last executing test programs: 14.163761779s ago: executing program 2 (id=973): keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f00000000c0)='enc=\x83\xb6\xf2\xe4\x86\x92\xab\xf8\xc8\xc3mw\x056\x85\r~\xe6\xe9a\x85\xdd\xee(\x82\x92\x15)\xd1\xb6\x1a\xd4\x05\xa8f;\x14\xc9o\x7f\xe4Lz\'\xed\xf14\x98}ipjZ\x9a\xcf\xea\xce\xb9K(\xe1Al\x837\x06\"\xec\x98)7g\f\xe2\x00\x18\x17\x92\xe4\xc6\xdb\xb9\x88\xc3\x90\xebzF\x84.\xc7\xc0N+g\xf8\xc9\xa5\x8d>\xe7\xba\x80\xa8\xecR\x00\'\nF\xdb\xba\x0f\x11\x87qri\xda\xeb\xd0\xfar\x83F\x8d4\xb4', 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = syz_open_dev$usbmon(&(0x7f00000001c0), 0x0, 0x88082) ioctl$MON_IOCQ_URB_LEN(r0, 0x9201) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file7\x00', 0x2000002, &(0x7f00000003c0)=ANY=[@ANYBLOB='volume=00000000000000001062,gid=', @ANYRESDEC=0x0, @ANYBLOB=',noadinicb,rootdir=00000000000000000004,gid=forget,unhide,noadinicb,iocharset=cp861,longad,\x00'], 0x1, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=") prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x4000000000001, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$ext4(&(0x7f0000000900)='ext3\x00', &(0x7f0000000180)='./file0\x00', 0x2008002, &(0x7f0000000800)={[{@data_err_ignore}, {@nodiscard}, {@quota}]}, 0x1, 0x580, &(0x7f0000001f80)="$eJzs3c+PG1cdAPDvzP7sJu0m0ANUQAIUQhXFzjptVHppufBDVaVCxYlDuuw6qyV2HGJv6S4rsf0bQAKJE4i/gAMSB6SeOHDjiMQBEOWAVCACJSAORjOe3bi7XuKsvXay/nykyfx4M/6+N96Z9/zszAtgYp2PiJ2ImI2INyNisdieFFO80pmy/e7e2V65d2d7JYl2+42/J3l6ti26jsmcKl5zPiK+9qWIbyYH4zY3t24s12rV28V6uVW/VW5ubl1ary+vVdeqNyuVq0tXL7945YXK0Mp6rv7z97+4/urXf/XLj7/3253nvptl63SR1l2OYeoUfWYvTmY6Il49jmBjMFXMZ49y8H9+9tXnhpsdHlIaER+KiE/l1/9iTOV/nQDASdZuL0Z7sXsdADjp0rwPLElLEZGmRSOg1OnDezoW0lqj2bp4vbFxc7XTV3YmZtLr67Xq5bNzv/92vvNMkq0v5Wl5er5e2bd+JSLORsQP5p7I10srjdrqeJo8ADDxTnXX/xHxr7k0LZX6OrTHt3oAwGNjftwZAABGTv0PAJNH/Q8Ak6eP+r/4sn/n2PMCAIyGz/8AMHnU/wAwedT/ADBRXn/ttWxq3yuef7361ubGjcZbl1arzRul+sZKaaVx+1ZprdFYy5/ZU3/Q69UajVtLz8fG2+VWtdkqNze3rtUbGzdb1/Lnel+rzoykVADA/3P23Lu/SyJi56Un8im6xnJQV8PJlg5xL+DxMjXIwRoI8Fgz2hdMrr6q8LyR8JtjzwswHj0f5j3fc/GDfvQQQfzOCB4pFz7af///kcZ4Bh5ZevZhch2t///loecDGL0j9///cbj5AEav3U72j/k/u5fU7fVRjkoMABynAX7C1/7esBohwFg9aDDvzlf3nz+Y8DDf/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAJczoivhVJWsrHAk+zf9NSKeLJiDgTM8n19Vr1ckQ8FeciYmYuW18ad6YBgAGlf02K8b8uLD57en/qbPLvuXweEd/58Rs/fHu51bq9lG3/x972ud3hwyr3jxtgXEEAoH9/7menvP6uFPOuD/J372yv7E7HmMcD3v/C3uCjK/fubOdTJ2U62u12O2I+b0ss/DOJ6eKY+Yh4JiKmhhB/552I+Eiv8id538iZYuTT7vhRxH5ypPHTD8RP87TOPDt9Hx5CXmDSvJvdf17pdf2lcT6f977+5/M71ODy+998xO69715X/Oki0lSP+Nk1f77fGM//+isHNrYXO2nvRDwz3St+shc/OST+s33G/8PHPvH9lw9Ja/8k4kL0jt8dq9yq3yo3N7curdeX16pr1ZuVytWlq5dfvPJCpZz3UZd3e6oP+ttLF586LG9Z+RcOid9550/tK//s3rGf6bP8P/3vm9/45P3Vuf3xP/fp3u//0/m89/nP6sTP9hl/eeEX84elZfFXDyn/g97/i33Gf+8vW6t97goAjEBzc+vGcq1WvT3QQvYpdBivc2Ahy2J/O+82FwcL+qfIF+6fliSSGHa5ssZYPzvPDP+sfnm7c5Ye/vDd89vXztN7bcVhZH6qs7BQvOSw/8YesJAOoRSD5znOFAt3R1X2Ed+IgJG7f9GPOycAAAAAAAAAAAAAAMBhRvE/qMZdRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6u/wUAAP//dQy6iw==") syz_mount_image$exfat(0x0, &(0x7f0000000200)='./file0\x00', 0xe1c00, 0x0, 0x0, 0x0, &(0x7f0000000000)) mkdir(0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) 12.609952028s ago: executing program 2 (id=981): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x58, 0x24, 0x200, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x9, 0xfff1}, {0xffff, 0x9}, {0xa}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x0, 0x5, 0x2, 0x0, 0x4, 0x0, 0xfffffff6, 0x8, 0x5}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x80}, 0x20040084) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000340)={{0x3, @bcast}, [@remote, @rose, @default, @bcast, @default, @remote, @rose, @null]}, &(0x7f0000000400)=0x48, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000440)=@netrom={'nr', 0x0}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c00018006000600843b0000971b0280540214"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0x20008054) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000200)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, &(0x7f0000000600)=[0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x76, &(0x7f0000000300)=[{}], 0x8, 0x10, &(0x7f0000000340), &(0x7f0000000400), 0x8, 0x8000cf, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000000000000000000000000001802"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="600000000206010300000000000000000300000a0900020073797a310000000011000300686173683a69702c706f727400000000050005000200000005000400000000001400078008000840000000d808000640000000090500010007000000c2c77238e1ba9bc03ab721c5aa9d0c4da86562946b427e391e9a2685c4e143050cbe65dc2a8e3684e2facba0dd49ad3227a2c53cd93f1591da769108bd23ecf813a764b9c5fb66e8047e92efed23434deac2e78c629efc66ad11b809d38ff5214e050d3f314d1ea1c98d0975e685cfcd289c5d51af4bdb67c143d9a98c72ba"], 0x60}, 0x1, 0x0, 0x0, 0x20044040}, 0x40800) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000001880)=@ethtool_drvinfo={0x3, "5d3b557e85cd6759f156bdb45c82da5abb01c33cf923b687b5bca051cdd737cf", "b005cc8cc932651b1e48d1d41e67e352407c6e1ec7c68f243a61879ce0e69561", "2f38157b1d9a34119d0a81b48cede472b0d6913fbd23d65745e068a94255c639", "2c391b0b0cff0a9069142b76b27ad949b3833b7a05faec47c2974adb78e46d41", "77297e53dd17606fbe9f3a2505c48fcd9415325d32dcc6200543a5328887482c", "fc87cfe7a1d3e857ee77ad63", 0x40, 0x1, 0x5, 0x6, 0x3}}) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r6, 0x800448f0, &(0x7f0000000140)={0x2, 0x119, "613bae", 0x1, 0x7}) ioctl$sock_ifreq(r5, 0x8990, &(0x7f00000003c0)={'bond0\x00', @ifru_names='rose0\x00'}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETVNETBE(r8, 0x400454de, &(0x7f0000000040)=0x1) r9 = accept4(r7, 0x0, 0x0, 0x80800) r10 = epoll_create1(0x80000) sendmmsg$unix(r9, &(0x7f0000000840)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000004}}], 0x1, 0x400c880) epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r9, &(0x7f00000002c0)={0x10000018}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x34, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x7}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@TCA_RATE={0x6, 0x5, {0x40, 0x8}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x2}]}, 0x68}}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180700000001801e30000000000600e600952f000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 10.684306172s ago: executing program 2 (id=986): r0 = socket(0x2, 0xa, 0x300) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r0) 10.571993801s ago: executing program 2 (id=988): socket$kcm(0x2, 0x1, 0x84) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000002000000", @ANYRES32=0x1], 0x50) r1 = socket$kcm(0x10, 0x2, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000700)={r0, &(0x7f0000000540)="ab1eb0d232efcc028c4e0e071782cb6fa6395c4caf94e0e9b6f7fc5faab0a0d2ffbb84e7085d9ad82a302032e1c17c49285165ff62bd781636871301eb47cdbdda34e377ceb676057a46015cf9a0838b28b3a1aee5dffe126041869a0d516582a77f72119d60c83c6fb400f2a86a424ec98302d1326e1e61245e782e5bf70e2a7ced00", &(0x7f0000000640)=""/144}, 0x20) socket(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0xb) bind$netlink(r2, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc) close(r2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getpeername$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000140)=0x14) r5 = socket$caif_seqpacket(0x25, 0x5, 0x5) getsockopt$sock_buf(r5, 0x1, 0x3d, &(0x7f0000000000)=""/45, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'ip_vti0\x00', 0x0}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r3}, &(0x7f00000001c0), &(0x7f0000000300)=r4}, 0x20) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1, 0x0, 0x0, 0xe0ffff}, 0x0) 10.112159683s ago: executing program 2 (id=990): unshare(0x2c020400) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, 0x0, 0x0) 9.377525654s ago: executing program 2 (id=993): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) r0 = socket(0x8, 0x0, 0x8000) ioctl$sock_netrom_SIOCADDRT(r0, 0x61d1, 0x0) 5.752173078s ago: executing program 1 (id=1012): socket$kcm(0x11, 0xa, 0x300) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000002000000000000000000001e95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7336b5d}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x2000000, 0xd50, 0x0, &(0x7f00000002c0)="fef351f6b11f421a5b4e415288ca", 0x0, 0x34000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'gre0\x00', 0x0}) sendto$packet(r2, &(0x7f00000002c0)="05031400d3fc1c0000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 5.727574019s ago: executing program 4 (id=1013): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(camellia)\x00'}, 0x69) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 5.660220254s ago: executing program 1 (id=1014): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f00000007c0)={'gretap0\x00', 0x0}) 5.516258454s ago: executing program 1 (id=1015): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000006c0)=ANY=[@ANYBLOB="1201000000000040c41090ea80000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x8, {0x8, 0x0, "392cdaab4a73"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x20, 0x1, 0x3, "c282fe"}, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0) 5.419645831s ago: executing program 4 (id=1016): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0xa, 0x0, 0x0, @private0}, 0x1c) shutdown(r0, 0x1) ioctl$sock_SIOCINQ(r0, 0x541b, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_rdma(0x10, 0x3, 0x14) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r3 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r3, &(0x7f0000000280), 0x9) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000c40), 0x12) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12) 4.680181022s ago: executing program 0 (id=1018): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f00000000c0)={0x96, 0x4, 0xfe, 0x2, 0x0, 0x0, 0x5, 0xfc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5}, 0x25) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000085000000a0000000180100002025642500000000002020207b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000080), &(0x7f00000001c0)=0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r1, 0x18000000000002a0, 0x30, 0x0, &(0x7f0000000400)="b9ffe2318944268cb89914f086dd0150dc14c0e1c6a40da50d5eb299ee5257fe68331464e1b7da59ff1569eda766b4fb", 0x0, 0x2005, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) pipe(&(0x7f0000000040)={0xffffffffffffffff}) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000300)={@in={{0x2, 0x4e21, @rand_addr=0x64010100}}, 0x0, 0x0, 0x4020, 0x0, "bb02a3c344ca41d6357e544508474004000b42a20000000000000010208a0e2f964e0000c534a632cd6193fcf19b2df3eea18afaa4ff1f56c54dc46d8b6d2ccd00a0cf0a007bbe00"}, 0xd8) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000300)="5c00000014006b05c84e21000ab16d6e230675f802000000440002000000000000000000b556a705251e6182149a08c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c1504bb918689d9193e9bd1c1b", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000800) r5 = socket$kcm(0x23, 0x5, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000240)=0x6, 0x4) listen(r5, 0x800) accept4(r5, 0x0, 0x0, 0x80000) socket(0x10, 0x803, 0x0) r7 = socket$kcm(0x2, 0xa, 0x2) r8 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r8, 0x0, 0xd0, &(0x7f0000001280), 0x4) writev(0xffffffffffffffff, &(0x7f0000000200)=[{0x0}, {&(0x7f00000006c0)="e6", 0xfdef}], 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r6, &(0x7f0000000380)=ANY=[@ANYBLOB="1c0000f500000000000000862dfdff000000"], 0x78) 4.505917475s ago: executing program 4 (id=1019): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x40000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44880) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58840}, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000100)={0x18, 0x0, {0x4, @local, 'ip_vti0\x00'}}, 0x1e) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x4, @random="1a772955a77a", 'gre0\x00'}}, 0x1e) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 4.27986444s ago: executing program 4 (id=1021): mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {}, {0x8, 0xc}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x8, 0x9, 0x6, 0x3, 0x4}, 0x6b}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0xc804}, 0x2) close(r3) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @random="af75355d1696"}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000600), 0x4) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000740)=@xdp={0x2c, 0x0, r7, 0x42}, 0x80, &(0x7f0000000cc0)=[{&(0x7f00000002c0)="27030200dc0f24000e00003c000c00000000ff110000000200000003125ce882cbf490d908f1523f000000032d9c2740e260a09c6911cda856d5141bffc6", 0x3e}], 0x1}, 0x8bb3a321ef809a) 3.956163403s ago: executing program 0 (id=1022): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), r0) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x48000}, 0x4000) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002000000", @ANYBLOB="0c00990000000000000000000800a000"], 0x40}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00'], 0x30}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$team(&(0x7f0000000080), r2) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="200000005f000100080031000000000000000000", @ANYRES8], 0x20}], 0x1}, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000000c0)={0x60, r3, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r4}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000431}, 0x4040084) 3.941632494s ago: executing program 4 (id=1023): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, 0x0) acct(0x0) chroot(&(0x7f0000000040)='./file0\x00') r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r4, 0x0, 0xcc, &(0x7f0000000140)={@multicast2, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23b510d442ff13482864280a9c0f4eb5"}, 0x3c) setsockopt$MRT_DEL_MFC_PROXY(r4, 0x0, 0xd3, &(0x7f00000000c0)={@multicast2, @multicast1, 0x0, "c6c0e6ec8755b5dc4e305886d95f086707764f8d0e5a0358ea21274f844a69e9", 0x0, 0x200}, 0x3c) getsockopt(r2, 0x401, 0x7, 0x0, &(0x7f0000000480)) socket$igmp(0x2, 0x3, 0x2) r5 = open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$EVIOCSFF(r5, 0x40304580, &(0x7f0000000280)={0x53, 0x4, 0x3, {0xe, 0x8}, {0x6, 0xd}, @const={0x7608, {0xfeff, 0x1, 0x7, 0x40}}}) 3.875487269s ago: executing program 0 (id=1024): unshare(0x400) r0 = socket$kcm(0x2, 0x922000000001, 0x106) setsockopt$sock_attach_bpf(r0, 0x1, 0x25, 0x0, 0x0) 3.673922963s ago: executing program 0 (id=1025): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_open_dev$usbfs(0x0, 0x76, 0x101301) syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') ioctl$USBDEVFS_FREE_STREAMS(r1, 0x802c550a, &(0x7f0000000000)=ANY=[]) socket$inet_sctp(0x2, 0x1, 0x84) userfaultfd(0x801) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d08007b490d4f1e81f8d815000100fe80000000000000080005007a010401a80016002000034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a", 0xd2}], 0x1}, 0x400c044) 2.870100089s ago: executing program 3 (id=1026): sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r0, 0x0, 0x600) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x40000022, 0x0, 0x0) recvmsg(r0, 0x0, 0x2082) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) syz_emit_ethernet(0x82, 0x0, 0x0) socket(0x10, 0x803, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000005"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000000), &(0x7f0000000040)=r4}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r4, r2}, 0x14) syz_emit_ethernet(0xe, &(0x7f0000000280)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2b}, @void, {@generic={0xc1}}}, 0x0) 2.868698059s ago: executing program 4 (id=1027): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24048850}, 0x8010) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c000000020605000000000000000000070000001400078008001140ffffffe2080012400060ffff0500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}, 0x1, 0x0, 0x0, 0x810}, 0x4084) 2.183755658s ago: executing program 0 (id=1028): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000005cc0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x3, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x12}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x409}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x840c0}, 0x400040c0) 2.040215667s ago: executing program 3 (id=1029): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0xa, 0x0, 0x0, @private0}, 0x1c) shutdown(r0, 0x1) ioctl$sock_SIOCINQ(r0, 0x541b, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_rdma(0x10, 0x3, 0x14) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r3 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r3, &(0x7f0000000280), 0x9) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000c40), 0x12) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12) 2.039939617s ago: executing program 0 (id=1030): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_io_uring_setup(0xd7, &(0x7f0000000280)={0x0, 0x0, 0x40}, &(0x7f0000000080), 0x0, &(0x7f0000000000)) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) preadv2(r1, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x100000}], 0x100000000000020a, 0x0, 0x0, 0x0) r2 = socket(0x2, 0x80805, 0x0) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000001080)=0x8) getsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000040)={r4, 0xfffffff7}, &(0x7f0000000100)=0x8) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) splice(r5, 0x0, r5, 0x0, 0x800, 0xb) vmsplice(r6, &(0x7f0000e79000)=[{&(0x7f00003fb000)="f7", 0x7ffff000}], 0x1, 0x0) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x2) r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r9 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r10 = syz_pidfd_open(r9, 0x0) pidfd_send_signal(r10, 0x4, &(0x7f0000000000)={0x4, 0x8, 0x5}, 0x0) recvmmsg(r8, 0x0, 0x0, 0x2, 0x0) ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f0000000380)={0x4, 0x0, [{0x40000001, 0x80, 0x488, 0xd1, 0x6}, {0xa, 0x7fff, 0x2, 0x3a1, 0x2}, {0xc0000001, 0xce04, 0x1, 0x3dd3f31e, 0x6}, {0x2, 0x1, 0x0, 0x400, 0x4}]}) writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x100}, 0x0) 1.157383019s ago: executing program 1 (id=1031): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[], 0x2c}}, 0x60040050) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'wlan1\x00'}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, 0x0, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r1, 0x5, 0x3, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}]}, 0x28}}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000000)) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000180)={0x0, 0x7fffffffffffffff, 0x1, [0x2, 0x7, 0x9, 0x9, 0xde], [0x9, 0xb329, 0x1000, 0x7, 0x5, 0xa, 0x4, 0xe970, 0x771, 0x9f, 0xcdc0, 0x9, 0x1, 0x10001, 0xefcf, 0xb13, 0x54, 0x3, 0xffff, 0x7fff, 0x9673, 0x6, 0xffffffffffffa59b, 0x7, 0x3, 0x8, 0x0, 0xd6f9, 0x4, 0x100000000, 0x0, 0x6, 0xbe40, 0x501, 0x7fffffffffffffff, 0x0, 0x5, 0x38, 0xe, 0xfe8, 0x101, 0x0, 0x6, 