last executing test programs: 18.670478329s ago: executing program 1 (id=3269): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0) ustat(0x40, 0x0) 15.12106827s ago: executing program 1 (id=3275): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x24, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x4c}}, 0x800) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x884}, 0x2004c000) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) r2 = syz_open_dev$hiddev(&(0x7f0000000300), 0xffffffffffffffff, 0x401) ioctl$HIDIOCGCOLLECTIONINFO(r2, 0xc0104811, &(0x7f0000000580)={0x4, 0x1, 0x1}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0xf4, 0x40, 0x107, 0x70bd2d, 0x25dfdbfb, {0x4, 0x7c}, [@typed={0x4}, @typed={0xda, 0x2b, 0x0, 0x0, @binary="2702817f2c4603d1939cfd361f6b7c5365720e2b996b6361cd643b5494227f2ce5cba495880958eb65d045f75ee5bbccf7dcfdb9c01fb546dc029f6e32ad3bfddb23c12b9d9bf98394be76f88b9df2fbe67772b2f77a89fac636b2c2f9e6e13d6d3a032531c76a9edb589ed2331caae2714a0517d652881ae94042a2b9309eb9ce80e3acac4cbc281477a631126f73e9e833a559641651dab2f449de17290e0330ca96cb2fa798d73e47e6555085aa6d8922fb314ae10fe715fe2c7fba2104762e169ea3a245ce67961b5953b99e7066b292bda59f28"}]}, 0xf4}}, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb09587", 0x4b}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 9.744170967s ago: executing program 1 (id=3282): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket(0x22, 0x2, 0x3) sendto$inet6(r2, &(0x7f0000847fff), 0x0, 0x8800, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x5, 0xf, 0x0, 0x2, 0x8, 0x8, 0xfffffffa, 0x3}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xcac2d78a}}, 0x0, 0x0, 0x43, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) ioctl$int_in(r4, 0x5421, &(0x7f0000000140)=0x1) writev(r4, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) close(r4) socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000400)={0x46, 0x4}, 0x10) 7.371927109s ago: executing program 1 (id=3291): syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x182800, 0x0) ioctl$RTC_AIE_ON(r2, 0x7001) ioctl$RTC_AIE_OFF(r2, 0x7002) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x89a0, &(0x7f0000000140)={'bridge_slave_1\x00'}) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="170000000000000004000000", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0, 0xa0}, 0x1, 0x0, 0x0, 0x800}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x207, 0x8401) syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) 6.346532086s ago: executing program 4 (id=3293): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 5.970766055s ago: executing program 4 (id=3296): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) bpf$ITER_CREATE(0xb, 0x0, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, 0x0}, 0x8) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000080)=r8, 0x4) 5.759360187s ago: executing program 4 (id=3297): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x2000000, 0x6a, 0x0, &(0x7f00000009c0)="000035b1d44d1de88000000000000082012200ffdae2b349d07a51c9e3ec6c7dfcf095c3106d028e04fb826d545d2ba75e653ccdc0fe123cf9593681e817bb88b7ad3ce6134a9378880071f1d1f8558237910ec8bc8963d672966b05a90c6e74e66876198dacb5f9ca3b", 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x8}, 0x3c) 5.5677372s ago: executing program 4 (id=3299): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x8000, 0x0) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000400)={'veth0_to_bridge\x00', 0x200}) 5.425329269s ago: executing program 4 (id=3301): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0xc8}}, &(0x7f0000000000)='GPL\x00'}, 0x94) 5.316155167s ago: executing program 4 (id=3303): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[], &(0x7f00000003c0)=""/237, 0x37, 0xed, 0x1}, 0x28) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x183081, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486dd6372ce22667f2c00dbf6e97158b33d4fec877f1b6d76745b686158bbcfe8875afdef00010000000029"], 0x20a) 4.902817625s ago: executing program 3 (id=3306): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000007c0)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f00000002c0)=r0}, 0x20) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvmsg$unix(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000800)=""/229, 0x8ec1}], 0x1}, 0x2002) 4.780688041s ago: executing program 2 (id=3307): bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x1f4, 0xd50, 0x0, &(0x7f0000000100)="ff412f72b0833efc8864968781", 0x0, 0x300, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50) 4.756021919s ago: executing program 3 (id=3308): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000bc7a007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) close(0x3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r1}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1802000001000000000000000000000085000000870000008500000050"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) 4.662901462s ago: executing program 0 (id=3309): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="1307", 0x2}], 0x1}, 0x4051) setsockopt$sock_attach_bpf(r0, 0x1, 0x10, &(0x7f0000001280), 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$inet(0xffffffffffffffff, &(0x7f0000002940)={0x0, 0x0, &(0x7f0000001300), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="1000"/14, 0x0, 0x1ff, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1}, 0x50) recvmsg(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=""/25, 0x19}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f00000002c0)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0, @exit, @alu={0x5, 0x1, 0x5, 0xa, 0xa}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xec, &(0x7f00000004c0)=""/236, 0x40f00}, 0x90) r3 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=0xffffffffffffffff, 0x4) bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r3}, 0x8) sendmsg(r0, &(0x7f0000000380)={&(0x7f0000000100)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e21, @private=0xa010100}, 0x2, 0x1, 0x2, 0x3}}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="64e6396285a95e89b0e4e131216e59c414dc07f3dd7526f8ecb424", 0x1b}], 0x1, &(0x7f0000000240)=[{0xd8, 0x111, 0x9, "80389f7ff24f9538fd26a4d28c14eecda727c918077717cb156976d7e2d9363653978fa0b672fdb7c103e6e9b0fc0508e1487f454426711baa9b76a2b32d1d1247fbda4b4c65e90b38b93be9a0108d232f67e86a32ba3049c560856ce0e579fd194ef420ee929683e98ea703b7e8e2dfc11a0c83171a5114980cb9f6a89ef35ac6ed7d09e0530ec6979198880af8f1da4b4c5be7a507cdb5e9208f7f6b7b86c5241e842c1371f64b11accd61ab5e7168f89f4a9aae3ea7c3d8b9a034e603ce2ec176dae14bca9f0c"}, {0x30, 0x0, 0x8, "614bd1ede3efbe3d0ca71e486eb37b5996211784daed9def7ceaaa322d73b1"}], 0x108}, 0x4000) 4.557982307s ago: executing program 2 (id=3310): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x8, &(0x7f00000002c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0xbc}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 4.457182018s ago: executing program 3 (id=3311): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xb) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r0}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000002000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4.395759425s ago: executing program 2 (id=3312): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001e00)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6939fc404000000c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a3449abe802f5ab3e89cf6cfdffffffb8580218ce740068720000074e8b1715807ea0ca469e46968eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000000000000005335000000143ea70c2ab40c7cb70c943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a33e680846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850af895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2200af6c7784a1975fa807de38a3a61e44a9ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d05d988d6efdffdf48dca02113a38300cabf2b5543ffc166955709009e000000000061629d1822f720ec23812770d72c700a44e113d17088fdd00600000f7889b8c7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f747c08f4010586903500000000000000000000be34cf652e28e700000000000000b24478a78a0f9d640dd782ac0cbc46903243d0d0f4bc7f253d0500000032daaf281c450e64c33aac8ff7e7d1c94c450503009688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0000f5e1671bc5eb7739daa7820a91cb0e732df2ae1d39c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b4cbaf5a6b649dd5f13cd776e6c7c4b5c4b0de20e033b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13e434aae9df81ecaf5f744f22f2e45afe2c9e8632276cffe5f1fc215c0797d0244cf1ce269d10525745caaa3f77d1b80116cb9a384002421d898913c45a9ac091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025e2a9a135c045a17e9a61c3b064e679508af1aec2926627b43bba1229a7466bdca64f514b7911458da09fe8681916d408d753226a83ae2434ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd911e0e5f00019be25b5910a3193e90be231a05fd82e6003969c3f081ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f5513662809073710937ed0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a58a0aa9a821667c68549e9da89ad4218cea744b332ab232a09cf1ec375627074ce2d3d7619936768a84a1465fff4eedba55955434f132ab7b8840558b3f918d675a79907a72a8252cd3fbaea5d3006a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68196c7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb511164f1502ab2ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f27859946e72f80bb1c9cfcde57b79625e2979fe689a5a246cbbdf6ad488f43f46b2536f175f46dfb27d522946727024de0c59ca3305e66825715e5e4cd5b54c1b05c09f04337a76a30373baac3ecec91fd546eb7c32dbecb18a308a0004be94dfab28c2a51dc856df00000000000000000000dfa4c12254f041804f7f7074356789b1d4dd55f3e045a48241a4ce04d06acb2cf11eab759ba78da5d00f26126d4cf2c73e5f94030000000000000000000000c301985d603403592486204054be3fdda91f9e315886941928e5a8bc1a00e69a98c0a8f7192f6ee93cc4124cf4e7610915efc08c834a44e1d685d6835a40b5bc615949cbcd98d0e68d7eef5d32d5fcc7923d7544fa492aa38717481c55e86dcd7816ad8940bd1995369d89ae6eadeb9117e8b94ab422c8d62fc9dfffeb13b4858875dccdbc89572231ef5d6df6a9c55f8df763c7c64da7cc017e1ef90ed4cb9fe6d19b11d4d38239d318016e622b9683b7e46be64dc097982e23462392a0cd05afb2e060fd42ef00dfbd057311aab94f307d10c7a1af0d8e5a0fcb547475d13c0000000000000000f1cc97103d714d1af45790517c4a0f5c6a5024e3359e8d83e3f6edf9e2afb5ab59c7b2b45cfb0a3c1303a98e4ed531ac11cca1cd744b431de74c7cd6533adaa8ec749061b2959d53da626aa189781dc1be4d5c81aebc0cada819895b377d6cf0a7878ba99864ae84464744c605646caf2e06b13eba7ba10acf77d91b2297e9573abb0a4da534d735a223626402b308daf7835780fa6f4e410000000000fb00000000000000000000b14952139bd4bdbccc5e334c49584655c4fce8c5bb7c54664aef6d78429d358aa54b4b49926c4be9ee4659153d9f9f5d07cc4efdab2c5f4503148d0255d0b748366dafe042d78479c21d832e1431ed6d646d13e8e7230300920a5642bbed1dee9b46b6f02e572024ccf3c8edd82660e5d74c52be71d780c300000000d0267ac40d1130a9000000000045f50812a1a0530b02baed19f4c977ac0d397ed6371ec589bf5943690250bdfa5b676d5d53d2ab3aeee1a6910c1a33b6c06c93386768f8b1bb27ec31cffbd4f5c7b0c2e14e4fc6c2f089ab08567254e93780afdddefb3f0d2143ad73c0bf2467859049d46dc5aa91f918a307e7dcaaccd6cbe66e8a04d201392a487f681f82528a800e27d65200ae10e1b5d39a29d8a2c8ed2dfa77e21249b45806733e674a9e8e72ad1cb0d3bfadb00a18a5008ea1e4c8fb93d311f52a476c576a3f65c9bdd4e4b870aed4cb9906a8aa25986e6e30be249d9911114b42b2fb51168e56000a62b794c193f7797ebeb7f8b91c70b6e720af06ecfcfb89a2d5a25f"], &(0x7f0000000140)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x18000000000002a0, 0x13, 0x0, &(0x7f0000000340)="b9e403c6630d698cb8a00b04339c07f7c9768b", 0x0, 0xfa, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.395435625s ago: executing program 0 (id=3313): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 4.307024649s ago: executing program 0 (id=3314): bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x20, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 4.211049549s ago: executing program 3 (id=3315): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x1, 0x7, 0x0, 0x1}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) 4.107704614s ago: executing program 2 (id=3316): signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) r0 = gettid() timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080)) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x800000000000001, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r5 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010, 0x1, 0x39d}, 0x0, 0x0) io_uring_enter(r5, 0x47ba, 0x3e80, 0x0, 0x0, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r6, 0x400452c8, &(0x7f0000000100)) ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c9, &(0x7f0000000100)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) sendmsg$NL80211_CMD_NOTIFY_RADAR(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20004000}, 0x4000890) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, 0x0, 0x0, 0x4000}) syz_open_dev$dri(0x0, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) 4.107464268s ago: executing program 0 (id=3317): gettid() bpf$PROG_LOAD_XDP(0x5, 0x0, 0xfffffffffffffdfc) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, &(0x7f0000000040)=""/155, 0x1000000, 0x9b, 0x1}, 0x20) syz_clone(0x164000, 0x0, 0x0, 0x0, 0x0, 0x0) 3.818378983s ago: executing program 3 (id=3318): umount2(0x0, 0x4) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r0 = gettid() sched_setattr(r0, 0x0, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000380)) preadv2(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000180)=""/136, 0x88}], 0x1, 0x5, 0x1, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000280)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000001c0)={0x73622a85, 0x1, 0x3}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x80000) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0xffffffffffffff9a, 0x1000000, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000640)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6314}], 0x0, 0x0, 0x0}) 3.212851501s ago: executing program 1 (id=3319): prlimit64(0x0, 0xe, 0x0, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_SELECTION(0xffffffffffffffff, 0xc040563d, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) recvmmsg(r0, &(0x7f0000006080)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x20, 0x0) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000100)={0x0, 0xf00, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x1401, 0x7fc32be5eb343aa7}, 0x5c}}, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 2.935262564s ago: executing program 2 (id=3320): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000005000000030000000000001103000000000000000000000000001804000300000000000001000004001e00000000000002000000000000000000002e"], 0x0, 0x51}, 0x20) 2.934648608s ago: executing program 3 (id=3321): r0 = socket$inet_smc(0x2b, 0x1, 0x0) io_setup(0x6, &(0x7f00000003c0)=0x0) io_submit(r1, 0x1, &(0x7f00000000c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x2}]) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009c323f08a5040330b2440102030109021200010002000009"], 0x0) syz_usb_control_io$printer(r2, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="000304ebff0a23300000"]}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000440)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000002c0)={0x1, 'veth0_to_hsr\x00', 0x1}, 0x18) 2.855690041s ago: executing program 1 (id=3322): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r1, 0x1, 0x70bd2e, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5, 0x18, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x0) 2.801411687s ago: executing program 2 (id=3323): syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000d8ca8d40d10521200031010203010902120001000000000904"], 0x0) syz_open_pts(0xffffffffffffffff, 0x44000) r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x80000, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff], 0x1}, 0x58) fallocate(r0, 0x0, 0x0, 0x8ffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x4}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000001a00010026bd700002000000022000830001"], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0xfffffffffffffe02, &(0x7f00000002c0)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$USBDEVFS_REAPURB(0xffffffffffffffff, 0x4008550c, &(0x7f0000000000)) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xafUD\x9dA\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_CREATE(r0, 0xc02054a5, &(0x7f00000000c0)={0x0, r3, 'id0\x00'}) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r6, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000001c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r7, r8, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000480)={0x28, 0x4, r8, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3}) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000080)={0x28, 0x4, r8, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x7fffffff}) ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000180)={0x28, 0x6, r8, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x101}) mq_unlink(&(0x7f0000000000)='eth0\x00') creat(&(0x7f0000000580)='./file1\x00', 0x0) 2.734686785s ago: executing program 0 (id=3324): bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='kfree\x00', r1}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001700)={r2, 0x2000002, 0xe, 0xfd47, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0xfffffbff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 