last executing test programs: 13m7.424432933s ago: executing program 1 (id=2): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000600)={'gre0\x00', &(0x7f0000000580)={'erspan0\x00', 0x0, 0x8, 0x20, 0x0, 0x80000000, {{0x5, 0x4, 0x1, 0x2, 0x14, 0x65, 0x0, 0x3, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x12}, @dev={0xac, 0x14, 0x14, 0x3f}}}}}) 13m7.079399655s ago: executing program 1 (id=13): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f00000001c0)=r1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$packet(r3, &(0x7f00000002c0)="05032200d1fd140000004788031c09102c28", 0xfdef, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) 12m51.909418784s ago: executing program 32 (id=13): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f00000001c0)=r1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$packet(r3, &(0x7f00000002c0)="05032200d1fd140000004788031c09102c28", 0xfdef, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) 1m11.41517052s ago: executing program 0 (id=1418): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0xb5001, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) socket$unix(0x1, 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'macvtap0\x00', 0x7101}) socket$unix(0x1, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) r2 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) 1m10.33044093s ago: executing program 0 (id=1421): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x28, 'drbg_nopr_hmac_sha1\x00'}, 0x58) 1m10.178306186s ago: executing program 0 (id=1423): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x2) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000180)={0x3, &(0x7f0000000280)=[{0x6, 0xfd, 0x5}, {0x6, 0x80, 0x7, 0x8}, {0x9, 0x0, 0x5, 0x5}]}) 1m6.20402643s ago: executing program 0 (id=1431): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0xffffffffffffffff}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000014c0)={0xff}, 0x8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) 1m4.258865904s ago: executing program 0 (id=1435): r0 = socket$netlink(0x10, 0x3, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x400000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000180)={0x7, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", 0xffffffffffffffff}) r4 = epoll_create1(0x0) ioctl$PPPIOCGMRU(r1, 0x80047453, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040)={0x40002019}) sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, 0x0, 0x0) userfaultfd(0x80001) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r5 = getpid() sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000500)={&(0x7f00000003c0)={0xf4, 0x26, 0x4, 0x70bd2c, 0x25dfdbfc, {0x1f}, [@typed={0x6, 0x140, 0x0, 0x0, @str='%\x00'}, @generic, @typed={0x8, 0x67, 0x0, 0x0, @pid=r5}, @generic="306eaf607ba859d29e847b6c5952ce3babce0f053d1eac18efbb5042b029bf42324f2f6fdf3b5a3268e39415ab1bdbb3ed84a812c4fc10b88a52780f528650efb58467506063795831da3f26d138f4a2612c8d14e0c50d54a035d94255483e4148fb2ef80da6f1ad25ccd9d0ad72f05604e5de036496b2db1b207cb7946a20f3260467e0fef8fe90f5edd026234e9d33762967306a443a097c51245dc21c5c5b5d34f6359d66306af64718fd77343a7930b8accd2dca6b0bdff001e32a64d7a1399122d6bff4cb07f6bac14cc9"]}, 0xf4}, 0x1, 0x0, 0x0, 0x40011}, 0x1) clock_getres(0x0, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x7fff, 0x800000000000007d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) modify_ldt$read(0x0, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005480), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000054c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_CHANNEL(r7, &(0x7f00000055c0)={0x0, 0x0, &(0x7f0000005580)={&(0x7f0000005500)={0x1c, r8, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r9}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x2000a001}, 0x4000) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x503, 0x2000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20a42}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_VALIDATE={0x8, 0x9, 0x1}]}}}]}, 0x3c}}, 0x0) 1m1.91024833s ago: executing program 0 (id=1440): socket$kcm(0x2, 0xa, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x50) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) r1 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0xf1, @loopback, 0x19f49a9}], 0x1c) sendmsg$inet_sctp(r1, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0xff, @loopback, 0x5}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)="e6", 0xffe0}], 0x1, &(0x7f0000000140)=[@dstaddrv4={0x18, 0x84, 0x7, @local}, @dstaddrv6={0x20, 0x84, 0x8, @rand_addr=' \x01\x00'}, @dstaddrv6={0x20, 0x84, 0x8, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}], 0x58, 0x4855}, 0x24000052) 45.305083493s ago: executing program 33 (id=1440): socket$kcm(0x2, 0xa, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x50) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) r1 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0xf1, @loopback, 0x19f49a9}], 0x1c) sendmsg$inet_sctp(r1, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0xff, @loopback, 0x5}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)="e6", 0xffe0}], 0x1, &(0x7f0000000140)=[@dstaddrv4={0x18, 0x84, 0x7, @local}, @dstaddrv6={0x20, 0x84, 0x8, @rand_addr=' \x01\x00'}, @dstaddrv6={0x20, 0x84, 0x8, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}], 0x58, 0x4855}, 0x24000052) 18.912705356s ago: executing program 2 (id=1492): r0 = syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x2808008, &(0x7f0000000300)={[{@debug}, {@jqfmt_vfsv0}, {@mblk_io_submit}, {@nouser_xattr}, {@dax}, {@journal_async_commit}, {@delalloc}, {@bsdgroups}, {@minixdf}]}, 0x1, 0xbd9, &(0x7f0000000400)="$eJzs3M1rHOcZAPBnRp+25a5cSql7sUopNpSuZReZ2hRqF5deeii014CFvDJC6w8kBUeyIKvkHwhJzoFcAklMgg/x2ZcEcs0lca4xOQRMUKwEQkgUZj8kWdqVLGtXo8i/H7ya92Nm3ufRSDvzwu4G8Mwayn6kEUcj4lISUaj3pxHRW631R1Rq+y0tzo99tzg/lsTy8v++TiKJiEeL82ONcyX17aF6oz8iPvlnEr9+eeO807Nzk6Plcmmq3j45c/XGyenZub9MXB29UrpSunbqzN9GTo+cGT470rZcv//i/N1v//DvLys/vPPj7W9eeyuJ8zFQH1ubRz3rHRuKoZXfyVrdETHahvPvBV31fNbmmXRvcVDa4aAAAGgpXfMM99soRFesPrwV4sNPcw0OAAAAaIvlrohlAAAAYJ9LrP8BAABgn2u8D+DR4vxYo+T7joTd9fBCRAzW8l+ql9pId1Sq2/7oiYiDj5JY+7HWpHbYjg1FxIPPz76flWjyOeROqyxExO+aXf+kmv9g/ZPQ6/NPI2K4DfMPrWv/kvI/34b5884fgGfTvQu1G9nG+1+68vwTTe5/3U3uXU8j7/tf4/lvacPz32r+XS2e//77hHPcevuNm63Gsvz/fvdf7zVKNn+23VFS2/BwIeL33c3yT1byT1rkf2mLcydRO0Xhp5ulVvvknf/ymxHHo3n+Dcnm3090cnyiXBqu/Ww6x8LHI++2mj/v/LPrf7BF/ptc//6s78ZjZ2r9pT7PXbx4Z0Nnffet80+/6k3+X6311nteGJ2ZmToV0Zv8Z2P/6c3zbezTOEeW/4k/bv7/3+zvP3tNqNT/NrJUFurbrP3Sujn/cfvWB63iaaz/8rz+l7d//at9rzzhHH/66NUT6/sa36+1dv2blWz+B0ltLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADWlEDESSFiMiqdbTtFiMOBQRv4mDafn69Myfx68/f+1yNhYxGD3p+ES5NBwRhVo7ydqnqvXV9ul17b9GxJGIeL1woNoujl0vX847eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFYcioiBSNJiRKQRsVRI02Ix76gAAACAthvMOwAAAACg46z/AQAAYP+z/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDDjhy7dz+JiMq5A9WS6a2P9eQaGdBpad4BALnpyjsAIDfdeQcA5Gaba3yPC7APJVuM9zftzV49+joSDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB70/Gj9+4nEVE5d6BaMr31sZ6mRxzbxeiATkrzDgDITddmg927Fwew+576X/xwe+MAdl/zNT7wLEm2GO9f3afy+Ehfx2ICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYO8ZqJYkLUZEWq2nabEYcTgiBqMnGZ8ol4Yj4lcR8Vmhpy9r9+UdNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG03PTs3OVoul6aeppLs7HAVlVaVF/dGGLtbSfZGGLVK3q9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkYXp2bnK0XC5NTecdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJC36dm5ydFyuTT1BJU729l5TSXvHAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyM/PAQAA///E/w3d") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x1, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) io_submit(0x0, 0x0, 0x0) getpgid(r1) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x24044015) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000001000)={[], [{@smackfsroot}], 0x2f}) socket$packet(0x11, 0x2, 0x300) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x7, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x800}, [@tail_call, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00'}, 0x94) ioctl$XFS_IOC_ERROR_INJECTION(r0, 0x40085874, &(0x7f0000000100)={0xffffffffffffffff, 0x1}) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0xc}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70) 18.678679116s ago: executing program 3 (id=1493): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getpid() connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) shutdown(r0, 0x1) 17.782908275s ago: executing program 3 (id=1495): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) getpriority(0x1, r0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{0x0}], 0x1) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0, 0x20000003, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffff7e}, 0x94) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp\x00') pread64(r2, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c) 17.455843543s ago: executing program 2 (id=1496): capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0xa, 0x200004, 0x10, 0x9, 0x8, 0x6}) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff}, 0x6) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000180)=[{0x1d, 0x5, 0xa, 0x5}, {0x8, 0x0, 0x6, 0x1}]}) syz_emit_ethernet(0x19, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa1c88a83000810049000004"], 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) socket$inet(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x908422, 0x0) mount$cgroup(0x0, &(0x7f0000000c80)='.\x00', &(0x7f0000000cc0), 0x800000, &(0x7f0000000d00)={[{@name={'name', 0x3d, '\r'}}]}) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x4e24, @multicast2}}}, 0x108) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r0, &(0x7f0000000040)=ANY=[], 0x6) ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f00000002c0)={0x0, 0x30, [0x1, 0x8, 0x5, 0xff], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 16.754406714s ago: executing program 3 (id=1498): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001800)={'veth1_virt_wifi\x00', 0x0}) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4) setsockopt$packet_int(r2, 0x107, 0xf, 0x0, 0x0) sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x95, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 16.559844101s ago: executing program 3 (id=1499): socket$inet_smc(0x2b, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') socket(0x10, 0x3, 0x0) r3 = socket(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, 0x0, 0x210) 16.210899172s ago: executing program 2 (id=1500): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x2808008, &(0x7f0000000300)={[{@debug}, {@jqfmt_vfsv0}, {@mblk_io_submit}, {@nouser_xattr}, {@dax}, {@journal_async_commit}, {@delalloc}, {@bsdgroups}, {@minixdf}]}, 0x1, 0xbd9, &(0x7f0000000400)="$eJzs3M1rHOcZAPBnRp+25a5cSql7sUopNpSuZReZ2hRqF5deeii014CFvDJC6w8kBUeyIKvkHwhJzoFcAklMgg/x2ZcEcs0lca4xOQRMUKwEQkgUZj8kWdqVLGtXo8i/H7ya92Nm3ufRSDvzwu4G8Mwayn6kEUcj4lISUaj3pxHRW631R1Rq+y0tzo99tzg/lsTy8v++TiKJiEeL82ONcyX17aF6oz8iPvlnEr9+eeO807Nzk6Plcmmq3j45c/XGyenZub9MXB29UrpSunbqzN9GTo+cGT470rZcv//i/N1v//DvLys/vPPj7W9eeyuJ8zFQH1ubRz3rHRuKoZXfyVrdETHahvPvBV31fNbmmXRvcVDa4aAAAGgpXfMM99soRFesPrwV4sNPcw0OAAAAaIvlrohlAAAAYJ9LrP8BAABgn2u8D+DR4vxYo+T7joTd9fBCRAzW8l+ql9pId1Sq2/7oiYiDj5JY+7HWpHbYjg1FxIPPz76flWjyOeROqyxExO+aXf+kmv9g/ZPQ6/NPI2K4DfMPrWv/kvI/34b5884fgGfTvQu1G9nG+1+68vwTTe5/3U3uXU8j7/tf4/lvacPz32r+XS2e//77hHPcevuNm63Gsvz/fvdf7zVKNn+23VFS2/BwIeL33c3yT1byT1rkf2mLcydRO0Xhp5ulVvvknf/ymxHHo3n+Dcnm3090cnyiXBqu/Ww6x8LHI++2mj/v/LPrf7BF/ptc//6s78ZjZ2r9pT7PXbx4Z0Nnffet80+/6k3+X6311nteGJ2ZmToV0Zv8Z2P/6c3zbezTOEeW/4k/bv7/3+zvP3tNqNT/NrJUFurbrP3Sujn/cfvWB63iaaz/8rz+l7d//at9rzzhHH/66NUT6/sa36+1dv2blWz+B0ltLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADWlEDESSFiMiqdbTtFiMOBQRv4mDafn69Myfx68/f+1yNhYxGD3p+ES5NBwRhVo7ydqnqvXV9ul17b9GxJGIeL1woNoujl0vX847eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFYcioiBSNJiRKQRsVRI02Ix76gAAACAthvMOwAAAACg46z/AQAAYP+z/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDDjhy7dz+JiMq5A9WS6a2P9eQaGdBpad4BALnpyjsAIDfdeQcA5Gaba3yPC7APJVuM9zftzV49+joSDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB70/Gj9+4nEVE5d6BaMr31sZ6mRxzbxeiATkrzDgDITddmg927Fwew+576X/xwe+MAdl/zNT7wLEm2GO9f3afy+Ehfx2ICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYO8ZqJYkLUZEWq2nabEYcTgiBqMnGZ8ol4Yj4lcR8Vmhpy9r9+UdNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG03PTs3OVoul6aeppLs7HAVlVaVF/dGGLtbSfZGGLVK3q9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkYXp2bnK0XC5NTecdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJC36dm5ydFyuTT1BJU729l5TSXvHAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyM/PAQAA///E/w3d") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x4000087, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getpgid(r0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x24044015) socket$packet(0x11, 0x2, 0x300) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x7, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x800}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00'}, 0x94) 12.250738764s ago: executing program 2 (id=1502): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket(0x10, 0x3, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x210) r4 = syz_open_dev$sndpcmp(&(0x7f0000001480), 0x0, 0x101000) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r4, 0xc0804124, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(0xffffffffffffffff, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000500)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x1e01, 0xfffff9, 0x80000440], 0x600, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0003000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108) 10.227817312s ago: executing program 4 (id=1505): futimesat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001600010000000000000000000a0000000000000014000100f90100000000000000000000d800"], 0x44}}, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240), 0x50) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x2, 0x300}, {0x6e}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xc, 0x9, 0x0, 0x0, 0x10000000}, {0x3, 0x0, 0x6, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 8.006006381s ago: executing program 4 (id=1506): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) getpriority(0x1, r0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{0x0}], 0x1) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0, 0x20000003, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffff7e}, 0x94) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp\x00') pread64(r2, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c) 7.673185293s ago: executing program 4 (id=1507): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001800)={'veth1_virt_wifi\x00', 0x0}) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4) setsockopt$packet_int(r2, 0x107, 0xf, 0x0, 0x0) sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x95, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 7.469348174s ago: executing program 4 (id=1508): io_setup(0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x4000) shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000001b80)=""/71) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) shmctl$IPC_RMID(0x0, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000023c0)={0x24, r4, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x20}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x24}}, 0x18) 7.249669758s ago: executing program 3 (id=1509): mount$9p_virtio(0x0, 0x0, 0x0, 0x3200006, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, 0x0) getpid() syz_open_procfs(0xffffffffffffffff, &(0x7f0000019140)='net/fib_trie\x00') r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000000), 0x4) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) r1 = socket(0x8000000010, 0x2, 0x0) write(r1, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) r2 = socket(0x840000000002, 0x3, 0x100) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f00000003c0)={{0x2, 0x4e22, @empty}, {0x20000010304, @local}, 0x6, {0x2, 0x4e20, @rand_addr=0x64010101}}) 7.062678302s ago: executing program 2 (id=1510): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f00000001c0)='\\', 0x1) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, 0x0) 6.317191759s ago: executing program 4 (id=1511): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x2808008, &(0x7f0000000300)={[{@debug}, {@jqfmt_vfsv0}, {@mblk_io_submit}, {@nouser_xattr}, {@dax}, {@journal_async_commit}, {@delalloc}, {@bsdgroups}, {@minixdf}]}, 0x1, 0xbd9, &(0x7f0000000400)="$eJzs3M1rHOcZAPBnRp+25a5cSql7sUopNpSuZReZ2hRqF5deeii014CFvDJC6w8kBUeyIKvkHwhJzoFcAklMgg/x2ZcEcs0lca4xOQRMUKwEQkgUZj8kWdqVLGtXo8i/H7ya92Nm3ufRSDvzwu4G8Mwayn6kEUcj4lISUaj3pxHRW631R1Rq+y0tzo99tzg/lsTy8v++TiKJiEeL82ONcyX17aF6oz8iPvlnEr9+eeO807Nzk6Plcmmq3j45c/XGyenZub9MXB29UrpSunbqzN9GTo+cGT470rZcv//i/N1v//DvLys/vPPj7W9eeyuJ8zFQH1ubRz3rHRuKoZXfyVrdETHahvPvBV31fNbmmXRvcVDa4aAAAGgpXfMM99soRFesPrwV4sNPcw0OAAAAaIvlrohlAAAAYJ9LrP8BAABgn2u8D+DR4vxYo+T7joTd9fBCRAzW8l+ql9pId1Sq2/7oiYiDj5JY+7HWpHbYjg1FxIPPz76flWjyOeROqyxExO+aXf+kmv9g/ZPQ6/NPI2K4DfMPrWv/kvI/34b5884fgGfTvQu1G9nG+1+68vwTTe5/3U3uXU8j7/tf4/lvacPz32r+XS2e//77hHPcevuNm63Gsvz/fvdf7zVKNn+23VFS2/BwIeL33c3yT1byT1rkf2mLcydRO0Xhp5ulVvvknf/ymxHHo3n+Dcnm3090cnyiXBqu/Ww6x8LHI++2mj/v/LPrf7BF/ptc//6s78ZjZ2r9pT7PXbx4Z0Nnffet80+/6k3+X6311nteGJ2ZmToV0Zv8Z2P/6c3zbezTOEeW/4k/bv7/3+zvP3tNqNT/NrJUFurbrP3Sujn/cfvWB63iaaz/8rz+l7d//at9rzzhHH/66NUT6/sa36+1dv2blWz+B0ltLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADWlEDESSFiMiqdbTtFiMOBQRv4mDafn69Myfx68/f+1yNhYxGD3p+ES5NBwRhVo7ydqnqvXV9ul17b9GxJGIeL1woNoujl0vX847eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFYcioiBSNJiRKQRsVRI02Ix76gAAACAthvMOwAAAACg46z/AQAAYP+z/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDDjhy7dz+JiMq5A9WS6a2P9eQaGdBpad4BALnpyjsAIDfdeQcA5Gaba3yPC7APJVuM9zftzV49+joSDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB70/Gj9+4nEVE5d6BaMr31sZ6mRxzbxeiATkrzDgDITddmg927Fwew+576X/xwe+MAdl/zNT7wLEm2GO9f3afy+Ehfx2ICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYO8ZqJYkLUZEWq2nabEYcTgiBqMnGZ8ol4Yj4lcR8Vmhpy9r9+UdNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG03PTs3OVoul6aeppLs7HAVlVaVF/dGGLtbSfZGGLVK3q9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkYXp2bnK0XC5NTecdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJC36dm5ydFyuTT1BJU729l5TSXvHAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyM/PAQAA///E/w3d") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x4000087, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getpgid(r0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x24044015) socket$packet(0x11, 0x2, 0x300) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x7, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x800}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00'}, 0x94) 5.848561332s ago: executing program 2 (id=1512): r0 = socket$netlink(0x10, 0x3, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x400000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000180)={0x7, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", 0xffffffffffffffff}) r5 = epoll_create1(0x0) ioctl$PPPIOCGMRU(r2, 0x80047453, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)={0x40002019}) sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, 0x0, 0x0) userfaultfd(0x80001) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r6 = getpid() sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000500)={&(0x7f00000003c0)={0xf4, 0x26, 0x4, 0x70bd2c, 0x25dfdbfc, {0x1f}, [@typed={0x6, 0x140, 0x0, 0x0, @str='%\x00'}, @generic, @typed={0x8, 0x67, 0x0, 0x0, @pid=r6}, @generic="306eaf607ba859d29e847b6c5952ce3babce0f053d1eac18efbb5042b029bf42324f2f6fdf3b5a3268e39415ab1bdbb3ed84a812c4fc10b88a52780f528650efb58467506063795831da3f26d138f4a2612c8d14e0c50d54a035d94255483e4148fb2ef80da6f1ad25ccd9d0ad72f05604e5de036496b2db1b207cb7946a20f3260467e0fef8fe90f5edd026234e9d33762967306a443a097c51245dc21c5c5b5d34f6359d66306af64718fd77343a7930b8accd2dca6b0bdff001e32a64d7a1399122d6bff4cb07f6bac14cc9"]}, 0xf4}, 0x1, 0x0, 0x0, 0x40011}, 0x1) clock_getres(0x0, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x7fff, 0x800000000000007d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) modify_ldt$read(0x0, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005480), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000054c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_CHANNEL(r8, &(0x7f00000055c0)={0x0, 0x0, &(0x7f0000005580)={&(0x7f0000005500)={0x1c, r9, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r10}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x2000a001}, 0x4000) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x503, 0x2000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20a42}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_VALIDATE={0x8, 0x9, 0x1}]}}}]}, 0x3c}}, 0x0) 2.346326421s ago: executing program 4 (id=1513): socket$inet_smc(0x2b, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x71096000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000300)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'vlan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80c9}, 0x20000000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x1, 0x8000}, 0x28) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x10c}}, 0x28040800) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80785659, &(0x7f0000000440)={0x0, @frame_sync}) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r5, &(0x7f0000000900)={0x667, 0x7d, 0x0, {{0x500, 0x2b5, 0x0, 0x0, {0x4}, 0x0, 0x0, 0xffffffff, 0x0, 0x2e, '\x04nodZ=\xbfd\x027\xfcb%\xff\xff\xff\x80\x05\x00\x00\x00\x00\x00\x00\xff\x03\xff\x92\xe9\x16\x00\x05\x9beq,\x93\xcb=\xb6\xc21\xd1\x19\xaa\xa1', 0x9a, 'p\x02\x00}\xfag>\xff\xeb\t\xb55\x1f\x9e\xde\x05J\x00\x00\x00\x00\x18{\x82\xd9\xb5i(\xfb\xbf\v\x00\x00+Y_\xcb\x14\xa8\xf3\x0e&\xe5&\xab\xc1\x80jB\xdez\xdc\x81\x06\xb4\x94\xe1\x8d\xb5\x7f\xc1\xac\x8d\x06\x85\x95\xf0\x1c\x1c\xbe\x05\xc2v\x16/\x81\xb4\a\xe5\r\xb6\x939g!