last executing test programs: 17m12.041691801s ago: executing program 0 (id=157): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x25) write(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r3 = syz_open_dev$video(&(0x7f0000000040), 0x1002000000000003, 0x101002) ioctl$VIDIOC_S_FMT(r3, 0xc0d05640, &(0x7f0000000340)={0xa, @pix={0x0, 0x3, 0x0, 0x3, 0x0, 0x4, 0x9, 0xfeedcafe, 0x3, 0x0, 0x8002, 0x4}}) 17m10.808472367s ago: executing program 0 (id=159): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15) 17m10.604690539s ago: executing program 0 (id=162): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x3, 0x0, &(0x7f00000002c0)="00154e", &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000)) socket$netlink(0x10, 0x3, 0x14) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@enum64={0x6, 0x0, 0x0, 0x13, 0x0, 0x2}]}, {0x0, [0x6f, 0x2e, 0x2e, 0x2e, 0x5f]}}, 0x0, 0x2b, 0x0, 0x1, 0x8000}, 0x28) 17m8.495481648s ago: executing program 0 (id=164): syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000004c0)={[{}]}, 0x1, 0x453, &(0x7f0000001040)="$eJzs3U9sFFUcB/DvbrslAbRg/IP4r4JKEaW2NUESTCTKSS4GE88NLYRYqKE1EUKMJh68eTHx7EG5eeTgyXjAoyZ48aaejJEYIvGk1sx2ly5lt3RD26nu55PM7pud132/mdffzO7ryzRAzxoqHirJ1iTfJxlcWL25wtDC0/VrF47/ee3C8Urm54/9XqnX++PahePNqs2f21I8VJPhalL9oJKH2rQ7e+78mxPT01NnG+sjc6ffGpk9d/7ZU6cnTk6dnDozeuDgC+OjB8bGx1dtX1+9+O6xLa+9dOSjySu/zVz86csi3q2Nba37sVqGMnTzsWzx1Go3VrL7WsqV/hIDoSt9SYruqtXzfzB9Wey8wXzzY6nBAWtqvrCp4+b35oH/sUrKjgAoR/NCX3z/bS7r9dmD8l09vPAFsOj3641lYUt/qo06tSXf71fTUJJDl458USxZo3EYAAAAgF721eEkz7Qb/6vm/pZ6RfmBJDuSPJhkZ1Kf1/NwkkeSPJrkseZ8oi4srb90/KfSaQINq+Lq4eRQY27XzeN/zdG/bOtrrN1VrKRWOXFqeuq5JHcnGU5tU7E+ukwbl7/957tO21rH/4qlaL85FtiI49f+JX+fnpyYm7iTfWbR1feTnf3t+r9yYyZQkYKPJ9nVzRvXFos/79p7slO12/c/a2n+02RP2/xvnHivHKw/LTM/c6R+PhhpnhVu9eHo2Cud2tf/5Sryf/Ny/Z9sq7TO153tvo3LOy692Glb9+f/Hz4rzv8DldfrAQ40Xn1nYm7u7GgyUDl66+tj3cf839b5Q1PzeDSPV9H/w7vbX//vaXm33UmeSPJkY+7ynvq1P9mb5Okk+5aJ5u+XD7zRaZv8L1fR/5Nt8//G1IAl+d994dD2T452an9l+f98/Rd6uPGKz3+3t9IOKjtOAAAAAAAAAFZHtX4PvEp1/41ytbp//8I9/O7N5ur0zOzcvhMzb5+ZXLhX3rbUqs2ZXoMt80FH6+XF9bEl6+NJtif5uO+vxp0HZqYny9556HFbOuR/4Ze+sqMD1pz7tULvWkH+19YjDmD9uf5D75L/0LvkP/Qu+Q+9S/5D75L/0LtWnv8DaxoHsP5c/6En3cl9/TZaoT8bIoy2heb8qZLCaP5L/g1yNDZm4fOvk3Voqy/JRtnlZQplnpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANo5/AwAA//9EA9s8") open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x8005, 0x0, 0x12, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c67808ffbcc2542ded71038259ca171ce15f0b25e9ec32d71e14ef3dc17706008b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) 17m7.018333429s ago: executing program 0 (id=168): socket$netlink(0x10, 0x3, 0xf) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) dup(0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) gettid() ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(0xffffffffffffffff, 0xc0245720, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r3, r2, &(0x7f00000000c0)=0x58, 0x5) 17m5.946207214s ago: executing program 2 (id=170): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$unix(0x1, 0x5, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0x5}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 17m5.581779427s ago: executing program 0 (id=171): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x20040084) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bc28, 0xffffffff, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {0xffff, 0xfff1}, {0xffe0, 0xe}}}, 0x24}}, 0x0) 17m5.054124669s ago: executing program 32 (id=171): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x20040084) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bc28, 0xffffffff, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {0xffff, 0xfff1}, {0xffe0, 0xe}}}, 0x24}}, 0x0) 17m3.491178955s ago: executing program 2 (id=178): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x25) write(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r3 = syz_open_dev$video(&(0x7f0000000040), 0x1002000000000003, 0x101002) ioctl$VIDIOC_S_FMT(r3, 0xc0d05640, &(0x7f0000000340)={0xa, @pix={0x0, 0x3, 0x0, 0x3, 0x0, 0x4, 0x9, 0xfeedcafe, 0x3, 0x0, 0x8002, 0x4}}) 17m2.293781118s ago: executing program 2 (id=185): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 17m1.816162487s ago: executing program 2 (id=194): syz_mount_image$nilfs2(&(0x7f0000000480), &(0x7f0000000f00)='./file1\x00', 0x208800, &(0x7f0000003100)=ANY=[], 0x1, 0xeec, &(0x7f0000001e40)="$eJzs3U9sHNUZAPA3a6/txCZeAwUDJaTQikDBDkmkprcgoh4Rl96D8odGMWnU0ANRIKYHRCVEkSJOFQcqLpRKKVKRQJWqqKe2p1a99YR6oVKVSkE9tJESV1m/We8+e7rrsT1r7/5+0rdv37zZ+b7xRs7MePZtAIZWrfl4+PBsFsJ7n1859trJ7NM7yx5prbGv+ZjFXiOEUG/rZ8n2vogLbt24dGKtNgsHm495Pzx/vfXayRDCYtgXroVG+Hh+4auP3n9u/ydvTtz3zsWzr2/R7rek+wEAAIPo6p8W/vbEP/741MzNq3uPhvHW8pXj9WWT8bj/QFyQL6+Fzn7WFu3GkvVGYtSS9UaS9UaTPKMF+erJduoF6411yTfStmyt/QQAAICdKD+vbYSsNtfRr9Xm5pbP++/4Ynosmzt3ZuH0hT4VCgAAAJT278vNm26FEEIIIYQQQggxwLE03e8rEAAAAMCwSecLW2Vxc2fqam2t0Vv+68/W1n49bIKq//3Lv7Pyf/iG3zgAAJQ3qEeT+X7lx9H5PAbpPIIjyevWe/xfS7Yzus46i+YV7Fiebd+3qaj+9Oe6XRXVv973sV+K6k/nw9yuiupP5+ncrorqH6+4jrKK6p+ouI6yiurfVXEdZRXVv7viOsoqqn+y4jrKKqp/quI6yiqq/66K6yirqP49FddRVlH9O+W22qL6GxXXUVZR/TMV11FWUf13V1xHWUX131NxHWUV1X9vxXX0y8OxzX8Oe5Px9vPn9Jxup5zjAQAAwLD7r/n/hBBCiFXRvA9iG9QhxGBHtg1qEEKI4YnL/b4AAQAAAPRd/rmA/APoS1E+PtJlfLR9fGJlhXy83uX1Y13Gx7uMAwAAACH89q3TD7ybrXzOf6Pz4eXzRu0Kn94OJeYxSie6W2/+jc57ttH865i3zPQJAAAAVCb73rXbTx774JWZm1f3Hm07+70dz3fzeUBH4wnrZ7Gf3xcwlfSz/Bz6aGeeWsF66fWBu4q298IGdxQAAACGWH7+3ghZba7tvLsRarW5uZXz8dlQz06fWTh1IPbz72f5w3R9/M7yZyquGwAAAOjdyvn+2uf/+ff4zoaxbO7cmYXTF5b7U63l9Vr7dYHpleVZ+3WBRrL8YMHyQ7Gff3/nD6Z3NZfPnfjhwsnN3nkAAAAYEhdevXj2xYWFUz/yxBNPPGk96fdvJgAAYLN9+eWV+o8PTf1u+fP/K/Pf5Z//3xf7jTi335/jCvl9AvnnAFZ9Xv94Z57povXOd67XSNYbiTGe1D3Rtp3QnG+w83UzRfkandsZK8g3meSbSvKl8xSMJuvn+fYky9P5CfP1ppPl6eSAo0mOLMn/aAAAAIBi86+8fH7+wqsXnz7z8osvnXrp1LlDB49898iRA89855n55n398+139wMAAAA70cpNv/2uBAAAAAAAAAAAAAAAAAAAAIZXFV8n1u99BAAAgGH3r8shhEUhhCgdS+P9r0GILjG2DWoQQgghhFiO5ne7V5+31u/rDwAAAMDwuXXj0on2dpXFbFPztbbWWG5ux7x5O/X0X2fuRL7a9WdHOl6/e1OrYdhV/e9f/p2V/8M3Njf/RP6k599/ySXjo+XyPj7/y9n2/A+O9pg/3f8XyuXfn+R/PPSWf+mDJP/xcvmfSPLv7jH/qv0/Xy7/kzH/bOzvf6zX/J3v/3hs8/3Y1WP+byf7fzL0mj/Z/0aPCRNPxfwAMIwG9QaA/CghP46ejP18f+PhZhhJXrfe4/9asp3RDVfeud38OOj+2M+Pl6aSvLn11j+ZbO+uknWm0rq2q6L6N+t93GpF9dcrrqOsovrHKq6jrKL6xyuuo6yi+icqrqOsovp7PQ/tt6L6d8p15aL6Jyuuo6yi+qcqrqOsovrX+/94vxTVv6fiOsoqqn+64jrKKqq/5GW1yhXVP1NxHWUV1X93xXWUVVT/PRXXUVZR/fdWXEe/PBTbovPh/PxzOo7l/UbSH1/jZzmo1xYAAABgp/mn+f+EEEIIIUpF836ZbVBHf6Ltbrm+1yI2I/6ztKzfdQghti6Wlvp48YG+29pPMwOwXfn9P9y8/8PN+z/cvP/8P/k9/FnSz410GR/tMl7vMj6WjKf/Xse7jN+TbHcpv64Z3dtl/Gtdxvd0Gb+/y/hsl/EHuow/2GX8oS7jAAAADIf7Yuv8EAAAAAbXa7/67O3fPH78xszNq3uPhrFV884fiP3x+Lf1t2I/nfc+V49/8/9J7P8itr+P7d+T9d1/AgAAAFsv/54Yf/8HAACAwZV/T6nzfwAAABhcM7F1/g8AAACD6+7YOv8HAACAAZZNrL04tvl1gUdj2+u8fgDA9vf12D4c272xfSS234htfhzwWGy/WVF9AMDm+fn3f3rk3Wxlvv9DyfituDxvV1lcvlKQ1Tpn8t8V292x/VaP9aTfB9Br/tyeHvNsVf7pDeYHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZHrfl4+PBsFsJ7n1859rOxt/9yZ9kjrTX2NR+z2GuEEOqt1+WjK/1fxxVv3bh0or29HdssHAxZyFrLw/PXW5kmQwiLYV+4Fhrh4/mFrz56/7n9n7w5cd87F8++voU/go79AwAAgEH0vwAAAP//cFQjcg==") syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x30000d0, 0x0, 0x2, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) sendfile(0xffffffffffffffff, r0, 0x0, 0x20fffe82) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 17m0.955521679s ago: executing program 2 (id=188): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f00000001c0)={0x0, 0x1, 0x6, @local}, 0x10) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) 16m57.719218308s ago: executing program 2 (id=192): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x25) write(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$video(0x0, 0x1002000000000003, 0x101002) ioctl$VIDIOC_S_FMT(r3, 0xc0d05640, &(0x7f0000000340)={0xa, @pix={0x0, 0x3, 0x0, 0x3, 0x0, 0x4, 0x9, 0xfeedcafe, 0x3, 0x0, 0x8002, 0x4}}) 16m57.143800163s ago: executing program 33 (id=192): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x25) write(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$video(0x0, 0x1002000000000003, 0x101002) ioctl$VIDIOC_S_FMT(r3, 0xc0d05640, &(0x7f0000000340)={0xa, @pix={0x0, 0x3, 0x0, 0x3, 0x0, 0x4, 0x9, 0xfeedcafe, 0x3, 0x0, 0x8002, 0x4}}) 9m12.16358004s ago: executing program 5 (id=1385): r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001ec0), 0x800, 0x0) fsopen(0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) read$msr(r0, &(0x7f0000000000)=""/212, 0xd4) 9m10.658766298s ago: executing program 5 (id=1389): r0 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x0) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x84) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r0], 0x2b) sendfile(r2, r0, 0x0, 0x4000000053d2) 9m7.777523876s ago: executing program 5 (id=1393): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000)) r3 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000300)={0x60, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'vlan1\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ipvlan0\x00'}}]}, 0x60}, 0x1, 0x0, 0x0, 0x80c9}, 0x20000000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@enum64={0x6, 0x0, 0x0, 0x13, 0x0, 0x2}]}, {0x0, [0x6f, 0x2e, 0x2e, 0x2e, 0x5f]}}, 0x0, 0x2b, 0x0, 0x1, 0x8000}, 0x28) 9m4.717509355s ago: executing program 5 (id=1397): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="01000000000000001c0012000c000100626f6e6400"], 0x3c}}, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = socket(0x10, 0x803, 0x2) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r5, @ANYRES16=r4], 0x3c}, 0x1, 0x0, 0x0, 0x40020c1}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x428a4}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x8000) 9m2.07592567s ago: executing program 5 (id=1407): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000200)={0x203, 0xa, 0x2}) ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, 0x0) 8m59.591037815s ago: executing program 5 (id=1411): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) socket(0x1e, 0x4, 0x0) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x2, 0x300) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg$unix(r0, &(0x7f00000043c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/240, 0xf0}], 0x1}}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000009b80)=""/102392, 0x18ff8) 8m44.339087016s ago: executing program 34 (id=1411): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) socket(0x1e, 0x4, 0x0) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x2, 0x300) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg$unix(r0, &(0x7f00000043c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/240, 0xf0}], 0x1}}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000009b80)=""/102392, 0x18ff8) 7m19.874529273s ago: executing program 1 (id=1610): fstat(0xffffffffffffffff, &(0x7f0000000080)) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x840, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x13}, [@ldst={0x4, 0x0, 0x4, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48) 7m18.116509166s ago: executing program 1 (id=1613): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x3bf, 0x4, 0x14a}}) ioctl$TCSETS2(r2, 0x402c542b, &(0x7f0000000080)={0xfffffe01, 0x6, 0xfffffe01, 0x7fff, 0xb2, "20ab980900eea4a7446c180000cd681ec267a0", 0x6, 0xd}) ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000000)) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x7, @empty, 0x3aa7}, @ib={0x1b, 0xffff, 0x1, {}, 0x8, 0xfffffffffffffffc, 0x6}}}, 0x118) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xffffffff, @local, 0x7}, {0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x38}, 0x1}, r1, 0x1}}, 0x48) r3 = socket$rds(0x15, 0x5, 0x0) unshare(0x28000600) setsockopt$RDS_GET_MR(r3, 0x114, 0x2, &(0x7f00000003c0)={{0x0}, 0x0, 0x32}, 0x20) 7m9.289460451s ago: executing program 1 (id=1637): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x200, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x22) 7m8.11272357s ago: executing program 1 (id=1639): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="640100001a0001000000000000000000fc010000000000000000000000000000ac1e0001000000000000000000000000000000000000000000e8040000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc000000000000000000000000000001000000003c0000007f00000100000000000000000000000000000000000000000000000000000000030000000000000007000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a"], 0x164}, 0x1, 0x0, 0x0, 0x16}, 0x0) 7m7.728796562s ago: executing program 1 (id=1642): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x40000, 0x120) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) 7m7.43389113s ago: executing program 1 (id=1644): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000006000000040000000000000e0400000000000000000000000100000d040000000400000004000000000000000000000204000000000000000000000903000000000000"], 0x0, 0x5a, 0x0, 0x4, 0x80000}, 0x28) 6m51.635551183s ago: executing program 35 (id=1644): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000006000000040000000000000e0400000000000000000000000100000d040000000400000004000000000000000000000204000000000000000000000903000000000000"], 0x0, 0x5a, 0x0, 0x4, 0x80000}, 0x28) 2m7.176625037s ago: executing program 3 (id=2259): socket$qrtr(0x2a, 0x2, 0x0) r0 = syz_clone(0x22180, 0x0, 0xa42f, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') setresgid(0x0, 0xee01, 0x0) fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', 0x0, 0x0, 0x0) syz_open_procfs(r0, &(0x7f0000002100)='fd/3\x00') 2m6.520601506s ago: executing program 3 (id=2263): sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) r0 = syz_io_uring_setup(0x5c6, &(0x7f0000000140)={0x0, 0xeb57, 0x0, 0x4, 0x1000000}, &(0x7f00000001c0)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x4}) io_uring_enter(r0, 0x6e2, 0x3900, 0x1, 0x0, 0xe00) 2m2.655643202s ago: executing program 3 (id=2268): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000001ac0)=""/14, 0xe}, {0x0}], 0x2) 2m2.371982098s ago: executing program 3 (id=2270): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r1, 0x890b, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50) sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='O', 0x1, 0x0, 0x0, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r5, &(0x7f0000000000), 0xd) 1m59.713858103s ago: executing program 3 (id=2275): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) 1m59.279509259s ago: executing program 3 (id=2276): syz_open_dev$tty20(0xc, 0x4, 0x1) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000040), 0x42, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 1m43.582903617s ago: executing program 36 (id=2276): syz_open_dev$tty20(0xc, 0x4, 0x1) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000040), 0x42, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 22.051254382s ago: executing program 4 (id=2454): r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_RESUME(r3, 0x4147, 0x0) 15.343253544s ago: executing program 4 (id=2467): ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) socket$inet(0x2, 0x2, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 14.591770618s ago: executing program 7 (id=2468): r0 = syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x180502) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x1, 0x9, 0x0, 0x6, 0x5}) 14.320814663s ago: executing program 7 (id=2469): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x4000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$llc(0xffffffffffffffff, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0xff, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000004c0)={{0x107, 0x1, 0xf8, 0x17f, 0x134, 0x6, 0x280, 0x8}, "b3c42752aaf3c8fe037cdd650d75ec3fca7799ea3a044431ce01f36c5e7805e7f92e39dff7", ['\x00', '\x00']}, 0x245) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_FLAGS={0x6, 0x2, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000080)='./file0\x00') mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480), 0x2000000, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 13.506978371s ago: executing program 4 (id=2471): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fstat(r0, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x840, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x3, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x13}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8}, 0x94) syz_clone(0x14000080, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x3c1, 0x3, 0x380, 0x0, 0x12, 0x60d, 0x0, 0x202, 0x1d8, 0x2e8, 0x2e8, 0x2d8, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private1, @ipv4={'\x00', '\xff\xff', @empty}, [], [], 'ip_vti0\x00', 'macsec0\x00', {0xff}}, 0x0, 0x190, 0x1d8, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "000000165a8c2e0617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f672225d6147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac05a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x74, 0x2}}, @common=@icmp6={{0x28}, {0xd, "ea9c", 0x1}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@ipv6={@mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xff, 0x0, 0xffffff00, 0xff000000], [0xff, 0xff000000, 0x0, 0xff], 'ipvlan1\x00', 'erspan0\x00', {}, {0xff}, 0x2b, 0x5, 0x6}, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3e0) 11.690507097s ago: executing program 4 (id=2473): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x4000) 11.283091591s ago: executing program 8 (id=2476): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3a) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) 10.011782655s ago: executing program 8 (id=2477): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x42800) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x3, 