffffe, 0x6, 0x3}) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') pselect6(0x40, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x0, 0x10000000004, 0x0, 0x200, 0x1ff}, 0x0, &(0x7f0000000140)={0x18, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x0, 0x2003ff}, 0x0, 0x0) mq_timedreceive(r0, &(0x7f0000000180)=""/204, 0xcc, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0) read$char_usb(r3, 0x0, 0x0) r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x842d80, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0, 0x160}, {r1, 0xc1ca}, {r4, 0x102}, {0xffffffffffffffff, 0x1002}], 0x4, &(0x7f0000000100)={0x77359400}, &(0x7f0000000280)={[0x8]}, 0x8) 5.217858479s ago: executing program 2 (id=313): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd1, 0x0, 0x0) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0x0) ioctl$SIOCGETVIFCNT(r0, 0x89e0, &(0x7f00000008c0)) open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) pipe2(&(0x7f0000000240), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0, 0x0) chown(&(0x7f00000003c0)='./file0\x00', 0x0, 0xee01) preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/216, 0xd8}], 0x1, 0xa3, 0xd) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000002c0)='blkio.throttle.write_iops_device\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f00000000c0)=ANY=[], 0x6a) 5.164368422s ago: executing program 1 (id=314): r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) lsetxattr$security_ima(&(0x7f0000000100)='./bus\x00', &(0x7f0000000180), &(0x7f0000000240)=ANY=[@ANYBLOB="01"], 0xa, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) 4.825181572s ago: executing program 1 (id=315): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x3020}], 0x1, &(0x7f00000001c0)={0x0, 0x989680}, 0x0, 0x0) 4.079887365s ago: executing program 1 (id=316): socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) r1 = gettid() syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000040)=0x2fff) syz_usb_connect(0x0, 0xfffffc4f, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000000)) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3000011, 0x200000006c832, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 3.99744654s ago: executing program 2 (id=317): socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) getrandom(&(0x7f0000000180)=""/263, 0x107, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0xffffffffffffff91, 0x0}, &(0x7f0000000240)=0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1bc2, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f9}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000240), 0x0, 0x501, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50) r1 = socket$inet(0x2, 0x80001, 0x84) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x10}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 3.737334434s ago: executing program 2 (id=319): getpid() sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x1, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}]}}]}, 0x3c}}, 0x4000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.540018076s ago: executing program 2 (id=321): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000300), 0x40a00, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x3, r1, 0x0, &(0x7f0000000080)='\x00', 0x1, 0x4}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f00000001c0)={0x28, 0x2, r1, 0x0, &(0x7f0000000280)='z[', 0x2, 0x6f}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000240)={0x28, 0x5, r1, 0x0, &(0x7f0000000200)="cc", 0x1}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x4, r1, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x2, r1, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xb7}) ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000180)={0x18, r1, 0x3, 0x8}) 3.357240536s ago: executing program 0 (id=322): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x8000}]}}]}, 0x3c}}, 0x4000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.357009386s ago: executing program 2 (id=323): setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0) r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) mbind(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_wait(r3, 0x0, 0x0, 0x80000000) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) 3.252864993s ago: executing program 0 (id=324): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x7, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x10001, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x8, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x6, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0xb6, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x5, 0x8e, 0xd50, 0x7, 0x2, 0x899, 0x401, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x40001, 0x4, 0x1c, 0x0, 0x1, 0xfffffff8, 0x3, 0x8, 0xffffff7f, 0x4, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x1, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x9, 0xfffffff8, 0x1ff, 0x81, 0xfffffffc, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x77, 0x9, 0x99, 0x7fffffff, 0x4, 0x5c, 0x1, 0x9, 0xfffff801, 0x5], [0x4, 0xfffffffe, 0xffff, 0x637b, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x800008d3, 0x200006, 0x8, 0x400, 0x82, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x1, 0x5, 0x9, 0xa, 0x3, 0x9, 0x1, 0xc7, 0xfff, 0x10000a, 0x10000002, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x3436, 0x3, 0xd, 0x3, 0x601, 0x0, 0xdd80, 0x5, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x401, 0x8000, 0xf45, 0x3, 0xd500, 0x2, 0x7a, 0x9, 0x6, 0x2, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x6300, 0x40, 0xfb, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0x3, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0x8, 0x32d, 0x0, 0x1ff, 0x2000803, 0xfffffffc, 0x10000, 0x0, 0x1b3a, 0x81, 0x43, 0x7, 0x3, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0x2, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)}, 0x48000) recvmsg(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000900)=""/163, 0xa3}, {&(0x7f0000001140)=""/4096, 0x1000}, {0x0}], 0x3}, 0x12041) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x5, 0xf5, 0xf, 0x5, 0x6, 0x7, 0x1, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x100400}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 3.032960275s ago: executing program 3 (id=325): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd1, 0x0, 0x0) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0x0) ioctl$SIOCGETVIFCNT(r0, 0x89e0, &(0x7f00000008c0)) open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) pipe2(&(0x7f0000000240), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0, 0x0) chown(&(0x7f00000003c0)='./file0\x00', 0x0, 0xee01) preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/216, 0xd8}], 0x1, 0xa3, 0xd) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000002c0)='blkio.throttle.write_iops_device\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f00000000c0)=ANY=[], 0x6a) 1.857296373s ago: executing program 3 (id=326): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002940)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000640)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) accept4(r3, 0x0, 0x0, 0x800) 817.189223ms ago: executing program 3 (id=327): syz_usb_connect(0x2, 0x2d, &(0x7f0000000a00)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0) r0 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x1) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, 0x0) 637.455113ms ago: executing program 1 (id=328): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) getsockname$packet(r1, 0x0, &(0x7f00000000c0)) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newlink={0x3c, 0x10, 0x427, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x50483}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}], 0x20}}], 0x400000000000041, 0x4880) 573.161246ms ago: executing program 0 (id=329): getpid() sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[], 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x1, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}]}}]}, 0x3c}}, 0x4000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 416.379026ms ago: executing program 0 (id=330): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x14, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) 415.510136ms ago: executing program 1 (id=331): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0x5]}, 0x8, 0x800) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000300)={0x1, 0x3}) 265.105505ms ago: executing program 0 (id=332): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x8000}]}}]}, 0x3c}}, 0x4000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 169.32987ms ago: executing program 1 (id=333): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9e, 0x17, 0x36, 0x10, 0x17ef, 0x721e, 0xde06, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6}}]}}]}}, 