last executing test programs: 4m59.252096914s ago: executing program 1 (id=258): socket(0x10, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x123481, 0x127) write$binfmt_script(r0, &(0x7f00000006c0)={'#! ', './file0'}, 0xb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0xd06d000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f00000001c0)={0x4001, 0x5}, 0x8) syz_init_net_socket$rose(0xb, 0x5, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x6a) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x20, 0x10, 0x40d, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2a500}}, 0x20}}, 0x0) write$binfmt_elf32(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69) close(r2) inotify_init1(0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={0x0}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000073000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000500)='svc_unregister\x00', r0, 0x0, 0x1}, 0x18) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 4m56.800065837s ago: executing program 1 (id=266): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newlink={0x48, 0x10, 0x401, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x38091}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast1}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x24048c00}, 0x10) 4m56.268531876s ago: executing program 1 (id=267): syz_mount_image$ext4(&(0x7f0000000680)='ext2\x00', &(0x7f0000000040)='./file2\x00', 0x10000, &(0x7f00000000c0)={[{@jqfmt_vfsv1}]}, 0x1, 0x559, &(0x7f0000000100)="$eJzs3U9vI2cZAPBnHDu76QYSoIeC1D+ilbIV1N50aRtxaIuEuFUClfsSZb1RtE68ip2yiVaw+wFQJYSg4tYTFyQ+ABLqjStCqgQXThwQqMAuHCoEHTTjyQZnx43Tje3F/v2kN/N/nue1PePxzJuZAGbWMxHxekTMRcTzEbFUjK8UJW73Sjbfvbu3NrKSRJq++bckkmJcNltSlMyFYrHzvU6pzv7B9fVWq7lbDDe62zcanf2DF7a21zebm82dy5dXX157Ze2ltUslS1eHqNmdvqGsXq9+/U8/fvtn33j1V1/+7h+v/OXi97J8F4vph/UodXGIcAP0XpNa9lrcl2W/+8lX+UiZK+pTO3HOhbHkAwDAx8uO8T8bEV/Mj/+XYm6oY+ueZKSZAQAAAGclfW0x/p1EpAAAAMDUquRtYJNKvWgLsBiVSr3ea8P7eDxWabU73S9da+/tXO21lV2OWuXaVqt5ab7XpnY5akk2vJr3Hw2/eH846WsD/KOlhXx6faPdujq50x4AAAAwUy4c+/3/z6Xe7/+PcSdN03RsCQIAAABnY3nSCQAAAAAj9+Dv/3cnkgcAAAAwOq7/AwAAwFT75htvZCW9d/fWxlxEXH1rf+96+61fR7Nzvb69t1HfaO/eqG+225ut9FzE9knra7XbN74SO3s3G91mp9vo7B9c2W7v7XSvbPU9AhsAAAAYo888/d7vk4i4/dWFvGTmsz9zAxbotRWojC9DYFSG35Bt8jBtBn3NP6g60jyA8bNVw+yq9TrJyXP+yz3/YUqdtAMY2HjnNw8V1oNEAABgjFY+X379v3p0bgCYUq7qw+wqvf5vpwAzwfV/mF21U7QABKbPwhDznO9vAnDUXGDo6/+Hl/rn3QgEAAAmZDEvSaVenPZfjMqHaU8sRy25ttVqXoqIT0fE75Zq57Lh1XzJZJh/GgAAAAAAAAAAAAAAAAAAAAAAAAAA8rtyJ5ECAAAAUy2i8uekeKDXytJzi8fPD8wnHy7l3fzpAG/+5OZ6t7u7mo3/ezE+ovtOMf7F05x58JBhAAAAGJX8d/oPiu7qpLMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNrcu3tr47CMM+4HX4uI5bL41Tifd89HLSIe+0cS1cOFno5IImLuDOLfvhMRT5TFT7K0YrnIoi9+RFQiYiHPYuTxn0zTtDT+hYeODrPtvWz/83rZ9leJZ/Ju+fZfLcrDGrz/q9zf/82VxM/2PJ8aMsYX3v9Fo3zKud70avn+5zB+MiD+s2WrLHlRvvPtg4NBuaXvRqyUfv8kfbEa3e0bjc7+wQtb2+ubzc3mzuXLqy+vvbL20tqlxrWtVrP4Wxrjh0/+8qNB8fPvlgHxl/vrv368/s8druAE/3n/5t3PHYX731XEB3ciLj4bH6Xpg+//E/3x+17aufh+MVdvRSsRb/+1mLZyLP5TP//tU4Nyy+JfHVD/k97/iydXPff8t+73pkMuAgCMUGf/4Pp6q9XcPX3PwumWeidN008c65Q92RHzgEl/+Gmv4mcQKzs+OoOcHx+U6qPc89ppZk7PlX3YzuIt+P/sqT78x6Yy+BN+Rj0T3S0BAAAjcHTQP+lMAAAAAAAAAAAAAAAAAAAAYHaN44Znx2Pe7nXmJ1BdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICB/hsAAP//Nj3bgA==") recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000103, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10138, 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) r4 = socket$key(0xf, 0x3, 0x2) r5 = openat$mice(0xffffffffffffff9c, &(0x7f00000006c0), 0x88000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000700)={@remote, 0x40, 0x2, 0xff, 0x6, 0x0, 0x3}, 0x20) sendmsg$key(r4, &(0x7f0000000740)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000"], 0x50}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x8001, 0x0, 0x1}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r3, 0x0, 0x0) r6 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r6, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x0, 0x0) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x121a02, 0x0) sendfile(r8, r7, &(0x7f0000002700)=0x23, 0x1c) socket$nl_route(0x10, 0x3, 0x0) 4m52.145693883s ago: executing program 1 (id=274): openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 4m51.688017712s ago: executing program 1 (id=279): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r4 = semget(0x3, 0x2, 0x39c) semop(r4, &(0x7f00000001c0), 0x0) syz_open_dev$dri(0x0, 0xabd7, 0x0) syz_emit_vhci(&(0x7f00000001c0)=ANY=[], 0xf) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x8, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x200000c0, 0xffffffff, 0xfffffff8}, 0x10) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) sendto$packet(r5, 0x0, 0x0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) 4m51.231103081s ago: executing program 1 (id=281): syz_emit_vhci(&(0x7f0000000600)=ANY=[@ANYBLOB="042f07c9"], 0x8) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1, 0x0, 0x6, 0x3}, [@tmpl={0x44, 0x5, [{{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x3c}, 0x2, @in6=@loopback, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0) r2 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r2, 0x0, 0x41) 4m49.999192558s ago: executing program 32 (id=281): syz_emit_vhci(&(0x7f0000000600)=ANY=[@ANYBLOB="042f07c9"], 0x8) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1, 0x0, 0x6, 0x3}, [@tmpl={0x44, 0x5, [{{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x3c}, 0x2, @in6=@loopback, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0) r2 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r2, 0x0, 0x41) 3m16.204091078s ago: executing program 4 (id=526): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500"/136], 0xfc}}, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0xfdff) 3m14.993345593s ago: executing program 4 (id=529): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r0, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x81, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x9, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 3m13.964087745s ago: executing program 4 (id=533): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0) ioctl$CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000002440)={0x0, 0x0, 0x0, @raw}) 3m13.721595776s ago: executing program 4 (id=534): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8f101a, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) 3m13.568947865s ago: executing program 4 (id=535): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f9d000000000000000017000000080003"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) 3m13.14597857s ago: executing program 4 (id=538): socket$alg(0x26, 0x5, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000240)={0x4}) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 3m11.869211963s ago: executing program 33 (id=538): socket$alg(0x26, 0x5, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000240)={0x4}) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 9.249967876s ago: executing program 3 (id=944): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_SB_GET(r0, 0x0, 0x40008001) preadv(0xffffffffffffffff, &(0x7f0000000380)=[{0x0}], 0x1, 0x8f, 0x1) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) 8.582397171s ago: executing program 3 (id=945): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000070961c40e90f55dbfb690102c9030902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_open_dev$usbfs(0x0, 0xf, 0x8041) 8.176004163s ago: executing program 0 (id=948): connect$unix(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) 8.016089753s ago: executing program 0 (id=950): r0 = socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d", 0x17}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026", 0x39}], 0x2, &(0x7f0000000380)}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 7.049309197s ago: executing program 0 (id=952): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() r2 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r4, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000}, 0x5}], 0x1, 0x0) 5.78126422s ago: executing program 0 (id=953): r0 = open(&(0x7f0000000400)='./file0\x00', 0x18c0, 0x44) getsockopt$inet_buf(r0, 0x0, 0x9, 0x0, 0x0) 5.500139736s ago: executing program 3 (id=955): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c) listen(r0, 0x3) syz_emit_ethernet(0x4e, &(0x7f00000002c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x18, 0x6, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x4000, {[@mss={0x2, 0x4}]}}}}}}}}, 0x0) 5.434071444s ago: executing program 3 (id=956): socket$alg(0x26, 0x5, 0x0) r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x801, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)=0x74000000) write$dsp(r0, &(0x7f0000002000)='`', 0x88020) 5.122876264s ago: executing program 2 (id=959): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0xfffffffffffffc7d, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x10) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4112, 0x0, 0x0) 4.8435695s ago: executing program 0 (id=960): r0 = socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d", 0x17}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026", 0x39}], 0x2, &(0x7f0000000380)}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 3.896069431s ago: executing program 2 (id=962): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) read$alg(r1, &(0x7f0000000340)=""/190, 0xbe) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, 0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000000}, 0x8000) timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0) recvfrom$inet_nvme(r1, 0x0, 0x0, 0x40002103, 0x0, 0x0) 3.301465718s ago: executing program 0 (id=964): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x8, {0x8, 0x0, "392cdaab4a73"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x20, 0x1, 0x3, "c282fe"}, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0}) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000200)={0x0, 0xab, 0x8, &(0x7f0000000180)={0x2a, "247f23e017bb486c5c4b7165a6d6af0b920bf04121f0339400"}}) 2.631972533s ago: executing program 5 (id=965): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socket$isdn(0x22, 0x2, 0x10) socket$isdn(0x22, 0x2, 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$unix(0x1, 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) syz_io_uring_setup(0x218d, &(0x7f0000000140)={0x0, 0xfffffffc, 0x10, 0x3, 0x3d3}, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x10, 0x2}) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r4], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r5, &(0x7f0000000000), 0xd) 2.403949582s ago: executing program 5 (id=966): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x8c66) r3 = eventfd(0xd82) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000140)={0xfffffffffffffc04, 0x7000, 0x1, r3}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000240)={0x27800000000, 0x0, 0x1, r2, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x27800000000, 0x0, 0x1, r2, 0x5}) 2.397294403s ago: executing program 2 (id=967): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000f000000850000007500000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2000001, 0x40010, r0, 0x98c6e000) 2.256063171s ago: executing program 2 (id=968): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000680)='sys_exit\x00', r0, 0x0, 0x5}, 0x18) uname(&(0x7f0000000000)=""/225) 2.234136124s ago: executing program 3 (id=969): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000580), r2) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000005c0)={0x4c, r3, 0x839, 0x70bd2d, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8080}, 0x4000000) 2.135796377s ago: executing program 5 (id=970): syz_emit_ethernet(0x3e, &(0x7f0000000300)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x2, 0x0, 0x30, 0x65, 0x0, 0x81, 0x1, 0x0, @private=0xa010101, @remote}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x1, 0x0, 0x3, 0x65, 0x75, 0x11, 0x88, 0xe, @broadcast, @multicast1}}}}}}, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0xfffffffd, 0x0, 0x0, 'queue0\x00'}) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000080)="268292", 0xff95}], 0x1) 2.048065038s ago: executing program 2 (id=971): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() r2 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r4, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000}, 0x5}], 0x1, 0x0) 2.047908958s ago: executing program 5 (id=972): r0 = socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d", 0x17}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026", 0x39}], 0x2, &(0x7f0000000380)}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 224.211971ms ago: executing program 2 (id=973): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) umount2(&(0x7f0000000040)='./file0\x00', 0xb) 203.980274ms ago: executing program 5 (id=974): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da", 0x33}], 0x3}], 0x1, 0x40800) recvmmsg$unix(r1, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000000c00)=""/4096, 0x34000}], 0x1}}], 0x1, 0x40004041, 0x0) 183.167847ms ago: executing program 3 (id=975): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) read$alg(r1, &(0x7f0000000340)=""/190, 0xbe) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000000}, 0x8000) timer_settime(r2, 0x1, &(0x7f0000000040), 0x0) recvfrom$inet_nvme(r1, 0x0, 0x0, 0x40002103, 0x0, 0x0) 0s ago: executing program 5 (id=976): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='mm_page_free_batched\x00', r0, 0x0, 0x3ca}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.507486][ T5777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.521292][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.528661][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.555070][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.574539][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.581919][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.609408][ T5766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.631928][ T5775] team0: Port device team_slave_0 added [ 89.639363][ T5084] Bluetooth: hci1: command tx timeout [ 89.648359][ T5777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.658545][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.665546][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.691923][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.718627][ T5084] Bluetooth: hci0: command tx timeout [ 89.729676][ T5775] team0: Port device team_slave_1 added [ 89.798279][ T5084] Bluetooth: hci2: command tx timeout [ 89.819505][ T5766] hsr_slave_0: entered promiscuous mode [ 89.826241][ T5766] hsr_slave_1: entered promiscuous mode [ 89.840409][ T5777] team0: Port device team_slave_0 added [ 89.847379][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.855229][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.884725][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.897737][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.904965][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.931455][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.945903][ T5777] team0: Port device team_slave_1 added [ 89.958344][ T5084] Bluetooth: hci3: command tx timeout [ 90.047516][ T5770] hsr_slave_0: entered promiscuous mode [ 90.057631][ T5770] hsr_slave_1: entered promiscuous mode [ 90.065014][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.073098][ T5770] Cannot create hsr debugfs directory [ 90.096304][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.103951][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.130763][ T5777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.185988][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.193822][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.224668][ T5777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.275877][ T5775] hsr_slave_0: entered promiscuous mode [ 90.283059][ T5775] hsr_slave_1: entered promiscuous mode [ 90.289670][ T5775] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.297293][ T5775] Cannot create hsr debugfs directory [ 90.460600][ T5777] hsr_slave_0: entered promiscuous mode [ 90.467397][ T5777] hsr_slave_1: entered promiscuous mode [ 90.475149][ T5777] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.483242][ T5777] Cannot create hsr debugfs directory [ 90.789264][ T5770] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 