0xcbad, 0x0, 0x4, 0xe4e0, 0x2, 0x60000000, 0x2, 0x100000000, 0x98a, 0x6, 0x1, 0x7, 0x3, 0x1, 0x8001, 0x200, 0xa71, 0xe, 0x3, 0xfffffffeffffffff, 0xffff, 0x9, 0x5, 0x6, 0x8000, 0x83, 0x0, 0x9, 0x29, 0x4, 0x8000000000000001, 0x84a, 0x80000001, 0x8, 0x200, 0x8, 0x9, 0x4, 0x1ff, 0x9, 0x3, 0x8, 0x8fc0, 0x9, 0xffffffffffffffff, 0x0, 0x7f, 0x8, 0x53, 0x1, 0x8000000000000001, 0xfffffffffffffffc, 0x4, 0xfffffffffffffff9, 0x2, 0x6, 0x3, 0xfffffffffffffffb, 0x2, 0x9, 0x7ff, 0xffffffff, 0x1, 0x8000000000000001, 0xfffffffffffffffd, 0x1, 0x5, 0x1, 0xe, 0x3, 0x5, 0x2, 0x7, 0x5, 0x1, 0x6, 0x28f201bf, 0x5]}) ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f00000005c0)={r6, "b03e193f3dab751ae8f1cc1420db2291"}) r7 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNDEL(r7, 0x400442c9, &(0x7f0000000100)={0x5, @remote}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001640)={'team0\x00', 0x0}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000017c0)={{{@in=@multicast1, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e24, 0x0, 0x4e21, 0xff0, 0xa, 0x80, 0x80, 0x11, r8}, {0x8001, 0x962, 0x101, 0x7, 0x9, 0x81, 0x5, 0x7}, {0x1, 0x800, 0xfffffffffffffff8, 0xfffffffffffffffd}, 0x5, 0x6e6bbd, 0x2, 0x0, 0x3, 0x2}, {{@in6=@empty, 0x4d6, 0x6c}, 0x2, @in=@rand_addr=0x64010101, 0x3505, 0x0, 0x3, 0x1, 0x76f, 0x8001}}, 0xe8) connect$netlink(0xffffffffffffffff, &(0x7f00000018c0)=@proc={0x10, 0x0, 0x25dfdbfe, 0x8000000}, 0xc) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000001ac0), 0x2, 0x0) 1.134346551s ago: executing program 3 (id=1032): r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0x42f, 0x870bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0x8, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x3}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 792.175305ms ago: executing program 3 (id=1033): mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {}, {0x8, 0xc}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x8, 0x9, 0x6, 0x3, 0x4}, 0x6b}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0xc804}, 0x2) close(r3) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @random="af75355d1696"}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000600), 0x4) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000740)=@xdp={0x2c, 0x0, r7, 0x42}, 0x80, &(0x7f0000000cc0)=[{&(0x7f00000002c0)="27030200dc0f24000e00003c000c00000000ff110000000200000003125ce882cbf490d908f1523f000000032d9c2740e260a09c6911cda856d5141bffc6", 0x3e}], 0x1}, 0x8bb3a321ef809a) 733.336329ms ago: executing program 1 (id=1034): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4) sendmsg$can_raw(r0, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f00000005c0)={&(0x7f0000000100)=@can={{}, 0x80, 0x3, 0x4, 0x2, "07000000008000"}, 0x210}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000180)={'fscrypt:', @desc3}, &(0x7f0000000200)={0x0, "fdd67f3ec2acea76c3905c5126930d7099f884a5e9899d9cbfeeeaab5de0d2426ccc7675a96287574c6c6eb6b8073bc03238eb3b8e76adeeafc86648019317a2", 0x39}, 0x48, 0xfffffffffffffffb) keyctl$chown(0x4, r1, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x40810) socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/snmp6\x00') preadv(r3, &(0x7f00000026c0)=[{&(0x7f0000002700)=""/4088, 0xff8}], 0x1, 0x6, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000880) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00010002"], 0x8) socket(0x10, 0x3, 0x0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fspick(r5, &(0x7f00000000c0)='.\x00', 0x0) 599.707728ms ago: executing program 3 (id=1035): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x428a4}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x8000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) r4 = socket$igmp(0x2, 0x3, 0x2) r5 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$inet(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x2, 0x4e24, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @dev={0xac, 0x14, 0x14, 0x3c}, @dev={0xac, 0x14, 0x14, 0x12}}}}], 0x20}, 0x0) 88.167314ms ago: executing program 3 (id=1036): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0x17, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b70200000000", @ANYRES32, @ANYBLOB="0000000000000000b70200000000e3008500000017000000bf91000000000000b7020000000000008500000084000000b700000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000013c0)="b9ff03316844268cb89e14f086dd", 0x0, 0x51, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r3, &(0x7f0000000100)={{0x3, @null, 0x1}, [@null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null]}, 0x48) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) read(r3, &(0x7f00000000c0)=""/20, 0x14) socket$nl_route(0x10, 0x3, 0x0) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10) write(r4, 0x0, 0x0) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000)) 0s ago: executing program 1 (id=1037): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) acct(0x0) chroot(0x0) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r4, 0x0, 0xcc, &(0x7f0000000140)={@multicast2, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23b510d442ff13482864280a9c0f4eb5"}, 0x3c) setsockopt$MRT_DEL_MFC_PROXY(r4, 0x0, 0xd3, &(0x7f00000000c0)={@multicast2, @multicast1, 0x0, "c6c0e6ec8755b5dc4e305886d95f086707764f8d0e5a0358ea21274f844a69e9", 0x0, 0x200}, 0x3c) getsockopt(r2, 0x401, 0x7, 0x0, &(0x7f0000000480)) socket$igmp(0x2, 0x3, 0x2) r5 = open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$EVIOCSFF(r5, 0x40304580, &(0x7f0000000280)={0x53, 0x4, 0x3, {0xe, 0x8}, {0x6, 0xd}, @const={0x7608, {0xfeff, 0x1, 0x7, 0x40}}}) kernel console output (not intermixed with test programs): m without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 67.830675][ T4296] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:476: comm syz.4.11: Invalid block bitmap block 0 in block_group 0 [ 67.847910][ T4296] Quota error (device loop4): write_blk: dquota write failed [ 67.856989][ T4296] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 67.876698][ T4296] EXT4-fs error (device loop4): ext4_acquire_dquot:6234: comm syz.4.11: Failed to acquire dquot type 0 [ 67.890841][ T4310] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.11: Invalid inode bitmap blk 137438953472 in block_group 0 [ 68.179690][ T4252] EXT4-fs error (device loop4): __ext4_get_inode_loc:4327: comm kworker/u4:6: Invalid inode table block 8589934593 in block_group 0 [ 70.607678][ T4336] sd 0:0:1:0: device reset [ 70.617006][ T4230] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 71.365424][ T4345] netlink: 364 bytes leftover after parsing attributes in process `syz.1.23'. [ 71.365578][ T4345] netlink: 82 bytes leftover after parsing attributes in process `syz.1.23'. [ 71.399737][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.399880][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.495611][ T4230] usb 5-1: no configurations [ 71.495679][ T4230] usb 5-1: can't read configurations, error -22 [ 71.611292][ T4349] loop1: detected capacity change from 0 to 1024 [ 71.645239][ T4230] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 71.673008][ T4349] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 71.673068][ T4349] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 71.782208][ T4349] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.24: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 71.783866][ T4349] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.24: couldn't read orphan inode 11 (err -117) [ 71.784733][ T4349] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 71.806195][ T4349] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.24: Invalid block bitmap block 0 in block_group 0 [ 71.807791][ T4349] Quota error (device loop1): write_blk: dquota write failed [ 71.807924][ T4349] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 71.808123][ T4349] EXT4-fs error (device loop1): ext4_acquire_dquot:6234: comm syz.1.24: Failed to acquire dquot type 0 [ 71.815478][ T4349] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.24: Invalid inode bitmap blk 137438953472 in block_group 0 [ 71.926261][ T4230] usb 5-1: no configurations [ 71.926336][ T4230] usb 5-1: can't read configurations, error -22 [ 71.927261][ T4230] usb usb5-port1: attempt power cycle [ 72.336092][ T4230] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 72.393705][ T144] EXT4-fs error (device loop1): __ext4_get_inode_loc:4327: comm kworker/u4:1: Invalid inode table block 8589934593 in block_group 0 [ 72.486001][ T4230] usb 5-1: no configurations [ 72.486023][ T4230] usb 5-1: can't read configurations, error -22 [ 72.638280][ T4230] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 72.658706][ T4360] netlink: 12 bytes leftover after parsing attributes in process `syz.3.25'. [ 74.105438][ T4377] sd 0:0:1:0: device reset [ 74.627109][ T4230] usb 5-1: device not accepting address 5, error -71 [ 74.645267][ T4230] usb usb5-port1: unable to enumerate USB device [ 74.935201][ T4376] process 'syz.2.29' launched './file1' with NULL argv: empty string added [ 75.006967][ T4385] netlink: 20 bytes leftover after parsing attributes in process `syz.2.29'. [ 75.121866][ T4391] loop3: detected capacity change from 0 to 1024 [ 75.143603][ T4391] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 75.151000][ T4391] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 76.793085][ T4391] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #11: comm syz.3.36: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 76.813207][ T4391] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.36: couldn't read orphan inode 11 (err -117) [ 76.826959][ T4391] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 76.865926][ T4391] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.36: Invalid block bitmap block 0 in block_group 0 [ 76.886387][ T4391] Quota error (device loop3): write_blk: dquota write failed [ 76.893955][ T4391] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 76.904281][ T4391] EXT4-fs error (device loop3): ext4_acquire_dquot:6234: comm syz.3.36: Failed to acquire dquot type 0 [ 76.924525][ T4398] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.36: Invalid inode bitmap blk 137438953472 in block_group 0 [ 76.957152][ T4385] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29'. [ 77.485467][ T4404] overlayfs: missing 'lowerdir' [ 77.505646][ T4404] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 77.587743][ T4397] EXT4-fs error (device loop3): __ext4_get_inode_loc:4327: comm kworker/u4:13: Invalid inode table block 8589934593 in block_group 0 [ 79.351176][ T4426] netlink: 'syz.2.45': attribute type 10 has an invalid length. [ 79.441311][ T4426] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 79.461462][ T4429] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 79.535311][ T4227] Bluetooth: hci5: command 0x1003 tx timeout [ 79.541463][ T4196] Bluetooth: hci5: sending frame failed (-49) [ 79.550932][ T4428] 8021q: adding VLAN 0 to HW filter on device bond1 [ 79.616579][ T4422] sd 0:0:1:0: device reset [ 79.643971][ T4426] device bond_slave_0 entered promiscuous mode [ 79.650433][ T4426] device bond_slave_1 entered promiscuous mode [ 79.656671][ T4426] device syz_tun entered promiscuous mode [ 79.705794][ T4426] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 79.742424][ T4426] bond1: (slave macvlan2): unknown ethtool speed (20010) for port 1 (set it to 0) [ 79.762053][ T4426] bond1: (slave macvlan2): speed changed to 0 on port 1 [ 79.796725][ T4426] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 79.868805][ T4426] syz.2.45 (4426) used greatest stack depth: 19512 bytes left [ 79.900778][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 80.340694][ T4444] loop2: detected capacity change from 0 to 1024 [ 80.386296][ T4444] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 80.393630][ T4444] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 80.533177][ T4444] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.50: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 80.552816][ T4444] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.50: couldn't read orphan inode 11 (err -117) [ 80.566613][ T4444] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 80.604517][ T4444] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.50: Invalid block bitmap block 0 in block_group 0 [ 80.619116][ T4444] Quota error (device loop2): write_blk: dquota write failed [ 80.626808][ T4444] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 80.637284][ T4444] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.50: Failed to acquire dquot type 0 [ 80.657789][ T4447] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.50: Invalid inode bitmap blk 137438953472 in block_group 0 [ 81.210910][ T397] EXT4-fs error (device loop2): __ext4_get_inode_loc:4327: comm kworker/u4:3: Invalid inode table block 8589934593 in block_group 0 [ 81.749173][ T21] cfg80211: failed to load regulatory.db [ 81.772786][ T21] Bluetooth: hci5: command 0x1001 tx timeout [ 81.822954][ T4196] Bluetooth: hci5: sending frame failed (-49) [ 82.328705][ T4455] loop2: detected capacity change from 0 to 128 [ 82.511301][ T4455] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 82.544302][ T4455] ext4 filesystem being mounted at /9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 84.339812][ T21] Bluetooth: hci5: command 0x1009 tx timeout [ 84.613420][ T4471] vivid-002: disconnect [ 85.151536][ T4476] vivid-002: reconnect [ 85.317087][ T4487] loop1: detected capacity change from 0 to 1024 [ 85.335416][ T4229] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 85.361913][ T4487] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 85.369860][ T4487] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 85.461020][ T4487] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.61: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 85.484541][ T4487] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.61: couldn't read orphan inode 11 (err -117) [ 85.501953][ T4487] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 85.541167][ T4487] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.61: Invalid block bitmap block 0 in block_group 0 [ 85.556958][ T4487] Quota error (device loop1): write_blk: dquota write failed [ 85.564520][ T4487] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 85.575640][ T4487] EXT4-fs error (device loop1): ext4_acquire_dquot:6234: comm syz.1.61: Failed to acquire dquot type 0 [ 85.594046][ T4491] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.61: Invalid inode bitmap blk 137438953472 in block_group 0 [ 85.805824][ T4229] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 85.874990][ T4229] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 86.003277][ T4229] usb 1-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 86.103199][ T4229] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.129771][ T4229] usb 1-1: config 0 descriptor?? [ 86.235332][ T4397] EXT4-fs error (device loop1): __ext4_get_inode_loc:4327: comm kworker/u4:13: Invalid inode table block 8589934593 in block_group 0 [ 86.479542][ T4394] usb 1-1: USB disconnect, device number 2 [ 88.287242][ T4516] sd 0:0:1:0: device reset [ 89.649846][ T4533] loop1: detected capacity change from 0 to 1024 [ 90.607705][ T4533] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 90.614958][ T4533] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 91.476025][ T4533] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.73: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 91.497549][ T4533] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.73: couldn't read orphan inode 11 (err -117) [ 91.512395][ T4533] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 91.560222][ T4533] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.73: Invalid block bitmap block 0 in block_group 0 [ 91.574982][ T4533] Quota error (device loop1): write_blk: dquota write failed [ 91.582687][ T4533] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 91.593086][ T4533] EXT4-fs error (device loop1): ext4_acquire_dquot:6234: comm syz.1.73: Failed to acquire dquot type 0 [ 92.140253][ T854] Quota error (device loop1): remove_tree: Getting block too big (0 >= 9) [ 92.193672][ T854] EXT4-fs error (device loop1): ext4_release_dquot:6270: comm kworker/u4:4: Failed to release dquot type 0 [ 92.725406][ T4546] sctp: failed to load transform for md5: -2 [ 93.956871][ T4570] sd 0:0:1:0: device reset [ 94.986943][ T4572] overlayfs: missing 'lowerdir' [ 95.010494][ T4572] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 95.122745][ T4577] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 95.680297][ T4587] sd 0:0:1:0: device reset [ 96.635997][ T4591] loop0: detected capacity change from 0 to 1024 [ 96.654567][ T4591] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 96.662047][ T4591] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled [ 97.055143][ T4230] Bluetooth: hci5: command 0x1003 tx timeout [ 97.061391][ T4196] Bluetooth: hci5: sending frame failed (-49) [ 98.000327][ T4591] EXT4-fs error (device loop0): ext4_ext_check_inode:501: inode #11: comm syz.0.87: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 98.020920][ T4591] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.87: couldn't read orphan inode 11 (err -117) [ 98.034753][ T4591] EXT4-fs (loop0): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 98.075209][ T4591] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz.0.87: Invalid block bitmap block 0 in block_group 0 [ 98.090108][ T4591] Quota error (device loop0): write_blk: dquota write failed [ 98.097893][ T4591] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 98.109648][ T4591] EXT4-fs error (device loop0): ext4_acquire_dquot:6234: comm syz.0.87: Failed to acquire dquot type 0 [ 98.459359][ T4254] Quota error (device loop0): remove_tree: Getting block too big (0 >= 9) [ 98.469058][ T4254] EXT4-fs error (device loop0): ext4_release_dquot:6270: comm kworker/u4:7: Failed to release dquot type 0 [ 99.855040][ C1] sched: RT throttling activated [ 99.863342][ T4227] Bluetooth: hci5: command 0x1001 tx timeout [ 99.869958][ T4196] Bluetooth: hci5: sending frame failed (-49) [ 100.074159][ T4619] netlink: 4 bytes leftover after parsing attributes in process `syz.0.89'. [ 101.935684][ T2312] Bluetooth: hci5: command 0x1009 tx timeout [ 102.520509][ T4642] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 103.421487][ T4647] loop1: detected capacity change from 0 to 1024 [ 104.665563][ T4647] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 104.672853][ T4647] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 105.589034][ T4647] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.99: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 105.625647][ T4647] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.99: couldn't read orphan inode 11 (err -117) [ 105.645719][ T4647] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 106.285290][ T4645] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.99: Invalid