0x1}}) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f0000000340)) 10.011509225s ago: executing program 6 (id=2478): r0 = socket$vsock_stream(0x28, 0x1, 0x0) recvmmsg(r0, 0x0, 0x0, 0x181, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40505331, &(0x7f0000000540)={{}, {0x18}, 0x0, 0x7}) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000340)=0x6) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0xe, 0xa, 0x9}]}, 0x10) getsockopt$sock_buf(r6, 0x1, 0x1a, &(0x7f0000001140)=""/4096, &(0x7f0000000000)=0x1000) getsockopt(r4, 0x3, 0x394, &(0x7f0000000380)=""/210, &(0x7f0000000000)=0xd2) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r7, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) 9.784477328s ago: executing program 8 (id=2479): ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) socket$inet(0x2, 0x2, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 8.978445195s ago: executing program 6 (id=2480): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}]}}}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x4}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf0}}, 0x0) 8.704466481s ago: executing program 8 (id=2481): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom(r0, &(0x7f0000000480)=""/110, 0x168f6f3d, 0x734, 0x0, 0xfffffffffffffecb) 8.632110016s ago: executing program 6 (id=2482): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fstat(r0, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x840, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x3, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x13}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8}, 0x94) syz_clone(0x14000080, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, 0x0, 0x0) 8.507328063s ago: executing program 7 (id=2483): openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x6, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00\x00@\x00'}, 0x28) 6.805228912s ago: executing program 6 (id=2484): sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6) 6.547575597s ago: executing program 4 (id=2485): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3a) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) 6.513946399s ago: executing program 8 (id=2486): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, &(0x7f00000001c0), 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c) r0 = io_uring_setup(0x67bb, &(0x7f0000000280)) io_uring_enter(r0, 0x0, 0x2, 0xf, &(0x7f0000000000), 0x18) 4.944139861s ago: executing program 4 (id=2487): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10c4, 0x8acf, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) 4.667582098s ago: executing program 8 (id=2488): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000070601080000000000000000000000000500010006"], 0x1c}}, 0x0) read(r1, &(0x7f0000000000)=""/28, 0x1c) 4.248761272s ago: executing program 7 (id=2489): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000a00)='/proc/locks\x00', 0x0, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/109, 0x6d}], 0x1, 0x5, 0x80) 4.011440566s ago: executing program 7 (id=2490): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(r0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000e00)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa000000000000007000000080000002d1501000000000095000000000000006916000000000000bf67000000000000350607000fff07206706000003000000160302000ee60060bf350000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dc725f431bcab0ef59b8f0e431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa0100000000000000b93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4ffcae1a8a793a7795a9214a92f66e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc3086936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154baa8e51489a614e69722bac30000000000000000000000000000a006b178438e930b2494db1bf624a70a19a45b8b71869afb13cb2ac1d2f3ec0d93a3e4fd0ad076c7d826f218aa6ba8ec5e58b7c64dc8616127087901dc65418a4b25bfa7ae8b5ad9642815f319230425e8bd89c6983d816d97d81a739917eecd26f9a3aecaf0acdaf6cffab38eae3b10b122b4bf521a46bf01a0c136f745113b589459fbe1666087a7c554a55e2b42ab7e405a77f405a348a64e356b7fb61e48ea9c87bf13f97052c51fdd49f3dbccf9874cf61807ae4b1665ccdd026d4580a068395e8cb851eeadb1da6d1009513ca73a685c66fb15f27eb74a7a4eb5966e3ef4be3ca8ba81b2d17d797265390ce616c3d7b566fe956fb93c6a43f4dc6bfc194daeb7b998d550773b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) 2.039546621s ago: executing program 7 (id=2491): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x4000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$llc(0xffffffffffffffff, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0xff, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000004c0)={{0x107, 0x1, 0xf8, 0x17f, 0x134, 0x6, 0x280, 0x8}, "b3c42752aaf3c8fe037cdd650d75ec3fca7799ea3a044431ce01f36c5e7805e7f92e39dff76eb57dccdf901cb0184f786dbd96329ed16612", ['\x00', '\x00']}, 0x258) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_FLAGS={0x6, 0x2, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000080)='./file0\x00') mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480), 0x2000000, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 1.798277095s ago: executing program 6 (id=2492): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fstat(r0, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x840, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x3, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x13}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8}, 0x94) syz_clone(0x14000080, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, 0x0, 0x0) 0s ago: executing program 6 (id=2493): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180), 0x4) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x4000) kernel console output (not intermixed with test programs): 27577][T10534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 600.837699][T10534] Workqueue: hci3 hci_rx_work [ 600.842468][T10534] Call Trace: [ 600.845809][T10534] [ 600.848789][T10534] dump_stack_lvl+0x18c/0x250 [ 600.853523][T10534] ? show_regs_print_info+0x20/0x20 [ 600.858814][T10534] ? load_image+0x400/0x400 [ 600.863413][T10534] sysfs_create_dir_ns+0x26e/0x2a0 [ 600.868606][T10534] ? sysfs_warn_dup+0xa0/0xa0 [ 600.873371][T10534] ? do_raw_spin_unlock+0x121/0x230 [ 600.878652][T10534] kobject_add_internal+0x61c/0xcc0 [ 600.883918][T10534] kobject_add+0x164/0x240 [ 600.888576][T10534] ? __rwlock_init+0x150/0x150 [ 600.893403][T10534] ? kobject_init+0x1e0/0x1e0 [ 600.898140][T10534] ? _raw_spin_unlock+0x28/0x40 [ 600.903054][T10534] ? get_device_parent+0x366/0x390 [ 600.908229][T10534] device_add+0x408/0xc20 [ 600.912619][T10534] hci_conn_add_sysfs+0xd5/0x1e0 [ 600.917619][T10534] le_conn_complete_evt+0xf5d/0x1540 [ 600.922961][T10534] ? hci_event_packet+0x4cb/0x1270 [ 600.928138][T10534] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 600.934451][T10534] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 600.940159][T10534] ? skb_pull_data+0xfb/0x200 [ 600.944905][T10534] hci_le_conn_complete_evt+0x187/0x440 [ 600.950585][T10534] ? hci_remote_host_features_evt+0x150/0x150 [ 600.956755][T10534] hci_event_packet+0x7ba/0x1270 [ 600.961778][T10534] ? bis_list+0x290/0x290 [ 600.966179][T10534] ? lockdep_hardirqs_on+0x98/0x150 [ 600.971446][T10534] ? hci_send_to_monitor+0xd7/0x4f0 [ 600.976733][T10534] hci_rx_work+0x43a/0xd60 [ 600.981236][T10534] ? process_scheduled_works+0x96f/0x15d0 [ 600.987032][T10534] process_scheduled_works+0xa5d/0x15d0 [ 600.992697][T10534] ? assign_work+0x430/0x430 [ 600.997367][T10534] ? assign_work+0x3d0/0x430 [ 601.002035][T10534] worker_thread+0xa55/0xfc0 [ 601.006697][T10534] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 601.012835][T10534] ? _raw_spin_unlock+0x40/0x40 [ 601.017748][T10534] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 601.023739][T10534] kthread+0x2fa/0x390 [ 601.027865][T10534] ? pr_cont_work+0x560/0x560 [ 601.032608][T10534] ? kthread_blkcg+0xd0/0xd0 [ 601.037264][T10534] ret_from_fork+0x48/0x80 [ 601.041753][T10534] ? kthread_blkcg+0xd0/0xd0 [ 601.046438][T10534] ret_from_fork_asm+0x11/0x20 [ 601.051289][T10534] [ 601.061566][T10534] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 601.076130][T10534] Bluetooth: hci3: failed to register connection device [ 603.097790][T11192] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22 [ 603.106570][T11192] netdevsim netdevsim5: Direct firmware load for . failed with error -22 [ 603.115827][T11192] netdevsim netdevsim5: Falling back to sysfs fallback for: . [ 604.362117][T11207] i2c i2c-0: dtv_property_process_set: SET cmd 0x000000ff undefined [ 604.594854][T11216] loop1: detected capacity change from 0 to 8 [ 604.807361][T11216] SQUASHFS error: xz decompression failed, data probably corrupt [ 604.883018][T11216] SQUASHFS error: Failed to read block 0x108: -5 [ 604.889533][T11216] SQUASHFS error: Unable to read metadata cache entry [106] [ 604.897034][T11216] SQUASHFS error: Unable to read inode 0x101f [ 604.978605][T11224] warning: `syz.3.1265' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 605.124889][T11227] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 605.133866][T11227] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 605.142517][T11227] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 606.228648][T11236] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 606.533729][T11249] program syz.5.1275 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 608.200974][ T3484] wlan0: Trigger new scan to find an IBSS to join [ 608.208438][T10534] Bluetooth: hci3: command 0x0406 tx timeout [ 608.692763][T11258] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1278'. [ 608.813374][T11258] 8021q: adding VLAN 0 to HW filter on device bond5 [ 608.839494][T11263] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1278'. [ 608.911811][T11258] bond4: (slave dummy0): Releasing backup interface [ 608.941597][T11258] bond5: (slave dummy0): Enslaving as an active interface with an up link [ 610.489340][ T28] audit: type=1326 audit(1770585061.338:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11269 comm="syz.5.1282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfd659aeb9 code=0x7fc00000 [ 610.559297][ T3484] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 612.614970][T11314] block nbd0: Unsupported socket: should be TCP or UNIX. [ 612.738676][T11316] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 613.405138][ T3459] wlan0: Trigger new scan to find an IBSS to join [ 616.711925][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 617.730672][T11357] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1310'. [ 617.933266][T11357] 8021q: adding VLAN 0 to HW filter on device bond6 [ 617.962373][T11359] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1310'. [ 618.042427][T11360] bond5: (slave dummy0): Releasing backup interface [ 618.089682][T11360] bond6: (slave dummy0): Enslaving as an active interface with an up link [ 622.096291][T11395] netlink: 'syz.3.1320': attribute type 1 has an invalid length. [ 622.372029][T11395] 8021q: adding VLAN 0 to HW filter on device bond2 [ 625.281002][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.283142][ T1135] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 625.287464][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.196543][ T1135] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 627.319754][T11424] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 627.328523][T11424] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 627.337151][T11424] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 629.364446][T11440] autofs4:pid:11440:autofs_fill_super: called with bogus options [ 629.566238][T11444] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1334'. [ 633.128517][ T5885] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 633.353573][ T5885] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 633.381840][ T5885] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 633.403116][ T5885] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 633.426843][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 633.454015][ T5885] usb 2-1: config 0 descriptor?? [ 633.690965][ T5885] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 635.116813][ T787] usb 2-1: USB disconnect, device number 12 [ 635.536601][T11513] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1355'. [ 635.633188][T11513] bond10: (slave dummy0): Releasing backup interface [ 635.692887][T11517] loop1: detected capacity change from 0 to 2048 [ 635.800564][T11522] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 636.713740][T11541] NILFS error (device loop1): nilfs_lookup: deleted inode referenced: 12 [ 636.778741][T11541] Remounting filesystem read-only [ 641.918650][ T966] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 642.121843][ T966] usb 5-1: Using ep0 maxpacket: 16 [ 642.150386][ T966] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 642.179034][ T966] usb 5-1: config 1 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 642.208403][ T966] usb 5-1: config 1 interface 0 has no altsetting 0 [ 642.233016][ T966] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 642.276607][ T966] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 642.296161][ T966] usb 5-1: Product: syz [ 642.314402][ T966] usb 5-1: Manufacturer: ä¿®â¿ï®µê¯—孧ಙ䤟Ṭá—贊䘩ꯨ᭚ꣿ퓡ゥᛓ湀蹻볹馦á¥î±»å·é†—ç±­å’د勎㺑樇䖥숻ï®ï¥Œé·“骃솠ç€ê« âŽ‡å£ï±‰í‰›î®Ÿâ‰­é·¡â¡Šè¿µï³– [ 642.395574][ T966] usb 5-1: SerialNumber: syz [ 642.548794][ T78] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 642.680076][ T966] cdc_ether: probe of 5-1:1.0 failed with error -22 [ 642.712608][ T966] usb 5-1: USB disconnect, device number 7 [ 645.716357][T11609] netlink: 'syz.1.1390': attribute type 1 has an invalid length. [ 645.906700][T11609] 8021q: adding VLAN 0 to HW filter on device bond5 [ 645.953791][T11612] loop4: detected capacity change from 0 to 2048 [ 646.082394][T11614] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 646.460574][T11617] NILFS error (device loop4): nilfs_lookup: deleted inode referenced: 12 [ 646.478559][T11617] Remounting filesystem read-only [ 648.838506][T11630] (null): rxe_set_mtu: Set mtu to 1024 [ 648.844316][T11630] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 650.238475][T10170] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 651.158859][T11641] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1397'. [ 651.245115][T11646] loop3: detected capacity change from 0 to 2048 [ 651.380453][T11651] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 651.432632][T11643] bond6: (slave dummy0): Releasing backup interface [ 652.262352][T11656] vivid-007: kernel_thread() failed [ 652.389954][T11659] NILFS (loop3): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 652.400749][T11659] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=16) [ 652.411133][T11659] Remounting filesystem read-only [ 652.416221][T11659] NILFS (loop3): error -5 truncating bmap (ino=16) [ 652.783235][ T5771] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 653.348610][T11665] (null): rxe_set_mtu: Set mtu to 1024 [ 653.354475][T11665] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 654.310312][ T5771] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 654.317679][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 654.387202][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 654.678949][ T787] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 654.718429][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 654.727641][ T5771] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 654.754744][ T5771] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 654.795499][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 654.828389][ T5771] NILFS (loop3): discard dirty block: blocknr=24, size=1024 [ 654.835778][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 654.868592][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 654.899259][ T5771] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 654.906023][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 654.958815][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 654.967801][ T5771] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 655.129678][ T787] usb 5-1: device not accepting address 8, error -71 [ 655.161889][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 655.308716][T11675] netlink: 'syz.4.1409': attribute type 1 has an invalid length. [ 655.372749][T11675] 8021q: adding VLAN 0 to HW filter on device bond11 [ 656.314557][T11688] loop1: detected capacity change from 0 to 2048 [ 656.409328][T11689] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 657.161582][T11693] vivid-003: kernel_thread() failed [ 657.314456][ T3459] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 657.327836][T11696] NILFS (loop1): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 657.338577][T11696] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=16) [ 657.350157][T11696] Remounting filesystem read-only [ 657.355267][T11696] NILFS (loop1): error -5 truncating bmap (ino=16) [ 659.301613][ T1135] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 659.330258][ T5773] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 659.409010][ T5773] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 659.602618][ T5773] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 659.612759][ T5773] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 659.648403][ T5773] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 659.671096][ T5773] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 659.713641][ T5773] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 