90.827151][ T5770] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 90.849020][ T5770] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 90.862261][ T5770] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.929211][ T5766] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 90.944385][ T5766] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.956112][ T5766] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.973555][ T5766] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.055063][ T5775] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.077332][ T5775] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.088738][ T5775] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.112296][ T5775] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.257451][ T5777] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.270880][ T5777] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.303265][ T5777] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.324641][ T5777] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.412582][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.473259][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.486297][ T5766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.517630][ T2954] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.525166][ T2954] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.562820][ T2954] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.570073][ T2954] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.596744][ T5766] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.613197][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.647124][ T2934] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.654504][ T2934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.707705][ T2954] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.715040][ T2954] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.727350][ T5084] Bluetooth: hci1: command tx timeout [ 91.745532][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.792029][ T2954] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.799386][ T2954] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.807068][ T5084] Bluetooth: hci0: command tx timeout [ 91.820250][ T2954] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.827419][ T2954] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.843707][ T5777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.878608][ T5084] Bluetooth: hci2: command tx timeout [ 91.916339][ T5777] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.953977][ T2966] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.961295][ T2966] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.038873][ T5084] Bluetooth: hci3: command tx timeout [ 92.055491][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.062758][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.371299][ T27] cfg80211: failed to load regulatory.db [ 92.494244][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.625245][ T5770] veth0_vlan: entered promiscuous mode [ 92.634871][ T5766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.651961][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.696366][ T5770] veth1_vlan: entered promiscuous mode [ 92.801847][ T5775] veth0_vlan: entered promiscuous mode [ 92.821824][ T5770] veth0_macvtap: entered promiscuous mode [ 92.840060][ T5770] veth1_macvtap: entered promiscuous mode [ 92.856848][ T5775] veth1_vlan: entered promiscuous mode [ 92.883633][ T5777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.940020][ T5766] veth0_vlan: entered promiscuous mode [ 92.960757][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.975314][ T5775] veth0_macvtap: entered promiscuous mode [ 92.987452][ T5775] veth1_macvtap: entered promiscuous mode [ 93.004843][ T5766] veth1_vlan: entered promiscuous mode [ 93.016530][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.029608][ T5770] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.039474][ T5770] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.048920][ T5770] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.057691][ T5770] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.144498][ T5766] veth0_macvtap: entered promiscuous mode [ 93.172077][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.189275][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.202099][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.215595][ T5766] veth1_macvtap: entered promiscuous mode [ 93.237178][ T5777] veth0_vlan: entered promiscuous mode [ 93.263262][ T5777] veth1_vlan: entered promiscuous mode [ 93.280095][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.291839][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.304429][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.325968][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.341199][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.351401][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.362158][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.373936][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.392663][ T5775] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.402550][ T5775] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.413345][ T5775] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.423458][ T5775] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.468701][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.480883][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.491080][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.501977][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.513462][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.526673][ T5766] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.536652][ T5766] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.545886][ T5766] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.555775][ T5766] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.581244][ T2934] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.599972][ T2934] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.707433][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.724210][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.749435][ T5777] veth0_macvtap: entered promiscuous mode [ 93.783032][ T5777] veth1_macvtap: entered promiscuous mode [ 93.799336][ T5084] Bluetooth: hci1: command tx timeout [ 93.844452][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.865457][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.877423][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.886054][ T5084] Bluetooth: hci0: command tx timeout [ 93.892288][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.904610][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.915813][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.926342][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.937137][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.949625][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.958721][ T5084] Bluetooth: hci2: command tx timeout [ 93.984001][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.995493][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.013665][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.027304][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.045175][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.055960][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.072360][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.088754][ T5777] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.097634][ T5777] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.107836][ T5777] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.117309][ T5777] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.127092][ T5084] Bluetooth: hci3: command tx timeout [ 94.231544][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.248184][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.334917][ T5856] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 94.381089][ T2954] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.400435][ T2954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.422625][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.458434][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.627369][ T2954] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.671136][ T2954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.707370][ T2934] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.748984][ T2934] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.147715][ T5836] libceph: connect (1)[c::]:6789 error -101 [ 95.155375][ T5836] libceph: mon0 (1)[c::]:6789 connect error [ 95.272416][ T5856] ceph: No mds server is up or the cluster is laggy [ 95.358238][ T5867] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 95.498513][ T27] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 95.526426][ T5872] syz.2.5[5872]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 95.718449][ T27] usb 1-1: Using ep0 maxpacket: 32 [ 95.725006][ T5875] loop3: detected capacity change from 0 to 512 [ 95.765889][ T27] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 95.801467][ T27] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 95.825870][ T27] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 95.829515][ T5875] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 95.852361][ T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 95.881707][ T5084] Bluetooth: hci1: command tx timeout [ 95.885421][ T27] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 95.918704][ T27] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 95.932634][ T27] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 95.942115][ T5875] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.7: iget: bogus i_mode (5) [ 95.955114][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.969574][ T27] usb 1-1: config 0 descriptor?? [ 95.976027][ T5084] Bluetooth: hci0: command tx timeout [ 95.998623][ T5875] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.7: couldn't read orphan inode 15 (err -117) [ 96.048329][ T5084] Bluetooth: hci2: command tx timeout [ 96.070682][ T5875] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.093913][ T5875] ext2 filesystem being mounted at /2/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.094042][ T5084] Bluetooth: hci3: Malformed Event: 0x2f [ 96.168633][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 96.178568][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 96.202864][ T5084] Bluetooth: hci3: command tx timeout [ 96.525468][ T27] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 97.643232][ T27] usb 1-1: USB disconnect, device number 2 [ 97.656675][ T27] usblp0: removed [ 97.679742][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.931397][ T5872] loop2: detected capacity change from 0 to 40427 [ 98.017080][ T5872] F2FS-fs (loop2): heap/no_heap options were deprecated [ 98.055457][ T5872] F2FS-fs (loop2): Image doesn't support compression [ 98.286666][ T5872] F2FS-fs (loop2): heap/no_heap options were deprecated [ 98.356131][ T5872] F2FS-fs (loop2): invalid crc value [ 98.515126][ T5872] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-4) [ 99.023734][ T5896] netlink: 44 bytes leftover after parsing attributes in process `syz.1.12'. [ 99.168492][ T5900] ======================================================= [ 99.168492][ T5900] WARNING: The mand mount option has been deprecated and [ 99.168492][ T5900] and is ignored by this kernel. Remove the mand [ 99.168492][ T5900] option from the mount to silence this warning. [ 99.168492][ T5900] ======================================================= [ 99.498423][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.958683][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 100.178616][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.215444][ T5913] loop1: detected capacity change from 0 to 512 [ 100.314066][ T5913] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 100.543717][ T5913] EXT4-fs error (device loop1): ext4_orphan_get:1398: inode #15: comm syz.1.19: iget: bogus i_mode (5) [ 100.652893][ T5913] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.19: couldn't read orphan inode 15 (err -117) [ 100.706708][ T5913] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.767522][ T5913] ext2 filesystem being mounted at /6/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 101.041594][ T5898] loop0: detected capacity change from 0 to 32768 [ 101.122693][ T5898] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.13 (5898) [ 101.409814][ T5898] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 101.612982][ T5898] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 101.841067][ T5898] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 102.040006][ T5898] BTRFS info (device loop0): use zstd compression, level 3 [ 102.050780][ T5084] Bluetooth: hci1: Malformed Event: 0x2f [ 102.121143][ T5898] BTRFS info (device loop0): using free space tree [ 102.148161][ T5898] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 102.167498][ T5898] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 102.209757][ T5898] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 102.222357][ T5898] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 102.232983][ T5898] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 102.243444][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.276606][ T5898] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 102.302783][ T5898] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 102.335887][ T5898] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 102.346435][ T5898] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 102.357630][ T5898] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 102.370588][ T5898] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 102.404568][ T5898] BTRFS error (device loop0): open_ctree failed: -12 [ 104.024756][ T5938] loop1: detected capacity change from 0 to 40427 [ 104.060396][ T5938] F2FS-fs (loop1): heap/no_heap options were deprecated [ 104.086492][ T5938] F2FS-fs (loop1): Image doesn't support compression [ 104.113583][ T5938] F2FS-fs (loop1): heap/no_heap options were deprecated [ 104.144022][ T5938] F2FS-fs (loop1): invalid crc value [ 104.289328][ T5938] F2FS-fs (loop1): Found nat_bits in checkpoint [ 104.368427][ T5962] loop3: detected capacity change from 0 to 512 [ 104.467019][ T5962] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 104.541816][ T5962] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.30: iget: bogus i_mode (5) [ 104.656118][ T5962] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.30: couldn't read orphan inode 15 (err -117) [ 104.689568][ T5938] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 104.725242][ T5962] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.829380][ T5962] ext2 filesystem being mounted at /10/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.113911][ T5084] Bluetooth: hci0: Malformed Event: 0x2f [ 105.690155][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 105.699008][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 105.707248][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 105.792612][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 105.894998][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 106.352276][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.418979][ T5979] sp0: Synchronizing with TNC [ 106.621595][ T5777] syz-executor: attempt to access beyond end of device [ 106.621595][ T5777] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 106.686601][ T5777] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 108.656389][ T5990] loop2: detected capacity change from 0 to 32768 [ 109.096631][ T5990] XFS (loop2): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 109.286408][ T5990] XFS (loop2): Ending clean mount [ 109.347327][ T5990] XFS (loop2): Quotacheck needed: Please wait. [ 109.402592][ T5995] loop0: detected capacity change from 0 to 32768 [ 109.431655][ T6009] loop1: detected capacity change from 0 to 256 [ 109.446813][ T6009] FAT-fs (loop1): Unrecognized mount option "shortname=lower colepage=857" or missing value [ 109.462009][ T5995] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 109.491883][ T6016] loop3: detected capacity change from 0 to 512 [ 109.503071][ T6016] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 