0x0) socket(0x15, 0x80005, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000000c0)={0x1c, &(0x7f0000000080)={0x40, 0xf, 0x4, "237c1a73"}, 0x0, 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 0 (id=334): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'}) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x400aee2, 0x400, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x300) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.135' (ED25519) to the list of known hosts. [ 81.867303][ T5759] cgroup: Unknown subsys name 'net' [ 82.046243][ T5759] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.744698][ T5759] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.397734][ T5773] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.414794][ T5779] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.423444][ T5779] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.431943][ T5779] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.440172][ T5779] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.449781][ T5779] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.458394][ T5779] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.466708][ T5779] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.477442][ T5779] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.485329][ T5779] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.509645][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.534196][ T5780] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.554976][ T5786] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.563571][ T5783] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.563685][ T5786] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.578388][ T5786] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.587435][ T5786] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.595594][ T5786] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.603701][ T5085] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.616622][ T5783] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.637459][ T5783] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.653232][ T5783] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.664246][ T5783] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.676946][ T5783] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.036291][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 86.173037][ T5776] chnl_net:caif_netlink_parms(): no params data found [ 86.241340][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.250024][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.257485][ T5771] bridge_slave_0: entered allmulticast mode [ 86.264567][ T5771] bridge_slave_0: entered promiscuous mode [ 86.293846][ T5775] chnl_net:caif_netlink_parms(): no params data found [ 86.305028][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.313047][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.320397][ T5771] bridge_slave_1: entered allmulticast mode [ 86.327906][ T5771] bridge_slave_1: entered promiscuous mode [ 86.431483][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.444588][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.515653][ T5776] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.522965][ T5776] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.530618][ T5776] bridge_slave_0: entered allmulticast mode [ 86.538043][ T5776] bridge_slave_0: entered promiscuous mode [ 86.548974][ T5771] team0: Port device team_slave_0 added [ 86.555191][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 86.584459][ T5776] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.592480][ T5776] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.599792][ T5776] bridge_slave_1: entered allmulticast mode [ 86.607307][ T5776] bridge_slave_1: entered promiscuous mode [ 86.615368][ T5771] team0: Port device team_slave_1 added [ 86.683051][ T5775] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.690923][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.698380][ T5775] bridge_slave_0: entered allmulticast mode [ 86.705406][ T5775] bridge_slave_0: entered promiscuous mode [ 86.724911][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.732103][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.758304][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.775836][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.783193][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.790669][ T5775] bridge_slave_1: entered allmulticast mode [ 86.798144][ T5775] bridge_slave_1: entered promiscuous mode [ 86.807608][ T5776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.817362][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.824356][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.850456][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.882591][ T5776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.027711][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.051990][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.084000][ T5771] hsr_slave_0: entered promiscuous mode [ 87.108058][ T5771] hsr_slave_1: entered promiscuous mode [ 87.123687][ T5776] team0: Port device team_slave_0 added [ 87.146120][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.154224][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.166220][ T5784] bridge_slave_0: entered allmulticast mode [ 87.174368][ T5784] bridge_slave_0: entered promiscuous mode [ 87.189148][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.196336][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.208897][ T5784] bridge_slave_1: entered allmulticast mode [ 87.216414][ T5784] bridge_slave_1: entered promiscuous mode [ 87.262178][ T5776] team0: Port device team_slave_1 added [ 87.330848][ T5775] team0: Port device team_slave_0 added [ 87.344374][ T5775] team0: Port device team_slave_1 added [ 87.353935][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.372700][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.405187][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.414783][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.446133][ T5776] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.524603][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.532523][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.563213][ T5776] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.597290][ T5779] Bluetooth: hci2: command tx timeout [ 87.660117][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.668190][ T5779] Bluetooth: hci1: command tx timeout [ 87.668212][ T5783] Bluetooth: hci0: command tx timeout [ 87.669329][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.705251][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.718129][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.725119][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.751591][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.757205][ T5779] Bluetooth: hci3: command tx timeout [ 87.787422][ T5784] team0: Port device team_slave_0 added [ 87.824118][ T5776] hsr_slave_0: entered promiscuous mode [ 87.832070][ T5776] hsr_slave_1: entered promiscuous mode [ 87.839016][ T5776] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.846971][ T5776] Cannot create hsr debugfs directory [ 87.866187][ T5784] team0: Port device team_slave_1 added [ 87.885832][ T5775] hsr_slave_0: entered promiscuous mode [ 87.892600][ T5775] hsr_slave_1: entered promiscuous mode [ 87.899081][ T5775] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.907559][ T5775] Cannot create hsr debugfs directory [ 88.049630][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.056625][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.083857][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.123121][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.130990][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.157502][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.259130][ T5784] hsr_slave_0: entered promiscuous mode [ 88.265643][ T5784] hsr_slave_1: entered promiscuous mode [ 88.272158][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.279986][ T5784] Cannot create hsr debugfs directory [ 88.489864][ T5771] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.511775][ T5771] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.523334][ T5771] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.534106][ T5771] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.628847][ T5775] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.639508][ T5775] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.651370][ T5775] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.662476][ T5775] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.780597][ T5776] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.793936][ T5776] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.808812][ T5776] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.827651][ T5776] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.918624][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.929788][ T5784] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.942382][ T5784] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.967883][ T5784] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.991489][ T5784] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.013046][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.053168][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.060582][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.071715][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.078922][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.154561][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.225109][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.255794][ T5771] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.282750][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.290021][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.324997][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.332422][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.406463][ T5776] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.498833][ T5775] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.522919][ T5776] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.541058][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.564022][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.571285][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.642260][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.654727][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.661965][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.670974][ T5779] Bluetooth: hci2: command tx timeout [ 89.690626][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.747767][ T5779] Bluetooth: hci1: command tx timeout [ 89.759078][ T5779] Bluetooth: hci0: command tx timeout [ 89.772001][ T3519] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.779273][ T3519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.798429][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.805547][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.838719][ T5779] Bluetooth: hci3: command tx timeout [ 89.860368][ T5776] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 89.872137][ T5776] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.042573][ T5771] veth0_vlan: entered promiscuous mode [ 90.093681][ T5771] veth1_vlan: entered promiscuous mode [ 90.105523][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.159883][ T5771] veth0_macvtap: entered promiscuous mode [ 90.193984][ T5771] veth1_macvtap: entered promiscuous mode [ 90.294341][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.328091][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.341926][ T5775] veth0_vlan: entered promiscuous mode [ 90.357944][ T5775] veth1_vlan: entered promiscuous mode [ 90.382674][ T5771] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.392252][ T5771] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.401453][ T5771] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.410915][ T5771] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.460777][ T5776] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.542050][ T5775] veth0_macvtap: entered promiscuous mode [ 90.578694][ T5775] veth1_macvtap: entered promiscuous mode [ 90.629670][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.640924][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.654890][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.668216][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.678317][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.690602][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.702586][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.716622][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.740622][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.765665][ T5775] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.774604][ T5775] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.783969][ T5775] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.794307][ T5775] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.834865][ T3546] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.843939][ T3546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.853407][ T5776] veth0_vlan: entered promiscuous mode [ 90.939481][ T5776] veth1_vlan: entered promiscuous mode [ 91.084544][ T3519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.104678][ T3519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.155893][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.159940][ T5784] veth0_vlan: entered promiscuous mode [ 91.172092][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.194236][ T5776] veth0_macvtap: entered promiscuous mode [ 91.206121][ T5776] veth1_macvtap: entered promiscuous mode [ 91.239004][ T5784] veth1_vlan: entered promiscuous mode [ 91.293419][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.304235][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.314910][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.344714][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.356568][ T5824] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 91.387829][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.411482][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.422817][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.433447][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.446312][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.457888][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.480946][ T5784] veth0_macvtap: entered promiscuous mode [ 91.495370][ T5776] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.504850][ T5776] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.514102][ T5776] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.522971][ T5776] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.536866][ T5784] veth1_macvtap: entered promiscuous mode [ 91.565632][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.576479][ T5824] usb 2-1: Using ep0 maxpacket: 8 [ 91.581770][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.597518][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.609902][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.621480][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.627108][ T5824] usb 2-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11 [ 91.633392][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.651723][ T5824] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.655908][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.669563][ T9] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 91.677075][ T5824] usb 2-1: Product: syz [ 91.677095][ T5824] usb 2-1: Manufacturer: syz [ 91.677112][ T5824] usb 2-1: SerialNumber: syz [ 91.701346][ T5824] usb 2-1: config 0 descriptor?? [ 91.724891][ T5824] gspca_main: vc032x-2.14.0 probing 046d:0896 [ 91.746128][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.762380][ T5779] Bluetooth: hci2: command tx timeout [ 91.770054][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.780042][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.791257][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.801986][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.813109][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.825141][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.832827][ T5779] Bluetooth: hci0: command tx timeout [ 91.839330][ T5783] Bluetooth: hci1: command tx timeout [ 91.862984][ T5784] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.874196][ T5784] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.884486][ T5784] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.894050][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 91.905114][ T9] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 3 [ 91.914542][ T5783] Bluetooth: hci3: command tx timeout [ 91.922334][ T5784] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.931367][ T9] usb 1-1: config 0 has no interface number 1 [ 91.947859][ T9] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 91.961667][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.985344][ T9] usb 1-1: config 0 descriptor?? [ 92.021513][ T9] usb 1-1: unknown number of interfaces: 2 [ 92.075686][ T967] cfg80211: failed to load regulatory.db [ 92.084407][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.110339][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.166764][ T3546] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.176182][ T3546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.186973][ T5824] gspca_vc032x: reg_w err -71 [ 92.191797][ T5824] vc032x: probe of 2-1:0.0 failed with error -71 [ 92.215550][ T5824] usb 2-1: USB disconnect, device number 2 [ 92.261588][ T9] usb 1-1: USB disconnect, device number 2 [ 92.322457][ T3519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.343716][ T3519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.418468][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.436995][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.467670][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.184775][ T5873] tmpfs: Bad value for 'nr_blocks' [ 93.260628][ T5875] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 93.323858][ T5877] syz.3.4[5877]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 93.367329][ T5877] loop3: detected capacity change from 0 to 256 [ 93.440314][ T5877] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 93.525197][ T5787] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 93.697029][ T5867] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 93.733258][ T5888] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 93.827527][ T5783] Bluetooth: hci2: command tx timeout [ 93.902274][ T5891] tmpfs: Bad value for 'nr_blocks' [ 93.921908][ T5867] usb 1-1: Using ep0 maxpacket: 8 [ 93.927174][ T5783] Bluetooth: hci1: command tx timeout [ 93.927234][ T5783] Bluetooth: hci0: command tx timeout [ 93.978979][ T5867] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 93.987390][ T5779] Bluetooth: hci3: command tx timeout [ 94.036185][ T5867] usb 1-1: config 0 has no interface number 0 [ 94.054327][ T5867] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 94.102038][ T5867] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 94.124938][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.171531][ T5867] usb 1-1: config 0 descriptor?? [ 94.194782][ T5867] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 94.444050][ T5884] loop2: detected capacity change from 0 to 40427 [ 94.544059][ T5884] F2FS-fs (loop2): invalid crc value [ 94.765300][ T27] usb 1-1: USB disconnect, device number 3 [ 94.836059][ T5884] F2FS-fs (loop2): Start checkpoint disabled! [ 94.859008][ T5884] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 94.909443][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.130862][ T3519] kworker/u4:11: attempt to access beyond end of device [ 95.130862][ T3519] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 95.212893][ T3519] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 96.930494][ T5920] loop1: detected capacity change from 0 to 1024 [ 96.937255][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.065933][ T3519] hfsplus: b-tree write err: -5, ino 4 [ 97.077250][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.157537][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.166083][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.296069][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 97.365842][ T5924] veth0: entered promiscuous mode [ 97.374454][ T5924] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18'. [ 97.587963][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 97.705648][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 97.714448][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.096747][ T5928] loop1: detected capacity change from 0 to 21 [ 100.110589][ T5928] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 101.085120][ T5924] syz.3.18 (5924) used greatest stack depth: 20456 bytes left [ 101.656083][ T5939] netlink: 4 bytes leftover after parsing attributes in process `syz.0.21'. [ 101.736301][ T5939] netlink: 24 bytes leftover after parsing attributes in process `syz.0.21'. [ 102.218320][ T5944] loop2: detected capacity change from 0 to 1024 [ 102.242499][ T5944] EXT4-fs: Ignoring removed nomblk_io_submit option [ 102.528346][ T5944] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.844813][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.195590][ T5945] loop1: detected capacity change from 0 to 32768 [ 104.257459][ T5945] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 104.288426][ T5945] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 104.555350][ T5945] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 104.606378][ T5867] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 104.634701][ T5867] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 104.834553][ T5867] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 199ms [ 104.862586][ T5867] gfs2: fsid=syz:syz.0: jid=0: Done [ 104.922942][ T5945] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 105.407675][ T5974] netlink: 'syz.3.30': attribute type 3 has an invalid length. [ 105.564899][ T5976] netlink: 12 bytes leftover after parsing attributes in process `syz.0.29'. [ 105.623867][ T5976] loop0: detected capacity change from 0 to 21 [ 105.635605][ T5976] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 110.031747][ T5997] loop0: detected capacity change from 0 to 21 [ 110.043764][ T5997] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 110.758641][ T5996] netlink: 4 bytes leftover after parsing attributes in process `syz.1.37'. [ 110.794584][ T5774] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 110.893087][ T5998] netlink: 24 bytes leftover after parsing attributes in process `syz.1.37'. [ 111.475319][ T6003] loop2: detected capacity change from 0 to 8 [ 111.499293][ T6003] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 111.559781][ T5774] udevd[5774]: incorrect cramfs checksum on /dev/loop2 [ 112.170522][ T5774] udevd[5774]: incorrect cramfs checksum on /dev/loop2 [ 115.265527][ T6020] loop3: detected capacity change from 0 to 1024 [ 115.288948][ T6020] EXT4-fs: Ignoring removed nomblk_io_submit option [ 115.354500][ T6020] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.962982][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.404775][ T6050] process 'syz.2.47' launched './file0' with NULL argv: empty string added [ 120.622924][ T6075] netlink: 44 bytes leftover after parsing attributes in process `syz.1.54'. [ 121.804356][ T6084] loop0: detected capacity change from 0 to 256 [ 122.073940][ T6084] FAT-fs (loop0): Directory bread(block 64) failed [ 122.429993][ T6084] FAT-fs (loop0): Directory bread(block 65) failed [ 122.883817][ T6084] FAT-fs (loop0): Directory bread(block 66) failed [ 122.978180][ T6084] FAT-fs (loop0): Directory bread(block 67) failed [ 122.984887][ T6084] FAT-fs (loop0): Directory bread(block 68) failed [ 123.055934][ T6084] FAT-fs (loop0): Directory bread(block 69) failed [ 123.095013][ T6084] FAT-fs (loop0): Directory bread(block 70) failed [ 123.144342][ T6084] FAT-fs (loop0): Directory bread(block 71) failed [ 123.161136][ T6084] FAT-fs (loop0): Directory bread(block 72) failed [ 123.187023][ T6084] FAT-fs (loop0): Directory bread(block 73) failed [ 123.494627][ T6098] loop3: detected capacity change from 0 to 1024 [ 123.533140][ T6098] ======================================================= [ 123.533140][ T6098] WARNING: The mand mount option has been deprecated and [ 123.533140][ T6098] and is ignored by this kernel. Remove the mand [ 123.533140][ T6098] option from the mount to silence this warning. [ 123.533140][ T6098] ======================================================= [ 126.815065][ T6098] EXT4-fs: error -4 creating inode table initialization thread [ 126.844535][ T6098] EXT4-fs (loop3): mount failed [ 127.969310][ T6122] netlink: 44 bytes leftover after parsing attributes in process `syz.0.63'. [ 128.173254][ T6128] loop3: detected capacity change from 0 to 128 [ 128.334989][ T5843] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 129.997998][ T5843] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.013632][ T5843] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.023568][ T5843] usb 3-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 130.037992][ T5843] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.051260][ T5843] usb 3-1: config 0 descriptor?? [ 130.281365][ T5843] usbhid 3-1:0.0: can't add hid device: -71 [ 130.292487][ T5843] usbhid: probe of 3-1:0.0 failed with error -71 [ 130.303806][ T5843] usb 3-1: USB disconnect, device number 2 [ 131.181021][ T6144] IPVS: rr: FWM 3 0x00000003 - no destination available [ 131.199648][ T1188] IPVS: starting estimator thread 0... [ 131.317095][ T6146] IPVS: using max 18 ests per chain, 43200 per kthread [ 131.451994][ T6152] loop2: detected capacity change from 0 to 256 [ 131.618031][ T6152] FAT-fs (loop2): Directory bread(block 64) failed [ 131.656957][ T6152] FAT-fs (loop2): Directory bread(block 65) failed [ 131.665456][ T6152] FAT-fs (loop2): Directory bread(block 66) failed [ 131.847101][ T6152] FAT-fs (loop2): Directory bread(block 67) failed [ 131.969882][ T6152] FAT-fs (loop2): Directory bread(block 68) failed [ 132.152613][ T6152] FAT-fs (loop2): Directory bread(block 69) failed [ 132.327360][ T6152] FAT-fs (loop2): Directory bread(block 70) failed [ 132.386965][ T6152] FAT-fs (loop2): Directory bread(block 71) failed [ 132.417151][ T6152] FAT-fs (loop2): Directory bread(block 72) failed [ 132.458448][ T6152] FAT-fs (loop2): Directory bread(block 73) failed [ 134.047979][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.054858][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.407413][ T28] audit: type=1800 audit(1770363802.030:2): pid=6169 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.78" name="file1" dev="loop2" ino=1048593 res=0 errno=0 [ 134.777160][ T28] audit: type=1800 audit(1770363802.090:3): pid=6171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.78" name="file1" dev="loop2" ino=1048593 res=0 errno=0 [ 136.585706][ T6196] loop0: detected capacity change from 0 to 1024 [ 136.597752][ T6196] EXT4-fs: Ignoring removed nomblk_io_submit option [ 136.628505][ T6196] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 137.674630][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.118145][ T6216] loop1: detected capacity change from 0 to 256 [ 138.268854][ T6216] FAT-fs (loop1): Directory bread(block 64) failed [ 138.275499][ T6216] FAT-fs (loop1): Directory bread(block 65) failed [ 138.327016][ T6216] FAT-fs (loop1): Directory bread(block 66) failed [ 138.333674][ T6216] FAT-fs (loop1): Directory bread(block 67) failed [ 138.365835][ T6216] FAT-fs (loop1): Directory bread(block 68) failed [ 138.396881][ T6216] FAT-fs (loop1): Directory bread(block 69) failed [ 138.403596][ T6216] FAT-fs (loop1): Directory bread(block 70) failed [ 138.426870][ T6216] FAT-fs (loop1): Directory bread(block 71) failed [ 138.433615][ T6216] FAT-fs (loop1): Directory bread(block 72) failed [ 138.466858][ T6216] FAT-fs (loop1): Directory bread(block 73) failed [ 138.512116][ T6194] loop2: detected capacity change from 0 to 40427 [ 138.555445][ T6194] F2FS-fs (loop2): Fix alignment : internally, start(4096) end(16896) block(12288) [ 138.590021][ T6194] F2FS-fs (loop2): invalid crc value [ 138.633146][ T6194] F2FS-fs (loop2): Current segment's next free block offset is inconsistent with bitmap, logtype:2, segno:5, type:0, next_blkoff:0, blkofs:0 [ 138.673949][ T28] audit: type=1800 audit(1770363806.310:4): pid=6219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.93" name="file1" dev="loop1" ino=1048594 res=0 errno=0 [ 138.742557][ T6194] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-117) [ 138.861311][ T28] audit: type=1800 audit(1770363806.470:5): pid=6220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.93" name="file1" dev="loop1" ino=1048594 res=0 errno=0 [ 139.945519][ T6228] loop1: detected capacity change from 0 to 21 [ 139.958545][ T6228] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 140.693639][ T5787] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 141.924843][ T6235] loop3: detected capacity change from 0 to 512 [ 142.069827][ T6235] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.99: inode has both inline data and extents flags [ 142.086427][ T6235] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.99: couldn't read orphan inode 15 (err -117) [ 142.119935][ T6235] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.346785][ C0] sched: RT throttling activated [ 144.140718][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.372305][ T6255] loop3: detected capacity change from 0 to 256 [ 144.477419][ T6255] FAT-fs (loop3): Directory bread(block 64) failed [ 144.520380][ T6255] FAT-fs (loop3): Directory bread(block 65) failed [ 144.535245][ T6255] FAT-fs (loop3): Directory bread(block 66) failed [ 144.553457][ T6255] FAT-fs (loop3): Directory bread(block 67) failed [ 144.572881][ T6255] FAT-fs (loop3): Directory bread(block 68) failed [ 144.582055][ T6255] FAT-fs (loop3): Directory bread(block 69) failed [ 144.594158][ T6255] FAT-fs (loop3): Directory bread(block 70) failed [ 144.611810][ T6255] FAT-fs (loop3): Directory bread(block 71) failed [ 144.635359][ T6255] FAT-fs (loop3): Directory bread(block 72) failed [ 144.662567][ T6255] FAT-fs (loop3): Directory bread(block 73) failed [ 144.770853][ T28] audit: type=1800 audit(1770363812.390:6): pid=6255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.102" name="file1" dev="loop3" ino=1048595 res=0 errno=0 [ 144.965263][ T28] audit: type=1800 audit(1770363812.600:7): pid=6256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.102" name="file1" dev="loop3" ino=1048595 res=0 errno=0 [ 145.134191][ T28] audit: type=1800 audit(1770363812.630:8): pid=6256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.102" name="file1" dev="loop3" ino=1048595 res=0 errno=0 [ 145.366444][ T6258] netlink: 36 bytes leftover after parsing attributes in process `syz.1.103'. [ 145.380541][ T6258] Zero length message leads to an empty skb [ 146.666940][ T5844] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 146.868873][ T5844] usb 1-1: config 0 has an invalid interface number: 231 but max is 0 [ 146.877466][ T5844] usb 1-1: config 0 has no interface number 0 [ 146.883865][ T5844] usb 1-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 146.924390][ T5844] usb 1-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 146.996324][ T6272] loop3: detected capacity change from 0 to 21 [ 147.008455][ T6272] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 147.028118][ T5844] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.036581][ T5844] usb 1-1: Product: syz [ 147.072927][ T5844] usb 1-1: Manufacturer: syz [ 147.097091][ T5844] usb 1-1: SerialNumber: syz [ 147.245443][ T5844] usb 1-1: config 0 descriptor?? [ 147.313434][ T6265] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 147.541444][ T5844] plusb 1-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.0-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 52:f6:77:12:12:d2 [ 147.649015][ T5843] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 147.857045][ T5843] usb 3-1: Using ep0 maxpacket: 32 [ 147.878435][ T5843] usb 3-1: config 0 has an invalid interface number: 188 but max is 0 [ 147.909644][ T5843] usb 3-1: config 0 has no interface number 0 [ 147.915832][ T5843] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 147.954012][ T5843] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 147.971467][ T5843] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.000277][ T5843] usb 3-1: Product: syz [ 148.004604][ T5843] usb 3-1: Manufacturer: syz [ 148.024139][ T5843] usb 3-1: SerialNumber: syz [ 148.115354][ T5843] usb 3-1: config 0 descriptor?? [ 148.147192][ T6267] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 148.424319][ T6285] loop3: detected capacity change from 0 to 21 [ 148.437497][ T6285] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 148.967787][ T6267] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 149.484098][ T5867] usb 1-1: USB disconnect, device number 4 [ 149.491744][ T5867] plusb 1-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.0-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 151.025280][ T6316] loop3: detected capacity change from 0 to 256 [ 151.110367][ T6316] FAT-fs (loop3): Directory bread(block 64) failed [ 151.126845][ T6316] FAT-fs (loop3): Directory bread(block 65) failed [ 151.146196][ T6316] FAT-fs (loop3): Directory bread(block 66) failed [ 151.156660][ T6316] FAT-fs (loop3): Directory bread(block 67) failed [ 151.167282][ T6316] FAT-fs (loop3): Directory bread(block 68) failed [ 151.174129][ T6316] FAT-fs (loop3): Directory bread(block 69) failed [ 151.182421][ T6316] FAT-fs (loop3): Directory bread(block 70) failed [ 151.189434][ T6316] FAT-fs (loop3): Directory bread(block 71) failed [ 151.196380][ T6316] FAT-fs (loop3): Directory bread(block 72) failed [ 151.209011][ T6316] FAT-fs (loop3): Directory bread(block 73) failed [ 151.329506][ T28] audit: type=1800 audit(1770363818.930:9): pid=6316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.116" name="file1" dev="loop3" ino=1048596 res=0 errno=0 [ 151.497851][ T5843] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 151.526905][ T5843] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9 [ 151.556551][ T28] audit: type=1800 audit(1770363819.190:10): pid=6322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.116" name="file1" dev="loop3" ino=1048596 res=0 errno=0 [ 151.574815][ T5843] asix: probe of 3-1:0.188 failed with error -71 [ 151.612684][ T5843] usb 3-1: USB disconnect, device number 3 [ 151.655940][ T28] audit: type=1800 audit(1770363819.190:11): pid=6322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.116" name="file1" dev="loop3" ino=1048596 res=0 errno=0 [ 152.038813][ T6327] loop2: detected capacity change from 0 to 21 [ 152.050049][ T6327] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 152.357839][ T5787] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 153.146943][ T5867] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 153.348453][ T5867] usb 3-1: Using ep0 maxpacket: 16 [ 153.384714][ T5867] usb 