block bitmap block 0 in block_group 0 [ 106.331765][ T4645] Quota error (device loop1): write_blk: dquota write failed [ 106.339397][ T4645] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 106.349766][ T4645] EXT4-fs error (device loop1): ext4_acquire_dquot:6234: comm syz.1.99: Failed to acquire dquot type 0 [ 106.484035][ T4490] Quota error (device loop1): remove_tree: Getting block too big (0 >= 9) [ 106.535866][ T4490] EXT4-fs error (device loop1): ext4_release_dquot:6270: comm kworker/u4:14: Failed to release dquot type 0 [ 106.842489][ T4672] netlink: 'syz.0.106': attribute type 3 has an invalid length. [ 107.125269][ T4672] netlink: 132 bytes leftover after parsing attributes in process `syz.0.106'. [ 107.565335][ T4671] loop3: detected capacity change from 0 to 8 [ 107.636387][ T4671] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 107.779824][ T4177] udevd[4177]: incorrect cramfs checksum on /dev/loop3 [ 108.027251][ T4175] udevd[4175]: incorrect cramfs checksum on /dev/loop3 [ 110.344643][ T4696] overlayfs: missing 'lowerdir' [ 110.393610][ T4696] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 110.987423][ T4704] loop1: detected capacity change from 0 to 1024 [ 111.010460][ T4704] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 111.018006][ T4704] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 111.137860][ T4704] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.115: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 111.158259][ T4704] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.115: couldn't read orphan inode 11 (err -117) [ 111.175907][ T4704] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 111.215870][ T4704] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.115: Invalid block bitmap block 0 in block_group 0 [ 111.230595][ T4704] Quota error (device loop1): write_blk: dquota write failed [ 111.238164][ T4704] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 111.248380][ T4704] EXT4-fs error (device loop1): ext4_acquire_dquot:6234: comm syz.1.115: Failed to acquire dquot type 0 [ 113.037321][ T21] Bluetooth: hci5: command 0x1003 tx timeout [ 113.043623][ T4196] Bluetooth: hci5: sending frame failed (-49) [ 113.316248][ T4724] fuse: Bad value for 'user_id' [ 113.375236][ T21] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 113.406155][ T4726] loop2: detected capacity change from 0 to 8 [ 113.479512][ T4726] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 114.066707][ T4175] udevd[4175]: incorrect cramfs checksum on /dev/loop2 [ 115.105224][ T4230] Bluetooth: hci5: command 0x1001 tx timeout [ 115.111419][ T4196] Bluetooth: hci5: sending frame failed (-49) [ 115.176779][ T1112] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 115.255196][ T21] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 115.262832][ T21] usb 4-1: can't read configurations, error -61 [ 115.365154][ T1112] usb 1-1: device descriptor read/64, error -71 [ 115.374820][ T4735] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 115.455140][ T21] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 115.635161][ T1112] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 115.925172][ T1112] usb 1-1: device descriptor read/64, error -71 [ 115.940295][ T21] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 115.963691][ T21] usb 4-1: can't read configurations, error -61 [ 116.006530][ T21] usb usb4-port1: attempt power cycle [ 116.075311][ T1112] usb usb1-port1: attempt power cycle [ 116.495494][ T1112] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 116.825972][ T4276] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 117.147844][ T4750] loop2: detected capacity change from 0 to 1024 [ 117.245274][ T4276] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 118.452641][ T4750] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 118.460069][ T4750] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 118.560286][ T4750] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.128: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 118.580451][ T4750] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.128: couldn't read orphan inode 11 (err -117) [ 118.593723][ T4750] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 118.629035][ T4750] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.128: Invalid block bitmap block 0 in block_group 0 [ 118.643632][ T4750] Quota error (device loop2): write_blk: dquota write failed [ 118.651666][ T4750] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 118.662104][ T4750] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.128: Failed to acquire dquot type 0 [ 118.705288][ T1112] usb 1-1: device descriptor read/8, error -71 [ 118.825290][ T4276] usb 2-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 118.834403][ T4276] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.844448][ T4276] usb 2-1: config 0 descriptor?? [ 118.852084][ T4229] Bluetooth: hci5: command 0x1009 tx timeout [ 118.887255][ T4276] usb 2-1: bad CDC descriptors [ 119.071146][ T4745] loop3: detected capacity change from 0 to 32768 [ 120.077291][ T4252] Quota error (device loop2): remove_tree: Getting block too big (0 >= 9) [ 120.091468][ T4751] usb 2-1: USB disconnect, device number 2 [ 120.145502][ T4252] EXT4-fs error (device loop2): ext4_release_dquot:6270: comm kworker/u4:6: Failed to release dquot type 0 [ 121.268352][ T4764] netlink: 'syz.0.132': attribute type 3 has an invalid length. [ 121.276327][ T4764] netlink: 132 bytes leftover after parsing attributes in process `syz.0.132'. [ 122.005442][ T23] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 122.435317][ T23] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 122.448252][ T23] usb 2-1: can't read configurations, error -61 [ 122.509536][ T4792] device syzkaller0 entered promiscuous mode [ 122.625162][ T23] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 122.847168][ T4795] loop0: detected capacity change from 0 to 1024 [ 123.292133][ T23] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 124.153319][ T4795] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 124.160752][ T4795] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled [ 124.210277][ T23] usb 2-1: can't read configurations, error -61 [ 124.316182][ T23] usb usb2-port1: attempt power cycle [ 124.585248][ T4795] EXT4-fs error (device loop0): ext4_ext_check_inode:501: inode #11: comm syz.0.140: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 124.605776][ T4795] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.140: couldn't read orphan inode 11 (err -117) [ 124.621097][ T4795] EXT4-fs (loop0): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 124.657671][ T4795] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz.0.140: Invalid block bitmap block 0 in block_group 0 [ 124.672279][ T4795] Quota error (device loop0): write_blk: dquota write failed [ 124.679882][ T4795] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 124.690712][ T4795] EXT4-fs error (device loop0): ext4_acquire_dquot:6234: comm syz.0.140: Failed to acquire dquot type 0 [ 124.835398][ T23] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 124.935156][ T23] usb 2-1: device descriptor read/8, error -71 [ 125.127377][ T4490] Quota error (device loop0): remove_tree: Getting block too big (0 >= 9) [ 125.143539][ T4490] EXT4-fs error (device loop0): ext4_release_dquot:6270: comm kworker/u4:14: Failed to release dquot type 0 [ 125.339119][ T4803] syz.0.142 uses obsolete (PF_INET,SOCK_PACKET) [ 125.375647][ T4803] device bridge0 entered promiscuous mode [ 125.405666][ T4803] device vlan2 entered promiscuous mode [ 126.655535][ T4809] netlink: 'syz.4.145': attribute type 3 has an invalid length. [ 126.663236][ T4809] netlink: 132 bytes leftover after parsing attributes in process `syz.4.145'. [ 126.891455][ T4814] overlayfs: missing 'lowerdir' [ 126.919885][ T4817] netlink: 20 bytes leftover after parsing attributes in process `syz.0.147'. [ 126.936614][ T4814] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 127.160281][ T4801] loop1: detected capacity change from 0 to 32768 [ 127.620764][ T4801] JBD2: Ignoring recovery information on journal [ 127.702263][ T4801] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 127.989876][ T4832] loop2: detected capacity change from 0 to 1024 [ 128.005839][ T4276] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 128.032580][ T4832] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 128.040130][ T4832] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 128.131146][ T4832] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.152: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 128.151369][ T4832] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.152: couldn't read orphan inode 11 (err -117) [ 128.166284][ T4832] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 128.207694][ T4832] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.152: Invalid block bitmap block 0 in block_group 0 [ 128.225158][ T4832] Quota error (device loop2): write_blk: dquota write failed [ 128.232874][ T4832] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 128.243152][ T4832] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.152: Failed to acquire dquot type 0 [ 128.258584][ T4833] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.152: Invalid inode bitmap blk 137438953472 in block_group 0 [ 128.465505][ T4276] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 128.501341][ T4276] usb 4-1: can't read configurations, error -61 [ 128.836601][ T4352] EXT4-fs error (device loop2): __ext4_get_inode_loc:4327: comm kworker/u4:10: Invalid inode table block 8589934593 in block_group 0 [ 128.855930][ T4185] ocfs2: Unmounting device (7,1) on (node local) [ 128.978486][ T4276] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 128.995739][ T4229] Bluetooth: hci5: command 0x1003 tx timeout [ 129.002812][ T4196] Bluetooth: hci5: sending frame failed (-49) [ 129.245314][ T23] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 130.125540][ T23] usb 3-1: config 0 has an invalid interface number: 106 but max is 0 [ 130.157770][ T23] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.185804][ T23] usb 3-1: config 0 has no interface number 0 [ 130.192823][ T23] usb 3-1: too many endpoints for config 0 interface 106 altsetting 74: 216, using maximum allowed: 30 [ 130.207003][ T23] usb 3-1: config 0 interface 106 altsetting 74 has 0 endpoint descriptors, different from the interface descriptor's value: 216 [ 130.295143][ T4851] netlink: 'syz.0.156': attribute type 3 has an invalid length. [ 130.303038][ T4851] netlink: 132 bytes leftover after parsing attributes in process `syz.0.156'. [ 130.326436][ T23] usb 3-1: config 0 interface 106 has no altsetting 0 [ 130.333492][ T23] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 130.343494][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.358239][ T4276] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 130.382772][ T23] usb 3-1: config 0 descriptor?? [ 130.994927][ T4276] usb 4-1: can't read configurations, error -61 [ 131.008218][ T4276] usb usb4-port1: attempt power cycle [ 131.052070][ T23] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 131.065342][ T4229] Bluetooth: hci5: command 0x1001 tx timeout [ 131.085244][ T4196] Bluetooth: hci5: sending frame failed (-49) [ 131.364319][ T4873] udc-core: couldn't find an available UDC or it's busy [ 131.371527][ T4873] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 132.116363][ T4594] usb 3-1: Failed to submit usb control message: -110 [ 132.124250][ T4594] usb 3-1: unable to send the bmi data to the device: -110 [ 132.158947][ T4594] usb 3-1: unable to get target info from device [ 132.198126][ T4594] usb 3-1: could not get target info (-110) [ 132.259846][ T4594] usb 3-1: could not probe fw (-110) [ 132.829316][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.836263][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.447779][ T4276] Bluetooth: hci5: command 0x1009 tx timeout [ 133.628971][ T4796] usb 3-1: USB disconnect, device number 2 [ 133.867911][ T4886] loop2: detected capacity change from 0 to 1024 [ 133.927850][ T4886] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 133.935348][ T4886] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 134.063225][ T4886] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.165: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 134.083026][ T4886] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.165: couldn't read orphan inode 11 (err -117) [ 134.100648][ T4886] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 134.146442][ T4886] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.165: Invalid block bitmap block 0 in block_group 0 [ 134.160870][ T4886] Quota error (device loop2): write_blk: dquota write failed [ 134.168488][ T4886] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 134.178801][ T4886] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.165: Failed to acquire dquot type 0 [ 134.197115][ T4889] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.165: Invalid inode bitmap blk 137438953472 in block_group 0 [ 134.663868][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4327: comm kworker/u4:0: Invalid inode table block 8589934593 in block_group 0 [ 134.763015][ T4883] loop0: detected capacity change from 0 to 32768 [ 134.911712][ T4883] JBD2: Ignoring recovery information on journal [ 135.218993][ T4883] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 136.084086][ T4187] ocfs2: Unmounting device (7,0) on (node local) [ 136.150157][ T4232] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 136.975416][ T4232] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 137.009520][ T4232] usb 2-1: can't read configurations, error -61 [ 137.026725][ T4913] netlink: 'syz.0.170': attribute type 3 has an invalid length. [ 137.042037][ T4913] netlink: 132 bytes leftover after parsing attributes in process `syz.0.170'. [ 137.289099][ T4232] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 137.886842][ T4925] device bridge0 entered promiscuous mode [ 137.902241][ T4925] device macvlan2 entered promiscuous mode [ 139.517806][ T4927] loop2: detected capacity change from 0 to 1024 [ 139.582973][ T4927] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 139.590304][ T4927] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 139.995165][ T4232] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 140.182027][ T4927] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.177: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 140.404618][ T4232] usb 2-1: can't read configurations, error -71 [ 140.475365][ T4927] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.177: couldn't read orphan inode 11 (err -117) [ 140.632297][ T4927] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 140.877671][ T4232] usb usb2-port1: attempt power cycle [ 140.887268][ T4927] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.177: Invalid block bitmap block 0 in block_group 0 [ 140.912971][ T4938] loop4: detected capacity change from 0 to 32768 [ 140.994908][ T4927] Quota error (device loop2): write_blk: dquota write failed [ 141.015795][ T4927] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 141.058985][ T4938] JBD2: Ignoring recovery information on journal [ 141.114618][ T4927] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.177: Failed to acquire dquot type 0 [ 141.269139][ T4941] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.177: Invalid inode bitmap blk 137438953472 in block_group 0 [ 142.037931][ T4938] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 142.836660][ T4298] EXT4-fs error (device loop2): __ext4_get_inode_loc:4327: comm kworker/u4:8: Invalid inode table block 8589934593 in block_group 0 [ 142.837302][ T4198] ocfs2: Unmounting device (7,4) on (node local) [ 143.032361][ T4954] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 145.132159][ T4229] Bluetooth: hci5: command 0x1003 tx timeout [ 145.138432][ T4196] Bluetooth: hci5: sending frame failed (-49) [ 145.517811][ T4977] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 146.657962][ T4276] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 147.545977][ T4231] Bluetooth: hci5: command 0x1001 tx timeout [ 147.552207][ T4196] Bluetooth: hci5: sending frame failed (-49) [ 147.715210][ T4276] usb 2-1: config 0 has no interfaces? [ 147.808680][ T4988] loop2: detected capacity change from 0 to 32768 [ 147.835525][ T4988] JBD2: Ignoring recovery information on journal [ 147.885224][ T4276] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 147.894319][ T4276] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 147.905212][ T4276] usb 2-1: Product: syz [ 147.910554][ T4276] usb 2-1: Manufacturer: syz [ 147.915593][ T4276] usb 2-1: SerialNumber: syz [ 147.931043][ T4988] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 147.935734][ T4276] usb 2-1: config 0 descriptor?? [ 148.039705][ T4192] ocfs2: Unmounting device (7,2) on (node local) [ 148.294396][ T4993] loop2: detected capacity change from 0 to 1024 [ 148.309768][ T4993] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 148.317115][ T4993] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 149.632074][ T4993] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.196: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 149.652699][ T4993] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.196: couldn't read orphan inode 11 (err -117) [ 149.666703][ T4993] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 149.709996][ T4993] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.196: Invalid block bitmap block 0 in block_group 0 [ 149.724724][ T4993] Quota error (device loop2): write_blk: dquota write failed [ 149.732475][ T4993] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 149.742979][ T4993] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.196: Failed to acquire dquot type 0 [ 149.761261][ T4996] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.196: Invalid inode bitmap blk 137438953472 in block_group 0 [ 149.932076][ T4231] Bluetooth: hci5: command 0x1009 tx timeout [ 149.964393][ T4232] usb 2-1: USB disconnect, device number 10 [ 149.999800][ T4353] EXT4-fs error (device loop2): __ext4_get_inode_loc:4327: comm kworker/u4:11: Invalid inode table block 8589934593 in block_group 0 [ 150.026286][ T4999] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 154.355288][ T4751] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 155.284947][ T5040] loop3: detected capacity change from 0 to 1024 [ 155.332434][ T5040] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 155.339877][ T5040] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 157.275343][ T4751] usb 2-1: unable to read config index 0 descriptor/all [ 157.282372][ T4751] usb 2-1: can't read configurations, error -71 [ 157.329353][ T5046] syz.2.209 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 157.353582][ T5040] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #11: comm