\xf3\xed\x9c\xe2\x01\x9e\xe6\xa9F\xe3\xa5Z\x1b@\xee\xb9:\xc2\x9f7[Z\xfd\xf1\xdf\x11,\x9a\xaf\xd3i\x94\xe1e\xb3:\xf7\x86\xc54\x05\x87]7\xa0E\"\x17\x8b7P\x9es\xc7\x02_\xc4\x13\xc7\xd1*\x80\x86?p#hf\x8d', 0x35, '\xcf`7-a\xcc\xea\xb8\xc8\x86A\xeb\x93\xb4\xcc\xf6\x00*\xb8{\xfc\x01\'\x96\t?h0\\M\"(9\xe4F\x1a\xb6*\xeb\x84\x1f \x83~\x01\b\xe2\xe7HP\x1cQH', 0x185, '\xf8\xf6i\xfbqm\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xdb\x80\xe8\xd4\a\x00\x00\x007\x00\x87\x0fFB\xe4\xc5\xde\x87\x14\xa2\xb0\x84L#E\xd8\xdfI\xd7\x00\xef\xc4R\xaf\xb5F\x9e\xaa\xd2\xc8\x85z5$F\xae+N\xa7\b\xfa\"\xc6\xdeH\x82\xe3FAQ\xdfC\xbeZ\'\x9a\x95\xf2\xa9\x00\x17D\xa9tSXF\xe1>-\f\xb4\x9eJ\x0f\xa1u3C\xb8\xa3\xc0\xaf\xca\xe6,\xc4)\xc0\xec}dT\x00\x00B\x8dX\x9du\x9fa~\xa1\x95\"\xc6/\x19$\x80\x11\x9b(\x01\xc9\xc1\x04\x14\x05`\xf2\r8Y\n\x81\x98*\x94\x90\xb3\x95\xe9\x00t\v\xdc\x1a\xb08w&A\x9b\xff\xd5\xc7s}L*\x17\xb9/\x18\xed\xc9\x9c\x10\x99\xe4\x0f\x13\xd8(\x04\x9f<[:\x7f\xe00\xd9\xc7\x8a\xea\x99\x03\xaf\x14#U\xf5I\xab\xb3\xf7\xb4\v\xb0\x10\"+O\xed\xec\xd3\x0e\xa3\x9e\xc49fG\"a\xb0\xd5\xabe\x14Cj\xc3\xb9pn\x01\xeb\xfe^\v\xb34w\xd1\xcfx\xe0l\\\xd5\x83\xa4\x9b3jV\xba\xb25\x90\xba\x87\x0f\xc2Et\xbf\xf1\x8c\xb5\x81\x92\xdet%>\xde\xab\xcc\n\x02\xcd\xc7\xd4>\xc4\x84\x88\x0e\xa7\xfb\xc4\x80e\"\xc7\x8e\x1f\xa7\x06\xda\x87\b\xeaQ~\\\x8b_*\x10w\xf6\xf6\xf3\xdd`\xfd\xf9B\"\xe9\xa2g/\x80:'}, 0x39d, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\fA\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaau\xf8$k\xccB\xea\xa8\xc61\xc0\xc5\x00\x95\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xc0\xfbNL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12.a\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xc2\x00\x00\x000\xe4\xee+\xfc\x7f\x80P\x85\x11C\xe5\x16\x1a\xcdG\x15\n\xcb\xaft8\"\xdf\xe2\x03\xb1\b\xd3~\x91M\xc1\xe5>#LP\x9e\xcaA\a\xa1q,\xaa\x9d\xa5=\x05\x1c6\x88Ly\x18&a\xf3\xca6\xbc\xdb\xfb\xbd&q\t\xf81\x9d\x8d\xd5\xc0p\x99\xeb\x1b\x11\x03\x06U\xf5biOat=\x19B\x1bJ\x19\xef\x8b\x8bL\xe9\xc9\x93\xc7\xd6\xcb0\fNezNP\xa3[\\\xc1k\x8c\x16\x1a\x8e=\xf9\x03k\xbc\xf2\x8a\xdc\xd1\x9alL)\x17\t\xae\xe5\xab>[\xc5\xae)\xf4u\xe4\xd2D\b\xb5\x16}\x0f\xaf_\xc1Vkp\\\x8b`\xaf\xa8\xac\xa4/~\x04i\x18\x8a\x0e\xf0b\xca\x18\xe3\x8f\x9e\xe1\n\xc7}+~\xb9\xd6\x0e\xa7\x9f\xdbUd\x11\xe5\x9d\xfb\xd8\xdb\xb8\xa2\xa6b.\xbc\xf8Lio\xa4\xda!\xba\xd22\r\rh\xe9\xbfCF\xf0ha\x19\xa3\x9e@\x03\x95\xc8\xf2\x82^\xa0i\xae\x0e\x14;\xd1\xa4Ay\xed\x8e<\xea\v^\x9a\x19\xcc\x7f\xfaP\x0f\xa4\x1bl\x80I\xbd\xe4X\'\xd5N\xc9\x01\xd2z\xd1%\x05h\x89\xb33k?\x06\x83\x8c[fz\xe2.\xfe;\xc1[\x82_\x7f\xbc\xe4\x80\'(\x1c\xf9\xfe\x8f\xc2\x1f\xc7|$=\xe2g\x051\x0e\xb8\x1c\xf7M\xe0)1\x92\xa1?j\xd0W\xdea\xfd\x8a\xba\x8e\xf4C\x9b\xc0jE\xb2\xb01bQZ#C:\xfe\xb5*\xed\xb5\xabo3FS8\x05\x15\xf7y\xf3]\xc8\xa7\x8c7w$\x92\xa2(L!\xd2\x13V\xd4s\xf0\x0f\x85\x13|{\xf0cou}5(\x86\x9b?\x00w5\xcf\xf8\\\x9d\x97\x8b\xf5]\xcc&\xd6-%\xe3\b\xf0\x88\'\xa9\x1f\xf4{\xec\x92\xf8\xe9\x1ey\bfT\x00\xaaN9\xb3Y\x86#\x9d\\{\x94\x92\xc5\xbb&\xbcU\xb5[I\xedpHnn}\xa3\x8c \x84P\xf9\xf7\x9e\x1bA\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xae-[\\\x99\xf7\x17\xf0\xa0wI#\x9b]\b\xf8\xc5\xc0\xadyQ\xe0\xa7\xc7\xf3\xdb\x8d\xfd?\x86W%\x8al\x04\xf3-W\xad(s\xdeE\xfa\x98\xb0\xf8&y\x17\xff\x9b\xbe\x9c\rt\xa5\xac\xa2\x06\xfe)\xe0\xc1\x03\x9f\"U<\'GB]\x83\x100x.\xe7\x8f\x8b\xa3]\xe3\x18\xc5?\tO\x92\\\xc9x.\x94\xb6\xc8p\xa4\x87g\x8b\xfa\xe7E\xdf\xf2h\xbd\xa7\xfd\xec\x87<\xe4\xfbK\x8d\xcb\xa0A\x9b0D\x9a\xdf\xefrAb\xbf\xb1\n\xaf\xcf\xeaH\xa6\x7f\xaew3\xcc:\x7f\x1e\xef\x91\xbeR\x85!^\xabA\xf6', 0xffffffffffffffff}}, 0x667) 0s ago: executing program 3 (id=1514): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000200)={[{@nodioread_nolock}, {@data_err_ignore}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4c}}, {@noload}, {@delalloc}, {@grpjquota}, {@bsdgroups}]}, 0x0, 0x48e, &(0x7f0000000300)="$eJzs3M1rHOUfAPDvTF7a/vqS/Gp9aa0aLULwJWnSqj14URA8VBT0UI8x2ZbQbSNNFFuKTUXqRZCCnsWj4F8g3gRRT/4BevEkhaK9tHqKzOxMsrvd7et2N2Y/H5js88w8mXm+8/rM82wSQN8ay34kEdsi4teIGKllGwuM1T6uXTk7+/eVs7NJrKy8+WeSl7t65exsWbT8va1FZjyNSD9Oio00Wjx95vhMtVo5VeQnl068O7l4+syz75+YOVY5Vjk5fejQwQNTLzw//VxH4sziurrnw4W9u199++Jrs0cuvvPTN1l9txXL6+PolLEs8L9Wcs3Lnuz0xnpse106GexhRbgtAxGRHa6h/PofiYFYO3gj8cpHPa0ccE9lz6ZN7RcvrwAbWBK9rgHQG+WDPnv/LacuNT3Whcsv1V6AsrivFVNtyWCkRZmhpvfbThqLiCPL/3yZTXGP+iEAAOp9OvvF4XimVfsvjQfyz9/znzuKMZTRiPh/ROyMiPsiYldE3B+Rl30wIh66ze03Dw1d3/5JL91xcLcga/+9WIxtNbb/ytZfjA4Uue15/EPJ0flqZX+xT8ZjaFOWn2q/iUcj4rN2C+vbf9mUbb9sCxb1uDTY1EE3N7M0kzdKO+Dy+Yg9g63iT1ZHApKI2B0Re25v1TvKxPxTX+9tV+jm8d9AB8aZVr7KwlvO4l+OpvhLSf345Px145OTm6Na2T9ZnhXX+/mXC2+02/5dxd8Blyu1z7rj31xkNKkfr1280dqSxrHjwoXfPmn7TrMW/5b253/TSudmltLh5K18nHm4mPfBzNLSqamI4eRwnm+YP732u2W+LJ+d/+P7Wl//O1ejing4IrKT+JHign6sqPvjEfFEROy7wV758eX2y8r4I+3R8T8fMdfy/re601eP/3eHI06tnQi3nBg4/sO37bZ/a/e/g3lqvJiT3/9uolV1sttFcwXvZt8BAADAf0Wafwc+SSdW02k6MVH7Dv+u+F9aXVhcevrownsn52rflR+NobTs6Rop+kOr89XKVLJcrLHWPzpd9BWX/aUHin7jzwe25PmJ2YXqXI9jh363tc31n/ljoNe1A+6xLS3nTg93vSJADzSPo6eN2XOvh5sBbFT+Xhv6102u/7Rb9QC6z/Mf+ler6/9cU95YAGxMnv/Qv1z/0KfS73tdA6CHPP+hL93Bn/N3I7F5fVSj4T8FLHdrj63Xg5InIspEuh7qMxTrY7dsvESv70wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACd8W8AAAD//4CX5Rc=") pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f0000000000)=ANY=[]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) epoll_create1(0x0) landlock_create_ruleset(0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) r2 = socket(0x400000000010, 0x3, 0x0) accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@newchain={0x24, 0x64, 0x1, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x4}, {}, {0xf, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x24001090}, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1000004, 0x110, 0xffffffffffffffff, 0x100000000) setns(r0, 0x20000000) kernel console output (not intermixed with test programs): T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.687317][ T6772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 255.687332][ T6772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 255.687354][ T6772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 256.322803][ T6772] hsr_slave_0: entered promiscuous mode [ 256.330404][ T6772] hsr_slave_1: entered promiscuous mode [ 256.335105][ T6772] debugfs: 'hsr0' already exists in 'hsr' [ 256.342221][ T6772] Cannot create hsr debugfs directory [ 257.540077][ T37] kauditd_printk_skb: 83 callbacks suppressed [ 257.540094][ T37] audit: type=1800 audit(1781851322.810:95): pid=6996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.301" name="file1" dev="tmpfs" ino=381 res=0 errno=0 [ 258.176055][ T7011] netlink: 12 bytes leftover after parsing attributes in process `syz.3.304'. [ 260.921347][ T5271] 8021q: adding VLAN 0 to HW filter on device eth6 [ 261.330414][ T7050] netlink: 12 bytes leftover after parsing attributes in process `syz.2.314'. [ 270.235399][ T5935] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 270.235826][ C0] raw-gadget.0 gadget.4: ignoring, device is not running [ 270.376491][ T5935] usb 5-1: device descriptor read/64, error -32 [ 271.168649][ T5935] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 271.256067][ T7168] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 271.322424][ T5935] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 271.322457][ T5935] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 271.322482][ T5935] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 271.322505][ T5935] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 271.322529][ T5935] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 271.355301][ T5935] usb 5-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 271.355330][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.355349][ T5935] usb 5-1: Product: syz [ 271.355363][ T5935] usb 5-1: Manufacturer: syz [ 271.355376][ T5935] usb 5-1: SerialNumber: syz [ 271.445235][ T5935] usb 5-1: config 0 descriptor?? [ 271.464114][ T5935] iguanair 5-1:0.0: failed to submit urb: -90 [ 271.464371][ T5935] iguanair 5-1:0.0: probe with driver iguanair failed with error -90 [ 271.683436][ T5935] usb 5-1: USB disconnect, device number 5 [ 273.281855][ T6772] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 274.065709][ T6772] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 274.074155][ T6772] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 274.353460][ T6772] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 274.533901][ T6772] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 274.747408][ T6772] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 274.760281][ T6772] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 275.300914][ T6772] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 275.317432][ T7218] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 277.934721][ T6772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 278.057016][ T6772] 8021q: adding VLAN 0 to HW filter on device team0 [ 278.083271][ T6726] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.083449][ T6726] bridge0: port 1(bridge_slave_0) entered forwarding state [ 278.258999][ T3029] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.261339][ T3029] bridge0: port 2(bridge_slave_1) entered forwarding state [ 285.085470][ T7311] tc action pedit 'at' offset 6 out of bounds [ 285.085491][ T7311] tc action pedit 'at' offset 6 out of bounds [ 285.085501][ T7311] tc action pedit 'at' offset 6 out of bounds [ 285.085512][ T7311] tc action pedit 'at' offset 6 out of bounds [ 285.085522][ T7311] tc action pedit 'at' offset 6 out of bounds [ 285.085531][ T7311] tc action pedit 'at' offset 6 out of bounds [ 285.085541][ T7311] tc action pedit 'at' offset 6 out of bounds [ 285.085550][ T7311] tc action pedit 'at' offset 6 out of bounds [ 285.085560][ T7311] tc action pedit 'at' offset 6 out of bounds [ 285.085570][ T7311] tc action pedit 'at' offset 6 out of bounds [ 285.085791][ T7311] TC_ACT_REPEAT abuse ? [ 289.350569][ T7346] binder: Unknown parameter 'subj_user' [ 290.370183][ T6772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.139471][ T5617] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 300.279517][ T5617] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 300.280705][ T5617] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 300.315938][ T5617] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 300.319543][ T5617] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 300.684229][ T7451] binder: 7450:7451 ioctl c0306201 200000000680 returned -14 [ 302.246600][ T5750] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 302.410920][ T5623] Bluetooth: hci1: command tx timeout [ 302.681856][ T5342] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 303.157241][ T5750] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 303.157275][ T5750] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 303.157301][ T5750] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 303.157323][ T5750] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 303.161285][ T5750] usb 4-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 303.161314][ T5750] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.161334][ T5750] usb 4-1: Product: syz [ 303.161348][ T5750] usb 4-1: Manufacturer: syz [ 303.161362][ T5750] usb 4-1: SerialNumber: syz [ 303.167958][ T5750] usb 4-1: config 0 descriptor?? [ 303.181721][ T5750] iguanair 4-1:0.0: probe with driver iguanair failed with error -12 [ 303.410773][ T5750] usb 4-1: USB disconnect, device number 3 [ 304.487444][ T5623] Bluetooth: hci1: command tx timeout [ 306.297729][ T5342] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 306.519759][ T7487] fido_id[7487]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 306.565994][ T5623] Bluetooth: hci1: command tx timeout [ 308.136939][ T5750] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 308.141502][ T5960] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 308.373331][ T5750] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 308.373364][ T5750] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 308.373387][ T5750] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 308.373408][ T5750] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 308.637760][ T5960] usb 3-1: config 0 interface 0 altsetting 255 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 308.637793][ T5960] usb 3-1: config 0 interface 0 altsetting 255 endpoint 0x8F has invalid maxpacket 111, setting to 64 [ 308.637818][ T5960] usb 3-1: config 0 interface 0 has no altsetting 0 [ 308.646808][ T5623] Bluetooth: hci1: command tx timeout [ 308.878904][ T5750] usb 4-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 308.878934][ T5750] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.878952][ T5750] usb 4-1: Product: syz [ 308.878965][ T5750] usb 4-1: Manufacturer: syz [ 308.878979][ T5750] usb 4-1: SerialNumber: syz [ 309.061312][ T5960] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 309.061341][ T5960] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 309.061361][ T5960] usb 3-1: Product: syz [ 309.061375][ T5960] usb 3-1: Manufacturer: syz [ 309.061388][ T5960] usb 3-1: SerialNumber: syz [ 310.461099][ T5750] usb 4-1: config 0 descriptor?? [ 310.829127][ T5960] usb 3-1: config 0 descriptor?? [ 310.830836][ T5750] iguanair 4-1:0.0: probe with driver iguanair failed with error -12 [ 311.115298][ T5960] usb 3-1: can't set config #0, error -71 [ 311.116797][ T5750] usb 4-1: USB disconnect, device number 4 [ 311.156515][ T5960] usb 3-1: USB disconnect, device number 4 [ 313.865304][ T5960] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 313.969588][ T7430] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.969943][ T7430] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.970205][ T7430] bridge_slave_0: entered allmulticast mode [ 313.973987][ T7430] bridge_slave_0: entered promiscuous mode [ 313.996000][ T7430] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.996243][ T7430] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.996491][ T7430] bridge_slave_1: entered allmulticast mode [ 314.000064][ T7430] bridge_slave_1: entered promiscuous mode [ 314.038314][ T5960] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 314.038357][ T5960] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 314.038379][ T5960] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 314.038400][ T5960] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 314.038421][ T5960] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 314.040874][ T5960] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 314.040921][ T5960] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 314.040947][ T5960] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 314.040972][ T5960] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 314.040998][ T5960] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 314.042179][ T5960] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 314.042224][ T5960] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 314.042250][ T5960] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 314.042269][ T5960] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 314.042281][ T5960] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 314.066895][ T5960] usb 5-1: string descriptor 0 read error: -22 [ 314.067029][ T5960] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 314.067051][ T5960] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.333403][ T7576] binder: Unknown parameter 'subj_user' [ 317.090858][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.098704][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.405593][ T5960] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 317.411414][ T5960] usb 5-1: USB disconnect, device number 6 [ 317.855775][ T7430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 319.005040][ T7430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 319.236150][ T154] bridge_slave_1: left allmulticast mode [ 319.248290][ T154] bridge_slave_1: left promiscuous mode [ 319.320345][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.680344][ T154] bridge_slave_0: left allmulticast mode [ 320.680366][ T154] bridge_slave_0: left promiscuous mode [ 320.696060][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.446516][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 324.527399][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 324.578576][ T154] bond0 (unregistering): Released all slaves [ 324.651223][ T7430] team0: Port device team_slave_0 added [ 325.274644][ T7430] team0: Port device team_slave_1 added [ 325.679837][ T7430] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 325.679852][ T7430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 325.679875][ T7430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 325.752467][ T7430] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 325.752481][ T7430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 325.752507][ T7430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 326.805632][ T154] hsr_slave_0: left promiscuous mode [ 326.919952][ T154] hsr_slave_1: left promiscuous mode [ 326.994544][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 327.072841][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 328.543132][ T7691] binder: BINDER_SET_CONTEXT_MGR already set [ 328.543146][ T7691] binder: 7690:7691 ioctl 4018620d 200000000100 returned -16 [ 328.546139][ T7691] binder: BINDER_SET_CONTEXT_MGR already set [ 328.546151][ T7691] binder: 7690:7691 ioctl 4018620d 200000001000 returned -16 [ 331.076372][ T154] team0 (unregistering): Port device team_slave_1 removed [ 331.115786][ T154] team0 (unregistering): Port device team_slave_0 removed [ 332.363658][ T5271] 8021q: adding VLAN 0 to HW filter on device eth5 [ 332.627779][ T7714] netlink: 32 bytes leftover after parsing attributes in process `syz.3.479'. [ 332.914693][ T7430] hsr_slave_0: entered promiscuous mode [ 332.919417][ T7430] hsr_slave_1: entered promiscuous mode [ 332.920350][ T7430] debugfs: 'hsr0' already exists in 'hsr' [ 332.920365][ T7430] Cannot create hsr debugfs directory [ 333.537414][ T7737] binder_alloc: 7736: binder_alloc_buf, no vma [ 333.865607][ T7712] warning: `syz.3.479' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 338.719354][ T5271] 8021q: adding VLAN 0 to HW filter on device eth6 [ 338.799813][ T7784] binder: BINDER_SET_CONTEXT_MGR already set [ 338.799828][ T7784] binder: 7782:7784 ioctl 4018620d 200000000100 returned -16 [ 343.713873][ T7840] binder: BINDER_SET_CONTEXT_MGR already set [ 343.713888][ T7840] binder: 7838:7840 ioctl 4018620d 200000000100 returned -16 [ 347.649390][ T7886] binder: BINDER_SET_CONTEXT_MGR already set [ 347.649401][ T7886] binder: 7885:7886 ioctl 4018620d 200000000100 returned -16 [ 347.799726][ T7891] binder: BINDER_SET_CONTEXT_MGR already set [ 347.799740][ T7891] binder: 7890:7891 ioctl 4018620d 200000000100 returned -16 [ 349.188548][ T7430] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 349.482348][ T7430] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 349.483060][ T7430] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 351.152088][ T7430] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 351.168620][ T7430] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 351.253864][ T7430] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 351.317047][ T7430] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 353.545571][ T7430] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 354.027039][ T7927] binder: BINDER_SET_CONTEXT_MGR already set [ 354.027053][ T7927] binder: 7926:7927 ioctl 4018620d 200000001000 returned -16 [ 354.344456][ T7430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 354.414468][ T7430] 8021q: adding VLAN 0 to HW filter on device team0 [ 354.441359][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.441583][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 354.514006][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.514188][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 359.063259][ T7971] binder: BINDER_SET_CONTEXT_MGR already set [ 359.063274][ T7971] binder: 7969:7971 ioctl 4018620d 200000001000 returned -16 [ 359.113879][ T7975] netlink: 68 bytes leftover after parsing attributes in process `syz.2.542'. [ 359.248074][ T5617] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 359.254211][ T5617] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 359.299747][ T5617] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 359.301947][ T5617] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 359.304214][ T5617] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 361.445544][ T5617] Bluetooth: hci1: command tx timeout [ 363.525631][ T5617] Bluetooth: hci1: command tx timeout [ 365.610957][ T5617] Bluetooth: hci1: command tx timeout [ 365.809613][ T8013] binder: BINDER_SET_CONTEXT_MGR already set [ 365.809636][ T8013] binder: 8012:8013 ioctl 4018620d 200000000100 returned -16 [ 365.897985][ T8015] binder: BINDER_SET_CONTEXT_MGR already set [ 365.897999][ T8015] binder: 8014:8015 ioctl 4018620d 200000001000 returned -16 [ 366.664395][ T8031] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 367.685297][ T5617] Bluetooth: hci1: command tx timeout [ 367.757126][ T8036] virtio-fs: tag not found [ 370.024961][ T8061] binder_alloc: 8060: binder_alloc_buf, no vma [ 375.637413][ T8097] binder: BINDER_SET_CONTEXT_MGR already set [ 375.637427][ T8097] binder: 8096:8097 ioctl 4018620d 200000000100 returned -16 [ 375.641263][ T8097] binder: BINDER_SET_CONTEXT_MGR already set [ 375.641272][ T8097] binder: 8096:8097 ioctl 4018620d 200000001000 returned -16 [ 375.734799][ T8103] binder: BINDER_SET_CONTEXT_MGR already set [ 375.734814][ T8103] binder: 8102:8103 ioctl 4018620d 200000000100 returned -16 [ 375.766152][ T8103] binder: BINDER_SET_CONTEXT_MGR already set [ 