0 (id=3325): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001480)={0x14, 0x36, 0x107, 0x3, 0x0, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) kernel console output (not intermixed with test programs): 083][ T5885] usb 2-1: USB disconnect, device number 26 [ 959.675006][T15311] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2578'. [ 959.690668][T15309] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2579'. [ 964.990374][T15356] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2591'. [ 965.265796][T15360] siw: device registration error -23 [ 965.961455][T15366] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2595'. [ 966.512204][T15379] program syz.0.2598 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 966.619758][ T5978] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 967.370700][ T5978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 968.059860][ T5978] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 968.135808][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 968.156121][ T5978] usb 5-1: Product: syz [ 968.168703][T15389] loop2: detected capacity change from 0 to 512 [ 968.176486][ T5978] usb 5-1: Manufacturer: syz [ 968.184237][ T5978] usb 5-1: SerialNumber: syz [ 968.201283][ T5978] usb 5-1: config 0 descriptor?? [ 968.309727][T15389] EXT4-fs (loop2): Test dummy encryption mode enabled [ 968.494328][T15389] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 968.539426][T15389] EXT4-fs (loop2): Errors on filesystem, clearing orphan list. [ 968.614425][T15389] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 968.986982][T15397] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 969.626475][ T5829] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 970.869065][ T5978] usb 5-1: USB disconnect, device number 15 [ 971.102764][T15419] loop4: detected capacity change from 0 to 512 [ 971.150031][T15419] EXT4-fs (loop4): Test dummy encryption mode enabled [ 971.202549][T15419] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 971.280524][T15419] EXT4-fs (loop4): Errors on filesystem, clearing orphan list. [ 971.289277][T15419] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 971.489963][T15423] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 972.005247][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 973.544271][T15439] program syz.1.2613 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 973.750188][T15443] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2614'. [ 978.067664][T15479] tipc: New replicast peer: 255.255.255.255 [ 978.115129][T15479] tipc: Enabled bearer , priority 10 [ 978.154026][T15480] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2624'. [ 978.180949][T15480] tipc: Disabling bearer [ 978.726362][T15486] loop0: detected capacity change from 0 to 512 [ 978.903573][T15486] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 978.974166][T15486] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 979.013401][T15486] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 979.046194][T15486] System zones: 0-2, 18-18, 34-34 [ 979.075276][T15486] EXT4-fs error (device loop0): ext4_orphan_get:1391: comm syz.0.2627: inode #15: comm syz.0.2627: iget: illegal inode # [ 979.293487][T15486] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2627: couldn't read orphan inode 15 (err -117) [ 979.401954][T15486] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 979.761514][T15501] EXT4-fs error (device loop0): ext4_lookup:1785: comm syz.0.2627: inode #15: comm syz.0.2627: iget: illegal inode # [ 979.971274][ T5823] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 980.974169][T15504] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2631'. [ 981.652675][T15520] loop2: detected capacity change from 0 to 512 [ 981.680117][T15520] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 981.702212][T15520] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 981.736490][T15520] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 981.764086][T15520] System zones: 0-2, 18-18, 34-34 [ 981.784796][T15520] EXT4-fs error (device loop2): ext4_orphan_get:1391: comm syz.2.2634: inode #15: comm syz.2.2634: iget: illegal inode # [ 981.808487][T15520] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2634: couldn't read orphan inode 15 (err -117) [ 981.839847][T15520] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 981.976698][T15526] EXT4-fs error (device loop2): ext4_lookup:1785: comm syz.2.2634: inode #15: comm syz.2.2634: iget: illegal inode # [ 982.697148][ T5829] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 983.627296][T15549] syzkaller0: entered promiscuous mode [ 983.637083][T15549] syzkaller0: entered allmulticast mode [ 985.980412][T15573] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2644'. [ 986.719742][ T5990] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 986.925191][ T5990] usb 4-1: config 0 has an invalid interface number: 113 but max is 0 [ 986.949674][ T5990] usb 4-1: config 0 has no interface number 0 [ 986.968431][ T5990] usb 4-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 987.007631][ T5990] usb 4-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 987.038027][ T5990] usb 4-1: config 0 interface 113 has no altsetting 0 [ 987.065103][ T5990] usb 4-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 987.084831][ T5990] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 987.113323][ T5990] usb 4-1: Product: syz [ 987.123559][ T5990] usb 4-1: Manufacturer: syz [ 987.135956][ T5990] usb 4-1: SerialNumber: syz [ 987.167101][ T5990] usb 4-1: config 0 descriptor?? [ 987.193209][ C1] usb 4-1: NFC: Urb failure (status -71) [ 987.202667][ T5990] usb 4-1: NFC: Unable to get FW version [ 987.213389][ T5990] pn533_usb 4-1:0.113: probe with driver pn533_usb failed with error -90 [ 987.525217][T15589] loop2: detected capacity change from 0 to 512 [ 987.533996][T15589] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 987.553603][T15589] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 987.602775][T15589] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 987.620218][T15589] System zones: 0-2, 18-18, 34-34 [ 987.638491][T15589] EXT4-fs error (device loop2): ext4_orphan_get:1391: comm syz.2.2646: inode #15: comm syz.2.2646: iget: illegal inode # [ 987.658715][T15589] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2646: couldn't read orphan inode 15 (err -117) [ 987.680043][T15589] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 987.830727][T15592] EXT4-fs error (device loop2): ext4_lookup:1785: comm syz.2.2646: inode #15: comm syz.2.2646: iget: illegal inode # [ 988.410879][ T5829] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 990.181639][ T5917] usb 4-1: USB disconnect, device number 23 [ 990.734959][T15611] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2653'. [ 991.924479][T15632] syzkaller0: entered promiscuous mode [ 991.991132][T15632] syzkaller0: entered allmulticast mode [ 993.060535][T15643] siw: device registration error -23 [ 993.448287][T15649] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2663'. [ 996.027777][T15661] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2667'. [ 996.129856][T15663] syzkaller0: entered promiscuous mode [ 996.135537][T15663] syzkaller0: entered allmulticast mode [ 996.471251][T15677] tipc: Enabling of bearer rejected, failed to enable media [ 996.490733][T15671] syzkaller0: entered promiscuous mode [ 996.496275][T15671] syzkaller0: entered allmulticast mode [ 996.588847][T15684] loop0: detected capacity change from 0 to 512 [ 996.749219][T15684] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 996.817480][T15684] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 996.932301][T15684] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 997.015684][T15684] System zones: 0-2, 18-18, 34-34 [ 997.110187][T15684] EXT4-fs error (device loop0): ext4_orphan_get:1391: comm syz.0.2673: inode #15: comm syz.0.2673: iget: illegal inode # [ 997.236959][T15684] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2673: couldn't read orphan inode 15 (err -117) [ 997.308266][T15684] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 998.291559][ T5823] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 998.320124][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.985010][T15709] syzkaller0: entered promiscuous mode [ 998.990737][T15709] syzkaller0: entered allmulticast mode [ 999.649689][T15718] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2681'. [ 1000.007317][T15722] loop3: detected capacity change from 0 to 512 [ 1000.016492][T15722] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1000.044909][T15722] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 1000.081843][T15722] EXT4-fs (loop3): Errors on filesystem, clearing orphan list. [ 1000.098994][T15722] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1000.712976][T15731] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 1003.373523][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1003.852339][T15749] loop3: detected capacity change from 0 to 512 [ 1003.876389][T15749] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 1003.912751][T15749] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 1003.952876][T15749] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 1003.980263][T15749] System zones: 0-2, 18-18, 34-34 [ 1004.008286][T15749] EXT4-fs error (device loop3): ext4_orphan_get:1391: comm syz.3.2689: inode #15: comm syz.3.2689: iget: illegal inode # [ 1004.075050][T15749] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2689: couldn't read orphan inode 15 (err -117) [ 1004.183882][T15749] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1004.848595][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1006.079651][ T10] usb 3-1: new full-speed USB device number 25 using dummy_hcd [ 1006.341103][ T10] usb 3-1: config 0 has an invalid interface number: 113 but max is 0 [ 1006.361027][ T10] usb 3-1: config 0 has no interface number 0 [ 1006.367222][ T10] usb 3-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1006.415596][ T10] usb 3-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1006.449921][ T10] usb 3-1: config 0 interface 113 has no altsetting 0 [ 1006.538455][ T10] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1006.561634][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1006.573636][ T10] usb 3-1: Product: syz [ 1006.577850][ T10] usb 3-1: Manufacturer: syz [ 1006.582837][ T10] usb 3-1: SerialNumber: syz [ 1006.593202][ T10] usb 3-1: config 0 descriptor?? [ 1006.645877][ C0] usb 3-1: NFC: Urb failure (status -71) [ 1006.656352][ T10] usb 3-1: NFC: Unable to get FW version [ 1006.679924][ T10] pn533_usb 3-1:0.113: probe with driver pn533_usb failed with error -90 [ 1006.751981][ T5894] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 1006.921455][ T5894] usb 5-1: config 0 has an invalid interface number: 113 but max is 0 [ 1006.932765][ T5894] usb 5-1: config 0 has no interface number 0 [ 1006.939298][ T5894] usb 5-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1006.979763][ T5894] usb 5-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1007.009107][ T5894] usb 5-1: config 0 interface 113 has no altsetting 0 [ 1007.033965][ T5894] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1007.044337][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1007.052492][ T5894] usb 5-1: Product: syz [ 1007.059632][ T5894] usb 5-1: Manufacturer: syz [ 1007.073946][T15719] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2682'. [ 1007.252702][ T5894] usb 5-1: SerialNumber: syz [ 1007.274118][ T5894] usb 5-1: config 0 descriptor?? [ 1007.293018][ C1] usb 5-1: NFC: Urb failure (status -71) [ 1007.298879][ T5894] usb 5-1: NFC: Unable to get FW version [ 1007.314151][ T5894] pn533_usb 5-1:0.113: probe with driver pn533_usb failed with error -90 [ 1007.879878][ T10] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 1008.109843][ T10] usb 2-1: config 0 has an invalid interface number: 113 but max is 0 [ 1008.118737][ T10] usb 2-1: config 0 has no interface number 0 [ 1008.129671][ T10] usb 2-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1008.164492][ T10] usb 2-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1008.190495][ T10] usb 2-1: config 0 interface 113 has no altsetting 0 [ 1008.237136][ T10] usb 2-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1008.248192][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1008.258919][ T10] usb 2-1: Product: syz [ 1008.275825][ T10] usb 2-1: Manufacturer: syz [ 1008.323773][ T10] usb 2-1: SerialNumber: syz [ 1008.348057][ T10] usb 2-1: config 0 descriptor?? [ 1008.444702][ C0] usb 2-1: NFC: Urb failure (status -71) [ 1008.490618][ T10] usb 2-1: NFC: Unable to get FW version [ 1008.519039][ T10] pn533_usb 2-1:0.113: probe with driver pn533_usb failed with error -90 [ 1009.178533][ T10] usb 3-1: USB disconnect, device number 25 [ 1009.928708][ T5894] usb 5-1: USB disconnect, device number 16 [ 1011.260201][ T9031] usb 2-1: USB disconnect, device number 27 [ 1012.437322][T15811] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2703'. [ 1012.771778][T15814] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2704'. [ 1014.808264][ T5978] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 1015.019121][ T5978] usb 5-1: config 0 has an invalid interface number: 113 but max is 0 [ 1015.041490][ T5978] usb 5-1: config 0 has no interface number 0 [ 1015.074754][ T5978] usb 5-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1015.121019][ T5978] usb 5-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1015.196684][ T5978] usb 5-1: config 0 interface 113 has no altsetting 0 [ 1015.234427][ T5978] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1015.282643][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1015.344378][ T5978] usb 5-1: Product: syz [ 1015.348582][ T5978] usb 5-1: Manufacturer: syz [ 1015.375763][ T5978] usb 5-1: SerialNumber: syz [ 1015.391702][ T5978] usb 5-1: config 0 descriptor?? [ 1015.411535][ C0] usb 5-1: NFC: Urb failure (status -71) [ 1015.417396][ T5978] usb 5-1: NFC: Unable to get FW version [ 1015.424051][ T5978] pn533_usb 5-1:0.113: probe with driver pn533_usb failed with error -90 [ 1015.945092][T15851] program syz.3.2711 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1017.809639][ T9031] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 1018.004454][ T9031] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1018.036841][ T9031] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1018.071484][ T9031] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1018.171270][ T9031] usb 2-1: Product: syz [ 1018.175554][ T9031] usb 2-1: Manufacturer: syz [ 1018.272507][ T9031] usb 2-1: SerialNumber: syz [ 1018.313488][ T5917] usb 5-1: USB disconnect, device number 17 [ 1018.390548][ T9031] usb 2-1: config 0 descriptor?? [ 1019.439634][ T9031] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 1019.737138][ T9031] usb 5-1: config 0 has an invalid interface number: 113 but max is 0 [ 1019.757463][ T9031] usb 5-1: config 0 has no interface number 0 [ 1019.766174][ T9031] usb 5-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1019.855856][ T9031] usb 5-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1019.940856][ T9031] usb 5-1: config 0 interface 113 has no altsetting 0 [ 1020.034246][ T9031] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1020.139068][ T9031] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1020.222587][ T9031] usb 5-1: Product: syz [ 1020.226793][ T9031] usb 5-1: Manufacturer: syz [ 1020.231801][ T9031] usb 5-1: SerialNumber: syz [ 1020.259613][ T9031] usb 5-1: config 0 descriptor?? [ 1020.281179][ C1] usb 5-1: NFC: Urb failure (status -71) [ 1020.288706][ T9031] usb 5-1: NFC: Unable to get FW version [ 1020.294873][ T9031] pn533_usb 5-1:0.113: probe with driver pn533_usb failed with error -90 [ 1021.002265][ T7403] usb 2-1: USB disconnect, device number 28 [ 1022.541915][ T5978] usb 5-1: USB disconnect, device number 18 [ 1023.429974][ T9031] usb 2-1: new full-speed USB device number 29 using dummy_hcd [ 1023.594207][T15918] Cannot find set identified by id 65534 to match [ 1023.782395][ T9031] usb 2-1: config 0 has an invalid interface number: 113 but max is 0 [ 1023.837282][ T9031] usb 2-1: config 0 has no interface number 0 [ 1023.853523][ T9031] usb 2-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1023.889325][ T9031] usb 2-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1023.907569][ T9031] usb 2-1: config 0 interface 113 has no altsetting 0 [ 1023.950789][ T9031] usb 2-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1023.960034][ T9031] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1023.972561][ T9031] usb 2-1: Product: syz [ 1023.976778][ T9031] usb 2-1: Manufacturer: syz [ 1023.981677][ T9031] usb 2-1: SerialNumber: syz [ 1024.022622][ T9031] usb 2-1: config 0 descriptor?? [ 1024.032112][ C1] usb 2-1: NFC: Urb failure (status -71) [ 1024.037979][ T9031] usb 2-1: NFC: Unable to get FW version [ 1024.051141][ T9031] pn533_usb 2-1:0.113: probe with driver pn533_usb failed with error -90 [ 1025.429441][T15935] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2731'. [ 1026.629983][ T10] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1026.994891][ T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1027.029883][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1027.042761][ T7403] usb 2-1: USB disconnect, device number 29 [ 1027.055153][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1027.065853][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1027.688627][T15965] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2740'. [ 1027.708267][T15965] bridge_slave_1: left allmulticast mode [ 1027.714379][T15965] bridge_slave_1: left promiscuous mode [ 1027.731464][ T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1027.738253][T15965] bridge0: port 2(bridge_slave_1) entered disabled state [ 1027.758305][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1027.777561][ T10] usb 4-1: config 0 descriptor?? [ 1028.395344][T15965] bridge_slave_0: left allmulticast mode [ 1028.473910][T15965] bridge_slave_0: left promiscuous mode [ 1028.495262][T15965] bridge0: port 1(bridge_slave_0) entered disabled state [ 1028.659968][ T10] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1028.821004][T15965] bridge0 (unregistering): left allmulticast mode [ 1028.969632][ T10] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 1029.085035][T15971] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2742'. [ 1029.121487][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 1029.142212][ T10] usb 1-1: New USB device found, idVendor=0c45, idProduct=6128, bcdDevice=c4.6d [ 1029.161880][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1029.170099][ T10] usb 1-1: Product: syz [ 1029.197904][ T10] usb 1-1: Manufacturer: syz [ 1029.203377][ T10] usb 1-1: SerialNumber: syz [ 1029.218948][ T10] usb 1-1: config 0 descriptor?? [ 1029.231216][ T10] gspca_main: sonixj-2.14.0 probing 0c45:6128 [ 1029.350123][T15978] syzkaller0: entered promiscuous mode [ 1029.366839][T15978] syzkaller0: entered allmulticast mode [ 1029.435709][T15978] tipc: Enabled bearer , priority 0 [ 1029.460474][T15975] tipc: Resetting bearer [ 1029.709185][T15982] program syz.2.2747 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1029.749391][ T30] audit: type=1326 audit(1764328915.976:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15968 comm="syz.0.2741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff86718f749 code=0x7ffc0000 [ 1029.776070][ T10] gspca_sonixj: reg_w1 err -110 [ 1029.783600][T15975] tipc: Disabling bearer [ 1029.796108][ T10] sonixj 1-1:0.0: probe with driver sonixj failed with error -110 [ 1029.877598][ T30] audit: type=1326 audit(1764328915.976:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15968 comm="syz.0.2741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7ff86718f749 code=0x7ffc0000 [ 1029.913213][ T30] audit: type=1326 audit(1764328915.976:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15968 comm="syz.0.2741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff86718f749 code=0x7ffc0000 [ 1029.939169][ T30] audit: type=1326 audit(1764328915.976:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15968 comm="syz.0.2741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff86718df90 code=0x7ffc0000 [ 1030.031527][ T30] audit: type=1326 audit(1764328915.976:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15968 comm="syz.0.2741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff86718f749 code=0x7ffc0000 [ 1030.172972][ T30] audit: type=1326 audit(1764328915.976:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15968 comm="syz.0.2741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7ff86718f749 code=0x7ffc0000 [ 1030.224894][ T30] audit: type=1326 audit(1764328915.976:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15968 comm="syz.0.2741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff86718f749 code=0x7ffc0000 [ 1030.433715][T16003] tipc: New replicast peer: 255.255.255.255 [ 1030.441425][T16003] tipc: Enabled bearer , priority 10 [ 1030.452859][T16003] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2751'. [ 1030.497462][T16003] tipc: Disabling bearer [ 1030.533058][T15995] loop3: detected capacity change from 0 to 512 [ 1030.555411][ T5978] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 1030.671946][T15995] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1030.700463][ T30] audit: type=1326 audit(1764328915.976:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15968 comm="syz.0.2741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff86718f749 code=0x7ffc0000 [ 1030.726630][ T5978] usb 5-1: config 0 has an invalid interface number: 113 but max is 0 [ 1030.742482][ T5978] usb 5-1: config 0 has no interface number 0 [ 1030.796019][ T10] usb 4-1: USB disconnect, device number 24 [ 1030.804105][ T5978] usb 5-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1030.836910][ T30] audit: type=1326 audit(1764328915.976:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15968 comm="syz.0.2741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff86718f749 code=0x7ffc0000 [ 1030.867732][T15995] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 1030.876011][ T5978] usb 5-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1030.906845][T15995] EXT4-fs (loop3): Errors on filesystem, clearing orphan list. [ 1030.929665][ T9031] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 1030.951611][ T5978] usb 5-1: config 0 interface 113 has no altsetting 0 [ 1030.978365][T15995] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1031.001962][ T30] audit: type=1326 audit(1764328915.976:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15968 comm="syz.0.2741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff86718f749 code=0x7ffc0000 [ 1031.032818][ T5978] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1031.052783][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1031.079632][ T9031] usb 3-1: Using ep0 maxpacket: 8 [ 1031.093158][ T5978] usb 5-1: Product: syz [ 1031.093241][ T9031] usb 3-1: New USB device found, idVendor=0c45, idProduct=6128, bcdDevice=c4.6d [ 1031.250443][ T9031] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1031.266134][ T9031] usb 3-1: Product: syz [ 1031.419883][ T5978] usb 5-1: Manufacturer: syz [ 1031.425228][T16001] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 1031.440719][ T5978] usb 5-1: SerialNumber: syz [ 1031.500589][ T9031] usb 3-1: Manufacturer: syz [ 1031.820979][ T5978] usb 5-1: config 0 descriptor?? [ 1031.839718][ T9031] usb 3-1: SerialNumber: syz [ 1031.873575][ C0] usb 5-1: NFC: Urb failure (status -71) [ 1031.889995][ T5978] usb 5-1: NFC: Unable to get FW version [ 1031.919316][ T5978] pn533_usb 5-1:0.113: probe with driver pn533_usb failed with error -90 [ 1032.009235][ T9031] usb 3-1: config 0 descriptor?? [ 1032.070257][ T9031] gspca_main: sonixj-2.14.0 probing 0c45:6128 [ 1032.247656][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1032.533096][ T5978] usb 1-1: USB disconnect, device number 30 [ 1032.601255][ T9031] gspca_sonixj: reg_w1 err -110 [ 1032.621005][ T9031] sonixj 3-1:0.0: probe with driver sonixj failed with error -110 [ 1033.273332][T16023] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2755'. [ 1034.683085][ T9031] usb 5-1: USB disconnect, device number 19 [ 1035.965755][ T5917] usb 3-1: USB disconnect, device number 26 [ 1036.183685][T16043] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2762'. [ 1037.497009][T16067] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2766'. [ 1038.649620][ T9031] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 1038.830320][ T9031] usb 5-1: config 0 has an invalid interface number: 113 but max is 0 [ 1038.936875][ T9031] usb 5-1: config 0 has no interface number 0 [ 1038.981907][ T9031] usb 5-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1039.087721][ T9031] usb 5-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1039.275785][ T9031] usb 5-1: config 0 interface 113 has no altsetting 0 [ 1039.498387][ T9031] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1039.533939][ T9031] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1039.780666][ T9031] usb 5-1: Product: syz [ 1039.816404][ T9031] usb 5-1: Manufacturer: syz [ 1039.826007][ T9031] usb 5-1: SerialNumber: syz [ 1039.985817][ T9031] usb 5-1: config 0 descriptor?? [ 1040.179178][ C1] usb 5-1: NFC: Urb failure (status -71) [ 1040.185142][ T9031] usb 5-1: NFC: Unable to get FW version [ 1040.211350][ T9031] pn533_usb 5-1:0.113: probe with driver pn533_usb failed with error -90 [ 1040.479689][ T10] usb 3-1: new full-speed USB device number 27 using dummy_hcd [ 1040.652820][ T10] usb 3-1: config 0 has an invalid interface number: 113 but max is 0 [ 1040.662300][ T10] usb 3-1: config 0 has no interface number 0 [ 1040.681627][ T10] usb 3-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1040.727920][ T10] usb 3-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1040.768984][ T10] usb 3-1: config 0 interface 113 has no altsetting 0 [ 1040.801555][ T10] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1040.810780][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1040.834429][ T10] usb 3-1: Product: syz [ 1040.854002][ T10] usb 3-1: Manufacturer: syz [ 1040.872687][ T10] usb 3-1: SerialNumber: syz [ 1040.901307][ T10] usb 3-1: config 0 descriptor?? [ 1040.926759][ C0] usb 3-1: NFC: Urb failure (status -71) [ 1040.932824][ T10] usb 3-1: NFC: Unable to get FW version [ 1040.940141][ T10] pn533_usb 3-1:0.113: probe with driver pn533_usb failed with error -90 [ 1043.733598][T16112] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2777'. [ 1043.751494][ T10] usb 5-1: USB disconnect, device number 20 [ 1044.496869][ T10] usb 3-1: USB disconnect, device number 27 [ 1045.539705][ T9031] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1045.728847][ T9031] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1045.782426][ T9031] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1045.799597][ T9031] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1045.841536][ T9031] usb 3-1: Product: syz [ 1045.851683][ T9031] usb 3-1: Manufacturer: syz [ 1045.864979][ T9031] usb 3-1: SerialNumber: syz [ 1045.880512][ T9031] usb 3-1: config 0 descriptor?? [ 1047.006332][T16142] xt_CT: No such helper "pptp" [ 1047.882871][ T5885] usb 3-1: USB disconnect, device number 28 [ 1049.185277][T16165] tipc: New replicast peer: 255.255.255.255 [ 1049.344473][T16165] tipc: Enabled bearer , priority 10 [ 1049.367031][T16165] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2792'. [ 1049.389951][T16165] tipc: Disabling bearer [ 1049.478765][T16169] program syz.4.2790 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1054.489779][T16213] xt_CT: No such helper "pptp" [ 1054.759680][ T5990] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 1054.990230][ T9031] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 1055.283050][ T9031] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1055.297990][ T9031] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1055.340402][ T5990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1055.486288][ T9031] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1055.503885][ T9031] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1055.517469][ T9031] usb 5-1: Product: syz [ 1055.525472][ T9031] usb 5-1: Manufacturer: syz [ 1055.536567][ T9031] usb 5-1: SerialNumber: syz [ 1055.555397][ T9031] usb 5-1: config 0 descriptor?? [ 1055.562042][ T5990] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1055.571794][ T5990] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1055.583726][ T5990] usb 2-1: Product: syz [ 1055.595239][ T5990] usb 2-1: Manufacturer: syz [ 1055.606160][ T9031] usb 5-1: ucan: probing device on interface #0 [ 1055.615376][ T5990] usb 2-1: SerialNumber: syz [ 1055.620346][ T9031] usb 5-1: ucan: invalid EP count (0) [ 1055.642204][ T9031] usb 5-1: ucan: probe failed; try to update the device firmware [ 1055.653866][ T5990] usb 2-1: config 0 descriptor?? [ 1055.817096][ T10] usb 5-1: USB disconnect, device number 21 [ 1059.769034][ T7403] usb 2-1: USB disconnect, device number 30 [ 1059.797008][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1061.089215][T16273] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2814'. [ 1061.098794][T16271] xt_CT: No such helper "pptp" [ 1061.518086][T16283] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 1061.924405][T16283] bridge0: entered allmulticast mode [ 1061.930567][T16283] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2820'. [ 1061.940031][T16283] bridge_slave_1: left allmulticast mode [ 1061.945894][T16283] bridge_slave_1: left promiscuous mode [ 1062.024834][T16283] bridge0: port 2(bridge_slave_1) entered disabled state [ 1062.227744][T16283] bridge_slave_0: left allmulticast mode [ 1062.255086][T16283] bridge0: port 1(bridge_slave_0) entered disabled state [ 1062.326041][T16283] bridge0 (unregistering): left allmulticast mode [ 1065.508997][T16320] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2825'. [ 1071.131585][T16376] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2840'. [ 1071.880245][T16382] program syz.1.2842 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1072.574638][ T10] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 1072.602731][T16391] syzkaller0: entered promiscuous mode [ 1072.608387][T16391] syzkaller0: entered allmulticast mode [ 1072.779706][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 1072.960574][ T10] usb 3-1: New USB device found, idVendor=0c45, idProduct=6128, bcdDevice=c4.6d [ 1073.019783][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1073.036222][ T10] usb 3-1: Product: syz [ 1073.044170][ T10] usb 3-1: Manufacturer: syz [ 1073.056579][ T10] usb 3-1: SerialNumber: syz [ 1073.063724][ T10] usb 3-1: config 0 descriptor?? [ 1073.078584][ T10] gspca_main: sonixj-2.14.0 probing 0c45:6128 [ 1073.430336][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 1073.430519][ T30] audit: type=1326 audit(1764328959.646:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16386 comm="syz.2.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2778f749 code=0x7ffc0000 [ 1073.515758][ T30] audit: type=1326 audit(1764328959.646:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16386 comm="syz.2.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2778f749 code=0x7ffc0000 [ 1073.646788][ T10] gspca_sonixj: reg_w1 err -110 [ 1073.652266][ T10] sonixj 3-1:0.0: probe with driver sonixj failed with error -110 [ 1073.683377][ T30] audit: type=1326 audit(1764328959.646:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16386 comm="syz.2.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fdb2778f749 code=0x7ffc0000 [ 1073.777432][ T30] audit: type=1326 audit(1764328959.646:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16386 comm="syz.2.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2778f749 code=0x7ffc0000 [ 1073.882578][ T30] audit: type=1326 audit(1764328959.646:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16386 comm="syz.2.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2778f749 code=0x7ffc0000 [ 1073.973819][ T30] audit: type=1326 audit(1764328959.646:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16386 comm="syz.2.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdb2778df90 code=0x7ffc0000 [ 1074.054091][ T30] audit: type=1326 audit(1764328959.646:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16386 comm="syz.2.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2778f749 code=0x7ffc0000 [ 1074.173171][ T30] audit: type=1326 audit(1764328959.646:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16386 comm="syz.2.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2778f749 code=0x7ffc0000 [ 1074.305853][ T30] audit: type=1326 audit(1764328959.646:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16386 comm="syz.2.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdb2778f749 code=0x7ffc0000 [ 1074.436636][ T30] audit: type=1326 audit(1764328959.646:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16386 comm="syz.2.