syz.3.210: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 157.413574][ T5040] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.210: couldn't read orphan inode 11 (err -117) [ 157.439194][ T5040] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 157.502209][ T5039] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.210: Invalid block bitmap block 0 in block_group 0 [ 157.519398][ T5039] Quota error (device loop3): write_blk: dquota write failed [ 157.527162][ T5039] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 157.537239][ T5039] EXT4-fs error (device loop3): ext4_acquire_dquot:6234: comm syz.3.210: Failed to acquire dquot type 0 [ 157.699155][ T4751] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 157.709227][ T5039] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.210: Invalid inode bitmap blk 137438953472 in block_group 0 [ 157.827192][ T4252] EXT4-fs error (device loop3): __ext4_get_inode_loc:4327: comm kworker/u4:6: Invalid inode table block 8589934593 in block_group 0 [ 158.890471][ T4751] usb 2-1: config 0 has no interfaces? [ 159.065490][ T4751] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 159.106880][ T4751] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 159.125526][ T4751] usb 2-1: Product: syz [ 159.142773][ T4751] usb 2-1: Manufacturer: syz [ 159.827731][ T4751] usb 2-1: SerialNumber: syz [ 160.012479][ T4751] usb 2-1: config 0 descriptor?? [ 160.328229][ T4231] usb 2-1: USB disconnect, device number 12 [ 160.545791][ T7] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 161.175450][ T7] usb 4-1: Using ep0 maxpacket: 32 [ 161.375370][ T7] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 161.401538][ T7] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xB7, skipping [ 161.615449][ T7] usb 4-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 161.636952][ T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.690218][ T7] usb 4-1: Product: syz [ 161.714273][ T7] usb 4-1: Manufacturer: syz [ 161.747892][ T7] usb 4-1: SerialNumber: syz [ 161.773004][ T5090] loop1: detected capacity change from 0 to 1024 [ 161.825881][ T5090] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 161.833137][ T5090] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 161.923826][ T7] usb 4-1: config 0 descriptor?? [ 162.036218][ T5074] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 162.098263][ T5090] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.223: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 162.118937][ T5090] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.223: couldn't read orphan inode 11 (err -117) [ 162.132519][ T5090] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 162.172523][ T5090] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.223: Invalid block bitmap block 0 in block_group 0 [ 162.187076][ T5090] Quota error (device loop1): write_blk: dquota write failed [ 162.194596][ T5090] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 162.204965][ T5090] EXT4-fs error (device loop1): ext4_acquire_dquot:6234: comm syz.1.223: Failed to acquire dquot type 0 [ 162.223078][ T5095] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.223: Invalid inode bitmap blk 137438953472 in block_group 0 [ 162.516191][ T4276] usb 4-1: USB disconnect, device number 8 [ 162.783148][ T4353] EXT4-fs error (device loop1): __ext4_get_inode_loc:4327: comm kworker/u4:11: Invalid inode table block 8589934593 in block_group 0 [ 163.268631][ T5112] af_packet: tpacket_rcv: packet too big, clamped from 7 to 4294967272. macoff=96 [ 164.113227][ T5126] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 165.071185][ T5136] loop3: detected capacity change from 0 to 1024 [ 165.175328][ T4230] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 165.523812][ T5136] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 165.531218][ T5136] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 167.041076][ T5138] netlink: 'syz.0.234': attribute type 3 has an invalid length. [ 167.071476][ T5138] netlink: 132 bytes leftover after parsing attributes in process `syz.0.234'. [ 167.109807][ T5136] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #11: comm syz.3.236: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 167.255267][ T4230] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 167.272498][ T4230] usb 3-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 167.282998][ T4230] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.315839][ T4230] usb 3-1: config 0 descriptor?? [ 167.355792][ T4230] usb 3-1: bad CDC descriptors [ 167.540557][ T5136] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.236: couldn't read orphan inode 11 (err -117) [ 167.694063][ T5136] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 167.804157][ T5133] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.236: Invalid block bitmap block 0 in block_group 0 [ 167.818050][ T5133] Quota error (device loop3): write_blk: dquota write failed [ 167.825689][ T5133] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 167.835668][ T5133] EXT4-fs error (device loop3): ext4_acquire_dquot:6234: comm syz.3.236: Failed to acquire dquot type 0 [ 167.850852][ T4230] usb 3-1: USB disconnect, device number 3 [ 167.899581][ T5133] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.236: Invalid inode bitmap blk 137438953472 in block_group 0 [ 168.019081][ T4352] EXT4-fs error (device loop3): __ext4_get_inode_loc:4327: comm kworker/u4:10: Invalid inode table block 8589934593 in block_group 0 [ 173.461483][ T5211] netlink: 'syz.3.254': attribute type 3 has an invalid length. [ 173.488778][ T5211] netlink: 132 bytes leftover after parsing attributes in process `syz.3.254'. [ 176.244623][ T5245] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 177.015425][ T5137] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 177.275105][ T4276] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 177.375214][ T5137] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 177.418411][ T5137] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 177.535357][ T5137] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 177.559964][ T5137] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 177.600873][ T5137] usb 3-1: SerialNumber: syz [ 177.665293][ T4276] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.669102][ T5137] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 177.689417][ T4276] usb 2-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 177.708485][ T5137] usb-storage 3-1:1.0: USB Mass Storage device detected [ 177.715873][ T4276] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.759182][ T4276] usb 2-1: config 0 descriptor?? [ 177.796872][ T5137] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 177.826194][ T4276] usb 2-1: bad CDC descriptors [ 178.211700][ T4276] usb 2-1: USB disconnect, device number 13 [ 178.965136][ T4394] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 178.978972][ T5272] netlink: 'syz.3.271': attribute type 3 has an invalid length. [ 179.012443][ T5272] netlink: 132 bytes leftover after parsing attributes in process `syz.3.271'. [ 179.389006][ T4394] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 179.513697][ T4394] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.525076][ T4394] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 179.535501][ T4394] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 180.095470][ T4394] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 180.123824][ T4394] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 180.176070][ T4394] usb 2-1: Manufacturer: syz [ 180.233903][ T4394] usb 2-1: config 0 descriptor?? [ 180.750404][ T4394] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 181.008187][ T4230] Bluetooth: hci3: command 0x0406 tx timeout [ 181.237314][ T4394] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 181.267027][ T4394] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 181.277519][ T4230] Bluetooth: hci1: command 0x0406 tx timeout [ 181.422285][ T7] Bluetooth: hci0: command 0x0406 tx timeout [ 181.428637][ T7] Bluetooth: hci2: command 0x0406 tx timeout [ 181.434822][ T7] Bluetooth: hci4: command 0x0406 tx timeout [ 181.517306][ T5294] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 182.585183][ T4394] usb 2-1: reset high-speed USB device number 14 using dummy_hcd [ 182.907207][ T5310] loop1: detected capacity change from 0 to 8 [ 182.945718][ T5310] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 183.103333][ T4177] udevd[4177]: incorrect cramfs checksum on /dev/loop1 [ 183.299969][ T4229] usb 3-1: USB disconnect, device number 4 [ 183.449683][ T5316] Zero length message leads to an empty skb [ 183.616640][ T26] audit: type=1326 audit(1775598672.722:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5309 comm="syz.4.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f158850e819 code=0x7ffc0000 [ 183.674238][ T26] audit: type=1326 audit(1775598672.762:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5309 comm="syz.4.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f158850e819 code=0x7ffc0000 [ 183.754757][ T7] usb 2-1: USB disconnect, device number 14 [ 183.965274][ T4276] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 185.759867][ T5347] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 186.525301][ T4276] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 186.555297][ T4276] usb 4-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 186.587845][ T4276] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.649584][ T4276] usb 4-1: config 0 descriptor?? [ 186.760824][ T4276] usb 4-1: can't set config #0, error -71 [ 186.768352][ T4276] usb 4-1: USB disconnect, device number 9 [ 186.996728][ T5359] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 187.006042][ T5360] loop0: detected capacity change from 0 to 8 [ 187.164751][ T5357] netlink: 'syz.4.291': attribute type 3 has an invalid length. [ 187.175412][ T5357] netlink: 132 bytes leftover after parsing attributes in process `syz.4.291'. [ 187.205694][ T5360] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 187.288161][ T4175] udevd[4175]: incorrect cramfs checksum on /dev/loop0 [ 187.363670][ T4175] udevd[4175]: incorrect cramfs checksum on /dev/loop0 [ 187.439313][ T4175] udevd[4175]: incorrect cramfs checksum on /dev/loop0 [ 187.535278][ T4276] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 187.805146][ T4276] usb 4-1: Using ep0 maxpacket: 8 [ 187.995190][ T4276] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 188.015186][ T4276] usb 4-1: config 0 has no interfaces? [ 188.695277][ T4276] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 188.712822][ T4276] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.225171][ T5137] Bluetooth: hci5: command 0x1003 tx timeout [ 189.437775][ T4276] usb 4-1: Product: syz [ 189.442226][ T4276] usb 4-1: Manufacturer: syz [ 189.447011][ T4276] usb 4-1: SerialNumber: syz [ 189.453712][ T4276] usb 4-1: config 0 descriptor?? [ 189.456236][ T4199] Bluetooth: hci5: sending frame failed (-49) [ 189.644293][ T5380] loop0: detected capacity change from 0 to 2048 [ 189.827172][ T5380] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 189.914214][ T5384] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 190.817485][ T4231] usb 4-1: USB disconnect, device number 10 [ 191.485182][ T4276] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 191.535266][ T23] Bluetooth: hci5: command 0x1001 tx timeout [ 191.541474][ T4199] Bluetooth: hci5: sending frame failed (-49) [ 191.950599][ T5404] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 192.755295][ T4276] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.796570][ T4276] usb 3-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 192.829437][ T4276] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.085142][ T5412] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 193.953512][ T23] Bluetooth: hci5: command 0x1009 tx timeout [ 194.313681][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.320078][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.337378][ T4276] usb 3-1: config 0 descriptor?? [ 194.374004][ T4276] usb 3-1: can't set config #0, error -71 [ 194.396378][ T4276] usb 3-1: USB disconnect, device number 5 [ 195.352270][ T5425] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 196.303273][ T5435] loop2: detected capacity change from 0 to 512 [ 197.003953][ T5435] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 197.047667][ T5435] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 199.364343][ T5137] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 199.445411][ T4231] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 199.835196][ T5137] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 200.125801][ T4231] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 200.180243][ T4231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.305534][ T4231] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.420090][ T4231] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 200.518607][ T5137] usb 1-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 200.527789][ T5137] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.538827][ T5137] usb 1-1: config 0 descriptor?? [ 200.560818][ T4231] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 200.576089][ T5137] usb 1-1: bad CDC descriptors [ 200.641229][ T4231] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.689751][ T4231] usb 3-1: config 0 descriptor?? [ 200.931589][ T5480] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 201.235293][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 201.364179][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 201.523938][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 201.554294][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 201.595464][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 201.675127][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 201.682722][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 201.751616][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 201.785068][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 201.823352][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 201.847603][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 201.872941][ T5488] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 201.898739][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 201.947711][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 201.991248][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 202.045342][ T4231] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 202.053617][ T4231] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 202.109191][ T4231] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 202.251889][ T4231] usb 3-1: USB disconnect, device number 6 [ 202.348867][ T5495] loop2: detected capacity change from 0 to 512 [ 202.362240][ T4276] usb 1-1: USB disconnect, device number 7 [ 202.516314][ T5495] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 202.528028][ T5496] fido_id[5496]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 202.535220][ T5495] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 203.935662][ T21] Bluetooth: hci5: command 0x1003 tx timeout [ 203.962846][ T4199] Bluetooth: hci5: sending frame failed (-49) [ 206.369730][ T21] Bluetooth: hci5: command 0x1001 tx timeout [ 206.385236][ T4199] Bluetooth: hci5: sending frame failed (-49) [ 206.803765][ T5538] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 206.875188][ T4231] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 207.265333][ T4231] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.337439][ T4231] usb 5-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 207.384372][ T4231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.434100][ T4231] usb 5-1: config 0 descriptor?? [ 207.486648][ T4231] usb 5-1: bad CDC descriptors [ 207.931824][ T23] usb 5-1: USB disconnect, device number 6 [ 208.495305][ T21] Bluetooth: hci5: command 0x1009 tx timeout [ 208.924637][ T5557] loop0: detected capacity change from 0 to 512 [ 209.007132][ T5557] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 209.025271][ T5557] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 209.126856][ T5553] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 210.625712][ T5576] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 210.647836][ T4233] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 210.917611][ T4233] usb 3-1: Using ep0 maxpacket: 16 [ 211.275155][ T4233] usb 3-1: config 251 has an invalid interface number: 202 but max is 0 [ 211.438214][ T4233] usb 3-1: config 251 has an invalid descriptor of length 0, skipping remainder of the config [ 211.453819][ T4233] usb 3-1: config 251 has no interface number 0 [ 211.460594][ T4233] usb 3-1: config 251 interface 202 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 16 [ 211.471422][ T4233] usb 3-1: config 251 interface 202 altsetting 1 has an invalid endpoint with address 0x0, skipping [ 211.485377][ T4233] usb 3-1: config 251 interface 202 altsetting 1 endpoint 0x6 has invalid maxpacket 1024, setting to 64 [ 211.497365][ T4233] usb 3-1: config 251 interface 202 has no altsetting 0 [ 211.805358][ T4233] usb 3-1: New USB device found, idVendor=0572, idProduct=cb00, bcdDevice=bb.c9 [ 211.814685][ T4233] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.815245][ T21] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 211.823089][ T4233] usb 3-1: Product: syz [ 211.835396][ T4233] usb 3-1: Manufacturer: syz [ 211.840135][ T4233] usb 3-1: SerialNumber: syz [ 211.865566][ T5567] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 212.355198][ T23] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 212.455427][ T4233] cxacru 3-1:251.202: usbatm_usb_probe: bind failed: -19! [ 212.471513][ T4233] usb 3-1: USB disconnect, device number 7 [ 213.300823][ T5598] loop1: detected capacity change from 0 to 512 [ 213.388314][ T5598] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 213.401950][ T5598] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 213.518438][ T21] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 213.527697][ T21] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.536873][ T21] usb 5-1: Product: syz [ 213.541071][ T21] usb 5-1: Manufacturer: syz [ 213.545821][ T21] usb 5-1: SerialNumber: syz [ 213.551992][ T21] usb 5-1: config 0 descriptor?? [ 213.580316][ T5603] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 213.685718][ T23] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 213.702012][ T23] usb 1-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 213.712949][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.737983][ T23] usb 1-1: config 0 descriptor?? [ 213.776487][ T23] usb 1-1: bad CDC descriptors [ 213.828907][ T23] usb 5-1: USB disconnect, device number 7 [ 213.994629][ T21] usb 1-1: USB disconnect, device number 8 [ 215.009417][ T5616] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 216.582660][ T5638] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 