3-1: config 0 has no interfaces? [ 153.393288][ T5867] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 153.419508][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.453820][ T5867] usb 3-1: config 0 descriptor?? [ 153.739044][ T6332] loop2: detected capacity change from 0 to 7 [ 153.769979][ T6332] Dev loop2: unable to read RDB block 7 [ 153.795552][ T6332] loop2: unable to read partition table [ 153.819450][ T6332] loop2: partition table beyond EOD, truncated [ 153.981477][ T6332] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 154.799987][ T5843] usb 3-1: USB disconnect, device number 4 [ 155.119019][ T6350] loop3: detected capacity change from 0 to 8 [ 155.134976][ T6350] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 155.162354][ T5774] udevd[5774]: incorrect cramfs checksum on /dev/loop3 [ 155.268481][ T5774] udevd[5774]: incorrect cramfs checksum on /dev/loop3 [ 155.419866][ T6353] loop0: detected capacity change from 0 to 4096 [ 155.649940][ T6353] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 156.867626][ T5867] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 156.930111][ T6374] loop1: detected capacity change from 0 to 256 [ 156.972340][ T6374] FAT-fs (loop1): Directory bread(block 64) failed [ 156.988372][ T6374] FAT-fs (loop1): Directory bread(block 65) failed [ 157.002793][ T6374] FAT-fs (loop1): Directory bread(block 66) failed [ 157.011182][ T6374] FAT-fs (loop1): Directory bread(block 67) failed [ 157.020994][ T6374] FAT-fs (loop1): Directory bread(block 68) failed [ 157.027782][ T6374] FAT-fs (loop1): Directory bread(block 69) failed [ 157.034447][ T6374] FAT-fs (loop1): Directory bread(block 70) failed [ 157.046918][ T6374] FAT-fs (loop1): Directory bread(block 71) failed [ 157.053932][ T6374] FAT-fs (loop1): Directory bread(block 72) failed [ 157.064226][ T6374] FAT-fs (loop1): Directory bread(block 73) failed [ 157.067033][ T5867] usb 4-1: Using ep0 maxpacket: 16 [ 157.078862][ T5867] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 157.087110][ T5867] usb 4-1: config 0 has no interface number 0 [ 157.093492][ T5867] usb 4-1: config 0 interface 8 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 157.114748][ T5867] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 157.124167][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 157.132748][ T5867] usb 4-1: Product: syz [ 157.137264][ T5867] usb 4-1: SerialNumber: syz [ 157.149479][ T28] audit: type=1800 audit(1770363824.790:12): pid=6374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.133" name="file1" dev="loop1" ino=1048597 res=0 errno=0 [ 157.171107][ T5867] usb 4-1: config 0 descriptor?? [ 157.186565][ T5867] usbhid 4-1:0.8: couldn't find an input interrupt endpoint [ 157.369187][ T28] audit: type=1800 audit(1770363825.010:13): pid=6375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.133" name="file1" dev="loop1" ino=1048597 res=0 errno=0 [ 157.437741][ T5867] usb 4-1: USB disconnect, device number 2 [ 157.459124][ T28] audit: type=1800 audit(1770363825.060:14): pid=6375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.133" name="file1" dev="loop1" ino=1048597 res=0 errno=0 [ 158.814988][ T6390] sit1: entered allmulticast mode [ 160.781233][ T6407] loop0: detected capacity change from 0 to 8 [ 160.811946][ T6407] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 160.831840][ T6408] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 160.860916][ T5774] udevd[5774]: incorrect cramfs checksum on /dev/loop0 [ 160.926313][ T5774] udevd[5774]: incorrect cramfs checksum on /dev/loop0 [ 165.563577][ T967] IPVS: starting estimator thread 0... [ 165.575273][ T6456] IPVS: ip_vs_add_dest(): server weight less than zero [ 165.677058][ T6457] IPVS: using max 18 ests per chain, 43200 per kthread [ 168.268655][ T6487] loop2: detected capacity change from 0 to 7 [ 168.337000][ T6487] Dev loop2: unable to read RDB block 7 [ 168.353346][ T6487] loop2: AHDI p1 p2 p3 [ 168.361356][ T6487] loop2: partition table partially beyond EOD, truncated [ 168.387232][ T6487] loop2: p1 start 1601398130 is beyond EOD, truncated [ 168.425422][ T6487] loop2: p2 start 1702059890 is beyond EOD, truncated [ 170.200038][ T6508] loop2: detected capacity change from 0 to 40427 [ 170.235533][ T6508] F2FS-fs (loop2): Unrecognized mount option "noinline" or missing value [ 172.456119][ T6537] loop3: detected capacity change from 0 to 40427 [ 172.466976][ T5844] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 172.477335][ T6537] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 172.484589][ T6537] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 172.494146][ T6537] F2FS-fs (loop3): heap/no_heap options were deprecated [ 172.503021][ T6537] F2FS-fs (loop3): invalid crc value [ 172.536909][ T6537] F2FS-fs (loop3): Found nat_bits in checkpoint [ 172.639110][ T6537] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 172.656878][ T5844] usb 1-1: Using ep0 maxpacket: 32 [ 172.665102][ T6537] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 172.679881][ T5844] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 172.700443][ T5844] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 172.736951][ T5844] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 172.771426][ T5844] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.801453][ T5844] usb 1-1: config 0 descriptor?? [ 172.817638][ T5844] hub 1-1:0.0: USB hub found [ 172.870037][ T5784] syz-executor: attempt to access beyond end of device [ 172.870037][ T5784] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 172.897721][ T5784] F2FS-fs (loop3): Remounting filesystem read-only [ 173.231100][ T5844] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 173.264197][ T5844] usbhid 1-1:0.0: can't add hid device: -71 [ 173.307563][ T5844] usbhid: probe of 1-1:0.0 failed with error -71 [ 173.365943][ T5844] usb 1-1: USB disconnect, device number 5 [ 173.964255][ T6587] loop0: detected capacity change from 0 to 1024 [ 173.974160][ T6587] EXT4-fs: Ignoring removed mblk_io_submit option [ 173.984513][ T6587] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 173.997920][ T6587] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 174.017093][ T967] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 174.028075][ T6587] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #11: comm syz.0.175: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 174.068206][ T6587] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.175: couldn't read orphan inode 11 (err -117) [ 174.127105][ T6587] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 174.239253][ T967] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 174.275822][ T967] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 174.335494][ T967] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.375788][ T967] usb 4-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 174.416630][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.467019][ T967] usb 4-1: config 7 interface 0 has no altsetting 0 [ 174.486930][ T967] usb 4-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 174.496244][ T967] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.648528][ T5779] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 174.658507][ T5779] Bluetooth: hci3: Injecting HCI hardware error event [ 174.667997][ T5783] Bluetooth: hci3: hardware error 0x00 [ 175.088589][ T967] input: HID 0458:5010 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:7.0/0003:0458:5010.0001/input/input5 [ 175.263012][ T967] kye 0003:0458:5010.0001: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.3-1/input0 [ 176.322982][ C0] kye 0003:0458:5010.0001: usb_submit_urb(ctrl) failed: -1 [ 176.635350][ T5814] usb 4-1: reset full-speed USB device number 3 using dummy_hcd [ 176.866959][ T5783] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 178.701654][ T5843] usb 4-1: USB disconnect, device number 3 [ 179.790260][ T6634] random: crng reseeded on system resumption [ 180.212425][ T6634] loop0: detected capacity change from 0 to 1024 [ 180.985009][ T5774] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 181.447431][ T6643] netlink: 404 bytes leftover after parsing attributes in process `syz.0.190'. [ 181.664609][ T6650] loop3: detected capacity change from 0 to 256 [ 183.332738][ T5843] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 183.561352][ T5843] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 183.598725][ T5843] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping [ 183.667576][ T5843] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 183.676706][ T5843] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.695319][ T5843] usb 3-1: Product: syz [ 183.700151][ T5843] usb 3-1: Manufacturer: syz [ 183.704794][ T5843] usb 3-1: SerialNumber: syz [ 183.724641][ T5843] usb 3-1: config 0 descriptor?? [ 183.747912][ T6652] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 