659.934552][ T5773] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 659.944169][ T5773] NILFS (loop1): discard dirty block: blocknr=24, size=1024 [ 659.952016][ T5773] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 659.961437][ T5773] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 659.982237][ T5773] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 660.263979][ T5773] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 660.301487][ T5773] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 660.352403][ T5773] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 660.399570][ T5773] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 664.443678][T11727] loop4: detected capacity change from 0 to 2048 [ 664.538519][T11728] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 665.148007][T11732] NILFS error (device loop4): nilfs_lookup: deleted inode referenced: 12 [ 665.167646][T11733] NILFS (loop4): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 665.178577][T11733] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [ 665.293209][T11730] vivid-009: kernel_thread() failed [ 665.348461][T11732] Remounting filesystem read-only [ 665.353938][T11733] Remounting filesystem read-only [ 665.359076][T11733] NILFS (loop4): error -5 truncating bmap (ino=16) [ 665.639153][ T6502] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 665.646196][ T6502] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 665.701819][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.738767][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.748040][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.808867][ T6502] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 665.829009][ T6502] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 665.835943][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.877666][ T6502] NILFS (loop4): discard dirty block: blocknr=24, size=1024 [ 665.898600][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.931340][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.965959][ T6502] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 665.988553][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 665.997516][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 666.053471][ T6502] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 666.075955][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 667.878520][T11741] (null): rxe_set_mtu: Set mtu to 1024 [ 667.884313][T11741] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 669.782582][T11751] netlink: 'syz.4.1427': attribute type 1 has an invalid length. [ 670.262736][T11751] 8021q: adding VLAN 0 to HW filter on device bond12 [ 673.643698][T10534] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 673.658852][T10534] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 673.668991][T10534] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 673.690494][T10534] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 673.701890][T10534] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 673.710173][T10534] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 674.688499][T11785] (null): rxe_set_mtu: Set mtu to 1024 [ 675.978516][T10534] Bluetooth: hci3: command tx timeout [ 676.417397][T11785] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 676.468765][ T2978] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 678.832123][T10534] Bluetooth: hci3: command tx timeout [ 680.400997][T11778] chnl_net:caif_netlink_parms(): no params data found [ 680.511544][T10170] tipc: Left network mode [ 682.318572][ T5085] Bluetooth: hci3: command tx timeout [ 682.788687][T11834] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 683.568959][ T1135] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 684.034125][T11778] bridge0: port 1(bridge_slave_0) entered blocking state [ 684.034307][T11778] bridge0: port 1(bridge_slave_0) entered disabled state [ 684.034515][T11778] bridge_slave_0: entered allmulticast mode [ 684.058652][T11778] bridge_slave_0: entered promiscuous mode [ 684.061950][T11778] bridge0: port 2(bridge_slave_1) entered blocking state [ 684.062059][T11778] bridge0: port 2(bridge_slave_1) entered disabled state [ 684.062223][T11778] bridge_slave_1: entered allmulticast mode [ 684.063762][T11778] bridge_slave_1: entered promiscuous mode [ 684.397721][ T5085] Bluetooth: hci3: command tx timeout [ 685.384063][T11778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 685.387231][T11778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 685.419013][T11860] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1454'. [ 685.519538][T11861] bond4: (slave dummy0): Releasing backup interface [ 685.725435][T11866] autofs4:pid:11866:autofs_fill_super: called with bogus options [ 685.911918][T11868] syz2: rxe_newlink: already configured on ipvlan0 [ 686.083516][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.083607][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.540897][T11870] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 686.591082][T11778] team0: Port device team_slave_0 added [ 686.730131][T11778] team0: Port device team_slave_1 added [ 687.176826][T11778] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 687.176845][T11778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 687.176956][T11778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 687.179761][T11778] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 687.179777][T11778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 687.179805][T11778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 687.412938][T11778] hsr_slave_0: entered promiscuous mode [ 687.421990][T11778] hsr_slave_1: entered promiscuous mode [ 687.425045][T11778] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 687.425161][T11778] Cannot create hsr debugfs directory [ 690.363097][T10170] hsr_slave_0: left promiscuous mode [ 691.458751][T10170] hsr_slave_1: left promiscuous mode [ 691.467873][ T49] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 691.524439][T10170] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 691.535717][T11907] autofs4:pid:11907:autofs_fill_super: called with bogus options [ 691.553952][T10170] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 691.589682][T10170] bridge_slave_1: left allmulticast mode [ 691.602349][T10170] bridge_slave_1: left promiscuous mode [ 691.608206][T10170] bridge0: port 2(bridge_slave_1) entered disabled state [ 691.730942][T10170] bridge_slave_0: left allmulticast mode [ 691.736677][T10170] bridge_slave_0: left promiscuous mode [ 691.769476][T10170] bridge0: port 1(bridge_slave_0) entered disabled state [ 692.255928][T11914] syz2: rxe_newlink: already configured on ipvlan0 [ 693.102804][T10170] bond6 (unregistering): Released all slaves [ 694.536790][ T2978] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 694.755842][T10170] bond5 (unregistering): Released all slaves [ 695.087472][T10170] bond4 (unregistering): Released all slaves [ 695.390883][T10170] bond3 (unregistering): Released all slaves [ 695.702624][T10170] bond2 (unregistering): Released all slaves [ 696.057964][T10170] bond1 (unregistering): Released all slaves [ 697.265507][T10170] team0 (unregistering): Port device team_slave_1 removed [ 697.385983][T10170] team0 (unregistering): Port device team_slave_0 removed [ 697.484932][T10170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 697.583706][T10170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 698.386922][T10170] bond0 (unregistering): Released all slaves [ 698.556705][T11922] netlink: 'syz.4.1469': attribute type 1 has an invalid length. [ 698.584175][T11922] workqueue: Failed to create a rescuer kthread for wq "bond13": -EINTR [ 699.109366][T11946] autofs4:pid:11946:autofs_fill_super: called with bogus options [ 699.135025][T11778] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 699.169811][T11778] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 699.217038][T11778] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 699.573882][T11778] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 702.577334][T10170] IPVS: stop unused estimator thread 0... [ 702.881643][T11778] 8021q: adding VLAN 0 to HW filter on device bond0 [ 702.963514][T11778] 8021q: adding VLAN 0 to HW filter on device team0 [ 702.975666][ T3459] bridge0: port 1(bridge_slave_0) entered blocking state [ 702.975818][ T3459] bridge0: port 1(bridge_slave_0) entered forwarding state [ 703.014613][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 703.014717][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 703.035783][T11979] smc: ib device syz2 ibport 1 applied user defined pnetid SYZ0 [ 703.640526][T11990] netlink: 'syz.3.1482': attribute type 1 has an invalid length. [ 704.101440][T11990] 8021q: adding VLAN 0 to HW filter on device bond3 [ 704.461233][T11778] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 704.619429][T12005] autofs4:pid:12005:autofs_fill_super: called with bogus options [ 705.771599][T11778] veth0_vlan: entered promiscuous mode [ 705.797330][T11778] veth1_vlan: entered promiscuous mode [ 705.958522][T12023] (null): rxe_set_mtu: Set mtu to 1024 [ 705.958853][T12023] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 705.959926][T11778] veth0_macvtap: entered promiscuous mode [ 705.973258][T11778] veth1_macvtap: entered promiscuous mode [ 706.070046][T11778] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 706.075010][T11778] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 706.093099][T11778] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.093140][T11778] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.093172][T11778] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.093202][T11778] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.385087][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 706.385113][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 706.563663][T10170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 706.595478][T10170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 709.615461][T12075] netlink: 148 bytes leftover after parsing attributes in process `syz.6.1493'. [ 709.902799][T12083] program syz.3.1495 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 710.467984][T10170] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 710.494535][T12092] netlink: 'syz.6.1496': attribute type 1 has an invalid length. [ 710.810718][T12092] 8021q: adding VLAN 0 to HW filter on device bond1 [ 712.728820][T12121] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1504'. [ 712.831686][T12126] program syz.6.1505 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 712.870273][T12127] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 712.878733][T12127] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 712.887172][T12127] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 713.278112][T12135] netlink: 'syz.4.1507': attribute type 1 has an invalid length. [ 713.445630][ T5085] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 713.445748][ T5085] CPU: 1 PID: 5085 Comm: kworker/u5:1 Not tainted syzkaller #0 [ 713.445770][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 713.445785][ T5085] Workqueue: hci3 hci_rx_work [ 713.445824][ T5085] Call Trace: [ 713.445833][ T5085] [ 713.445843][ T5085] dump_stack_lvl+0x18c/0x250 [ 713.445881][ T5085] ? show_regs_print_info+0x20/0x20 [ 713.445912][ T5085] ? load_image+0x400/0x400 [ 713.445955][ T5085] sysfs_create_dir_ns+0x26e/0x2a0 [ 713.445982][ T5085] ? sysfs_warn_dup+0xa0/0xa0 [ 713.446006][ T5085] ? do_raw_spin_unlock+0x121/0x230 [ 713.446040][ T5085] kobject_add_internal+0x61c/0xcc0 [ 713.446085][ T5085] kobject_add+0x164/0x240 [ 713.446109][ T5085] ? __rwlock_init+0x150/0x150 [ 713.446141][ T5085] ? kobject_init+0x1e0/0x1e0 [ 713.446167][ T5085] ? _raw_spin_unlock+0x28/0x40 [ 713.446195][ T5085] ? get_device_parent+0x366/0x390 [ 713.446235][ T5085] device_add+0x408/0xc20 [ 713.446269][ T5085] hci_conn_add_sysfs+0xd5/0x1e0 [ 713.446297][ T5085] le_conn_complete_evt+0xf5d/0x1540 [ 713.446329][ T5085] ? hci_event_packet+0x4cb/0x1270 [ 713.446373][ T5085] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 713.446413][ T5085] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 713.446449][ T5085] ? skb_pull_data+0xfb/0x200 [ 713.446484][ T5085] hci_le_conn_complete_evt+0x187/0x440 [ 713.446524][ T5085] ? hci_remote_host_features_evt+0x150/0x150 [ 713.446550][ T5085] hci_event_packet+0x7ba/0x1270 [ 713.446585][ T5085] ? bis_list+0x290/0x290 [ 713.446612][ T5085] ? lockdep_hardirqs_on+0x98/0x150 [ 713.446639][ T5085] ? hci_send_to_monitor+0xd7/0x4f0 [ 713.446678][ T5085] hci_rx_work+0x43a/0xd60 [ 713.446723][ T5085] ? process_scheduled_works+0x96f/0x15d0 [ 713.446751][ T5085] process_scheduled_works+0xa5d/0x15d0 [ 713.446815][ T5085] ? assign_work+0x430/0x430 [ 713.446849][ T5085] ? assign_work+0x3d0/0x430 [ 713.446883][ T5085] worker_thread+0xa55/0xfc0 [ 713.446940][ T5085] kthread+0x2fa/0x390 [ 713.446961][ T5085] ? pr_cont_work+0x560/0x560 [ 713.446989][ T5085] ? kthread_blkcg+0xd0/0xd0 [ 713.447011][ T5085] ret_from_fork+0x48/0x80 [ 713.447036][ T5085] ? kthread_blkcg+0xd0/0xd0 [ 713.447059][ T5085] ret_from_fork_asm+0x11/0x20 [ 713.447107][ T5085] [ 713.447219][ T5085] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 713.447262][ T5085] Bluetooth: hci3: failed to register connection device [ 713.602123][T12135] 8021q: adding VLAN 0 to HW filter on device bond13 [ 715.868062][T12172] program syz.1.1517 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 716.310204][T12183] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 716.310271][T12183] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 716.310286][T12183] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 719.908759][T10534] Bluetooth: hci3: command 0x0406 tx timeout [ 720.326040][T12233] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 720.326074][T12233] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 720.326089][T12233] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 722.479045][ T787] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 722.689360][ T787] usb 5-1: Using ep0 maxpacket: 8 [ 723.500140][ T787] usb 5-1: config 2 has an invalid interface number: 31 but max is 0 [ 723.528545][ T787] usb 5-1: config 2 has no interface number 0 [ 723.535689][ T787] usb 5-1: config 2 interface 31 has no altsetting 0 [ 723.572125][ T787] usb 5-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 723.582955][ T787] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 723.591463][ T787] usb 5-1: Product: syz [ 723.596303][ T787] usb 5-1: Manufacturer: syz [ 723.601152][ T787] usb 5-1: SerialNumber: syz [ 724.564937][ T787] ch9200: probe of 5-1:2.31 failed with error -22 [ 724.575986][ T787] usb 5-1: USB disconnect, device number 10 [ 724.681595][T12306] autofs4:pid:12306:autofs_fill_super: called with bogus options [ 724.861636][T12313] netlink: 156 bytes leftover after parsing attributes in process `syz.6.1553'. [ 726.389359][T10170] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 726.698505][T10534] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 727.498409][T12039] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 727.678371][T12039] usb 5-1: Using ep0 maxpacket: 32 [ 727.680310][T12039] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 727.680343][T12039] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 727.682229][T12039] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 727.682260][T12039] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 727.682284][T12039] usb 5-1: Product: syz [ 727.682300][T12039] usb 5-1: Manufacturer: syz [ 727.689677][T12039] hub 5-1:4.0: USB hub found [ 727.896150][T12039] hub 5-1:4.0: 2 ports detected [ 727.948154][T12350] autofs4:pid:12350:autofs_fill_super: called with bogus options [ 728.087352][T12352] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1562'. [ 728.091332][T12352] ipvlan0: entered promiscuous mode [ 728.105260][T12352] ipvlan0: entered allmulticast mode [ 728.105281][T12352] veth0_vlan: entered allmulticast mode [ 728.270581][T12354] netlink: 156 bytes leftover after parsing attributes in process `syz.6.1563'. [ 728.312444][T12039] hub 5-1:4.0: set hub depth failed [ 728.326659][T12039] usb 5-1: USB disconnect, device number 11 [ 729.487980][T12363] binder: 12362:12363 ioctl 4018620d 0 returned -22 [ 729.875898][T12377] autofs4:pid:12377:autofs_fill_super: called with bogus options [ 732.320570][T12395] 9pnet_fd: Insufficient options for proto=fd [ 733.075533][T12409] loop3: detected capacity change from 0 to 2048 [ 733.116206][T12412] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 733.936329][T12423] NILFS error (device loop3): nilfs_lookup: deleted inode referenced: 12 [ 733.956380][T12425] NILFS (loop3): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 733.967143][T12425] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=16) [ 733.988850][T12423] Remounting filesystem read-only [ 733.994102][T12425] Remounting filesystem read-only [ 733.999406][T12425] NILFS (loop3): error -5 truncating bmap (ino=16) [ 734.516224][ T5771] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 734.516254][ T5771] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 734.516274][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 734.516292][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 734.516310][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 734.516628][ T5771] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 734.516696][ T5771] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 734.516715][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 