217.295615][ T23] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 217.505203][ T23] usb 1-1: device descriptor read/64, error -71 [ 217.775888][ T23] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 217.975267][ T23] usb 1-1: device descriptor read/64, error -71 [ 218.017373][ T5647] loop4: detected capacity change from 0 to 512 [ 218.095471][ T23] usb usb1-port1: attempt power cycle [ 218.205150][ T5647] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 218.235248][ T5647] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 218.621055][ T23] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 219.125468][ T23] usb 1-1: device descriptor read/8, error -71 [ 219.465373][ T23] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 219.685180][ T23] usb 1-1: device descriptor read/8, error -71 [ 219.930499][ T5667] ucma_write: process 184 (syz.4.375) changed security contexts after opening file descriptor, this is not allowed. [ 220.012917][ T23] usb usb1-port1: unable to enumerate USB device [ 220.046779][ T5669] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 221.110252][ T5682] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 224.766256][ T5722] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 225.506673][ T5735] netlink: 'syz.3.391': attribute type 3 has an invalid length. [ 225.536358][ T5735] netlink: 132 bytes leftover after parsing attributes in process `syz.3.391'. [ 230.199541][ T5780] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 236.246647][ T5828] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 236.506960][ T4233] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 237.756874][ T4233] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.775447][ T4233] usb 2-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 237.805991][ T4233] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.854168][ T4233] usb 2-1: config 0 descriptor?? [ 237.935858][ T4233] usb 2-1: bad CDC descriptors [ 238.141922][ T4233] usb 2-1: USB disconnect, device number 15 [ 239.645424][ T5868] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 240.854417][ T5878] netlink: 'syz.2.431': attribute type 1 has an invalid length. [ 240.890447][ T5878] 8021q: adding VLAN 0 to HW filter on device bond2 [ 241.093646][ T5878] bond2: (slave veth3): Enslaving as an active interface with a down link [ 241.383132][ T5891] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 241.701275][ T4300] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 242.775130][ T4300] usb 5-1: Using ep0 maxpacket: 16 [ 242.852213][ T5894] netlink: 8 bytes leftover after parsing attributes in process `syz.4.436'. [ 243.009450][ T5894] device veth0 entered promiscuous mode [ 243.119457][ T5894] device veth0 left promiscuous mode [ 243.594643][ T5914] loop3: detected capacity change from 0 to 2048 [ 243.645305][ T4300] usb 5-1: unable to get BOS descriptor or descriptor too short [ 243.662798][ T5914] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 243.715440][ T4300] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 244.379157][ T4300] usb 5-1: can't read configurations, error -71 [ 245.122465][ T5943] block device autoloading is deprecated and will be removed. [ 245.856684][ T5942] syz.0.450 (5942): drop_caches: 2 [ 252.278904][ T6022] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 252.653356][ T6020] input: syz1 as /devices/virtual/input/input5 [ 255.136506][ T6045] device bridge0 entered promiscuous mode [ 255.182518][ T6045] device macvlan3 entered promiscuous mode [ 255.535736][ T6053] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 255.696909][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.703360][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.255122][ T4231] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 256.665440][ T4231] usb 4-1: config 0 has no interfaces? [ 256.673890][ T4231] usb 4-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 256.733415][ T4231] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.787025][ T4231] usb 4-1: config 0 descriptor?? [ 257.079872][ T26] audit: type=1326 audit(1775598746.192:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.3.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44623a6819 code=0x7ffc0000 [ 257.159428][ T6064] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 257.465133][ T26] audit: type=1326 audit(1775598746.192:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.3.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44623a6819 code=0x7ffc0000 [ 257.663081][ T26] audit: type=1326 audit(1775598746.192:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.3.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44623a6819 code=0x7ffc0000 [ 257.718103][ T4796] Bluetooth: hci5: command 0x1003 tx timeout [ 257.724725][ T4199] Bluetooth: hci5: sending frame failed (-49) [ 257.733172][ T26] audit: type=1326 audit(1775598746.192:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.3.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44623a6819 code=0x7ffc0000 [ 257.759110][ T26] audit: type=1326 audit(1775598746.192:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.3.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0x7f44623a6819 code=0x7ffc0000 [ 257.874168][ T26] audit: type=1326 audit(1775598746.192:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.3.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44623a6819 code=0x7ffc0000 [ 258.075027][ T26] audit: type=1326 audit(1775598746.192:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.3.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44623a6819 code=0x7ffc0000 [ 258.173464][ T26] audit: type=1326 audit(1775598746.192:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.3.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44623a6819 code=0x7ffc0000 [ 258.615455][ T26] audit: type=1326 audit(1775598746.192:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.3.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44623a6819 code=0x7ffc0000 [ 258.669224][ T26] audit: type=1326 audit(1775598746.192:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.3.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f44623a6819 code=0x7ffc0000 [ 258.755153][ T1112] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 258.812974][ T4796] usb 4-1: USB disconnect, device number 11 [ 259.156244][ T1112] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 259.204210][ T1112] usb 2-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 259.260895][ T1112] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.371290][ T1112] usb 2-1: config 0 descriptor?? [ 259.560772][ T1112] usb 2-1: bad CDC descriptors [ 259.719036][ T4796] usb 2-1: USB disconnect, device number 16 [ 259.775718][ T1112] Bluetooth: hci5: command 0x1001 tx timeout [ 259.782869][ T4199] Bluetooth: hci5: sending frame failed (-49) [ 259.816292][ T4300] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 259.909547][ T6085] netlink: 68 bytes leftover after parsing attributes in process `syz.2.485'. [ 260.061823][ T4300] usb 1-1: Using ep0 maxpacket: 16 [ 260.185213][ T4300] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.211370][ T4300] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 260.221283][ T4300] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 260.240633][ T4300] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 260.249983][ T4300] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.280472][ T4300] usb 1-1: config 0 descriptor?? [ 260.353800][ T6093] device syzkaller0 entered promiscuous mode [ 260.392086][ T6093] tc action pedit offset must be on 32 bit boundaries [ 261.056633][ T4300] usbhid 1-1:0.0: can't add hid device: -71 [ 261.117347][ T6105] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 261.533490][ T4300] usbhid: probe of 1-1:0.0 failed with error -71 [ 261.577164][ T4300] usb 1-1: USB disconnect, device number 13 [ 261.909273][ T23] Bluetooth: hci5: command 0x1009 tx timeout [ 262.154249][ T6113] device syzkaller0 entered promiscuous mode [ 262.916890][ T6118] usb usb8: usbfs: process 6118 (syz.0.496) did not claim interface 0 before use [ 263.121104][ T6123] netlink: 'syz.0.499': attribute type 3 has an invalid length. [ 263.129499][ T6123] netlink: 132 bytes leftover after parsing attributes in process `syz.0.499'. [ 263.383642][ T6131] device syzkaller0 entered promiscuous mode [ 263.431117][ T6129] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 264.505052][ T4231] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 264.687432][ T6153] device macvlan2 entered promiscuous mode [ 264.745770][ T4231] usb 2-1: Using ep0 maxpacket: 32 [ 264.821371][ T6155] netlink: 'syz.0.512': attribute type 3 has an invalid length. [ 264.829331][ T6155] netlink: 132 bytes leftover after parsing attributes in process `syz.0.512'. [ 264.875283][ T4231] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 264.901473][ T4231] usb 2-1: config 0 has no interface number 0 [ 265.095306][ T4231] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 265.114716][ T4231] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.219458][ T6165] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 265.268105][ T4231] usb 2-1: Product: syz [ 265.326687][ T4231] usb 2-1: Manufacturer: syz [ 265.336241][ T4231] usb 2-1: SerialNumber: syz [ 265.356007][ T4231] usb 2-1: config 0 descriptor?? [ 265.397358][ T4231] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 265.422178][ T4231] usb 2-1: selecting invalid altsetting 1 [ 265.442481][ T4231] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 265.472260][ T4231] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 265.522804][ T4231] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 265.545268][ T4231] usb 2-1: media controller created [ 265.614215][ T4231] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 265.805223][ T4231] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 265.835343][ T4231] zl10353_read_register: readreg error (reg=127, ret==-71) [ 265.881330][ T4231] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 266.358492][ T4231] usb 2-1: USB disconnect, device number 17 [ 268.838371][ T6202] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 269.305115][ T4231] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 269.705305][ T4231] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 269.720939][ T4231] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 269.755064][ T4231] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 269.783113][ T4231] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 269.818768][ T4231] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 269.987854][ T4231] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 270.012169][ T4231] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 270.047418][ T4231] usb 1-1: Product: syz [ 270.059005][ T4231] usb 1-1: Manufacturer: syz [ 270.119368][ T4231] cdc_wdm 1-1:1.0: skipping garbage [ 270.130199][ T4231] cdc_wdm 1-1:1.0: skipping garbage [ 270.209897][ T4231] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 270.229337][ T4231] cdc_wdm 1-1:1.0: Unknown control protocol [ 270.678252][ T1112] usb 1-1: USB disconnect, device number 14 [ 270.685018][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [ 270.910338][ T6206] batman_adv: batadv0: Adding interface: dummy0 [ 270.925111][ T6206] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.979233][ T6206] batman_adv: batadv0: Interface activated: dummy0 [ 271.045467][ T6231] batadv0: mtu less than device minimum [ 271.109408][ T6231] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 271.122580][ T6231] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 271.135419][ T6231] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 271.148353][ T6231] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 271.161029][ T6231] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 271.173707][ T6231] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 271.186448][ T6231] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 271.199182][ T6231] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 271.211906][ T6231] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 271.290602][ T6240] netlink: 'syz.3.540': attribute type 1 has an invalid length. [ 271.362449][ T6240] device bond1 entered promiscuous mode [ 271.405396][ T6240] 8021q: adding VLAN 0 to HW filter on device bond1 [ 271.550781][ T6241] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 271.595477][ T6241] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 271.606168][ T6241] bond1: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 272.705182][ T4230] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 272.898255][ T6271] loop0: detected capacity change from 0 to 2048 [ 272.939318][ T6271] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 273.125438][ T4230] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 273.729318][ T6276] ALSA: mixer_oss: invalid OSS volume '' [ 273.735739][ T4230] usb 2-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 273.781365][ T4230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.838929][ T4230] usb 2-1: config 0 descriptor?? [ 273.947868][ T4230] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 274.395614][ T6289] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 276.375158][ T4231] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 276.775673][ T4231] usb 3-1: unable to get BOS descriptor or descriptor too short [ 276.866067][ T4231] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 185, changing to 7 [ 277.098102][ T4231] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 277.124656][ T4231] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.152555][ T4231] usb 3-1: Product: syz [ 277.168740][ T4231] usb 3-1: Manufacturer: syz [ 277.181332][ T4231] usb 3-1: SerialNumber: syz [ 277.207819][ T4300] usb 2-1: USB disconnect, device number 18 [ 277.754862][ T4228] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 278.345180][ T4231] snd-usb-audio: probe of 3-1:1.0 failed with error -71 [ 278.352309][ T4228] usb 1-1: Using ep0 maxpacket: 16 [ 278.838550][ T4231] usb 3-1: USB disconnect, device number 8 [ 278.955138][ T4228] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 278.965239][ T4228] usb 1-1: config 0 interface 0 altsetting 252 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.019997][ T4228] usb 1-1: config 0 interface 0 has no altsetting 0 [ 279.055200][ T4228] usb 1-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00 [ 279.064384][ T4228] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.157959][ T4228] usb 1-1: config 0 descriptor?? [ 279.370565][ T6351] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 279.406033][ T6351] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 279.636894][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x0 [ 279.658269][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x0 [ 279.682250][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x0 [ 279.706389][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x0 [ 279.725201][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x0 [ 279.746797][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x0 [ 279.767045][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x3 [ 279.785360][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x3 [ 279.805453][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x3 [ 279.824051][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x3 [ 279.845566][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x3 [ 279.863103][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x3 [ 279.880526][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x3 [ 279.897023][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x3 [ 279.914541][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x3 [ 279.963753][ T4228] pantherlord 0003:0810:0001.0003: unknown main item tag 0x3 [ 280.005128][ T4228] pantherlord 0003:0810:0001.0003: item fetching failed at offset 31/33 [ 280.053429][ T4228] pantherlord 0003:0810:0001.0003: parse failed [ 280.085013][ T4228] pantherlord: probe of 0003:0810:0001.0003 failed with error -22 [ 280.143013][ T4228] usb 1-1: USB disconnect, device number 15 [ 280.585886][ T6372] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 281.525278][ T4230] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 281.595040][ T4231] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 281.795327][ T4230] usb 5-1: Using ep0 maxpacket: 8 [ 281.865362][ T7] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 282.010967][ T4231] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 282.032617][ T4231] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 17598, setting to 1024 [ 282.215471][ T4230] usb 5-1: unable to get BOS descriptor or descriptor too short [ 282.325404][ T4230] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 282.357529][ T4230] usb 5-1: can't read configurations, error -71 [ 282.908063][ T4231] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 282.925330][ T4231] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 282.934510][ T4231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.945188][ T4231] usb 2-1: config 0 descriptor?? [ 282.975153][ T7] usb 3-1: Using ep0 maxpacket: 16 [ 282.976109][ T6365] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 283.115342][ T7] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 283.139740][ T7] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 283.160049][ T7] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 283.183622][ T7] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 283.203443][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.232594][ T7] usb 3-1: config 0 descriptor?? [ 283.315086][ T4230] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 283.447824][ T4231] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 283.469652][ T4231] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 283.565229][ T4230] usb 5-1: Using ep0 maxpacket: 16 [ 283.685629][ T4230] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 283.698971][ T4230] usb 5-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 283.710266][ T4230] usb 5-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25 [ 283.734287][ T4230] usb 5-1: config 0 interface 0 has no altsetting 0 [ 283.741291][ T4230] usb 5-1: New USB device found, idVendor=0c12, idProduct=0030, bcdDevice= 0.00 [ 283.765183][ T4230] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.849209][ T4230] usb 5-1: config 0 descriptor?? [ 283.871950][ T7] appleir 0003:05AC:8241.0005: unknown main item tag 0x0 [ 283.879826][ T7] appleir 0003:05AC:8241.0005: unknown main item tag 0x0 [ 283.888016][ T7] appleir 0003:05AC:8241.0005: item fetching failed at offset 4/5 [ 283.899228][ T7] appleir 0003:05AC:8241.0005: parse failed [ 283.905349][ T7] appleir: probe of 0003:05AC:8241.0005 failed with error -22 [ 284.493335][ T4228] usb 3-1: USB disconnect, device number 9 [ 284.748592][ T4230] zeroplus 0003:0C12:0030.0006: ignoring exceeding usage