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2778f749 code=0x7ffc0000 [ 1075.229892][ T793] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 1075.389718][ T793] usb 5-1: Using ep0 maxpacket: 8 [ 1075.398804][ T793] usb 5-1: New USB device found, idVendor=0c45, idProduct=6128, bcdDevice=c4.6d [ 1075.417681][ T793] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1075.434928][ T793] usb 5-1: Product: syz [ 1075.442222][ T793] usb 5-1: Manufacturer: syz [ 1075.446908][ T793] usb 5-1: SerialNumber: syz [ 1075.477901][ T793] usb 5-1: config 0 descriptor?? [ 1075.494743][ T793] gspca_main: sonixj-2.14.0 probing 0c45:6128 [ 1075.576848][ T5990] usb 3-1: USB disconnect, device number 29 [ 1076.094352][ T793] gspca_sonixj: reg_w1 err -110 [ 1076.099937][ T793] sonixj 5-1:0.0: probe with driver sonixj failed with error -110 [ 1077.358952][T16392] syzkaller0: entered promiscuous mode [ 1077.364721][T16392] syzkaller0: entered allmulticast mode [ 1077.860722][T16419] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2852'. [ 1078.586274][ T5978] usb 5-1: USB disconnect, device number 22 [ 1084.459751][T16459] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2863'. [ 1084.942123][T16455] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2860'. [ 1085.755234][T16483] program syz.0.2867 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1088.269681][ T9031] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 1088.438232][ T9031] usb 3-1: Using ep0 maxpacket: 32 [ 1088.475375][ T9031] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40 [ 1088.475403][ T9031] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1088.481071][ T9031] usb 3-1: config 0 descriptor?? [ 1088.785854][ T9031] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware [ 1088.854560][ T9031] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 1089.026076][ T9031] dib0700: firmware download failed at 7 with -22 [ 1091.356712][T16527] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2877'. [ 1091.668025][T16530] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2876'. [ 1092.151740][T16314] usb 3-1: USB disconnect, device number 30 [ 1092.269590][ T5917] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 1092.454905][ T5917] usb 4-1: config 0 has an invalid interface number: 113 but max is 0 [ 1092.498319][ T5917] usb 4-1: config 0 has no interface number 0 [ 1092.985362][ T5917] usb 4-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1093.045425][ T5917] usb 4-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1093.057712][ T5917] usb 4-1: config 0 interface 113 has no altsetting 0 [ 1093.088507][ T5917] usb 4-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1093.130746][T16551] loop4: detected capacity change from 0 to 512 [ 1093.230174][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1093.254970][ T5917] usb 4-1: Product: syz [ 1093.255459][T16551] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1093.318141][T16551] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 1093.460716][T16551] EXT4-fs (loop4): Errors on filesystem, clearing orphan list. [ 1093.469010][ T5917] usb 4-1: Manufacturer: syz [ 1093.487850][ T5917] usb 4-1: SerialNumber: syz [ 1093.491563][T16551] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1093.507249][ T5917] usb 4-1: config 0 descriptor?? [ 1093.571113][ C0] usb 4-1: NFC: Urb failure (status -71) [ 1093.599622][ T5917] usb 4-1: NFC: Unable to get FW version [ 1093.914289][ T5917] pn533_usb 4-1:0.113: probe with driver pn533_usb failed with error -90 [ 1094.043851][T16560] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 1095.217943][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1096.615371][ T10] usb 4-1: USB disconnect, device number 25 [ 1097.616156][T16586] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2889'. [ 1098.061168][ T10] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 1098.449946][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 1098.459178][ T10] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40 [ 1098.482280][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1098.812118][T16595] openvswitch: netlink: Actions may not be safe on all matching packets [ 1098.873079][ T10] usb 3-1: config 0 descriptor?? [ 1099.405168][ T10] dvb-usb: found a 'Elgato EyeTV DTT' in cold state, will try to load a firmware [ 1099.434857][ T10] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 1099.443515][ T10] dib0700: firmware download failed at 7 with -22 [ 1100.522067][T16602] syzkaller0: entered promiscuous mode [ 1100.547995][T16602] syzkaller0: entered allmulticast mode [ 1100.858446][T16605] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2894'. [ 1101.992040][T16619] tipc: New replicast peer: 255.255.255.255 [ 1101.998453][T16619] tipc: Enabled bearer , priority 10 [ 1102.031810][T16619] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2897'. [ 1102.041824][T16619] tipc: Disabling bearer [ 1102.129670][ T793] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 1102.677285][ T793] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1102.691781][ T793] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1102.701042][ T793] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1102.709051][ T793] usb 5-1: Product: syz [ 1102.731411][ T793] usb 5-1: Manufacturer: syz [ 1102.756191][ T793] usb 5-1: SerialNumber: syz [ 1102.781699][ T10] usb 3-1: USB disconnect, device number 31 [ 1102.782172][ T793] usb 5-1: config 0 descriptor?? [ 1104.111622][T16634] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 1104.227313][T16636] bridge0: entered allmulticast mode [ 1104.274107][T16634] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2902'. [ 1104.409589][T16634] bridge_slave_1: left allmulticast mode [ 1104.477897][T16634] bridge_slave_1: left promiscuous mode [ 1104.512746][T16634] bridge0: port 2(bridge_slave_1) entered disabled state [ 1104.593944][T16634] bridge_slave_0: left allmulticast mode [ 1104.601299][T16634] bridge0: port 1(bridge_slave_0) entered disabled state [ 1104.640498][T16634] bridge0 (unregistering): left allmulticast mode [ 1105.643734][T10310] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1105.655685][T10310] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1105.669030][T10310] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1105.734141][T10310] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1105.777693][T10310] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1106.300198][ T793] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 1106.420115][T16314] usb 5-1: USB disconnect, device number 23 [ 1106.472484][ T793] usb 3-1: Using ep0 maxpacket: 16 [ 1106.512971][ T793] usb 3-1: config 0 has no interfaces? [ 1107.219926][ T793] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1107.255968][ T793] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1107.296505][ T793] usb 3-1: Manufacturer: syz [ 1107.316647][ T793] usb 3-1: config 0 descriptor?? [ 1107.876007][T16654] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1107.903859][T10310] Bluetooth: hci5: command tx timeout [ 1108.135731][T16647] chnl_net:caif_netlink_parms(): no params data found [ 1108.791885][T16647] bridge0: port 1(bridge_slave_0) entered blocking state [ 1108.808249][T16647] bridge0: port 1(bridge_slave_0) entered disabled state [ 1108.830771][T16647] bridge_slave_0: entered allmulticast mode [ 1108.850586][T16647] bridge_slave_0: entered promiscuous mode [ 1108.873015][T16647] bridge0: port 2(bridge_slave_1) entered blocking state [ 1108.892468][T16647] bridge0: port 2(bridge_slave_1) entered disabled state [ 1108.906945][T16647] bridge_slave_1: entered allmulticast mode [ 1108.931420][T16647] bridge_slave_1: entered promiscuous mode [ 1109.127297][T16647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1109.174975][T16647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1109.559196][T16647] team0: Port device team_slave_0 added [ 1109.596671][T16647] team0: Port device team_slave_1 added [ 1109.663945][ T793] usb 3-1: USB disconnect, device number 32 [ 1109.790660][T16683] loop4: detected capacity change from 0 to 2560 [ 1109.945854][T16686] syz_tun: entered allmulticast mode [ 1109.969571][T16647] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1109.986594][T10310] Bluetooth: hci5: command tx timeout [ 1109.986594][T16647] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1109.986630][T16647] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1110.170159][T16685] syz_tun: left allmulticast mode [ 1110.176129][T16647] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1110.215681][T16647] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1110.279335][T16647] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1110.581796][T16647] hsr_slave_0: entered promiscuous mode [ 1110.620147][T16647] hsr_slave_1: entered promiscuous mode [ 1110.656727][T16647] debugfs: 'hsr0' already exists in 'hsr' [ 1110.676805][T16647] Cannot create hsr debugfs directory [ 1112.114212][T10310] Bluetooth: hci5: command tx timeout [ 1112.370848][T16708] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2919'. [ 1112.595686][T16647] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.003011][T16647] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.322691][T16647] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.585306][T16647] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1114.142950][T10310] Bluetooth: hci5: command tx timeout [ 1114.473149][T16647] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1114.528287][T16647] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1114.587908][T16647] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1114.602057][T16647] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1115.570350][T16647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1115.806331][T16647] 8021q: adding VLAN 0 to HW filter on device team0 [ 1115.845062][ T6102] bridge0: port 1(bridge_slave_0) entered blocking state [ 1115.852274][ T6102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1115.950752][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 1115.958312][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1116.273350][ T24] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 1116.432540][ T24] usb 5-1: config 0 has no interfaces? [ 1116.483943][ T24] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1116.504205][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1116.536634][ T24] usb 5-1: Product: syz [ 1116.543396][ T24] usb 5-1: Manufacturer: syz [ 1116.549733][ T24] usb 5-1: SerialNumber: syz [ 1116.575662][ T24] usb 5-1: config 0 descriptor?? [ 1117.293308][T16762] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2931'. [ 1117.401483][T16759] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1117.425764][T16759] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1117.885203][ T5978] usb 5-1: USB disconnect, device number 24 [ 1117.998551][T16647] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1118.233390][T16647] veth0_vlan: entered promiscuous mode [ 1118.269638][ T5978] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1118.308296][T16647] veth1_vlan: entered promiscuous mode [ 1118.589780][ T5978] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF4, changing to 0x84 [ 1118.606441][ T5978] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1023 [ 1118.627131][ T5978] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1118.663728][ T5978] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1118.689807][ T5978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1118.708339][ T5978] usb 4-1: Product: syz [ 1118.724024][ T5978] usb 4-1: Manufacturer: syz [ 1118.789990][T16647] veth0_macvtap: entered promiscuous mode [ 1118.840071][ T5978] usb 4-1: SerialNumber: syz [ 1118.861531][ T5978] usb 4-1: config 0 descriptor?? [ 1118.870639][T16789] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1118.900986][ T5978] usb 4-1: ucan: probing device on interface #0 [ 1118.907315][ T5978] usb 4-1: ucan: invalid EP count (1) [ 1118.919642][ T5978] usb 4-1: ucan: probe failed; try to update the device firmware [ 1118.983637][T16647] veth1_macvtap: entered promiscuous mode [ 1119.078224][T16647] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1119.115697][ T9031] usb 4-1: USB disconnect, device number 26 [ 1119.388302][T16647] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1119.436913][ T1940] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.474577][ T1940] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.496154][ T1940] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.527082][ T1940] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1120.013117][T16806] program syz.2.2938 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1120.527131][ T6649] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1120.636241][ T6649] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1121.193118][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1121.559433][ T6649] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1121.578786][ T6649] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1121.773420][T16820] loop4: detected capacity change from 0 to 512 [ 1121.804705][T16820] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1121.839826][T16820] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 1121.894000][T16820] EXT4-fs (loop4): Errors on filesystem, clearing orphan list. [ 1121.980257][T16820] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1122.794001][T16833] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 1122.835530][ T24] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 1123.156870][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1123.170952][ T24] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1123.184278][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1123.220209][ T24] usb 1-1: Product: syz [ 1123.228075][ T24] usb 1-1: Manufacturer: syz [ 1123.239299][ T24] usb 1-1: SerialNumber: syz [ 1123.264686][ T24] usb 1-1: config 0 descriptor?? [ 1123.291850][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1123.319593][T16314] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1123.909908][T16314] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1123.953751][T16314] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1123.981190][T16314] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1124.037017][T16314] usb 4-1: Product: syz [ 1124.054608][T16314] usb 4-1: Manufacturer: syz [ 1124.066013][T16314] usb 4-1: SerialNumber: syz [ 1124.147404][T16314] usb 4-1: config 0 descriptor?? [ 1124.344095][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1124.356016][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1124.364868][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1124.374645][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1124.382921][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1124.431548][T16851] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1126.225707][ T5990] usb 1-1: USB disconnect, device number 31 [ 1126.459869][T10310] Bluetooth: hci0: command tx timeout [ 1126.480352][ T5978] usb 4-1: USB disconnect, device number 27 [ 1126.611829][ T2938] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1126.811321][ T2938] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1126.949632][ T5885] usb 1-1: new full-speed USB device number 32 using dummy_hcd [ 1127.193783][ T5885] usb 1-1: config 0 has an invalid interface number: 113 but max is 0 [ 1127.241294][ T5885] usb 1-1: config 0 has no interface number 0 [ 1127.247563][ T5885] usb 1-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1128.119540][ T5885] usb 1-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1128.149924][ T5885] usb 1-1: config 0 interface 113 has no altsetting 0 [ 1128.192492][ T5885] usb 1-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1128.287370][ T5885] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1128.316126][ T5885] usb 1-1: Product: syz [ 1128.326204][ T5885] usb 1-1: Manufacturer: syz [ 1128.330893][ T5885] usb 1-1: SerialNumber: syz [ 1128.360720][ T5885] usb 1-1: config 0 descriptor?? [ 1128.382215][ C0] usb 1-1: NFC: Urb failure (status -71) [ 1128.388158][ T5885] usb 1-1: NFC: Unable to get FW version [ 1128.394530][ T5885] pn533_usb 1-1:0.113: probe with driver pn533_usb failed with error -90 [ 1128.517789][T16869] tipc: New replicast peer: 255.255.255.255 [ 1128.536535][T16869] tipc: Enabled bearer , priority 10 [ 1128.553208][T10310] Bluetooth: hci0: command tx timeout [ 1128.582713][T16870] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2950'. [ 1128.598566][T16870] tipc: Disabling bearer [ 1128.765643][ T2938] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1128.894957][ T2938] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1129.335091][T16849] chnl_net:caif_netlink_parms(): no params data found [ 1129.368920][ T2938] bridge_slave_1: left allmulticast mode [ 1129.379251][ T2938] bridge_slave_1: left promiscuous mode [ 1129.392484][ T2938] bridge0: port 2(bridge_slave_1) entered disabled state [ 1129.410310][ T2938] bridge_slave_0: left allmulticast mode [ 1129.417630][ T2938] bridge_slave_0: left promiscuous mode [ 1129.424065][ T2938] bridge0: port 1(bridge_slave_0) entered disabled state [ 1129.716245][T16885] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2953'. [ 1130.407031][ T5990] usb 1-1: USB disconnect, device number 32 [ 1130.522784][ T2938] bridge0 (unregistering): left allmulticast mode [ 1130.630123][T10310] Bluetooth: hci0: command tx timeout [ 1131.416363][ T2938] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1131.603256][ T2938] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1131.613942][ T2938] bond0 (unregistering): Released all slaves [ 1131.652757][T16883] bridge_slave_0: entered promiscuous mode [ 1131.660406][T16883] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 1131.789051][ T2938] tipc: Left network mode [ 1131.849706][T16900] tipc: Enabled bearer , priority 0 [ 1131.954536][T16900] syzkaller0: entered promiscuous mode [ 1131.960363][T16900] syzkaller0: entered allmulticast mode [ 1132.034964][T16906] syzkaller0: entered promiscuous mode [ 1132.051039][T16906] syzkaller0: entered allmulticast mode [ 1132.062866][T16900] tipc: Resetting bearer [ 1132.072992][T16898] tipc: Resetting bearer [ 1132.107744][T16898] tipc: Disabling bearer [ 1132.749789][T10310] Bluetooth: hci0: command tx timeout [ 1133.459945][ T2938] hsr_slave_0: left promiscuous mode [ 1133.494261][ T2938] hsr_slave_1: left promiscuous mode [ 1133.515038][ T2938] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1133.719726][ T2938] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1133.767379][ T2938] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1133.789048][ T2938] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1133.942107][ T2938] veth1_vlan: left promiscuous mode [ 1133.959007][ T2938] veth0_vlan: left promiscuous mode [ 1135.397499][T16935] loop0: detected capacity change from 0 to 512 [ 1135.405801][T16935] EXT4-fs (loop0): Test dummy encryption mode enabled [ 1135.432682][T16935] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 1135.447866][T16935] EXT4-fs (loop0): Errors on filesystem, clearing orphan list. [ 1135.460502][T16935] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1135.493690][ T2938] team0 (unregistering): Port device team_slave_1 removed [ 1135.985539][T16941] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 1136.071424][ T2938] team0 (unregistering): Port device team_slave_0 removed [ 1136.147023][T16647] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1138.146165][T16849] bridge0: port 1(bridge_slave_0) entered blocking state [ 1138.156073][T16849] bridge0: port 1(bridge_slave_0) entered disabled state [ 1138.163949][T16849] bridge_slave_0: entered allmulticast mode [ 1138.173802][T16849] bridge_slave_0: entered promiscuous mode [ 1138.196588][T16938] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1138.236524][T16849] bridge0: port 2(bridge_slave_1) entered blocking state [ 1138.247016][T16849] bridge0: port 2(bridge_slave_1) entered disabled state [ 1138.255637][T16849] bridge_slave_1: entered allmulticast mode [ 1138.270471][T16849] bridge_slave_1: entered promiscuous mode [ 1138.780161][T16849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1139.064998][T16849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1139.571039][T16849] team0: Port device team_slave_0 added [ 1139.617545][T16849] team0: Port device team_slave_1 added [ 1139.776863][T16849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1139.842538][T16849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1140.059516][T16849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1140.372480][T16849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1140.382034][T16849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1140.418567][T16849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1140.625791][ T2938] IPVS: stop unused estimator thread 0... [ 1140.637799][T16849] hsr_slave_0: entered promiscuous mode [ 1140.648614][T16849] hsr_slave_1: entered promiscuous mode [ 1140.657886][T16849] debugfs: 'hsr0' already exists in 'hsr' [ 1140.666742][T16849] Cannot create hsr debugfs directory [ 1142.022263][T16995] program syz.0.2977 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1142.186103][T16849] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1142.207497][T16849] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1142.316665][T16849] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1142.336047][T16849] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1142.984450][T16849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1143.066297][T16849] 8021q: adding VLAN 0 to HW filter on device team0 [ 1143.084477][T16972] bridge0: port 1(bridge_slave_0) entered blocking state [ 1143.091769][T16972] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1143.173069][T16972] bridge0: port 2(bridge_slave_1) entered blocking state [ 1143.180300][T16972] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1143.414910][T16849] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1145.338925][T16849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1145.973847][T17042] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2985'. [ 1147.253468][T16849] veth0_vlan: entered promiscuous mode [ 1147.340600][T16849] veth1_vlan: entered promiscuous mode [ 1147.605522][T16849] veth0_macvtap: entered promiscuous mode [ 1147.632417][T16849] veth1_macvtap: entered promiscuous mode [ 1147.736459][T16849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1147.801973][T16849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1147.867352][ T1150] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1147.892802][ T1150] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1148.056683][ T1150] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1148.128292][ T1150] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1148.650463][ T6102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1148.693363][ T6102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1149.183031][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1149.201828][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1149.325337][T17078] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2991'. [ 1150.267392][T17091] syzkaller0: entered promiscuous mode [ 1150.273119][T17091] syzkaller0: entered allmulticast mode [ 1152.344604][ T5826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1152.353602][ T5826] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1152.399644][ T5826] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1152.417952][ T5826] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1152.439704][ T5826] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1153.944663][T17103] chnl_net:caif_netlink_parms(): no params data found [ 1153.959625][T10078] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 1154.123423][T10078] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1154.150763][T10078] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1154.164511][T10078] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1154.182973][T10078] usb 2-1: Product: syz [ 1154.193022][T10078] usb 2-1: Manufacturer: syz [ 1154.230820][T10078] usb 2-1: SerialNumber: syz [ 1154.254145][T10078] usb 2-1: config 0 descriptor?? [ 1154.536838][T17103] bridge0: port 1(bridge_slave_0) entered blocking state [ 1154.540368][T10310] Bluetooth: hci1: command tx timeout [ 1154.571362][T17103] bridge0: port 1(bridge_slave_0) entered disabled state [ 1154.589264][T17103] bridge_slave_0: entered allmulticast mode [ 1154.621997][T17103] bridge_slave_0: entered promiscuous mode [ 1154.836072][T17103] bridge0: port 2(bridge_slave_1) entered blocking state [ 1154.868417][T17103] bridge0: port 2(bridge_slave_1) entered disabled state [ 1154.894769][T17103] bridge_slave_1: entered allmulticast mode [ 1154.931566][T17103] bridge_slave_1: entered promiscuous mode [ 1155.208563][T17103] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1155.259697][T17103] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1155.674277][T17103] team0: Port device team_slave_0 added [ 1155.773273][T17103] team0: Port device team_slave_1 added [ 1156.027415][T17103] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1156.044323][T17103] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1156.113040][T17103] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1156.163033][T17103] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1156.246414][T17103] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1156.335274][T17103] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1156.526243][T17103] hsr_slave_0: entered promiscuous mode [ 1156.571035][T17103] hsr_slave_1: entered promiscuous mode [ 1156.580255][T17103] debugfs: 'hsr0' already exists in 'hsr' [ 1156.599555][T17103] Cannot create hsr debugfs directory [ 1156.619760][T10310] Bluetooth: hci1: command tx timeout [ 1156.630301][ T793] usb 2-1: USB disconnect, device number 31 [ 1157.078238][T17148] syzkaller0: entered promiscuous mode [ 1157.094059][T17148] syzkaller0: entered allmulticast mode [ 1157.155384][T17145] fuse: Bad value for 'fd' [ 1157.436293][T17103] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1157.611758][T17103] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1158.104354][T17103] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1158.150002][T17156] bridge0: entered allmulticast mode [ 1158.254492][T17103] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1158.699551][T10310] Bluetooth: hci1: command tx timeout [ 1159.296412][T17103] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1159.408529][T17103] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1159.434488][T17103] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1159.496425][T17103] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1159.939775][T17103] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1160.024195][T17103] 8021q: adding VLAN 0 to HW filter on device team0 [ 1160.124747][T16835] bridge0: port 1(bridge_slave_0) entered blocking state [ 1160.132043][T16835] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1160.213390][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state [ 1160.220679][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1160.867792][T10310] Bluetooth: hci1: command tx timeout [ 1161.208946][T17190] syzkaller0: entered promiscuous mode [ 1161.218794][T17190] syzkaller0: entered allmulticast mode [ 1161.630999][T17103] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1161.948829][T17103] veth0_vlan: entered promiscuous mode [ 1162.015628][T17103] veth1_vlan: entered promiscuous mode [ 1162.182194][T17103] veth0_macvtap: entered promiscuous mode [ 1162.305228][T17103] veth1_macvtap: entered promiscuous mode [ 1162.363999][T17103] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1162.520079][T17103] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1162.546052][ T6102] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1162.564245][ T6102] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1162.581018][ T6102] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1162.893850][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1163.020149][ T5894] usb 5-1: new full-speed USB device number 25 using dummy_hcd [ 1163.364916][ T5894] usb 5-1: config 0 has an invalid interface number: 113 but max is 0 [ 1163.422619][ T5894] usb 5-1: config 0 has no interface number 0 [ 1163.467149][ T5894] usb 5-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1163.486585][T16835] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1163.505300][T16835] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1163.529625][ T5894] usb 5-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1163.586281][ T5894] usb 5-1: config 0 interface 113 has no altsetting 0 [ 1164.320043][ T793] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 1164.380834][ T5894] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1164.402417][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1164.420319][ T2938] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1164.448841][ T2938] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1164.602778][ T793] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1164.659561][ T5894] usb 5-1: Product: syz [ 1164.670410][ T793] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1164.688624][ T793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1164.697237][ T5894] usb 5-1: Manufacturer: syz [ 1164.734679][ T5894] usb 5-1: SerialNumber: syz [ 1164.741943][ T793] usb 2-1: Product: syz [ 1164.752146][ T793] usb 2-1: Manufacturer: syz [ 1164.760989][ T5894] usb 5-1: config 0 descriptor?? [ 1164.770821][ T793] usb 2-1: SerialNumber: syz [ 1164.778711][ T793] usb 2-1: config 0 descriptor?? [ 1164.793692][ C1] usb 5-1: NFC: Urb failure (status -71) [ 1164.799611][ T5894] usb 5-1: NFC: Unable to get FW version [ 1164.819817][ T5894] pn533_usb 5-1:0.113: probe with driver pn533_usb failed with error -90 [ 1165.420660][T17231] Cannot find set identified by id 65534 to match [ 1165.578497][T17239] syzkaller0: entered promiscuous mode [ 1165.586013][T17239] syzkaller0: entered allmulticast mode [ 1166.822524][ T5917] usb 5-1: USB disconnect, device number 25 [ 1167.051524][ T5826] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1167.064329][ T5826] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1167.074415][ T5826] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1167.085749][ T5826] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1167.137027][ T5826] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1167.660648][ T10] usb 2-1: USB disconnect, device number 32 [ 1168.853995][T17250] chnl_net:caif_netlink_parms(): no params data found [ 1169.271445][ T5826] Bluetooth: hci3: command tx timeout [ 1169.500843][T17250] bridge0: port 1(bridge_slave_0) entered blocking state [ 1169.541094][T17250] bridge0: port 1(bridge_slave_0) entered disabled state [ 1169.558667][T17250] bridge_slave_0: entered allmulticast mode [ 1169.571909][T17250] bridge_slave_0: entered promiscuous mode [ 1169.604722][T17250] bridge0: port 2(bridge_slave_1) entered blocking state [ 1169.812205][T17250] bridge0: port 2(bridge_slave_1) entered disabled state [ 1169.836106][T17250] bridge_slave_1: entered allmulticast mode [ 1170.009538][T17250] bridge_slave_1: entered promiscuous mode [ 1170.121832][T17280] loop4: detected capacity change from 0 to 512 [ 1170.149632][T17280] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1170.286886][T17280] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 1170.351854][T17250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1170.384511][T17280] EXT4-fs (loop4): Errors on filesystem, clearing orphan list. [ 1170.403500][T17250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1170.416994][T17280] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1170.774866][T17284] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 1171.071221][T17250] team0: Port device team_slave_0 added [ 1171.101078][T17250] team0: Port device team_slave_1 added [ 1171.283754][T16849] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1171.320691][T17250] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1171.333449][T17250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1171.362332][ T5826] Bluetooth: hci3: command tx timeout [ 1171.479599][T17250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1171.519013][T17250] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1171.536829][T17250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1171.811893][T17250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1172.177804][T17250] hsr_slave_0: entered promiscuous mode [ 1172.196572][T17250] hsr_slave_1: entered promiscuous mode [ 1172.252689][T17250] debugfs: 'hsr0' already exists in 'hsr' [ 1172.510852][T17250] Cannot create hsr debugfs directory [ 1173.419814][ T5826] Bluetooth: hci3: command tx timeout [ 1173.537041][T17250] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1173.952595][T17250] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1174.190824][T17250] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1174.469723][ T10] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 1174.597656][T17250] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1174.778740][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 1174.818685][ T10] usb 5-1: config 0 has no interfaces? [ 1174.835954][ T10] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1174.914885][ T10] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1174.983999][ T10] usb 5-1: Manufacturer: syz [ 1174.990853][ T10] usb 5-1: config 0 descriptor?? [ 1175.450967][ T6228] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1175.506943][ T5826] Bluetooth: hci3: command tx timeout [ 1175.572772][T17250] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1175.616871][T17250] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1175.669982][ T6228] usb 3-1: Using ep0 maxpacket: 16 [ 1175.685974][ T6228] usb 3-1: config 0 has no interfaces? [ 1175.693433][ T6228] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1175.734369][T17250] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1175.749728][ T6228] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1175.782613][ T6228] usb 3-1: Manufacturer: syz [ 1175.834462][ T6228] usb 3-1: config 0 descriptor?? [ 1175.848113][T17250] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1176.245368][T17250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1176.317761][T17250] 8021q: adding VLAN 0 to HW filter on device team0 [ 1176.371981][T16835] bridge0: port 1(bridge_slave_0) entered blocking state [ 1176.379299][T16835] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1176.532537][T16835] bridge0: port 2(bridge_slave_1) entered blocking state [ 1176.539851][T16835] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1177.686134][T17250] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1177.843720][T17250] veth0_vlan: entered promiscuous mode [ 1177.869126][T17250] veth1_vlan: entered promiscuous mode [ 1177.976505][ T5917] usb 5-1: USB disconnect, device number 26 [ 1178.252911][T17250] veth0_macvtap: entered promiscuous mode [ 1178.353083][T17250] veth1_macvtap: entered promiscuous mode [ 1178.511305][T17250] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1178.534327][ T5917] usb 3-1: USB disconnect, device number 33 [ 1178.546010][T17250] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1178.663759][T17311] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1178.701136][T17311] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1178.751522][T17311] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1178.766798][T17311] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1179.382130][T17363] openvswitch: netlink: Actions may not be safe on all matching packets [ 