734.516733][ T5771] NILFS (loop3): discard dirty block: blocknr=24, size=1024 [ 734.516761][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 734.516781][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 734.526256][ T5771] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 734.526282][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 734.526302][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 734.526320][ T5771] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 734.526338][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 734.608893][ T787] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 734.983418][ T787] usb 7-1: config 0 interface 0 has no altsetting 0 [ 734.983482][ T787] usb 7-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 734.983510][ T787] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 734.986038][ T787] usb 7-1: config 0 descriptor?? [ 735.069881][T12438] syz2: rxe_newlink: already configured on ipvlan0 [ 735.324446][ T787] usbhid 7-1:0.0: can't add hid device: -71 [ 735.331204][ T787] usbhid: probe of 7-1:0.0 failed with error -71 [ 735.391123][ T787] usb 7-1: USB disconnect, device number 2 [ 739.377585][T12486] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 739.377767][T12486] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 739.377789][T12486] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 741.911765][T12499] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1588'. [ 743.607520][T10170] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 746.316328][T12542] loop1: detected capacity change from 0 to 8 [ 746.374426][T12542] SQUASHFS error: xz decompression failed, data probably corrupt [ 746.382367][T12542] SQUASHFS error: Failed to read block 0x108: -5 [ 746.388832][T12542] SQUASHFS error: Unable to read metadata cache entry [106] [ 746.396157][T12542] SQUASHFS error: Unable to read inode 0x101f [ 747.514893][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.514956][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.862331][T12562] fuse: Unknown parameter '0x0000000000000005' [ 748.287836][T12568] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1599'. [ 748.295121][T12568] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1599'. [ 750.709629][T10170] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 750.849551][T12586] loop4: detected capacity change from 0 to 2048 [ 750.927875][T12589] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 751.539796][T12592] NILFS error (device loop4): nilfs_lookup: deleted inode referenced: 12 [ 751.550436][T12592] Remounting filesystem read-only [ 754.076963][T12612] 9pnet_fd: Insufficient options for proto=fd [ 754.094197][T12612] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1606'. [ 754.782753][T12611] 9pnet_fd: Insufficient options for proto=fd [ 756.826968][T12626] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1612'. [ 756.882704][ T5885] kernel write not supported for file /video8 (pid: 5885 comm: kworker/0:7) [ 756.907184][T12626] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1612'. [ 757.477582][T12633] loop3: detected capacity change from 0 to 2048 [ 757.561399][T12635] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 758.176745][T12637] NILFS error (device loop3): nilfs_lookup: deleted inode referenced: 12 [ 758.212553][T12637] Remounting filesystem read-only [ 758.388744][T10170] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 758.911821][T12642] loop4: detected capacity change from 0 to 8 [ 758.946777][T12642] SQUASHFS error: xz decompression failed, data probably corrupt [ 758.946804][T12642] SQUASHFS error: Failed to read block 0x108: -5 [ 758.946815][T12642] SQUASHFS error: Unable to read metadata cache entry [106] [ 758.946824][T12642] SQUASHFS error: Unable to read inode 0x101f [ 759.050085][T12509] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 761.113927][ T5085] Bluetooth: hci1: command 0x0c1a tx timeout [ 761.419294][ T27] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 761.608576][ T27] usb 7-1: Using ep0 maxpacket: 8 [ 761.609376][ T27] usb 7-1: too many configurations: 17, using maximum allowed: 8 [ 761.624906][ T27] usb 7-1: New USB device found, idVendor=0c45, idProduct=624f, bcdDevice=7c.9e [ 761.624940][ T27] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.624962][ T27] usb 7-1: Product: syz [ 761.624978][ T27] usb 7-1: Manufacturer: syz [ 761.624995][ T27] usb 7-1: SerialNumber: syz [ 761.627038][T12679] loop3: detected capacity change from 0 to 8 [ 761.639835][ T27] usb 7-1: config 0 descriptor?? [ 761.654906][T12679] SQUASHFS error: xz decompression failed, data probably corrupt [ 761.654940][T12679] SQUASHFS error: Failed to read block 0x108: -5 [ 761.654955][T12679] SQUASHFS error: Unable to read metadata cache entry [106] [ 761.654970][T12679] SQUASHFS error: Unable to read inode 0x101f [ 761.884931][ T27] gspca_main: 0c45:624f too many config [ 761.892193][ T27] usb 7-1: USB disconnect, device number 3 [ 763.543161][T12694] loop3: detected capacity change from 0 to 2048 [ 763.613670][T12698] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 764.675395][T12703] NILFS error (device loop3): nilfs_lookup: deleted inode referenced: 12 [ 764.680637][T12703] Remounting filesystem read-only [ 767.044583][T12722] netlink: 116 bytes leftover after parsing attributes in process `syz.1.1639'. [ 767.473065][T12730] loop3: detected capacity change from 0 to 8 [ 767.494507][T12730] SQUASHFS error: xz decompression failed, data probably corrupt [ 767.502786][T12730] SQUASHFS error: Failed to read block 0x108: -5 [ 767.509485][T12730] SQUASHFS error: Unable to read metadata cache entry [106] [ 767.516833][T12730] SQUASHFS error: Unable to read inode 0x101f [ 768.768417][ T5885] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 768.950815][ T5885] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 768.950854][ T5885] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 768.950895][ T5885] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 768.950920][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 768.965263][ T5885] usb 4-1: config 0 descriptor?? [ 770.151999][ T5885] usb 4-1: language id specifier not provided by device, defaulting to English [ 771.903631][ T5885] uclogic 0003:256C:006D.0005: failed retrieving string descriptor #200: -71 [ 771.952924][ T5885] uclogic 0003:256C:006D.0005: failed retrieving pen parameters: -71 [ 771.967329][ T5885] uclogic 0003:256C:006D.0005: failed probing pen v2 parameters: -71 [ 771.977221][ T5885] uclogic 0003:256C:006D.0005: failed probing parameters: -71 [ 771.989700][ T5885] uclogic: probe of 0003:256C:006D.0005 failed with error -71 [ 772.010940][ T5885] usb 4-1: USB disconnect, device number 14 [ 772.080082][T12761] 9pnet_fd: Insufficient options for proto=fd [ 775.671461][T10799] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 776.301657][T12792] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 776.301688][T12792] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 776.301702][T12792] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 777.644027][T12805] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1664'. [ 783.142655][T10170] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 784.958227][ T5085] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 784.970412][ T5085] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 784.981076][ T5085] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 784.990915][ T5085] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 784.999363][ T5085] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 785.006834][ T5085] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 787.668550][ T5085] Bluetooth: hci4: command tx timeout [ 789.748536][ T5085] Bluetooth: hci4: command tx timeout [ 790.276885][T12881] loop6: detected capacity change from 0 to 8 [ 790.384592][T12881] SQUASHFS error: xz decompression failed, data probably corrupt [ 790.392754][T12881] SQUASHFS error: Failed to read block 0x108: -5 [ 790.399302][T12881] SQUASHFS error: Unable to read metadata cache entry [106] [ 790.406685][T12881] SQUASHFS error: Unable to read inode 0x101f [ 790.475019][ T49] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 790.812444][T12850] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 791.012040][T12849] chnl_net:caif_netlink_parms(): no params data found [ 791.693347][ T78] tipc: Left network mode [ 791.696118][T12849] bridge0: port 1(bridge_slave_0) entered blocking state [ 791.775176][T12849] bridge0: port 1(bridge_slave_0) entered disabled state [ 791.798455][T12849] bridge_slave_0: entered allmulticast mode [ 791.819701][T12849] bridge_slave_0: entered promiscuous mode [ 791.837350][ T5085] Bluetooth: hci4: command tx timeout [ 791.858044][T12849] bridge0: port 2(bridge_slave_1) entered blocking state [ 791.888967][T12849] bridge0: port 2(bridge_slave_1) entered disabled state [ 791.896298][T12849] bridge_slave_1: entered allmulticast mode [ 791.975076][T12849] bridge_slave_1: entered promiscuous mode [ 792.456716][T12849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 792.514380][T12849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 792.855428][T12849] team0: Port device team_slave_0 added [ 793.015474][T12849] team0: Port device team_slave_1 added [ 793.315439][T12849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 793.336446][T12849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 793.336481][T12849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 793.375105][T12849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 793.375126][T12849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 793.375155][T12849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 793.842470][ T78] gretap0 (unregistering): left allmulticast mode [ 793.842507][ T78] gretap0 (unregistering): left promiscuous mode [ 793.842843][ T78] bridge0: port 3(gretap0) entered disabled state [ 793.909616][ T5085] Bluetooth: hci4: command tx timeout [ 793.916875][T12849] hsr_slave_0: entered promiscuous mode [ 793.921613][T12849] hsr_slave_1: entered promiscuous mode [ 794.157490][T12849] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 794.157521][T12849] Cannot create hsr debugfs directory [ 795.516883][T12930] trusted_key: syz.4.1694 sent an empty control message without MSG_MORE. [ 795.754743][ T78] hsr_slave_0: left promiscuous mode [ 795.763063][ T78] hsr_slave_1: left promiscuous mode [ 795.823140][ T78] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 795.840591][ T78] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 795.847304][ T78] bridge_slave_1: left allmulticast mode [ 795.847329][ T78] bridge_slave_1: left promiscuous mode [ 795.847496][ T78] bridge0: port 2(bridge_slave_1) entered disabled state [ 795.850632][ T78] bridge_slave_0: left allmulticast mode [ 795.850654][ T78] bridge_slave_0: left promiscuous mode [ 795.850844][ T78] bridge0: port 1(bridge_slave_0) entered disabled state [ 796.472427][ T78] bond5 (unregistering): Released all slaves [ 797.907590][ T78] bond4 (unregistering): Released all slaves [ 799.809212][ T78] bond3 (unregistering): Released all slaves [ 800.553719][ T78] bond2 (unregistering): Released all slaves [ 801.113955][ T5085] Bluetooth: hci3: command 0x0406 tx timeout [ 801.185813][ T78] bond1 (unregistering): Released all slaves [ 802.610082][ T78] team0 (unregistering): Port device team_slave_1 removed [ 802.714984][ T78] team0 (unregistering): Port device team_slave_0 removed [ 802.797329][ T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 802.955492][ T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 803.911840][ T78] bond0 (unregistering): Released all slaves [ 804.135535][T12969] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1702'. [ 804.167065][T12981] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22 [ 804.192529][T12981] netdevsim netdevsim6: Direct firmware load for . failed with error -22 [ 804.222826][T12981] netdevsim netdevsim6: Falling back to sysfs fallback for: . [ 804.699847][T12849] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 804.749359][T12849] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 804.775013][T12849] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 804.856113][T12849] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 805.350243][T12849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 805.396885][T12849] 8021q: adding VLAN 0 to HW filter on device team0 [ 805.420057][ T2978] bridge0: port 1(bridge_slave_0) entered blocking state [ 805.427206][ T2978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 806.690339][T10622] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.697605][T10622] bridge0: port 2(bridge_slave_1) entered forwarding state [ 808.362732][T13036] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1719'. [ 808.399113][T13036] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1719'. [ 808.910199][T12849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 808.955352][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.968471][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.059012][ T5885] usb 4-1: new low-speed USB device number 15 using dummy_hcd [ 809.260636][ T5885] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 809.298732][ T5885] usb 4-1: config 0 has no interface number 0 [ 809.304924][ T5885] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 809.367219][ T5885] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 809.408396][ T5885] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 809.437978][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 809.470231][ T5885] usb 4-1: config 0 descriptor?? [ 809.476144][T13048] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 809.549603][ T5885] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 809.724874][T12039] usb 4-1: USB disconnect, device number 15 [ 809.730989][ C0] iowarrior 4-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 809.804919][T12849] veth0_vlan: entered promiscuous mode [ 809.836291][T12849] veth1_vlan: entered promiscuous mode [ 809.927664][T12849] veth0_macvtap: entered promiscuous mode [ 809.966292][T12849] veth1_macvtap: entered promiscuous mode [ 810.347778][T12849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 810.358639][T12849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.373280][T12849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 810.385437][T12849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 810.405190][T12849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.418580][T12849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 810.444620][T12849] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.454673][T12849] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.463878][T12849] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.473502][T12849] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.635086][ T2978] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 811.688998][ T2978] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 811.897499][ T3504] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 811.937406][ T3504] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 812.057086][T13084] loop6: detected capacity change from 0 to 8 [ 812.236677][T13084] SQUASHFS error: xz decompression failed, data probably corrupt [ 812.245313][T13084] SQUASHFS error: Failed to read block 0x108: -5 [ 812.251880][T13084] SQUASHFS error: Unable to read metadata cache entry [106] [ 812.259902][T13084] SQUASHFS error: Unable to read inode 0x101f [ 814.048780][T10534] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 814.204921][T13096] 9pnet_fd: Insufficient options for proto=fd [ 815.581789][ T2978] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 818.188753][T13130] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1727'. [ 818.229503][T13130] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1727'. [ 820.526983][ T5085] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 822.389787][ T78] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 822.766393][T13179] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 822.775221][T13179] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 822.783769][T13179] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 822.968331][ T787] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 823.160052][ T787] usb 4-1: Using ep0 maxpacket: 32 [ 823.184886][ T787] usb 4-1: unable to get BOS descriptor or descriptor too short [ 823.216894][ T787] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 823.252172][ T787] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 823.283531][ T787] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 823.306577][ T787] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 823.327063][ T787] usb 4-1: Product: syz [ 823.336804][ T787] usb 4-1: Manufacturer: syz [ 823.351018][ T787] usb 4-1: SerialNumber: syz [ 823.670875][ T787] usb 4-1: USB disconnect, device number 16 [ 823.780717][T12889] udevd[12889]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 826.479723][ T5085] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 826.492563][ T5085] CPU: 0 PID: 5085 Comm: kworker/u5:1 Not tainted syzkaller #0 [ 826.500204][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 826.510313][ T5085] Workqueue: hci4 hci_rx_work [ 826.515064][ T5085] Call Trace: [ 826.518384][ T5085] [ 826.521371][ T5085] dump_stack_lvl+0x18c/0x250 [ 826.526121][ T5085] ? show_regs_print_info+0x20/0x20 [ 826.531398][ T5085] ? load_image+0x400/0x400 [ 826.535982][ T5085] sysfs_create_dir_ns+0x26e/0x2a0 [ 826.541162][ T5085] ? sysfs_warn_dup+0xa0/0xa0 [ 826.545896][ T5085] ? do_raw_spin_unlock+0x121/0x230 [ 826.551167][ T5085] kobject_add_internal+0x61c/0xcc0 [ 826.556430][ T5085] kobject_add+0x164/0x240 [ 826.560897][ T5085] ? __rwlock_init+0x150/0x150 [ 826.565707][ T5085] ? kobject_init+0x1e0/0x1e0 [ 826.570423][ T5085] ? _raw_spin_unlock+0x28/0x40 [ 826.575305][ T5085] ? get_device_parent+0x366/0x390 [ 826.580454][ T5085] device_add+0x408/0xc20 [ 826.584825][ T5085] hci_conn_add_sysfs+0xd5/0x1e0 [ 826.589792][ T5085] le_conn_complete_evt+0xf5d/0x1540 [ 826.595206][ T5085] ? hci_event_packet+0x4cb/0x1270 [ 826.600368][ T5085] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 826.606654][ T5085] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 826.612368][ T5085] ? skb_pull_data+0xfb/0x200 [ 826.617081][ T5085] hci_le_conn_complete_evt+0x187/0x440 [ 826.622689][ T5085] ? hci_remote_host_features_evt+0x150/0x150 [ 826.628788][ T5085] hci_event_packet+0x7ba/0x1270 [ 826.633757][ T5085] ? bis_list+0x290/0x290 [ 826.638112][ T5085] ? lockdep_hardirqs_on+0x98/0x150 [ 826.643343][ T5085] ? hci_send_to_monitor+0xd7/0x4f0 [ 826.648583][ T5085] hci_rx_work+0x43a/0xd60 [ 826.653042][ T5085] ? process_scheduled_works+0x96f/0x15d0 [ 826.658800][ T5085] process_scheduled_works+0xa5d/0x15d0 [ 826.664411][ T5085] ? assign_work+0x430/0x430 [ 826.669046][ T5085] ? assign_work+0x3d0/0x430 [ 826.673699][ T5085] worker_thread+0xa55/0xfc0 [ 826.678377][ T5085] kthread+0x2fa/0x390 [ 826.682493][ T5085] ? pr_cont_work+0x560/0x560 [ 826.687203][ T5085] ? kthread_blkcg+0xd0/0xd0 [ 826.691815][ T5085] ret_from_fork+0x48/0x80 [ 826.696263][ T5085] ? kthread_blkcg+0xd0/0xd0 [ 826.700882][ T5085] ret_from_fork_asm+0x11/0x20 [ 826.705695][ T5085] [ 826.710886][ T5085] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 826.725653][ T5085] Bluetooth: hci4: failed to register connection device [ 827.307654][T13214] loop7: detected capacity change from 0 to 8 [ 827.547094][T13214] SQUASHFS error: xz decompression failed, data probably corrupt [ 827.555262][T13214] SQUASHFS error: Failed to read block 0x108: -5 [ 827.561772][T13214] SQUASHFS error: Unable to read metadata cache entry [106] [ 827.569229][T13214] SQUASHFS error: Unable to read inode 0x101f [ 828.481552][T13223] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22 [ 828.490391][T13223] netdevsim netdevsim7: Direct firmware load for . failed with error -22 [ 828.498927][T13223] netdevsim netdevsim7: Falling back to sysfs fallback for: . [ 831.778611][ T27] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 831.989103][ T27] usb 8-1: Using ep0 maxpacket: 32 [ 832.000288][ T27] usb 8-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 832.019281][ T27] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 832.037586][ T27] usb 8-1: Product: syz [ 832.069244][ T27] usb 8-1: Manufacturer: syz [ 832.073922][ T27] usb 8-1: SerialNumber: syz [ 832.114317][ T27] usb 8-1: config 0 descriptor?? [ 832.163576][T10534] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 832.356460][ T27] RobotFuzz Open Source InterFace, OSIF 8-1:0.0: version d4.15 found at bus 008 address 002 [ 832.595626][T13249] i2c i2c-1: adapter quirk: no zero length (addr 0x0000, size 0, read) [ 832.634438][T12039] usb 8-1: USB disconnect, device number 2 [ 835.265456][T13286] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22 [ 835.289187][T13286] netdevsim netdevsim7: Direct firmware load for . failed with error -22 [ 835.322571][T13286] netdevsim netdevsim7: Falling back to sysfs fallback for: . [ 837.336278][ T5085] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 840.919033][ T787] kernel write not supported for file /snd/seq (pid: 787 comm: kworker/1:2) [ 843.814779][T10534] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 844.278110][T13403] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 844.288496][T13403] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 844.296946][T13403] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 844.500338][ T787] kernel write not supported for file /snd/seq (pid: 787 comm: kworker/1:2) [ 845.114239][T13421] netlink: 'syz.4.1794': attribute type 1 has an invalid length. [ 845.269899][T13421] 8021q: adding VLAN 0 to HW filter on device bond14 [ 845.304921][ T28] audit: type=1804 audit(1770585296.248:14): pid=13427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.1793" name="/newroot/88/bus/bus" dev="overlay" ino=500 res=1 errno=0 [ 847.883737][ T78] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 849.082658][T13459] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1804'. [ 851.073332][T13386] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 851.598376][T13182] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 851.809191][T13182] usb 8-1: Using ep0 maxpacket: 16 [ 851.829574][T13182] usb 8-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 851.856103][T13182] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 851.920197][T13182] usb 8-1: config 0 descriptor?? [ 851.947153][T13182] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 852.966495][ T8] usb 8-1: USB disconnect, device number 3 [ 854.453127][T12953] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 854.644187][T13386] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 855.316814][T13551] batadv_slave_1: entered promiscuous mode [ 859.342732][T13590] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1833'. [ 859.463834][T13593] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1833'. [ 861.992966][T13386] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 864.990054][T13643] 9pnet_fd: Insufficient options for proto=fd [ 868.344312][T13672] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1853'. [ 869.737269][T13676] 9pnet_fd: Insufficient options for proto=fd [ 870.042099][T13386] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 870.428920][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.435323][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 874.853720][T13721] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1854'. [ 874.897538][T13721] 8021q: adding VLAN 0 to HW filter on device bond4 [ 874.930837][T13721] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1854'. [ 874.940628][T13721] bond4: entered promiscuous mode [ 874.945711][T13721] bond4: entered allmulticast mode [ 874.958661][T13721] dummy0: entered promiscuous mode [ 874.964057][T13721] dummy0: entered allmulticast mode [ 874.970686][T13721] bond4: (slave dummy0): Enslaving as an active interface with an up link [ 875.103936][T13724] 9pnet_fd: Insufficient options for proto=fd [ 875.682479][T13736] fuse: Bad value for 'fd' [ 875.940775][T13744] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 875.949822][T13744] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 875.958373][T13744] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 876.394335][T13757] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1878'. [ 878.026173][T13757] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1878'. [ 878.087081][T13757] bond4: (slave dummy0): Releasing backup interface [ 878.115463][T13757] dummy0: left promiscuous mode [ 878.138525][T13757] dummy0: left allmulticast mode [ 878.288785][T13762] 9pnet_fd: Insufficient options for proto=fd [ 878.954049][T13771] fuse: Bad value for 'fd' [ 879.351841][ T49] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 879.492216][ T5085] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 879.538075][T13779] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1884'. [ 880.067699][T13786] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 880.076372][T13786] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 880.085196][T13786] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 881.508022][T13797] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1890'. [ 883.248559][T13797] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1890'. [ 883.494179][T13807] netlink: 168 bytes leftover after parsing attributes in process `syz.7.1895'. [ 886.398584][T12953] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 888.303194][T13828] fuse: Bad value for 'fd' [ 888.784619][T13835] 9pnet_fd: Insufficient options for proto=fd [ 890.165751][T13851] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 892.400709][T13867] 9pnet_fd: Insufficient options for proto=fd [ 892.491835][T13873] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22 [ 892.500417][T13873] netdevsim netdevsim6: Direct firmware load for . failed with error -22 [ 892.508993][T13873] netdevsim netdevsim6: Falling back to sysfs fallback for: . [ 893.064696][T13883] loop7: detected capacity change from 0 to 2048 [ 893.119347][T13884] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 893.538079][T13888] NILFS error (device loop7): nilfs_lookup: deleted inode referenced: 12 [ 893.785103][T13889] NILFS (loop7): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 893.801650][T13889] NILFS error (device loop7): nilfs_bmap_truncate: broken bmap (inode number=16) [ 893.930615][T13887] vivid-005: kernel_thread() failed [ 893.945386][T13888] Remounting filesystem read-only [ 893.950878][T13889] Remounting filesystem read-only [ 893.955969][T13889] NILFS (loop7): error -5 truncating bmap (ino=16) [ 894.211492][T12849] NILFS (loop7): discard dirty page: offset=4096, ino=6 [ 894.238622][T12849] NILFS (loop7): discard dirty block: blocknr=39, size=1024 [ 894.272431][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 894.307568][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 894.332577][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 894.361383][T12849] NILFS (loop7): disposed unprocessed dirty file(s) when detaching log writer [ 894.393634][T12849] NILFS (loop7): discard dirty page: offset=0, ino=16 [ 894.411902][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 894.438311][T12849] NILFS (loop7): discard dirty block: blocknr=24, size=1024 [ 894.466443][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 894.496356][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 894.519697][T12849] NILFS (loop7): discard dirty page: offset=0, ino=3 [ 894.527617][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 894.558384][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 894.567378][T12849] NILFS (loop7): discard dirty block: blocknr=44, size=1024 [ 894.600546][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 895.793892][T13910] netlink: 'syz.4.1919': attribute type 10 has an invalid length. [ 895.821119][T13910] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1919'. [ 895.856217][T13910] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.895289][T13910] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.920684][T13910] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.942862][T13910] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.038754][T13910] team0: Port device geneve0 added [ 897.998172][T13919] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 898.008308][T13919] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 898.017088][T13919] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 898.173138][T13923] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1933'. [ 898.899905][T13936] batadv_slave_1: entered promiscuous mode [ 899.032757][T13937] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 899.576576][T13946] loop3: detected capacity change from 0 to 2048 [ 899.720602][T13949] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 901.852267][T13955] NILFS error (device loop3): nilfs_lookup: deleted inode referenced: 12 [ 902.208724][T13958] NILFS (loop3): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 902.220155][T13958] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=16) [ 902.220603][T13955] Remounting filesystem read-only [ 902.229924][T13958] Remounting filesystem read-only [ 902.229942][T13958] NILFS (loop3): error -5 truncating bmap (ino=16) [ 902.356281][ T5771] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 902.384402][ T5771] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 902.392115][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 902.401280][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 902.411967][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 902.422740][ T5771] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 902.435393][ T5771] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 902.442619][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 902.460578][ T5771] NILFS (loop3): discard dirty block: blocknr=24, size=1024 [ 902.471750][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 902.482308][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 902.504942][ T5771] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 902.512709][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 902.522101][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 902.531466][ T5771] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 902.539266][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 902.626882][T13962] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 902.636284][T13962] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 902.645069][T13962] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 906.587121][T13986] loop7: detected capacity change from 0 to 2048 [ 906.800920][T13991] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 907.092815][T13993] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 907.102732][T13993] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 907.111462][T13993] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 908.582901][ T5085] Bluetooth: hci4: command 0x0406 tx timeout [ 908.703882][T13998] NILFS (loop7): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 908.715492][T13998] NILFS error (device loop7): nilfs_bmap_truncate: broken bmap (inode number=16) [ 908.726513][T13998] Remounting filesystem read-only [ 908.731732][T13998] NILFS (loop7): error -5 truncating bmap (ino=16) [ 908.885576][T12849] NILFS (loop7): discard dirty page: offset=4096, ino=6 [ 908.911038][T12849] NILFS (loop7): discard dirty block: blocknr=39, size=1024 [ 908.925735][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 908.938041][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 909.021775][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 909.085893][T12849] NILFS (loop7): disposed unprocessed dirty file(s) when detaching log writer [ 909.108394][T12849] NILFS (loop7): discard dirty page: offset=0, ino=16 [ 909.115981][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 909.162221][T12849] NILFS (loop7): discard dirty block: blocknr=24, size=1024 [ 909.189191][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 909.218298][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 909.235883][T12849] NILFS (loop7): discard dirty page: offset=0, ino=3 [ 909.250138][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 909.279318][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 909.303491][T12849] NILFS (loop7): discard dirty block: blocknr=44, size=1024 [ 909.318384][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 909.824474][T14020] 9pnet_fd: Insufficient options for proto=fd [ 911.508509][ T78] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 912.037856][T14028] loop4: detected capacity change from 0 to 2048 [ 912.122108][T14032] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 912.956777][T14034] vivid-009: kernel_thread() failed [ 912.982495][T14036] NILFS (loop4): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 912.993753][T14036] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [ 913.006661][T14036] Remounting filesystem read-only [ 913.011835][T14036] NILFS (loop4): error -5 truncating bmap (ino=16) [ 913.290618][ T6502] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 913.297834][ T6502] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 913.362100][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 913.418373][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 913.458373][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 913.473272][ T6502] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 913.507713][ T6502] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 913.530353][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 913.563342][ T6502] NILFS (loop4): discard dirty block: blocknr=24, size=1024 [ 913.585080][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 913.620679][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 913.651640][ T6502] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 913.670900][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 913.718281][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 913.749457][ T6502] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 913.773287][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 916.633300][T14054] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 916.641626][T14054] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 916.650132][T14054] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 920.321178][ T2989] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 922.496165][T14086] loop2: detected capacity change from 0 to 7 [ 922.524269][T14086] loop2: [ 922.527916][T14086] loop2: partition table partially beyond EOD, truncated [ 923.425464][T14094] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 923.505318][T14094] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 926.380092][T14105] loop8: detected capacity change from 0 to 8 [ 926.414507][T12889] Dev loop8: unable to read RDB block 8 [ 926.430018][T12889] loop8: unable to read partition table [ 926.443955][T12889] loop8: partition table beyond EOD, truncated [ 926.471279][T14105] Dev loop8: unable to read RDB block 8 [ 926.476945][T14105] loop8: unable to read partition table [ 926.498566][T14105] loop8: partition table beyond EOD, truncated [ 926.518763][T14105] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 926.673047][T14107] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22 [ 926.683026][T14107] netdevsim netdevsim6: Direct firmware load for . failed with error -22 [ 926.691685][T14107] netdevsim netdevsim6: Falling back to sysfs fallback for: . [ 928.466601][T14124] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 932.847493][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.854062][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.440042][T14147] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22 [ 933.462934][T14147] netdevsim netdevsim7: Direct firmware load for . failed with error -22 [ 933.617333][T14147] netdevsim netdevsim7: Falling back to sysfs fallback for: . [ 934.828453][T14162] siw: device registration error -23 [ 938.501472][T14183] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 940.058546][T14198] (null): rxe_set_mtu: Set mtu to 1024 [ 940.064302][T14198] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 942.958643][ T27] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 943.170885][ T27] usb 8-1: Using ep0 maxpacket: 32 [ 943.264567][ T27] usb 8-1: config 0 has an invalid interface number: 78 but max is 0 [ 943.274216][ T27] usb 8-1: config 0 has no interface number 0 [ 943.281084][ T27] usb 8-1: config 0 interface 78 has no altsetting 0 [ 943.299996][ T27] usb 8-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=9b.26 [ 943.309290][ T27] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 943.317402][ T27] usb 8-1: Product: syz [ 943.325633][ T27] usb 8-1: Manufacturer: syz [ 943.333545][ T27] usb 8-1: SerialNumber: syz [ 943.342863][ T27] usb 8-1: config 0 descriptor?? [ 943.434369][ T27] (null): radio-mr800 - initialization failed [ 943.442597][ T27] radio-mr800: probe of 8-1:0.78 failed with error -22 [ 943.450035][ T27] usbhid 8-1:0.78: couldn't find an input interrupt endpoint [ 943.559008][ T27] usb 8-1: USB disconnect, device number 4 [ 944.080077][T14229] (null): rxe_set_mtu: Set mtu to 1024 [ 944.089163][T14229] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 944.236757][T14231] loop6: detected capacity change from 0 to 8 [ 945.502030][ T3504] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 945.546979][T14231] SQUASHFS error: xz decompression failed, data probably corrupt [ 945.554958][T14231] SQUASHFS error: Failed to read block 0x108: -5 [ 945.561434][T14231] SQUASHFS error: Unable to read metadata cache entry [106] [ 945.568877][T14231] SQUASHFS error: Unable to read inode 0x101f [ 946.853142][T14247] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 948.648409][T14267] (null): rxe_set_mtu: Set mtu to 1024 [ 948.654353][T14267] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 950.385473][T14266] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2034'. [ 951.135586][T14266] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2034'. [ 951.348828][ T8] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 951.549443][ T8] usb 8-1: Using ep0 maxpacket: 32 [ 951.563702][ T8] usb 8-1: config 0 has an invalid interface number: 172 but max is 0 [ 951.580577][ T8] usb 8-1: config 0 has no interface number 0 [ 951.586920][ T8] usb 8-1: config 0 interface 172 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 952.166614][T14285] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2040'. [ 953.278068][ T8] usb 8-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 953.289331][ T8] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 953.297392][ T8] usb 8-1: Product: syz [ 953.301741][ T8] usb 8-1: Manufacturer: syz [ 953.306479][ T8] usb 8-1: SerialNumber: syz [ 953.323961][ T8] usb 8-1: config 0 descriptor?? [ 953.353928][ T8] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 953.588370][T12953] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 954.478668][ T8] gspca_pac7302: reg_w() failed i: 78 v: 40 error -110 [ 956.018293][ T8] gspca_pac7302: probe of 8-1:0.172 failed with error -110 [ 956.571524][T13182] usb 8-1: USB disconnect, device number 5 [ 957.237994][T14314] tmpfs: Unknown parameter 'fscontext' [ 957.950473][ T28] audit: type=1326 audit(1770585408.308:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14306 comm="syz.7.2047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f879aeb9 code=0x7fc00000 [ 958.034697][ T28] audit: type=1326 audit(1770585408.308:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14306 comm="syz.7.2047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f48f879aeb9 code=0x7fc00000 [ 958.228846][ T28] audit: type=1326 audit(1770585408.308:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14306 comm="syz.7.2047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f879aeb9 code=0x7fc00000 [ 958.251714][ T28] audit: type=1326 audit(1770585408.308:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14306 comm="syz.7.2047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f879aeb9 code=0x7fc00000 [ 958.274976][ T28] audit: type=1326 audit(1770585408.308:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14306 comm="syz.7.2047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f879aeb9 code=0x7fc00000 [ 958.301795][ T28] audit: type=1326 audit(1770585408.308:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14306 comm="syz.7.2047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f879aeb9 code=0x7fc00000 [ 958.324931][ T28] audit: type=1326 audit(1770585408.308:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14306 comm="syz.7.2047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f879aeb9 code=0x7fc00000 [ 958.349740][ T28] audit: type=1326 audit(1770585408.308:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14306 comm="syz.7.2047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f879aeb9 code=0x7fc00000 [ 958.378684][ T28] audit: type=1326 audit(1770585408.308:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14306 comm="syz.7.2047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f879aeb9 code=0x7fc00000 [ 958.403028][ T28] audit: type=1326 audit(1770585408.308:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14306 comm="syz.7.2047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48f879aeb9 code=0x7fc00000 [ 958.599047][T14327] loop8: detected capacity change from 0 to 8 [ 958.607874][T14327] Dev loop8: unable to read RDB block 8 [ 958.617493][T14327] loop8: unable to read partition table [ 958.623746][T14327] loop8: partition table beyond EOD, truncated [ 958.640592][T14327] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 959.398398][T14336] (null): rxe_set_mtu: Set mtu to 1024 [ 959.404564][T14336] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 960.998931][T14338] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 962.768409][T14367] (null): rxe_set_mtu: Set mtu to 1024 [ 962.776087][T14367] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 964.538433][ T5885] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 964.728692][ T5885] usb 5-1: Using ep0 maxpacket: 8 [ 964.745806][ T5885] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 964.768289][ T5885] usb 5-1: config 179 has no interface number 0 [ 964.788382][ T5885] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 964.820555][ T5885] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 964.868565][ T5885] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 964.899969][ T5885] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 964.918514][ T5885] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 964.948352][ T5885] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 964.969023][ T5885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 965.001330][T14373] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 965.109128][T14380] loop7: detected capacity change from 0 to 2048 [ 965.203013][T14381] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 966.333742][T14386] NILFS (loop7): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 966.344555][T14386] NILFS error (device loop7): nilfs_bmap_truncate: broken bmap (inode number=16) [ 966.359571][T14386] Remounting filesystem read-only [ 966.364692][T14386] NILFS (loop7): error -5 truncating bmap (ino=16) [ 966.409539][ T5885] usb 5-1: USB disconnect, device number 12 [ 966.409604][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 966.424081][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 966.565471][T12849] NILFS (loop7): discard dirty page: offset=4096, ino=6 [ 966.594669][T12849] NILFS (loop7): discard dirty block: blocknr=39, size=1024 [ 966.619073][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 966.628116][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 966.648435][T14393] IPv6: NLM_F_CREATE should be specified when creating new route [ 966.658552][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 966.708569][T12849] NILFS (loop7): disposed unprocessed dirty file(s) when detaching log writer [ 966.752361][T12849] NILFS (loop7): discard dirty page: offset=0, ino=16 [ 966.766298][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 966.800814][T12849] NILFS (loop7): discard dirty block: blocknr=24, size=1024 [ 966.853562][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 966.909169][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 966.934659][T12849] NILFS (loop7): discard dirty page: offset=0, ino=3 [ 967.159479][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 967.215339][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 967.313615][T12849] NILFS (loop7): discard dirty block: blocknr=44, size=1024 [ 967.321691][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 968.062751][T14404] (null): rxe_set_mtu: Set mtu to 1024 [ 968.069891][T14404] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 969.612842][T14401] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2071'. [ 970.910477][T14414] loop4: detected capacity change from 0 to 2048 [ 971.004467][T14416] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 971.754213][T14420] NILFS error (device loop4): nilfs_lookup: deleted inode referenced: 12 [ 971.773859][T14418] vivid-009: kernel_thread() failed [ 971.789287][T14421] NILFS (loop4): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 971.801110][T14421] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [ 971.924367][T14420] Remounting filesystem read-only [ 971.924380][T14421] Remounting filesystem read-only [ 971.924395][T14421] NILFS (loop4): error -5 truncating bmap (ino=16) [ 972.052026][ T6502] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 972.078265][ T6502] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 972.126882][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 972.159545][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 972.188954][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 972.229489][ T6502] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 972.262390][ T6502] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 972.276055][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 972.296041][ T6502] NILFS (loop4): discard dirty block: blocknr=24, size=1024 [ 972.316604][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 972.339705][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 972.361152][ T6502] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 972.367901][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 972.408606][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 972.417559][ T6502] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 972.448287][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 975.619579][T14440] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 976.738342][T14453] syz2: rxe_newlink: already configured on ipvlan0 [ 978.030150][ T78] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 978.494125][T14455] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2086'. [ 979.910305][T14459] loop7: detected capacity change from 0 to 2048 [ 979.993272][T14466] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 980.501654][T14472] NILFS (loop7): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 980.512949][T14472] NILFS error (device loop7): nilfs_bmap_truncate: broken bmap (inode number=16) [ 980.555465][T14472] Remounting filesystem read-only [ 980.560784][T14472] NILFS (loop7): error -5 truncating bmap (ino=16) [ 981.060554][T12849] NILFS (loop7): discard dirty page: offset=4096, ino=6 [ 981.067633][T12849] NILFS (loop7): discard dirty block: blocknr=39, size=1024 [ 981.132165][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 981.174052][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 981.183214][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 981.197342][T12849] NILFS (loop7): disposed unprocessed dirty file(s) when detaching log writer [ 981.206403][T12849] NILFS (loop7): discard dirty page: offset=0, ino=16 [ 981.213345][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 981.223220][T12849] NILFS (loop7): discard dirty block: blocknr=24, size=1024 [ 981.230688][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 981.250405][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 981.272733][T12849] NILFS (loop7): discard dirty page: offset=0, ino=3 [ 981.286665][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 981.306240][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 981.341956][T12849] NILFS (loop7): discard dirty block: blocknr=44, size=1024 [ 981.350894][T12849] NILFS (loop7): discard dirty block: blocknr=18446744073709551615, size=1024 [ 982.118313][ T8] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 982.320046][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 982.335985][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 982.354962][ T8] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 982.394088][ T8] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 982.414270][ T8] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 982.442071][ T8] usb 4-1: Product: syz [ 982.447071][ T8] usb 4-1: Manufacturer: syz [ 982.452808][ T8] usb 4-1: SerialNumber: syz [ 982.464592][ T8] appletouch 4-1:1.0: Could not find int-in endpoint [ 982.474640][ T8] appletouch: probe of 4-1:1.0 failed with error -5 [ 982.483618][ T8] usbhid 4-1:1.0: couldn't find an input interrupt endpoint [ 982.677243][ T8] usb 4-1: USB disconnect, device number 17 [ 984.699386][T14504] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 987.532581][T12953] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 988.440949][T14519] loop2: detected capacity change from 0 to 7 [ 988.469213][T14519] Dev loop2: unable to read RDB block 7 [ 988.498509][T14519] loop2: AHDI p1 p2 p3 [ 988.538330][T14519] loop2: partition table partially beyond EOD, truncated [ 988.634755][T14519] loop2: p1 start 1818582900 is beyond EOD, truncated [ 988.686044][T14519] loop2: p3 start 335544320 is beyond EOD, truncated [ 989.384367][T14532] (null): rxe_set_mtu: Set mtu to 1024 [ 991.853476][T14532] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 992.414446][T14546] loop4: detected capacity change from 0 to 2048 [ 992.511410][T14548] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 993.090502][T14554] NILFS (loop4): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 993.102936][T14554] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [ 993.134623][T14554] Remounting filesystem read-only [ 993.139968][T14554] NILFS (loop4): error -5 truncating bmap (ino=16) [ 993.324130][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.330854][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.451676][T14556] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2114'. [ 993.486112][T14556] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2114'. [ 993.656127][ T6502] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 993.674245][ T6502] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 993.686749][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 993.701690][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 993.717253][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 993.729722][ T6502] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 993.740345][ T6502] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 993.747180][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 993.767886][ T6502] NILFS (loop4): discard dirty block: blocknr=24, size=1024 [ 993.775679][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 993.785024][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 993.812919][ T6502] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 993.831117][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 993.842872][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 993.865351][ T6502] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 993.876816][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 998.165090][T14588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2124'. [ 998.179933][T14588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2124'. [ 999.347212][T14592] loop3: detected capacity change from 0 to 2048 [ 999.358328][T14595] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22 [ 999.367723][T14595] netdevsim netdevsim7: Direct firmware load for . failed with error -22 [ 999.376505][T14595] netdevsim netdevsim7: Falling back to sysfs fallback for: . [ 1000.221969][T14597] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1001.027162][T14599] vivid-007: kernel_thread() failed [ 