max [ 284.773553][ T4230] zeroplus 0003:0C12:0030.0006: unknown main item tag 0xd [ 284.809699][ T4230] zeroplus 0003:0C12:0030.0006: unknown main item tag 0x5 [ 284.841406][ T4230] zeroplus 0003:0C12:0030.0006: unknown main item tag 0xd [ 284.875189][ T4230] zeroplus 0003:0C12:0030.0006: unknown main item tag 0x5 [ 284.917215][ T4230] zeroplus 0003:0C12:0030.0006: global environment stack underflow [ 284.949532][ T4230] zeroplus 0003:0C12:0030.0006: item 0 2 1 11 parsing failed [ 285.827282][ T4230] zeroplus 0003:0C12:0030.0006: parse failed [ 285.833511][ T4230] zeroplus: probe of 0003:0C12:0030.0006 failed with error -22 [ 285.874720][ T4230] usb 5-1: USB disconnect, device number 11 [ 286.256877][ T21] usb 2-1: USB disconnect, device number 19 [ 286.312511][ T4230] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 286.555312][ T4230] usb 1-1: Using ep0 maxpacket: 32 [ 286.560937][ T6464] bond0: (slave syz_tun): Releasing backup interface [ 286.657563][ T5137] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 286.685814][ T4230] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 286.714198][ T4230] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 286.751638][ T4230] usb 1-1: config 0 interface 0 has no altsetting 0 [ 286.761603][ T4230] usb 1-1: New USB device found, idVendor=5543, idProduct=3031, bcdDevice= 0.00 [ 286.801735][ T4230] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.843758][ T4230] usb 1-1: config 0 descriptor?? [ 286.854248][ T6468] fuse: Bad value for 'user_id' [ 287.045359][ T5137] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 287.071221][ T5137] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 287.102623][ T5137] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 287.122488][ T5137] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.151484][ T5137] usb 4-1: config 0 descriptor?? [ 287.295091][ T4231] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 287.394001][ T6441] syz.1.602 (6441): drop_caches: 2 [ 287.505329][ T23] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 287.585251][ T4230] usb 1-1: string descriptor 0 read error: -71 [ 287.606236][ T4230] uclogic 0003:5543:3031.0007: failed retrieving string descriptor #200: -71 [ 287.647067][ T5137] hid-steam 0003:28DE:1142.0008: unknown main item tag 0x0 [ 287.659838][ T4230] uclogic 0003:5543:3031.0007: failed retrieving pen parameters: -71 [ 287.678241][ T5137] hid-steam 0003:28DE:1142.0008: unknown main item tag 0x0 [ 287.694492][ T4230] uclogic 0003:5543:3031.0007: failed probing pen v2 parameters: -71 [ 287.704898][ T5137] hid-steam 0003:28DE:1142.0008: unknown main item tag 0x0 [ 287.720304][ T4230] uclogic 0003:5543:3031.0007: failed probing parameters: -71 [ 287.729065][ T5137] hid-steam 0003:28DE:1142.0008: unknown main item tag 0x0 [ 287.742941][ T4230] uclogic: probe of 0003:5543:3031.0007 failed with error -71 [ 287.750541][ T4231] usb 5-1: config 2 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 287.750574][ T4231] usb 5-1: config 2 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 287.750599][ T4231] usb 5-1: config 2 interface 0 has no altsetting 0 [ 287.750630][ T4231] usb 5-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00 [ 287.750655][ T4231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.795867][ T23] usb 3-1: Using ep0 maxpacket: 8 [ 287.806953][ T5137] hid-steam 0003:28DE:1142.0008: unknown main item tag 0x0 [ 287.826644][ T5137] hid-steam 0003:28DE:1142.0008: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0 [ 287.914037][ T4230] usb 1-1: USB disconnect, device number 16 [ 287.955334][ T23] usb 3-1: unable to get BOS descriptor or descriptor too short [ 288.045680][ T23] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 288.069695][ T23] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 288.104411][ T23] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 288.128619][ T23] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 288.142150][ T23] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 288.161268][ T23] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 288.257500][ T4231] elo 0003:04E7:0009.0009: item fetching failed at offset 4/5 [ 288.282769][ T4231] elo 0003:04E7:0009.0009: parse failed [ 288.296203][ T4231] elo: probe of 0003:04E7:0009.0009 failed with error -22 [ 288.327643][ T23] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 288.377938][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.392582][ T23] usb 3-1: Product: syz [ 288.404276][ T23] usb 3-1: Manufacturer: syz [ 288.418107][ T23] usb 3-1: SerialNumber: syz [ 288.461007][ T4231] usb 5-1: USB disconnect, device number 12 [ 288.855500][ T23] cdc_ncm 3-1:1.0: bind() failure [ 288.869250][ T23] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 288.881179][ T23] cdc_ncm 3-1:1.1: bind() failure [ 288.915475][ T23] usb 3-1: USB disconnect, device number 10 [ 289.205638][ T21] usb 4-1: reset high-speed USB device number 12 using dummy_hcd [ 289.665320][ T21] usb 4-1: device descriptor read/64, error -32 [ 289.788728][ T6507] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 289.849618][ T6507] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 289.995061][ T4227] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 290.073186][ T26] kauditd_printk_skb: 93 callbacks suppressed [ 290.073204][ T26] audit: type=1804 audit(1775598779.182:107): pid=6519 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.630" name="bus" dev="ramfs" ino=40843 res=1 errno=0 [ 290.145104][ T7] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 290.340208][ T4227] usb 1-1: Using ep0 maxpacket: 16 [ 290.401676][ T26] audit: type=1804 audit(1775598779.332:108): pid=6519 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.630" name="bus" dev="ramfs" ino=40843 res=1 errno=0 [ 290.542407][ T4227] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 160, changing to 11 [ 290.715243][ T4230] usb 4-1: USB disconnect, device number 12 [ 290.721368][ T4227] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 290.737870][ T4227] usb 1-1: config 0 interface 0 has no altsetting 0 [ 290.744806][ T4227] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 290.754310][ T4227] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.803013][ T4227] usb 1-1: config 0 descriptor?? [ 290.925145][ T7] usb 5-1: Using ep0 maxpacket: 16 [ 291.079243][ T7] usb 5-1: config index 0 descriptor too short (expected 52, got 36) [ 291.098484][ T7] usb 5-1: config 0 has an invalid interface number: 251 but max is 0 [ 291.158550][ T7] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 291.215015][ T7] usb 5-1: config 0 has no interface number 0 [ 291.221423][ T7] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 291.247405][ T7] usb 5-1: config 0 interface 251 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 291.339656][ T6533] device syzkaller0 entered promiscuous mode [ 291.447895][ T4227] hid (null): invalid report_size 8049 [ 291.453531][ T4227] hid (null): unknown global tag 0xe [ 291.467401][ T4227] hid (null): unknown global tag 0xd [ 291.472773][ T4227] hid (null): invalid report_count 46221 [ 291.478570][ T4227] hid (null): unknown global tag 0xc [ 291.485434][ T4227] hid (null): report_id 196608 is invalid [ 291.626702][ T7] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 291.636511][ T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.644631][ T7] usb 5-1: Product: syz [ 291.649132][ T7] usb 5-1: Manufacturer: syz [ 291.654707][ T7] usb 5-1: SerialNumber: syz [ 291.662467][ T6543] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 291.937403][ T4227] usb 1-1: USB disconnect, device number 17 [ 292.305564][ T7] usb 5-1: config 0 descriptor?? [ 292.335409][ T6517] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 292.376164][ T7] asix: probe of 5-1:0.251 failed with error -22 [ 292.594828][ T21] usb 5-1: USB disconnect, device number 13 [ 292.645445][ T4227] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 293.598482][ T4227] usb 3-1: device descriptor read/64, error -71 [ 293.648551][ T6560] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 293.875226][ T4227] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 294.075281][ T4227] usb 3-1: device descriptor read/64, error -71 [ 294.185122][ T4300] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 294.205214][ T4227] usb usb3-port1: attempt power cycle [ 294.607963][ T4300] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 294.615260][ T4227] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 294.636155][ T4300] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 294.672332][ T4300] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 294.705485][ T4300] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 294.719203][ T4300] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.725372][ T4227] usb 3-1: device descriptor read/8, error -71 [ 294.756179][ T4300] usb 1-1: config 0 descriptor?? [ 294.765311][ T7] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 295.065067][ T7] usb 4-1: Using ep0 maxpacket: 32 [ 295.110363][ T4227] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 295.460845][ T4300] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 295.480273][ T4300] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 295.583227][ T7] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 295.632491][ T7] usb 4-1: config 0 has no interface number 0 [ 295.663733][ T7] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 295.795825][ T4227] usb 3-1: device not accepting address 14, error -71 [ 295.803303][ T4227] usb usb3-port1: unable to enumerate USB device [ 296.337822][ T4231] usb 1-1: USB disconnect, device number 18 [ 296.435492][ T7] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 296.490050][ T6586] device syzkaller0 entered promiscuous mode [ 296.499758][ T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.553820][ T7] usb 4-1: Product: syz [ 296.564124][ T7] usb 4-1: Manufacturer: syz [ 296.585069][ T7] usb 4-1: SerialNumber: syz [ 296.627220][ T7] usb 4-1: config 0 descriptor?? [ 296.656958][ T6568] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 296.892211][ T6568] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 297.115161][ T23] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 298.105285][ T7] asix 4-1:0.188 (unnamed net_device) (uninitialized): invalid PHY address: 72 [ 298.316766][ T23] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 298.327737][ T23] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 298.340738][ T23] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 298.363393][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.373719][ T23] usb 2-1: config 0 descriptor?? [ 298.720422][ T21] usb 4-1: USB disconnect, device number 13 [ 299.030027][ T23] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 299.271359][ T23] usb 2-1: USB disconnect, device number 20 [ 299.733970][ T6632] device syzkaller0 entered promiscuous mode [ 299.755218][ T7] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 299.955174][ T7] usb 5-1: device descriptor read/64, error -71 [ 300.247209][ T7] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 300.371541][ T6650] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 300.483778][ T7] usb 5-1: device descriptor read/64, error -71 [ 300.503963][ T6650] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 301.365414][ T7] usb usb5-port1: attempt power cycle [ 301.656402][ T4300] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 302.139178][ T7] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 302.461210][ T7] usb 5-1: config 0 has no interfaces? [ 302.486080][ T6671] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 302.494204][ T6671] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 302.515263][ T4300] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 302.535187][ T4300] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 302.545372][ T4300] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 302.555309][ T4300] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.596110][ T4300] usb 4-1: config 0 descriptor?? [ 302.645180][ T7] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 302.659038][ T7] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 302.677508][ T6678] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 302.686686][ T7] usb 5-1: Product: syz [ 302.691343][ T7] usb 5-1: Manufacturer: syz [ 302.696443][ T7] usb 5-1: SerialNumber: syz [ 302.706171][ T7] usb 5-1: config 0 descriptor?? [ 302.975701][ T6666] udc-core: couldn't find an available UDC or it's busy [ 302.986348][ T6666] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 303.109326][ T4227] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 303.128735][ T4300] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0 [ 303.150413][ T7] usb 5-1: USB disconnect, device number 16 [ 303.196482][ T4300] cp2112 0003:10C4:EA90.000C: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 303.335404][ T4300] cp2112 0003:10C4:EA90.000C: Part Number: 0x82 Device Version: 0xFE [ 303.410004][ T6685] device syzkaller0 entered promiscuous mode [ 303.531379][ T4227] usb 2-1: unable to get BOS descriptor or descriptor too short [ 303.553707][ T4300] cp2112 0003:10C4:EA90.000C: error requesting SMBus config [ 303.577263][ T4300] cp2112: probe of 0003:10C4:EA90.000C failed with error -71 [ 303.595520][ T4227] usb 2-1: not running at top speed; connect to a high speed hub [ 303.622525][ T4300] usb 4-1: USB disconnect, device number 14 [ 303.845532][ T4227] usb 2-1: New USB device found, idVendor=0582, idProduct=003b, bcdDevice= 0.40 [ 303.865172][ T4227] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.873230][ T4227] usb 2-1: Product: syz [ 303.946423][ T6688] fido_id[6688]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 304.800177][ T4227] usb 2-1: Manufacturer: syz [ 304.806740][ T4227] usb 2-1: SerialNumber: syz [ 305.165532][ T4227] usb 2-1: MIDIStreaming interface descriptor not found [ 305.175130][ T7] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 305.234723][ T4227] usb 2-1: USB disconnect, device number 21 [ 305.365279][ T7] usb 1-1: device descriptor read/64, error -71 [ 305.560940][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 305.666746][ T7] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 305.862588][ T6718] device syzkaller0 entered promiscuous mode [ 305.875036][ T7] usb 1-1: device descriptor read/64, error -71 [ 306.006465][ T7] usb usb1-port1: attempt power cycle [ 306.460997][ T7] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 306.900387][ T7] usb 1-1: device descriptor read/8, error -71 [ 307.234230][ T7] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 307.455306][ T7] usb 1-1: device descriptor read/8, error -71 [ 307.495718][ T6734] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 307.514473][ T6733] loop1: detected capacity change from 0 to 2048 [ 307.605223][ T7] usb usb1-port1: unable to enumerate USB device [ 307.629646][ T6733] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 308.343966][ T6742] netlink: 4 bytes leftover after parsing attributes in process `syz.4.693'. [ 308.518214][ T6747] MPTCP: addr_signal error, rm_addr=1 [ 308.577883][ T6752] binder: BINDER_SET_CONTEXT_MGR already set [ 308.595088][ T6752] binder: 6750:6752 ioctl 4018620d 200000000040 returned -16 [ 308.621195][ T6752] binder: 6750:6752 ioctl c0306201 200000000240 returned -11 [ 310.115654][ T23] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 310.495336][ T23] usb 5-1: device descriptor read/64, error -71 [ 310.775392][ T23] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 311.015144][ T23] usb 5-1: device descriptor read/64, error -71 [ 311.100035][ T6789] binder_alloc: 6788: binder_alloc_buf, no vma [ 311.107197][ T6789] binder: 6788:6789 ioctl c0306201 200000000240 returned -11 [ 311.135244][ T23] usb usb5-port1: attempt power cycle [ 311.163615][ T6791] netlink: 88 bytes leftover after parsing attributes in process `syz.3.712'. [ 311.545154][ T23] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 311.635627][ T23] usb 5-1: device descriptor read/8, error -71 [ 311.905152][ T23] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 312.002056][ T6803] loop3: detected capacity change from 0 to 2048 [ 312.019280][ T23] usb 5-1: device descriptor read/8, error -71 [ 312.110560][ T6803] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 312.145523][ T23] usb usb5-port1: unable to enumerate USB device [ 312.436764][ T23] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 314.105119][ T6819] binder_alloc: 6818: binder_alloc_buf, no vma [ 314.118722][ T6819] binder: 6818:6819 ioctl c0306201 200000000240 returned -11 [ 314.127115][ T6820] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 314.305252][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 314.326651][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 314.357742][ T23] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 314.383824][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.416621][ T23] usb 2-1: config 0 descriptor?? [ 314.695048][ T4227] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 314.975399][ T4227] usb 4-1: Using ep0 maxpacket: 16 [ 315.145229][ T23] hid-led: probe of 0003:1D34:000A.000D failed with error -71 [ 315.155141][ T4227] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 315.226316][ T23] usb 2-1: USB disconnect, device number 22 [ 315.235284][ T4227] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 315.262530][ T4227] usb 4-1: config 0 interface 0 has no altsetting 0 [ 315.290320][ T4227] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 315.301477][ T6837] device team_slave_0 entered promiscuous mode [ 315.308159][ T6837] device team_slave_1 entered promiscuous mode [ 315.317520][ T4227] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.343015][ T6837] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 315.344420][ T4227] usb 4-1: config 0 descriptor?? [ 315.361337][ T6837] team0: Device macvtap1 is already an upper device of the team interface [ 315.403375][ T6837] device team_slave_0 left promiscuous mode [ 315.409423][ T6837] device team_slave_1 left promiscuous mode [ 315.938404][ T6851] loop4: detected capacity change from 0 to 2048 [ 316.030647][ T6851] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 316.055060][ T4227] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 316.139758][ T5137] usb 4-1: USB disconnect, device number 15 [ 316.685304][ T4227] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 316.699243][ T4227] usb 2-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 316.708652][ T4227] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.718550][ T4227] usb 2-1: config 0 descriptor?? [ 316.965966][ T4228] usb 2-1: USB disconnect, device number 23 [ 317.150949][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.157387][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.191874][ T6873] device syzkaller0 entered promiscuous mode [ 317.218475][ T6873] net_ratelimit: 10 callbacks