109.559224][ T5990] XFS (loop2): Quotacheck: Done. [ 109.573229][ T6016] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.42: iget: bogus i_mode (5) [ 109.583257][ T5995] XFS (loop0): Ending clean mount [ 109.644273][ T5995] XFS (loop0): Quotacheck needed: Please wait. [ 109.650923][ T6016] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.42: couldn't read orphan inode 15 (err -117) [ 109.756572][ T5775] XFS (loop2): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 109.806626][ T6016] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.822568][ T5995] XFS (loop0): Quotacheck: Done. [ 109.868542][ T6016] ext2 filesystem being mounted at /14/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.892168][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.075997][ T5084] Bluetooth: hci2: Malformed Event: 0x2f [ 112.437230][ T6027] loop1: detected capacity change from 0 to 40427 [ 112.470398][ T6027] F2FS-fs (loop1): heap/no_heap options were deprecated [ 112.487858][ T6027] F2FS-fs (loop1): Image doesn't support compression [ 112.507267][ T6027] F2FS-fs (loop1): heap/no_heap options were deprecated [ 112.525921][ T6027] F2FS-fs (loop1): invalid crc value [ 112.545147][ T6027] F2FS-fs (loop1): Found nat_bits in checkpoint [ 112.688345][ T6027] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 112.992039][ T5777] syz-executor: attempt to access beyond end of device [ 112.992039][ T5777] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 113.016819][ T5777] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 113.222521][ T6042] loop2: detected capacity change from 0 to 32768 [ 113.259999][ T6042] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz.2.49 (6042) [ 113.374531][ T5766] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 113.393891][ T6042] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 113.421744][ T6038] loop3: detected capacity change from 0 to 40427 [ 113.434411][ T6038] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 113.443055][ T6038] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 113.456898][ T6038] F2FS-fs (loop3): invalid crc value [ 113.478254][ T6042] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 113.487093][ T6042] BTRFS info (device loop2): force clearing of disk cache [ 113.496760][ T6042] BTRFS info (device loop2): using free space tree [ 113.888870][ T6042] BTRFS info (device loop2): enabling ssd optimizations [ 113.895915][ T6042] BTRFS info (device loop2): auto enabling async discard [ 113.909368][ T6038] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 113.926804][ T6038] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 113.974812][ T6042] BTRFS info (device loop2): rebuilding free space tree [ 114.008258][ T28] audit: type=1800 audit(1768572526.502:2): pid=6038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.47" name="file2" dev="loop3" ino=10 res=0 errno=0 [ 114.121634][ T28] audit: type=1800 audit(1768572526.622:3): pid=6071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.47" name="file1" dev="loop3" ino=14 res=0 errno=0 [ 114.167141][ T6071] syz.3.47: attempt to access beyond end of device [ 114.167141][ T6071] loop3: rw=34817, sector=82752, nr_sectors = 8 limit=40427 [ 114.334538][ T5770] syz-executor: attempt to access beyond end of device [ 114.334538][ T5770] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 114.398172][ T5770] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 114.449022][ T5770] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 115.349485][ T6081] loop0: detected capacity change from 0 to 512 [ 115.595747][ T6081] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 115.606659][ T6042] syz.2.49 (6042): drop_caches: 2 [ 115.853614][ T6081] EXT4-fs error (device loop0): ext4_orphan_get:1398: inode #15: comm syz.0.54: iget: bogus i_mode (5) [ 115.987700][ T6081] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.54: couldn't read orphan inode 15 (err -117) [ 116.024802][ T6081] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.089195][ T5775] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 116.100074][ T6081] ext2 filesystem being mounted at /12/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.392848][ T5084] Bluetooth: hci3: Malformed Event: 0x2f [ 118.373165][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.348862][ T6102] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 120.903795][ T6114] netlink: 16 bytes leftover after parsing attributes in process `syz.2.61'. [ 122.281135][ T6128] loop2: detected capacity change from 0 to 512 [ 122.404157][ T6128] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 122.470830][ T6128] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #15: comm syz.2.65: iget: bogus i_mode (5) [ 122.744615][ T6128] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.65: couldn't read orphan inode 15 (err -117) [ 122.883955][ T6128] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.897098][ T6128] ext2 filesystem being mounted at /14/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 123.558913][ T5084] Bluetooth: hci3: Malformed Event: 0x2f [ 123.875118][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.204357][ T6125] loop0: detected capacity change from 0 to 32768 [ 124.250964][ T6125] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz.0.63 (6125) [ 124.332060][ T6125] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 124.407833][ T6125] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 124.443745][ T6125] BTRFS info (device loop0): force clearing of disk cache [ 124.464684][ T6125] BTRFS info (device loop0): using free space tree [ 124.788560][ T6125] BTRFS info (device loop0): enabling ssd optimizations [ 124.795560][ T6125] BTRFS info (device loop0): auto enabling async discard [ 124.936616][ T6125] BTRFS info (device loop0): rebuilding free space tree [ 125.282717][ T5766] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 127.826961][ T6186] loop0: detected capacity change from 0 to 512 [ 127.964992][ T6186] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 128.035360][ T6186] EXT4-fs error (device loop0): ext4_orphan_get:1398: inode #15: comm syz.0.75: iget: bogus i_mode (5) [ 128.058680][ T6186] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.75: couldn't read orphan inode 15 (err -117) [ 128.286005][ T6186] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.323664][ T6186] ext2 filesystem being mounted at /16/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.538750][ T6172] loop2: detected capacity change from 0 to 40427 [ 128.606095][ T6172] F2FS-fs (loop2): heap/no_heap options were deprecated [ 128.628755][ T6172] F2FS-fs (loop2): Image doesn't support compression [ 128.660730][ T6172] F2FS-fs (loop2): heap/no_heap options were deprecated [ 128.852912][ T6172] F2FS-fs (loop2): invalid crc value [ 128.880454][ T6172] F2FS-fs (loop2): Found nat_bits in checkpoint [ 130.205967][ T6193] sched: RT throttling activated [ 130.775966][ T5084] Bluetooth: hci1: Malformed Event: 0x2f [ 130.842471][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.282126][ T6203] loop0: detected capacity change from 0 to 512 [ 131.372766][ T6203] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 131.427647][ T6203] EXT4-fs error (device loop0): ext4_orphan_get:1398: inode #15: comm syz.0.86: iget: bogus i_mode (5) [ 131.503821][ T6203] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.86: couldn't read orphan inode 15 (err -117) [ 131.563953][ T6203] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 131.578380][ T6203] ext2 filesystem being mounted at /17/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.250225][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.257125][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.332896][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.579951][ T5084] Bluetooth: hci3: Malformed Event: 0x2f [ 136.314145][ T6255] loop3: detected capacity change from 0 to 512 [ 136.369400][ T6255] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 136.572200][ T6255] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.93: iget: bogus i_mode (5) [ 137.015813][ T6255] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.93: couldn't read orphan inode 15 (err -117) [ 137.032434][ T6255] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 137.047297][ T6255] ext2 filesystem being mounted at /26/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.187025][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.213045][ T6268] loop2: detected capacity change from 0 to 512 [ 139.241434][ T6268] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 139.332986][ T6268] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #15: comm syz.2.103: iget: bogus i_mode (5) [ 139.388853][ T6268] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.103: couldn't read orphan inode 15 (err -117) [ 140.096855][ T6268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.369569][ T6268] ext2 filesystem being mounted at /23/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.743716][ T5084] Bluetooth: hci3: Malformed Event: 0x2f [ 141.436156][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.566954][ T5084] Bluetooth: hci1: Malformed Event: 0x2f [ 141.743702][ T6284] loop2: detected capacity change from 0 to 512 [ 141.788756][ T6284] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 141.880188][ T6284] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #15: comm syz.2.107: iget: bogus i_mode (5) [ 141.976093][ T6284] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.107: couldn't read orphan inode 15 (err -117) [ 142.020639][ T6284] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.033282][ T6284] ext2 filesystem being mounted at /24/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.405488][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.642443][ T6287] loop1: detected capacity change from 0 to 32768 [ 144.370589][ T6287] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz.1.98 (6287) [ 144.399464][ T6287] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 144.518586][ T6287] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 144.527455][ T6287] BTRFS info (device loop1): force clearing of disk cache [ 144.558490][ T6287] BTRFS info (device loop1): using free space tree [ 144.965817][ T6287] BTRFS error (device loop1): open_ctree failed: -4 [ 145.120561][ T5084] Bluetooth: hci0: Malformed Event: 0x2f [ 145.295395][ T6307] loop2: detected capacity change from 0 to 40427 [ 145.333544][ T6307] F2FS-fs (loop2): heap/no_heap options were deprecated [ 145.352669][ T6307] F2FS-fs (loop2): Image doesn't support compression [ 145.908643][ T6307] F2FS-fs (loop2): heap/no_heap options were deprecated [ 146.335749][ T6307] F2FS-fs (loop2): invalid crc value [ 146.394888][ T6307] F2FS-fs (loop2): Found nat_bits in checkpoint [ 146.681985][ T6307] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 146.718680][ T6344] loop3: detected capacity change from 0 to 512 [ 146.805871][ T6344] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 147.204559][ T6344] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.115: iget: bogus i_mode (5) [ 147.224857][ T5775] syz-executor: attempt to access beyond end of device [ 147.224857][ T5775] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 147.250977][ T5775] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 147.271773][ T6344] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.115: couldn't read orphan inode 15 (err -117) [ 147.298937][ T6344] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.312139][ T6344] ext2 filesystem being mounted at /35/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.322195][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.428725][ T5084] Bluetooth: hci0: Malformed Event: 0x2f [ 151.202083][ T6392] loop2: detected capacity change from 0 to 512 [ 151.233138][ T6392] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 151.266090][ T6392] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #15: comm syz.2.130: iget: bogus i_mode (5) [ 151.315257][ T6392] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.130: couldn't read orphan inode 15 (err -117) [ 151.351182][ T6392] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 151.372382][ T6374] loop3: detected capacity change from 0 to 40427 [ 151.391270][ T6392] ext2 filesystem being mounted at /28/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 151.418661][ T6374] F2FS-fs (loop3): heap/no_heap options were deprecated [ 151.436591][ T6374] F2FS-fs (loop3): Image doesn't support compression [ 151.463660][ T6374] F2FS-fs (loop3): heap/no_heap options were deprecated [ 151.504948][ T6374] F2FS-fs (loop3): invalid crc value [ 151.663237][ T6374] F2FS-fs (loop3): Found nat_bits in checkpoint [ 152.765236][ T6401] capability: warning: `syz.1.131' uses 32-bit capabilities (legacy support in use) [ 152.798600][ T6401] program syz.1.131 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 152.876473][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.649285][ T5084] Bluetooth: hci1: Malformed Event: 0x2f [ 154.776739][ T6425] loop3: detected capacity change from 0 to 512 [ 154.853696][ T6425] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 154.913912][ T6425] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.140: iget: bogus i_mode (5) [ 154.941917][ T6425] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.140: couldn't read orphan inode 15 (err -117) [ 154.963421][ T6425] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.002866][ T6425] ext2 filesystem being mounted at /41/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 156.339921][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.203596][ T5084] Bluetooth: hci2: Malformed Event: 0x2f [ 159.992669][ T6463] loop2: detected capacity change from 0 to 512 [ 160.059271][ T6463] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 160.131634][ T6463] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #15: comm syz.2.151: iget: bogus i_mode (5) [ 160.191371][ T6463] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.151: couldn't read orphan inode 15 (err -117) [ 160.249821][ T6463] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.268193][ T3384] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 160.340331][ T6463] ext2 filesystem being mounted at /34/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 160.471004][ T3384] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.647880][ T3384] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.662710][ T3384] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 162.238161][ T3384] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 162.372071][ T3384] usb 4-1: Manufacturer: syz [ 162.402093][ T3384] usb 4-1: config 0 descriptor?? [ 162.554451][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.874957][ T3384] usbhid 4-1:0.0: can't add hid device: -71 [ 162.884256][ T3384] usbhid: probe of 4-1:0.0 failed with error -71 [ 162.918350][ T3384] usb 4-1: USB disconnect, device number 2 [ 163.560841][ T6476] loop0: detected capacity change from 0 to 512 [ 163.654207][ T6476] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 163.708320][ T6476] EXT4-fs error (device loop0): ext4_orphan_get:1398: inode #15: comm syz.0.162: iget: bogus i_mode (5) [ 163.770518][ T6476] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.162: couldn't read orphan inode 15 (err -117) [ 163.895735][ T6476] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.952179][ T6476] ext2 filesystem being mounted at /35/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.314616][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.707965][ T6495] input: syz0 as /devices/virtual/input/input5 [ 167.534517][ T5084] Bluetooth: hci3: Malformed Event: 0x2f [ 168.490396][ T6502] ªªªªªª: renamed from vlan0 (while UP) [ 168.989858][ T6517] loop2: detected capacity change from 0 to 512 [ 169.081450][ T6517] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 169.207918][ T6517] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #15: comm syz.2.168: iget: bogus i_mode (5) [ 169.261269][ T6517] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.168: couldn't read orphan inode 15 (err -117) [ 169.323021][ T6517] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.343518][ T6517] ext2 filesystem being mounted at /38/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 172.601055][ T5084] Bluetooth: hci3: Malformed Event: 0x2f [ 