375.766166][ T8103] binder: 8102:8103 ioctl 4018620d 200000001000 returned -16 [ 378.512196][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.522434][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.976990][ T8128] binder: Unknown parameter 'subj_user' [ 384.754525][ T8153] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 385.815400][ T32] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 386.856077][ T32] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 386.856134][ T32] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 386.874640][ T32] usb 3-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 386.874668][ T32] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.874686][ T32] usb 3-1: Product: syz [ 386.874699][ T32] usb 3-1: Manufacturer: syz [ 386.874711][ T32] usb 3-1: SerialNumber: syz [ 387.031309][ T32] usb 3-1: config 0 descriptor?? [ 387.443210][ T32] usb 3-1: USB disconnect, device number 5 [ 389.849099][ T7976] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.849375][ T7976] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.849726][ T7976] bridge_slave_0: entered allmulticast mode [ 389.919285][ T7976] bridge_slave_0: entered promiscuous mode [ 390.000559][ T7976] bridge0: port 2(bridge_slave_1) entered blocking state [ 390.000832][ T7976] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.001116][ T7976] bridge_slave_1: entered allmulticast mode [ 390.082284][ T7976] bridge_slave_1: entered promiscuous mode [ 390.789532][ T5271] 8021q: adding VLAN 0 to HW filter on device eth5 [ 392.642399][ T150] bridge_slave_1: left allmulticast mode [ 392.642432][ T150] bridge_slave_1: left promiscuous mode [ 392.642687][ T150] bridge0: port 2(bridge_slave_1) entered disabled state [ 394.146423][ T150] bridge_slave_0: left allmulticast mode [ 394.146445][ T150] bridge_slave_0: left promiscuous mode [ 394.146618][ T150] bridge0: port 1(bridge_slave_0) entered disabled state [ 394.212224][ T8234] virtio-fs: tag not found [ 394.926551][ T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 395.516784][ T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 396.568597][ T150] bond0 (unregistering): Released all slaves [ 397.782508][ T7976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 397.819247][ T7976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 397.901081][ T5342] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 397.923586][ T7976] team0: Port device team_slave_0 added [ 397.936557][ T7976] team0: Port device team_slave_1 added [ 398.519491][ T5342] usb 4-1: device descriptor read/all, error -71 [ 398.556470][ T7976] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 398.556486][ T7976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 398.556510][ T7976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 399.321075][ T150] hsr_slave_0: left promiscuous mode [ 399.357245][ T150] hsr_slave_1: left promiscuous mode [ 399.358302][ T150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 399.430234][ T150] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 400.489456][ T150] team0 (unregistering): Port device team_slave_1 removed [ 401.142621][ T150] team0 (unregistering): Port device team_slave_0 removed [ 401.519474][ T7976] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 401.519488][ T7976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 401.519510][ T7976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 403.202701][ T5271] 8021q: adding VLAN 0 to HW filter on device eth6 [ 404.849805][ T7976] hsr_slave_0: entered promiscuous mode [ 404.851225][ T7976] hsr_slave_1: entered promiscuous mode [ 404.852135][ T7976] debugfs: 'hsr0' already exists in 'hsr' [ 404.852150][ T7976] Cannot create hsr debugfs directory [ 404.907930][ T5961] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 405.294564][ T5961] usb 1-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 405.294694][ T5961] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 405.341502][ T5961] usb 1-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 405.341532][ T5961] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.341550][ T5961] usb 1-1: Product: syz [ 405.341561][ T5961] usb 1-1: Manufacturer: syz [ 405.341574][ T5961] usb 1-1: SerialNumber: syz [ 405.443550][ T5961] usb 1-1: config 0 descriptor?? [ 405.687338][ T5961] usb 1-1: USB disconnect, device number 6 [ 410.697168][ T5271] 8021q: adding VLAN 0 to HW filter on device eth7 [ 411.211661][ T8367] virtio-fs: tag not found [ 416.505375][ T5748] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 417.287106][ T5748] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 417.287167][ T5748] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 417.317520][ T5748] usb 3-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 417.317549][ T5748] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.317568][ T5748] usb 3-1: Product: syz [ 417.317582][ T5748] usb 3-1: Manufacturer: syz [ 417.317595][ T5748] usb 3-1: SerialNumber: syz [ 417.339948][ T5748] usb 3-1: config 0 descriptor?? [ 417.558659][ T5935] usb 3-1: USB disconnect, device number 6 [ 419.992258][ T8441] virtio-fs: tag not found [ 422.461512][ T5623] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 422.488855][ T5623] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 422.533693][ T5623] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 422.584651][ T5623] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 422.612811][ T5623] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 425.275286][ T5623] Bluetooth: hci5: command tx timeout [ 427.455359][ T5623] Bluetooth: hci5: command tx timeout [ 429.527126][ T5623] Bluetooth: hci5: command tx timeout [ 430.007393][ T43] bridge_slave_1: left allmulticast mode [ 430.007427][ T43] bridge_slave_1: left promiscuous mode [ 430.008495][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 430.238046][ T8523] loop2: detected capacity change from 0 to 512 [ 431.228637][ T8523] ======================================================= [ 431.228637][ T8523] WARNING: The mand mount option has been deprecated and [ 431.228637][ T8523] and is ignored by this kernel. Remove the mand [ 431.228637][ T8523] option from the mount to silence this warning. [ 431.228637][ T8523] ======================================================= [ 431.228950][ T8523] EXT4-fs: Ignoring removed nomblk_io_submit option [ 431.299140][ T43] bridge_slave_0: left allmulticast mode [ 431.299172][ T43] bridge_slave_0: left promiscuous mode [ 431.323390][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.605433][ T5623] Bluetooth: hci5: command tx timeout [ 433.907975][ T8523] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 434.790067][ T8523] EXT4-fs warning (device loop2): ext4_multi_mount_protect:393: Unable to create kmmpd thread for loop2. [ 435.339759][ T8572] netlink: 'syz.2.683': attribute type 1 has an invalid length. [ 435.456294][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 435.576487][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 435.647083][ T43] bond0 (unregistering): Released all slaves [ 435.698044][ T8532] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 436.023459][ T8572] 8021q: adding VLAN 0 to HW filter on device bond1 [ 436.263890][ T8573] bond1: (slave veth3): Enslaving as an active interface with a down link [ 436.345494][ T8574] vlan0: entered allmulticast mode [ 436.345515][ T8574] veth0_to_bond: entered allmulticast mode [ 436.347197][ T8574] veth0_to_bond: entered promiscuous mode [ 436.349012][ T8574] veth0_to_bond: left promiscuous mode [ 436.448077][ T8574] bond1: (slave vlan0): making interface the new active one [ 436.535842][ T8574] veth0_to_bond: entered promiscuous mode [ 436.556303][ T8574] vlan0: entered promiscuous mode [ 436.557500][ T8574] bond1: (slave vlan0): Enslaving as an active interface with an up link [ 436.975365][ T55] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 437.105291][ T55] usb 4-1: device descriptor read/64, error -71 [ 437.457740][ T55] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 437.523058][ T43] hsr_slave_0: left promiscuous mode [ 437.557346][ T43] hsr_slave_1: left promiscuous mode [ 437.558094][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 437.597260][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 437.635423][ T55] usb 4-1: device descriptor read/64, error -71 [ 437.892206][ T55] usb usb4-port1: attempt power cycle [ 438.945389][ T55] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 438.966346][ T55] usb 4-1: device descriptor read/8, error -71 [ 439.776058][ T55] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 440.099894][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.100035][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.842218][ T55] usb 4-1: device descriptor read/8, error -71 [ 440.951554][ T55] usb usb4-port1: unable to enumerate USB device [ 442.441274][ T43] team0 (unregistering): Port device team_slave_1 removed [ 442.597772][ T43] team0 (unregistering): Port device team_slave_0 removed [ 445.176285][ T8671] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 445.176319][ T8671] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 445.326554][ T8671] vhci_hcd vhci_hcd.0: Device attached [ 445.993951][ T8629] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 446.020149][ T8676] vhci_hcd: connection closed [ 446.045736][ T5935] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 446.100405][ T84] vhci_hcd vhci_hcd.4: stop threads [ 446.101352][ T84] vhci_hcd vhci_hcd.4: release socket [ 446.126876][ T5961] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 446.147752][ T84] vhci_hcd vhci_hcd.4: disconnect device [ 446.222552][ T5935] usb 1-1: config 0 interface 0 altsetting 255 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 446.222674][ T5935] usb 1-1: config 0 interface 0 altsetting 255 endpoint 0x8F has invalid wMaxPacketSize 0 [ 446.222700][ T5935] usb 1-1: config 0 interface 0 has no altsetting 0 [ 446.242626][ T5935] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 446.242654][ T5935] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 446.242681][ T5935] usb 1-1: Product: syz [ 446.242695][ T5935] usb 1-1: Manufacturer: syz [ 446.242708][ T5935] usb 1-1: SerialNumber: syz [ 446.371382][ T5935] usb 1-1: config 0 descriptor?? [ 447.363338][ T5935] usb 1-1: selecting invalid altsetting 0 [ 448.950489][ T5935] usb 1-1: USB disconnect, device number 7 [ 451.538562][ T5961] vhci_hcd vhci_hcd.4: vhci_device speed not set [ 452.044563][ T8721] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 452.998569][ T8737] syz.2.722 (8737) used greatest stack depth: 18704 bytes left [ 453.554444][ T8380] udevd[8380]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 457.230122][ T8452] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.237344][ T8452] bridge0: port 1(bridge_slave_0) entered disabled state [ 457.237627][ T8452] bridge_slave_0: entered allmulticast mode [ 457.247286][ T8452] bridge_slave_0: entered promiscuous mode [ 457.253263][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.255519][ T8452] bridge0: port 2(bridge_slave_1) entered disabled state [ 457.256136][ T8452] bridge_slave_1: entered allmulticast mode [ 458.205396][ T8452] bridge_slave_1: entered promiscuous mode [ 459.049683][ T43] vlan0: left promiscuous mode [ 459.475421][ T8452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 459.519334][ T8452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 464.974366][ T8735] syz.3.720 (8735) used greatest stack depth: 18536 bytes left [ 465.113646][ T8452] team0: Port device team_slave_0 added [ 465.126748][ T8452] team0: Port device team_slave_1 added [ 465.192438][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 465.192453][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 465.192478][ T8452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 465.203499][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 465.203514][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 465.203538][ T8452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 465.647977][ T8793] loop4: detected capacity change from 0 to 512 [ 465.694309][ T8452] hsr_slave_0: entered promiscuous mode [ 465.710152][ T8452] hsr_slave_1: entered promiscuous mode [ 465.727699][ T8452] debugfs: 'hsr0' already exists in 'hsr' [ 465.727724][ T8452] Cannot create hsr debugfs directory [ 465.823207][ T8793] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 466.022489][ T8793] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ce01c, mo2=0002] [ 466.022639][ T8793] System zones: 1-12 [ 466.161625][ T8793] EXT4-fs (loop4): orphan cleanup on readonly fs [ 466.277619][ T8793] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.738: invalid indirect mapped block 12 (level 1) [ 466.277894][ T8793] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 466.286095][ C0] EXT4-fs (loop4): initial error at time 1781851531: ext4_free_branches:1023: inode 11 [ 466.286131][ C0] EXT4-fs (loop4): last error at time 1781851531: ext4_free_branches:1023: inode 11 [ 467.710941][ T8793] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.738: invalid indirect mapped block 2 (level 2) [ 467.710987][ T8793] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 467.895993][ T8793] EXT4-fs (loop4): 1 truncate cleaned up [ 468.017849][ T8793] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback. [ 468.993982][ T5613] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 474.651435][ T8452] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 474.845027][ T8452] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 474.860767][ T8452] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 475.773532][ T8452] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 475.795533][ T8452] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 475.927770][ T8452] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 475.929201][ T8452] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 475.980374][ T8452] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 476.388983][ T8452] 8021q: adding VLAN 0 to HW filter on device bond0 [ 476.454908][ T8452] 8021q: adding VLAN 0 to HW filter on device team0 [ 476.516572][ T150] bridge0: port 1(bridge_slave_0) entered blocking state [ 476.516796][ T150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 476.566781][ T150] bridge0: port 2(bridge_slave_1) entered blocking state [ 476.566990][ T150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 478.874286][ T8886] syz.2.764 (8886) used greatest stack depth: 18256 bytes left [ 479.546942][ T8452] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 481.478573][ T8932] loop2: detected capacity change from 0 to 4096 [ 481.489415][ T8932] EXT4-fs: Ignoring removed mblk_io_submit option [ 481.489441][ T8932] ext4: Unknown parameter 'nouser_xattr' [ 481.535061][ T5617] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 481.760459][ T5617] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 481.762630][ T5617] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 481.764939][ T5617] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 481.781349][ T5617] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 481.873124][ T32] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 482.461335][ T32] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 482.461369][ T32] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 482.461395][ T32] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 482.461544][ T32] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 482.461570][ T32] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 482.465789][ T32] usb 4-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 482.465817][ T32] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.465837][ T32] usb 4-1: Product: syz [ 482.465851][ T32] usb 4-1: Manufacturer: syz [ 482.465865][ T32] usb 4-1: SerialNumber: syz [ 482.989071][ T8938] netlink: 'syz.4.777': attribute type 1 has an invalid length. [ 483.109020][ T8938] 8021q: adding VLAN 0 to HW filter on device bond2 [ 483.651425][ T32] usb 4-1: config 0 descriptor?? [ 483.713452][ T32] iguanair 4-1:0.0: probe with driver iguanair failed with error -12 [ 483.766819][ T8941] bond2: (slave veth3): Enslaving as an active interface with a down link [ 483.860569][ T5623] Bluetooth: hci1: command tx timeout [ 483.900196][ T5342] usb 4-1: USB disconnect, device number 11 [ 485.930567][ T5623] Bluetooth: hci1: command tx timeout [ 488.006784][ T5623] Bluetooth: hci1: command tx timeout [ 489.261525][ T8933] bridge0: port 1(bridge_slave_0) entered blocking state [ 489.261804][ T8933] bridge0: port 1(bridge_slave_0) entered disabled state [ 489.262048][ T8933] bridge_slave_0: entered allmulticast mode [ 489.285987][ T8933] bridge_slave_0: entered promiscuous mode [ 489.309927][ T8933] bridge0: port 2(bridge_slave_1) entered blocking state [ 489.310215][ T8933] bridge0: port 2(bridge_slave_1) entered disabled state [ 489.310479][ T8933] bridge_slave_1: entered allmulticast mode [ 489.354841][ T8933] bridge_slave_1: entered promiscuous mode [ 489.444777][ T8933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 489.479196][ T8933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 489.546957][ T8933] team0: Port device team_slave_0 added [ 489.551982][ T8933] team0: Port device team_slave_1 added [ 489.616599][ T8933] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 489.616614][ T8933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 489.616639][ T8933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 489.620401][ T8933] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 489.620415][ T8933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 489.620440][ T8933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 489.810718][ T8933] hsr_slave_0: entered promiscuous mode [ 489.831163][ T8933] hsr_slave_1: entered promiscuous mode [ 489.833116][ T8933] debugfs: 'hsr0' already exists in 'hsr' [ 489.833140][ T8933] Cannot create hsr debugfs directory [ 490.085372][ T5623] Bluetooth: hci1: command tx timeout [ 498.189842][ T9055] netlink: 24 bytes leftover after parsing attributes in process `syz.2.805'. [ 498.872630][ T9061] netlink: 'syz.0.810': attribute type 1 has an invalid length. [ 498.999701][ T9061] 8021q: adding VLAN 0 to HW filter on device bond2 [ 501.368158][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.368252][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.510549][ T9062] bond2: (slave veth3): Enslaving as an active interface with a down link [ 503.854261][ T9101] syz.3.821 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 508.008457][ T1448] bridge_slave_1: left allmulticast mode [ 508.008489][ T1448] bridge_slave_1: left promiscuous mode [ 508.008750][ T1448] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.319767][ T1448] bridge_slave_0: left allmulticast mode [ 510.319789][ T1448] bridge_slave_0: left promiscuous mode [ 510.319963][ T1448] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.928346][ T1448] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 514.050243][ T1448] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 514.196402][ T1448] bond0 (unregistering): Released all slaves [ 515.720828][ T5271] 8021q: adding VLAN 0 to HW filter on device eth5 [ 517.833271][ T9219] netlink: 'syz.0.853': attribute type 1 has an invalid length. [ 518.089229][ T9219] 8021q: adding VLAN 0 to HW filter on device bond3 [ 519.424632][ T9223] bond3: (slave veth5): Enslaving as an active interface with a down link [ 520.208846][ T1583] Bluetooth: (null): Invalid header checksum [ 520.277157][ T67] Bluetooth: (null): Invalid header checksum [ 520.305327][ T1448] hsr_slave_0: left promiscuous mode [ 520.345325][ T1448] hsr_slave_1: left promiscuous mode [ 520.348919][ T1448] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 520.387497][ T6738] Bluetooth: (null): Invalid header checksum [ 520.388257][ T1448] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 520.498737][ T6738] Bluetooth: (null): Invalid header checksum [ 520.605771][ T13] Bluetooth: (null): Invalid header checksum [ 522.195560][ T9283] netlink: 'syz.3.868': attribute type 1 has an invalid length. [ 522.385828][ T1448] team0 (unregistering): Port device team_slave_1 removed [ 522.425780][ T1448] team0 (unregistering): Port device team_slave_0 removed [ 522.615948][ T5271] 8021q: adding VLAN 0 to HW filter on device eth6 [ 522.632247][ T9268] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 522.752280][ T9283] 8021q: adding VLAN 0 to HW filter on device bond1 [ 522.813368][ T5623] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 522.813420][ T5623] CPU: 1 UID: 0 PID: 5623 Comm: kworker/u9:5 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 522.813449][ T5623] Tainted: [L]=SOFTLOCKUP [ 522.813456][ T5623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 522.813469][ T5623] Workqueue: hci0 hci_rx_work [ 522.813605][ T5623] Call Trace: [ 522.813650][ T5623] [ 522.813715][ T5623] dump_stack_lvl+0xe8/0x150 [ 522.813811][ T5623] sysfs_create_dir_ns+0x271/0x2a0 [ 522.813831][ T5623] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 522.813876][ T5623] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 522.813902][ T5623] ? rt_spin_unlock+0x160/0x200 [ 522.813923][ T5623] kobject_add_internal+0x62c/0xce0 [ 522.813959][ T5623] kobject_add+0x163/0x240 [ 522.813985][ T5623] ? rt_spin_unlock+0x14f/0x200 [ 522.814010][ T5623] ? __pfx_kobject_add+0x10/0x10 [ 522.814044][ T5623] ? get_device_parent+0x370/0x3a0 [ 522.814076][ T5623] device_add+0x3fa/0xb80 [ 522.814108][ T5623] hci_conn_add_sysfs+0xd5/0x210 [ 522.814173][ T5623] le_conn_complete_evt+0xfef/0x1580 [ 522.814258][ T5623] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 522.814286][ T5623] ? lockdep_hardirqs_on+0x7a/0x110 [ 522.814312][ T5623] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 