last executing test programs: 15.605553566s ago: executing program 0 (id=17943): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000009380)=[{&(0x7f0000006f40)="d529f28981dc56d34e626ec70afef5ac85cccd3d5b5ad8d0375a3737f4d551faf0a67e16de35a73020042c87332d38b46e9a004c0bb7b645796845f3b133dcb3649407130478d319045927f892f48c69e1ed970cc8922bf91373ffcf73ec1d9f80b6967a617794e089effba2f8b19398ddf3138a66bb9d574d8f4bce9c4b7f21a6e4ee47f935c76cf05dbd4fb7e6e0864781baaae864a11ff1e719afd4014155f61987eb350b4d7ac791f4", 0xab}, {&(0x7f0000007000)="5824e9e1de71619e3571eed803", 0xd}], 0x2}}], 0x1, 0x0) 13.989351726s ago: executing program 0 (id=17953): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0x0, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0x7, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) 13.682461255s ago: executing program 0 (id=17957): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001700)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "a1f485b37af9eefde52f735f41242ba4a9fba7658e4d1a7c8fc5e5087ec92dfb16c99d4c0b07069b820db8f8730c68c283036c3fabbc9866c5e34856f8357d46f1214c5631dbef5281d8bfecc36e9948c81b25b563c4a5712ad57e4e76f7678971b302f378010920efeb9c1ff88cc5db8f8c77ef7873f6c16b460abb6477a3c4c661db7f04030a25b67efa0fd608928a93a41b8528c815fa9a3c9c59dffc466487c5243e0442b70343589b2abc0c48128f36cc2417b6a6054a87121a12f550e1d1a3bef258b7e1ed24c8b67d49cea7bbd78f11307bdfed61e528edaafcbc27c80d47d5fdb94cc60565f2df8045d43bc29d5e4ab978b32a2f7bfe58bdf4b97bdd"}, @TCA_RED_PARMS={0x14, 0x1, {0x616bdbc7, 0x3, 0x6, 0x15, 0x18, 0x4, 0x1}}]}}]}, 0x148}}, 0x0) 13.392152763s ago: executing program 0 (id=17960): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x400e, &(0x7f0000000280)={[{@i_version}, {@nobh}, {@data_err_ignore}, {@nolazytime}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@acl}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents64(r0, 0xfffffffffffffffe, 0x29) 12.778544859s ago: executing program 0 (id=17968): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x1, @fixed, 0x0, 0x1}, 0xe) bind$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x1, @any, 0x0, 0x1}, 0xe) 10.078530458s ago: executing program 0 (id=17995): r0 = syz_io_uring_setup(0x5ad, &(0x7f0000000100), &(0x7f0000000000), &(0x7f0000000000)) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup2(r0, r1) io_uring_register$IORING_UNREGISTER_FILES(r2, 0x3, 0x0, 0x20) 7.479581738s ago: executing program 1 (id=18012): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000340)={r1, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x1f4, 0x2c}, 0x9c) 7.304912304s ago: executing program 1 (id=18014): r0 = syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x181801) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x94}}, 0x0) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000100)) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000040)=ANY=[]) 7.253386375s ago: executing program 1 (id=18015): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x1018e58, &(0x7f0000000140)={[{@acl}, {@noload}, {@auto_da_alloc}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x4}}, {@norecovery}, {}, {@bsdgroups}]}, 0x6, 0x652, &(0x7f0000002580)="$eJzs3U9oHF8dAPDvzGbzS9L4SysiNigGPLQgTZNarHqxrQd7KFiwBxEPDU1SQ7d/SFKwtWACHhQURLwW6UXw7F169yZC9eZZqCIVC1q6P2Z2ttlsZrNJmuwm2c8HNjvz5m3e++7bt/NmZ99OAANrKvuTRpyOeHcriZho2TYejY1TRb7X/356O7slUa9/919JJEVaM39S3J8oVkYi4s9XIz5d2VruyuMnd+dq9YafRJxfvffw/MrjJ+eW7s3dWbizcH/2wtcuXpr5+uzF2ZaK7t2J4v7a9e98/pc//eFXF/9SO5fE5bhZ/fF8tMWxX6ZiKt4VIbamD0XEpWyh5Hk5ao5BCAOtUrweqxHx2ZiISr7WMBFLv+hr5YADVa9E1LeXdMsAHFW6Nwyq5jigeWxffhyctK3f7MHIpDdeXWkcAG2Nf6j4yGEkPzYae520HBk1Pts4uQ/lZ2W8fTry7O3TyWex6XOIN+9bZ2gfyulkbT0iPlcWf5LX7WQeaRZ/uulYP3tFzETEcFG/b31AHVpfXQfxOcx2dhN/azukEXG5uM/Sr+6x/PaPtXodPwCD6cWVYke+lq1t7P+ysUdz/BMl45/xDz8lk+v3/q/z+K+5vx/Jxz1p2zgsG7PcKP+X1faEv//82q87ld8Y/00+a96y8ptjwV54tR4x2Rb/z7Jgi/FPFn9S0v5ZlluXd1bGt1/+81qnbf2Ov/484kzp8c/GqDRb2ub85PnFpdrCTONvaRl//NMPftep/PL4PzqASMtl7T/WIf6W9k/bH5c9Jw/L/+V6e8Ifbjy/16n88a7tn/5jOGkcbw4XKT9aX11dno0YTq4XWYr0udXV5Qvbx9vI86ae38824j/7pfL+v+n13xbVaPMtcwcefu/u607b9vL6bzmZ/K6+wzp0ksU/3739t/T/LO1XOyzjv99/9IVO2zrHX82f4xJb3l8BAAAAAACAhjQ/B5uk0++X03R6ujFf9jMxltYerKx+efHBo/vzEWfz70NW00iT/CsjE431ZHGptjBbfB+2uX6hbf0rEXEqIn5TGc3Xp28/qM33O3gAAAAAAAAAAAAAAAAAAAA4JE4U8/+b16n+T6Ux/x8YEN0vMLfl+g/AMXGQF5gEDre8/2+3i/+4d3UBesv+HwbXXvv/yD7XA+g9+38YXPo/DC79HwaX/g+Da2i93zUA+sX+HwAAAACOpVNffPG3JCLWvjGa3zLDxTaTfuF4q+4qd+XA6gH0nh4Ng+v9qX+DfRg4Oxr//6/4ccCDrw7QB0lZYj44qG/f+V+UPnKDrxYDAAAAAAAAAAAAwL45c7rz/P/dzQ0GjhrT/mBwfcD8fz8dAEecn/6HweUYH+gyi7/zpf67zf8HAAAAAAAAAAAAAPbNeH5L0uliLvB4pOn0dMSnIuJkVJPFpdrCTER8HBF/rVQ/ytZn+11pAAAAAAAAAAAAAAAAAAAAOGZWHj+5O1erLSy3Lvx/S0oPF37/MqLHhTavgto9c30HebZd+Gbs8lGR9L4JRqPnTdDDhaGWlCRiLWv5Q1Gx5ZU4HNXIF/r8xgQAAAAAAAAAAAAAAAAAAAOoZe5xucnf9rhGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANB7G9f/77IwP9Z4wI4yb17od4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNH0SQAAAP//Kbg8mA==") quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x9d}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)) 6.41435221s ago: executing program 1 (id=18022): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x4c}}, 0x0) 5.072591562s ago: executing program 2 (id=18032): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'dummy0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="00070000000000001c0012800b0001006d616373656300000c00028005000f000000000008000500", @ANYRES32=r1], 0x44}}, 0x0) 4.426830689s ago: executing program 4 (id=18036): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0x15, &(0x7f0000000a40)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x45}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e86c0d85ff9782762f0800", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.257964482s