173.047412][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.552632][ T6542] loop0: detected capacity change from 0 to 40427 [ 174.570290][ T6542] F2FS-fs (loop0): heap/no_heap options were deprecated [ 174.578665][ T6542] F2FS-fs (loop0): Image doesn't support compression [ 174.683606][ T6542] F2FS-fs (loop0): heap/no_heap options were deprecated [ 174.902926][ T6542] F2FS-fs (loop0): invalid crc value [ 174.960928][ T6542] F2FS-fs (loop0): Found nat_bits in checkpoint [ 175.091561][ T6542] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 175.448337][ T23] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 175.638261][ T23] usb 4-1: Using ep0 maxpacket: 16 [ 176.141585][ T23] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 176.181850][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 176.233160][ T6565] netlink: 12 bytes leftover after parsing attributes in process `syz.1.183'. [ 176.234007][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 176.248646][ T6565] netlink: 'syz.1.183': attribute type 1 has an invalid length. [ 176.261082][ T6565] netlink: 20 bytes leftover after parsing attributes in process `syz.1.183'. [ 176.299594][ T23] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 176.338142][ T23] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 176.390666][ T23] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 176.420228][ T23] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 176.444280][ T23] usb 4-1: Manufacturer: syz [ 176.463291][ T23] usb 4-1: config 0 descriptor?? [ 176.564252][ T6567] loop1: detected capacity change from 0 to 512 [ 176.663719][ T6567] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 176.813027][ T6567] EXT4-fs error (device loop1): ext4_orphan_get:1398: inode #15: comm syz.1.184: iget: bogus i_mode (5) [ 176.879420][ T6567] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.184: couldn't read orphan inode 15 (err -117) [ 176.919460][ T6567] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.932623][ T6567] ext2 filesystem being mounted at /45/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.968352][ T23] rc_core: IR keymap rc-hauppauge not found [ 176.978132][ T23] Registered IR keymap rc-empty [ 176.983573][ T23] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 177.376913][ T23] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 180.572022][ T23] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 180.587120][ T23] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input6 [ 180.736827][ T5084] Bluetooth: hci0: Malformed Event: 0x2f [ 180.743870][ T23] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 180.753100][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.781122][ T23] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 180.872448][ T23] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 180.981415][ T23] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 181.709894][ T23] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 181.748286][ T23] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 181.783529][ T23] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 181.828322][ T23] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 182.088622][ T23] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 182.118215][ T23] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 182.181442][ T23] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 182.361351][ T23] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 182.852455][ T23] usb 4-1: USB disconnect, device number 3 [ 184.022713][ T6615] loop3: detected capacity change from 0 to 512 [ 184.063068][ T6617] syz.2.198 uses obsolete (PF_INET,SOCK_PACKET) [ 184.090209][ T6615] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 184.118148][ T5084] Bluetooth: hci3: Malformed Event: 0x2f [ 184.138596][ T6615] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.197: iget: bogus i_mode (5) [ 184.192165][ T6615] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.197: couldn't read orphan inode 15 (err -117) [ 184.405867][ T6615] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 184.596619][ T6615] ext2 filesystem being mounted at /59/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 187.816474][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.772426][ T5084] Bluetooth: hci3: Malformed Event: 0x2f [ 189.866999][ T6665] Zero length message leads to an empty skb [ 189.958115][ T5885] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 190.782078][ T6671] loop1: detected capacity change from 0 to 512 [ 190.803456][ T6671] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 190.851915][ T6671] EXT4-fs error (device loop1): ext4_orphan_get:1398: inode #15: comm syz.1.214: iget: bogus i_mode (5) [ 190.863468][ T5885] usb 3-1: Using ep0 maxpacket: 32 [ 190.914463][ T5885] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 190.936289][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.953805][ T6671] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.214: couldn't read orphan inode 15 (err -117) [ 190.976457][ T5885] usb 3-1: Product: syz [ 190.999364][ T5885] usb 3-1: Manufacturer: syz [ 191.006060][ T6671] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 191.034621][ T5885] usb 3-1: SerialNumber: syz [ 191.065443][ T5885] usb 3-1: config 0 descriptor?? [ 191.077348][ T6671] ext2 filesystem being mounted at /54/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 191.122284][ T5885] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 191.453824][ T5885] gspca_topro: reg_w err -71 [ 191.498190][ T5885] gspca_topro: Sensor soi763a [ 191.596500][ T5885] usb 3-1: USB disconnect, device number 2 [ 192.607959][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.776236][ T6669] loop3: detected capacity change from 0 to 40427 [ 194.500229][ T6669] F2FS-fs (loop3): heap/no_heap options were deprecated [ 194.538248][ T6669] F2FS-fs (loop3): Image doesn't support compression [ 194.545147][ T6669] F2FS-fs (loop3): heap/no_heap options were deprecated [ 194.686989][ T6669] F2FS-fs (loop3): invalid crc value [ 194.697103][ T6669] F2FS-fs (loop3): Failed to start F2FS issue_checkpoint_thread (-4) [ 194.779713][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.786242][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.949855][ T5084] Bluetooth: hci2: Malformed Event: 0x2f [ 196.441311][ T6710] loop3: detected capacity change from 0 to 512 [ 196.491745][ T6710] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 196.532675][ T6710] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.226: iget: bogus i_mode (5) [ 196.571236][ T6710] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.226: couldn't read orphan inode 15 (err -117) [ 196.609150][ T6710] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.624085][ T6710] ext2 filesystem being mounted at /64/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 197.715658][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.737771][ T6704] loop0: detected capacity change from 0 to 40427 [ 197.977197][ T6704] F2FS-fs (loop0): heap/no_heap options were deprecated [ 198.149150][ T6704] F2FS-fs (loop0): Image doesn't support compression [ 198.389701][ T6704] F2FS-fs (loop0): heap/no_heap options were deprecated [ 198.434343][ T6704] F2FS-fs (loop0): invalid crc value [ 198.461926][ T6704] F2FS-fs (loop0): Failed to start F2FS issue_checkpoint_thread (-4) [ 200.112862][ T5084] Bluetooth: hci3: Malformed Event: 0x2f [ 201.215809][ T6748] loop3: detected capacity change from 0 to 512 [ 201.826688][ T6748] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 202.339723][ T6748] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.239: iget: bogus i_mode (5) [ 202.438297][ T6748] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.239: couldn't read orphan inode 15 (err -117) [ 202.484205][ T6748] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 202.507727][ T6748] ext2 filesystem being mounted at /67/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 203.457914][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.682715][ T6757] loop2: detected capacity change from 0 to 40427 [ 203.694243][ T6757] F2FS-fs (loop2): heap/no_heap options were deprecated [ 203.706545][ T6757] F2FS-fs (loop2): Image doesn't support compression [ 203.714207][ T6757] F2FS-fs (loop2): heap/no_heap options were deprecated [ 203.727371][ T6757] F2FS-fs (loop2): invalid crc value [ 203.750938][ T6757] F2FS-fs (loop2): Found nat_bits in checkpoint [ 203.879942][ T6757] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 204.218672][ T5084] Bluetooth: hci1: Malformed Event: 0x2f [ 205.564644][ T6786] loop3: detected capacity change from 0 to 512 [ 205.588661][ T6786] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 205.773756][ T6786] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.252: iget: bogus i_mode (5) [ 205.824039][ T6786] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.252: couldn't read orphan inode 15 (err -117) [ 205.889492][ T6786] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 205.916035][ T5084] Bluetooth: hci3: Malformed Event: 0x2f [ 206.219807][ T6786] ext2 filesystem being mounted at /70/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 208.179709][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.340334][ T6801] loop0: detected capacity change from 0 to 40427 [ 209.901110][ T6801] F2FS-fs (loop0): heap/no_heap options were deprecated [ 209.941581][ T6801] F2FS-fs (loop0): Image doesn't support compression [ 209.980327][ T6801] F2FS-fs (loop0): heap/no_heap options were deprecated [ 210.051063][ T6801] F2FS-fs (loop0): invalid crc value [ 210.077041][ T6801] F2FS-fs (loop0): Failed to start F2FS issue_checkpoint_thread (-4) [ 210.990994][ T6819] Bluetooth: hci0: Malformed Event: 0x2f [ 211.771315][ T6837] loop1: detected capacity change from 0 to 512 [ 211.869292][ T6837] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 211.891761][ T6837] EXT4-fs error (device loop1): ext4_orphan_get:1398: inode #15: comm syz.1.267: iget: bogus i_mode (5) [ 211.931879][ T6819] Bluetooth: hci0: Malformed Event: 0x2f [ 211.956909][ T6837] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.267: couldn't read orphan inode 15 (err -117) [ 212.053960][ T6837] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 212.202654][ T6819] Bluetooth: hci1: command 0x0406 tx timeout [ 212.204398][ T6837] ext2 filesystem being mounted at /69/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 212.211246][ T6819] Bluetooth: hci0: command 0x0406 tx timeout [ 212.235317][ T5774] Bluetooth: hci2: command 0x0406 tx timeout [ 212.242957][ T5774] Bluetooth: hci3: command 0x0406 tx timeout [ 212.732094][ T6852] netlink: 68 bytes leftover after parsing attributes in process `syz.2.270'. [ 215.535836][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.507519][ T6861] loop0: detected capacity change from 0 to 40427 [ 216.516937][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.538398][ T6861] F2FS-fs (loop0): heap/no_heap options were deprecated [ 216.614675][ T6877] netlink: 68 bytes leftover after parsing attributes in process `syz.2.280'. [ 216.727364][ T6861] F2FS-fs (loop0): Image doesn't support compression [ 216.759782][ T6861] F2FS-fs (loop0): heap/no_heap options were deprecated [ 216.956273][ T6861] F2FS-fs (loop0): invalid crc value [ 217.234302][ T6861] F2FS-fs (loop0): Found nat_bits in checkpoint [ 217.316809][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.458158][ T6861] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 217.512220][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.653465][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.028815][ T23] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 218.106845][ T6890] loop0: detected capacity change from 0 to 512 [ 218.163563][ T6890] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 218.238225][ T6890] EXT4-fs error (device loop0): ext4_orphan_get:1398: inode #15: comm syz.0.283: iget: bogus i_mode (5) [ 218.253658][ T23] usb 3-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 218.264698][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.290129][ T23] usb 3-1: config 0 descriptor?? [ 218.297667][ T6890] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.283: couldn't read orphan inode 15 (err -117) [ 218.320177][ T23] usb 3-1: selecting invalid altsetting 3 [ 218.324668][ T6890] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 218.326676][ T23] comedi comedi5: could not set alternate setting 3 in high speed [ 218.367436][ T23] usbduxsigma 3-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 218.449934][ T6890] ext2 filesystem being mounted at /65/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 218.481140][ T23] usbduxsigma: probe of 3-1:0.0 failed with error -22 [ 218.520105][ T23] usb 3-1: USB disconnect, device number 3 [ 218.744330][ T5772] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 218.754832][ T5772] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 218.764121][ T5772] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 218.773625][ T5772] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 218.783449][ T5772] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 218.791478][ T5772] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 220.027076][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.871423][ T6928] netlink: 68 bytes leftover after parsing attributes in process `syz.3.292'. [ 220.909751][ T5772] Bluetooth: hci3: command tx timeout [ 222.052604][ T6945] netlink: 4 bytes leftover after parsing attributes in process `syz.2.297'. [ 222.204754][ T6947] loop2: detected capacity change from 0 to 512 [ 222.230427][ T6947] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 222.272523][ T6947] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #15: comm syz.2.298: iget: bogus i_mode (5) [ 222.300636][ T6947] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.298: couldn't read orphan inode 15 (err -117) [ 222.350431][ T6947] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 222.388313][ T6947] ext2 filesystem being mounted at /72/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 222.715171][ T6902] chnl_net:caif_netlink_parms(): no params data found [ 222.918303][ T5772] Bluetooth: hci3: command tx timeout [ 223.461723][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.998169][ T5772] Bluetooth: hci3: command tx timeout [ 225.125718][ T6966] netlink: 68 bytes leftover after parsing attributes in process `syz.3.301'. [ 226.313263][ T6984] netlink: 19 bytes leftover after parsing attributes in process `syz.3.303'. [ 227.085529][ T5772] Bluetooth: hci3: command tx timeout [ 227.676050][ T6996] loop2: detected capacity change from 0 to 512 [ 227.728252][ T6902] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.744234][ T6902] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.771791][ T6902] bridge_slave_0: entered allmulticast mode [ 227.815859][ T6902] bridge_slave_0: entered promiscuous mode [ 228.024076][ T12] hsr_slave_0: left promiscuous mode [ 228.048787][ T12] hsr_slave_1: left promiscuous mode [ 228.186536][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 228.224143][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 228.418388][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 228.478443][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 228.521832][ T12] bridge_slave_1: left allmulticast mode [ 228.527688][ T12] bridge_slave_1: left promiscuous mode [ 228.536317][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.560950][ T6996] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 228.572162][ T6988] syz.0.305 (6988): drop_caches: 2 [ 228.598189][ T6996] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #15: comm syz.2.307: iget: bogus i_mode (5) [ 228.615244][ T12] bridge_slave_0: left allmulticast mode [ 228.622052][ T12] bridge_slave_0: left promiscuous mode [ 228.627758][ T6996] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.307: couldn't read orphan inode 15 (err -117) [ 228.678518][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.700703][ T6996] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.722682][ T6996] ext2 filesystem being mounted at /75/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 228.983970][ T12] veth1_macvtap: left promiscuous mode [ 229.021250][ T12] veth0_macvtap: left promiscuous mode [ 229.037543][ T12] veth1_vlan: left promiscuous mode [ 229.047648][ T12] veth0_vlan: left promiscuous mode [ 230.894060][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.410936][ T7016] netlink: 68 bytes leftover after parsing attributes in process `syz.2.310'. [ 232.361953][ T7018] netlink: 20 bytes leftover after parsing attributes in process `syz.2.311'. [ 232.795980][ T7031] loop3: detected capacity change from 0 to 512 [ 232.866421][ T7031] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 232.928814][ T7031] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.317: iget: bogus i_mode (5) [ 232.978381][ T7031] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.317: couldn't read orphan inode 15 (err -117) [ 233.049683][ T7031] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 233.099837][ T7031] ext2 filesystem being mounted at /92/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 233.409237][ T7037] netlink: 68 bytes leftover after parsing attributes in process `syz.2.318'. [ 234.747123][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.499089][ T7041] loop2: detected capacity change from 0 to 40427 [ 235.518547][ T7041] F2FS-fs (loop2): heap/no_heap options were deprecated [ 235.525740][ T7041] F2FS-fs (loop2): Image doesn't support compression [ 235.557316][ T7041] F2FS-fs (loop2): heap/no_heap options were deprecated [ 235.620034][ T7041] F2FS-fs (loop2): invalid crc value [ 235.666749][ T12] team0 (unregistering): Port device team_slave_1 removed [ 235.671414][ T7041] F2FS-fs (loop2): Found nat_bits in checkpoint [ 235.775586][ T7059] netlink: 68 bytes leftover after parsing attributes in process `syz.3.326'. [ 236.525474][ T12] team0 (unregistering): Port device team_slave_0 removed [ 236.573275][ T7041] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 236.663090][ T7065] loop3: detected capacity change from 0 to 512 [ 236.674043][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 236.708317][ T7065] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 236.784062][ T7065] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.328: iget: bogus i_mode (5) [ 236.846681][ T7065] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.328: couldn't read orphan inode 15 (err -117) [ 236.872336][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 236.887726][ T7065] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 236.919128][ T7065] ext2 filesystem being mounted at /96/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 237.946224][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.614909][ T7084] netlink: 68 bytes leftover after parsing attributes in process `syz.2.335'. [ 239.809423][ T12] bond0 (unregistering): Released all slaves [ 240.155038][ T6902] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.173022][ T6902] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.189532][ T6902] bridge_slave_1: entered allmulticast mode [ 240.200450][ T6902] bridge_slave_1: entered promiscuous mode [ 240.409815][ T6902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 240.440008][ T6902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.613854][ T6902] team0: Port device team_slave_0 added [ 240.641201][ T6902] team0: Port device team_slave_1 added [ 240.827503][ T6902] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 240.878089][ T6902] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.948438][ T6902] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 240.992036][ T6902] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 241.018097][ T6902] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.108086][ T6902] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 241.300126][ T6902] hsr_slave_0: entered promiscuous mode [ 241.319741][ T6902] hsr_slave_1: entered promiscuous mode [ 241.339605][ T6902] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 241.347342][ T6902] Cannot create hsr debugfs directory [ 241.531695][ T7104] loop3: detected capacity change from 0 to 512 [ 241.583191][ T7104] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 241.641955][ T7104] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.339: iget: bogus i_mode (5) [ 241.675210][ T7104] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.339: couldn't read orphan inode 15 (err -117) [ 241.739851][ T7104] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 241.800708][ T7104] ext2 filesystem being mounted at /100/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 241.907459][ T6902] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 241.934143][ T6902] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 241.980060][ T6902] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 242.016863][ T6902] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 242.086504][ T7090] loop2: detected capacity change from 0 to 40427 [ 242.115814][ T7090] F2FS-fs (loop2): heap/no_heap options were deprecated [ 242.126709][ T7090] F2FS-fs (loop2): Image doesn't support compression [ 242.134855][ T5772] block nbd0: Receive control failed (result -32) [ 242.157855][ T7090] F2FS-fs (loop2): heap/no_heap options were deprecated [ 242.353893][ T7100] block nbd0: shutting down sockets [ 242.417844][ T7090] F2FS-fs (loop2): invalid crc value [ 242.669785][ T7090] F2FS-fs (loop2): Found nat_bits in checkpoint [ 243.194746][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.260052][ T7090] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 243.374820][ T6902] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.462822][ T6902] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.492686][ T2966] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.501023][ T2966] bridge0: port 1(bridge_slave_0) entered forwarding state [ 243.545095][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.552512][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.057217][ T6902] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 244.444729][ T6902] veth0_vlan: entered promiscuous mode [ 244.476784][ T6902] veth1_vlan: entered promiscuous mode [ 244.530936][ T6902] veth0_macvtap: entered promiscuous mode [ 244.565656][ T6902] veth1_macvtap: entered promiscuous mode [ 244.596950][ T6902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 244.616032][ T6902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.626468][ T6902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 244.637601][ T6902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.658420][ T6902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 244.673654][ T6902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.686370][ T6902] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 244.715337][ T6902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 244.726243][ T6902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.743986][ T6902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 244.757033][ T6902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.776812][ T6902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 244.792721][ T6902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.806418][ T6902] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 244.831553][ T6902] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.845837][ T6902] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.859235][ T6902] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.868551][ T6902] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.982892][ T2966] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.998439][ T2966] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.044895][ T2954] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.052877][ T2954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.331251][ T7171] loop0: detected capacity change from 0 to 512 [ 245.439552][ T7171] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 245.540856][ T7171] EXT4-fs error (device loop0): ext4_orphan_get:1398: inode #15: comm syz.0.348: iget: bogus i_mode (5) [ 245.614221][ T7171] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.348: couldn't read orphan inode 15 (err -117) [ 245.684182][ T7171] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 245.730562][ T7171] ext2 filesystem being mounted at /80/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 247.012950][ T7186] capability: warning: `syz.3.342' uses deprecated v2 capabilities in a way that may be insecure [ 247.114365][ T7167] loop2: detected capacity change from 0 to 40427 [ 247.184945][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.199000][ T7167] F2FS-fs (loop2): heap/no_heap options were deprecated [ 247.219208][ T7167] F2FS-fs (loop2): Image doesn't support compression [ 247.226082][ T7167] F2FS-fs (loop2): heap/no_heap options were deprecated [ 247.249619][ T7167] F2FS-fs (loop2): invalid crc value [ 247.399768][ T7167] F2FS-fs (loop2): Found nat_bits in checkpoint [ 247.616819][ T7197] netlink: 68 bytes leftover after parsing attributes in process `syz.3.343'. [ 250.787256][ T7239] loop2: detected capacity change from 0 to 512 [ 251.355857][ T7244] netlink: 68 bytes leftover after parsing attributes in process `syz.0.357'. [ 251.795529][ T7239] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 251.928116][ T7239] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #15: comm syz.2.356: iget: bogus i_mode (5) [ 252.038329][ T7239] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.356: couldn't read orphan inode 15 (err -117) [ 252.169384][ T7239] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 252.217849][ T7239] ext2 filesystem being mounted at /87/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 253.595332][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.927405][ T7248] loop3: detected capacity change from 0 to 40427 [ 253.984067][ T7248] F2FS-fs (loop3): heap/no_heap options were deprecated [ 254.018371][ T7248] F2FS-fs (loop3): Image doesn't support compression [ 254.025376][ T7248] F2FS-fs (loop3): heap/no_heap options were deprecated [ 254.077461][ T7248] F2FS-fs (loop3): invalid crc value [ 254.167377][ T7248] F2FS-fs (loop3): Found nat_bits in checkpoint [ 254.422213][ T7248] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 254.784664][ T7292] netlink: 68 bytes leftover after parsing attributes in process `syz.2.367'. [ 254.986439][ T7291] loop0: detected capacity change from 0 to 512 [ 255.381856][ T7291] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 255.470830][ T7291] EXT4-fs error (device loop0): ext4_orphan_get:1398: inode #15: comm syz.0.369: iget: bogus i_mode (5) [ 255.564223][ T7291] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.369: couldn't read orphan inode 15 (err -117) [ 255.583913][ T7291] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 255.613608][ T7291] ext2 filesystem being mounted at /90/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 256.214799][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.226404][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.750296][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.851380][ T7317] binder: BINDER_SET_CONTEXT_MGR already set [ 256.870267][ T7317] binder: 7316:7317 ioctl 4018620d 2000000002c0 returned -16 [ 257.948093][ T7339] netlink: 68 bytes leftover after parsing attributes in process `syz.0.380'. [ 259.064465][ T7347] loop0: detected capacity change from 0 to 512 [ 259.113950][ T7347] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 259.142619][ T7347] EXT4-fs error (device loop0): ext4_orphan_get:1398: inode #15: comm syz.0.384: iget: bogus i_mode (5) [ 259.185474][ T7347] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.384: couldn't read orphan inode 15 (err -117) [ 259.294821][ T7347] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 259.359446][ T7347] ext2 filesystem being mounted at /96/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 262.313740][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.797672][ T7384] netlink: 4 bytes leftover after parsing attributes in process `syz.2.393'. [ 265.846555][ T7396] loop3: detected capacity change from 0 to 512 [ 265.935191][ T7396] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 266.003959][ T7396] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.397: iget: bogus i_mode (5) [ 266.084812][ T7396] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.397: couldn't read orphan inode 15 (err -117) [ 266.572898][ T7396] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 266.588323][ T7396] ext2 filesystem being mounted at /113/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 267.611454][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 269.713768][ T7445] loop2: detected capacity change from 0 to 512 [ 269.804807][ T7445] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 269.931240][ T7445] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #15: comm syz.2.408: iget: bogus i_mode (5) [ 270.376156][ T7445] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.408: couldn't read orphan inode 15 (err -117) [ 270.864005][ T7445] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 270.905506][ T7420] loop3: detected capacity change from 0 to 40427 [ 270.945372][ T7445] ext2 filesystem being mounted at /101/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 270.968095][ T7420] F2FS-fs (loop3): heap/no_heap options were deprecated [ 270.975584][ T7420] F2FS-fs (loop3): Image doesn't support compression [ 270.983030][ T7420] F2FS-fs (loop3): heap/no_heap options were deprecated [ 271.003057][ T7420] F2FS-fs (loop3): invalid crc value [ 271.210570][ T7420] F2FS-fs (loop3): Found nat_bits in checkpoint [ 271.486520][ T7420] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 273.489529][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.162559][ T7514] loop3: detected capacity change from 0 to 512 [ 277.232212][ T7514] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 277.338402][ T7514] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.421: iget: bogus i_mode (5) [ 277.412866][ T7514] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.421: couldn't read orphan inode 15 (err -117) [ 277.469905][ T7514] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 277.507876][ T7514] ext2 filesystem being mounted at /118/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 279.788655][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 283.124630][ T7562] loop4: detected capacity change from 0 to 512 [ 283.157428][ T7562] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 283.208157][ T7562] EXT4-fs error (device loop4): ext4_orphan_get:1398: inode #15: comm syz.4.430: iget: bogus i_mode (5) [ 283.258191][ T7562] EXT4-fs error (device loop4): ext4_orphan_get:1403: comm syz.4.430: couldn't read orphan inode 15 (err -117) [ 283.272010][ T7562] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 283.285404][ T7562] ext2 filesystem being mounted at /23/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 284.779324][ T6902] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 284.867858][ T7581] ref_ctr increment failed for inode: 0x291 offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff88802bb2df00 [ 286.698915][ T3384] IPVS: starting estimator thread 0... [ 286.799145][ T7617] IPVS: using max 17 ests per chain, 40800 per kthread [ 290.491171][ T7650] loop3: detected capacity change from 0 to 40427 [ 290.538474][ T7650] F2FS-fs (loop3): heap/no_heap options were deprecated [ 290.545752][ T7650] F2FS-fs (loop3): Image doesn't support compression [ 290.584306][ T7650] F2FS-fs (loop3): heap/no_heap options were deprecated [ 290.794281][ T7650] F2FS-fs (loop3): invalid crc value [ 290.869667][ T7650] F2FS-fs (loop3): Found nat_bits in checkpoint [ 291.742562][ T7650] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 293.598257][ T5835] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 294.669049][ T28] audit: type=1326 audit(1768572707.162:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7749 comm="syz.2.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e6218f749 code=0x7ffc0000 [ 294.696856][ T5835] usb 1-1: New USB device found, idVendor=0d46, idProduct=2012, bcdDevice=d3.5f [ 294.714500][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.744272][ T5835] usb 1-1: Product: syz [ 294.748610][ T28] audit: type=1326 audit(1768572707.202:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7749 comm="syz.2.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e6218f749 code=0x7ffc0000 [ 294.750925][ T5835] usb 1-1: Manufacturer: syz [ 294.822801][ T28] audit: type=1326 audit(1768572707.202:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7749 comm="syz.2.