522.814335][ T5623] ? rt_mutex_slowunlock+0x219/0x460 [ 522.814353][ T5623] ? skb_pull_data+0xf0/0x200 [ 522.814383][ T5623] hci_le_conn_complete_evt+0x187/0x470 [ 522.814416][ T5623] hci_event_packet+0x67a/0xf10 [ 522.814444][ T5623] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 522.814471][ T5623] ? __pfx_hci_event_packet+0x10/0x10 [ 522.814505][ T5623] ? hci_send_to_monitor+0xe2/0x590 [ 522.814528][ T5623] hci_rx_work+0x3ee/0x1020 [ 522.814561][ T5623] ? process_one_work+0x8cd/0x12b0 [ 522.814626][ T5623] process_one_work+0x93a/0x12b0 [ 522.814674][ T5623] ? __pfx_process_one_work+0x10/0x10 [ 522.814701][ T5623] ? do_raw_spin_lock+0x12b/0x2f0 [ 522.814757][ T5623] ? assign_work+0x3cf/0x5d0 [ 522.814791][ T5623] worker_thread+0xb05/0x10d0 [ 522.814831][ T5623] kthread+0x388/0x470 [ 522.814855][ T5623] ? __pfx_worker_thread+0x10/0x10 [ 522.814872][ T5623] ? __pfx_kthread+0x10/0x10 [ 522.814898][ T5623] ret_from_fork+0x514/0xb70 [ 522.814926][ T5623] ? __pfx_ret_from_fork+0x10/0x10 [ 522.814951][ T5623] ? __switch_to+0xc89/0x1420 [ 522.814974][ T5623] ? __pfx_kthread+0x10/0x10 [ 522.815000][ T5623] ret_from_fork_asm+0x1a/0x30 [ 522.815045][ T5623] [ 522.816348][ T5623] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 522.816390][ T5623] Bluetooth: hci0: failed to register connection device [ 523.246065][ T32] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 523.294250][ T9286] bond1: (slave veth3): Enslaving as an active interface with a down link [ 523.668579][ T1424] Bluetooth: (null): Invalid header checksum [ 523.686439][ T32] usb 5-1: config 0 interface 0 altsetting 255 has an endpoint descriptor with address 0xFA, changing to 0x8A [ 523.686473][ T32] usb 5-1: config 0 interface 0 altsetting 255 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 523.686497][ T32] usb 5-1: config 0 interface 0 altsetting 255 endpoint 0x8A has invalid wMaxPacketSize 0 [ 523.686519][ T32] usb 5-1: config 0 interface 0 has no altsetting 0 [ 523.740020][ T32] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 523.740048][ T32] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 523.740068][ T32] usb 5-1: Product: syz [ 523.740082][ T32] usb 5-1: Manufacturer: syz [ 523.740095][ T32] usb 5-1: SerialNumber: syz [ 524.188810][ T67] Bluetooth: (null): Invalid header checksum [ 524.215103][ T67] Bluetooth: (null): Invalid header checksum [ 524.319117][ T32] usb 5-1: config 0 descriptor?? [ 524.358976][ T32] usb 5-1: selecting invalid altsetting 0 [ 528.176900][ T32] usb 5-1: USB disconnect, device number 7 [ 528.669198][ T8782] udevd[8782]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 528.965824][ T5623] Bluetooth: hci0: command 0x0406 tx timeout [ 532.035017][ T9339] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 537.618756][ T5617] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 537.618785][ T5617] CPU: 0 UID: 0 PID: 5617 Comm: kworker/u9:3 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 537.618815][ T5617] Tainted: [L]=SOFTLOCKUP [ 537.618822][ T5617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 537.618835][ T5617] Workqueue: hci4 hci_rx_work [ 537.618865][ T5617] Call Trace: [ 537.618872][ T5617] [ 537.618883][ T5617] dump_stack_lvl+0xe8/0x150 [ 537.618914][ T5617] sysfs_create_dir_ns+0x271/0x2a0 [ 537.618937][ T5617] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 537.618958][ T5617] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 537.618983][ T5617] ? rt_spin_unlock+0x160/0x200 [ 537.619004][ T5617] kobject_add_internal+0x62c/0xce0 [ 537.619041][ T5617] kobject_add+0x163/0x240 [ 537.619067][ T5617] ? rt_spin_unlock+0x14f/0x200 [ 537.619092][ T5617] ? __pfx_kobject_add+0x10/0x10 [ 537.619126][ T5617] ? get_device_parent+0x370/0x3a0 [ 537.619162][ T5617] device_add+0x3fa/0xb80 [ 537.619196][ T5617] hci_conn_add_sysfs+0xd5/0x210 [ 537.619222][ T5617] le_conn_complete_evt+0xfef/0x1580 [ 537.619257][ T5617] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 537.619283][ T5617] ? lockdep_hardirqs_on+0x7a/0x110 [ 537.619305][ T5617] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 537.619328][ T5617] ? rt_mutex_slowunlock+0x219/0x460 [ 537.619345][ T5617] ? skb_pull_data+0xf0/0x200 [ 537.619374][ T5617] hci_le_conn_complete_evt+0x187/0x470 [ 537.619411][ T5617] hci_event_packet+0x67a/0xf10 [ 537.619431][ T5617] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 537.619459][ T5617] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 537.619483][ T5617] ? __pfx_hci_event_packet+0x10/0x10 [ 537.619515][ T5617] ? hci_send_to_monitor+0xe2/0x590 [ 537.619536][ T5617] hci_rx_work+0x3ee/0x1020 [ 537.619568][ T5617] ? process_one_work+0x8cd/0x12b0 [ 537.619597][ T5617] process_one_work+0x93a/0x12b0 [ 537.619655][ T5617] ? __pfx_process_one_work+0x10/0x10 [ 537.619680][ T5617] ? do_raw_spin_lock+0x12b/0x2f0 [ 537.619710][ T5617] ? assign_work+0x3cf/0x5d0 [ 537.619744][ T5617] worker_thread+0xb05/0x10d0 [ 537.619781][ T5617] kthread+0x388/0x470 [ 537.619804][ T5617] ? __pfx_worker_thread+0x10/0x10 [ 537.619821][ T5617] ? __pfx_kthread+0x10/0x10 [ 537.619843][ T5617] ret_from_fork+0x514/0xb70 [ 537.619868][ T5617] ? __pfx_ret_from_fork+0x10/0x10 [ 537.619892][ T5617] ? __switch_to+0xc89/0x1420 [ 537.619915][ T5617] ? __pfx_kthread+0x10/0x10 [ 537.619940][ T5617] ret_from_fork_asm+0x1a/0x30 [ 537.619979][ T5617] [ 537.620020][ T5617] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 537.620060][ T5617] Bluetooth: hci4: failed to register connection device [ 540.277933][ T9450] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 540.554773][ T8933] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 540.667321][ T8933] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 540.678177][ T8933] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 540.718913][ T8933] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 540.827608][ T8933] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 540.961585][ T8933] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 541.006773][ T8933] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 541.034800][ T8933] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 541.599301][ T8933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 543.422459][ T5617] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 543.450291][ T5617] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 543.464321][ T5617] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 543.501042][ T5617] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 543.502958][ T5617] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 544.791792][ T9516] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 544.791820][ T9516] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 544.795866][ T9516] vhci_hcd vhci_hcd.0: Device attached [ 544.802580][ T9516] netlink: 'syz.4.929': attribute type 12 has an invalid length. [ 545.615388][ T5617] Bluetooth: hci1: command tx timeout [ 545.652824][ T9518] vhci_hcd: connection closed [ 545.725706][ T3029] vhci_hcd vhci_hcd.4: stop threads [ 545.725731][ T3029] vhci_hcd vhci_hcd.4: release socket [ 545.726709][ T3029] vhci_hcd vhci_hcd.4: disconnect device [ 545.767110][ T5961] usb 42-1: enqueue for inactive port 0 [ 546.330090][ T5961] usb usb42-port1: attempt power cycle [ 547.467150][ T5961] usb usb42-port1: unable to enumerate USB device [ 547.767416][ T5617] Bluetooth: hci1: command tx timeout [ 548.199157][ T9569] netlink: 'syz.2.941': attribute type 1 has an invalid length. [ 548.704985][ T9569] 8021q: adding VLAN 0 to HW filter on device bond3 [ 551.017749][ T5617] Bluetooth: hci1: command tx timeout [ 551.131403][ T9573] bond3: (slave veth5): Enslaving as an active interface with a down link [ 552.435267][ T5960] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 552.595256][ T5960] usb 4-1: Using ep0 maxpacket: 32 [ 552.599672][ T5960] usb 4-1: unable to get BOS descriptor or descriptor too short [ 552.600685][ T5960] usb 4-1: config 14 has an invalid interface number: 57 but max is 0 [ 552.600700][ T5960] usb 4-1: config 14 has no interface number 0 [ 552.600725][ T5960] usb 4-1: config 14 interface 57 has no altsetting 0 [ 552.608922][ T5960] usb 4-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13 [ 552.608950][ T5960] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.608968][ T5960] usb 4-1: Product: syz [ 552.608981][ T5960] usb 4-1: Manufacturer: syz [ 552.608993][ T5960] usb 4-1: SerialNumber: syz [ 553.041803][ T5960] legousbtower 4-1:14.57: interrupt endpoints not found [ 553.046122][ T5617] Bluetooth: hci1: command tx timeout [ 555.406298][ T5935] usb 4-1: USB disconnect, device number 12 [ 557.343442][ T9641] netlink: 'syz.3.961': attribute type 1 has an invalid length. [ 557.458926][ T9641] 8021q: adding VLAN 0 to HW filter on device bond2 [ 559.881042][ T9643] bond2: (slave veth5): Enslaving as an active interface with a down link [ 559.929549][ T9641] vlan0: entered allmulticast mode [ 559.929570][ T9641] veth0_to_bond: entered allmulticast mode [ 560.040236][ T9654] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 560.349757][ T9658] kvm: kvm [9657]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 560.362825][ T9658] kvm: kvm [9657]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 561.268852][ T55] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 561.439226][ T55] usb 1-1: Using ep0 maxpacket: 32 [ 561.441590][ T55] usb 1-1: unable to get BOS descriptor or descriptor too short [ 561.442715][ T55] usb 1-1: config 14 has an invalid interface number: 57 but max is 1 [ 561.442738][ T55] usb 1-1: config 14 has an invalid interface number: 228 but max is 1 [ 561.442757][ T55] usb 1-1: config 14 has no interface number 0 [ 561.442773][ T55] usb 1-1: config 14 has no interface number 1 [ 561.442828][ T55] usb 1-1: config 14 interface 57 has no altsetting 0 [ 561.442846][ T55] usb 1-1: config 14 interface 228 has no altsetting 0 [ 561.503295][ T55] usb 1-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13 [ 561.503325][ T55] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.503345][ T55] usb 1-1: Product: syz [ 561.503359][ T55] usb 1-1: Manufacturer: syz [ 561.503373][ T55] usb 1-1: SerialNumber: syz [ 562.598998][ T55] legousbtower 1-1:14.57: interrupt endpoints not found [ 562.627288][ T55] legousbtower 1-1:14.228: interrupt endpoints not found [ 562.817393][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.817485][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.230941][ T1448] bridge_slave_1: left allmulticast mode [ 564.230973][ T1448] bridge_slave_1: left promiscuous mode [ 564.257223][ T1448] bridge0: port 2(bridge_slave_1) entered disabled state [ 564.406336][ T1448] bridge_slave_0: left allmulticast mode [ 564.406358][ T1448] bridge_slave_0: left promiscuous mode [ 564.406530][ T1448] bridge0: port 1(bridge_slave_0) entered disabled state [ 565.197908][ T5618] usb 1-1: USB disconnect, device number 8 [ 565.253554][ T9712] netlink: 4 bytes leftover after parsing attributes in process `syz.0.977'. [ 569.185320][ T55] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 569.240797][ T1448] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 569.335536][ T55] usb 4-1: Using ep0 maxpacket: 32 [ 569.418679][ T55] usb 4-1: unable to get BOS descriptor or descriptor too short [ 569.423489][ T55] usb 4-1: config 14 has an invalid interface number: 57 but max is 1 [ 569.423513][ T55] usb 4-1: config 14 has an invalid interface number: 228 but max is 1 [ 569.423533][ T55] usb 4-1: config 14 has no interface number 0 [ 569.423548][ T55] usb 4-1: config 14 has no interface number 1 [ 569.423602][ T55] usb 4-1: config 14 interface 57 has no altsetting 0 [ 569.423620][ T55] usb 4-1: config 14 interface 228 has no altsetting 0 [ 569.442209][ T55] usb 4-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13 [ 569.442282][ T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 569.442302][ T55] usb 4-1: Product: syz [ 569.442314][ T55] usb 4-1: Manufacturer: syz [ 569.442328][ T55] usb 4-1: SerialNumber: syz [ 569.523904][ T1448] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 569.587914][ T1448] bond0 (unregistering): Released all slaves [ 569.678009][ T9706] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 569.718579][ T5271] 8021q: adding VLAN 0 to HW filter on device eth5 [ 570.093093][ T55] legousbtower 4-1:14.57: interrupt endpoints not found [ 571.202297][ T55] legousbtower 4-1:14.228: interrupt endpoints not found [ 572.100664][ T9499] bridge0: port 1(bridge_slave_0) entered blocking state [ 572.100953][ T9499] bridge0: port 1(bridge_slave_0) entered disabled state [ 572.101259][ T9499] bridge_slave_0: entered allmulticast mode [ 572.129348][ T9499] bridge_slave_0: entered promiscuous mode [ 572.161016][ T55] usb 4-1: USB disconnect, device number 13 [ 575.273646][ T9768] loop3: detected capacity change from 0 to 4096 [ 575.285988][ T9768] EXT4-fs: Ignoring removed mblk_io_submit option [ 575.286015][ T9768] ext4: Unknown parameter 'nouser_xattr' [ 580.527095][ T1448] hsr_slave_0: left promiscuous mode [ 580.577621][ T1448] hsr_slave_1: left promiscuous mode [ 580.580420][ T1448] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 580.613390][ T1448] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 580.632829][ T9791] netlink: 4 bytes leftover after parsing attributes in process `syz.3.996'. [ 580.953847][ T9796] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 580.953874][ T9796] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 580.953956][ T9796] vhci_hcd vhci_hcd.0: Device attached [ 581.377060][ T5961] usb 42-1: SetAddress Request (6) to port 0 [ 581.377140][ T5961] usb 42-1: new SuperSpeed USB device number 6 using vhci_hcd [ 581.616065][ T1448] team0 (unregistering): Port device team_slave_1 removed [ 581.651202][ T9798] vhci_hcd: connection reset by peer [ 581.657523][ T84] vhci_hcd vhci_hcd.4: stop threads [ 581.657547][ T84] vhci_hcd vhci_hcd.4: release socket [ 581.665740][ T84] vhci_hcd vhci_hcd.4: disconnect device [ 581.689864][ T1448] team0 (unregistering): Port device team_slave_0 removed [ 581.903175][ T5342] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 581.926710][ T9796] netlink: 'syz.4.998': attribute type 12 has an invalid length. [ 581.928200][ T9499] bridge0: port 2(bridge_slave_1) entered blocking state [ 581.928459][ T9499] bridge0: port 2(bridge_slave_1) entered disabled state [ 581.928764][ T9499] bridge_slave_1: entered allmulticast mode [ 581.931957][ T9499] bridge_slave_1: entered promiscuous mode [ 582.003923][ T5271] 8021q: adding VLAN 0 to HW filter on device eth6 [ 582.006566][ T9793] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 582.055395][ T5342] usb 1-1: Using ep0 maxpacket: 32 [ 582.057912][ T5342] usb 1-1: unable to get BOS descriptor or descriptor too short [ 582.064164][ T5342] usb 1-1: config 14 has an invalid interface number: 57 but max is 1 [ 582.064188][ T5342] usb 1-1: config 14 has an invalid interface number: 228 but max is 1 [ 582.064199][ T5342] usb 1-1: config 14 has no interface number 0 [ 582.064207][ T5342] usb 1-1: config 14 has no interface number 1 [ 582.064238][ T5342] usb 1-1: config 14 interface 57 has no altsetting 0 [ 582.064247][ T5342] usb 1-1: config 14 interface 228 has no altsetting 0 [ 582.080841][ T5342] usb 1-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13 [ 582.080870][ T5342] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.080889][ T5342] usb 1-1: Product: syz [ 582.080903][ T5342] usb 1-1: Manufacturer: syz [ 582.080916][ T5342] usb 1-1: SerialNumber: syz [ 583.279663][ T9499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 585.599671][ T5342] legousbtower 1-1:14.57: interrupt endpoints not found [ 585.644971][ T9499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 585.744392][ T9499] team0: Port device team_slave_0 added [ 585.758505][ T9499] team0: Port device team_slave_1 added [ 585.841303][ T9499] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 585.841318][ T9499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 585.841344][ T9499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 585.890753][ T9499] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 585.890768][ T9499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 585.890843][ T9499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 586.090907][ T5342] legousbtower 1-1:14.228: interrupt endpoints not found [ 586.463261][ T9499] hsr_slave_0: entered promiscuous mode [ 586.476620][ T9499] hsr_slave_1: entered promiscuous mode [ 586.478932][ T9499] debugfs: 'hsr0' already exists in 'hsr' [ 586.478956][ T9499] Cannot create hsr debugfs directory [ 586.566309][ T5961] usb 42-1: device descriptor read/8, error -110 [ 586.681399][ T5342] usb 1-1: USB disconnect, device number 9 [ 586.704885][ T9825] loop3: detected capacity change from 0 to 4096 [ 586.743517][ T9825] EXT4-fs: Ignoring removed mblk_io_submit option [ 586.743546][ T9825] ext4: Unknown parameter 'nouser_xattr' [ 587.042910][ T5961] usb usb42-port1: attempt power cycle [ 589.229125][ T9844] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1010'. [ 592.284533][ T5961] usb usb42-port1: unable to enumerate USB device [ 594.883116][ T5960] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 595.028679][ T5960] usb 5-1: Using ep0 maxpacket: 32 [ 595.031145][ T5960] usb 5-1: unable to get BOS descriptor or descriptor too short [ 595.032425][ T5960] usb 5-1: config 14 has an invalid interface number: 57 but max is 1 [ 595.032450][ T5960] usb 5-1: config 14 has an invalid interface number: 228 but max is 1 [ 595.032468][ T5960] usb 5-1: config 14 has no interface number 0 [ 595.032483][ T5960] usb 5-1: config 14 has no interface number 1 [ 595.032547][ T5960] usb 5-1: config 14 interface 228 altsetting 5 has a duplicate endpoint with address 0x8, skipping [ 595.032570][ T5960] usb 5-1: config 14 interface 228 altsetting 5 has an endpoint descriptor with address 0xD1, changing to 0x81 [ 595.032610][ T5960] usb 5-1: config 14 interface 228 altsetting 5 endpoint 0x81 has an invalid bInterval 109, changing to 10 [ 595.032635][ T5960] usb 5-1: config 14 interface 228 altsetting 5 endpoint 0x81 has invalid maxpacket 57993, setting to 1024 [ 595.032658][ T5960] usb 5-1: config 14 interface 228 altsetting 5 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 595.032683][ T5960] usb 5-1: config 14 interface 57 has no altsetting 0 [ 595.032698][ T5960] usb 5-1: config 14 interface 228 has no altsetting 0 [ 595.161748][ T5960] usb 5-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13 [ 595.161777][ T5960] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 595.161794][ T5960] usb 5-1: Product: syz [ 595.161801][ T5960] usb 5-1: Manufacturer: syz [ 595.161809][ T5960] usb 5-1: SerialNumber: syz [ 595.698872][ T5960] legousbtower 5-1:14.57: interrupt endpoints not found [ 595.738690][ T9914] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 595.738716][ T9914] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 595.738808][ T9914] vhci_hcd vhci_hcd.0: Device attached [ 595.794135][ T9914] netlink: 'syz.2.1022': attribute type 12 has an invalid length. [ 595.811246][ T5271] 8021q: adding VLAN 0 to HW filter on device eth7 [ 595.823922][ T9916] vhci_hcd: connection closed [ 595.824440][ T166] vhci_hcd vhci_hcd.2: stop threads [ 595.824462][ T166] vhci_hcd vhci_hcd.2: release socket [ 595.824497][ T166] vhci_hcd vhci_hcd.2: disconnect device [ 595.904388][ T5960] legousbtower 5-1:14.228: interrupt endpoints not found [ 597.021850][ T9925] loop2: detected capacity change from 0 to 4096 [ 597.068825][ T9925] EXT4-fs: Ignoring removed mblk_io_submit option [ 597.068850][ T9925] ext4: Unknown parameter 'nouser_xattr' [ 600.244901][ T5960] usb 5-1: USB disconnect, device number 8 [ 602.210738][ T9936] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 603.538151][ T5829] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 603.689937][ T5829] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 603.689971][ T5829] usb 4-1: can't read configurations, error -61 [ 603.739013][ T5623] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 603.799056][ T5623] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 603.809112][ T5623] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 603.811978][ T5623] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 603.812673][ T5623] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 603.965341][ T5829] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 604.055742][ T55] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 604.123518][ T5829] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 604.123562][ T5829] usb 4-1: can't read configurations, error -61 [ 604.123966][ T5829] usb usb4-port1: attempt power cycle [ 604.205288][ T55] usb 5-1: Using ep0 maxpacket: 32 [ 604.207699][ T55] usb 5-1: unable to get BOS descriptor or descriptor too short [ 604.212678][ T55] usb 5-1: config 14 has an invalid interface number: 57 but max is 1 [ 604.212702][ T55] usb 5-1: config 14 has an invalid interface number: 228 but max is 1 [ 604.212720][ T55] usb 5-1: config 14 has no interface number 0 [ 604.212734][ T55] usb 5-1: config 14 has no interface number 1 [ 604.212796][ T55] usb 5-1: config 14 interface 228 altsetting 5 has a duplicate endpoint with address 0x8, skipping [ 604.212818][ T55] usb 5-1: config 14 interface 228 altsetting 5 has an endpoint descriptor with address 0xD1, changing to 0x81 [ 604.212841][ T55] usb 5-1: config 14 interface 228 altsetting 5 endpoint 0x81 has an invalid bInterval 109, changing to 10 [ 604.212865][ T55] usb 5-1: config 14 interface 228 altsetting 5 endpoint 0x81 has invalid maxpacket 57993, setting to 1024 [ 604.212888][ T55] usb 5-1: config 14 interface 228 altsetting 5 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 604.212911][ T55] usb 5-1: config 14 interface 