ago: executing program 4 (id=18037): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r0, 0x1000) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000740)={r0}, 0x4) 4.07012901s ago: executing program 4 (id=18038): r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) write$sequencer(r1, &(0x7f0000000000), 0xca80) write$FUSE_INIT(r1, 0x0, 0x0) 3.955697888s ago: executing program 4 (id=18039): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x34, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x18, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x30]}, @NL80211_TXRATE_HT={0x6, 0x2, [{}]}]}]}]}, 0x34}}, 0x0) 2.783263593s ago: executing program 1 (id=18045): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000c00)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.661423683s ago: executing program 2 (id=18046): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14}}, 0x68}, 0x1, 0x0, 0x0, 0x44810}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a01080000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) 2.57376225s ago: executing program 4 (id=18047): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) accept4$unix(r1, 0x0, 0x0, 0x0) 2.544545407s ago: executing program 3 (id=18048): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffc000/0x2000)=nil, 0x2000}}) 2.37866988s ago: executing program 2 (id=18049): syz_usb_connect(0x0, 0x24, &(0x7f0000001380)=ANY=[@ANYBLOB="12010000f66e6b401aeb50e3faf8000000010902"], 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r0 = socket(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x8, &(0x7f0000001e00)=""/102400, &(0x7f0000000040)=0x19000) 2.342596985s ago: executing program 4 (id=18051): unshare(0x62040200) r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000001f00)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000540)="850d4c0af31fc9cbcadbbbec02dc0df53e51183ee8371e666df8405d3b10f5c87aeed80702ce3d06eb9c054b5c59822c7324c506d1509122cb785cf9c09a476d33b0d466c08c901c424063de4a685ecac0da6ff01567", 0x56}], 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c"], 0x30, 0x40000}, {&(0x7f00000001c0)=@in={0x2, 0x4e21, @multicast1}, 0x10, &(0x7f0000000840)=[{0x0}, {&(0x7f0000000240)}, {&(0x7f0000000640)="c21312502fbe3db8b7ec29ac8f98993b5422d44fecfdd055960669c0b16eff78524018ede366d22b2c778feb068f5144de46fcdaa71b9cb5ed20da5793185bbc1afbff6b089fd15695a1d8d1e7213e95fc9e35ad138d9be1f795866603505b00559b7d320e5140de8a8d9c123cb7b953694f11b2001e9a06aa8314bddffa38c96d28fb7d2f0f9c732833cef5fca8a263e690f9622537e6e0011bdf79074c3d8f130ae8e4ab20371c048e96dc5e64a4a79ecdd9841a62dc2453ee84a6fa12575905eb1eb4efa4497dad642129d8661431d114def1fe578741216943da2a0465b7b1a14c3191057fb67f5e8448f75825441b", 0xf1}, {&(0x7f0000000380)}], 0x4, &(0x7f00000008c0)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x200, 0x7, 0x2}}, @dstaddrv6={0x20, 0x84, 0x8, @mcast1}, @authinfo={0x18, 0x84, 0x6, {0x7}}], 0x58, 0x80}], 0x2, 0x0) 2.219962081s ago: executing program 3 (id=18052): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/wireless\x00') read$FUSE(r0, &(0x7f0000000880)={0x2020}, 0x5df) preadv2(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)=""/185, 0xb9}], 0x1, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000012400)={0x2020}, 0x2020) 1.985837814s ago: executing program 5 (id=18053): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000640)=ANY=[@ANYBLOB='b'], 0xa) 1.726825711s ago: executing program 3 (id=18054): pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet(0x2, 0x2, 0x88) splice(r0, 0x0, r2, 0x0, 0xe8, 0x0) write$binfmt_aout(r1, 0x0, 0x120) 1.709640725s ago: executing program 2 (id=18055): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x0, @empty}], 0x10) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000140)=0x2, 0x4) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x1e, &(0x7f0000000280)=0x7fff, 0x4) 1.562200086s ago: executing program 3 (id=18056): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x2, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x90) 1.488616259s ago: executing program 5 (id=18057): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000040)={0x0, 0xc862, 0x60}) 1.404964585s ago: executing program 2 (id=18058): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x3c1, 0x3, 0x300, 0x0, 0x150, 0x150, 0x140, 0x0, 0x230, 0x238, 0x206, 0x230, 0x238, 0x7fffffe, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1_to_team\x00', 'xfrm0\x00'}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x360) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) mmap$snddsp_control(&(0x7f0000ffb000/0x2000)=nil, 0x1000, 0x4000001, 0x8011, r1, 0x83000000) 1.303133568s ago: executing program 3 (id=18059): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) sendmsg$NFC_CMD_LLC_GET_PARAMS(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r2, 0x509}, 0x14}}, 0x0) 1.243400283s ago: executing program 2 (id=18060): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_LIMIT={0x4, 0x7}]}}]}, 0x3c}}, 0x0) 1.100388403s ago: executing program 3 (id=18061): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000800)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3000000071000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="0c00018008000100000004000c0002"], 0x30}}, 0x0) 887.22424ms ago: executing program 5 (id=18062): syz_mount_image$nilfs2(&(0x7f0000000040), &(0x7f0000000300)='./file2\x00', 0x10, &(0x7f00000002c0)=ANY=[], 0x1, 