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e6218f749 code=0x7ffc0000 [ 294.938197][ T28] audit: type=1326 audit(1768572707.202:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7749 comm="syz.2.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e6218f749 code=0x7ffc0000 [ 295.048724][ T5835] usb 1-1: SerialNumber: syz [ 295.060282][ T28] audit: type=1326 audit(1768572707.202:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7749 comm="syz.2.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e6218f749 code=0x7ffc0000 [ 295.085709][ T5835] usb 1-1: config 0 descriptor?? [ 295.091466][ T28] audit: type=1326 audit(1768572707.202:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7749 comm="syz.2.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e6218f749 code=0x7ffc0000 [ 295.117793][ T5835] kobil_sct 1-1:0.0: required endpoints missing [ 295.140210][ T28] audit: type=1326 audit(1768572707.202:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7749 comm="syz.2.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e6218f749 code=0x7ffc0000 [ 295.534430][ T28] audit: type=1326 audit(1768572707.212:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7749 comm="syz.2.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e6218f749 code=0x7ffc0000 [ 295.746040][ T5835] usb 1-1: USB disconnect, device number 3 [ 295.817068][ T28] audit: type=1326 audit(1768572707.212:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7749 comm="syz.2.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e6218f749 code=0x7ffc0000 [ 295.978106][ T28] audit: type=1326 audit(1768572707.212:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7749 comm="syz.2.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e6218f749 code=0x7ffc0000 [ 297.970213][ T7790] netlink: 'syz.3.483': attribute type 12 has an invalid length. [ 297.998478][ T7790] netlink: 'syz.3.483': attribute type 29 has an invalid length. [ 298.020522][ T7790] netlink: 148 bytes leftover after parsing attributes in process `syz.3.483'. [ 298.065328][ T7790] netlink: 'syz.3.483': attribute type 2 has an invalid length. [ 298.095892][ T7790] netlink: 'syz.3.483': attribute type 3 has an invalid length. [ 298.147399][ T7790] netlink: 15 bytes leftover after parsing attributes in process `syz.3.483'. [ 299.217806][ T7805] netlink: 4 bytes leftover after parsing attributes in process `syz.3.485'. [ 299.841535][ T7813] netlink: 8 bytes leftover after parsing attributes in process `syz.2.486'. [ 300.894783][ T7822] netlink: 8 bytes leftover after parsing attributes in process `syz.2.490'. [ 300.988217][ T7826] netlink: 8 bytes leftover after parsing attributes in process `syz.4.491'. [ 302.639515][ T7842] Driver unsupported XDP return value 0 on prog (id 22) dev N/A, expect packet loss! [ 302.785643][ T7825] loop0: detected capacity change from 0 to 40427 [ 302.870108][ T7825] F2FS-fs (loop0): heap/no_heap options were deprecated [ 302.889440][ T7825] F2FS-fs (loop0): Image doesn't support compression [ 302.896484][ T7825] F2FS-fs (loop0): heap/no_heap options were deprecated [ 302.985137][ T7825] F2FS-fs (loop0): invalid crc value [ 303.026411][ T7825] F2FS-fs (loop0): Found nat_bits in checkpoint [ 303.918341][ T7825] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 305.602808][ T7920] mmap: syz.3.508 (7920) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 308.249199][ T7948] loop3: detected capacity change from 0 to 40427 [ 308.308263][ T7948] F2FS-fs (loop3): heap/no_heap options were deprecated [ 308.327618][ T7948] F2FS-fs (loop3): Image doesn't support compression [ 308.358472][ T7948] F2FS-fs (loop3): heap/no_heap options were deprecated [ 308.416435][ T7948] F2FS-fs (loop3): invalid crc value [ 308.498716][ T7948] F2FS-fs (loop3): Found nat_bits in checkpoint [ 308.666957][ T7948] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 308.855695][ T28] kauditd_printk_skb: 26 callbacks suppressed [ 308.855714][ T28] audit: type=1326 audit(1768572721.342:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7967 comm="syz.0.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcefd78f749 code=0x7ffc0000 [ 308.884683][ C0] vkms_vblank_simulate: vblank timer overrun [ 309.024236][ T28] audit: type=1326 audit(1768572721.342:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7967 comm="syz.0.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcefd78f749 code=0x7ffc0000 [ 309.067643][ T28] audit: type=1326 audit(1768572721.352:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7967 comm="syz.0.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcefd78f749 code=0x7ffc0000 [ 309.089945][ C0] vkms_vblank_simulate: vblank timer overrun [ 309.140159][ T28] audit: type=1326 audit(1768572721.352:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7967 comm="syz.0.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcefd78f749 code=0x7ffc0000 [ 309.236918][ T28] audit: type=1326 audit(1768572721.362:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7967 comm="syz.0.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcefd78f749 code=0x7ffc0000 [ 309.316627][ T28] audit: type=1326 audit(1768572721.402:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7967 comm="syz.0.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7fcefd78f749 code=0x7ffc0000 [ 309.433263][ T28] audit: type=1326 audit(1768572721.402:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7967 comm="syz.0.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcefd78f749 code=0x7ffc0000 [ 309.455400][ C0] vkms_vblank_simulate: vblank timer overrun [ 310.083285][ T7973] program syz.0.523 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 314.835248][ T2934] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.686253][ T2934] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.801943][ T2934] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.719149][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.725551][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.812798][ T2934] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.289546][ T5768] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 319.322853][ T5768] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 319.334336][ T5768] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 319.368327][ T5768] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 319.376935][ T5768] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 319.384976][ T5768] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 321.601869][ T5772] Bluetooth: hci3: command tx timeout [ 322.084378][ T8032] chnl_net:caif_netlink_parms(): no params data found [ 322.341144][ T8062] 9pnet_virtio: no channels available for device syz [ 322.964005][ T8072] netlink: 68 bytes leftover after parsing attributes in process `syz.2.550'. [ 323.661837][ T5772] Bluetooth: hci3: command tx timeout [ 323.917595][ T8032] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.950549][ T8032] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.957896][ T8032] bridge_slave_0: entered allmulticast mode [ 323.976513][ T8032] bridge_slave_0: entered promiscuous mode [ 324.180199][ T8032] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.187509][ T8032] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.222342][ T8032] bridge_slave_1: entered allmulticast mode [ 324.459848][ T8032] bridge_slave_1: entered promiscuous mode [ 324.619521][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 325.008919][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 325.070139][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 325.212317][ T9] usb 4-1: config 4 has an invalid interface number: 30 but max is 0 [ 325.389208][ T9] usb 4-1: config 4 has no interface number 0 [ 325.538963][ T9] usb 4-1: config 4 interface 30 has no altsetting 0 [ 325.788240][ T5772] Bluetooth: hci3: command tx timeout [ 325.805554][ T9] usb 4-1: string descriptor 0 read error: -22 [ 325.847902][ T9] usb 4-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 325.864289][ T8032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 325.918224][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.971350][ T9] dw2102: su3000_identify_state [ 325.976308][ T9] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 325.987734][ T9] dw2102: su3000_power_ctrl: 1, initialized 0 [ 325.995090][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 326.010586][ T8032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 326.075476][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 326.094089][ T9] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 326.104567][ T9] usb 4-1: media controller created [ 326.124097][ T2934] hsr_slave_0: left promiscuous mode [ 326.131962][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 326.145656][ T2934] hsr_slave_1: left promiscuous mode [ 326.151706][ T9] dw2102: i2c transfer failed. [ 326.175016][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 326.181526][ T2934] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 326.198100][ T9] dw2102: i2c transfer failed. [ 326.203153][ T2934] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 326.210576][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 326.218081][ T9] dw2102: i2c transfer failed. [ 326.225035][ T2934] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 326.239345][ T8085] dvb-usb: bulk message failed: -22 (4/0) [ 326.247342][ T2934] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 326.258328][ T8085] dw2102: i2c transfer failed. [ 326.272570][ T8085] dvb-usb: bulk message failed: -22 (3/0) [ 326.279408][ T2934] bridge_slave_1: left allmulticast mode [ 326.285133][ T2934] bridge_slave_1: left promiscuous mode [ 326.295798][ T8085] dw2102: i2c transfer failed. [ 326.301350][ T2934] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.310692][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 326.316766][ T9] dw2102: i2c transfer failed. [ 326.322746][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 326.339315][ T2934] bridge_slave_0: left allmulticast mode [ 326.345143][ T2934] bridge_slave_0: left promiscuous mode [ 326.354258][ T9] dw2102: i2c transfer failed. [ 326.360684][ T2934] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.371325][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 326.377329][ T9] dw2102: i2c transfer failed. [ 326.383535][ T9] dvb-usb: MAC address: 02:02:02:02:02:02 [ 326.447174][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 326.564124][ T9] dvb-usb: bulk message failed: -22 (3/0) [ 326.575653][ T2934] veth1_macvtap: left promiscuous mode [ 326.584330][ T2934] veth0_macvtap: left promiscuous mode [ 326.598290][ T9] dw2102: command 0x0e transfer failed. [ 326.605723][ T2934] veth1_vlan: left promiscuous mode [ 326.614077][ T9] dvb-usb: bulk message failed: -22 (3/0) [ 326.622286][ T2934] veth0_vlan: left promiscuous mode [ 326.630955][ T9] dw2102: command 0x0e transfer failed. [ 326.997421][ T8111] netlink: 68 bytes leftover after parsing attributes in process `syz.0.559'. [ 327.711028][ T9] dvb-usb: bulk message failed: -22 (3/0) [ 327.734809][ T9] dw2102: command 0x0e transfer failed. [ 327.771848][ T9] dvb-usb: bulk message failed: -22 (3/0) [ 327.798094][ T5772] Bluetooth: hci3: command tx timeout [ 327.979139][ T9] dw2102: command 0x0e transfer failed. [ 327.984791][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 327.998122][ T9] dw2102: command 0x51 transfer failed. [ 328.018116][ T9] dvb-usb: bulk message failed: -22 (5/0) [ 328.023959][ T9] dw2102: i2c probe for address 0x68 failed. [ 328.098016][ T9] dvb-usb: bulk message failed: -22 (5/0) [ 328.105348][ T9] dw2102: i2c probe for address 0x69 failed. [ 328.136406][ T9] dvb-usb: bulk message failed: -22 (5/0) [ 328.163476][ T9] dw2102: i2c probe for address 0x6a failed. [ 328.192797][ T9] dw2102: probing for demodulator failed. Is the external power switched on? [ 328.205289][ T8117] Bluetooth: MGMT ver 1.22 [ 328.230152][ T9] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)' [ 328.438478][ T9] rc_core: IR keymap rc-tt-1500 not found [ 328.444298][ T9] Registered IR keymap rc-empty [ 328.462439][ T9] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 328.480109][ T9] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input8 [ 328.501609][ T9] dvb-usb: schedule remote query interval to 250 msecs. [ 328.518598][ T9] dw2102: su3000_power_ctrl: 0, initialized 1 [ 328.532727][ T9] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected. [ 328.560389][ T9] usb 4-1: USB disconnect, device number 4 [ 329.522434][ T5835] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 329.674289][ T9] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected. [ 329.740065][ T5835] usb 3-1: Using ep0 maxpacket: 8 [ 329.771927][ T5835] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 329.780532][ T5835] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 329.811487][ T5835] usb 3-1: config 0 has no interface number 0 [ 329.820243][ T5835] usb 3-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 329.833942][ T5835] usb 3-1: New USB device found, idVendor=0421, idProduct=008f, bcdDevice=ba.de [ 329.857754][ T5835] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.916105][ T5835] usb 3-1: config 0 descriptor?? [ 329.933209][ T5835] usb 3-1: bad CDC descriptors [ 329.976153][ T5835] usb 3-1: bad CDC descriptors [ 329.983575][ T5835] cdc_acm 3-1:0.1: Zero length descriptor references [ 329.990945][ T5835] cdc_acm: probe of 3-1:0.1 failed with error -22 [ 330.070095][ T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 330.148156][ T5835] usb 3-1: USB disconnect, device number 4 [ 330.239542][ T9] usb 4-1: device descriptor read/64, error -71 [ 330.598654][ T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 330.849293][ T9] usb 4-1: device descriptor read/64, error -71 [ 331.008329][ T9] usb usb4-port1: attempt power cycle [ 331.237141][ T2934] team0 (unregistering): Port device team_slave_1 removed [ 331.342594][ T8148] netlink: 68 bytes leftover after parsing attributes in process `syz.2.568'. [ 332.156763][ T2934] team0 (unregistering): Port device team_slave_0 removed [ 332.252271][ T2934] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 333.791209][ T2934] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 338.660827][ T2934] bond0 (unregistering): Released all slaves [ 339.419309][ T8032] team0: Port device team_slave_0 added [ 339.467693][ T8032] team0: Port device team_slave_1 added [ 339.639678][ T8032] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 339.646713][ T8032] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.680827][ T8032] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 339.712026][ T8195] netlink: 36 bytes leftover after parsing attributes in process `syz.2.586'. [ 339.766235][ T8032] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 339.786214][ T8032] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.825868][ T8032] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 339.843707][ T8195] netlink: 8 bytes leftover after parsing attributes in process `syz.2.586'. [ 340.033782][ T8032] hsr_slave_0: entered promiscuous mode [ 340.115588][ T8032] hsr_slave_1: entered promiscuous mode [ 340.435374][ T8032] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 340.634347][ T8032] Cannot create hsr debugfs directory [ 342.016481][ T8223] netlink: 372 bytes leftover after parsing attributes in process `syz.2.594'. [ 342.107097][ T2934] IPVS: stop unused estimator thread 0... [ 342.339470][ T8032] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 342.365495][ T8032] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 342.395444][ T8032] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 342.420792][ T8032] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 343.514886][ T8032] 8021q: adding VLAN 0 to HW filter on device bond0 [ 343.766562][ T8032] 8021q: adding VLAN 0 to HW filter on device team0 [ 343.859236][ T2932] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.866437][ T2932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 344.109602][ T2932] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.116842][ T2932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.620983][ T8032] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 350.923036][ T8319] netlink: 24 bytes leftover after parsing attributes in process `syz.0.611'. [ 