57 has no altsetting 0 [ 604.212927][ T55] usb 5-1: config 14 interface 228 has no altsetting 0 [ 604.226389][ T55] usb 5-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13 [ 604.226417][ T55] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 604.226435][ T55] usb 5-1: Product: syz [ 604.226449][ T55] usb 5-1: Manufacturer: syz [ 604.226462][ T55] usb 5-1: SerialNumber: syz [ 604.591355][ T9999] loop2: detected capacity change from 0 to 4096 [ 604.619917][ T5829] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 604.622878][ T9999] EXT4-fs: Ignoring removed mblk_io_submit option [ 604.622904][ T9999] ext4: Unknown parameter 'nouser_xattr' [ 604.666599][ T5829] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 604.666636][ T5829] usb 4-1: can't read configurations, error -61 [ 604.795316][ T5829] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 604.819829][ T5829] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 604.819865][ T5829] usb 4-1: can't read configurations, error -61 [ 604.820243][ T5829] usb usb4-port1: unable to enumerate USB device [ 606.087242][ T55] legousbtower 5-1:14.57: interrupt endpoints not found [ 607.051752][ T55] legousbtower 5-1:14.228: interrupt endpoints not found [ 607.721589][ T5623] Bluetooth: hci5: command tx timeout [ 608.683020][ T5829] usb 5-1: USB disconnect, device number 9 [ 609.781420][ T5623] Bluetooth: hci5: command tx timeout [ 610.415361][ T5829] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 610.466167][ T3029] bridge_slave_1: left allmulticast mode [ 610.466277][ T3029] bridge_slave_1: left promiscuous mode [ 610.467257][ T3029] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.645906][ T5829] usb 4-1: config 0 has an invalid interface number: 255 but max is 0 [ 610.645933][ T5829] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 610.645951][ T5829] usb 4-1: config 0 has no interface number 0 [ 610.646091][ T5829] usb 4-1: too many endpoints for config 0 interface 255 altsetting 250: 111, using maximum allowed: 30 [ 610.646227][ T5829] usb 4-1: config 0 interface 255 altsetting 250 has 0 endpoint descriptors, different from the interface descriptor's value: 111 [ 610.646268][ T5829] usb 4-1: config 0 interface 255 has no altsetting 0 [ 610.659090][ T5829] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 610.659117][ T5829] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 610.659136][ T5829] usb 4-1: Product: syz [ 610.659149][ T5829] usb 4-1: Manufacturer: syz [ 610.659162][ T5829] usb 4-1: SerialNumber: syz [ 610.697101][ T3029] bridge_slave_0: left allmulticast mode [ 610.697134][ T3029] bridge_slave_0: left promiscuous mode [ 610.697442][ T3029] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.779866][ T5829] usb 4-1: config 0 descriptor?? [ 611.855333][ T5623] Bluetooth: hci5: command tx timeout [ 612.015927][ T5829] usb 4-1: USB disconnect, device number 18 [ 612.187603][T10094] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 612.187630][T10094] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 612.187718][T10094] vhci_hcd vhci_hcd.0: Device attached [ 612.211179][ T55] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 612.219011][ T9329] udevd[9329]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.255/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 612.249612][ T3029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 612.298509][T10098] loop2: detected capacity change from 0 to 4096 [ 612.301067][T10098] EXT4-fs: Ignoring removed mblk_io_submit option [ 612.301091][T10098] ext4: Unknown parameter 'nouser_xattr' [ 612.546140][ T3029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 612.768668][ T55] usb 5-1: Using ep0 maxpacket: 32 [ 613.452731][T10095] vhci_hcd: connection closed [ 613.941423][ T5623] Bluetooth: hci5: command tx timeout [ 614.177416][ T55] usb 5-1: unable to get BOS descriptor or descriptor too short [ 614.368745][ T43] vhci_hcd vhci_hcd.3: stop threads [ 614.368823][ T43] vhci_hcd vhci_hcd.3: release socket [ 614.475193][ T43] vhci_hcd vhci_hcd.3: disconnect device [ 614.717900][ T55] usb 5-1: config 14 has an invalid interface number: 57 but max is 1 [ 614.717975][ T55] usb 5-1: config 14 has an invalid interface number: 228 but max is 1 [ 614.718018][ T55] usb 5-1: config 14 has no interface number 0 [ 614.718080][ T55] usb 5-1: config 14 has no interface number 1 [ 614.718807][ T55] usb 5-1: config 14 interface 228 altsetting 5 has a duplicate endpoint with address 0x8, skipping [ 614.718877][ T55] usb 5-1: config 14 interface 228 altsetting 5 has an endpoint descriptor with address 0xD1, changing to 0x81 [ 614.718926][ T55] usb 5-1: config 14 interface 228 altsetting 5 endpoint 0x81 has an invalid bInterval 109, changing to 10 [ 614.718998][ T55] usb 5-1: config 14 interface 228 altsetting 5 endpoint 0x81 has invalid maxpacket 57993, setting to 1024 [ 614.719048][ T55] usb 5-1: config 14 interface 228 altsetting 5 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 614.719120][ T55] usb 5-1: config 14 interface 57 has no altsetting 0 [ 614.719184][ T55] usb 5-1: config 14 interface 228 has no altsetting 0 [ 615.094612][ T55] usb 5-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13 [ 615.094667][ T55] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.094687][ T55] usb 5-1: Product: syz [ 615.094701][ T55] usb 5-1: Manufacturer: syz [ 615.094774][ T55] usb 5-1: SerialNumber: syz [ 615.287135][ T5748] usb 40-1: enqueue for inactive port 0 [ 615.648103][ T55] legousbtower 5-1:14.57: interrupt endpoints not found [ 615.786863][ T5748] usb usb40-port1: attempt power cycle [ 615.799966][ T3029] bond0 (unregistering): Released all slaves [ 615.822308][ T55] legousbtower 5-1:14.228: interrupt endpoints not found [ 615.840481][T10094] netlink: 'syz.3.1055': attribute type 12 has an invalid length. [ 615.872029][ T55] usb 5-1: USB disconnect, device number 10 [ 616.389134][T10082] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 616.802650][ T5748] usb usb40-port1: unable to enumerate USB device [ 616.926084][ T3029] hsr_slave_0: left promiscuous mode [ 616.967864][ T3029] hsr_slave_1: left promiscuous mode [ 616.968903][ T3029] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 617.047690][ T3029] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 617.212268][T10133] loop0: detected capacity change from 0 to 4096 [ 617.226466][T10133] EXT4-fs: Ignoring removed mblk_io_submit option [ 617.226492][T10133] ext4: Unknown parameter 'nouser_xattr' [ 617.368589][ T5750] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 617.556290][ T5748] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 618.627770][ T5748] usb 4-1: Using ep0 maxpacket: 32 [ 618.640658][ T5748] usb 4-1: unable to get BOS descriptor or descriptor too short [ 618.642926][ T5748] usb 4-1: config 14 has an invalid interface number: 57 but max is 1 [ 618.642952][ T5748] usb 4-1: config 14 has an invalid interface number: 228 but max is 1 [ 618.642973][ T5748] usb 4-1: config 14 has no interface number 0 [ 618.642989][ T5748] usb 4-1: config 14 has no interface number 1 [ 618.643057][ T5748] usb 4-1: config 14 interface 228 altsetting 5 has a duplicate endpoint with address 0x8, skipping [ 618.643082][ T5748] usb 4-1: config 14 interface 228 altsetting 5 endpoint 0x9 has an invalid bInterval 122, changing to 10 [ 618.643115][ T5748] usb 4-1: config 14 interface 57 has no altsetting 0 [ 618.643133][ T5748] usb 4-1: config 14 interface 228 has no altsetting 0 [ 618.648521][ T5748] usb 4-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13 [ 618.648550][ T5748] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.648571][ T5748] usb 4-1: Product: syz [ 618.648585][ T5748] usb 4-1: Manufacturer: syz [ 618.648600][ T5748] usb 4-1: SerialNumber: syz [ 620.690462][ T5748] legousbtower 4-1:14.57: interrupt endpoints not found [ 621.229110][ T5750] usb 3-1: device descriptor read/all, error -71 [ 621.260153][ T5748] legousbtower 4-1:14.228: interrupt endpoints not found [ 621.499752][T10143] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 621.499779][T10143] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 621.500839][T10143] vhci_hcd vhci_hcd.0: Device attached [ 622.043395][ T5748] usb 42-1: SetAddress Request (10) to port 0 [ 622.057125][ T5748] usb 42-1: new SuperSpeed USB device number 10 using vhci_hcd [ 622.260519][ T3029] team0 (unregistering): Port device team_slave_1 removed [ 622.292947][T10145] vhci_hcd: connection reset by peer [ 622.300652][ T1424] vhci_hcd vhci_hcd.4: stop threads [ 622.300675][ T1424] vhci_hcd vhci_hcd.4: release socket [ 622.300736][ T1424] vhci_hcd vhci_hcd.4: disconnect device [ 622.327274][ T5342] usb 4-1: USB disconnect, device number 19 [ 622.336614][ T3029] team0 (unregistering): Port device team_slave_0 removed [ 622.838523][T10143] netlink: 'syz.4.1070': attribute type 12 has an invalid length. [ 623.606965][T10166] binder: BINDER_SET_CONTEXT_MGR already set [ 623.606975][T10166] binder: 10165:10166 ioctl 4018620d 200000001000 returned -16 [ 624.100176][T10175] loop4: detected capacity change from 0 to 4096 [ 624.100812][T10175] EXT4-fs: Ignoring removed mblk_io_submit option [ 624.100827][T10175] ext4: Unknown parameter 'nouser_xattr' [ 624.108725][T10168] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 624.503462][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.503550][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.656295][ T55] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 625.017408][ T55] usb 4-1: config 0 has an invalid interface number: 255 but max is 0 [ 625.017436][ T55] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 625.017457][ T55] usb 4-1: config 0 has no interface number 0 [ 625.017486][ T55] usb 4-1: too many endpoints for config 0 interface 255 altsetting 250: 111, using maximum allowed: 30 [ 625.017524][ T55] usb 4-1: config 0 interface 255 altsetting 250 has 0 endpoint descriptors, different from the interface descriptor's value: 111 [ 625.017552][ T55] usb 4-1: config 0 interface 255 has no altsetting 0 [ 625.020059][ T55] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 625.020087][ T55] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 625.020108][ T55] usb 4-1: Product: syz [ 625.020131][ T55] usb 4-1: Manufacturer: syz [ 625.020145][ T55] usb 4-1: SerialNumber: syz [ 625.241010][ T55] usb 4-1: config 0 descriptor?? [ 625.341346][ T9991] bridge0: port 1(bridge_slave_0) entered blocking state [ 625.343203][ T9991] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.343461][ T9991] bridge_slave_0: entered allmulticast mode [ 625.370931][ T9991] bridge_slave_0: entered promiscuous mode [ 625.383942][ T9991] bridge0: port 2(bridge_slave_1) entered blocking state [ 625.384228][ T9991] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.384492][ T9991] bridge_slave_1: entered allmulticast mode [ 625.412898][ T9991] bridge_slave_1: entered promiscuous mode [ 625.486681][ T55] usb 4-1: USB disconnect, device number 20 [ 625.564815][ T9991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 625.605426][ T9991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 625.703422][ T9991] team0: Port device team_slave_0 added [ 625.714366][ T9991] team0: Port device team_slave_1 added [ 625.767294][ T9991] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 625.767312][ T9991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 625.767338][ T9991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 625.770605][ T9991] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 625.770619][ T9991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 625.770645][ T9991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 625.951134][ T9991] hsr_slave_0: entered promiscuous mode [ 625.953123][ T9991] hsr_slave_1: entered promiscuous mode [ 625.954769][ T9991] debugfs: 'hsr0' already exists in 'hsr' [ 625.954792][ T9991] Cannot create hsr debugfs directory [ 627.011754][ T5342] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 627.145817][ T5748] usb 42-1: device descriptor read/8, error -110 [ 627.272686][ T9329] udevd[9329]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.255/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 627.295859][ T5342] usb 1-1: Using ep0 maxpacket: 32 [ 627.298134][ T5342] usb 1-1: unable to get BOS descriptor or descriptor too short [ 627.300172][ T5342] usb 1-1: config 14 has an invalid interface number: 57 but max is 1 [ 627.300197][ T5342] usb 1-1: config 14 has an invalid interface number: 228 but max is 1 [ 627.300218][ T5342] usb 1-1: config 14 has no interface number 0 [ 627.300234][ T5342] usb 1-1: config 14 has no interface number 1 [ 627.300301][ T5342] usb 1-1: config 14 interface 228 altsetting 5 has a duplicate endpoint with address 0x8, skipping [ 627.300324][ T5342] usb 1-1: config 14 interface 228 altsetting 5 endpoint 0x9 has an invalid bInterval 122, changing to 10 [ 627.300350][ T5342] usb 1-1: config 14 interface 57 has no altsetting 0 [ 627.300368][ T5342] usb 1-1: config 14 interface 228 has no altsetting 0 [ 627.302573][ T5342] usb 1-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13 [ 627.302598][ T5342] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.302617][ T5342] usb 1-1: Product: syz [ 627.302631][ T5342] usb 1-1: Manufacturer: syz [ 627.302645][ T5342] usb 1-1: SerialNumber: syz [ 627.557989][ T5748] usb usb42-port1: attempt power cycle [ 629.016575][ T5342] legousbtower 1-1:14.57: interrupt endpoints not found [ 629.157397][ T5342] legousbtower 1-1:14.228: interrupt endpoints not found [ 630.418162][ T5748] usb usb42-port1: unable to enumerate USB device [ 631.121220][T10218] loop4: detected capacity change from 0 to 4096 [ 631.126126][T10218] EXT4-fs: Ignoring removed mblk_io_submit option [ 631.126153][T10218] ext4: Unknown parameter 'nouser_xattr' [ 631.303176][ T5748] usb 1-1: USB disconnect, device number 10 [ 639.601027][T10235] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1092'. [ 640.443905][T10234] loop0: detected capacity change from 0 to 4096 [ 641.421288][T10234] EXT4-fs: Ignoring removed mblk_io_submit option [ 641.421317][T10234] ext4: Unknown parameter 'nouser_xattr' [ 643.313710][ T9991] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 644.472729][T10250] binder: 10249:10250 ioctl c0306201 0 returned -14 [ 645.303373][ T9991] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 645.321917][ T9991] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 646.237977][ T9991] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 646.238701][ T9991] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 646.716429][ T32] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 646.908730][ T32] usb 1-1: Using ep0 maxpacket: 32 [ 646.924899][ T32] usb 1-1: unable to get BOS descriptor or descriptor too short [ 646.929936][ T32] usb 1-1: config 14 has an invalid interface number: 57 but max is 1 [ 646.929961][ T32] usb 1-1: config 14 has an invalid interface number: 228 but max is 1 [ 646.930016][ T32] usb 1-1: config 14 has no interface number 0 [ 646.930062][ T32] usb 1-1: config 14 has no interface number 1 [ 646.930261][ T32] usb 1-1: config 14 interface 228 altsetting 5 has a duplicate endpoint with address 0x8, skipping [ 646.930317][ T32] usb 1-1: config 14 interface 228 altsetting 5 endpoint 0x9 has an invalid bInterval 122, changing to 10 [ 646.930344][ T32] usb 1-1: config 14 interface 57 has no altsetting 0 [ 646.930395][ T32] usb 1-1: config 14 interface 228 has no altsetting 0 [ 647.061851][ T32] usb 1-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13 [ 647.061886][ T32] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 647.061906][ T32] usb 1-1: Product: syz [ 647.061919][ T32] usb 1-1: Manufacturer: syz [ 647.061932][ T32] usb 1-1: SerialNumber: syz [ 647.481698][ T9991] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 647.790816][ T9991] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 647.958146][ T9991] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 648.323312][ T32] legousbtower 1-1:14.57: interrupt endpoints not found [ 648.748457][ T32] legousbtower 1-1:14.228: interrupt endpoints not found [ 649.572016][T10276] loop4: detected capacity change from 0 to 4096 [ 649.575023][T10276] EXT4-fs: Ignoring removed mblk_io_submit option [ 649.575046][T10276] ext4: Unknown parameter 'nouser_xattr' [ 651.444368][ T32] usb 1-1: USB disconnect, device number 11 [ 653.415410][ T9991] 8021q: adding VLAN 0 to HW filter on device bond0 [ 653.479676][ T9991] 8021q: adding VLAN 0 to HW filter on device team0 [ 653.502793][ T150] bridge0: port 1(bridge_slave_0) entered blocking state [ 653.527605][ T150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 653.547841][ T150] bridge0: port 2(bridge_slave_1) entered blocking state [ 653.548067][ T150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 654.236380][T10304] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1107'. [ 655.553427][T10314] binder: 10312:10314 ioctl c0306201 0 returned -14 [ 657.222330][T10329] loop3: detected capacity change from 0 to 512 [ 658.693698][T10329] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #11: comm syz.3.1114: ea_inode with extended attributes [ 658.693734][T10329] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 658.736870][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 658.736894][ C1] EXT4-fs (loop3): initial error at time 1781851724: ext4_xattr_inode_iget:441: inode 11 [ 658.736921][ C1] EXT4-fs (loop3): last error at time 1781851724: ext4_xattr_inode_iget:441: inode 11 [ 658.922644][T10329] EXT4-fs error (device loop3): ext4_xattr_inode_iget:446: comm syz.3.1114: error while reading EA inode 11 err=-117 [ 658.922788][T10329] loop3: lost filesystem error report for type 5 error -117 [ 659.173931][T10329] EXT4-fs (loop3): 1 orphan inode deleted [ 659.198069][T10329] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 660.603088][ T9991] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 663.439533][T10372] binder: 10371:10372 ioctl c0306201 0 returned -14 [ 664.158154][ T5612] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 665.583371][ T5617] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 665.625418][ T5617] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 665.630196][ T5617] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 665.635791][ T5617] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 665.642905][ T5617] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 665.829727][T10402] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1130'. [ 667.855846][ T5623] Bluetooth: hci1: command tx timeout [ 669.532703][T10458] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1141'. [ 669.943251][ T5623] Bluetooth: hci1: command tx timeout [ 671.973606][T10485] virtio-fs: tag not found [ 672.007787][ T5623] Bluetooth: hci1: command tx timeout [ 674.085316][ T5623] Bluetooth: hci1: command tx timeout [ 674.899224][T10487] loop3: detected capacity change from 0 to 4096 [ 674.912528][T10487] EXT4-fs: Ignoring removed mblk_io_submit option [ 674.912544][T10487] ext4: Unknown parameter 'nouser_xattr' [ 677.938323][T10508] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1154'. [ 680.116995][T10526] cgroup: Invalid name [ 682.109355][T10535] loop0: detected capacity change from 0 to 512 [ 682.489047][T10535] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 682.489071][T10535] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 682.551406][T10535] EXT4-fs (loop0): orphan cleanup on readonly fs [ 682.638091][T10535] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4222: comm syz.0.1160: Allocating blocks 41-42 which overlap fs metadata [ 682.638197][T10535] loop0: lost filesystem error report for type 5 error -117 [ 682.648698][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 682.648722][ C0] EXT4-fs (loop0): initial error at time 1781851747: ext4_mb_mark_diskspace_used:4222 [ 682.648831][ C0] EXT4-fs (loop0): last error at time 1781851747: ext4_mb_mark_diskspace_used:4222 [ 682.783399][T10535] EXT4-fs (loop0): Remounting filesystem read-only [ 682.784945][T10535] Quota error (device loop0): write_blk: dquota write failed [ 682.786289][T10535] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 682.786438][T10535] EXT4-fs (loop0): 1 truncate cleaned up [ 682.860434][T10535] EXT4-fs (loop0): pa ffff88803aea6b90: logic 1, phys. 41, len 23 [ 682.862674][T10535] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 685.759036][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.775539][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.569106][T10561] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1168'. [ 690.261895][ T5614] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 690.908196][ T6726] bridge_slave_1: left allmulticast mode [ 690.909106][ T6726] bridge_slave_1: left promiscuous mode [ 690.971539][ T6726] bridge0: port 2(bridge_slave_1) entered disabled state [ 691.151625][T10589] loop2: detected capacity change from 0 to 4096 [ 691.155861][T10589] EXT4-fs: Ignoring removed mblk_io_submit option [ 691.155887][T10589] ext4: Unknown parameter 'nouser_xattr' [ 694.790836][ T6726] bridge_slave_0: left allmulticast mode [ 694.790872][ T6726] bridge_slave_0: left promiscuous mode [ 694.791237][ T6726] bridge0: port 1(bridge_slave_0) entered disabled state [ 696.310613][T10623] loop4: detected capacity change from 0 to 128 [ 697.980202][T10629] netlink: 'syz.2.1185': attribute type 1 has an invalid length. [ 701.969168][ T6726] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 702.049816][ T6726] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 704.143331][ T6726] bond0 (unregistering): Released all slaves [ 704.191036][T10670] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 704.191063][T10670] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 704.191141][T10670] vhci_hcd