1179.709840][T16872] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 1179.750653][T17368] openvswitch: netlink: Actions may not be safe on all matching packets [ 1180.036458][T16872] usb 1-1: device descriptor read/64, error -71 [ 1180.079638][ T5978] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 1180.178531][ T7099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1180.196701][ T7099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1180.229574][ T5978] usb 2-1: device descriptor read/64, error -71 [ 1180.279636][T16872] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 1180.318877][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1180.338815][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1180.440746][T16872] usb 1-1: device descriptor read/64, error -71 [ 1180.480360][ T5978] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 1180.550539][T16872] usb usb1-port1: attempt power cycle [ 1180.679547][ T5978] usb 2-1: device descriptor read/64, error -71 [ 1180.820038][ T5978] usb usb2-port1: attempt power cycle [ 1180.953004][T16872] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 1181.000821][T16872] usb 1-1: device descriptor read/8, error -71 [ 1181.210472][ T5978] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 1181.293796][ T5978] usb 2-1: device descriptor read/8, error -71 [ 1181.309749][T16872] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 1181.435484][T16872] usb 1-1: device descriptor read/8, error -71 [ 1181.569945][T16872] usb usb1-port1: unable to enumerate USB device [ 1181.745313][ T5978] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 1181.806508][ T5978] usb 2-1: device descriptor read/8, error -71 [ 1181.929959][ T5978] usb usb2-port1: unable to enumerate USB device [ 1182.627936][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1184.099261][T17402] program syz.1.3056 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1184.615581][T17408] program syz.0.3057 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1185.450984][T17411] syz_tun: entered allmulticast mode [ 1185.709570][ T9031] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 1185.929630][ T9031] usb 5-1: Using ep0 maxpacket: 32 [ 1185.971790][ T9031] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1185.989617][ T9031] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1186.029945][ T9031] usb 5-1: config 1 has no interface number 1 [ 1186.049647][ T9031] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1186.084617][ T9031] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1186.114262][ T9031] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1186.140092][ T9031] usb 5-1: Product: syz [ 1186.159834][ T9031] usb 5-1: Manufacturer: syz [ 1186.164494][ T9031] usb 5-1: SerialNumber: syz [ 1186.416753][T17410] syz_tun: left allmulticast mode [ 1186.417038][ T9031] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 1186.471047][ T9031] usb 5-1: 2:1 : format type 6 is not supported yet [ 1186.567096][ T9031] usb 5-1: USB disconnect, device number 27 [ 1186.864137][T17430] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3061'. [ 1189.564528][T17451] loop4: detected capacity change from 0 to 2560 [ 1189.668962][T17451] Buffer I/O error on dev loop4, logical block 0, lost async page write [ 1189.707680][T17451] Buffer I/O error on dev loop4, logical block 1, lost async page write [ 1189.730221][T17451] Buffer I/O error on dev loop4, logical block 2, lost async page write [ 1189.757707][T17451] Buffer I/O error on dev loop4, logical block 3, lost async page write [ 1189.906673][T17451] Buffer I/O error on dev loop4, logical block 4, lost async page write [ 1190.031650][T17451] Buffer I/O error on dev loop4, logical block 5, lost async page write [ 1190.249914][T17451] Buffer I/O error on dev loop4, logical block 6, lost async page write [ 1190.289763][T17451] Buffer I/O error on dev loop4, logical block 7, lost async page write [ 1190.300632][T17451] Buffer I/O error on dev loop4, logical block 8, lost async page write [ 1190.329753][T17451] Buffer I/O error on dev loop4, logical block 9, lost async page write [ 1191.398499][T17468] tipc: Enabled bearer , priority 0 [ 1191.574428][T17468] syzkaller0: entered promiscuous mode [ 1191.612101][T17468] syzkaller0: entered allmulticast mode [ 1191.646373][T17468] tipc: Resetting bearer [ 1191.696532][T17467] tipc: Resetting bearer [ 1192.109737][ T5917] usb 1-1: new full-speed USB device number 37 using dummy_hcd [ 1192.655504][ T5917] usb 1-1: config 0 has an invalid interface number: 113 but max is 0 [ 1192.685116][ T5917] usb 1-1: config 0 has no interface number 0 [ 1192.960216][ T5917] usb 1-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1192.972472][ T5917] usb 1-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1192.982907][ T5917] usb 1-1: config 0 interface 113 has no altsetting 0 [ 1193.105572][ T5917] usb 1-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1193.120320][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1193.143699][ T5917] usb 1-1: Product: syz [ 1193.147937][ T5917] usb 1-1: Manufacturer: syz [ 1193.153534][ T5917] usb 1-1: SerialNumber: syz [ 1193.168491][ T5917] usb 1-1: config 0 descriptor?? [ 1193.241596][ C0] usb 1-1: NFC: Urb failure (status -71) [ 1193.249180][ T5917] usb 1-1: NFC: Unable to get FW version [ 1193.288970][ T5917] pn533_usb 1-1:0.113: probe with driver pn533_usb failed with error -90 [ 1193.385197][ T5885] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1193.549600][ T5885] usb 4-1: Using ep0 maxpacket: 16 [ 1193.620041][ T5885] usb 4-1: config 0 has no interfaces? [ 1193.629878][ T5885] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1193.644731][ T5885] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1193.656231][ T5885] usb 4-1: Manufacturer: syz [ 1193.712139][ T5885] usb 4-1: config 0 descriptor?? [ 1197.874418][T17467] tipc: Disabling bearer [ 1197.894380][ T9031] tipc: Node number set to 2204385387 [ 1198.032145][T16872] usb 1-1: USB disconnect, device number 37 [ 1198.496890][T17487] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1198.579714][ T6228] usb 4-1: USB disconnect, device number 28 [ 1198.796641][T17524] syzkaller0: entered promiscuous mode [ 1198.802327][T17524] syzkaller0: entered allmulticast mode [ 1199.917958][ T6228] IPVS: starting estimator thread 0... [ 1200.012254][T17539] IPVS: using max 28 ests per chain, 67200 per kthread [ 1205.246231][T17577] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3091'. [ 1206.456649][T17590] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3094'. [ 1206.720412][T17589] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 1206.769827][T17590] bridge_slave_1: left allmulticast mode [ 1206.854441][T17590] bridge_slave_1: left promiscuous mode [ 1206.885361][T17590] bridge0: port 2(bridge_slave_1) entered disabled state [ 1206.902020][T17590] bridge_slave_0: left allmulticast mode [ 1206.908254][T17590] bridge0: port 1(bridge_slave_0) entered disabled state [ 1207.938559][T17598] tipc: New replicast peer: 255.255.255.255 [ 1208.064158][T10078] usb 1-1: new full-speed USB device number 38 using dummy_hcd [ 1208.097493][T17598] tipc: Enabled bearer , priority 10 [ 1208.157588][T17602] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3097'. [ 1208.224803][T17602] tipc: Disabling bearer [ 1208.327297][T10078] usb 1-1: config 0 has an invalid interface number: 113 but max is 0 [ 1208.336137][T10078] usb 1-1: config 0 has no interface number 0 [ 1208.349173][T10078] usb 1-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1208.375050][T10078] usb 1-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1208.386479][T10078] usb 1-1: config 0 interface 113 has no altsetting 0 [ 1209.281438][T10078] usb 1-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1209.295189][T10078] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1209.303984][T10078] usb 1-1: Product: syz [ 1209.307294][T17621] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3101'. [ 1209.308273][T10078] usb 1-1: Manufacturer: syz [ 1209.370078][T17621] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3101'. [ 1209.395796][T10078] usb 1-1: SerialNumber: syz [ 1209.409681][T17621] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3101'. [ 1209.461813][T10078] usb 1-1: config 0 descriptor?? [ 1209.504174][ C0] usb 1-1: NFC: Urb failure (status -71) [ 1209.519597][T10078] usb 1-1: NFC: Unable to get FW version [ 1209.539695][T10078] pn533_usb 1-1:0.113: probe with driver pn533_usb failed with error -90 [ 1211.033743][T17634] loop2: detected capacity change from 0 to 512 [ 1211.073432][T17634] EXT4-fs (loop2): Test dummy encryption mode enabled [ 1211.112050][T17634] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 1211.169655][T17634] EXT4-fs (loop2): Errors on filesystem, clearing orphan list. [ 1211.180631][T17634] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1211.850636][T17641] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 1212.042824][T17103] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1212.445091][ T6228] usb 1-1: USB disconnect, device number 38 [ 1212.605123][T17660] tipc: Started in network mode [ 1212.613863][T17660] tipc: Node identity ac14140f, cluster identity 4711 [ 1212.626670][T17660] tipc: New replicast peer: 255.255.255.255 [ 1212.641600][T10078] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1212.645049][T17660] tipc: Enabled bearer , priority 10 [ 1212.680849][T17663] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3111'. [ 1212.692600][T17663] tipc: Disabling bearer [ 1212.777848][T17665] program syz.4.3112 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1212.990088][T16872] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 1213.201164][T10078] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1213.267180][T10078] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1213.291970][T10078] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1213.311423][T16872] usb 3-1: Using ep0 maxpacket: 8 [ 1213.328315][T10078] usb 4-1: Product: syz [ 1213.335008][T16872] usb 3-1: New USB device found, idVendor=0c45, idProduct=6128, bcdDevice=c4.6d [ 1213.345164][T16872] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1213.364492][T10078] usb 4-1: Manufacturer: syz [ 1213.371328][T16872] usb 3-1: Product: syz [ 1213.377867][T10078] usb 4-1: SerialNumber: syz [ 1213.388566][T16872] usb 3-1: Manufacturer: syz [ 1213.405237][T10078] usb 4-1: config 0 descriptor?? [ 1213.413480][T16872] usb 3-1: SerialNumber: syz [ 1213.443464][T16872] usb 3-1: config 0 descriptor?? [ 1213.498971][T16872] gspca_main: sonixj-2.14.0 probing 0c45:6128 [ 1213.891330][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 1213.891355][ T30] audit: type=1326 audit(1764329100.126:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17657 comm="syz.2.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f335078f749 code=0x7ffc0000 [ 1214.178436][T16872] gspca_sonixj: reg_w1 err -110 [ 1214.212262][ T30] audit: type=1326 audit(1764329100.126:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17657 comm="syz.2.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f335078f749 code=0x7ffc0000 [ 1214.249846][T16872] sonixj 3-1:0.0: probe with driver sonixj failed with error -110 [ 1214.295779][ T30] audit: type=1326 audit(1764329100.126:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17657 comm="syz.2.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f335078f749 code=0x7ffc0000 [ 1214.365343][ T793] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 1214.394577][ T30] audit: type=1326 audit(1764329100.126:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17657 comm="syz.2.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f335078df90 code=0x7ffc0000 [ 1214.503081][ T30] audit: type=1326 audit(1764329100.136:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17657 comm="syz.2.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f335078f749 code=0x7ffc0000 [ 1214.575571][ T30] audit: type=1326 audit(1764329100.136:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17657 comm="syz.2.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f335078f749 code=0x7ffc0000 [ 1214.622479][ T793] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1214.785267][ T793] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1214.798933][ T793] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1214.832939][ T793] usb 1-1: Product: syz [ 1214.855928][ T793] usb 1-1: Manufacturer: syz [ 1214.864487][ T30] audit: type=1326 audit(1764329100.136:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17657 comm="syz.2.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f335078f749 code=0x7ffc0000 [ 1214.942955][ T793] usb 1-1: SerialNumber: syz [ 1214.985542][ T793] usb 1-1: config 0 descriptor?? [ 1214.992713][ T30] audit: type=1326 audit(1764329100.136:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17657 comm="syz.2.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f335078f749 code=0x7ffc0000 [ 1215.095514][ T30] audit: type=1326 audit(1764329100.136:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17657 comm="syz.2.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f335078f749 code=0x7ffc0000 [ 1215.217933][ T30] audit: type=1326 audit(1764329100.136:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17657 comm="syz.2.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f335078f749 code=0x7ffc0000 [ 1216.204292][ T793] usb 3-1: USB disconnect, device number 34 [ 1216.825790][ T793] usb 4-1: USB disconnect, device number 29 [ 1217.864551][ T5990] usb 1-1: USB disconnect, device number 39 [ 1219.009900][T17712] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3123'. [ 1219.050603][T17712] bridge_slave_1: left allmulticast mode [ 1219.056330][T17712] bridge_slave_1: left promiscuous mode [ 1219.075752][T17712] bridge0: port 2(bridge_slave_1) entered disabled state [ 1219.105020][T17712] bridge_slave_0: left allmulticast mode [ 1219.122831][T17712] bridge_slave_0: left promiscuous mode [ 1219.140553][T17712] bridge0: port 1(bridge_slave_0) entered disabled state [ 1219.160474][T17718] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3124'. [ 1219.333413][T17712] bridge0 (unregistering): left allmulticast mode [ 1219.415413][T17716] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 1222.290473][T17753] loop0: detected capacity change from 0 to 512 [ 1222.323221][T17753] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 1222.334720][T17753] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 1222.352102][T17759] syzkaller0: entered promiscuous mode [ 1222.358432][T17759] syzkaller0: entered allmulticast mode [ 1222.364628][T17753] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 1222.373090][T17753] System zones: 0-2, 18-18, 34-34 [ 1222.383755][T17753] EXT4-fs error (device loop0): ext4_orphan_get:1391: comm syz.0.3135: inode #15: comm syz.0.3135: iget: illegal inode # [ 1222.398920][T17753] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.3135: couldn't read orphan inode 15 (err -117) [ 1222.497227][T17753] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1223.654100][T17768] EXT4-fs error (device loop0): ext4_lookup:1785: comm syz.0.3135: inode #15: comm syz.0.3135: iget: illegal inode # [ 1223.793394][T16647] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1224.601130][T16872] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 1225.121277][T16872] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1225.364698][T16872] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1225.374250][T16872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1225.384736][T16872] usb 1-1: Product: syz [ 1225.388950][T16872] usb 1-1: Manufacturer: syz [ 1225.398931][T16872] usb 1-1: SerialNumber: syz [ 1225.836304][T16872] usb 1-1: config 0 descriptor?? [ 1228.052840][ T5991] usb 1-1: USB disconnect, device number 40 [ 1228.084150][T10310] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1228.131722][T10310] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1228.140345][T10310] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1228.150847][T10310] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1228.162108][T10310] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1228.306369][T17814] loop0: detected capacity change from 0 to 512 [ 1228.331289][T17814] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 1228.373750][T17814] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 1228.482002][T17814] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 1228.532392][T17814] System zones: 0-2, 18-18, 34-34 [ 1228.561764][T17814] EXT4-fs error (device loop0): ext4_orphan_get:1391: comm syz.0.3150: inode #15: comm syz.0.3150: iget: illegal inode # [ 1228.759949][T17814] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.3150: couldn't read orphan inode 15 (err -117) [ 1228.892566][T17814] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1229.324066][T17826] EXT4-fs error (device loop0): ext4_lookup:1785: comm syz.0.3150: inode #15: comm syz.0.3150: iget: illegal inode # [ 1229.667161][T16647] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1229.967173][T17811] chnl_net:caif_netlink_parms(): no params data found [ 1230.262076][ T5826] Bluetooth: hci4: command tx timeout [ 1230.830203][ T5826] Bluetooth: hci5: command 0x0406 