suppressed [ 317.218495][ T6873] 0: reclassify loop, rule prio 0, protocol 800 [ 317.385973][ T6876] netlink: 8 bytes leftover after parsing attributes in process `syz.3.743'. [ 317.425617][ T6876] netlink: 'syz.3.743': attribute type 14 has an invalid length. [ 317.454454][ T6876] netlink: 32 bytes leftover after parsing attributes in process `syz.3.743'. [ 317.491045][ T6876] netlink: 224 bytes leftover after parsing attributes in process `syz.3.743'. [ 317.737617][ T6885] tipc: Started in network mode [ 317.756752][ T6885] tipc: Node identity b2a14ba87705, cluster identity 4711 [ 317.772202][ T6885] tipc: Enabled bearer , priority 0 [ 317.798201][ T6887] loop0: detected capacity change from 0 to 2048 [ 317.841042][ T6890] device syzkaller0 entered promiscuous mode [ 317.930828][ T6887] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 318.385868][ T6885] tipc: Resetting bearer [ 318.429859][ T6884] tipc: Resetting bearer [ 318.500014][ T6884] tipc: Disabling bearer [ 319.675043][ T4228] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 320.055332][ T4228] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 320.081373][ T4228] usb 1-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 320.144393][ T4228] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.191619][ T4228] usb 1-1: config 0 descriptor?? [ 320.468815][ T4228] usb 1-1: USB disconnect, device number 23 [ 321.381697][ T6941] netlink: 64 bytes leftover after parsing attributes in process `syz.0.764'. [ 321.635744][ T6951] netlink: 8 bytes leftover after parsing attributes in process `syz.2.766'. [ 322.995393][ T6967] device vlan2 entered promiscuous mode [ 323.412730][ T6975] device vlan0 entered promiscuous mode [ 323.520255][ T6979] bridge0: port 3(batadv1) entered blocking state [ 323.549845][ T6979] bridge0: port 3(batadv1) entered disabled state [ 323.584005][ T6979] device batadv1 entered promiscuous mode [ 323.622847][ T6980] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 323.661254][ T6979] netlink: 4 bytes leftover after parsing attributes in process `syz.3.776'. [ 324.098626][ T4594] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 324.108455][ T4594] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 324.333336][ T6998] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 326.038674][ T7015] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 326.066294][ T7015] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 326.088156][ T7015] device bridge_slave_0 left promiscuous mode [ 326.104451][ T7015] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.148345][ T7015] device bridge_slave_1 left promiscuous mode [ 326.164977][ T7015] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.195480][ T7015] bond0: (slave bond_slave_0): Releasing backup interface [ 326.227306][ T7015] bond0: (slave bond_slave_1): Releasing backup interface [ 326.328604][ T7015] team0: Port device team_slave_0 removed [ 326.355290][ T1112] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 326.386082][ T7015] team0: Port device team_slave_1 removed [ 326.392923][ T7015] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 326.410993][ T7015] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 326.433194][ T7015] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 326.461081][ T7015] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 326.715703][ T1112] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 326.745326][ T1112] usb 3-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 326.771227][ T1112] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.799781][ T1112] usb 3-1: config 0 descriptor?? [ 326.876279][ T1112] usb 3-1: bad CDC descriptors [ 326.976981][ T7028] device hsr0 entered promiscuous mode [ 326.983495][ T7032] netlink: 12 bytes leftover after parsing attributes in process `syz.4.794'. [ 327.549845][ T4233] usb 3-1: USB disconnect, device number 15 [ 328.900405][ T7054] lo speed is unknown, defaulting to 1000 [ 328.918404][ T7054] lo speed is unknown, defaulting to 1000 [ 329.075244][ T7054] lo speed is unknown, defaulting to 1000 [ 329.110665][ T7054] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 329.164496][ T7054] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 329.306479][ T7065] device syzkaller0 entered promiscuous mode [ 329.563132][ T7067] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 329.613074][ T7054] lo speed is unknown, defaulting to 1000 [ 330.132926][ T7054] lo speed is unknown, defaulting to 1000 [ 330.222496][ T7054] lo speed is unknown, defaulting to 1000 [ 330.288595][ T7054] lo speed is unknown, defaulting to 1000 [ 330.295412][ T7054] lo speed is unknown, defaulting to 1000 [ 330.302831][ T7054] lo speed is unknown, defaulting to 1000 [ 330.316668][ T7054] lo speed is unknown, defaulting to 1000 [ 330.685114][ T4300] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 331.114339][ T7089] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 331.136368][ T4300] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 331.156946][ T4300] usb 3-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 331.185098][ T4300] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.254156][ T4300] usb 3-1: config 0 descriptor?? [ 331.304254][ T4300] usb 3-1: bad CDC descriptors [ 331.508928][ T4300] usb 3-1: USB disconnect, device number 16 [ 332.551394][ T7115] 8021q: adding VLAN 0 to HW filter on device bond1 [ 333.417334][ T7115] bond1: (slave ip6gretap1): making interface the new active one [ 333.484250][ T7115] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 333.628087][ T4392] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 334.489908][ T7133] device sit0 entered promiscuous mode [ 334.513017][ T7133] netlink: 'syz.2.824': attribute type 1 has an invalid length. [ 334.535530][ T7133] netlink: 1 bytes leftover after parsing attributes in process `syz.2.824'. [ 334.592400][ T7142] device veth0 entered promiscuous mode [ 334.625135][ T7142] device vlan2 entered promiscuous mode [ 334.870762][ T7149] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 334.983853][ T7148] device syzkaller0 entered promiscuous mode [ 335.495523][ T7178] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 335.720867][ T7183] device syzkaller0 entered promiscuous mode [ 336.567725][ T7208] netlink: 64 bytes leftover after parsing attributes in process `syz.1.850'. [ 336.738055][ T7210] device syzkaller0 entered promiscuous mode [ 336.773152][ T7210] TC_ACT_REPEAT abuse ? [ 336.895273][ T1112] Bluetooth: hci5: command 0x1003 tx timeout [ 336.901418][ T4199] Bluetooth: hci5: sending frame failed (-49) [ 337.261540][ T7230] tipc: Started in network mode [ 337.272711][ T7230] tipc: Node identity 16ae1843aad, cluster identity 4711 [ 337.294626][ T7230] tipc: Enabled bearer , priority 0 [ 337.316798][ T7235] device syzkaller0 entered promiscuous mode [ 337.436653][ T7230] netlink: 'syz.4.860': attribute type 1 has an invalid length. [ 337.455155][ T7230] netlink: 'syz.4.860': attribute type 2 has an invalid length. [ 337.462865][ T7230] netlink: 'syz.4.860': attribute type 2 has an invalid length. [ 337.495390][ T7230] netlink: 'syz.4.860': attribute type 2 has an invalid length. [ 337.497754][ T7235] netlink: 4 bytes leftover after parsing attributes in process `syz.4.860'. [ 337.514403][ T7230] netlink: 'syz.4.860': attribute type 1 has an invalid length. [ 337.548697][ T7230] netlink: 'syz.4.860': attribute type 2 has an invalid length. [ 337.613345][ T7235] netlink: 'syz.4.860': attribute type 1 has an invalid length. [ 337.662654][ T7235] netlink: 4 bytes leftover after parsing attributes in process `syz.4.860'. [ 337.724586][ T7227] tipc: Resetting bearer [ 337.737313][ T7238] netlink: 64 bytes leftover after parsing attributes in process `syz.0.862'. [ 337.781077][ T7227] tipc: Disabling bearer [ 337.950620][ T7241] lo speed is unknown, defaulting to 1000 [ 338.686141][ T7252] netlink: 4 bytes leftover after parsing attributes in process `syz.2.866'. [ 338.975205][ T5137] Bluetooth: hci5: command 0x1001 tx timeout [ 338.992440][ T4199] Bluetooth: hci5: sending frame failed (-49) [ 340.297697][ T7288] netlink: 64 bytes leftover after parsing attributes in process `syz.0.874'. [ 340.641940][ T7297] loop4: detected capacity change from 0 to 8 [ 340.726276][ T7297] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 340.781652][ T4175] udevd[4175]: incorrect cramfs checksum on /dev/loop4 [ 340.972046][ T4175] udevd[4175]: incorrect cramfs checksum on /dev/loop4 [ 341.055422][ T1112] Bluetooth: hci5: command 0x1009 tx timeout [ 341.073011][ T7302] loop0: detected capacity change from 0 to 2048 [ 341.260508][ T7302] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 341.752311][ T7318] lo speed is unknown, defaulting to 1000 [ 341.857028][ T7323] netlink: 64 bytes leftover after parsing attributes in process `syz.1.888'. [ 342.339434][ T7333] loop2: detected capacity change from 0 to 8 [ 342.357677][ T7336] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 342.385935][ T7333] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 342.434093][ T4175] udevd[4175]: incorrect cramfs checksum on /dev/loop2 [ 342.595112][ T4300] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 343.005263][ T4300] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 343.115571][ T4300] usb 2-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 343.124771][ T4300] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.166252][ T4300] usb 2-1: config 0 descriptor?? [ 343.206371][ T4300] usb 2-1: bad CDC descriptors [ 343.412282][ T4300] usb 2-1: USB disconnect, device number 24 [ 343.663843][ T7352] netlink: 64 bytes leftover after parsing attributes in process `syz.4.900'. [ 344.022867][ T7363] device syzkaller0 entered promiscuous mode [ 344.066328][ T7365] netlink: 'syz.0.902': attribute type 11 has an invalid length. [ 344.292293][ T7374] loop2: detected capacity change from 0 to 2048 [ 344.342488][ T7374] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 344.485237][ T4228] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 344.589201][ T7382] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 344.902334][ T4228] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 344.946104][ T4228] usb 5-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 344.976840][ T4228] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.053219][ T4228] usb 5-1: config 0 descriptor?? [ 345.114843][ T7396] netlink: 64 bytes leftover after parsing attributes in process `syz.0.911'. [ 345.158866][ T4228] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 345.887237][ T7391] infiniband !yz!: set active [ 345.901106][ T7391] infiniband !yz!: added team_slave_0 [ 345.987595][ T7391] RDS/IB: !yz!: added [ 345.998583][ T7391] smc: adding ib device !yz! with port count 1 [ 346.005997][ T7391] smc: ib device !yz! port 1 has pnetid [ 346.192503][ T7412] loop3: detected capacity change from 0 to 2048 [ 346.261298][ T7412] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 346.859589][ T7402] syz.2.913 (7402): drop_caches: 2 [ 347.088286][ T7426] netlink: 'syz.3.920': attribute type 10 has an invalid length. [ 347.143066][ T7426] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.150879][ T7426] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.889418][ T7426] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.896557][ T7426] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.905137][ T7426] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.912205][ T7426] bridge0: port 1(bridge_slave_0) entered forwarding state [ 347.923824][ T7426] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 348.077678][ T4228] usb 5-1: USB disconnect, device number 21 [ 348.091307][ T7440] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 348.106754][ T7438] device syzkaller0 entered promiscuous mode [ 348.725221][ T7443] netlink: 64 bytes leftover after parsing attributes in process `syz.4.927'. [ 349.511463][ T7478] tipc: Started in network mode [ 349.597608][ T7478] tipc: Node identity bbbbbb01, cluster identity 4711 [ 349.742918][ T7478] tipc: Enabled bearer , priority 10 [ 350.175369][ T23] Bluetooth: hci5: command 0x1003 tx timeout [ 350.181626][ T4199] Bluetooth: hci5: sending frame failed (-49) [ 350.881213][ T4300] tipc: Node number set to 3149642497 [ 350.919300][ T7490] netlink: 64 bytes leftover after parsing attributes in process `syz.4.940'. [ 351.110061][ T7496] netlink: 'syz.0.942': attribute type 2 has an invalid length. [ 351.125933][ T7496] netlink: 16 bytes leftover after parsing attributes in process `syz.0.942'. [ 351.250520][ T7465] syz.3.933 (7465): drop_caches: 2 [ 351.378904][ T7502] loop0: detected capacity change from 0 to 2048 [ 351.403045][ T7500] loop1: detected capacity change from 0 to 8 [ 351.445645][ T7500] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 351.471632][ T7502] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 352.265296][ T4227] Bluetooth: hci5: command 0x1001 tx timeout [ 352.271429][ T4199] Bluetooth: hci5: sending frame failed (-49) [ 352.284017][ T4177] udevd[4177]: incorrect cramfs checksum on /dev/loop1 [ 353.615937][ T7527] xt_socket: unknown flags 0x8 [ 354.233648][ T7527] netlink: 'syz.4.952': attribute type 33 has an invalid length. [ 354.256855][ T7527] netlink: 152 bytes leftover after parsing attributes in process `syz.4.952'. [ 354.335139][ T23] Bluetooth: hci5: command 0x1009 tx timeout [ 354.440330][ T4300] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 354.484372][ T7543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.958'. [ 354.541048][ T7543] netlink: 12 bytes leftover after parsing attributes in process `syz.4.958'. [ 354.589252][ T7543] netlink: 60 bytes leftover after parsing attributes in process `syz.4.958'. [ 354.799122][ T7538] syz.3.956 (7538): drop_caches: 2 [ 354.843127][ T7553] loop0: detected capacity change from 0 to 2048 [ 354.857328][ T4300] usb 2-1: config 0 has no interfaces? [ 354.889974][ T7553] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 355.025238][ T7] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 355.046175][ T4300] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 355.090041][ T4300] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 355.174980][ T4300] usb 2-1: Product: syz [ 355.220909][ T4300] usb 2-1: Manufacturer: syz [ 355.263476][ T4300] usb 2-1: SerialNumber: syz [ 355.339128][ T4300] usb 2-1: config 0 descriptor?? [ 355.485408][ T7] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 355.547201][ T7] usb 5-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 355.640339][ T7535] udc-core: couldn't find an available UDC or it's busy [ 355.665155][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.689269][ T7535] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 355.734596][ T7] usb 5-1: config 0 descriptor?? [ 355.966360][ T7] usb 5-1: bad CDC descriptors [ 356.146549][ T7569] netlink: 'syz.3.965': attribute type 1 has an invalid length. [ 356.231030][ T7] usb 5-1: USB disconnect, device number 22 [ 356.712070][ T7569] device bond2 entered promiscuous mode [ 356.772735][ T7569] 8021q: adding VLAN 0 to HW filter on device bond2 [ 357.139960][ T7573] bond2: (slave bridge1): making interface the new active one [ 357.155897][ T7] usb 2-1: USB disconnect, device number 25 [ 357.196799][ T7573] device bridge1 entered promiscuous mode [ 357.267186][ T7581] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 357.968717][ T7573] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 357.995537][ T4252] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 358.634225][ T7592] device syzkaller0 entered promiscuous mode [ 358.913599][ T7596] loop2: detected capacity change from 0 to 2048 [ 358.998912][ T7596] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 360.242960][ T7608] netlink: 4 bytes leftover after parsing attributes in process `syz.3.977'. [ 360.475114][ T4228] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 360.519551][ T7623] tipc: Resetting bearer [ 360.548249][ T7623] tipc: Resetting bearer [ 360.578653][ T7623] bond0: (slave rose0): Enslaving as an active interface with an up link [ 360.762849][ T7628] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 361.592347][ T4228] usb 2-1: config 0 has no interfaces? [ 361.872359][ T4228] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 362.205551][ T4228] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 362.213779][ T4228] usb 2-1: Product: syz [ 362.265294][ T4228] usb 2-1: Manufacturer: syz [ 362.285955][ T4228] usb 2-1: SerialNumber: syz [ 362.312157][ T4228] usb 2-1: config 0 descriptor?? [ 362.350116][ T7644] netlink: 'syz.3.987': attribute type 1 has an invalid length. [ 362.437424][ T7644] device bond3 entered promiscuous mode [ 362.443467][ T7644] 8021q: adding VLAN 0 to HW filter on device bond3 [ 362.468607][ T7650] bond3: (slave erspan1): making interface the new active one [ 362.476739][ T7650] device erspan1 entered promiscuous mode [ 362.486065][ T7650] bond3: (slave erspan1): Enslaving as an active interface with an up link [ 362.495048][ T1112] Bluetooth: hci2: command 0x0401 tx timeout [ 362.545684][ T7652] netlink: 'syz.2.988': attribute type 39 has an invalid length. [ 362.585827][ T7613] udc-core: couldn't find an available UDC or it's busy [ 362.626133][ T7613] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 362.695374][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 363.576422][ T7666] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 363.820698][ T7673] lo speed is unknown, defaulting to 1000 [ 363.980831][ T4233] usb 2-1: USB disconnect, device number 26 [ 366.489039][ T7725] tipc: Enabled bearer , priority 0 [ 366.660878][ T7725] device syzkaller0 entered promiscuous mode [ 366.764344][ T7723] tipc: Resetting bearer [ 366.861523][ T7723] tipc: Disabling bearer [ 368.045272][ T5137] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 368.403208][ T7768] syz.3.1017 (7768): drop_caches: 2 [ 368.478184][ T7772] sctp: [Deprecated]: syz.0.1018 (pid 7772) Use of int in max_burst socket option. [ 368.478184][ T7772] Use struct sctp_assoc_value instead [ 368.639028][ T7772] netlink: 'syz.0.1018': attribute type 2 has an invalid length. [ 368.746826][ T7778] device syzkaller0 entered promiscuous mode [ 368.775570][ T5137] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 368.792851][ T5137] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 368.823463][ T5137] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 368.838480][ T5137] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.872127][ T5137] usb 2-1: config 0 descriptor?? [ 369.024290][ T7788] team0: No ports can be present during mode change [ 369.451249][ T5137] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0 [ 369.704605][ T5137] cp2112 0003:10C4:EA90.000F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 370.117577][ T5137] cp2112 0003:10C4:EA90.000F: Part Number: 0x82 Device Version: 0xFE [ 370.186271][ T5137] cp2112 0003:10C4:EA90.000F: error requesting SMBus config [ 370.281633][ T5137] cp2112: probe of 0003:10C4:EA90.000F failed with error -32 [ 370.771582][ T5137] usb 2-1: USB disconnect, device number 27 [ 370.944554][ T7806] fido_id[7806]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 371.780039][ T7813] syz.0.1030 (7813): drop_caches: 2 [ 372.046354][ T7818] netlink: 'syz.1.1031': attribute type 10 has an invalid length. [ 372.076437][ T7818] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 372.178085][ T7826] device syzkaller0 entered promiscuous mode [ 372.398401][ T7831] netlink: 'syz.3.1035': attribute type 1 has an invalid length. [ 372.451807][ T7831] 8021q: adding VLAN 0 to HW filter on device bond4 [ 372.464848][ T7833] bond4: (slave dummy0): making interface the new active one [ 372.562399][ T7833] bond4: (slave dummy0): Enslaving as an active interface with an up link [ 372.582990][ T397] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready [ 372.950818][ T7836] [ 372.953209][ T7836] ====================================================== [ 372.960252][ T7836] WARNING: possible circular locking dependency detected [ 372.967395][ T7836] syzkaller #0 Not tainted [ 372.971819][ T7836] ------------------------------------------------------ [ 372.978842][ T7836] syz.3.1036/7836 is trying to acquire lock: [ 372.984923][ T7836] ffff8880792b9120 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_device_event+0x217/0x4f0 [ 372.995225][ T7836] [ 372.995225][ T7836] but task is already holding lock: [ 373.002690][ T7836] ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x534/0xe30 [ 373.011146][ T7836] [ 373.011146][ T7836] which lock already depends on the new lock. [ 373.011146][ T7836] [ 373.021556][ T7836] [ 373.021556][ T7836] the existing dependency chain (in reverse order) is: [ 373.030562][ T7836] [ 373.030562][ T7836] -> #1 (rtnl_mutex){+.