vhci_hcd.0: Device attached [ 704.194034][T10670] netlink: 'syz.4.1196': attribute type 12 has an invalid length. [ 704.329831][T10393] bridge0: port 1(bridge_slave_0) entered blocking state [ 704.330141][T10393] bridge0: port 1(bridge_slave_0) entered disabled state [ 704.330442][T10393] bridge_slave_0: entered allmulticast mode [ 704.333654][T10393] bridge_slave_0: entered promiscuous mode [ 704.652471][ T5271] 8021q: adding VLAN 0 to HW filter on device eth5 [ 704.673900][T10629] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 704.974494][T10636] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 704.999189][T10671] vhci_hcd: connection closed [ 704.999729][ T67] vhci_hcd vhci_hcd.4: stop threads [ 704.999751][ T67] vhci_hcd vhci_hcd.4: release socket [ 704.999822][ T67] vhci_hcd vhci_hcd.4: disconnect device [ 704.999873][T10393] bridge0: port 2(bridge_slave_1) entered blocking state [ 705.000186][T10393] bridge0: port 2(bridge_slave_1) entered disabled state [ 705.000470][T10393] bridge_slave_1: entered allmulticast mode [ 705.005432][ T5960] usb 42-1: enqueue for inactive port 0 [ 705.076277][T10393] bridge_slave_1: entered promiscuous mode [ 706.187881][ T5960] usb usb42-port1: attempt power cycle [ 706.386936][ T6726] hsr_slave_0: left promiscuous mode [ 706.425352][ T6726] hsr_slave_1: left promiscuous mode [ 706.426420][ T6726] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 706.472834][T10699] random: crng reseeded on system resumption [ 706.629050][ T6726] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 707.538862][T10711] netlink: 'syz.0.1209': attribute type 1 has an invalid length. [ 708.660243][ T5960] usb usb42-port1: unable to enumerate USB device [ 716.378251][ T6726] team0 (unregistering): Port device team_slave_1 removed [ 716.406033][ T6726] team0 (unregistering): Port device team_slave_0 removed [ 716.676189][T10711] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 717.801711][T10713] vlan0: entered allmulticast mode [ 717.801733][T10713] veth0_to_bond: entered allmulticast mode [ 717.812559][T10727] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 718.871099][T10393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 718.937020][T10393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 720.952917][T10393] team0: Port device team_slave_0 added [ 720.985384][T10393] team0: Port device team_slave_1 added [ 721.711698][T10393] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 721.711713][T10393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 721.711739][T10393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 721.761446][T10393] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 721.761462][T10393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 721.761489][T10393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 721.912340][T10393] hsr_slave_0: entered promiscuous mode [ 721.914319][T10393] hsr_slave_1: entered promiscuous mode [ 721.928665][T10393] debugfs: 'hsr0' already exists in 'hsr' [ 721.928692][T10393] Cannot create hsr debugfs directory [ 725.804282][ T5271] 8021q: adding VLAN 0 to HW filter on device eth6 [ 726.126407][T10803] netlink: 'syz.0.1226': attribute type 1 has an invalid length. [ 730.913335][ T5617] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 730.946588][T10803] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 730.969461][ T5617] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 730.974765][ T5617] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 731.012877][ T5617] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 731.027525][ T5617] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 731.839111][T10816] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 731.988527][ T150] bridge_slave_1: left allmulticast mode [ 731.988560][ T150] bridge_slave_1: left promiscuous mode [ 731.988805][ T150] bridge0: port 2(bridge_slave_1) entered disabled state [ 732.455987][T10852] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1235'. [ 732.456009][T10852] netlink: 348 bytes leftover after parsing attributes in process `syz.0.1235'. [ 732.456074][T10852] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1235'. [ 732.456088][T10852] netlink: 348 bytes leftover after parsing attributes in process `syz.0.1235'. [ 732.456416][T10852] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1235'. [ 733.483709][ T5623] Bluetooth: hci1: command tx timeout [ 734.416773][ T150] bridge_slave_0: left allmulticast mode [ 734.416795][ T150] bridge_slave_0: left promiscuous mode [ 734.417020][ T150] bridge0: port 1(bridge_slave_0) entered disabled state [ 735.535502][ T5623] Bluetooth: hci1: command tx timeout [ 735.680002][T10885] netlink: 'syz.4.1244': attribute type 1 has an invalid length. [ 735.700410][ T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 735.825688][ T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 735.901393][ T150] bond0 (unregistering): Released all slaves [ 736.043768][ T5271] 8021q: adding VLAN 0 to HW filter on device eth7 [ 736.930491][T10885] 8021q: adding VLAN 0 to HW filter on device bond3 [ 737.400220][T10887] bond3: (slave veth5): Enslaving as an active interface with a down link [ 737.411358][T10889] vlan0: entered allmulticast mode [ 737.411377][T10889] veth0_to_bond: entered allmulticast mode [ 737.412951][T10889] veth0_to_bond: entered promiscuous mode [ 737.414212][T10889] veth0_to_bond: left promiscuous mode [ 737.418373][T10889] bond3: (slave vlan0): making interface the new active one [ 737.419770][T10889] veth0_to_bond: entered promiscuous mode [ 737.421076][T10889] vlan0: entered promiscuous mode [ 737.421820][T10889] bond3: (slave vlan0): Enslaving as an active interface with an up link [ 737.614374][ T5623] Bluetooth: hci1: command tx timeout [ 738.520874][T10924] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 738.675394][ T150] hsr_slave_0: left promiscuous mode [ 738.725468][ T150] hsr_slave_1: left promiscuous mode [ 738.726481][ T150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 739.357100][ T150] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 739.685394][ T5623] Bluetooth: hci1: command tx timeout [ 739.825937][T10950] netlink: 'syz.2.1255': attribute type 1 has an invalid length. [ 739.834504][T10948] loop0: detected capacity change from 0 to 4096 [ 739.850444][T10948] EXT4-fs: Ignoring removed mblk_io_submit option [ 739.850472][T10948] ext4: Unknown parameter 'nouser_xattr' [ 744.792869][T10965] loop4: detected capacity change from 0 to 164 [ 745.223731][ T150] team0 (unregistering): Port device team_slave_1 removed [ 745.370956][ T150] team0 (unregistering): Port device team_slave_0 removed [ 745.651882][T10971] loop0: detected capacity change from 0 to 4096 [ 745.666317][T10971] EXT4-fs: Ignoring removed mblk_io_submit option [ 745.666334][T10971] ext4: Unknown parameter 'nouser_xattr' [ 747.371250][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.371807][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.884113][T10950] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 747.972249][T10969] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 750.173335][T11008] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 750.173361][T11008] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 750.173449][T11008] vhci_hcd vhci_hcd.0: Device attached [ 750.485544][ T5748] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 750.944981][T11021] loop0: detected capacity change from 0 to 4096 [ 750.976616][T11021] EXT4-fs: Ignoring removed mblk_io_submit option [ 750.976633][T11021] ext4: Unknown parameter 'nouser_xattr' [ 751.929624][T11009] vhci_hcd: connection reset by peer [ 751.941705][ T166] vhci_hcd vhci_hcd.2: stop threads [ 751.941727][ T166] vhci_hcd vhci_hcd.2: release socket [ 751.941791][ T166] vhci_hcd vhci_hcd.2: disconnect device [ 752.268687][ T5271] 8021q: adding VLAN 0 to HW filter on device eth8 [ 753.858084][T10828] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.858242][T10828] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.858431][T10828] bridge_slave_0: entered allmulticast mode [ 753.861938][T10828] bridge_slave_0: entered promiscuous mode [ 753.911082][T10828] bridge0: port 2(bridge_slave_1) entered blocking state [ 753.911479][T10828] bridge0: port 2(bridge_slave_1) entered disabled state [ 753.911755][T10828] bridge_slave_1: entered allmulticast mode [ 753.939146][T10828] bridge_slave_1: entered promiscuous mode [ 754.097733][T10828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 754.133770][T10828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 754.862531][T11066] loop3: detected capacity change from 0 to 4096 [ 754.873136][T11066] EXT4-fs: Ignoring removed mblk_io_submit option [ 754.873163][T11066] ext4: Unknown parameter 'nouser_xattr' [ 755.715370][ T5748] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 756.020745][T10828] team0: Port device team_slave_0 added [ 756.057961][T10828] team0: Port device team_slave_1 added [ 756.146137][T10828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 756.146153][T10828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 756.146179][T10828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 756.149686][T10828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 756.149700][T10828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 756.149732][T10828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 756.324635][T10828] hsr_slave_0: entered promiscuous mode [ 756.333390][T10828] hsr_slave_1: entered promiscuous mode [ 756.335028][T10828] debugfs: 'hsr0' already exists in 'hsr' [ 756.335051][T10828] Cannot create hsr debugfs directory [ 758.903143][T11100] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 759.300517][ T6145] vlan0: left promiscuous mode [ 759.534991][T11117] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 759.535017][T11117] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 759.578738][T11117] vhci_hcd vhci_hcd.0: Device attached [ 759.753673][T11123] 9pnet_virtio: no channels available for device syz [ 759.818788][ T5734] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 759.901563][ T5734] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 760.113119][T11120] vhci_hcd: connection reset by peer [ 760.113586][ T6144] vhci_hcd vhci_hcd.3: stop threads [ 760.113609][ T6144] vhci_hcd vhci_hcd.3: release socket [ 760.114081][ T6144] vhci_hcd vhci_hcd.3: disconnect device [ 760.933766][T11143] loop0: detected capacity change from 0 to 4096 [ 760.934823][T11143] EXT4-fs: Ignoring removed mblk_io_submit option [ 760.934847][T11143] ext4: Unknown parameter 'nouser_xattr' [ 765.035344][ T5734] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 767.901634][T11212] loop4: detected capacity change from 0 to 4096 [ 767.902801][T11212] EXT4-fs: Ignoring removed mblk_io_submit option [ 767.902827][T11212] ext4: Unknown parameter 'nouser_xattr' [ 772.430936][T11251] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 772.430964][T11251] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 772.431057][T11251] vhci_hcd vhci_hcd.0: Device attached [ 772.462926][T11244] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 772.510249][T11251] 9pnet_virtio: no channels available for device syz [ 772.619308][ T5960] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 772.685395][ T5960] usb 39-1: new full-speed USB device number 3 using vhci_hcd [ 772.988451][T11256] vhci_hcd: connection reset by peer [ 772.992906][ T6726] vhci_hcd vhci_hcd.3: stop threads [ 772.993956][ T6726] vhci_hcd vhci_hcd.3: release socket [ 772.994034][ T6726] vhci_hcd vhci_hcd.3: disconnect device [ 773.042951][T11270] loop2: detected capacity change from 0 to 4096 [ 773.046474][T11270] EXT4-fs: Ignoring removed mblk_io_submit option [ 773.046500][T11270] ext4: Unknown parameter 'nouser_xattr' [ 773.531696][T11283] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1318'. [ 776.367673][T11320] loop2: detected capacity change from 0 to 4096 [ 776.368662][T11320] EXT4-fs: Ignoring removed mblk_io_submit option [ 776.368687][T11320] ext4: Unknown parameter 'nouser_xattr' [ 777.039967][T11333] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 777.039993][T11333] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 777.040081][T11333] vhci_hcd vhci_hcd.0: Device attached [ 777.288456][ T32] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 777.321784][T11347] 9pnet_virtio: no channels available for device syz [ 777.365349][ T32] usb 33-1: new full-speed USB device number 2 using vhci_hcd [ 778.025316][ T5960] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 778.203598][T11340] vhci_hcd: connection reset by peer [ 778.204114][ T1424] vhci_hcd vhci_hcd.0: stop threads [ 778.204135][ T1424] vhci_hcd vhci_hcd.0: release socket [ 778.204208][ T1424] vhci_hcd vhci_hcd.0: disconnect device [ 778.614812][T11362] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1336'. [ 778.687891][T10828] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 778.736938][T10828] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 778.745537][T10828] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 778.830434][T10828] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 778.843263][T10828] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 778.928262][T10828] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 779.012229][T10828] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 779.072415][T10828] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 779.963583][T10828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 780.067029][T10828] 8021q: adding VLAN 0 to HW filter on device team0 [ 780.106214][ T1467] bridge0: port 1(bridge_slave_0) entered blocking state [ 780.106303][ T1467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 780.153680][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 780.155117][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 780.723976][T11400] loop2: detected capacity change from 0 to 4096 [ 780.726534][T11400] EXT4-fs: Ignoring removed mblk_io_submit option [ 780.726559][T11400] ext4: Unknown parameter 'nouser_xattr' [ 782.834552][ T32] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 784.917306][T10828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 785.217699][T11470] loop3: detected capacity change from 0 to 4096 [ 785.223616][T11470] EXT4-fs: Ignoring removed mblk_io_submit option [ 785.223644][T11470] ext4: Unknown parameter 'nouser_xattr' [ 785.275430][ T5935] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 785.430079][ T5935] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 785.430107][ T5935] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 785.430126][ T5935] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 785.430170][ T5935] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 785.430194][ T5935] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 785.430219][ T5935] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 785.431851][ T5935] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 785.431878][ T5935] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 785.431898][ T5935] usb 3-1: Product: syz [ 785.431912][ T5935] usb 3-1: Manufacturer: syz [ 785.558369][T11464] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 785.575489][ T5935] cdc_wdm 3-1:1.0: skipping garbage [ 785.575509][ T5935] cdc_wdm 3-1:1.0: skipping garbage [ 785.653560][ T5935] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 785.653647][ T5935] cdc_wdm 3-1:1.0: Unknown control protocol [ 786.166108][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 786.166364][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 786.166913][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 786.166933][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 786.169231][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 786.169292][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 786.169741][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 786.169820][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 786.170185][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 786.170250][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 786.170656][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 786.170714][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 786.171068][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 786.171116][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 786.171436][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 786.171490][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 786.171826][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 786.171845][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 786.172177][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 786.172244][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 787.015785][ T5749] usb 3-1: USB disconnect, device number 9 [ 787.015954][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 788.633495][T11505] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 788.688087][T11505] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 788.694627][T11505] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 788.709736][T11505] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 788.710913][T11505] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 790.808141][ T5623] Bluetooth: hci5: command tx timeout [ 792.888572][ T5623] Bluetooth: hci5: command tx timeout [ 793.164189][T11560] loop3: detected capacity change from 0 to 512 [ 793.244784][T11560] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #11: comm syz.3.1377: ea_inode with extended attributes [ 793.244818][T11560] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 793.246406][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 793.246419][ C0] EXT4-fs (loop3): initial error at time 1781851858: ext4_xattr_inode_iget:441: inode 11 [ 793.246434][ C0] EXT4-fs (loop3): last error at time 1781851858: ext4_xattr_inode_iget:441: inode 11 [ 793.343578][T11560] EXT4-fs error (device loop3): ext4_xattr_inode_iget:446: comm syz.3.1377: error while reading EA inode 11 err=-117 [ 793.343612][T11560] loop3: lost filesystem error report for type 5 error -117 [ 793.377961][T11560] EXT4-fs (loop3): 1 orphan inode deleted [ 793.488914][T11560] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 794.946446][ T5612] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 794.992804][ T5623] Bluetooth: hci5: command tx timeout [ 795.106520][T11569] loop3: detected capacity change from 0 to 4096 [ 795.107578][T11569] EXT4-fs: Ignoring removed mblk_io_submit option [ 795.107611][T11569] ext4: Unknown parameter 'nouser_xattr' [ 796.661170][T11581] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1383'. [ 797.045250][ T5623] Bluetooth: hci5: command tx timeout [ 797.705688][T11591] netlink: 'syz.2.1386': attribute type 12 has an invalid length. [ 798.581213][T11599] loop2: detected capacity change from 0 to 4096 [ 798.590976][T11599] EXT4-fs: Ignoring removed mblk_io_submit option [ 798.590992][T11599] ext4: Unknown parameter 'nouser_xattr' [ 802.796624][T11502] bridge0: port 1(bridge_slave_0) entered blocking state [ 802.796898][T11502] bridge0: port 1(bridge_slave_0) entered disabled state [ 802.797191][T11502] bridge_slave_0: entered allmulticast mode [ 802.863150][T11502] bridge_slave_0: entered promiscuous mode [ 802.873905][T11502] bridge0: port 2(bridge_slave_1) entered blocking state [ 802.874124][T11502] bridge0: port 2(bridge_slave_1) entered disabled state [ 802.874355][T11502] bridge_slave_1: entered allmulticast mode [ 802.899720][T11502] bridge_slave_1: entered promiscuous mode [ 803.227743][T11502] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 803.330172][T11502] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 804.851449][T11502] team0: Port device team_slave_0 added [ 804.919339][T11651] faux_driver vgem: [drm] Unknown color mode 55545; guessing buffer size. [ 804.947514][T11639] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR [ 804.981444][T11502] team0: Port device team_slave_1 added [ 805.202087][T11656] loop4: detected capacity change from 0 to 4096 [ 805.203092][T11656] EXT4-fs: Ignoring removed mblk_io_submit option [ 805.203118][T11656] ext4: Unknown parameter 'nouser_xattr' [ 807.735429][ T158] bridge_slave_1: left allmulticast mode [ 807.735463][ T158] bridge_slave_1: left promiscuous mode [ 807.735736][ T158] bridge0: port 2(bridge_slave_1) entered disabled state [ 808.571546][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.571642][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.216988][ T158] bridge_slave_0: left allmulticast mode [ 809.217020][ T158] bridge_slave_0: left promiscuous mode [ 809.217260][ T158] bridge0: port 1(bridge_slave_0) entered disabled state [ 810.972414][ T158] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 811.029433][ T158] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 811.062168][ T158] bond0 (unregistering): Released all slaves [ 811.234071][ T5271] 8021q: adding VLAN 0 to HW filter on device eth5 [ 811.273524][T11685] tipc: Started in network mode [ 811.273568][T11685] tipc: Node identity da74f5852444, cluster identity 4711 [ 811.298081][T11685] tipc: Enabled bearer , priority 0 [ 811.298783][T11691] syzkaller0: entered promiscuous mode [ 811.298806][T11691] syzkaller0: entered allmulticast mode [ 811.353438][T11696] tipc: Resetting bearer [ 811.534269][T11502] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 811.534279][T11502] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 811.534294][T11502] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 811.591239][T11683] tipc: Resetting bearer [ 811.776688][T11683] tipc: Disabling bearer [ 811.939108][T11502] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 811.939124][T11502] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 