0xab5, &(0x7f0000000340)="$eJzs3U2MW0cBAOCxd73JtilxSkKXNDQJhbb8dNNslvATQVIlQiJqKsSlUsUlStMSEYJEkYCqEklO3GhVBYkTP+LUS1UQEr2gqCculWikCqmnwoEDURCVOJRAYhR7xmtP7Dzb2fVbx98njcfz5j3PvOfn5/c7E4CpVW2+Li8vVEK48MYrR/7x0N/nbww52B6j3nyd7UjVQgiVmJ7NPu+9mVZ87f0XT/SKK2Gp+ZrS4ckr7WnvDiGcDbvCxVAP2y9cevmtpSeOnTt6fvfbrx64vDZzDwAA0+XrFw8sb/vrn+/fcvW1Bw6FDe3haf+8HtOb4n7/objjn/b/q6E7XekIneay8WZjqM53jzfTY7zOcmrZeLN9yp/Lyq/1GW9DuHX5Mx3Des03TLK0HtdDpbrYla5WFxdbx+SheVw/V1k8c+r0s8+XVFFg1f17ZwhhV0c4fL47vd7CwXVQhxFDYx3UYSLDofGVdbXRUvo8jyk0Npe9BQJoya8X3uRsfmbh9rQ/bXaw8q88Xu09PayCca//Q5U/V3L5Qfm/OWeLw+q5U9emNF/pd7QppvPrCPn9S/1/f/mVju6h+fWI2oD17HcdYVKuL/Sr58yY6zGqfvXP14s71ZdjnJbDV7pyd3b9fvLvdFK+Y6C3D/Lz/4IgrO8QutK12/msRsnbH2D9yu+ba6Tro1F+X1+ev6Egf2NB/nxB/l0F+XcX5MM0+933fxpeqqyc78qP6Yc9H57Os90T4w8NWZ/8fOSw5ef3/Q7rdsvP7yeG9ewPx586+YVnnr7Uuv+/0l7/r8f1PR1u1ONv62IcIZ0vzM+rt+/9r3eXU+0z3r1Zfe7pMX7z/dbu8SpbVz4ndGxnbqrHQvd0m/uNt6N7vHo23nwMG7P65vsnd2XTpf2PtF1Ny2s2m99aNh9zWT3SdmVLjPN6wCjS+tjv/v+0fi6EWuXZU6dPPhbTaT3900xtw43he8dcb+D2Dfr8z0Lofv5nU3t4rdq5Xdi8MrzS2i68Hj+ve/hSu5zu4ftiOv3PfWtmvjl88cR3Tz+z+rMPU+35H73w7eOnT5/8njcjv/nq+qjGMG/SYct6qY83w77ZtdZFlLxhAtbcnh+3dgIePfWd48+dfO7kmX379+9bWtr/xX3Le5r79Xs69+47nS2htsBqWvnTL7smAAAAAAAAAAAAwKB+cPTIpXfe/Py7ref/V57/S8//pzt/0/P/P8me/8+fk0/PwafnALf0yG+OkzWwOpeNV4vhw1l9t2blbMum+0iM2/34xef/U3F5u66pPvdlw2t9kllzAje1lzKXtUGS9xf48Rifj/GvA5SoMt97cIxv0b515YOOdT21T9HRLkVD+8CTI31vzbWho0mj9Px3z3adOr7sLWOoI6tvHE8slj2PQG//nKr2v/+1MuOl10XoH2bHW97Pp3edaPTdSx+0BxuA1VF2/5/pvGeKz/zxaxtvhDTalce7t5d5+6UwjL+8051e7/1PrnX5eb994y6/7Pkfd/+f7f7vBt7+ZT3m1Ucr9z+/uPxuR7Fh+6Dl5/Of2oHeOlz5V2P5aW4eDoOV3/hVVn5+QWhA/83Kv2vA8m+a/x2jlf+/WH5abI88OGj5rRpXqt31mM/mI13/y88bJ9ey+U9te96i/G+80Gv+R+yo8XosH6bZpPQzO6xsP6K90z56/7/R2dXt/7dd2Wyzlt+H8bmYThvidJ9D3t/JsPVP91ek/4Ft2edXCv7f9P872b4U46LfQ+r/N62P9fiX35FuLsuUrvVYtnfqtgYm1XtTdf1vXOFy6zBotOk3ll9/YYjQmBlhunY/cSXXv9ForO0JrQKlFk7py7/s44Syyy97+RfJ+//N9+Hz/n/z/Lz/3zw/7/83z5+P31C//Lz/33x55v3/5vn3ZZ+b9w+8UJD/0YL87b3z24ft9xdMv6Mg/2MF+bvb+Qe7xkj5DxRMv7Mg/96C/AcL8j9RkP/JgvyHCvIf6cjv7AM65X+qYPo7XXoeZVrnH6ZZ/nye3z9Mj3T9p9/vf2tBPjC5fvba3sNP//ab9dbz/3Pt8yHpOt6hmK7F46cfxnR+3Tt0pG/kvRnTf8vy1/v5DpgmefsZ+f/7wwX5wORK93n5fcMUqmzsPTjGRe1W9dvPZ7J8OsafifFnY/xojBdjvCfGe2O8NKb6sTYOv/77Ay9VVo73N2f5g95Pnj8P1NVOVAhh34D1yc8PDHs/e96O37But/wRHwcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoTbX5ury8UAnhwhuvHHnq2Kk9N4YcbI9Rb77OdqRq7elCeCzGMzH+ZXxz7f0XT3TG12NcCUuhEirt4eHJK+2S7g4hnA27wsVQD9svXHr5raUnjp07en73268euLx2SwAAAADufP8PAAD//9gqEKY=") truncate(&(0x7f0000000100)='./file1\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x80186e83, &(0x7f0000000080)={@desc={0x40002, 0x0, @desc1}}) 814.385161ms ago: executing program 1 (id=18063): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f00000000c0)=@newqdisc={0x94, 0x24, 0xf0b, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x1, 0x9}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x64, 0x2, {{0x0, 0x0, 0x6c, 0x0, 0x0, 0xbfffffff}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x92, 0x0, 0x0, 0x0, 0x3}}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x4, 0x3ff, 0x3, 0x2}}]}]}}}]}, 0x94}, 0x1, 0x0, 0x0, 0x2004c0c4}, 0x0) 455.229645ms ago: executing program 5 (id=18064): r0 = socket$inet6(0xa, 0x3, 0x3c) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100001"], 0x98}}, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) 206.42262ms ago: executing program 5 (id=18065): open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0) clock_adjtime(0xffffffd3, &(0x7f0000000340)={0x6}) 0s ago: executing program 5 (id=18066): bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = io_uring_setup(0x7bda, &(0x7f0000000080)) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x18, 0x20000009, r1) kernel console output (not intermixed with test programs): ty change from 0 to 512 [ 1538.502175][T10460] syz.4.16455[10460] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1538.502371][T10460] syz.4.16455[10460] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1538.585672][T10458] evm: overlay not supported [ 1538.770096][T10463] loop4: detected capacity change from 0 to 256 [ 1538.820066][T10463] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 1539.502420][T10476] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16462'. [ 1539.766538][T10484] loop1: detected capacity change from 0 to 128 [ 1539.819364][T10484] VFS: Found a Xenix FS (block size = 512) on device loop1 [ 1539.990270][T10493] netlink: 9 bytes leftover after parsing attributes in process `syz.3.16469'. [ 1540.036702][ T5332] sysv_free_block: trying to free block not in datazone [ 1540.038889][T10493] lo: Caught tx_queue_len zero misconfig [ 1540.046058][ T5332] sysv_free_block: trying to free block not in datazone [ 1540.076071][T10495] loop4: detected capacity change from 0 to 64 [ 1540.081173][ T5332] sysv_free_block: trying to free block not in datazone [ 1540.096949][T10495] hfs: unable to parse mount options [ 1540.101035][ T5332] sysv_free_block: trying to free block not in datazone [ 1540.109175][ T5332] sysv_free_block: trying to free block not in datazone [ 1540.182534][ T5332] sysv_free_block: trying to free block not in datazone [ 1540.189515][ T5332] sysv_free_block: trying to free block not in datazone [ 1540.231055][ T5332] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 1540.548744][T10508] loop1: detected capacity change from 0 to 512 [ 1540.673297][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 1540.698206][T10508] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1540.771612][T10508] ext4 filesystem being mounted at /2993/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1540.830985][ T5382] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 1541.019070][ T5382] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1541.028485][ T935] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1541.050900][ T5382] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1541.081330][ T5382] usb 5-1: config 0 descriptor?? [ 1541.090383][ T5332] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1541.100359][ T5382] cp210x 5-1:0.0: cp210x converter detected [ 1541.287613][ T935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1541.349588][ T935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1541.411699][ T935] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1541.440139][ T935] usb 6-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00 [ 1541.467065][ T935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1541.550484][ T5382] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1541.565651][ T935] usb 6-1: config 0 descriptor?? [ 1541.637983][ T5382] usb 5-1: cp210x converter now attached to ttyUSB0 [ 1541.682037][T10540] loop1: detected capacity change from 0 to 128 [ 1541.813372][ T5491] udevd[5491]: symlink '../../loop1' '/dev/disk/by-label/SYZKALLER.tmp-b7:1' failed: Read-only file system [ 1541.829173][ T5382] usb 5-1: USB disconnect, device number 41 [ 1541.853870][ T5382] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1541.899163][ T5491] udevd[5491]: symlink '../../loop1' '/dev/disk/by-uuid/1DD9-F30B.tmp-b7:1' failed: Read-only file system [ 1541.924576][ T5382] cp210x 5-1:0.0: device disconnected [ 1542.086032][ T935] redragon 0003:0C45:760B.00A6: hidraw0: USB HID v0.00 Device [HID 0c45:760b] on usb-dummy_hcd.5-1/input0 [ 1542.132201][T10551] IPVS: sh: TCP 172.20.20.170:0 - no destination available [ 1542.400282][ T5410] usb 6-1: USB disconnect, device number 6 [ 1542.602941][T10563] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16501'. [ 1542.864702][T10570] netlink: 12 bytes leftover after parsing attributes in process `syz.3.16503'. [ 1543.600146][T10594] netlink: 24 bytes leftover after parsing attributes in process `syz.2.16516'. [ 1543.774386][T10599] loop0: detected capacity change from 0 to 64 [ 1543.923812][ T5327] udevd[5327]: symlink '../../loop0' '/dev/disk/by-label/untitled.tmp-b7:0' failed: Read-only file system [ 1544.572202][T10616] overlayfs: failed to create directory ./file0/work (errno: 13); mounting read-only [ 1544.608545][T10616] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 1544.685714][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 1544.754672][T10623] loop4: detected capacity change from 0 to 1024 [ 1544.793688][T10623] hfsplus: bad catalog entry type [ 1544.796410][T10586] loop3: detected capacity change from 0 to 32768 [ 1544.851333][T10586] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.16512 (10586) [ 1544.866542][ T52] hfsplus: b-tree write err: -5, ino 4 [ 1544.983858][T10586] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1545.028586][T10586] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm [ 1545.060363][T10586] BTRFS info (device loop3): using free-space-tree [ 1545.087538][T10630] netlink: 8 bytes leftover after parsing attributes in process `syz.4.16531'. [ 1545.370381][T10650] ALSA: mixer_oss: invalid OSS volume '' [ 1545.432482][T25674] Bluetooth: hci9: sending frame failed (-49) [ 1545.444856][ T5336] Bluetooth: hci9: Opcode 0x1003 failed: -49 [ 1545.523879][ T5329] udevd[5329]: symlink '../../loop3' '/dev/disk/by-uuid/395ef67a-297e-477c-816d-cd80a5b93e5d.tmp-b7:3' failed: Read-only file system [ 1545.546088][ T5334] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1546.266072][T10668] netlink: 'syz.3.16543': attribute type 6 has an invalid length. [ 1546.319738][T10668] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.16543'. [ 1546.581174][ T5410] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 1546.815248][ T5410] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1546.850970][ T5410] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1546.921325][ T5410] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1546.981483][ T5410] usb 2-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 1547.031268][ T5410] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1547.091479][ T5410] usb 2-1: config 0 descriptor?? [ 1547.382625][T10690] netem: change failed [ 1547.548608][ T5410] wacom 0003:056A:0094.00A7: unknown main item tag 0x0 [ 1547.616235][ T5410] wacom 0003:056A:0094.00A7: unknown main item tag 0x0 [ 1547.660896][ T5410] wacom 0003:056A:0094.00A7: unknown main item tag 0x0 [ 1547.681348][ T5410] wacom 0003:056A:0094.00A7: unknown main item tag 0x0 [ 1547.688252][ T5410] wacom 0003:056A:0094.00A7: unknown main item tag 0x0 [ 1547.725853][ T5410] wacom 0003:056A:0094.00A7: unknown main item tag 0x0 [ 1547.748683][ T5410] wacom 0003:056A:0094.00A7: unknown main item tag 0x0 [ 1547.800006][ T5410] wacom 0003:056A:0094.00A7: Using device in hidraw-only mode [ 1547.840578][ T5410] wacom 0003:056A:0094.00A7: hidraw0: USB HID v0.00 Device [HID 056a:0094] on usb-dummy_hcd.1-1/input0 [ 1547.912385][T10701] loop3: detected capacity change from 0 to 16 [ 1547.921059][ T5410] usb 2-1: USB disconnect, device number 46 [ 1547.984987][T10701] erofs: (device loop3): mounted with root inode @ nid 36. [ 1548.032510][ T5491] udevd[5491]: symlink '../../loop3' '/dev/disk/by-uuid/dc99752b-953d-459c-b2db-a5c46e0e7dba.tmp-b7:3' failed: Read-only file system [ 1548.069133][T10701] syz.3.16558: attempt to access beyond end of device [ 1548.069133][T10701] loop3: rw=0, sector=8, nr_sectors = 32 limit=16 [ 1549.531641][T10732] program syz.4.16572 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1550.492396][T10751] loop4: detected capacity change from 0 to 1024 [ 1550.510011][T10751] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1550.562890][T10751] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1550.611906][ T5327] udevd[5327]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 1550.723519][T10751] EXT4-fs error (device loop4): __ext4_new_inode:1070: comm syz.4.16582: reserved inode found cleared - inode=18 [ 1550.827648][ T8327] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1550.861318][ T5459] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 1551.044529][ T5459] usb 2-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 1551.064851][ T5459] usb 2-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 1551.091034][ T5459] usb 2-1: Manufacturer: syz [ 1551.111820][ T5459] usb 2-1: config 0 descriptor?? [ 1551.554805][ T5459] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 1551.711895][T10774] netlink: 12 bytes leftover after parsing attributes in process `syz.5.16590'. [ 1551.756268][ T5459] gs_usb 2-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 1551.788449][ T5459] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -22 [ 1551.993143][ T5459] usb 2-1: USB disconnect, device number 47 [ 1552.088942][ T52] Bluetooth: hci9: Frame reassembly failed (-84) [ 1552.118733][ T52] Bluetooth: hci9: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 1552.809665][T10789] netlink: 12 bytes leftover after parsing attributes in process `syz.0.16597'. [ 1553.571618][T10807] loop0: detected capacity change from 0 to 256 [ 1553.679128][T10807] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1553.806634][T10811] netlink: 'syz.2.16608': attribute type 1 has an invalid length. [ 1554.121331][ T5336] Bluetooth: hci9: Opcode 0x1003 failed: -110 [ 1554.128571][T25674] Bluetooth: hci9: command 0x1003 tx timeout [ 1554.538567][T10835] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16619'. [ 1555.675329][T10863] loop0: detected capacity change from 0 to 1024 [ 1555.854032][ T5327] udevd[5327]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 1555.962343][T10863] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1556.548445][ T802] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1557.829701][T10896] loop1: detected capacity change from 0 to 256 [ 1557.858039][T10896] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62239f2, utbl_chksum : 0xe619d30d) [ 1558.252328][T10904] netlink: 12 bytes leftover after parsing attributes in process `syz.1.16648'. [ 1558.780405][ T5336] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1558.793004][ T5336] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1558.813051][ T5336] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1558.837243][ T5336] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1558.848046][ T5336] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1558.856337][ T5336] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1558.956166][T10920] netlink: 'syz.1.16654': attribute type 6 has an invalid length. [ 1559.046254][T10916] lo speed is unknown, defaulting to 1000 [ 1559.415730][T10932] loop1: detected capacity change from 0 to 256 [ 1559.506722][T10932] exFAT-fs (loop1): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 1559.770369][T10916] chnl_net:caif_netlink_parms(): no params data found [ 1559.935478][T10936] netlink: 186996 bytes leftover after parsing attributes in process `syz.1.16660'. [ 1559.985450][T10936] netlink: 22856 bytes leftover after parsing attributes in process `syz.1.16660'. [ 1560.319124][T10916] bridge0: port 1(bridge_slave_0) entered blocking state [ 1560.347060][T10916] bridge0: port 1(bridge_slave_0) entered disabled state [ 1560.362476][T10916] bridge_slave_0: entered allmulticast mode [ 1560.386549][T10916] bridge_slave_0: entered promiscuous mode [ 1560.404766][T10941] lo speed is unknown, defaulting to 1000 [ 1560.405106][T10916] bridge0: port 2(bridge_slave_1) entered blocking state [ 1560.440977][ T5459] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 1560.444122][T10916] bridge0: port 2(bridge_slave_1) entered disabled state [ 1560.486307][T10916] bridge_slave_1: entered allmulticast mode [ 1560.524348][T10916] bridge_slave_1: entered promiscuous mode [ 1560.626117][ T5459] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1560.647600][ T5459] usb 2-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 1560.676924][ T5459] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1560.761217][ T5459] usb 2-1: config 0 descriptor?? [ 1560.786768][ T5459] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1560.880277][T10916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1560.921420][ T5336] Bluetooth: hci9: command tx timeout [ 1560.952896][T10948] loop0: detected capacity change from 0 to 1024 [ 1560.953914][T10916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1561.123436][ T5327] udevd[5327]: symlink '../../loop0' '/dev/disk/by-label/untitled.tmp-b7:0' failed: Read-only file system [ 1561.182153][ T5327] udevd[5327]: symlink '../../loop0' '/dev/disk/by-uuid/06db47fa-2d76-30cf-a5fe-21149ac7af4a.tmp-b7:0' failed: Read-only file system [ 1561.253220][T10948] hfsplus: walked past end of dir [ 1561.312308][T10916] team0: Port device team_slave_0 added [ 1561.378836][T10916] team0: Port device team_slave_1 added [ 1561.401778][ T5410] usb 2-1: USB disconnect, device number 48 [ 1561.790939][T10916] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1561.800369][T10916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1561.910923][T10916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1561.942310][T10916] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1561.949272][T10916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1561.991959][T10916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1562.070353][T25674] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 