1001.265332][T14602] NILFS (loop3): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 1001.278311][T14602] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=16) [ 1001.291929][T14602] Remounting filesystem read-only [ 1001.297004][T14602] NILFS (loop3): error -5 truncating bmap (ino=16) [ 1001.449496][ T5771] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 1001.457241][ T5771] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 1001.469571][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1001.479879][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1001.496448][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1001.534857][ T5771] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 1001.562321][ T5771] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 1001.584649][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1001.639973][ T5771] NILFS (loop3): discard dirty block: blocknr=24, size=1024 [ 1001.647351][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1001.684211][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1001.696213][ T5771] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 1001.703092][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1001.712115][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1001.721088][ T5771] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 1001.728493][ T5771] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1005.147254][T14625] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2133'. [ 1005.240807][T14625] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2133'. [ 1005.594718][T14633] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 1005.603209][T14633] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 1005.612560][T14633] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 1006.986244][T14642] loop4: detected capacity change from 0 to 2048 [ 1007.142558][T14643] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1008.476904][T14650] vivid-009: kernel_thread() failed [ 1008.664576][T14652] NILFS (loop4): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 1008.675380][T14652] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [ 1008.695199][T14652] Remounting filesystem read-only [ 1008.700553][T14652] NILFS (loop4): error -5 truncating bmap (ino=16) [ 1009.029176][ T6502] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 1009.036234][ T6502] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 1009.079450][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1009.828461][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1009.837415][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1009.900826][ T6502] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 1009.929422][ T6502] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 1009.936274][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1009.958512][ T6502] NILFS (loop4): discard dirty block: blocknr=24, size=1024 [ 1009.965896][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1009.999203][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1010.026983][ T6502] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 1010.034092][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1010.131794][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1011.067583][ T6502] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 1011.139065][ T6502] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1011.229517][T10622] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1011.441373][T14660] orangefs_mount: mount request failed with -4 [ 1011.695171][T14677] 9pnet_fd: Insufficient options for proto=fd [ 1012.826556][T14689] loop4: detected capacity change from 0 to 2048 [ 1012.858552][ T27] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 1012.893848][T14693] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1013.048500][ T27] usb 8-1: Using ep0 maxpacket: 32 [ 1013.067936][ T27] usb 8-1: unable to get BOS descriptor or descriptor too short [ 1013.095989][ T27] usb 8-1: config 244 has an invalid interface number: 201 but max is 0 [ 1013.127643][ T27] usb 8-1: config 244 has an invalid descriptor of length 0, skipping remainder of the config [ 1013.175321][ T27] usb 8-1: config 244 has no interface number 0 [ 1013.194399][ T27] usb 8-1: string descriptor 0 read error: -22 [ 1013.201994][ T27] usb 8-1: New USB device found, idVendor=0582, idProduct=0080, bcdDevice=bf.00 [ 1013.214220][ T27] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1013.402292][T14696] NILFS error (device loop4): nilfs_lookup: deleted inode referenced: 12 [ 1013.418853][T14696] Remounting filesystem read-only [ 1014.000453][T12039] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1014.625311][T14705] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2153'. [ 1015.758316][T12039] usb 4-1: Using ep0 maxpacket: 16 [ 1015.765583][T12039] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1015.789507][T12039] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1015.801965][T12039] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1015.815455][T12039] usb 4-1: Product: syz [ 1015.820190][T12039] usb 4-1: Manufacturer: syz [ 1015.826484][T12039] usb 4-1: SerialNumber: syz [ 1015.835322][T12039] usb 4-1: config 0 descriptor?? [ 1015.861375][T12039] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1015.887830][ T27] usb 8-1: USB disconnect, device number 6 [ 1015.911609][T12039] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 1016.482761][T12039] em28xx 4-1:0.0: chip ID is em2874 [ 1017.709378][T12039] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1017.764893][T12039] em28xx 4-1:0.0: board has no eeprom [ 1018.068340][T12039] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1018.086627][T12039] em28xx 4-1:0.0: dvb set to bulk mode. [ 1018.097313][T13182] em28xx 4-1:0.0: Binding DVB extension [ 1018.644407][T14727] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2163'. [ 1019.729261][T12039] usb 4-1: USB disconnect, device number 18 [ 1019.855563][T12039] em28xx 4-1:0.0: Disconnecting em28xx [ 1020.058804][T13182] em28xx 4-1:0.0: Registering input extension [ 1020.119925][T14737] 9pnet_fd: Insufficient options for proto=fd [ 1021.118459][T13182] rc_core: IR keymap rc-pinnacle-pctv-hd not found [ 1021.142611][T13182] Registered IR keymap rc-empty [ 1021.199325][T13182] rc rc0: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 1021.266509][T13182] input: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input11 [ 1021.318821][T13182] em28xx 4-1:0.0: Input extension successfully initialized [ 1021.326549][T12039] em28xx 4-1:0.0: Closing input extension [ 1021.572322][T12039] em28xx 4-1:0.0: Freeing device [ 1022.970233][T14759] loop6: detected capacity change from 0 to 8 [ 1023.821264][T14759] SQUASHFS error: xz decompression failed, data probably corrupt [ 1023.829218][T14759] SQUASHFS error: Failed to read block 0x108: -5 [ 1023.835596][T14759] SQUASHFS error: Unable to read metadata cache entry [106] [ 1023.843021][T14759] SQUASHFS error: Unable to read inode 0x101f [ 1026.288623][T14771] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2173'. [ 1030.092757][T14792] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2180'. [ 1038.560359][T13182] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 1038.748436][T13182] usb 8-1: Using ep0 maxpacket: 16 [ 1038.778702][T13182] usb 8-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 218, changing to 11 [ 1038.808273][T13182] usb 8-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid maxpacket 33134, setting to 1024 [ 1038.828267][ T28] kauditd_printk_skb: 56 callbacks suppressed [ 1038.828284][ T28] audit: type=1326 audit(1770585489.758:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14854 comm="syz.3.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc261f9aeb9 code=0x7ffc0000 [ 1038.868312][T13182] usb 8-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 1038.891899][T13182] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1038.908412][T13182] usb 8-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 1038.908973][ T28] audit: type=1326 audit(1770585489.758:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14854 comm="syz.3.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc261f9aeb9 code=0x7ffc0000 [ 1038.917495][T13182] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1039.022247][ T28] audit: type=1326 audit(1770585489.768:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14854 comm="syz.3.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc261f9aeb9 code=0x7ffc0000 [ 1039.059822][T13182] usb 8-1: config 0 descriptor?? [ 1040.685453][ T28] audit: type=1326 audit(1770585489.768:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14854 comm="syz.3.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc261f9aeb9 code=0x7ffc0000 [ 1040.722692][ T28] audit: type=1326 audit(1770585489.768:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14854 comm="syz.3.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7fc261f9aeb9 code=0x7ffc0000 [ 1040.751959][ T28] audit: type=1326 audit(1770585489.768:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14854 comm="syz.3.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc261f9aeb9 code=0x7ffc0000 [ 1040.777939][ T28] audit: type=1326 audit(1770585489.768:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14854 comm="syz.3.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fc261f9aeb9 code=0x7ffc0000 [ 1040.820103][ T28] audit: type=1326 audit(1770585489.768:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14854 comm="syz.3.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fc261f9aeb9 code=0x7ffc0000 [ 1040.918082][T14844] netlink: 80 bytes leftover after parsing attributes in process `syz.7.2197'. [ 1040.951876][T13182] usbhid 8-1:0.0: can't add hid device: -71 [ 1042.557612][T13182] usbhid: probe of 8-1:0.0 failed with error -71 [ 1042.585902][T13182] usb 8-1: USB disconnect, device number 7 [ 1043.194346][T12282] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1043.233829][T14870] loop4: detected capacity change from 0 to 8 [ 1043.445273][T14870] SQUASHFS error: xz decompression failed, data probably corrupt [ 1043.453258][T14870] SQUASHFS error: Failed to read block 0x108: -5 [ 1043.459764][T14870] SQUASHFS error: Unable to read metadata cache entry [106] [ 1043.467166][T14870] SQUASHFS error: Unable to read inode 0x101f [ 1044.015253][T12889] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1045.131931][T14893] (null): rxe_set_mtu: Set mtu to 1024 [ 1045.139340][T14893] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 1050.724285][T12953] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1053.458388][T14938] (null): rxe_set_mtu: Set mtu to 1024 [ 1055.313295][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1055.319996][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.465986][T14938] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 1057.752014][T14973] 9pnet_fd: Insufficient options for proto=fd [ 1058.321917][T14981] (null): rxe_set_mtu: Set mtu to 1024 [ 1058.329717][T14981] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 1060.132938][T14984] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2236'. [ 1060.200145][T14984] 8021q: adding VLAN 0 to HW filter on device bond15 [ 1060.982892][T14988] bond15: (slave dummy0): Enslaving as an active interface with an up link [ 1065.583496][T15035] 9pnet_fd: Insufficient options for proto=fd [ 1065.787276][T15037] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1065.794644][T15037] IPv6: NLM_F_CREATE should be set when creating new route [ 1067.862603][T12240] hid-generic 0080:0005:FFFFFFFE.0006: unknown main item tag 0x0 [ 1067.879212][T12240] hid-generic 0080:0005:FFFFFFFE.0006: unknown main item tag 0x0 [ 1067.938815][T12240] hid-generic 0080:0005:FFFFFFFE.0006: hidraw0: HID v0.03 Device [syz0] on syz1 [ 1068.135998][T15060] fido_id[15060]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1070.635496][T15075] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 1070.644126][T15075] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 1070.652838][T15075] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 1072.302753][T15084] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2269'. [ 1072.442447][T15084] 8021q: adding VLAN 0 to HW filter on device bond16 [ 1072.851264][T15086] bond15: (slave dummy0): Releasing backup interface [ 1072.935214][T15086] bond16: (slave dummy0): Enslaving as an active interface with an up link [ 1075.199603][ T78] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1076.616475][T15107] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 1076.626105][T15107] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 1076.654265][T15107] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 1082.228621][T10622] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1082.412586][T15140] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22 [ 1082.421258][T15140] netdevsim netdevsim7: Direct firmware load for . failed with error -22 [ 1082.429948][T15140] netdevsim netdevsim7: Falling back to sysfs fallback for: . [ 1088.511000][T15185] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22 [ 1088.519724][T15185] netdevsim netdevsim6: Direct firmware load for . failed with error -22 [ 1088.528479][T15185] netdevsim netdevsim6: Falling back to sysfs fallback for: . [ 1092.132950][ T5085] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1092.203879][T15214] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1092.420180][ T5085] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1092.461514][ T5085] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1092.501284][ T5085] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1092.535992][ T5085] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1092.547289][ T5085] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1094.055035][T15223] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22 [ 1094.064044][T15223] netdevsim netdevsim7: Direct firmware load for . failed with error -22 [ 1094.072887][T15223] netdevsim netdevsim7: Falling back to sysfs fallback for: . [ 1095.498546][T13386] Bluetooth: hci0: command tx timeout [ 1097.012486][T15212] chnl_net:caif_netlink_parms(): no params data found [ 1097.520496][T13386] Bluetooth: hci0: command tx timeout [ 1097.742801][T15253] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22 [ 1097.752469][T15253] netdevsim netdevsim6: Direct firmware load for . failed with error -22 [ 1097.761939][T15253] netdevsim netdevsim6: Falling back to sysfs fallback for: . [ 1098.376678][T15212] bridge0: port 1(bridge_slave_0) entered blocking state [ 1098.418478][T15212] bridge0: port 1(bridge_slave_0) entered disabled state [ 1098.425986][T15212] bridge_slave_0: entered allmulticast mode [ 1098.440362][T15212] bridge_slave_0: entered promiscuous mode [ 1098.456218][T15212] bridge0: port 2(bridge_slave_1) entered blocking state [ 1098.465926][T15212] bridge0: port 2(bridge_slave_1) entered disabled state [ 1098.477758][T15212] bridge_slave_1: entered allmulticast mode [ 1098.497271][T15212] bridge_slave_1: entered promiscuous mode [ 1098.607558][T15212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1098.680840][T15212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1099.429611][T15212] team0: Port device team_slave_0 added [ 1099.548533][T15212] team0: Port device team_slave_1 added [ 1101.197860][T13386] Bluetooth: hci0: command tx timeout [ 1101.271752][T15212] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1101.283607][T15212] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1101.317930][T15212] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1101.361021][T15212] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1101.368039][T15212] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1101.439098][T15212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1101.564552][T15212] hsr_slave_0: entered promiscuous mode [ 1101.608655][T15212] hsr_slave_1: entered promiscuous mode [ 1101.621210][T15212] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1101.629594][T15212] Cannot create hsr debugfs directory [ 1101.764938][T15279] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1103.468631][T13386] Bluetooth: hci0: command tx timeout [ 1103.776919][T15290] input: syz1 as /devices/virtual/input/input12 [ 1104.747772][T15212] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1106.416739][T15212] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1106.461720][T15212] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1106.492775][T15212] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1107.255481][T10622] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1108.685313][T15212] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1108.877111][T15212] 8021q: adding VLAN 0 to HW filter on device team0 [ 1108.933131][ T3504] bridge0: port 1(bridge_slave_0) entered blocking state [ 1108.940483][ T3504] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1108.994657][ T3504] bridge0: port 2(bridge_slave_1) entered blocking state [ 1109.001934][ T3504] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1109.316172][ T28] audit: type=1326 audit(1770585560.250:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15324 comm="syz.6.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58d759aeb9 code=0x7ffc0000 [ 1109.436375][ T28] audit: type=1326 audit(1770585560.250:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15324 comm="syz.6.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58d759aeb9 code=0x7ffc0000 [ 1109.698638][ T28] audit: type=1326 audit(1770585560.280:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15324 comm="syz.6.