352.167368][ T8032] veth0_vlan: entered promiscuous mode [ 352.242049][ T8032] veth1_vlan: entered promiscuous mode [ 352.317496][ T8032] veth0_macvtap: entered promiscuous mode [ 352.343877][ T8032] veth1_macvtap: entered promiscuous mode [ 352.395614][ T8032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 352.865284][ T8032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 352.898298][ T8032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 352.913151][ T8032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.168261][ T8032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 353.218522][ T8032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.259770][ T8032] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 353.297076][ T8032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.352039][ T8032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.378190][ T8032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.410258][ T8032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.600439][ T8032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 353.788228][ T8032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 353.805854][ T8032] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 354.350937][ T8032] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.399849][ T8032] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.548261][ T8032] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.557099][ T8032] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.854402][ T2932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.917868][ T2932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.989780][ T2932] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.017520][ T2932] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 361.738132][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 362.052305][ T9] usb 6-1: config 0 descriptor has 1 excess byte, ignoring [ 362.079591][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 362.141732][ T8438] netlink: 68 bytes leftover after parsing attributes in process `syz.3.641'. [ 362.889612][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 7 [ 362.919498][ T9] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 362.928679][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.936742][ T9] usb 6-1: Product: syz [ 362.942039][ T9] usb 6-1: Manufacturer: syz [ 362.946699][ T9] usb 6-1: SerialNumber: syz [ 362.998471][ T9] usb 6-1: config 0 descriptor?? [ 363.252563][ T9] usb 6-1: 0:0 : invalid sync pipe. is_playback 1, ep 0b, bSynchAddress ff [ 364.200528][ T9] usb 6-1: USB disconnect, device number 2 [ 364.355947][ T6022] udevd[6022]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 366.935746][ T8474] netlink: 68 bytes leftover after parsing attributes in process `syz.3.650'. [ 369.249027][ T5807] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 369.558850][ T5807] usb 4-1: unable to get BOS descriptor or descriptor too short [ 369.654699][ T5807] usb 4-1: not running at top speed; connect to a high speed hub [ 369.692869][ T5807] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1023, setting to 64 [ 369.735041][ T5807] usb 4-1: language id specifier not provided by device, defaulting to English [ 369.790072][ T5807] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 369.827616][ T5807] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.879959][ T5807] usb 4-1: Product: syz [ 369.885744][ T5807] usb 4-1: SerialNumber: syz [ 370.208303][ T5807] cdc_ncm 4-1:1.0: bind() failure [ 370.217741][ T5807] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 370.273322][ T5807] cdc_ncm 4-1:1.1: bind() failure [ 370.323584][ T5807] usb 4-1: USB disconnect, device number 8 [ 370.605535][ T8517] netlink: 68 bytes leftover after parsing attributes in process `syz.5.660'. [ 372.764213][ T8522] netlink: 31 bytes leftover after parsing attributes in process `syz.5.661'. [ 374.568080][ T5807] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 374.883017][ T8552] netlink: 68 bytes leftover after parsing attributes in process `syz.5.669'. [ 375.691670][ T5807] usb 1-1: Using ep0 maxpacket: 8 [ 375.849374][ T5807] usb 1-1: unable to get BOS descriptor or descriptor too short [ 375.862564][ T8556] netlink: 40 bytes leftover after parsing attributes in process `syz.5.671'. [ 375.866371][ T5807] usb 1-1: config 8 has an invalid interface number: 24 but max is 1 [ 375.900528][ T5807] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 375.921081][ T5807] usb 1-1: config 8 has 1 interface, different from the descriptor's value: 2 [ 375.939055][ T5807] usb 1-1: config 8 has no interface number 0 [ 375.945377][ T5807] usb 1-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid wMaxPacketSize 0 [ 375.960239][ T5807] usb 1-1: config 8 interface 24 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 375.983270][ T5807] usb 1-1: config 8 interface 24 has no altsetting 0 [ 376.013151][ T5807] usb 1-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af [ 376.036654][ T5807] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.056107][ T5807] usb 1-1: Product: syz [ 376.069906][ T5807] usb 1-1: Manufacturer: syz [ 376.084857][ T5807] usb 1-1: SerialNumber: syz [ 376.345408][ T5807] vmk80xx 1-1:8.24: driver 'vmk80xx' failed to auto-configure device. [ 376.389139][ T5807] usb 1-1: USB disconnect, device number 4 [ 378.052539][ T8594] netlink: 68 bytes leftover after parsing attributes in process `syz.0.679'. [ 379.084232][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.090990][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.602801][ T27] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 381.629709][ T8642] "syz.0.693" (8642) uses obsolete ecb(arc4) skcipher [ 381.723358][ T8644] netlink: 68 bytes leftover after parsing attributes in process `syz.5.692'. [ 382.758308][ T27] usb 3-1: Using ep0 maxpacket: 32 [ 382.773732][ T27] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 382.790269][ T27] usb 3-1: config 0 has no interface number 0 [ 382.807834][ T27] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 382.828564][ T27] usb 3-1: config 0 interface 85 has no altsetting 0 [ 382.851331][ T27] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 382.865769][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.892679][ T27] usb 3-1: Product: syz [ 382.907269][ T27] usb 3-1: Manufacturer: syz [ 382.920694][ T27] usb 3-1: SerialNumber: syz [ 382.936419][ T27] usb 3-1: config 0 descriptor?? [ 383.581462][ T27] appletouch 3-1:0.85: Failed to request geyser raw mode [ 383.600195][ T27] appletouch: probe of 3-1:0.85 failed with error -5 [ 383.613093][ T27] usb 3-1: USB disconnect, device number 5 [ 385.129472][ T8683] netlink: 68 bytes leftover after parsing attributes in process `syz.3.702'. [ 385.739758][ T8687] tipc: Failed to remove unknown binding: 66,1,1/0:847360043/847360045 [ 387.681095][ T8695] overlay: Unknown parameter '\' [ 394.049703][ T8787] netlink: 68 bytes leftover after parsing attributes in process `syz.2.717'. [ 394.899191][ T8791] batadv_slave_1: entered promiscuous mode [ 394.935280][ T8790] batadv_slave_1: left promiscuous mode [ 398.138498][ T8841] netlink: 68 bytes leftover after parsing attributes in process `syz.5.731'. [ 399.838302][ T5885] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 400.038163][ T5885] usb 4-1: Using ep0 maxpacket: 16 [ 400.065848][ T5885] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 400.106217][ T5885] usb 4-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 400.176063][ T5885] usb 4-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 400.219383][ T5885] usb 4-1: config 1 interface 0 has no altsetting 0 [ 400.235359][ T5885] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 400.250390][ T5885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.261539][ T5885] usb 4-1: Product: syz [ 400.268111][ T5885] usb 4-1: Manufacturer: syz [ 400.284105][ T5885] usb 4-1: SerialNumber: syz [ 400.752399][ T5885] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 400.855922][ T8888] netlink: 68 bytes leftover after parsing attributes in process `syz.0.742'. [ 401.597618][ T23] usb 4-1: USB disconnect, device number 9 [ 401.629539][ T23] usblp0: removed [ 403.159864][ T8912] vivid-007: disconnect [ 403.182473][ T8911] vivid-007: reconnect [ 404.117633][ T8931] netlink: 68 bytes leftover after parsing attributes in process `syz.3.752'. [ 406.540775][ T8933] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.548944][ T8933] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.749539][ T8965] loop2: detected capacity change from 0 to 7 [ 407.786899][ T8965] Dev loop2: unable to read RDB block 7 [ 407.808049][ T8965] loop2: unable to read partition table [ 407.814052][ T8965] loop2: partition table beyond EOD, truncated [ 407.872558][ T8965] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 408.639362][ T8933] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 408.812735][ T8933] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 409.486080][ T8983] netlink: 68 bytes leftover after parsing attributes in process `syz.2.763'. [ 411.697084][ T8933] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.758003][ T8933] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.767256][ T8933] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.788074][ T8933] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.928744][ T9001] loop2: detected capacity change from 0 to 7 [ 411.963180][ T9001] Dev loop2: unable to read RDB block 7 [ 411.978429][ T9001] loop2: AHDI p1 p2 p3 [ 411.982794][ T9001] loop2: partition table partially beyond EOD, truncated [ 412.012421][ T9001] loop2: p1 start 1601398130 is beyond EOD, truncated [ 412.029136][ T9001] loop2: p2 start 1702059890 is beyond EOD, truncated [ 412.408930][ T5772] Bluetooth: hci3: link tx timeout [ 412.414608][ T5772] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 412.493644][ T9013] netlink: 60 bytes leftover after parsing attributes in process `syz.5.772'. [ 414.630937][ T5768] Bluetooth: hci3: command 0x0406 tx timeout [ 419.123851][ T9046] netlink: 60 bytes leftover after parsing attributes in process `syz.5.784'. [ 420.048192][ T28] audit: type=1326 audit(1768572832.532:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9048 comm="syz.5.787" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe41af8f749 code=0x0 [ 420.784809][ T9056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.786'. [ 426.319480][ T9093] netlink: 60 bytes leftover after parsing attributes in process `syz.0.795'. [ 429.780140][ T9111] xt_NFQUEUE: number of queues (8) out of range (got 65537) [ 434.219382][ T9129] netlink: 68 bytes leftover after parsing attributes in process `syz.5.810'. [ 438.737879][ T9150] xt_NFQUEUE: number of queues (8) out of range (got 65537) [ 440.548523][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.554930][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.073594][ T9168] netlink: 68 bytes leftover after parsing attributes in process `syz.5.820'. [ 446.797832][ T9182] syzkaller0: entered promiscuous mode [ 446.803767][ T9182] syzkaller0: entered allmulticast mode [ 448.655335][ T9196] xt_NFQUEUE: number of queues (8) out of range (got 65537) [ 450.368590][ T9205] netlink: 68 bytes leftover after parsing attributes in process `syz.3.832'. [ 453.548329][ T23] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 453.749107][ T23] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 453.759792][ T23] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 453.778170][ T23] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 453.799540][ T23] usb 3-1: config 64 interface 0 has no altsetting 0 [ 453.819652][ T23] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 453.834784][ T23] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 453.857979][ T23] usb 3-1: config 64 interface 0 has no altsetting 0 [ 453.874112][ T23] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 453.890105][ T23] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 453.919369][ T23] usb 3-1: config 64 interface 0 has no altsetting 0 [ 453.940610][ T23] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 453.961963][ T23] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 453.974925][ T23] usb 3-1: config 64 interface 0 has no altsetting 0 [ 453.991719][ T23] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 454.013814][ T23] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 454.029360][ T23] usb 3-1: config 64 interface 0 has no altsetting 0 [ 454.048205][ T23] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 454.068177][ T23] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 454.096936][ T23] usb 3-1: config 64 interface 0 has no altsetting 0 [ 454.124229][ T23] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 454.134785][ T23] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 454.177530][ T23] usb 3-1: config 64 interface 0 has no altsetting 0 [ 454.191368][ T23] usb 3-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 454.206648][ T23] usb 3-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 454.283650][ T23] usb 3-1: config 64 interface 0 has no altsetting 0 [ 454.343241][ T23] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 454.363039][ T23] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 454.393911][ T23] usb 3-1: Product: syz [ 454.408011][ T23] usb 3-1: Manufacturer: syz [ 454.412845][ T28] audit: type=1326 audit(1768572866.902:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9223 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde0298f749 code=0x7ffc0000 [ 454.435465][ T23] usb 3-1: SerialNumber: syz [ 454.451716][ T28] audit: type=1326 audit(1768572866.912:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9223 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fde0298f749 code=0x7ffc0000 [ 454.492031][ T23] yurex 3-1:64.0: USB YUREX device now attached to Yurex #0 [ 454.511972][ T28] audit: type=1326 audit(1768572866.912:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9223 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde0298f749 code=0x7ffc0000 [ 454.572431][ T28] audit: type=1326 audit(1768572866.912:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9223 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde0298f749 code=0x7ffc0000 [ 454.649152][ T28] audit: type=1326 audit(1768572866.912:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9223 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fde0298f749 code=0x7ffc0000 [ 454.682956][ T28] audit: type=1326 audit(1768572866.912:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9223 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde0298f749 code=0x7ffc0000 [ 454.714435][ T28] audit: type=1326 audit(1768572866.912:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9223 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fde0298f749 code=0x7ffc0000 [ 454.769241][ T5815] usb 3-1: USB disconnect, device number 6 [ 454.785643][ T28] audit: type=1326 audit(1768572866.912:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9223 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde0298f749 code=0x7ffc0000 [ 454.824129][ T5815] yurex 3-1:64.0: USB YUREX #0 now disconnected [ 454.850090][ T28] audit: type=1326 audit(1768572866.912:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9223 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde0298f749 code=0x7ffc0000 [ 454.890525][ T28] audit: type=1326 audit(1768572866.912:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9223 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fde0298f749 code=0x7ffc0000 [ 455.993016][ T9243] xt_NFQUEUE: number of queues (8) out of range (got 65537) [ 459.433928][ T9272] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 459.441482][ T9272] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 459.547608][ T9272] vhci_hcd vhci_hcd.0: Device attached [ 460.198460][ T27] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 460.294612][ T9278] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 460.363499][ T42] vhci_hcd: stop threads [ 460.421485][ T42] vhci_hcd: release socket [ 460.498660][ T42] vhci_hcd: disconnect device [ 460.949222][ T9276] xt_NFQUEUE: number of queues (8) out of range (got 65537) [ 463.920991][ T5772] Bluetooth: hci0: Malformed Event: 0x2f [ 465.529111][ T27] vhci_hcd: vhci_device speed not set [ 480.897036][ T9441] hfs: can't find a HFS filesystem on dev nullb0 [ 