1562.082736][T25674] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 1562.091265][T25674] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 1562.102275][T25674] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 1562.114046][T25674] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 1562.132482][T25674] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 1562.276646][T10966] loop0: detected capacity change from 0 to 256 [ 1562.403059][T10966] FAT-fs (loop0): Directory bread(block 64) failed [ 1562.413006][T10966] FAT-fs (loop0): Directory bread(block 65) failed [ 1562.441232][T10966] FAT-fs (loop0): Directory bread(block 66) failed [ 1562.470977][T10966] FAT-fs (loop0): Directory bread(block 67) failed [ 1562.477622][T10966] FAT-fs (loop0): Directory bread(block 68) failed [ 1562.498531][T10966] FAT-fs (loop0): Directory bread(block 69) failed [ 1562.521175][T10966] FAT-fs (loop0): Directory bread(block 70) failed [ 1562.527719][T10966] FAT-fs (loop0): Directory bread(block 71) failed [ 1562.547981][T10966] FAT-fs (loop0): Directory bread(block 72) failed [ 1562.568860][T10966] FAT-fs (loop0): Directory bread(block 73) failed [ 1562.576533][T10916] hsr_slave_0: entered promiscuous mode [ 1562.614395][T10916] hsr_slave_1: entered promiscuous mode [ 1562.681032][T10916] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1562.695062][T10916] Cannot create hsr debugfs directory [ 1562.731912][T10972] netlink: 20 bytes leftover after parsing attributes in process `syz.5.16671'. [ 1562.836077][T10960] lo speed is unknown, defaulting to 1000 [ 1562.854180][T10966] syz.0.16670: attempt to access beyond end of device [ 1562.854180][T10966] loop0: rw=1, sector=1224, nr_sectors = 32 limit=256 [ 1562.914407][T10966] syz.0.16670: attempt to access beyond end of device [ 1562.914407][T10966] loop0: rw=1, sector=1288, nr_sectors = 44 limit=256 [ 1563.001271][T25674] Bluetooth: hci9: command tx timeout [ 1563.625299][T10997] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1563.726646][T11001] netlink: 'syz.1.16687': attribute type 29 has an invalid length. [ 1563.836427][T11006] netlink: 'syz.1.16687': attribute type 29 has an invalid length. [ 1563.871364][T11001] netlink: 'syz.1.16687': attribute type 29 has an invalid length. [ 1564.201180][T25674] Bluetooth: hci10: command tx timeout [ 1564.247274][T10916] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1564.621265][T10916] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1564.831073][ T5459] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 1564.898905][T10916] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1564.913188][T11030] loop0: detected capacity change from 0 to 256 [ 1564.980724][T10960] chnl_net:caif_netlink_parms(): no params data found [ 1565.064398][ T5459] usb 2-1: Using ep0 maxpacket: 32 [ 1565.083153][T25674] Bluetooth: hci9: command tx timeout [ 1565.093707][ T5459] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 1565.110990][ T5459] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 1565.128277][ T5459] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1565.136820][ T5459] usb 2-1: Product: syz [ 1565.141343][ T5459] usb 2-1: Manufacturer: syz [ 1565.145956][ T5459] usb 2-1: SerialNumber: syz [ 1565.159770][ T5459] usb 2-1: config 0 descriptor?? [ 1565.185909][T11025] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1565.208487][ T5459] hub 2-1:0.0: bad descriptor, ignoring hub [ 1565.227635][ T5459] hub 2-1:0.0: probe with driver hub failed with error -5 [ 1565.269153][ T5459] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input138 [ 1565.328362][T10916] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1565.442984][T11025] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1565.503999][T11025] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1565.537561][ T5459] usb 2-1: USB disconnect, device number 49 [ 1565.537622][ C1] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 1565.883108][T10960] bridge0: port 1(bridge_slave_0) entered blocking state [ 1565.900545][T10960] bridge0: port 1(bridge_slave_0) entered disabled state [ 1565.925272][T10960] bridge_slave_0: entered allmulticast mode [ 1565.951233][T10960] bridge_slave_0: entered promiscuous mode [ 1565.977723][T10960] bridge0: port 2(bridge_slave_1) entered blocking state [ 1565.988012][T10960] bridge0: port 2(bridge_slave_1) entered disabled state [ 1565.996226][T10960] bridge_slave_1: entered allmulticast mode [ 1566.004831][T10960] bridge_slave_1: entered promiscuous mode [ 1566.213795][T10960] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1566.276762][T10916] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1566.281045][T25674] Bluetooth: hci10: command tx timeout [ 1566.313869][T10960] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1566.359411][T10916] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1566.617777][T10916] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1566.774079][T10960] team0: Port device team_slave_0 added [ 1566.802130][T10916] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1566.862680][T10960] team0: Port device team_slave_1 added [ 1567.042476][T10960] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1567.072534][T10960] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1567.123743][T10960] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1567.143560][T10960] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1567.150673][T10960] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1567.161429][T25674] Bluetooth: hci9: command tx timeout [ 1567.189592][T10960] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1567.461289][T10960] hsr_slave_0: entered promiscuous mode [ 1567.501431][T10960] hsr_slave_1: entered promiscuous mode [ 1567.511364][T10960] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1567.518965][T10960] Cannot create hsr debugfs directory [ 1568.262215][ T25] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 1568.289041][T10916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1568.361611][T25674] Bluetooth: hci10: command tx timeout [ 1568.491754][ T25] usb 6-1: Using ep0 maxpacket: 16 [ 1568.509129][T10960] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1568.536160][ T25] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1568.560607][ T25] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 5, skipping [ 1568.589188][ T25] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1568.689280][ T25] usb 6-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=15.7a [ 1568.720449][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1568.763661][ T25] usb 6-1: Product: syz [ 1568.767945][ T25] usb 6-1: Manufacturer: syz [ 1568.830020][ T25] usb 6-1: SerialNumber: syz [ 1568.837805][ T25] usb 6-1: config 0 descriptor?? [ 1568.854635][T10960] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1568.882352][ T25] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1568.957152][T11096] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16726'. [ 1568.999024][T10916] 8021q: adding VLAN 0 to HW filter on device team0 [ 1569.040600][ T25] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1569.152192][ T5490] udevd[5490]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1569.286560][ T25] usb 6-1: USB disconnect, device number 7 [ 1569.298268][T10960] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1569.409206][ T1115] bridge0: port 1(bridge_slave_0) entered blocking state [ 1569.416419][ T1115] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1569.445464][ T1115] bridge0: port 2(bridge_slave_1) entered blocking state [ 1569.452695][ T1115] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1569.622980][T10960] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1570.059562][T10960] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1570.096042][T10960] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1570.126368][T10960] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1570.161740][T11116] netlink: 4 bytes leftover after parsing attributes in process `syz.2.16734'. [ 1570.345358][T10960] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1570.441081][T25674] Bluetooth: hci10: command tx timeout [ 1570.471560][T10916] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1570.816097][T10916] veth0_vlan: entered promiscuous mode [ 1570.885710][T10960] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1570.916809][T10916] veth1_vlan: entered promiscuous mode [ 1570.992635][T10960] 8021q: adding VLAN 0 to HW filter on device team0 [ 1571.074543][T22615] bridge0: port 1(bridge_slave_0) entered blocking state [ 1571.081777][T22615] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1571.123839][T22615] bridge0: port 2(bridge_slave_1) entered blocking state [ 1571.131059][T22615] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1571.266814][T11141] loop1: detected capacity change from 0 to 64 [ 1571.317915][T10916] veth0_macvtap: entered promiscuous mode [ 1571.391386][T10916] veth1_macvtap: entered promiscuous mode [ 1571.509931][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.561513][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.595465][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.626656][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.658671][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.680320][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.699842][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.724816][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.753283][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.782383][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.806874][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.829039][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.852984][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.870691][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.898740][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.930029][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.951828][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.976919][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1572.031935][T10916] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1572.105579][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1572.170888][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1572.208401][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1572.240510][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1572.291583][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1572.316473][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1572.350186][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1572.367151][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1572.377500][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1572.423613][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1572.454865][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1572.486654][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1572.517918][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1572.551449][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1572.571346][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1572.590810][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1572.611125][T10916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1572.634961][T10916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1572.683110][T10916] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1572.763128][T10916] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1572.802202][T10916] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1572.830928][T10916] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1572.850382][T10916] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1572.909873][T10960] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1573.339724][T11176] netlink: 