183.755378][ T6652] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 183.792405][ T5843] usb 3-1: ucan: probing device on interface #0 [ 183.811297][ T5843] usb 3-1: ucan: invalid EP count (1) [ 183.827078][ T5843] usb 3-1: ucan: probe failed; try to update the device firmware [ 184.011803][ T5867] usb 3-1: USB disconnect, device number 5 [ 184.613970][ T6670] loop0: detected capacity change from 0 to 4096 [ 184.672853][ T6670] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 187.256478][ T8] libceph: connect (1)[c::]:6789 error -101 [ 187.281220][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 187.314429][ T6678] ceph: No mds server is up or the cluster is laggy [ 187.322483][ T8] libceph: connect (1)[c::]:6789 error -101 [ 187.337556][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 192.581780][ T6729] xt_hashlimit: size too large, truncated to 1048576 [ 193.491105][ T6732] syz.1.216 uses obsolete (PF_INET,SOCK_PACKET) [ 194.472187][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.478960][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.900763][ T6761] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 199.390795][ T6780] Bluetooth: MGMT ver 1.22 [ 199.442133][ T6782] netlink: 8 bytes leftover after parsing attributes in process `syz.0.233'. [ 200.176877][ T8] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 200.373777][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 200.892561][ T8] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=8e.0b [ 200.902311][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.910820][ T8] usb 1-1: Product: syz [ 200.915060][ T8] usb 1-1: Manufacturer: syz [ 200.921157][ T8] usb 1-1: SerialNumber: syz [ 200.944599][ T8] usb 1-1: config 0 descriptor?? [ 201.017928][ T28] audit: type=1326 audit(1770363868.650:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.2.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa4d79aeb9 code=0x7ffc0000 [ 201.055351][ T28] audit: type=1326 audit(1770363868.650:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.2.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa4d79aeb9 code=0x7ffc0000 [ 201.078530][ T28] audit: type=1326 audit(1770363868.650:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.2.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa4d79aeb9 code=0x7ffc0000 [ 201.113872][ T28] audit: type=1326 audit(1770363868.650:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.2.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7ffa4d79aeb9 code=0x7ffc0000 [ 201.221473][ T28] audit: type=1326 audit(1770363868.650:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.2.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa4d79aeb9 code=0x7ffc0000 [ 201.245645][ T28] audit: type=1326 audit(1770363868.650:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.2.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa4d79aeb9 code=0x7ffc0000 [ 201.289985][ T28] audit: type=1326 audit(1770363868.650:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.2.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa4d79aeb9 code=0x7ffc0000 [ 201.336511][ T28] audit: type=1326 audit(1770363868.660:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.2.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa4d79aeb9 code=0x7ffc0000 [ 201.447312][ T28] audit: type=1326 audit(1770363868.650:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.2.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa4d79aeb9 code=0x7ffc0000 [ 201.497200][ T28] audit: type=1326 audit(1770363868.660:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.2.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7ffa4d79aeb9 code=0x7ffc0000 [ 202.701704][ T6813] ubi31: attaching mtd0 [ 202.710462][ T6813] ubi31: scanning is finished [ 202.715255][ T6813] ubi31: empty MTD device detected [ 202.771234][ T6813] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 202.779311][ T6813] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 202.786663][ T6813] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 202.794148][ T6813] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 202.801767][ T6813] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 202.808757][ T6813] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 202.817012][ T6813] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2558959828 [ 202.827213][ T6813] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 202.853674][ T6814] ubi31: background thread "ubi_bgt31d" started, PID 6814 [ 203.591513][ T6823] loop2: detected capacity change from 0 to 21 [ 203.601634][ T6823] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 204.981077][ T8] usb 1-1: USB disconnect, device number 6 [ 205.611828][ T6829] udevd[6829]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 207.020078][ T6864] loop3: detected capacity change from 0 to 21 [ 207.027459][ T6864] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 207.774902][ T6866] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled [ 207.819669][ T5774] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 208.196864][ T967] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 208.424836][ T6880] input: syz1 as /devices/virtual/input/input6 [ 208.470533][ T967] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 208.505070][ T967] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=8e.0b [ 208.517006][ T967] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.536360][ T967] usb 1-1: Product: syz [ 208.544763][ T967] usb 1-1: Manufacturer: syz [ 208.568012][ T967] usb 1-1: SerialNumber: syz [ 208.587514][ T967] usb 1-1: config 0 descriptor?? [ 211.241893][ T967] usb 1-1: USB disconnect, device number 7 [ 211.715690][ T6899] loop3: detected capacity change from 0 to 21 [ 211.723127][ T6899] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 212.308588][ T6829] udevd[6829]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 212.792225][ T5786] Bluetooth: hci2: command 0x0406 tx timeout [ 212.798458][ T5773] Bluetooth: hci0: command 0x0406 tx timeout [ 212.801317][ T5780] Bluetooth: hci1: command 0x0406 tx timeout [ 213.455995][ T6914] netlink: 28 bytes leftover after parsing attributes in process `syz.0.276'. [ 213.476908][ T6914] netlink: 28 bytes leftover after parsing attributes in process `syz.0.276'. [ 215.656880][ T967] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 215.894607][ T967] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 215.939498][ T967] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=8e.0b [ 216.081398][ T6935] loop1: detected capacity change from 0 to 21 [ 216.088762][ T6935] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 216.333654][ T967] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.438656][ T967] usb 1-1: Product: syz [ 216.477206][ T967] usb 1-1: Manufacturer: syz [ 216.482136][ T967] usb 1-1: SerialNumber: syz [ 216.765542][ T967] usb 1-1: config 0 descriptor?? [ 216.777090][ T6902] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 217.248475][ T6939] netlink: 12 bytes leftover after parsing attributes in process `syz.1.284'. [ 217.393542][ T6942] bridge1: port 1(veth0_to_bond) entered blocking state [ 217.447029][ T6942] bridge1: port 1(veth0_to_bond) entered disabled state [ 217.454378][ T6942] veth0_to_bond: entered allmulticast mode [ 217.510609][ T6942] veth0_to_bond: entered promiscuous mode [ 220.155705][ T967] usb 1-1: USB disconnect, device number 8 [ 220.271524][ T5778] udevd[5778]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 220.526876][ T8] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 220.727155][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 220.774488][ T8] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 220.851952][ T8] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 221.195029][ T8] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 221.335739][ T8] usb 4-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 221.500625][ T8] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 221.543537][ T8] usb 4-1: config 168 interface 0 has no altsetting 0 [ 221.568251][ T8] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 221.585971][ T8] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 221.612157][ T8] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 221.623960][ T8] usb 4-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 221.640162][ T8] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 221.821601][ T8] usb 4-1: config 168 interface 0 has no altsetting 0 [ 221.836935][ T8] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 221.844434][ T8] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 222.015167][ T6964] loop0: detected capacity change from 0 to 21 [ 222.022526][ T6964] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 222.708101][ T8] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 222.728671][ T8] usb 4-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 222.753979][ T6902] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 222.766501][ T8] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 222.794348][ T8] usb 4-1: config 168 interface 0 has no altsetting 0 [ 222.812630][ T8] usb 4-1: string descriptor 0 read error: -22 [ 222.820267][ T8] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 222.835818][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.989093][ T8] adutux 4-1:168.0: interrupt endpoints not found [ 224.705551][ T8] usb 4-1: USB disconnect, device number 4 [ 226.512286][ T8] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 226.691016][ T6993] loop0: detected capacity change from 0 to 21 [ 226.702513][ T6993] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 227.467050][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 227.711879][ T5867] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 228.503452][ T5867] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 228.539355][ T5867] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 228.551209][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.575640][ T5867] usb 2-1: config 0 descriptor?? [ 228.593821][ T5867] hdpvr 2-1:0.0: Could not find bulk-in endpoint [ 228.607374][ T5867] hdpvr: probe of 2-1:0.0 failed with error -12 [ 228.796944][ T5843] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 228.833464][ T5867] usb 2-1: USB disconnect, device number 3 [ 228.857148][ T7014] kernel read not supported for file /¡sxt (pid: 7014 comm: syz.3.310) [ 228.868634][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 228.868648][ T28] audit: type=1800 audit(1770363896.501:33): pid=7014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.310" name=A17378741A dev="mqueue" ino=9937 res=0 errno=0 [ 228.997061][ T5843] usb 1-1: Using ep0 maxpacket: 8 [ 229.012242][ T5843] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 229.022004][ T5843] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.030493][ T5843] usb 1-1: Product: syz [ 229.034995][ T5843] usb 1-1: Manufacturer: syz [ 229.039791][ T5843] usb 1-1: SerialNumber: syz [ 229.051832][ T5843] usb 1-1: config 0 descriptor?? [ 229.276590][ T5843] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 229.735442][ T8] usb 3-1: unable to get BOS descriptor or descriptor too short [ 229.757934][ T8] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 229.765647][ T8] usb 3-1: can't read configurations, error -71 [ 230.338079][ T5843] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -71 [ 230.495636][ T5843] usb 1-1: USB disconnect, device number 9 [ 234.487059][ T8] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 234.699748][ T8] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 234.731049][ T8] usb 4-1: config 0 interface 0 has no altsetting 0 [ 234.780065][ T8] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 234.804355][ T8] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 234.826874][ T8] usb 4-1: Product: syz [ 234.848157][ T8] usb 4-1: Manufacturer: syz [ 234.861068][ T8] usb 4-1: SerialNumber: syz [ 234.891263][ T8] usb 4-1: config 0 descriptor?? [ 234.926414][ T8] usb 4-1: selecting invalid altsetting 0 [ 235.124012][ T7068] [ 235.126403][ T7068] ============================================ [ 235.132575][ T7068] WARNING: possible recursive locking detected [ 235.138750][ T7068] syzkaller #0 Not tainted [ 235.143171][ T7068] -------------------------------------------- [ 235.149425][ T7068] syz.3.327/7068 is trying to acquire lock: [ 235.155327][ T7068] ffff8880252feb30 (&chip->mutex){+.+.}-{3:3}, at: snd_usb_endpoint_close+0x3c/0x4c0 [ 235.164826][ T7068] [ 235.164826][ T7068] but task is already holding lock: [ 235.172203][ T7068] ffff8880252feb30 (&chip->mutex){+.+.}-{3:3}, at: snd_usb_endpoint_set_params+0x6d/0x2b40 [ 235.182231][ T7068] [ 235.182231][ T7068] other info that might help us debug this: [ 235.190293][ T7068] Possible unsafe locking scenario: [ 235.190293][ T7068] [ 235.197745][ T7068] CPU0 [ 235.201112][ T7068] ---- [ 235.204393][ T7068] lock(&chip->mutex); [ 235.208571][ T7068] lock(&chip->mutex); [ 235.212747][ T7068] [ 235.212747][ T7068] *** DEADLOCK *** [ 235.212747][ T7068] [ 235.220890][ T7068] May be due to missing lock nesting notation [ 235.220890][ T7068] [ 235.229215][ T7068] 3 locks held by syz.3.327/7068: [ 235.234250][ T7068] #0: ffff88805e5344e0 (&runtime->oss.params_lock){+.+.}-{3:3}, at: snd_pcm_oss_sync+0x2a7/0xc20 [ 235.244897][ T7068] #1: ffff88805e534238 (&runtime->buffer_mutex){+.+.}-{3:3}, at: snd_pcm_hw_params+0x163/0x1ce0 [ 235.255470][ T7068] #2: ffff8880252feb30 (&chip->mutex){+.+.}-{3:3}, at: snd_usb_endpoint_set_params+0x6d/0x2b40 [ 235.266066][ T7068] [ 235.266066][ T7068] stack backtrace: [ 235.271979][ T7068] CPU: 0 PID: 7068 Comm: syz.3.327 Not tainted syzkaller #0 [ 235.279280][ T7068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 235.289376][ T7068] Call Trace: [ 235.292674][ T7068] [ 235.295617][ T7068] dump_stack_lvl+0x18c/0x250 [ 235.300316][ T7068] ? show_regs_print_info+0x20/0x20 [ 235.305559][ T7068] ? print_deadlock_bug+0x435/0x5d0 [ 235.310881][ T7068] __lock_acquire+0x5dbc/0x7d40 [ 235.315769][ T7068] ? verify_lock_unused+0x140/0x140 [ 235.321125][ T7068] lock_acquire+0x19e/0x420 [ 235.325669][ T7068] ? snd_usb_endpoint_close+0x3c/0x4c0 [ 235.331422][ T7068] ? trace_contention_end+0x39/0xe0 [ 235.336634][ T7068] ? __might_sleep+0xe0/0xe0 [ 235.341239][ T7068] ? read_lock_is_recursive+0x20/0x20 [ 235.346624][ T7068] ? wait_clear_urbs+0x184/0x390 [ 235.351586][ T7068] ? snd_usb_endpoint_sync_pending_stop+0x30/0x30 [ 235.358043][ T7068] __mutex_lock+0x136/0xcc0 [ 235.362597][ T7068] ? snd_usb_endpoint_close+0x3c/0x4c0 [ 235.368084][ T7068] ? usb_free_coherent+0x5d/0x90 [ 235.373088][ T7068] ? release_urbs+0x3fe/0x4a0 [ 235.377806][ T7068] ? snd_usb_endpoint_close+0x3c/0x4c0 [ 235.383319][ T7068] ? mutex_lock_nested+0x20/0x20 [ 235.388318][ T7068] ? snd_usb_endpoint_set_params+0x407/0x2b40 [ 235.394425][ T7068] snd_usb_endpoint_close+0x3c/0x4c0 [ 235.399749][ T7068] snd_usb_hw_params+0x1356/0x19d0 [ 235.404884][ T7068] ? snd_dma_alloc_dir_pages+0x15c/0x230 [ 235.410742][ T7068] ? snd_usb_pcm_close+0x300/0x300 [ 235.415868][ T7068] ? snd_pcm_lib_malloc_pages+0x350/0x750 [ 235.421600][ T7068] ? fixup_unreferenced_params+0x767/0xb00 [ 235.427440][ T7068] snd_pcm_hw_params+0x8a6/0x1ce0 [ 235.432508][ T7068] ? snd_pcm_hw_param_first+0x676/0xb40 [ 235.438069][ T7068] ? snd_pcm_forward+0x6d0/0x6d0 [ 235.443051][ T7068] ? snd_pcm_hw_param_near+0x3d0/0x450 [ 235.448616][ T7068] snd_pcm_oss_change_params_locked+0x2042/0x3cf0 [ 235.455148][ T7068] ? snd_pcm_oss_read2+0x3d0/0x3d0 [ 235.460296][ T7068] ? ima_file_free+0x16b/0x4b0 [ 235.465076][ T7068] ? mutex_lock_nested+0x20/0x20 [ 235.470048][ T7068] ? __fsnotify_parent+0x6d8/0x7c0 [ 235.475177][ T7068] snd_pcm_oss_sync+0x363/0xc20 [ 235.480048][ T7068] snd_pcm_oss_release+0x102/0x240 [ 235.485176][ T7068] ? snd_pcm_oss_open+0x1bd0/0x1bd0 [ 235.490384][ T7068] __fput+0x234/0x970 [ 235.494400][ T7068] task_work_run+0x1d4/0x260 [ 235.499003][ T7068] ? task_work_cancel+0x220/0x220 [ 235.504046][ T7068] ? exit_to_user_mode_loop+0x3b/0x110 [ 235.509609][ T7068] exit_to_user_mode_loop+0xe6/0x110 [ 235.514907][ T7068] exit_to_user_mode_prepare+0xee/0x180 [ 235.520468][ T7068] syscall_exit_to_user_mode+0x1a/0x50 [ 235.525961][ T7068] do_syscall_64+0x61/0xa0 [ 235.530393][ T7068] ? clear_bhb_loop+0x40/0x90 [ 235.535098][ T7068] ? clear_bhb_loop+0x40/0x90 [ 235.539967][ T7068] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 235.545867][ T7068] RIP: 0033:0x7f752c99aeb9 [ 235.550293][ T7068] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 235.569904][ T7068] RSP: 002b:00007ffc22d9ad98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 235.578327][ T7068] RAX: 0000000000000000 RBX: 00007ffc22d9ae80 RCX: 00007f752c99aeb9 [ 235.586304][ T7068] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 235.594544][ T7068] RBP: 00000000000392bb R08: 0000000000000001 R09: 0000000000000000 [ 235.602519][ T7068] R10: 0000001b2ca20000 R11: 0000000000000246 R12: 00007ffc22d9aec0 [ 235.610506][ T7068] R13: 00007f752cc15fac R14: 0000000000039674 R15: 00007f752cc15fa0 [ 235.618504][ T7068] [ 235.676444][ T967] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 235.890459][ T967] usb 2-1: Using ep0 maxpacket: 16 [ 235.899992][ T967] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 235.909394][ T967] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.917483][ T967] usb 2-1: Product: syz [ 235.921688][ T967] usb 2-1: Manufacturer: syz [ 235.926307][ T967] usb 2-1: SerialNumber: syz [ 235.932417][ T967] r8152-cfgselector 2-1: config 0 descriptor?? [ 236.345887][ T967] r8152-cfgselector 2-1: Unknown version 0x0000 [ 236.354458][ T967] r8152-cfgselector 2-1: USB disconnect, device number 4