487.528874][ T5772] Bluetooth: hci2: Malformed Event: 0x2f [ 492.516835][ T9507] netlink: 'syz.0.925': attribute type 3 has an invalid length. [ 492.525235][ T9507] netlink: 16 bytes leftover after parsing attributes in process `syz.0.925'. [ 492.558158][ T5885] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 492.748013][ T5885] usb 4-1: Using ep0 maxpacket: 16 [ 492.770246][ T5885] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 492.798137][ T5885] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 492.818195][ T5885] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 492.838213][ T5885] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 492.863881][ T5885] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 492.888013][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 492.896086][ T5885] usb 4-1: SerialNumber: syz [ 492.923567][ T5885] hub 4-1:1.0: bad descriptor, ignoring hub [ 492.929725][ T5885] hub: probe of 4-1:1.0 failed with error -5 [ 492.936587][ T5885] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 493.104778][ T9517] process 'syz.5.928' launched './file0' with NULL argv: empty string added [ 494.539653][ T5815] usb 4-1: USB disconnect, device number 10 [ 495.441004][ T9535] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 495.612347][ T9535] overlayfs: failed to look up (tracing) for ino (-66) [ 498.579310][ T9564] netlink: 4 bytes leftover after parsing attributes in process `syz.3.944'. [ 498.591046][ T9564] bridge_slave_1: left allmulticast mode [ 498.605699][ T9564] bridge_slave_1: left promiscuous mode [ 498.631387][ T9564] bridge0: port 2(bridge_slave_1) entered disabled state [ 498.663883][ T9564] bridge_slave_0: left allmulticast mode [ 498.671658][ T9564] bridge_slave_0: left promiscuous mode [ 498.685975][ T9564] bridge0: port 1(bridge_slave_0) entered disabled state [ 499.432444][ T9572] netlink: 20 bytes leftover after parsing attributes in process `syz.0.947'. [ 499.458524][ T5885] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 499.498037][ T5835] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 499.658068][ T5885] usb 3-1: Using ep0 maxpacket: 16 [ 499.669535][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 499.683777][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 499.703947][ T5885] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 499.757244][ T5885] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 499.794774][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 499.839742][ T5885] usb 3-1: config 0 descriptor?? [ 499.914835][ T5835] usb 4-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb [ 499.924642][ T5835] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=201 [ 499.933962][ T5835] usb 4-1: Product: syz [ 499.938344][ T5835] usb 4-1: Manufacturer: syz [ 499.943008][ T5835] usb 4-1: SerialNumber: syz [ 499.959117][ T5835] usb 4-1: config 0 descriptor?? [ 499.974440][ T5835] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in warm state. [ 499.982801][ T5835] dvb-usb: bulk message failed: -22 (2/0) [ 500.027337][ T5835] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 500.055996][ T5835] dvbdev: DVB: registering new adapter (DigitalNow DVB-T Dual USB) [ 500.071320][ T5835] usb 4-1: media controller created [ 500.116849][ T5835] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 500.181837][ T5835] dvb-usb: bulk message failed: -22 (1/0) [ 500.233318][ T5835] DVB: Unable to find symbol mt352_attach() [ 500.246015][ T5835] dvb-usb: bulk message failed: -22 (5/0) [ 500.253987][ T5835] zl10353_read_register: readreg error (reg=127, ret==-121) [ 500.261919][ T5835] dvb-usb: no frontend was attached by 'DigitalNow DVB-T Dual USB' [ 500.316238][ T5885] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 500.324146][ T5885] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 500.332329][ T5885] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 500.340337][ T5885] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 500.347647][ T5885] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 500.358345][ T5835] rc_core: IR keymap rc-dvico-mce not found [ 500.364328][ T5835] Registered IR keymap rc-empty [ 500.371917][ T5885] input: HID 0955:7214 Haptics as /devices/virtual/input/input11 [ 500.410757][ T5835] rc rc0: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 500.432165][ T5835] input: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input10 [ 500.474133][ T5835] dvb-usb: schedule remote query interval to 100 msecs. [ 500.486292][ T5835] dvb-usb: DigitalNow DVB-T Dual USB successfully initialized and connected. [ 500.504453][ T5835] usb 4-1: USB disconnect, device number 11 [ 500.637095][ T5885] shield 0003:0955:7214.0001: Registered Thunderstrike controller [ 500.651930][ T5885] shield 0003:0955:7214.0001: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 500.717514][ T5835] dvb-usb: DigitalNow DVB-T Dual USB successfully deinitialized and disconnected. [ 501.856721][ T23] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 501.881679][ T5885] usb 3-1: USB disconnect, device number 7 [ 501.910686][ T23] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 501.926971][ T23] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 501.956048][ T23] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 501.974275][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.981114][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.382779][ T5772] Bluetooth: hci2: unexpected event for opcode 0x0c14 [ 504.678017][ T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 504.882748][ T9627] tipc: Started in network mode [ 504.889422][ T9627] tipc: Node identity 4, cluster identity 32 [ 504.895459][ T9627] tipc: Node number set to 4 [ 504.904386][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 504.917218][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 504.928308][ T8] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 504.937425][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.958383][ T8] usb 1-1: config 0 descriptor?? [ 505.141585][ T9628] delete_channel: no stack [ 505.385327][ T8] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 505.455551][ T8] cp2112 0003:10C4:EA90.0002: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 505.590504][ T8] cp2112 0003:10C4:EA90.0002: Part Number: 0x82 Device Version: 0xFE [ 507.659143][ T9623] ================================================================== [ 507.667341][ T9623] BUG: KASAN: stack-out-of-bounds in cp2112_xfer+0x714/0xf00 [ 507.674774][ T9623] Read of size 42 at addr ffffc9000470fd41 by task syz.0.964/9623 [ 507.682655][ T9623] [ 507.685030][ T9623] CPU: 0 PID: 9623 Comm: syz.0.964 Not tainted syzkaller #0 [ 507.692437][ T9623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 507.702564][ T9623] Call Trace: [ 507.705922][ T9623] [ 507.708907][ T9623] dump_stack_lvl+0x16c/0x230 [ 507.713672][ T9623] ? cp2112_xfer+0x714/0xf00 [ 507.718330][ T9623] ? show_regs_print_info+0x20/0x20 [ 507.723688][ T9623] ? load_image+0x3b0/0x3b0 [ 507.728258][ T9623] ? register_lock_class+0xb5/0x890 [ 507.733540][ T9623] ? __virt_addr_valid+0xc3/0x540 [ 507.738625][ T9623] print_report+0xac/0x220 [ 507.743118][ T9623] ? cp2112_xfer+0x714/0xf00 [ 507.747770][ T9623] kasan_report+0x117/0x150 [ 507.752338][ T9623] ? cp2112_xfer+0x714/0xf00 [ 507.757051][ T9623] kasan_check_range+0x288/0x290 [ 507.762062][ T9623] ? cp2112_xfer+0x714/0xf00 [ 507.766715][ T9623] __asan_memcpy+0x29/0x70 [ 507.771230][ T9623] cp2112_xfer+0x714/0xf00 [ 507.775764][ T9623] ? cp2112_i2c_xfer+0xe70/0xe70 [ 507.780768][ T9623] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 507.786819][ T9623] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 507.792817][ T9623] __i2c_smbus_xfer+0x888/0x1d90 [ 507.797920][ T9623] ? cp2112_i2c_xfer+0xe70/0xe70 [ 507.802946][ T9623] ? i2c_smbus_write_i2c_block_data+0x1b0/0x1b0 [ 507.809246][ T9623] ? rt_mutex_adjust_prio_chain+0x2400/0x2400 [ 507.815383][ T9623] ? i2c_smbus_xfer+0x121/0x3a0 [ 507.820396][ T9623] i2c_smbus_xfer+0x267/0x3a0 [ 507.825206][ T9623] ? i2c_smbus_read_byte+0x1b0/0x1b0 [ 507.830528][ T9623] ? __might_fault+0xaa/0x120 [ 507.835245][ T9623] ? __might_fault+0xc6/0x120 [ 507.839948][ T9623] ? __might_fault+0xaa/0x120 [ 507.844652][ T9623] i2cdev_ioctl_smbus+0x423/0x670 [ 507.849880][ T9623] ? i2cdev_ioctl_rdwr+0x690/0x690 [ 507.855035][ T9623] ? __might_fault+0xaa/0x120 [ 507.859736][ T9623] ? __might_fault+0xc6/0x120 [ 507.864435][ T9623] ? __might_fault+0xaa/0x120 [ 507.869392][ T9623] i2cdev_ioctl+0x5d1/0x7e0 [ 507.873952][ T9623] ? i2cdev_write+0x120/0x120 [ 507.878670][ T9623] ? bpf_lsm_file_ioctl+0x9/0x10 [ 507.883720][ T9623] ? security_file_ioctl+0x80/0xa0 [ 507.888902][ T9623] ? i2cdev_write+0x120/0x120 [ 507.893619][ T9623] __se_sys_ioctl+0xfd/0x170 [ 507.898248][ T9623] do_syscall_64+0x55/0xb0 [ 507.902692][ T9623] ? clear_bhb_loop+0x40/0x90 [ 507.907502][ T9623] ? clear_bhb_loop+0x40/0x90 [ 507.912415][ T9623] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 507.918357][ T9623] RIP: 0033:0x7fcefd78f749 [ 507.922903][ T9623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 507.942640][ T9623] RSP: 002b:00007fcefe70e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 507.951100][ T9623] RAX: ffffffffffffffda RBX: 00007fcefd9e5fa0 RCX: 00007fcefd78f749 [ 507.959097][ T9623] RDX: 0000200000000200 RSI: 0000000000000720 RDI: 0000000000000004 [ 507.967090][ T9623] RBP: 00007fcefd813f91 R08: 0000000000000000 R09: 0000000000000000 [ 507.975099][ T9623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 507.983101][ T9623] R13: 00007fcefd9e6038 R14: 00007fcefd9e5fa0 R15: 00007ffc7df80f88 [ 507.991389][ T9623] [ 507.994554][ T9623] [ 507.996934][ T9623] The buggy address belongs to stack of task syz.0.964/9623 [ 508.004384][ T9623] and is located at offset 33 in frame: [ 508.010036][ T9623] i2cdev_ioctl_smbus+0x0/0x670 [ 508.014921][ T9623] [ 508.017264][ T9623] This frame has 1 object: [ 508.021700][ T9623] [32, 66) 'temp' [ 508.021712][ T9623] [ 508.027872][ T9623] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90004708000 allocated at copy_process+0x549/0x3d70 [ 508.041031][ T9623] The buggy address belongs to the physical page: [ 508.047478][ T9623] page:ffffea00009c4b40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2712d [ 508.057660][ T9623] memcg:ffff888077ddcd02 [ 508.062104][ T9623] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 508.069330][ T9623] page_type: 0xffffffff() [ 508.073693][ T9623] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 508.082399][ T9623] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff888077ddcd02 [ 508.091014][ T9623] page dumped because: kasan: bad access detected [ 508.097628][ T9623] page_owner tracks the page as allocated [ 508.103393][ T9623] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 9611, tgid 9611 (syz.0.960), ts 502844571524, free_ts 500710453766 [ 508.121748][ T9623] post_alloc_hook+0x1cd/0x210 [ 508.126551][ T9623] get_page_from_freelist+0x195c/0x19f0 [ 508.132134][ T9623] __alloc_pages+0x1e3/0x460 [ 508.136851][ T9623] __vmalloc_node_range+0x96b/0x1320 [ 508.142173][ T9623] dup_task_struct+0x3d0/0x7c0 [ 508.146961][ T9623] copy_process+0x549/0x3d70 [ 508.151579][ T9623] kernel_clone+0x21b/0x840 [ 508.156111][ T9623] __se_sys_clone3+0x252/0x2c0 [ 508.160898][ T9623] do_syscall_64+0x55/0xb0 [ 508.165599][ T9623] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 508.171539][ T9623] page last free stack trace: [ 508.176242][ T9623] free_unref_page_prepare+0x7ce/0x8e0 [ 508.181740][ T9623] free_unref_page+0x32/0x2e0 [ 508.186453][ T9623] vfree+0x1a6/0x320 [ 508.190384][ T9623] dvb_usb_adapter_dvb_exit+0x9c/0x1b0 [ 508.195867][ T9623] dvb_usb_adapter_exit+0x8b/0x230 [ 508.201021][ T9623] dvb_usb_device_exit+0x1b7/0x330 [ 508.206158][ T9623] usb_unbind_interface+0x1f2/0x870 [ 508.211392][ T9623] device_release_driver_internal+0x4cb/0x7a0 [ 508.217499][ T9623] bus_remove_device+0x342/0x400 [ 508.222464][ T9623] device_del+0x50b/0x900 [ 508.226920][ T9623] usb_disable_device+0x3e9/0x8a0 [ 508.231979][ T9623] usb_disconnect+0x34c/0x8a0 [ 508.236685][ T9623] hub_event+0x1cef/0x49c0 [ 508.241334][ T9623] process_scheduled_works+0xa45/0x15b0 [ 508.246924][ T9623] worker_thread+0xa55/0xfc0 [ 508.251540][ T9623] kthread+0x2fa/0x390 [ 508.255640][ T9623] [ 508.258027][ T9623] Memory state around the buggy address: [ 508.263676][ T9623] ffffc9000470fc00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 [ 508.271846][ T9623] ffffc9000470fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 508.279933][ T9623] >ffffc9000470fd00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 02 f3 f3 f3 [ 508.288023][ T9623] ^ [ 508.295239][ T9623] ffffc9000470fd80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 508.303408][ T9623] ffffc9000470fe00: f1 f1 f1 f1 04 f2 00 00 f2 f2 00 00 f3 f3 f3 f3 [ 508.311488][ T9623] ================================================================== [ 508.319775][ C0] vkms_vblank_simulate: vblank timer overrun [ 508.335754][ T9623] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 508.343031][ T9623] CPU: 1 PID: 9623 Comm: syz.0.964 Not tainted syzkaller #0 [ 508.350415][ T9623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 508.360513][ T9623] Call Trace: [ 508.363839][ T9623] [ 508.366902][ T9623] dump_stack_lvl+0x16c/0x230 [ 508.371635][ T9623] ? show_regs_print_info+0x20/0x20 [ 508.376983][ T9623] ? load_image+0x3b0/0x3b0 [ 508.381557][ T9623] panic+0x2c0/0x710 [ 508.385517][ T9623] ? bpf_jit_dump+0xd0/0xd0 [ 508.390084][ T9623] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 508.396116][ T9623] ? _raw_spin_unlock+0x40/0x40 [ 508.401012][ T9623] ? print_memory_metadata+0x314/0x400 [ 508.406537][ T9623] ? cp2112_xfer+0x714/0xf00 [ 508.411267][ T9623] check_panic_on_warn+0x84/0xa0 [ 508.416271][ T9623] ? cp2112_xfer+0x714/0xf00 [ 508.420916][ T9623] end_report+0x6f/0x140 [ 508.425214][ T9623] kasan_report+0x128/0x150 [ 508.429774][ T9623] ? cp2112_xfer+0x714/0xf00 [ 508.434419][ T9623] kasan_check_range+0x288/0x290 [ 508.439415][ T9623] ? cp2112_xfer+0x714/0xf00 [ 508.444232][ T9623] __asan_memcpy+0x29/0x70 [ 508.448710][ T9623] cp2112_xfer+0x714/0xf00 [ 508.453172][ T9623] ? cp2112_i2c_xfer+0xe70/0xe70 [ 508.458144][ T9623] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 508.464185][ T9623] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 508.470138][ T9623] __i2c_smbus_xfer+0x888/0x1d90 [ 508.475133][ T9623] ? cp2112_i2c_xfer+0xe70/0xe70 [ 508.480132][ T9623] ? i2c_smbus_write_i2c_block_data+0x1b0/0x1b0 [ 508.486628][ T9623] ? rt_mutex_adjust_prio_chain+0x2400/0x2400 [ 508.492932][ T9623] ? i2c_smbus_xfer+0x121/0x3a0 [ 508.497826][ T9623] i2c_smbus_xfer+0x267/0x3a0 [ 508.502536][ T9623] ? i2c_smbus_read_byte+0x1b0/0x1b0 [ 508.507843][ T9623] ? __might_fault+0xaa/0x120 [ 508.512551][ T9623] ? __might_fault+0xc6/0x120 [ 508.517249][ T9623] ? __might_fault+0xaa/0x120 [ 508.521949][ T9623] i2cdev_ioctl_smbus+0x423/0x670 [ 508.527004][ T9623] ? i2cdev_ioctl_rdwr+0x690/0x690 [ 508.532190][ T9623] ? __might_fault+0xaa/0x120 [ 508.536902][ T9623] ? __might_fault+0xc6/0x120 [ 508.541605][ T9623] ? __might_fault+0xaa/0x120 [ 508.546316][ T9623] i2cdev_ioctl+0x5d1/0x7e0 [ 508.550959][ T9623] ? i2cdev_write+0x120/0x120 [ 508.555689][ T9623] ? bpf_lsm_file_ioctl+0x9/0x10 [ 508.560662][ T9623] ? security_file_ioctl+0x80/0xa0 [ 508.566029][ T9623] ? i2cdev_write+0x120/0x120 [ 508.570762][ T9623] __se_sys_ioctl+0xfd/0x170 [ 508.575395][ T9623] do_syscall_64+0x55/0xb0 [ 508.580102][ T9623] ? clear_bhb_loop+0x40/0x90 [ 508.585069][ T9623] ? clear_bhb_loop+0x40/0x90 [ 508.589882][ T9623] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 508.595926][ T9623] RIP: 0033:0x7fcefd78f749 [ 508.600638][ T9623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.620295][ T9623] RSP: 002b:00007fcefe70e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 508.628755][ T9623] RAX: ffffffffffffffda RBX: 00007fcefd9e5fa0 RCX: 00007fcefd78f749 [ 508.636760][ T9623] RDX: 0000200000000200 RSI: 0000000000000720 RDI: 0000000000000004 [ 508.644765][ T9623] RBP: 00007fcefd813f91 R08: 0000000000000000 R09: 0000000000000000 [ 508.652848][ T9623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 508.660850][ T9623] R13: 00007fcefd9e6038 R14: 00007fcefd9e5fa0 R15: 00007ffc7df80f88 [ 508.668873][ T9623] [ 508.672497][ T9623] Kernel Offset: disabled [ 508.676903][ T9623] Rebooting in 86400 seconds..