tx timeout [ 1230.861166][T17811] bridge0: port 1(bridge_slave_0) entered blocking state [ 1230.871028][T17811] bridge0: port 1(bridge_slave_0) entered disabled state [ 1230.878618][T17811] bridge_slave_0: entered allmulticast mode [ 1230.886572][T17811] bridge_slave_0: entered promiscuous mode [ 1230.927276][T17811] bridge0: port 2(bridge_slave_1) entered blocking state [ 1230.962401][T17811] bridge0: port 2(bridge_slave_1) entered disabled state [ 1231.030501][T17811] bridge_slave_1: entered allmulticast mode [ 1231.045844][T17811] bridge_slave_1: entered promiscuous mode [ 1231.337035][T17811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1231.354580][T17811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1231.631269][T17811] team0: Port device team_slave_0 added [ 1231.645699][T17811] team0: Port device team_slave_1 added [ 1231.801164][T17811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1231.828151][T17811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1231.959533][T17811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1232.112513][T17811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1232.190337][T17811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1232.288177][T17811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1232.379759][T10310] Bluetooth: hci4: command tx timeout [ 1232.751084][T17811] hsr_slave_0: entered promiscuous mode [ 1232.759832][T17811] hsr_slave_1: entered promiscuous mode [ 1232.770895][T17811] debugfs: 'hsr0' already exists in 'hsr' [ 1232.777724][T17811] Cannot create hsr debugfs directory [ 1233.452653][T17870] loop3: detected capacity change from 0 to 512 [ 1233.510499][T17870] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 1233.549579][T17870] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 1233.571919][T17873] loop4: detected capacity change from 0 to 2560 [ 1233.617543][T17873] buffer_io_error: 310 callbacks suppressed [ 1233.617561][T17873] Buffer I/O error on dev loop4, logical block 0, lost async page write [ 1233.622446][T17870] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 1233.643482][T17870] System zones: 0-2, 18-18, 34-34 [ 1233.652174][T17811] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1233.664789][T17870] EXT4-fs error (device loop3): ext4_orphan_get:1391: comm syz.3.3163: inode #15: comm syz.3.3163: iget: illegal inode # [ 1233.693338][T17873] Buffer I/O error on dev loop4, logical block 1, lost async page write [ 1233.700381][T17870] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3163: couldn't read orphan inode 15 (err -117) [ 1233.714072][T17873] Buffer I/O error on dev loop4, logical block 2, lost async page write [ 1233.723756][T17873] Buffer I/O error on dev loop4, logical block 3, lost async page write [ 1233.732475][T17870] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1233.761266][T17873] Buffer I/O error on dev loop4, logical block 4, lost async page write [ 1233.793273][T17873] Buffer I/O error on dev loop4, logical block 5, lost async page write [ 1233.793844][T17811] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1233.814223][T17873] Buffer I/O error on dev loop4, logical block 6, lost async page write [ 1233.826378][T17873] Buffer I/O error on dev loop4, logical block 7, lost async page write [ 1234.202972][T17873] Buffer I/O error on dev loop4, logical block 8, lost async page write [ 1234.286567][T17876] EXT4-fs error (device loop3): ext4_lookup:1785: comm syz.3.3163: inode #15: comm syz.3.3163: iget: illegal inode # [ 1234.319751][T17873] Buffer I/O error on dev loop4, logical block 9, lost async page write [ 1234.365111][T17811] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1234.458996][T17250] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1234.474051][ T5826] Bluetooth: hci4: command tx timeout [ 1234.602959][T17811] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1235.204524][T17811] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1235.333285][T17811] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1235.376613][T17811] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1235.415142][T17811] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1235.438099][T17894] loop0: detected capacity change from 0 to 512 [ 1235.485401][T17894] EXT4-fs (loop0): Test dummy encryption mode enabled [ 1235.515957][T17894] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 1235.534061][T17894] EXT4-fs (loop0): Errors on filesystem, clearing orphan list. [ 1235.602294][T17894] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1235.908868][T17811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1236.510466][T17811] 8021q: adding VLAN 0 to HW filter on device team0 [ 1236.518358][T17908] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 1236.540055][T10310] Bluetooth: hci4: command tx timeout [ 1236.590033][ T6649] bridge0: port 1(bridge_slave_0) entered blocking state [ 1236.597190][ T6649] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1236.693280][T16647] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1236.703949][ T6649] bridge0: port 2(bridge_slave_1) entered blocking state [ 1236.711191][ T6649] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1237.566424][T17811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1237.939996][T17811] veth0_vlan: entered promiscuous mode [ 1238.015434][T17811] veth1_vlan: entered promiscuous mode [ 1238.272122][T17811] veth0_macvtap: entered promiscuous mode [ 1238.419635][T17811] veth1_macvtap: entered promiscuous mode [ 1238.697503][T17811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1238.772362][T17811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1238.813295][T17304] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1238.889660][T17304] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1238.898564][T17304] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1238.944207][T17311] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1239.346517][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1239.389690][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1239.537325][ T6649] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1239.559230][ T6649] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1241.489763][T17958] openvswitch: netlink: Actions may not be safe on all matching packets [ 1241.810372][ T10] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 1241.989683][ T10] usb 3-1: device descriptor read/64, error -71 [ 1242.291793][ T10] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 1242.489655][ T10] usb 3-1: device descriptor read/64, error -71 [ 1242.659682][ T10] usb usb3-port1: attempt power cycle [ 1243.179600][ T10] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1243.232369][ T10] usb 3-1: device descriptor read/8, error -71 [ 1243.836478][ T10] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 1243.896305][T17974] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3186'. [ 1243.958718][ T10] usb 3-1: device descriptor read/8, error -71 [ 1244.069788][ T10] usb usb3-port1: unable to enumerate USB device [ 1244.133783][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1244.700023][T17983] fuse: Bad value for 'fd' [ 1245.031277][T17988] openvswitch: netlink: Actions may not be safe on all matching packets [ 1245.099615][ T5990] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 1245.282755][ T5990] usb 4-1: config 0 has an invalid interface number: 113 but max is 0 [ 1245.354880][ T5990] usb 4-1: config 0 has no interface number 0 [ 1245.368311][ T5990] usb 4-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1245.369574][ T5997] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 1245.624132][ T5990] usb 4-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1245.684003][ T5990] usb 4-1: config 0 interface 113 has no altsetting 0 [ 1245.689678][ T5997] usb 1-1: device descriptor read/64, error -71 [ 1245.711378][ T5990] usb 4-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1245.740121][ T5990] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1245.820667][ T5990] usb 4-1: Product: syz [ 1245.824882][ T5990] usb 4-1: Manufacturer: syz [ 1245.871277][ T5990] usb 4-1: SerialNumber: syz [ 1245.884842][ T5990] usb 4-1: config 0 descriptor?? [ 1245.956307][ C1] usb 4-1: NFC: Urb failure (status -71) [ 1245.969795][ T5997] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 1245.978591][ T5990] usb 4-1: NFC: Unable to get FW version [ 1246.025252][ T5990] pn533_usb 4-1:0.113: probe with driver pn533_usb failed with error -90 [ 1246.139732][ T5997] usb 1-1: device descriptor read/64, error -71 [ 1246.249885][ T5997] usb usb1-port1: attempt power cycle [ 1247.029629][ T5997] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 1247.073682][ T5997] usb 1-1: device descriptor read/8, error -71 [ 1247.321325][ T5997] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 1247.380126][ T5997] usb 1-1: device descriptor read/8, error -71 [ 1247.442220][T18000] loop2: detected capacity change from 0 to 512 [ 1247.463561][T18000] EXT4-fs (loop2): Test dummy encryption mode enabled [ 1247.493224][T18000] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 1247.509847][ T5997] usb usb1-port1: unable to enumerate USB device [ 1247.529356][T18000] EXT4-fs (loop2): Errors on filesystem, clearing orphan list. [ 1247.595920][T18000] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1247.633166][ T5990] usb 4-1: USB disconnect, device number 30 [ 1248.039811][T18003] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 1248.754915][T17103] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1249.086808][T18025] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3198'. [ 1251.022536][T18037] tipc: Started in network mode [ 1251.071221][T18037] tipc: Node identity ae39efa7e168, cluster identity 4711 [ 1251.169966][T18037] tipc: Enabled bearer , priority 0 [ 1251.261354][T10310] Bluetooth: hci0: command 0x0406 tx timeout [ 1251.442758][T18038] syzkaller0: entered promiscuous mode [ 1251.448277][T18038] syzkaller0: entered allmulticast mode [ 1251.497136][T18038] tipc: Resetting bearer [ 1251.742160][T18036] tipc: Resetting bearer [ 1253.219642][ T5997] usb 3-1: new full-speed USB device number 39 using dummy_hcd [ 1253.382151][ T5997] usb 3-1: config 0 has an invalid interface number: 113 but max is 0 [ 1253.453498][ T5997] usb 3-1: config 0 has no interface number 0 [ 1253.460730][ T5997] usb 3-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1253.506331][ T5997] usb 3-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1253.529576][ T5997] usb 3-1: config 0 interface 113 has no altsetting 0 [ 1254.063307][ T5997] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1254.078042][ T5997] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1254.108130][ T5997] usb 3-1: Product: syz [ 1254.119187][ T5997] usb 3-1: Manufacturer: syz [ 1254.135428][ T5997] usb 3-1: SerialNumber: syz [ 1254.151260][ T5997] usb 3-1: config 0 descriptor?? [ 1254.177395][ C0] usb 3-1: NFC: Urb failure (status -71) [ 1254.183545][ T5997] usb 3-1: NFC: Unable to get FW version [ 1254.189848][ T5997] pn533_usb 3-1:0.113: probe with driver pn533_usb failed with error -90 [ 1255.463805][ T5997] usb 3-1: USB disconnect, device number 39 [ 1259.348083][T18036] tipc: Disabling bearer [ 1259.357356][ T5917] tipc: Node number set to 1330769831 [ 1259.368163][T18067] tipc: Enabled bearer , priority 0 [ 1259.485683][T18068] syzkaller0: entered promiscuous mode [ 1259.509616][T18068] syzkaller0: entered allmulticast mode [ 1259.523218][T18068] tipc: Resetting bearer [ 1259.572798][T18065] tipc: Resetting bearer [ 1261.609582][ T5917] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 1261.835223][ T5917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1261.850500][ T5917] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1261.869503][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1261.887837][ T5917] usb 2-1: Product: syz [ 1261.905565][ T5917] usb 2-1: Manufacturer: syz [ 1261.958917][ T5917] usb 2-1: SerialNumber: syz [ 1262.183476][ T5917] usb 2-1: config 0 descriptor?? [ 1265.115205][T18150] fuse: Bad value for 'fd' [ 1266.958731][ T10] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 1267.149496][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 1267.158797][ T10] usb 5-1: New USB device found, idVendor=0c45, idProduct=6128, bcdDevice=c4.6d [ 1267.169587][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1267.182859][ T10] usb 5-1: Product: syz [ 1267.187099][ T10] usb 5-1: Manufacturer: syz [ 1267.192864][ T10] usb 5-1: SerialNumber: syz [ 1267.200451][T18065] tipc: Disabling bearer [ 1267.201138][ T10] usb 5-1: config 0 descriptor?? [ 1267.215466][ T10] gspca_main: sonixj-2.14.0 probing 0c45:6128 [ 1267.221971][ T792] tipc: Node number set to 2886997007 [ 1267.421238][ T792] usb 2-1: USB disconnect, device number 37 [ 1267.522888][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 1267.522909][ T30] audit: type=1326 audit(1764329153.776:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18154 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc0d8f749 code=0x7ffc0000 [ 1268.130157][ T10] gspca_sonixj: reg_w1 err -110 [ 1268.153988][ T10] sonixj 5-1:0.0: probe with driver sonixj failed with error -110 [ 1268.175621][ T30] audit: type=1326 audit(1764329153.806:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18154 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fddc0d8f749 code=0x7ffc0000 [ 1268.225915][ T30] audit: type=1326 audit(1764329153.806:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18154 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc0d8f749 code=0x7ffc0000 [ 1268.546642][ T30] audit: type=1326 audit(1764329153.806:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18154 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc0d8f749 code=0x7ffc0000 [ 1268.927932][ T30] audit: type=1326 audit(1764329153.816:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18154 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fddc0d8df90 code=0x7ffc0000 [ 1268.997162][ T30] audit: type=1326 audit(1764329153.816:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18154 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc0d8f749 code=0x7ffc0000 [ 1269.069770][ T30] audit: type=1326 audit(1764329153.856:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18154 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fddc0d8f749 code=0x7ffc0000 [ 1269.101937][ T30] audit: type=1326 audit(1764329153.866:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18154 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc0d8f749 code=0x7ffc0000 [ 1269.379599][ T30] audit: type=1326 audit(1764329153.866:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18154 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc0d8f749 code=0x7ffc0000 [ 1269.463903][ T30] audit: type=1326 audit(1764329153.866:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18154 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fddc0d8f749 code=0x7ffc0000 [ 1270.280357][T16872] usb 5-1: USB disconnect, device number 28 [ 1270.693475][T18196] fuse: Bad value for 'fd' [ 1270.910914][T18199] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3239'. [ 1271.635279][T18207] tipc: Enabled bearer , priority 0 [ 1271.706059][T18207] syzkaller0: entered promiscuous mode [ 1271.719538][T18207] syzkaller0: entered allmulticast mode [ 1271.732097][T18207] tipc: Resetting bearer [ 1271.762178][T18206] tipc: Resetting bearer [ 1273.124750][T18225] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3242'. [ 1275.627527][T18254] loop2: detected capacity change from 0 to 512 [ 1275.674821][T18254] EXT4-fs (loop2): Test dummy encryption mode enabled [ 1275.778413][T18254] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 1275.791031][T18254] EXT4-fs (loop2): Errors on filesystem, clearing orphan list. [ 1275.800837][T18254] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1275.968691][T18256] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 1276.599284][T17103] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1276.959933][T10310] Bluetooth: hci1: command 0x0406 tx timeout [ 1277.149332][T18273] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3252'. [ 1278.761339][T18286] loop4: detected capacity change from 0 to 2560 [ 1278.788997][T18286] buffer_io_error: 310 callbacks suppressed [ 1278.789020][T18286] Buffer I/O error on dev loop4, logical block 0, lost async page write [ 1278.804074][T18286] Buffer I/O error on dev loop4, logical block 1, lost async page write [ 1278.865323][T18286] Buffer I/O error on dev loop4, logical block 2, lost async page write [ 1279.498455][T18286] Buffer I/O error on dev loop4, logical block 3, lost async page write [ 1279.529777][T18286] Buffer I/O error on dev loop4, logical block 4, lost async page write [ 1279.538227][T18286] Buffer I/O error on dev loop4, logical block 5, lost async page write [ 1279.595605][T18286] Buffer I/O error on dev loop4, logical block 6, lost async page write [ 1279.666781][T18286] Buffer I/O error on dev loop4, logical block 7, lost async page write [ 1279.729816][T18286] Buffer I/O error on dev loop4, logical block 8, lost async page write [ 1279.744571][T18286] Buffer I/O error on dev loop4, logical block 9, lost async page write [ 1280.579663][ T792] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 1280.772279][ T792] usb 3-1: Using ep0 maxpacket: 16 [ 1280.787965][ T792] usb 3-1: config 0 has no interfaces? [ 1280.797750][ T792] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1280.807319][ T792] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1280.815803][ T792] usb 3-1: Manufacturer: syz [ 1280.822956][ T792] usb 3-1: config 0 descriptor?? [ 1280.902557][T18298] loop4: detected capacity change from 0 to 512 [ 1280.910759][T18298] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1280.933850][T18298] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 1280.944769][T18298] EXT4-fs (loop4): Errors on filesystem, clearing orphan list. [ 1280.967341][T18298] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1281.401290][T18300] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 1281.774185][T16849] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1283.274295][T18206] tipc: Disabling bearer [ 1283.326717][T18293] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1283.478684][ T5826] Bluetooth: hci5: unexpected event for opcode 0x0809 [ 1284.349520][ T792] usb 5-1: new full-speed USB device number 29 using dummy_hcd [ 1284.710015][ T792] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1284.724160][ T792] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4 [ 1284.758386][ T792] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1284.785842][ T792] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1284.795267][ T792] usb 5-1: Product: syz [ 1284.805426][ T792] usb 5-1: Manufacturer: syz [ 1284.815293][ T792] usb 5-1: SerialNumber: syz [ 1284.827638][ T792] usb 5-1: config 0 descriptor?? [ 1284.918631][ T792] em28xx 5-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0) [ 1284.938837][ T792] em28xx 5-1:0.0: Device initialization failed. [ 1284.956942][ T792] em28xx 5-1:0.0: Device must be connected to a high-speed USB 2.0 port. [ 1285.145421][ T792] usb 3-1: USB disconnect, device number 40 [ 1286.431510][T18348] tipc: Started in network mode [ 1286.436544][T18348] tipc: Node identity ac14140f, cluster identity 4711 [ 1286.444071][T18348] tipc: New replicast peer: 255.255.255.255 [ 1286.451077][T18348] tipc: Enabled bearer , priority 10 [ 1286.670876][ T792] usb 5-1: USB disconnect, device number 29 [ 1287.092205][T18354] tipc: Started in network mode [ 1287.097167][T18354] tipc: Node identity ac14140f, cluster identity 4711 [ 1287.719848][T18354] tipc: New replicast peer: 255.255.255.255 [ 1287.732652][T18354] tipc: Enabled bearer , priority 10 [ 1287.746599][T18347] tipc: Node number set to 2886997007 [ 1287.787401][T18355] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3273'. [ 1287.851051][T18355] tipc: Disabling bearer [ 1287.872556][T18357] bridge_slave_0: entered promiscuous mode [ 1288.410520][T18362] tipc: Enabled bearer , priority 0 [ 1288.793704][T18362] syzkaller0: entered promiscuous mode [ 1288.815146][T18362] syzkaller0: entered allmulticast mode [ 1288.825228][T18371] syz.0.3278 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1288.839937][T18362] tipc: Resetting bearer [ 1288.864840][T18361] tipc: Resetting bearer [ 1289.221579][T18371] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1292.220432][ T5826] Bluetooth: hci3: command 0x0406 tx timeout [ 1293.228754][T18361] tipc: Disabling bearer [ 1293.248460][ T792] tipc: Node number set to 2886997007 [ 1294.087183][T18170] usb 3-1: new full-speed USB device number 41 using dummy_hcd [ 1294.581865][T18170] usb 3-1: config 0 has an invalid interface number: 113 but max is 0 [ 1294.596305][T18170] usb 3-1: config 0 has no interface number 0 [ 1294.643177][T18170] usb 3-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1294.809836][T18170] usb 3-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1294.828188][T18170] usb 3-1: config 0 interface 113 has no altsetting 0 [ 1295.059616][T18170] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1295.210934][T18420] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3288'. [ 1295.224892][T18170] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1295.313016][T18170] usb 3-1: Product: syz [ 1295.326709][T18170] usb 3-1: Manufacturer: syz [ 1295.353528][T18170] usb 3-1: SerialNumber: syz [ 1295.404356][T18170] usb 3-1: config 0 descriptor?? [ 1295.421195][ C0] usb 3-1: NFC: Urb failure (status -71) [ 1295.429286][T18170] usb 3-1: NFC: Unable to get FW version [ 1295.450079][T18170] pn533_usb 3-1:0.113: probe with driver pn533_usb failed with error -90 [ 1296.159475][T18170] usb 2-1: new full-speed USB device number 38 using dummy_hcd [ 1296.341319][T18170] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1296.367353][T18170] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4 [ 1296.414292][T18170] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1296.439555][T18170] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1296.447606][T18170] usb 2-1: Product: syz [ 1296.462549][T18170] usb 2-1: Manufacturer: syz [ 1296.470335][T18170] usb 2-1: SerialNumber: syz [ 1296.485611][T18170] usb 2-1: config 0 descriptor?? [ 1296.503766][T18170] em28xx 2-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0) [ 1296.521925][T18170] em28xx 2-1:0.0: Device initialization failed. [ 1296.528327][T18170] em28xx 2-1:0.0: Device must be connected to a high-speed USB 2.0 port. [ 1297.746271][ T5916] usb 3-1: USB disconnect, device number 41 [ 1299.855291][ T5916] usb 2-1: USB disconnect, device number 38 [ 1300.072298][T18493] binder: 18492:18493 ioctl c0306201 200000000040 returned -11 [ 1300.091239][T18493] binder: 18492:18493 ioctl c0306201 200000000640 returned -22 [ 1300.469740][T18170] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1300.599627][ T5894] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 1300.649542][T18170] usb 4-1: Using ep0 maxpacket: 8 [ 1300.659965][T18170] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1300.672530][T18170] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2 [ 1300.689448][T18170] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1300.697631][T18170] usb 4-1: Product: syz [ 1300.701900][T18170] usb 4-1: Manufacturer: syz [ 1300.706527][T18170] usb 4-1: SerialNumber: syz [ 1300.721912][T18170] usb 4-1: config 0 descriptor?? [ 1300.775885][ T5894] usb 3-1: New USB device found, idVendor=05d1, idProduct=2021, bcdDevice=31.00 [ 1300.797928][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1300.807059][ T5894] usb 3-1: Product: syz [ 1300.811958][ T5894] usb 3-1: Manufacturer: syz [ 1300.816706][ T5894] usb 3-1: SerialNumber: syz [ 1300.825774][ T5894] usb 3-1: config 0 descriptor?? [ 1300.835491][ T5894] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 1300.858807][ T5894] usb 3-1: Detected FT4232HP [ 1303.096898][T18504] ================================================================== [ 1303.105030][T18504] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40 [ 1303.112589][T18504] Read of size 1 at addr ffff8881456d0d98 by task syz.2.3323/18504 [ 1303.120536][T18504] [ 1303.122911][T18504] CPU: 0 UID: 0 PID: 18504 Comm: syz.2.3323 Not tainted syzkaller #0 PREEMPT(full) [ 1303.122939][T18504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1303.122962][T18504] Call Trace: [ 1303.122972][T18504] [ 1303.122982][T18504] dump_stack_lvl+0x189/0x250 [ 1303.123013][T18504] ? __virt_addr_valid+0x1c8/0x5c0 [ 1303.123043][T18504] ? rcu_is_watching+0x15/0xb0 [ 1303.123069][T18504] ? __kasan_check_byte+0x12/0x40 [ 1303.123095][T18504] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1303.123119][T18504] ? rcu_is_watching+0x15/0xb0 [ 1303.123144][T18504] ? lock_release+0x4b/0x3b0 [ 1303.123167][T18504] ? __virt_addr_valid+0x1c8/0x5c0 [ 1303.123195][T18504] ? __virt_addr_valid+0x4a5/0x5c0 [ 1303.123226][T18504] print_report+0xca/0x240 [ 1303.123247][T18504] ? _raw_spin_lock+0x2e/0x40 [ 1303.123266][T18504] kasan_report+0x118/0x150 [ 1303.123292][T18504] ? _raw_spin_lock+0x2e/0x40 [ 1303.123315][T18504] ? mqueue_flush_file+0x49/0x270 [ 1303.123340][T18504] __kasan_check_byte+0x2a/0x40 [ 1303.123365][T18504] lock_acquire+0x84/0x340 [ 1303.123391][T18504] ? __pfx_mqueue_flush_file+0x10/0x10 [ 1303.123416][T18504] _raw_spin_lock+0x2e/0x40 [ 1303.123435][T18504] ? mqueue_flush_file+0x49/0x270 [ 1303.123459][T18504] mqueue_flush_file+0x49/0x270 [ 1303.123484][T18504] ? filp_flush+0xae/0x190 [ 1303.123515][T18504] ? __pfx_mqueue_flush_file+0x10/0x10 [ 1303.123546][T18504] filp_flush+0xbd/0x190 [ 1303.123575][T18504] filp_close+0x1d/0x40 [ 1303.123602][T18504] __se_sys_close_range+0x359/0x650 [ 1303.123633][T18504] ? __pfx___se_sys_close_range+0x10/0x10 [ 1303.123665][T18504] do_syscall_64+0xfa/0xf80 [ 1303.123689][T18504] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1303.123710][T18504] ? clear_bhb_loop+0x60/0xb0 [ 1303.123734][T18504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1303.123760][T18504] RIP: 0033:0x7f335078f749 [ 1303.123783][T18504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1303.123803][T18504] RSP: 002b:00007fffd8b42e68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1303.123826][T18504] RAX: ffffffffffffffda RBX: 00007f33509e7da0 RCX: 00007f335078f749 [ 1303.123843][T18504] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1303.123856][T18504] RBP: 00007f33509e7da0 R08: 0000000000000294 R09: 0000001dd8b4315f [ 1303.123871][T18504] R10: 00000000003ffb48 R11: 0000000000000246 R12: 000000000013e641 [ 1303.123884][T18504] R13: 00007f33509e6090 R14: ffffffffffffffff R15: 00007fffd8b42f80 [ 1303.123910][T18504] [ 1303.123917][T18504] [ 1303.374460][T18504] Allocated by task 18508: [ 1303.378924][T18504] kasan_save_track+0x3e/0x80 [ 1303.383666][T18504] __kasan_slab_alloc+0x6c/0x80 [ 1303.388531][T18504] kmem_cache_alloc_lru_noprof+0x36c/0x6e0 [ 1303.394366][T18504] mqueue_alloc_inode+0x28/0x40 [ 1303.399236][T18504] alloc_inode+0x6a/0x1b0 [ 1303.403620][T18504] new_inode+0x22/0x170 [ 1303.407792][T18504] mqueue_get_inode+0x27/0xb50 [ 1303.412582][T18504] mqueue_create_attr+0x1ac/0x2e0 [ 1303.417622][T18504] vfs_mkobj+0xcf/0x290 [ 1303.421800][T18504] do_mq_open+0x60d/0x7c0 [ 1303.426168][T18504] __x64_sys_mq_open+0x16a/0x1c0 [ 1303.431116][T18504] do_syscall_64+0xfa/0xf80 [ 1303.435638][T18504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1303.441544][T18504] [ 1303.443882][T18504] Freed by task 16972: [ 1303.447951][T18504] kasan_save_track+0x3e/0x80 [ 1303.452709][T18504] kasan_save_free_info+0x46/0x50 [ 1303.457755][T18504] __kasan_slab_free+0x5c/0x80 [ 1303.462528][T18504] kmem_cache_free+0x197/0x620 [ 1303.467312][T18504] rcu_core+0xd70/0x1870 [ 1303.471572][T18504] handle_softirqs+0x27d/0x850 [ 1303.476349][T18504] __irq_exit_rcu+0xca/0x1f0 [ 1303.480958][T18504] irq_exit_rcu+0x9/0x30 [ 1303.485208][T18504] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1303.490855][T18504] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1303.496851][T18504] [ 1303.499198][T18504] Last potentially related work creation: [ 1303.504938][T18504] kasan_save_stack+0x3e/0x60 [ 1303.509639][T18504] kasan_record_aux_stack+0xbd/0xd0 [ 1303.514917][T18504] call_rcu+0x157/0x9c0 [ 1303.519195][T18504] evict+0x931/0xae0 [ 1303.523111][T18504] __se_sys_mq_unlink+0x2c5/0x360 [ 1303.528161][T18504] do_syscall_64+0xfa/0xf80 [ 1303.532687][T18504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1303.538594][T18504] [ 1303.540928][T18504] The buggy address belongs to the object at ffff8881456d0d80 [ 1303.540928][T18504] which belongs to the cache mqueue_inode_cache of size 1576 [ 1303.555692][T18504] The buggy address is located 24 bytes inside of [ 1303.555692][T18504] freed 1576-byte region [ffff8881456d0d80, ffff8881456d13a8) [ 1303.569522][T18504] [ 1303.571871][T18504] The buggy address belongs to the physical page: [ 1303.578323][T18504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8881456d1440 pfn:0x1456d0 [ 1303.588507][T18504] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1303.597018][T18504] memcg:ffff88814d5baf01 [ 1303.601274][T18504] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 1303.608926][T18504] page_type: f5(slab) [ 1303.612924][T18504] raw: 057ff00000000040 ffff8881466cfb40 dead000000000122 0000000000000000 [ 1303.621523][T18504] raw: ffff8881456d1440 000000008012000d 00000000f5000000 ffff88814d5baf01 [ 1303.630127][T18504] head: 057ff00000000040 ffff8881466cfb40 dead000000000122 0000000000000000 [ 1303.638817][T18504] head: ffff8881456d1440 000000008012000d 00000000f5000000 ffff88814d5baf01 [ 1303.647508][T18504] head: 057ff00000000003 ffffea000515b401 00000000ffffffff 00000000ffffffff [ 1303.656188][T18504] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1303.664864][T18504] page dumped because: kasan: bad access detected [ 1303.671322][T18504] page_owner tracks the page as allocated [ 1303.677043][T18504] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 8687859070, free_ts 0 [ 1303.696675][T18504] post_alloc_hook+0x234/0x290 [ 1303.701474][T18504] get_page_from_freelist+0x2365/0x2440 [ 1303.707041][T18504] __alloc_frozen_pages_noprof+0x181/0x370 [ 1303.712864][T18504] alloc_pages_mpol+0x232/0x4a0 [ 1303.717733][T18504] allocate_slab+0x86/0x3b0 [ 1303.722254][T18504] ___slab_alloc+0xf2b/0x1960 [ 1303.726943][T18504] __slab_alloc+0x65/0x100 [ 1303.731425][T18504] kmem_cache_alloc_lru_noprof+0x3fe/0x6e0 [ 1303.737266][T18504] mqueue_alloc_inode+0x28/0x40 [ 1303.742141][T18504] alloc_inode+0x6a/0x1b0 [ 1303.746485][T18504] new_inode+0x22/0x170 [ 1303.750658][T18504] mqueue_fill_super+0xdc/0x380 [ 1303.755523][T18504] get_tree_nodev+0xbb/0x150 [ 1303.760118][T18504] vfs_get_tree+0x92/0x2a0 [ 1303.764546][T18504] fc_mount_longterm+0x1c/0x100 [ 1303.769412][T18504] mq_init_ns+0x275/0x360 [ 1303.773782][T18504] page_owner free stack trace missing [ 1303.779176][T18504] [ 1303.781519][T18504] Memory state around the buggy address: [ 1303.787165][T18504] ffff8881456d0c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 1303.795247][T18504] ffff8881456d0d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1303.803320][T18504] >ffff8881456d0d80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1303.811385][T18504] ^ [ 1303.816252][T18504] ffff8881456d0e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1303.824328][T18504] ffff8881456d0e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1303.832401][T18504] ================================================================== [ 1303.842261][T18504] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1303.849530][T18504] CPU: 0 UID: 0 PID: 18504 Comm: syz.2.3323 Not tainted syzkaller #0 PREEMPT(full) [ 1303.858935][T18504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1303.869025][T18504] Call Trace: [ 1303.872360][T18504] [ 1303.875312][T18504] dump_stack_lvl+0x99/0x250 [ 1303.879942][T18504] ? __asan_memcpy+0x40/0x70 [ 1303.884583][T18504] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1303.889812][T18504] ? __pfx__printk+0x10/0x10 [ 1303.894447][T18504] vpanic+0x237/0x6d0 [ 1303.898474][T18504] ? __pfx_vpanic+0x10/0x10 [ 1303.903017][T18504] ? irqentry_exit+0x5dd/0x660 [ 1303.907818][T18504] ? trace_irq_disable+0x37/0x100 [ 1303.912901][T18504] panic+0xb9/0xc0 [ 1303.916677][T18504] ? __pfx_panic+0x10/0x10 [ 1303.921141][T18504] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 1303.927085][T18504] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1303.933481][T18504] ? _raw_spin_lock+0x2e/0x40 [ 1303.938188][T18504] check_panic_on_warn+0x89/0xb0 [ 1303.943153][T18504] ? _raw_spin_lock+0x2e/0x40 [ 1303.947852][T18504] end_report+0x6f/0x140 [ 1303.952125][T18504] kasan_report+0x129/0x150 [ 1303.956654][T18504] ? _raw_spin_lock+0x2e/0x40 [ 1303.961353][T18504] ? mqueue_flush_file+0x49/0x270 [ 1303.966392][T18504] __kasan_check_byte+0x2a/0x40 [ 1303.971260][T18504] lock_acquire+0x84/0x340 [ 1303.975700][T18504] ? __pfx_mqueue_flush_file+0x10/0x10 [ 1303.981184][T18504] _raw_spin_lock+0x2e/0x40 [ 1303.985788][T18504] ? mqueue_flush_file+0x49/0x270 [ 1303.990834][T18504] mqueue_flush_file+0x49/0x270 [ 1303.995731][T18504] ? filp_flush+0xae/0x190 [ 1304.000198][T18504] ? __pfx_mqueue_flush_file+0x10/0x10 [ 1304.005692][T18504] filp_flush+0xbd/0x190 [ 1304.009988][T18504] filp_close+0x1d/0x40 [ 1304.014169][T18504] __se_sys_close_range+0x359/0x650 [ 1304.019395][T18504] ? __pfx___se_sys_close_range+0x10/0x10 [ 1304.025152][T18504] do_syscall_64+0xfa/0xf80 [ 1304.029705][T18504] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1304.035810][T18504] ? clear_bhb_loop+0x60/0xb0 [ 1304.040532][T18504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1304.046541][T18504] RIP: 0033:0x7f335078f749 [ 1304.050975][T18504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1304.070607][T18504] RSP: 002b:00007fffd8b42e68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1304.079058][T18504] RAX: ffffffffffffffda RBX: 00007f33509e7da0 RCX: 00007f335078f749 [ 1304.087054][T18504] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1304.095217][T18504] RBP: 00007f33509e7da0 R08: 0000000000000294 R09: 0000001dd8b4315f [ 1304.103298][T18504] R10: 00000000003ffb48 R11: 0000000000000246 R12: 000000000013e641 [ 1304.111291][T18504] R13: 00007f33509e6090 R14: ffffffffffffffff R15: 00007fffd8b42f80 [ 1304.119289][T18504] [ 1304.122731][T18504] Kernel Offset: disabled [ 1304.127128][T18504] Rebooting in 86400 seconds..