811.939151][T11502] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 812.105520][ T158] hsr_slave_0: left promiscuous mode [ 812.148229][ T158] hsr_slave_1: left promiscuous mode [ 812.150974][ T158] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 812.187725][ T158] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 814.196319][ T158] team0 (unregistering): Port device team_slave_1 removed [ 814.300073][ T158] team0 (unregistering): Port device team_slave_0 removed [ 814.965802][T11732] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR [ 817.734057][T11502] hsr_slave_0: entered promiscuous mode [ 817.751645][T11502] hsr_slave_1: entered promiscuous mode [ 817.756758][T11502] debugfs: 'hsr0' already exists in 'hsr' [ 817.756782][T11502] Cannot create hsr debugfs directory [ 822.014900][T11791] loop4: detected capacity change from 0 to 4096 [ 822.045557][T11791] EXT4-fs: Ignoring removed mblk_io_submit option [ 822.045584][T11791] ext4: Unknown parameter 'nouser_xattr' [ 829.111335][T11818] smbdirect: ib_dev[syz0]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 829.111395][T11818] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 829.111447][T11818] smbdirect: ib_dev[syz0]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 829.120815][T11818] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 829.137961][T11818] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 829.514389][ T5271] 8021q: adding VLAN 0 to HW filter on device eth6 [ 832.600076][T11840] loop3: detected capacity change from 0 to 4096 [ 832.632007][T11840] EXT4-fs: Ignoring removed mblk_io_submit option [ 832.632035][T11840] ext4: Unknown parameter 'nouser_xattr' [ 835.114007][T11854] overlayfs: failed to resolve './file1': -2 [ 840.555000][T11505] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 840.661112][T11505] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 840.689290][T11505] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 840.694921][T11505] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 840.700657][T11505] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 841.765960][T11901] loop2: detected capacity change from 0 to 4096 [ 841.775897][T11901] EXT4-fs: Ignoring removed mblk_io_submit option [ 841.775924][T11901] ext4: Unknown parameter 'nouser_xattr' [ 842.893277][ T5623] Bluetooth: hci1: command tx timeout [ 844.969651][ T5623] Bluetooth: hci1: command tx timeout [ 846.907227][T11189] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 847.045328][ T5623] Bluetooth: hci1: command tx timeout [ 847.275910][T11502] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 847.577093][T11502] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 847.618902][T11502] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 847.674141][T11502] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 848.035883][T11189] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 848.193234][T11502] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 848.278572][T11502] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 848.829491][T11189] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 849.127663][ T5623] Bluetooth: hci1: command tx timeout [ 849.262010][T11189] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 849.933919][T11505] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 849.967507][T11505] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 850.012426][T11505] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 850.020328][T11505] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 850.021220][T11505] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 850.080017][T11987] loop3: detected capacity change from 0 to 4096 [ 850.092865][T11987] EXT4-fs: Ignoring removed mblk_io_submit option [ 850.092893][T11987] ext4: Unknown parameter 'nouser_xattr' [ 851.642632][T11884] bridge0: port 1(bridge_slave_0) entered blocking state [ 851.642983][T11884] bridge0: port 1(bridge_slave_0) entered disabled state [ 851.644812][T11884] bridge_slave_0: entered allmulticast mode [ 851.658381][T11884] bridge_slave_0: entered promiscuous mode [ 853.230519][T12000] loop2: detected capacity change from 0 to 512 [ 853.248375][ T5623] Bluetooth: hci4: command tx timeout [ 853.415880][T12000] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 853.415945][T12000] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 853.669597][T12000] EXT4-fs (loop2): orphan cleanup on readonly fs [ 853.774755][T12000] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4222: comm syz.2.1474: Allocating blocks 41-42 which overlap fs metadata [ 853.774837][T12000] loop2: lost filesystem error report for type 5 error -117 [ 853.779971][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 853.780016][ C1] EXT4-fs (loop2): initial error at time 1781851919: ext4_mb_mark_diskspace_used:4222 [ 853.780080][ C1] EXT4-fs (loop2): last error at time 1781851919: ext4_mb_mark_diskspace_used:4222 [ 853.917888][T12000] EXT4-fs (loop2): Remounting filesystem read-only [ 853.919921][T12000] Quota error (device loop2): write_blk: dquota write failed [ 853.920258][T12000] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 853.924665][T12000] EXT4-fs (loop2): 1 truncate cleaned up [ 854.242188][T12000] EXT4-fs (loop2): pa ffff88803f9c3378: logic 1, phys. 41, len 23 [ 854.249037][T12000] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 854.904282][T11884] bridge0: port 2(bridge_slave_1) entered blocking state [ 854.904568][T11884] bridge0: port 2(bridge_slave_1) entered disabled state [ 854.904917][T11884] bridge_slave_1: entered allmulticast mode [ 854.915675][T11884] bridge_slave_1: entered promiscuous mode [ 855.183941][T11884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 855.203326][T11884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 855.285892][T11505] Bluetooth: hci4: command tx timeout [ 855.658070][T11189] bridge_slave_1: left allmulticast mode [ 855.658104][T11189] bridge_slave_1: left promiscuous mode [ 855.667245][T11189] bridge0: port 2(bridge_slave_1) entered disabled state [ 855.799355][T11189] bridge_slave_0: left allmulticast mode [ 855.799389][T11189] bridge_slave_0: left promiscuous mode [ 855.800005][T11189] bridge0: port 1(bridge_slave_0) entered disabled state [ 855.861344][ T5609] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 856.359455][T12022] capability: warning: `syz.3.1480' uses deprecated v2 capabilities in a way that may be insecure [ 857.389623][T11505] Bluetooth: hci4: command tx timeout [ 857.500809][T12029] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1482'. [ 859.152236][T12041] cgroup: Invalid name [ 859.445287][T11505] Bluetooth: hci4: command tx timeout [ 859.611767][T12047] loop3: detected capacity change from 0 to 4096 [ 859.615797][T12047] EXT4-fs: Ignoring removed mblk_io_submit option [ 859.615823][T12047] ext4: Unknown parameter 'nouser_xattr' [ 863.977765][T11189] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 864.036266][T11189] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 864.097199][T11189] bond0 (unregistering): Released all slaves [ 864.122091][T11189] bond1 (unregistering): Released all slaves [ 864.177631][T11189] bond2 (unregistering): (slave veth3): Releasing active interface [ 864.239302][T11189] bond2 (unregistering): Released all slaves [ 864.336196][T11189] bond3 (unregistering): (slave veth5): Releasing active interface [ 864.399947][T11189] bond3 (unregistering): Released all slaves [ 864.447990][T11189] bond4 (unregistering): Released all slaves [ 864.492633][T11189] bond5 (unregistering): Released all slaves [ 864.547522][T11189] bond6 (unregistering): Released all slaves [ 864.759662][T11189] bond7 (unregistering): Released all slaves [ 864.854681][T11189] bond8 (unregistering): Released all slaves [ 865.013243][T12062] loop2: detected capacity change from 0 to 4096 [ 865.014292][T12062] EXT4-fs: Ignoring removed mblk_io_submit option [ 865.014317][T12062] ext4: Unknown parameter 'nouser_xattr' [ 865.069577][T11884] team0: Port device team_slave_0 added [ 865.459930][T11884] team0: Port device team_slave_1 added [ 865.679995][T11884] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 865.680011][T11884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 865.680037][T11884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 865.749968][T11884] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 865.749982][T11884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 865.750008][T11884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 866.850190][T12088] cgroup: Invalid name [ 867.102288][T11884] hsr_slave_0: entered promiscuous mode [ 867.111360][T11884] hsr_slave_1: entered promiscuous mode [ 867.114593][T11884] debugfs: 'hsr0' already exists in 'hsr' [ 867.114616][T11884] Cannot create hsr debugfs directory [ 867.982753][T12105] loop2: detected capacity change from 0 to 4096 [ 867.984185][T12105] EXT4-fs: Ignoring removed mblk_io_submit option [ 867.984209][T12105] ext4: Unknown parameter 'nouser_xattr' [ 868.094309][T12092] netlink: 'syz.4.1497': attribute type 12 has an invalid length. [ 868.166715][ T5271] 8021q: adding VLAN 0 to HW filter on device eth5 [ 870.044487][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.044573][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.764947][T12138] loop4: detected capacity change from 0 to 4096 [ 872.779420][T12138] EXT4-fs: Ignoring removed mblk_io_submit option [ 872.779449][T12138] ext4: Unknown parameter 'nouser_xattr' [ 874.090813][T12152] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1505'. [ 874.172120][ T5271] 8021q: adding VLAN 0 to HW filter on device eth6 [ 874.665266][T11189] hsr_slave_0: left promiscuous mode [ 874.685313][T11189] hsr_slave_1: left promiscuous mode [ 874.686663][T11189] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 874.686688][T11189] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 874.728451][T11189] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 874.728476][T11189] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 874.943486][T11189] veth1_macvtap: left promiscuous mode [ 874.957078][T11189] veth0_macvtap: left promiscuous mode [ 874.958053][T11189] veth1_vlan: left promiscuous mode [ 874.958126][T11189] veth0_vlan: left promiscuous mode [ 877.706571][T12170] loop4: detected capacity change from 0 to 4096 [ 877.736016][T12170] EXT4-fs: Ignoring removed mblk_io_submit option [ 877.736044][T12170] ext4: Unknown parameter 'nouser_xattr' [ 881.415542][T11189] team0 (unregistering): Port device team_slave_1 removed [ 881.556478][T11189] team0 (unregistering): Port device team_slave_0 removed [ 881.831878][T12162] netlink: 'syz.3.1509': attribute type 12 has an invalid length. [ 881.834924][T12177] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 881.911530][T12183] siw: device registration error -23 [ 986.855167][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 986.855182][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P15/2:b..l P5612/5:b..l [ 986.855206][ C1] rcu: (detected by 1, t=10502 jiffies, g=51433, q=342 ncpus=2) [ 986.855220][ C1] task:syz-executor state:R running task stack:21328 pid:5612 tgid:5612 ppid:5607 task_flags:0x400140 flags:0x00080000 [ 986.855249][ C1] Call Trace: [ 986.855254][ C1] [ 986.855262][ C1] __schedule+0x1709/0x5530 [ 986.855293][ C1] ? __pfx___schedule+0x10/0x10 [ 986.855306][ C1] ? __lock_acquire+0x683/0x2ce0 [ 986.855390][ C1] preempt_schedule_irq+0x4d/0xa0 [ 986.855402][ C1] irqentry_exit+0x14f/0x8f0 [ 986.855413][ C1] ? trace_irq_disable+0x3b/0x140 [ 986.855476][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 986.855488][ C1] RIP: 0010:lock_acquire+0x221/0x350 [ 986.855501][ C1] Code: ff ff ff e8 d1 29 8f 09 f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65 48 8b 05 9b 24 d4 10 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 c0 f2 92 09 cc 48 8d 3d b8 34 ef [ 986.855509][ C1] RSP: 0018:ffffc90004877288 EFLAGS: 00000286 [ 986.855543][ C1] RAX: 639d293cb8213a00 RBX: 0000000000000000 RCX: 0000000000000046 [ 986.855550][ C1] RDX: 00000000f8fde191 RSI: ffffffff8d8bc64f RDI: ffffffff8baa5580 [ 986.855556][ C1] RBP: ffffffff823814f6 R08: ffffffff823814f6 R09: 0000000000000000 [ 986.855562][ C1] R10: 0000000000000000 R11: ffffffff8dfc3040 R12: 0000000000000002 [ 986.855567][ C1] R13: ffffffff8dfc3040 R14: 0000000000000000 R15: 0000000000000246 [ 986.855575][ C1] ? page_table_check_set+0x126/0x510 [ 986.855614][ C1] ? page_table_check_set+0x126/0x510 [ 986.855629][ C1] ? page_table_check_set+0x126/0x510 [ 986.855645][ C1] page_table_check_set+0x143/0x510 [ 986.855655][ C1] ? page_table_check_set+0x126/0x510 [ 986.855667][ C1] copy_pmd_range+0x33b5/0x53e0 [ 986.855700][ C1] ? arch_stack_walk+0xfb/0x150 [ 986.855752][ C1] ? __pfx_copy_pmd_range+0x10/0x10 [ 986.855764][ C1] ? __lock_acquire+0x683/0x2ce0 [ 986.855785][ C1] copy_page_range+0xb34/0x1160 [ 986.855827][ C1] ? __pfx_copy_page_range+0x10/0x10 [ 986.855841][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 986.855853][ C1] ? lockdep_hardirqs_on+0x7a/0x110 [ 986.855863][ C1] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 986.855874][ C1] ? up_write+0x5a/0x190 [ 986.855885][ C1] dup_mmap+0xf2d/0x1d40 [ 986.855925][ C1] ? __pfx_dup_mmap+0x10/0x10 [ 986.855934][ C1] ? irqentry_exit+0x218/0x8f0 [ 986.855944][ C1] ? lockdep_hardirqs_on+0x7a/0x110 [ 986.855960][ C1] ? copy_mm+0x10f/0x480 [ 986.855970][ C1] ? copy_mm+0x10f/0x480 [ 986.855984][ C1] copy_mm+0x11a/0x480 [ 986.855994][ C1] ? copy_process+0xd3c/0x43f0 [ 986.856002][ C1] copy_process+0x1ea1/0x43f0 [ 986.856014][ C1] ? copy_process+0xd3c/0x43f0 [ 986.856031][ C1] ? __pfx_copy_process+0x10/0x10 [ 986.856046][ C1] kernel_clone+0x2d7/0x940 [ 986.856059][ C1] ? __pfx_kernel_clone+0x10/0x10 [ 986.856077][ C1] __x64_sys_clone+0x1b6/0x230 [ 986.856088][ C1] ? __pfx___x64_sys_clone+0x10/0x10 [ 986.856106][ C1] ? do_user_addr_fault+0xc4a/0x1340 [ 986.856143][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 986.856152][ C1] do_syscall_64+0x174/0x580 [ 986.856163][ C1] ? trace_irq_disable+0x3b/0x140 [ 986.856175][ C1] ? clear_bhb_loop+0x40/0x90 [ 986.856186][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 986.856195][ C1] RIP: 0033:0x7fb6e78658d2 [ 986.856207][ C1] RSP: 002b:00007ffdb457c550 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 986.856217][ C1] RAX: ffffffffffffffda RBX: 00007ffdb457c550 RCX: 00007fb6e78658d2 [ 986.856223][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 986.856229][ C1] RBP: 00007ffdb457c6dc R08: 0000000000000000 R09: 0000000000000001 [ 986.856234][ C1] R10: 00005555663347d0 R11: 0000000000000246 R12: 0000000000000001 [ 986.856239][ C1] R13: 0000555566347a10 R14: 00000000000d63b1 R15: 00007ffdb457c730 [ 986.856253][ C1] [ 986.856257][ C1] task:ksoftirqd/0 state:R running task stack:24624 pid:15 tgid:15 ppid:2 task_flags:0x4208040 flags:0x00080000 [ 986.856285][ C1] Call Trace: [ 986.856288][ C1] [ 986.856293][ C1] __schedule+0x1709/0x5530 [ 986.856316][ C1] ? __pfx___schedule+0x10/0x10 [ 986.856328][ C1] ? update_cfs_rq_load_avg+0x426/0x4e0 [ 986.856367][ C1] preempt_schedule_notrace+0x57/0x90 [ 986.856378][ C1] preempt_schedule_notrace_thunk+0x16/0x30 [ 986.856392][ C1] rcu_is_watching+0x7f/0xb0 [ 986.856424][ C1] sched_balance_domains+0x725/0x880 [ 986.856438][ C1] ? sched_balance_domains+0xe8/0x880 [ 986.856452][ C1] handle_softirqs+0x1d9/0x6c0 [ 986.856466][ C1] run_ksoftirqd+0x52/0x180 [ 986.856477][ C1] smpboot_thread_fn+0x57c/0xa80 [ 986.856510][ C1] ? smpboot_thread_fn+0x4e/0xa80 [ 986.856524][ C1] kthread+0x388/0x470 [ 986.856535][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 986.856544][ C1] ? __pfx_kthread+0x10/0x10 [ 986.856555][ C1] ret_from_fork+0x514/0xb70 [ 986.856569][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 986.856580][ C1] ? __switch_to+0xc89/0x1420 [ 986.856591][ C1] ? __pfx_kthread+0x10/0x10 [ 986.856602][ C1] ret_from_fork_asm+0x1a/0x30 [ 986.856622][ C1] [ 986.856626][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10447 jiffies! g51433 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 986.856636][ C1] rcu: Possible timer handling issue on cpu=1 timer-softirq=47559 [ 986.856646][ C1] rcu: rcu_preempt kthread starved for 10448 jiffies! g51433 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 986.856656][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 986.856661][ C1] rcu: RCU grace-period kthread stack dump: [ 986.856664][ C1] task:rcu_preempt state:I stack:24336 pid:18 tgid:18 ppid:2 task_flags:0x208040 flags:0x00080000 [ 986.856688][ C1] Call Trace: [ 986.856691][ C1] [ 986.856696][ C1] __schedule+0x1709/0x5530 [ 986.856714][ C1] ? do_raw_spin_unlock+0xf5/0x210 [ 986.856729][ C1] ? __pfx___schedule+0x10/0x10 [ 986.856743][ C1] ? schedule+0x90/0x2b0 [ 986.856754][ C1] schedule+0x164/0x2b0 [ 986.856765][ C1] schedule_timeout+0x152/0x2c0 [ 986.856776][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 986.856786][ C1] ? __pfx_process_timeout+0x10/0x10 [ 986.856821][ C1] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 986.856832][ C1] ? prepare_to_swait_event+0x322/0x350 [ 986.856886][ C1] rcu_gp_fqs_loop+0x30c/0x11c0 [ 986.856924][ C1] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 986.856937][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 986.856952][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 986.856965][ C1] rcu_gp_kthread+0x9e/0x2b0 [ 986.856979][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 986.856991][ C1] ? __kthread_parkme+0x71/0x1f0 [ 986.857002][ C1] ? __kthread_parkme+0x196/0x1f0 [ 986.857013][ C1] kthread+0x388/0x470 [ 986.857024][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 986.857034][ C1] ? __pfx_kthread+0x10/0x10 [ 986.857045][ C1] ret_from_fork+0x514/0xb70 [ 986.857058][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 986.857068][ C1] ? __switch_to+0xc89/0x1420 [ 986.857079][ C1] ? __pfx_kthread+0x10/0x10 [ 986.857090][ C1] ret_from_fork_asm+0x1a/0x30 [ 986.857109][ C1] [ 986.857112][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 986.857151][ C1] CPU: 1 UID: 0 PID: 12178 Comm: syz.4.1513 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 986.857173][ C1] Tainted: [L]=SOFTLOCKUP [ 986.857176][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 986.857182][ C1] RIP: 0010:preempt_count_add+0x0/0x190 [ 986.857212][ C1] Code: be e0 0e 00 00 e8 20 7e 9d 00 e9 70 ff ff ff e9 d3 fe ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 41 57 41 56 53 49 bf 00 00 00 00 00 fc ff df 48 c7 c0 [ 986.857220][ C1] RSP: 0018:ffffc90004be7ad0 EFLAGS: 00000286 [ 986.857228][ C1] RAX: 0000000080000000 RBX: 00000000000055f2 RCX: 0000000000000000 [ 986.857233][ C1] RDX: 00000000000001ff RSI: ffffffff8baa5560 RDI: 0000000000000001 [ 986.857239][ C1] RBP: 0000000000000001 R08: ffffffff8f8c6cf7 R09: 1ffffffff1f18d9e [ 986.857244][ C1] R10: dffffc0000000000 R11: ffffffff8b2e5c40 R12: ffff8880600d1e00 [ 986.857250][ C1] R13: ffff8880600d1e10 R14: 000001ff286052fe R15: 0000000000004c14 [ 986.857257][ C1] FS: 0000555562b26500(0000) GS:ffff888125fd4000(0000) knlGS:0000000000000000 [ 986.857264][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 986.857270][ C1] CR2: 00007fe4dfbfd710 CR3: 000000003a528000 CR4: 00000000003526f0 [ 986.857278][ C1] DR0: ffffffffffffffff DR1: 00000000000001f7 DR2: 00000000ffffffff [ 986.857284][ C1] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 986.857289][ C1] Call Trace: [ 986.857293][ C1] [ 986.857296][ C1] delay_tsc+0x65/0xc0 [ 986.857306][ C1] snd_timer_close_locked+0x435/0xbd0 [ 986.857345][ C1] ? mutex_lock_nested+0x152/0x1d0 [ 986.857358][ C1] ? snd_timer_close+0x39/0xc0 [ 986.857367][ C1] snd_timer_close+0x44/0xc0 [ 986.857376][ C1] snd_seq_timer_close+0x8a/0xc0 [ 986.857426][ C1] snd_seq_queue_delete+0x8d/0xf0 [ 986.857438][ C1] snd_seq_oss_release+0x1e9/0x330 [ 986.857447][ C1] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 986.857462][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 986.857473][ C1] ? lockdep_hardirqs_on+0x7a/0x110 [ 986.857483][ C1] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 986.857494][ C1] ? mutex_lock_nested+0x152/0x1d0 [ 986.857506][ C1] ? odev_release+0x4e/0x80 [ 986.857519][ C1] ? __pfx_odev_release+0x10/0x10 [ 986.857531][ C1] odev_release+0x56/0x80 [ 986.857544][ C1] __fput+0x42a/0xa80 [ 986.857558][ C1] task_work_run+0x1d9/0x270 [ 986.857571][ C1] ? __pfx_task_work_run+0x10/0x10 [ 986.857587][ C1] exit_to_user_mode_loop+0x1fa/0x730 [ 986.857600][ C1] ? rcu_is_watching+0x15/0xb0 [ 986.857609][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 986.857618][ C1] do_syscall_64+0x353/0x580 [ 986.857630][ C1] ? clear_bhb_loop+0x40/0x90 [ 986.857645][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 986.857654][ C1] RIP: 0033:0x7f974b75ce59 [ 986.857665][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 986.857672][ C1] RSP: 002b:00007fffbd963968 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 986.857681][ C1] RAX: 0000000000000000 RBX: 00007f974b9d7da0 RCX: 00007f974b75ce59 [ 986.857686][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 986.857691][ C1] RBP: 00007f974b9d7da0 R08: 0000000000000006 R09: 0000000000000000 [ 986.857697][ C1] R10: 00007f974b9d7cb0 R11: 0000000000000246 R12: 00000000000d762d [ 986.857702][ C1] R13: 00007f974b9d618c R14: 00000000000d74a8 R15: 00007f974b9d6180 [ 986.857716][ C1] [ 1038.971891][ T38] INFO: task kworker/u8:2:43 blocked for more than 143 seconds. [ 1038.971920][ T38] Tainted: G L syzkaller #0 [ 1038.971931][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1038.971941][ T38] task:kworker/u8:2 state:D stack:21520 pid:43 tgid:43 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 1038.972055][ T38] Workqueue: events_unbound linkwatch_event [ 1038.972111][ T38] Call Trace: [ 1038.972125][ T38] [ 1038.972138][ T38] __schedule+0x1709/0x5530 [ 1038.972188][ T38] ? __pfx___schedule+0x10/0x10 [ 1038.972224][ T38] rt_mutex_schedule+0x76/0xf0 [ 1038.972283][ T38] rt_mutex_slowlock_block+0x55c/0x680 [ 1038.972324][ T38] rt_mutex_slowlock+0x2d4/0x780 [ 1038.972344][ T38] ? rt_mutex_slowlock+0x1f2/0x780 [ 1038.972363][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 1038.972400][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1038.972425][ T38] ? linkwatch_event+0xe/0x60 [ 1038.972448][ T38] mutex_lock_nested+0x168/0x1d0 [ 1038.972472][ T38] ? linkwatch_event+0xe/0x60 [ 1038.972498][ T38] ? process_one_work+0x8cd/0x12b0 [ 1038.972522][ T38] linkwatch_event+0xe/0x60 [ 1038.972545][ T38] process_one_work+0x93a/0x12b0 [ 1038.972587][ T38] ? __pfx_process_one_work+0x10/0x10 [ 1038.972610][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 1038.972637][ T38] ? assign_work+0x3cf/0x5d0 [ 1038.972667][ T38] worker_thread+0xb3c/0x10d0 [ 1038.972707][ T38] kthread+0x388/0x470 [ 1038.972729][ T38] ? __pfx_worker_thread+0x10/0x10 [ 1038.972745][ T38] ? __pfx_kthread+0x10/0x10 [ 1038.972767][ T38] ret_from_fork+0x514/0xb70 [ 1038.972792][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1038.972814][ T38] ? __switch_to+0xc89/0x1420 [ 1038.972835][ T38] ? __pfx_kthread+0x10/0x10 [ 1038.972857][ T38] ret_from_fork_asm+0x1a/0x30 [ 1038.972895][ T38] [ 1038.972957][ T38] INFO: task kworker/u8:12:1448 blocked for more than 143 seconds. [ 1038.972972][ T38] Tainted: G L syzkaller #0 [ 1038.972982][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1038.972989][ T38] task:kworker/u8:12 state:D stack:22024 pid:1448 tgid:1448 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 1038.973035][ T38] Workqueue: events_unbound fsnotify_connector_destroy_workfn [ 1038.973092][ T38] Call Trace: [ 1038.973098][ T38] [ 1038.973109][ T38] __schedule+0x1709/0x5530 [ 1038.973156][ T38] ? register_lock_class+0x31/0x2e0 [ 1038.973183][ T38] ? __pfx___schedule+0x10/0x10 [ 1038.973213][ T38] ? schedule+0x90/0x2b0 [ 1038.973236][ T38] schedule+0x164/0x2b0 [ 1038.973258][ T38] schedule_timeout+0xc0/0x2c0 [ 1038.973310][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 1038.973331][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 1038.973360][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 1038.973382][ T38] ? wait_for_completion+0x272/0x5e0 [ 1038.973403][ T38] wait_for_completion+0x2ca/0x5e0 [ 1038.973435][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 1038.973469][ T38] __synchronize_srcu+0x23b/0x2f0 [ 1038.973524][ T38] ? __pfx___synchronize_srcu+0x10/0x10 [ 1038.973548][ T38] ? __pfx_wakeme_after_rcu+0x10/0x10 [ 1038.973576][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1038.973596][ T38] ? ktime_get_mono_fast_ns+0x2d2/0x2f0 [ 1038.973622][ T38] ? synchronize_srcu+0x20a/0x260 [ 1038.973646][ T38] ? process_one_work+0x8cd/0x12b0 [ 1038.973669][ T38] fsnotify_connector_destroy_workfn+0x44/0xb0 [ 1038.973695][ T38] ? process_one_work+0x8cd/0x12b0 [ 1038.973718][ T38] process_one_work+0x93a/0x12b0 [ 1038.973760][ T38] ? __pfx_process_one_work+0x10/0x10 [ 1038.973782][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 1038.973810][ T38] ? assign_work+0x3cf/0x5d0 [ 1038.973839][ T38] worker_thread+0xb05/0x10d0 [ 1038.973878][ T38] kthread+0x388/0x470 [ 1038.973900][ T38] ? __pfx_worker_thread+0x10/0x10 [ 1038.973916][ T38] ? __pfx_kthread+0x10/0x10 [ 1038.973938][ T38] ret_from_fork+0x514/0xb70 [ 1038.973963][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1038.973985][ T38] ? __switch_to+0xc89/0x1420 [ 1038.974007][ T38] ? __pfx_kthread+0x10/0x10 [ 1038.974029][ T38] ret_from_fork_asm+0x1a/0x30 [ 1038.974067][ T38] [ 1038.974161][ T38] INFO: task dhcpcd:5270 blocked for more than 143 seconds. [ 1038.974177][ T38] Tainted: G L syzkaller #0 [ 1038.974186][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1038.974195][ T38] task:dhcpcd state:D stack:24744 pid:5270 tgid:5270 ppid:1 task_flags:0x400140 flags:0x00080000 [ 1038.974239][ T38] Call Trace: [ 1038.974245][ T38] [ 1038.974255][ T38] __schedule+0x1709/0x5530 [ 1038.974302][ T38] ? __pfx___schedule+0x10/0x10 [ 1038.974337][ T38] rt_mutex_schedule+0x76/0xf0 [ 1038.974360][ T38] rt_mutex_slowlock_block+0x55c/0x680 [ 1038.974400][ T38] rt_mutex_slowlock+0x2d4/0x780 [ 1038.974420][ T38] ? rt_mutex_slowlock+0x1f2/0x780 [ 1038.974438][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 1038.974466][ T38] ? nl80211_pre_doit+0x5e/0x8b0 [ 1038.974502][ T38] ? nl80211_pre_doit+0x5e/0x8b0 [ 1038.974524][ T38] mutex_lock_nested+0x168/0x1d0 [ 1038.974547][ T38] ? __nla_parse+0x40/0x60 [ 1038.974628][ T38] nl80211_pre_doit+0x5e/0x8b0 [ 1038.974651][ T38] ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0 [ 1038.974680][ T38] genl_family_rcv_msg_doit+0x1db/0x340 [ 1038.974706][ T38] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1038.974735][ T38] ? __lock_acquire+0x683/0x2ce0 [ 1038.974767][ T38] genl_rcv_msg+0x614/0x7a0 [ 1038.974792][ T38] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1038.974810][ T38] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1038.974831][ T38] ? __pfx_nl80211_get_wiphy+0x10/0x10 [ 1038.974855][ T38] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1038.974892][ T38] netlink_rcv_skb+0x226/0x4a0 [ 1038.974915][ T38] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1038.974935][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1038.974971][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 1038.974993][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 1038.975020][ T38] genl_rcv+0x28/0x40 [ 1038.975037][ T38] netlink_unicast+0x7f5/0x990 [ 1038.975068][ T38] netlink_sendmsg+0x813/0xb40 [ 1038.975100][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1038.975361][ T38] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 1038.975423][ T38] ? aa_sock_msg_perm+0x122/0x200 [ 1038.975495][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1038.975518][ T38] sock_sendmsg_nosec+0x13a/0x180 [ 1038.975540][ T38] ____sys_sendmsg+0x565/0x870 [ 1038.975572][ T38] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1038.975618][ T38] ? import_iovec+0x73/0xa0 [ 1038.975694][ T38] ___sys_sendmsg+0x2a5/0x360 [ 1038.975723][ T38] ? __pfx____sys_sendmsg+0x10/0x10 [ 1038.975794][ T38] __x64_sys_sendmsg+0x1b7/0x290 [ 1038.975820][ T38] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1038.975857][ T38] ? __secure_computing+0xe7/0x2b0 [ 1038.975940][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.975959][ T38] do_syscall_64+0x174/0x580 [ 1038.975981][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.976000][ T38] ? clear_bhb_loop+0x40/0x90 [ 1038.976021][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.976040][ T38] RIP: 0033:0x7fc1fc8d8407 [ 1038.976056][ T38] RSP: 002b:00007ffce3534cb0 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 1038.976075][ T38] RAX: ffffffffffffffda RBX: 00007fc1fc84e780 RCX: 00007fc1fc8d8407 [ 1038.976088][ T38] RDX: 0000000000000000 RSI: 00007ffce3534d30 RDI: 000000000000000e [ 1038.976100][ T38] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1038.976111][ T38] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 1038.976129][ T38] R13: 000000000000000e R14: 00007ffce35491f0 R15: 00005584216e6170 [ 1038.976158][ T38] [ 1038.976222][ T38] INFO: task syz-executor:11884 blocked for more than 143 seconds. [ 1038.976238][ T38] Tainted: G L syzkaller #0 [ 1038.976248][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1038.976257][ T38] task:syz-executor state:D stack:21776 pid:11884 tgid:11884 ppid:11875 task_flags:0x400140 flags:0x00080000 [ 1038.976298][ T38] Call Trace: [ 1038.976304][ T38] [ 1038.976315][ T38] __schedule+0x1709/0x5530 [ 1038.976362][ T38] ? __pfx___schedule+0x10/0x10 [ 1038.976396][ T38] rt_mutex_schedule+0x76/0xf0 [ 1038.976420][ T38] rt_mutex_slowlock_block+0x55c/0x680 [ 1038.976459][ T38] rt_mutex_slowlock+0x2d4/0x780 [ 1038.976479][ T38] ? rt_mutex_slowlock+0x1f2/0x780 [ 1038.976497][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 1038.976513][ T38] ? rt_mutex_slowunlock+0x4ee/0xa20 [ 1038.976550][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1038.976575][ T38] ? rtnl_net_dev_lock+0x257/0x2f0 [ 1038.976594][ T38] mutex_lock_nested+0x168/0x1d0 [ 1038.976618][ T38] ? rtnl_net_dev_lock+0x257/0x2f0 [ 1038.976639][ T38] ? rtnl_net_dev_lock+0x36/0x2f0 [ 1038.976658][ T38] rtnl_net_dev_lock+0x257/0x2f0 [ 1038.976681][ T38] register_netdevice_notifier_dev_net+0x33/0x240 [ 1038.976707][ T38] nsim_create+0xce2/0x1150 [ 1038.976738][ T38] __nsim_dev_port_add+0x7f8/0xcd0 [ 1038.976759][ T38] ? do_raw_spin_unlock+0xf5/0x210 [ 1038.976788][ T38] ? __pfx___nsim_dev_port_add+0x10/0x10 [ 1038.976817][ T38] ? __mod_timer+0xb8f/0xf10 [ 1038.976878][ T38] ? queue_delayed_work_on+0x171/0x1e0 [ 1038.976929][ T38] nsim_dev_port_add_all+0x37/0xf0 [ 1038.976955][ T38] nsim_drv_probe+0x8d6/0xc00 [ 1038.976985][ T38] ? __pfx_nsim_drv_probe+0x10/0x10 [ 1038.977033][ T38] ? kernfs_put+0x7bc/0x820 [ 1038.977061][ T38] ? sysfs_do_create_link_sd+0xe0/0x110 [ 1038.977083][ T38] ? driver_sysfs_add+0x1fe/0x210 [ 1038.977104][ T38] ? __pfx_nsim_bus_probe+0x10/0x10 [ 1038.977128][ T38] really_probe+0x254/0xae0 [ 1038.977152][ T38] __driver_probe_device+0x1e8/0x360 [ 1038.977173][ T38] driver_probe_device+0x4f/0x240 [ 1038.977196][ T38] __device_attach_driver+0x270/0x410 [ 1038.977220][ T38] bus_for_each_drv+0x25b/0x2f0 [ 1038.977243][ T38] ? __pfx___device_attach_driver+0x10/0x10 [ 1038.977262][ T38] ? __pfx_bus_for_each_drv+0x10/0x10 [ 1038.977283][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 1038.977304][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1038.977332][ T38] __device_attach+0x2c7/0x450 [ 1038.977354][ T38] ? __pfx___device_attach+0x10/0x10 [ 1038.977383][ T38] device_initial_probe+0xa1/0xd0 [ 1038.977404][ T38] bus_probe_device+0x12d/0x220 [ 1038.977431][ T38] device_add+0x7d7/0xb80 [ 1038.977459][ T38] new_device_store+0x37b/0x710 [ 1038.977482][ T38] ? __pfx_new_device_store+0x10/0x10 [ 1038.977502][ T38] ? sysfs_file_kobj+0x1a/0x230 [ 1038.977528][ T38] ? sysfs_file_kobj+0x1e4/0x230 [ 1038.977553][ T38] ? sysfs_kf_write+0x166/0x260 [ 1038.977574][ T38] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1038.977590][ T38] kernfs_fop_write_iter+0x3a5/0x540 [ 1038.977618][ T38] vfs_write+0x61e/0xbb0 [ 1038.977650][ T38] ? __pfx_vfs_write+0x10/0x10 [ 1038.977675][ T38] ? do_sys_openat2+0x14e/0x200 [ 1038.977692][ T38] ? kmem_cache_free+0x187/0x6c0 [ 1038.977755][ T38] ksys_write+0x156/0x270 [ 1038.977781][ T38] ? __pfx_ksys_write+0x10/0x10 [ 1038.977811][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.977831][ T38] do_syscall_64+0x174/0x580 [ 1038.977854][ T38] ? clear_bhb_loop+0x40/0x90 [ 1038.977876][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.977893][ T38] RIP: 0033:0x7ff75faad68e [ 1038.977908][ T38] RSP: 002b:00007ffd105f7c08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1038.977926][ T38] RAX: ffffffffffffffda RBX: 0000555570e1c500 RCX: 00007ff75faad68e [ 1038.977939][ T38] RDX: 0000000000000003 RSI: 00007ffd105f7c90 RDI: 0000000000000005 [ 1038.977950][ T38] RBP: 00007ff75fb83716 R08: 0000000000000000 R09: 0000000000000000 [ 1038.977962][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1038.977973][ T38] R13: 00007ffd105f7c90 R14: 00007ff760894620 R15: 0000000000000003 [ 1038.978002][ T38] [ 1038.978026][ T38] [ 1038.978026][ T38] Showing all locks held in the system: [ 1038.978037][ T38] 4 locks held by ktimers/1/30: [ 1038.978048][ T38] #0: ffffffff8de591a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 1038.978128][ T38] #1: ffffffff8dfc3040 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 1038.978168][ T38] #2: ffff8880b87284f8 (&base->softirq_expiry_lock){+...}-{3:3}, at: hrtimer_run_softirq+0x7f/0x260 [ 1038.978213][ T38] #3: ffffffff8dfc3040 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 1038.978254][ T38] 1 lock held by khungtaskd/38: [ 1038.978264][ T38] #0: ffffffff8dfc3040 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1038.978312][ T38] 3 locks held by kworker/u8:2/43: [ 1038.978322][ T38] #0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 [ 1038.978369][ T38] #1: ffffc90000b57c60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 [ 1038.978416][ T38] #2: ffffffff8f3883b8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 1038.978474][ T38] 2 locks held by kworker/u8:12/1448: [ 1038.978484][ T38] #0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 [ 1038.978530][ T38] #1: ffffc9000693fc60 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 [ 1038.978589][ T38] 2 locks held by dhcpcd/5270: [ 1038.978599][ T38] #0: ffffffff8f3f9020 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1038.978639][ T38] #1: ffffffff8f3883b8 (rtnl_mutex){+.+.}-{4:4}, at: nl80211_pre_doit+0x5e/0x8b0 [ 1038.978686][ T38] 2 locks held by getty/5365: [ 1038.978696][ T38] #0: ffff888034ea50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1038.978743][ T38] #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x460/0x1360 [ 1038.978787][ T38] 2 locks held by sshd-session/5595: [ 1038.978797][ T38] #0: ffff88803830e1d8 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x21/0x50 [ 1038.978841][ T38] #1: ffffffff8e109dd0 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 1038.978908][ T38] 3 locks held by syz-executor/5612: [ 1038.978918][ T38] #0: ffffffff8e095db0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x10f/0x480 [ 1038.978958][ T38] #1: ffff88803178e2b0 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x16e/0x1d40 [ 1038.979001][ T38] #2: ffff88813fe70430 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x256/0x1d40 [ 1038.979051][ T38] 3 locks held by kworker/0:5/5734: [ 1038.979060][ T38] #0: ffff88813fe4a538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 [ 1038.979109][ T38] #1: ffffc900059b7c60 ((gc_work).work){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 [ 1038.979161][ T38] #2: ffffffff8eac8f78 ("ratelimiter_table_lock"){+.+.}-{3:3}, at: wg_ratelimiter_gc_entries+0x5d/0x470 [ 1038.979216][ T38] 4 locks held by kworker/u8:24/11189: [ 1038.979226][ T38] #0: ffff88801b696138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 [ 1038.979273][ T38] #1: ffffc90006d3fc60 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 [ 1038.979319][ T38] #2: ffffffff8f378d80 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf5/0x810 [ 1038.979362][ T38] #3: ffffffff8dfc9230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x530 [ 1038.979405][ T38] 7 locks held by syz-executor/11884: [ 1038.979415][ T38] #0: ffff888035f1c500 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x231/0xbb0 [ 1038.979463][ T38] #1: ffff8880376f4c78 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1d9/0x540 [ 1038.979508][ T38] #2: ffff88802933bb48 (kn->active#53){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x22c/0x540 [ 1038.979557][ T38] #3: ffffffff8ebfd378 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: new_device_store+0x13c/0x710 [ 1038.979599][ T38] #4: ffff888031907160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 1038.979640][ T38] #5: ffff888026198310 (&devlink->lock_key#8){+.+.}-{4:4}, at: nsim_drv_probe+0xfc/0xc00 [ 1038.979688][ T38] #6: ffffffff8f3883b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x257/0x2f0 [ 1038.979731][ T38] 2 locks held by syz-executor/11985: [ 1038.979742][ T38] #0: ffffffff8f8c8a78 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 1038.979790][ T38] #1: ffffffff8f3883b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a3/0x1bd0 [ 1038.979834][ T38] 1 lock held by syz.2.1512/12177: [ 1038.979844][ T38] #0: ffffffff8dfc3040 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0x8f/0x2550 [ 1038.979917][ T38] 4 locks held by syz.4.1513/12178: [ 1038.979927][ T38] #0: ffffffff8f2e6838 (register_mutex#4){+.+.}-{4:4}, at: odev_release+0x4e/0x80 [ 1038.979979][ T38] #1: ffff8880399f39e8 (&q->timer_mutex){+.+.}-{4:4}, at: snd_seq_queue_delete+0x59/0xf0 [ 1038.980022][ T38] #2: ffffffff8f2d1678 (register_mutex){+.+.}-{4:4}, at: snd_timer_close+0x39/0xc0 [ 1038.980062][ T38] #3: ffff888031618948 (_T->lock){....}-{2:2}, at: rt_mutex_slowunlock+0xbf/0xa20 [ 1038.980102][ T38] [ 1038.980106][ T38] ============================================= [ 1038.980106][ T38] [ 1038.980121][ T38] NMI backtrace for cpu 0 [ 1038.980135][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1038.980159][ T38] Tainted: [L]=SOFTLOCKUP [ 1038.980165][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1038.980175][ T38] Call Trace: [ 1038.980182][ T38] [ 1038.980188][ T38] dump_stack_lvl+0xe8/0x150 [ 1038.980212][ T38] nmi_cpu_backtrace+0x274/0x2d0 [ 1038.980231][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1038.980279][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x380 [ 1038.980300][ T38] sys_info+0x135/0x170 [ 1038.980323][ T38] watchdog+0xfd7/0x1030 [ 1038.980350][ T38] ? watchdog+0x1c7/0x1030 [ 1038.980377][ T38] kthread+0x388/0x470 [ 1038.980398][ T38] ? __pfx_watchdog+0x10/0x10 [ 1038.980416][ T38] ? __pfx_kthread+0x10/0x10 [ 1038.980438][ T38] ret_from_fork+0x514/0xb70 [ 1038.980462][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1038.980483][ T38] ? __switch_to+0xc89/0x1420 [ 1038.980504][ T38] ? __pfx_kthread+0x10/0x10 [ 1038.980526][ T38] ret_from_fork_asm+0x1a/0x30 [ 1038.980562][ T38] [ 1038.980574][ T38] Sending NMI from CPU 0 to CPUs 1: [ 1038.980601][ C1] NMI backtrace for cpu 1 [ 1038.980621][ C1] CPU: 1 UID: 0 PID: 12178 Comm: syz.4.1513 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1038.980643][ C1] Tainted: [L]=SOFTLOCKUP [ 1038.980649][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1038.980657][ C1] RIP: 0010:preempt_count_add+0x0/0x190 [ 1038.980675][ C1] Code: be e0 0e 00 00 e8 20 7e 9d 00 e9 70 ff ff ff e9 d3 fe ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 41 57 41 56 53 49 bf 00 00 00 00 00 fc ff df 48 c7 c0 [ 1038.980688][ C1] RSP: 0018:ffffc90004be7ad0 EFLAGS: 00000286 [ 1038.980701][ C1] RAX: 0000000080000000 RBX: 00000000000055f2 RCX: 0000000000000000 [ 1038.980712][ C1] RDX: 0000000000000219 RSI: ffffffff8baa5560 RDI: 0000000000000001 [ 1038.980722][ C1] RBP: 0000000000000001 R08: ffffffff8f8c6cf7 R09: 1ffffffff1f18d9e [ 1038.980732][ C1] R10: dffffc0000000000 R11: ffffffff8b2e5c40 R12: ffff8880600d1e00 [ 1038.980743][ C1] R13: ffff8880600d1e10 R14: 00000219dc0db922 R15: 00000000000035e4 [ 1038.980754][ C1] FS: 0000555562b26500(0000) GS:ffff888125fd4000(0000) knlGS:0000000000000000 [ 1038.980767][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1038.980778][ C1] CR2: 00007fe4dfbfd710 CR3: 000000003a528000 CR4: 00000000003526f0 [ 1038.980792][ C1] DR0: ffffffffffffffff DR1: 00000000000001f7 DR2: 00000000ffffffff [ 1038.980803][ C1] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1038.980813][ C1] Call Trace: [ 1038.980819][ C1] [ 1038.980824][ C1] delay_tsc+0x65/0xc0 [ 1038.980841][ C1] snd_timer_close_locked+0x435/0xbd0 [ 1038.980857][ C1] ? mutex_lock_nested+0x152/0x1d0 [ 1038.980879][ C1] ? snd_timer_close+0x39/0xc0 [ 1038.980894][ C1] snd_timer_close+0x44/0xc0 [ 1038.980907][ C1] snd_seq_timer_close+0x8a/0xc0 [ 1038.980927][ C1] snd_seq_queue_delete+0x8d/0xf0 [ 1038.980945][ C1] snd_seq_oss_release+0x1e9/0x330 [ 1038.980960][ C1] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 1038.980981][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1038.980999][ C1] ? lockdep_hardirqs_on+0x7a/0x110 [ 1038.981016][ C1] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1038.981033][ C1] ? mutex_lock_nested+0x152/0x1d0 [ 1038.981054][ C1] ? odev_release+0x4e/0x80 [ 1038.981075][ C1] ? __pfx_odev_release+0x10/0x10 [ 1038.981095][ C1] odev_release+0x56/0x80 [ 1038.981115][ C1] __fput+0x42a/0xa80 [ 1038.981135][ C1] task_work_run+0x1d9/0x270 [ 1038.981155][ C1] ? __pfx_task_work_run+0x10/0x10 [ 1038.981178][ C1] exit_to_user_mode_loop+0x1fa/0x730 [ 1038.981199][ C1] ? rcu_is_watching+0x15/0xb0 [ 1038.981214][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.981229][ C1] do_syscall_64+0x353/0x580 [ 1038.981248][ C1] ? clear_bhb_loop+0x40/0x90 [ 1038.981264][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.981279][ C1] RIP: 0033:0x7f974b75ce59 [ 1038.981293][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1038.981305][ C1] RSP: 002b:00007fffbd963968 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1038.981320][ C1] RAX: 0000000000000000 RBX: 00007f974b9d7da0 RCX: 00007f974b75ce59 [ 1038.981330][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1038.981340][ C1] RBP: 00007f974b9d7da0 R08: 0000000000000006 R09: 0000000000000000 [ 1038.981350][ C1] R10: 00007f974b9d7cb0 R11: 0000000000000246 R12: 00000000000d762d [ 1038.981360][ C1] R13: 00007f974b9d618c R14: 00000000000d74a8 R15: 00007f974b9d6180 [ 1038.981379][ C1] [ 1038.981602][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 1038.981619][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1038.981644][ T38] Tainted: [L]=SOFTLOCKUP [ 1038.981650][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1038.981659][ T38] Call Trace: [ 1038.981666][ T38] [ 1038.981673][ T38] vpanic+0x56c/0xa60 [ 1038.981700][ T38] ? __pfx_vpanic+0x10/0x10 [ 1038.981731][ T38] panic+0xc5/0xd0 [ 1038.981753][ T38] ? __pfx_panic+0x10/0x10 [ 1038.981779][ T38] ? wq_watchdog_touch+0xf9/0x160 [ 1038.981804][ T38] ? nmi_trigger_cpumask_backtrace+0x247/0x380 [ 1038.981827][ T38] watchdog+0x1030/0x1030 [ 1038.981856][ T38] ? watchdog+0x1c7/0x1030 [ 1038.981884][ T38] kthread+0x388/0x470 [ 1038.981904][ T38] ? __pfx_watchdog+0x10/0x10 [ 1038.981923][ T38] ? __pfx_kthread+0x10/0x10 [ 1038.981946][ T38] ret_from_fork+0x514/0xb70 [ 1038.981969][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1038.981990][ T38] ? __switch_to+0xc89/0x1420 [ 1038.982012][ T38] ? __pfx_kthread+0x10/0x10 [ 1038.982033][ T38] ret_from_fork_asm+0x1a/0x30 [ 1038.982070][ T38] [ 1038.982343][ T38] Kernel Offset: disabled