+.}-{3:3}: [ 373.037778][ T7836] __mutex_lock_common+0x1e3/0x2400 [ 373.043674][ T7836] mutex_lock_nested+0x17/0x20 [ 373.048960][ T7836] ax25_setsockopt+0x859/0xa60 [ 373.054235][ T7836] __sys_setsockopt+0x2bf/0x3d0 [ 373.059597][ T7836] __x64_sys_setsockopt+0xb1/0xc0 [ 373.065240][ T7836] do_syscall_64+0x4c/0xa0 [ 373.070189][ T7836] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 373.076684][ T7836] [ 373.076684][ T7836] -> #0 (sk_lock-AF_AX25){+.+.}-{0:0}: [ 373.084516][ T7836] __lock_acquire+0x2c42/0x7d10 [ 373.089953][ T7836] lock_acquire+0x19e/0x400 [ 373.095131][ T7836] lock_sock_nested+0x44/0x100 [ 373.100444][ T7836] ax25_device_event+0x217/0x4f0 [ 373.105904][ T7836] raw_notifier_call_chain+0xcb/0x160 [ 373.111791][ T7836] __dev_notify_flags+0x158/0x300 [ 373.117434][ T7836] dev_change_flags+0xe3/0x1a0 [ 373.122734][ T7836] dev_ifsioc+0x130/0xd50 [ 373.127597][ T7836] dev_ioctl+0x545/0xe30 [ 373.132368][ T7836] sock_do_ioctl+0x245/0x320 [ 373.137473][ T7836] sock_ioctl+0x4d2/0x710 [ 373.142330][ T7836] __se_sys_ioctl+0xfa/0x170 [ 373.147445][ T7836] do_syscall_64+0x4c/0xa0 [ 373.152450][ T7836] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 373.158901][ T7836] [ 373.158901][ T7836] other info that might help us debug this: [ 373.158901][ T7836] [ 373.169135][ T7836] Possible unsafe locking scenario: [ 373.169135][ T7836] [ 373.176771][ T7836] CPU0 CPU1 [ 373.182153][ T7836] ---- ---- [ 373.187605][ T7836] lock(rtnl_mutex); [ 373.191591][ T7836] lock(sk_lock-AF_AX25); [ 373.198524][ T7836] lock(rtnl_mutex); [ 373.205029][ T7836] lock(sk_lock-AF_AX25); [ 373.209473][ T7836] [ 373.209473][ T7836] *** DEADLOCK *** [ 373.209473][ T7836] [ 373.217700][ T7836] 1 lock held by syz.3.1036/7836: [ 373.222721][ T7836] #0: ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x534/0xe30 [ 373.231438][ T7836] [ 373.231438][ T7836] stack backtrace: [ 373.237342][ T7836] CPU: 0 PID: 7836 Comm: syz.3.1036 Not tainted syzkaller #0 [ 373.244717][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 373.254789][ T7836] Call Trace: [ 373.258074][ T7836] [ 373.261021][ T7836] dump_stack_lvl+0x188/0x250 [ 373.265711][ T7836] ? load_image+0x400/0x400 [ 373.270221][ T7836] ? show_regs_print_info+0x20/0x20 [ 373.275429][ T7836] ? print_circular_bug+0x12b/0x1a0 [ 373.280725][ T7836] check_noncircular+0x296/0x330 [ 373.285696][ T7836] ? add_chain_block+0x940/0x940 [ 373.290636][ T7836] ? lockdep_lock+0xf1/0x1f0 [ 373.295344][ T7836] ? mark_lock+0x94/0x320 [ 373.299727][ T7836] __lock_acquire+0x2c42/0x7d10 [ 373.304592][ T7836] ? mark_lock+0x94/0x320 [ 373.308923][ T7836] ? verify_lock_unused+0x140/0x140 [ 373.314126][ T7836] ? verify_lock_unused+0x140/0x140 [ 373.319329][ T7836] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 373.325327][ T7836] ? lock_chain_count+0x20/0x20 [ 373.330181][ T7836] ? lockdep_hardirqs_on_prepare+0x770/0x770 [ 373.336252][ T7836] ? mark_lock+0x94/0x320 [ 373.340594][ T7836] lock_acquire+0x19e/0x400 [ 373.345104][ T7836] ? ax25_device_event+0x217/0x4f0 [ 373.350249][ T7836] ? lock_chain_count+0x20/0x20 [ 373.355104][ T7836] ? read_lock_is_recursive+0x10/0x10 [ 373.360480][ T7836] ? __local_bh_enable_ip+0x136/0x1c0 [ 373.365855][ T7836] ? lockdep_hardirqs_on+0x94/0x140 [ 373.371172][ T7836] ? __local_bh_enable_ip+0x136/0x1c0 [ 373.376544][ T7836] ? _local_bh_enable+0xa0/0xa0 [ 373.381484][ T7836] lock_sock_nested+0x44/0x100 [ 373.386254][ T7836] ? ax25_device_event+0x217/0x4f0 [ 373.391370][ T7836] ax25_device_event+0x217/0x4f0 [ 373.396404][ T7836] raw_notifier_call_chain+0xcb/0x160 [ 373.401793][ T7836] __dev_notify_flags+0x158/0x300 [ 373.406827][ T7836] ? __dev_change_flags+0x6a0/0x6a0 [ 373.412025][ T7836] ? __dev_change_flags+0x4d0/0x6a0 [ 373.417231][ T7836] ? dev_get_flags+0x1c0/0x1c0 [ 373.421999][ T7836] ? __mutex_lock_common+0x465/0x2400 [ 373.427376][ T7836] dev_change_flags+0xe3/0x1a0 [ 373.432151][ T7836] dev_ifsioc+0x130/0xd50 [ 373.436484][ T7836] ? dev_ioctl+0xe30/0xe30 [ 373.440899][ T7836] ? apparmor_capable+0x12c/0x190 [ 373.445922][ T7836] ? full_name_hash+0x8e/0xe0 [ 373.450603][ T7836] dev_ioctl+0x545/0xe30 [ 373.454842][ T7836] ? _copy_from_user+0x111/0x170 [ 373.459780][ T7836] sock_do_ioctl+0x245/0x320 [ 373.464375][ T7836] ? sock_show_fdinfo+0xb0/0xb0 [ 373.469230][ T7836] sock_ioctl+0x4d2/0x710 [ 373.473646][ T7836] ? sock_poll+0x410/0x410 [ 373.478061][ T7836] ? bpf_lsm_file_ioctl+0x5/0x10 [ 373.482999][ T7836] ? security_file_ioctl+0x7c/0xa0 [ 373.488117][ T7836] ? sock_poll+0x410/0x410 [ 373.492533][ T7836] __se_sys_ioctl+0xfa/0x170 [ 373.497157][ T7836] do_syscall_64+0x4c/0xa0 [ 373.501685][ T7836] ? clear_bhb_loop+0x30/0x80 [ 373.506458][ T7836] ? clear_bhb_loop+0x30/0x80 [ 373.511150][ T7836] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 373.517045][ T7836] RIP: 0033:0x7f44623a6819 [ 373.521465][ T7836] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 373.541173][ T7836] RSP: 002b:00007f44605df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 373.549592][ T7836] RAX: ffffffffffffffda RBX: 00007f4462620090 RCX: 00007f44623a6819 [ 373.557570][ T7836] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004 [ 373.565746][ T7836] RBP: 00007f446243cc91 R08: 0000000000000000 R09: 0000000000000000 [ 373.573900][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 373.581880][ T7836] R13: 00007f4462620128 R14: 00007f4462620090 R15: 00007ffc450ba128 [ 373.589868][ T7836] [ 373.626935][ T7836] ================================================================== [ 373.635061][ T7836] BUG: KASAN: use-after-free in ax25_dev_device_down+0x35e/0x520 [ 373.642908][ T7836] Write of size 4 at addr ffff888024ce16b8 by task syz.3.1036/7836 [ 373.650827][ T7836] [ 373.653173][ T7836] CPU: 0 PID: 7836 Comm: syz.3.1036 Not tainted syzkaller #0 [ 373.660906][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 373.670979][ T7836] Call Trace: [ 373.674279][ T7836] [ 373.677314][ T7836] dump_stack_lvl+0x188/0x250 [ 373.682020][ T7836] ? show_regs_print_info+0x20/0x20 [ 373.687240][ T7836] ? _printk+0xda/0x130 [ 373.691417][ T7836] ? ax25_dev_device_down+0x35e/0x520 [ 373.696820][ T7836] ? load_image+0x400/0x400 [ 373.701341][ T7836] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 373.706822][ T7836] print_address_description+0x60/0x2d0 [ 373.712392][ T7836] ? ax25_dev_device_down+0x35e/0x520 [ 373.717800][ T7836] kasan_report+0xdf/0x130 [ 373.722245][ T7836] ? ax25_dev_device_down+0x35e/0x520 [ 373.727647][ T7836] kasan_check_range+0x235/0x290 [ 373.732702][ T7836] ax25_dev_device_down+0x35e/0x520 [ 373.737932][ T7836] ax25_device_event+0x4b4/0x4f0 [ 373.742895][ T7836] raw_notifier_call_chain+0xcb/0x160 [ 373.748290][ T7836] __dev_notify_flags+0x158/0x300 [ 373.753336][ T7836] ? __dev_change_flags+0x6a0/0x6a0 [ 373.758554][ T7836] ? __dev_change_flags+0x4d0/0x6a0 [ 373.763786][ T7836] ? dev_get_flags+0x1c0/0x1c0 [ 373.768665][ T7836] ? __mutex_lock_common+0x465/0x2400 [ 373.774063][ T7836] dev_change_flags+0xe3/0x1a0 [ 373.778891][ T7836] dev_ifsioc+0x130/0xd50 [ 373.783238][ T7836] ? dev_ioctl+0xe30/0xe30 [ 373.787670][ T7836] ? apparmor_capable+0x12c/0x190 [ 373.792885][ T7836] ? full_name_hash+0x8e/0xe0 [ 373.797592][ T7836] dev_ioctl+0x545/0xe30 [ 373.801851][ T7836] ? _copy_from_user+0x111/0x170 [ 373.806813][ T7836] sock_do_ioctl+0x245/0x320 [ 373.811432][ T7836] ? sock_show_fdinfo+0xb0/0xb0 [ 373.816311][ T7836] sock_ioctl+0x4d2/0x710 [ 373.820692][ T7836] ? sock_poll+0x410/0x410 [ 373.825140][ T7836] ? bpf_lsm_file_ioctl+0x5/0x10 [ 373.830105][ T7836] ? security_file_ioctl+0x7c/0xa0 [ 373.835243][ T7836] ? sock_poll+0x410/0x410 [ 373.839675][ T7836] __se_sys_ioctl+0xfa/0x170 [ 373.844284][ T7836] do_syscall_64+0x4c/0xa0 [ 373.848723][ T7836] ? clear_bhb_loop+0x30/0x80 [ 373.853432][ T7836] ? clear_bhb_loop+0x30/0x80 [ 373.858137][ T7836] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 373.864056][ T7836] RIP: 0033:0x7f44623a6819 [ 373.868492][ T7836] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 373.888562][ T7836] RSP: 002b:00007f44605df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 373.897016][ T7836] RAX: ffffffffffffffda RBX: 00007f4462620090 RCX: 00007f44623a6819 [ 373.905018][ T7836] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004 [ 373.913013][ T7836] RBP: 00007f446243cc91 R08: 0000000000000000 R09: 0000000000000000 [ 373.920982][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 373.929071][ T7836] R13: 00007f4462620128 R14: 00007f4462620090 R15: 00007ffc450ba128 [ 373.937170][ T7836] [ 373.940193][ T7836] [ 373.942601][ T7836] Allocated by task 7836: [ 373.946920][ T7836] __kasan_kmalloc+0xb5/0xf0 [ 373.951863][ T7836] ax25_dev_device_up+0x50/0x580 [ 373.956807][ T7836] ax25_device_event+0x483/0x4f0 [ 373.961757][ T7836] raw_notifier_call_chain+0xcb/0x160 [ 373.967137][ T7836] __dev_notify_flags+0x194/0x300 [ 373.972162][ T7836] dev_change_flags+0xe3/0x1a0 [ 373.977359][ T7836] dev_ifsioc+0x130/0xd50 [ 373.981773][ T7836] dev_ioctl+0x545/0xe30 [ 373.986007][ T7836] sock_do_ioctl+0x245/0x320 [ 373.990589][ T7836] sock_ioctl+0x4d2/0x710 [ 373.994915][ T7836] __se_sys_ioctl+0xfa/0x170 [ 373.999601][ T7836] do_syscall_64+0x4c/0xa0 [ 374.004012][ T7836] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 374.009896][ T7836] [ 374.012296][ T7836] Freed by task 7836: [ 374.016274][ T7836] kasan_set_track+0x4b/0x70 [ 374.020854][ T7836] kasan_set_free_info+0x1f/0x40 [ 374.025796][ T7836] ____kasan_slab_free+0xd5/0x110 [ 374.030897][ T7836] slab_free_freelist_hook+0xea/0x170 [ 374.036416][ T7836] kfree+0xef/0x2a0 [ 374.040226][ T7836] ax25_dev_device_down+0x1c0/0x520 [ 374.045424][ T7836] ax25_device_event+0x4b4/0x4f0 [ 374.050382][ T7836] raw_notifier_call_chain+0xcb/0x160 [ 374.055759][ T7836] __dev_notify_flags+0x158/0x300 [ 374.060783][ T7836] dev_change_flags+0xe3/0x1a0 [ 374.065545][ T7836] dev_ifsioc+0x130/0xd50 [ 374.069874][ T7836] dev_ioctl+0x545/0xe30 [ 374.074110][ T7836] sock_do_ioctl+0x245/0x320 [ 374.078704][ T7836] sock_ioctl+0x4d2/0x710 [ 374.083034][ T7836] __se_sys_ioctl+0xfa/0x170 [ 374.087632][ T7836] do_syscall_64+0x4c/0xa0 [ 374.092038][ T7836] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 374.097923][ T7836] [ 374.100324][ T7836] Last potentially related work creation: [ 374.106029][ T7836] kasan_save_stack+0x35/0x60 [ 374.110719][ T7836] kasan_record_aux_stack+0xb8/0x100 [ 374.116006][ T7836] kvfree_call_rcu+0x105/0x7d0 [ 374.120774][ T7836] drop_sysctl_table+0x359/0x4e0 [ 374.125718][ T7836] unregister_sysctl_table+0x87/0x130 [ 374.131461][ T7836] ipv6_frags_exit_net+0x5c/0xb0 [ 374.136453][ T7836] cleanup_net+0x706/0xba0 [ 374.140867][ T7836] process_one_work+0x85f/0x1010 [ 374.145798][ T7836] worker_thread+0xaa6/0x1290 [ 374.150479][ T7836] kthread+0x436/0x520 [ 374.154534][ T7836] ret_from_fork+0x1f/0x30 [ 374.158941][ T7836] [ 374.161257][ T7836] Second to last potentially related work creation: [ 374.167826][ T7836] kasan_save_stack+0x35/0x60 [ 374.172497][ T7836] kasan_record_aux_stack+0xb8/0x100 [ 374.177775][ T7836] kvfree_call_rcu+0x105/0x7d0 [ 374.182526][ T7836] fib6_rules_net_exit+0x3c/0x50 [ 374.187463][ T7836] cleanup_net+0x706/0xba0 [ 374.191871][ T7836] process_one_work+0x85f/0x1010 [ 374.196847][ T7836] worker_thread+0xaa6/0x1290 [ 374.201556][ T7836] kthread+0x436/0x520 [ 374.205621][ T7836] ret_from_fork+0x1f/0x30 [ 374.210055][ T7836] [ 374.212516][ T7836] The buggy address belongs to the object at ffff888024ce1600 [ 374.212516][ T7836] which belongs to the cache kmalloc-192 of size 192 [ 374.226654][ T7836] The buggy address is located 184 bytes inside of [ 374.226654][ T7836] 192-byte region [ffff888024ce1600, ffff888024ce16c0) [ 374.240044][ T7836] The buggy address belongs to the page: [ 374.245690][ T7836] page:ffffea0000933840 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24ce1 [ 374.255843][ T7836] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 374.263479][ T7836] raw: 00fff00000000200 ffffea00008fd7c0 0000000700000007 ffff888016c41a00 [ 374.272175][ T7836] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 374.280751][ T7836] page dumped because: kasan: bad access detected [ 374.287154][ T7836] page_owner tracks the page as allocated [ 374.292856][ T7836] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY), pid 1109, ts 10349161019, free_ts 9949788110 [ 374.308733][ T7836] get_page_from_freelist+0x1bbd/0x1ca0 [ 374.314279][ T7836] __alloc_pages+0x1ee/0x480 [ 374.318862][ T7836] new_slab+0xc0/0x4b0 [ 374.322920][ T7836] ___slab_alloc+0x80a/0xdd0 [ 374.327513][ T7836] __kmalloc+0x1cd/0x330 [ 374.331741][ T7836] usb_alloc_urb+0x3f/0x140 [ 374.336233][ T7836] usb_control_msg+0x115/0x3e0 [ 374.341083][ T7836] hub_ext_port_status+0x103/0x6d0 [ 374.346182][ T7836] hub_activate+0x6e9/0x1a30 [ 374.350760][ T7836] process_one_work+0x85f/0x1010 [ 374.355773][ T7836] worker_thread+0xaa6/0x1290 [ 374.360441][ T7836] kthread+0x436/0x520 [ 374.364505][ T7836] ret_from_fork+0x1f/0x30 [ 374.368919][ T7836] page last free stack trace: [ 374.373577][ T7836] free_unref_page_prepare+0x637/0x6c0 [ 374.379052][ T7836] free_unref_page+0x8f/0x2a0 [ 374.383736][ T7836] __vunmap+0x8b9/0xa50 [ 374.387913][ T7836] free_work+0x56/0x80 [ 374.391996][ T7836] process_one_work+0x85f/0x1010 [ 374.396928][ T7836] worker_thread+0xaa6/0x1290 [ 374.401714][ T7836] kthread+0x436/0x520 [ 374.405776][ T7836] ret_from_fork+0x1f/0x30 [ 374.410193][ T7836] [ 374.412511][ T7836] Memory state around the buggy address: [ 374.418138][ T7836] ffff888024ce1580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 374.426196][ T7836] ffff888024ce1600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 374.434248][ T7836] >ffff888024ce1680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 374.442384][ T7836] ^ [ 374.448266][ T7836] ffff888024ce1700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 374.456317][ T7836] ffff888024ce1780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 374.464365][ T7836] ================================================================== [ 374.483942][ T7836] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 374.491365][ T7836] CPU: 0 PID: 7836 Comm: syz.3.1036 Tainted: G B syzkaller #0 [ 374.500122][ T7836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 374.510184][ T7836] Call Trace: [ 374.513497][ T7836] [ 374.516597][ T7836] dump_stack_lvl+0x188/0x250 [ 374.521271][ T7836] ? show_regs_print_info+0x20/0x20 [ 374.526470][ T7836] ? load_image+0x400/0x400 [ 374.530983][ T7836] panic+0x2e5/0x810 [ 374.534881][ T7836] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 374.541053][ T7836] ? bpf_jit_dump+0xd0/0xd0 [ 374.545566][ T7836] ? _raw_spin_unlock_irqrestore+0x10d/0x120 [ 374.551569][ T7836] ? _raw_spin_unlock+0x40/0x40 [ 374.556413][ T7836] ? ax25_dev_device_down+0x35e/0x520 [ 374.561803][ T7836] check_panic_on_warn+0x80/0xa0 [ 374.566756][ T7836] ? ax25_dev_device_down+0x35e/0x520 [ 374.572121][ T7836] end_report+0x6d/0xf0 [ 374.576279][ T7836] kasan_report+0x102/0x130 [ 374.580800][ T7836] ? ax25_dev_device_down+0x35e/0x520 [ 374.586181][ T7836] kasan_check_range+0x235/0x290 [ 374.591129][ T7836] ax25_dev_device_down+0x35e/0x520 [ 374.596433][ T7836] ax25_device_event+0x4b4/0x4f0 [ 374.601369][ T7836] raw_notifier_call_chain+0xcb/0x160 [ 374.606747][ T7836] __dev_notify_flags+0x158/0x300 [ 374.611873][ T7836] ? __dev_change_flags+0x6a0/0x6a0 [ 374.617074][ T7836] ? __dev_change_flags+0x4d0/0x6a0 [ 374.622290][ T7836] ? dev_get_flags+0x1c0/0x1c0 [ 374.627155][ T7836] ? __mutex_lock_common+0x465/0x2400 [ 374.632533][ T7836] dev_change_flags+0xe3/0x1a0 [ 374.637315][ T7836] dev_ifsioc+0x130/0xd50 [ 374.641672][ T7836] ? dev_ioctl+0xe30/0xe30 [ 374.646098][ T7836] ? apparmor_capable+0x12c/0x190 [ 374.651143][ T7836] ? full_name_hash+0x8e/0xe0 [ 374.655903][ T7836] dev_ioctl+0x545/0xe30 [ 374.660141][ T7836] ? _copy_from_user+0x111/0x170 [ 374.665091][ T7836] sock_do_ioctl+0x245/0x320 [ 374.669714][ T7836] ? sock_show_fdinfo+0xb0/0xb0 [ 374.674601][ T7836] sock_ioctl+0x4d2/0x710 [ 374.678933][ T7836] ? sock_poll+0x410/0x410 [ 374.683351][ T7836] ? bpf_lsm_file_ioctl+0x5/0x10 [ 374.688302][ T7836] ? security_file_ioctl+0x7c/0xa0 [ 374.693416][ T7836] ? sock_poll+0x410/0x410 [ 374.697840][ T7836] __se_sys_ioctl+0xfa/0x170 [ 374.702445][ T7836] do_syscall_64+0x4c/0xa0 [ 374.706864][ T7836] ? clear_bhb_loop+0x30/0x80 [ 374.711539][ T7836] ? clear_bhb_loop+0x30/0x80 [ 374.716592][ T7836] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 374.722485][ T7836] RIP: 0033:0x7f44623a6819 [ 374.726916][ T7836] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 374.746522][ T7836] RSP: 002b:00007f44605df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 374.754945][ T7836] RAX: ffffffffffffffda RBX: 00007f4462620090 RCX: 00007f44623a6819 [ 374.762963][ T7836] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004 [ 374.770941][ T7836] RBP: 00007f446243cc91 R08: 0000000000000000 R09: 0000000000000000 [ 374.778918][ T7836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 374.786888][ T7836] R13: 00007f4462620128 R14: 00007f4462620090 R15: 00007ffc450ba128 [ 374.794896][ T7836] [ 374.798218][ T7836] Kernel Offset: disabled [ 374.802542][ T7836] Rebooting in 86400 seconds..