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f58d759aeb9 code=0x7ffc0000 [ 1110.052075][ T28] audit: type=1326 audit(1770585560.300:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15324 comm="syz.6.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58d753c2d9 code=0x7ffc0000 [ 1110.095574][ T28] audit: type=1326 audit(1770585560.300:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15324 comm="syz.6.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58d753c2d9 code=0x7ffc0000 [ 1110.174518][ T28] audit: type=1326 audit(1770585560.300:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15324 comm="syz.6.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58d753c2d9 code=0x7ffc0000 [ 1110.199132][T15212] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1110.227030][ T28] audit: type=1326 audit(1770585560.300:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15324 comm="syz.6.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58d753c2d9 code=0x7ffc0000 [ 1110.254498][ T28] audit: type=1326 audit(1770585560.300:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15324 comm="syz.6.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58d753c2d9 code=0x7ffc0000 [ 1110.318024][ T28] audit: type=1326 audit(1770585560.300:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15324 comm="syz.6.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58d753c2d9 code=0x7ffc0000 [ 1110.390954][ T28] audit: type=1326 audit(1770585560.300:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15324 comm="syz.6.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58d753c2d9 code=0x7ffc0000 [ 1114.202763][T15212] veth0_vlan: entered promiscuous mode [ 1114.230417][ T2989] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1114.261604][T15212] veth1_vlan: entered promiscuous mode [ 1114.378673][T15212] veth0_macvtap: entered promiscuous mode [ 1114.405290][T15212] veth1_macvtap: entered promiscuous mode [ 1114.473376][T15212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1114.498268][T15212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1114.520326][T15212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1114.549058][T15212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1114.574708][T15212] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1114.599742][T15357] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2344'. [ 1114.612726][T15212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1114.640545][T15212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1114.662698][T15212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1114.690479][T15212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1114.711917][T15212] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1114.763959][T15212] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1114.798571][T15212] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1114.807450][T15212] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1114.848211][T15212] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1116.616714][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.625129][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.789931][T12953] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1116.829014][T12953] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1116.878762][T15332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1116.886685][T15332] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1120.211683][T15388] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2346'. [ 1122.896169][T15405] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2357'. [ 1123.264468][T15407] loop6: detected capacity change from 0 to 8 [ 1123.443681][T15407] SQUASHFS error: xz decompression failed, data probably corrupt [ 1123.452583][T15407] SQUASHFS error: Failed to read block 0x108: -5 [ 1123.459164][T15407] SQUASHFS error: Unable to read metadata cache entry [106] [ 1123.466806][T15407] SQUASHFS error: Unable to read inode 0x101f [ 1123.554481][T13002] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1132.214860][T15453] loop6: detected capacity change from 0 to 8 [ 1133.419086][T15453] SQUASHFS error: xz decompression failed, data probably corrupt [ 1133.426955][T15453] SQUASHFS error: Failed to read block 0x108: -5 [ 1133.433581][T15453] SQUASHFS error: Unable to read metadata cache entry [106] [ 1133.442346][T15453] SQUASHFS error: Unable to read inode 0x101f [ 1134.575243][T15461] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2371'. [ 1136.106941][T15469] Mount JFS Failure: -22 [ 1136.112343][T15469] jfs_mount failed w/return code = -22 [ 1137.256556][T15478] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2378'. [ 1140.471255][T15332] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1141.371307][T15510] 9pnet_fd: Insufficient options for proto=fd [ 1143.603074][T11754] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 1144.375536][T11754] usb 5-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 1144.401483][T11754] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1144.583750][T11754] usb 5-1: Product: syz [ 1144.588008][T11754] usb 5-1: Manufacturer: syz [ 1144.602989][T11754] usb 5-1: SerialNumber: syz [ 1144.835307][T11754] usb 5-1: config 0 descriptor?? [ 1145.009006][T11754] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 1145.084154][T11754] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1145.124743][T11754] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 1145.169723][T15535] dvb-usb: bulk message failed: -22 (7/0) [ 1145.197217][T11754] usb 5-1: media controller created [ 1145.307285][T11754] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1145.523869][T15555] 9pnet_fd: Insufficient options for proto=fd [ 1146.042275][T15553] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2400'. [ 1146.437405][T11754] DVB: Unable to find symbol mt352_attach() [ 1146.445104][T15553] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1147.518747][T15332] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1147.629317][T11754] DVB: Unable to find symbol nxt6000_attach() [ 1147.656971][T11754] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 1147.731218][T11754] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input14 [ 1147.833450][T11754] dvb-usb: schedule remote query interval to 1000 msecs. [ 1147.861846][T11754] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 1147.892767][T11754] dvb-usb: bulk message failed: -22 (7/0) [ 1148.089635][T11754] dvb-usb: bulk message failed: -22 (7/0) [ 1148.314373][T11754] usb 5-1: USB disconnect, device number 13 [ 1149.121830][T15590] 9pnet_fd: Insufficient options for proto=fd [ 1149.525067][T11754] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 1149.728843][T15594] comedi comedi2: s526: I/O port conflict (0xb013,64) [ 1152.151593][T15609] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2414'. [ 1158.265567][T11754] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 1158.668968][ T787] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 1158.939095][ T787] usb 8-1: device descriptor read/64, error -71 [ 1159.245266][T11754] usb 7-1: Using ep0 maxpacket: 32 [ 1159.246443][ T787] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 1159.278682][T11754] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1159.298176][T11754] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1159.324092][T11754] usb 7-1: config 0 descriptor?? [ 1159.346268][T15655] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2428'. [ 1159.382889][T15655] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2428'. [ 1159.448586][ T787] usb 8-1: device descriptor read/64, error -71 [ 1159.547896][T11754] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1159.576005][T11754] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1159.588615][ T787] usb usb8-port1: attempt power cycle [ 1161.222369][T11754] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1161.229929][T11754] usb 7-1: media controller created [ 1161.257518][T11754] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1161.382028][T11754] az6027: usb out operation failed. (-71) [ 1161.405903][T11754] az6027: usb out operation failed. (-71) [ 1161.429532][T11754] stb0899_attach: Driver disabled by Kconfig [ 1161.435614][T11754] az6027: no front-end attached [ 1161.435614][T11754] [ 1161.483192][T11754] az6027: usb out operation failed. (-71) [ 1161.497440][T11754] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1161.519459][T11754] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input15 [ 1161.564569][T11754] dvb-usb: schedule remote query interval to 400 msecs. [ 1161.595792][T11754] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1161.649425][T11754] usb 7-1: USB disconnect, device number 4 [ 1161.803142][T11754] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1162.469449][T15678] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2436'. [ 1169.729184][ T787] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 1172.535353][T15332] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1172.651023][ T787] usb 9-1: device descriptor read/all, error -71 [ 1177.595868][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.602396][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1179.807905][T15332] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1190.399485][T11754] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 1190.618612][T11754] usb 5-1: Using ep0 maxpacket: 16 [ 1190.633519][T11754] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1190.648339][T11754] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1190.675998][T11754] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1190.729774][T11754] usb 5-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00 [ 1190.760083][T11754] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1190.800766][T11754] usb 5-1: config 0 descriptor?? [ 1192.969936][T11754] hid-u2fzero 0003:10C4:8ACF.0007: unknown main item tag 0x0 [ 1192.998200][T11754] hid-u2fzero 0003:10C4:8ACF.0007: unknown main item tag 0x0 [ 1193.005690][T11754] hid-u2fzero 0003:10C4:8ACF.0007: unknown main item tag 0x0 [ 1193.048696][T11754] hid-u2fzero 0003:10C4:8ACF.0007: unknown main item tag 0x0 [ 1193.058241][T11754] hid-u2fzero 0003:10C4:8ACF.0007: unknown main item tag 0x0 [ 1193.085857][T11754] hid-u2fzero 0003:10C4:8ACF.0007: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.4-1/input0 [ 1194.740949][T11754] hid-u2fzero 0003:10C4:8ACF.0007: U2F Zero LED initialised [ 1194.749419][T11754] general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN [ 1194.761277][T11754] KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af] [ 1194.769731][T11754] CPU: 0 PID: 11754 Comm: kworker/0:1 Not tainted syzkaller #0 [ 1194.777334][T11754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1194.787416][T11754] Workqueue: usb_hub_wq hub_event [ 1194.792487][T11754] RIP: 0010:u2fzero_rng_read+0x2a1/0x700 [ 1194.798177][T11754] Code: 89 cc 80 3c 01 00 74 08 4c 89 ef e8 59 8c e6 f9 bb a8 00 00 00 49 03 5d 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 d1 8c e6 f9 48 8d 44 24 60 48 89 03 [ 1194.817886][T11754] RSP: 0018:ffffc90003876780 EFLAGS: 00010202 [ 1194.823993][T11754] RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000 [ 1194.831995][T11754] RDX: 0000000000000000 RSI: ffffc900038768a0 RDI: ffff88805dfe8168 [ 1194.839990][T11754] RBP: ffffc90003876998 R08: 0000000000000000 R09: 0000000000000000 [ 1194.847983][T11754] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1100f366e06 [ 1194.856071][T11754] R13: ffff888079b37030 R14: 1ffff1100f366e83 R15: 1ffff9200070ecf8 [ 1194.864156][T11754] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1194.873301][T11754] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1194.879913][T11754] CR2: 000000110c41976a CR3: 000000000cf32000 CR4: 00000000003506f0 [ 1194.887921][T11754] Call Trace: [ 1194.891231][T11754] [ 1194.894188][T11754] ? u2fzero_brightness_set+0x2e0/0x2e0 [ 1194.899784][T11754] ? set_current_rng+0x3d0/0x3d0 [ 1194.904755][T11754] ? mutex_unlock+0x10/0x10 [ 1194.909294][T11754] ? u2fzero_brightness_set+0x2e0/0x2e0 [ 1194.914959][T11754] add_early_randomness+0x7a/0x1a0 [ 1194.920190][T11754] hwrng_register+0x3db/0x4a0 [ 1194.924901][T11754] devm_hwrng_register+0x47/0xb0 [ 1194.929871][T11754] u2fzero_probe+0x348/0x460 [ 1194.934592][T11754] hid_device_probe+0x293/0x5b0 [ 1194.939478][T11754] ? hid_uevent+0x350/0x350 [ 1194.944004][T11754] really_probe+0x25b/0xb20 [ 1194.948540][T11754] ? pm_runtime_barrier+0x14b/0x1c0 [ 1194.953768][T11754] __driver_probe_device+0x18c/0x330 [ 1194.959087][T11754] driver_probe_device+0x4f/0x420 [ 1194.964142][T11754] __device_attach_driver+0x2ca/0x510 [ 1194.969543][T11754] bus_for_each_drv+0x252/0x2e0 [ 1194.974511][T11754] ? coredump_store+0x90/0x90 [ 1194.979222][T11754] ? bus_find_device+0x300/0x300 [ 1194.984191][T11754] __device_attach+0x2c2/0x420 [ 1194.988988][T11754] ? device_attach+0x20/0x20 [ 1194.993607][T11754] ? do_raw_spin_unlock+0x121/0x230 [ 1194.998866][T11754] bus_probe_device+0x180/0x260 [ 1195.003866][T11754] device_add+0x85b/0xc20 [ 1195.008235][T11754] hid_add_device+0x38d/0x530 [ 1195.012958][T11754] usbhid_probe+0xe02/0x1220 [ 1195.017683][T11754] usb_probe_interface+0x5c9/0xb20 [ 1195.022835][T11754] ? usb_register_driver+0x3d0/0x3d0 [ 1195.028330][T11754] really_probe+0x25b/0xb20 [ 1195.032867][T11754] ? pm_runtime_barrier+0x14b/0x1c0 [ 1195.038312][T11754] __driver_probe_device+0x18c/0x330 [ 1195.043725][T11754] driver_probe_device+0x4f/0x420 [ 1195.048778][T11754] __device_attach_driver+0x2ca/0x510 [ 1195.054275][T11754] bus_for_each_drv+0x252/0x2e0 [ 1195.059187][T11754] ? coredump_store+0x90/0x90 [ 1195.063886][T11754] ? bus_find_device+0x300/0x300 [ 1195.068865][T11754] __device_attach+0x2c2/0x420 [ 1195.073660][T11754] ? device_attach+0x20/0x20 [ 1195.078273][T11754] ? __kmem_cache_free+0xba/0x1e0 [ 1195.083516][T11754] ? do_raw_spin_unlock+0x121/0x230 [ 1195.088835][T11754] bus_probe_device+0x180/0x260 [ 1195.093719][T11754] device_add+0x85b/0xc20 [ 1195.098187][T11754] usb_set_configuration+0x1a79/0x20c0 [ 1195.103692][T11754] usb_generic_driver_probe+0x8d/0x150 [ 1195.109192][T11754] usb_probe_device+0x13d/0x270 [ 1195.114077][T11754] ? usb_register_device_driver+0x230/0x230 [ 1195.120000][T11754] really_probe+0x25b/0xb20 [ 1195.124531][T11754] ? pm_runtime_barrier+0x14b/0x1c0 [ 1195.129771][T11754] __driver_probe_device+0x18c/0x330 [ 1195.135134][T11754] driver_probe_device+0x4f/0x420 [ 1195.140194][T11754] __device_attach_driver+0x2ca/0x510 [ 1195.145609][T11754] bus_for_each_drv+0x252/0x2e0 [ 1195.150499][T11754] ? coredump_store+0x90/0x90 [ 1195.155199][T11754] ? bus_find_device+0x300/0x300 [ 1195.160262][T11754] __device_attach+0x2c2/0x420 [ 1195.165401][T11754] ? device_attach+0x20/0x20 [ 1195.170107][T11754] ? __kmem_cache_free+0xba/0x1e0 [ 1195.175171][T11754] ? do_raw_spin_unlock+0x121/0x230 [ 1195.180403][T11754] bus_probe_device+0x180/0x260 [ 1195.185298][T11754] device_add+0x85b/0xc20 [ 1195.189677][T11754] usb_new_device+0xa3c/0x1660 [ 1195.194569][T11754] ? usb_disconnect+0x8a0/0x8a0 [ 1195.199460][T11754] ? _raw_spin_unlock_irq+0x23/0x50 [ 1195.204781][T11754] ? lockdep_hardirqs_on+0x98/0x150 [ 1195.210009][T11754] hub_event+0x29bf/0x49f0 [ 1195.214474][T11754] ? hub_post_resume+0x120/0x120 [ 1195.219440][T11754] ? read_lock_is_recursive+0x20/0x20 [ 1195.224854][T11754] ? _raw_spin_unlock_irq+0x23/0x50 [ 1195.230083][T11754] ? process_scheduled_works+0x96f/0x15d0 [ 1195.235852][T11754] ? process_scheduled_works+0x96f/0x15d0 [ 1195.241607][T11754] process_scheduled_works+0xa5d/0x15d0 [ 1195.247212][T11754] ? assign_work+0x430/0x430 [ 1195.251845][T11754] ? assign_work+0x3d0/0x430 [ 1195.256559][T11754] worker_thread+0xa55/0xfc0 [ 1195.261181][T11754] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 1195.267136][T11754] ? _raw_spin_unlock+0x40/0x40 [ 1195.272010][T11754] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 1195.277943][T11754] kthread+0x2fa/0x390 [ 1195.282045][T11754] ? pr_cont_work+0x560/0x560 [ 1195.286757][T11754] ? kthread_blkcg+0xd0/0xd0 [ 1195.291386][T11754] ret_from_fork+0x48/0x80 [ 1195.295830][T11754] ? kthread_blkcg+0xd0/0xd0 [ 1195.300449][T11754] ret_from_fork_asm+0x11/0x20 [ 1195.305277][T11754] [ 1195.308324][T11754] Modules linked in: [ 1195.392523][T11754] ---[ end trace 0000000000000000 ]--- [ 1195.401595][T11754] RIP: 0010:u2fzero_rng_read+0x2a1/0x700 [ 1195.407350][T11754] Code: 89 cc 80 3c 01 00 74 08 4c 89 ef e8 59 8c e6 f9 bb a8 00 00 00 49 03 5d 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 d1 8c e6 f9 48 8d 44 24 60 48 89 03 [ 1195.430107][T11754] RSP: 0018:ffffc90003876780 EFLAGS: 00010202 [ 1195.446892][T11754] RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000 [ 1195.457313][T11754] RDX: 0000000000000000 RSI: ffffc900038768a0 RDI: ffff88805dfe8168 [ 1195.466195][T11754] RBP: ffffc90003876998 R08: 0000000000000000 R09: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1195.500113][T11754] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1100f366e06 [ 1195.529709][T11754] R13: ffff888079b37030 R14: 1ffff1100f366e83 R15: 1ffff9200070ecf8 [ 1195.584449][T11754] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1195.717808][T11754] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1195.747195][T11754] CR2: 00007f63388e4080 CR3: 000000002c2ff000 CR4: 00000000003506f0 [ 1195.801717][T11754] Kernel panic - not syncing: Fatal exception [ 1195.808541][T11754] Kernel Offset: disabled [ 1195.813321][T11754] Rebooting in 86400 seconds..