16 bytes leftover after parsing attributes in process `syz.0.16759'. [ 1573.445636][ T1115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1573.471233][ T1115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1573.599202][T11177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1573.643616][T11177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1574.323224][T10960] veth0_vlan: entered promiscuous mode [ 1574.447472][T10960] veth1_vlan: entered promiscuous mode [ 1574.499582][T11195] binder: 11194:11195 ioctl c0306201 200002c0 returned -14 [ 1574.554864][T11197] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16766'. [ 1574.584083][T11197] netlink: 12 bytes leftover after parsing attributes in process `syz.3.16766'. [ 1574.642965][T11197] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 1574.777794][T10960] veth0_macvtap: entered promiscuous mode [ 1574.827487][T10960] veth1_macvtap: entered promiscuous mode [ 1574.886528][T11179] loop1: detected capacity change from 0 to 40427 [ 1574.905032][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1574.938653][T11179] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1574.966985][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1574.978229][T11179] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1575.019295][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1575.037416][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1575.066451][T11179] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1575.081113][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1575.108422][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:1' failed: Read-only file system [ 1575.117301][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1575.161839][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1575.205178][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1575.235737][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1575.267173][T11179] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1575.279284][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1575.294285][T11179] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1575.313390][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1575.354695][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1575.375098][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1575.396074][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1575.438006][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1575.439366][T11216] Process accounting resumed [ 1575.459425][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1575.481937][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1575.510249][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1575.534522][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1575.559286][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1575.586810][T10960] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1575.638985][T11211] sch_fq: defrate 0 ignored. [ 1575.713444][T11218] team_slave_0: entered promiscuous mode [ 1575.720547][T11218] team_slave_1: entered promiscuous mode [ 1575.729792][T11218] syz_tun: entered promiscuous mode [ 1575.762295][T11218] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1575.794103][T11218] team0: Device macvlan2 is already an upper device of the team interface [ 1575.815093][T11218] team_slave_0: left promiscuous mode [ 1575.820682][T11218] team_slave_1: left promiscuous mode [ 1575.826621][T11218] syz_tun: left promiscuous mode [ 1576.184682][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1576.213341][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1576.249953][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1576.310321][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1576.361877][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1576.404243][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1576.424576][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1576.442963][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1576.453333][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1576.470877][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1576.490533][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1576.511854][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1576.533064][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1576.552234][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1576.575039][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1576.606946][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1576.628130][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1576.665775][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1576.732270][T10960] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1576.791049][T10960] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1576.813680][T10960] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1576.858735][T10960] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1576.885526][T10960] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1576.922019][T10960] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1576.980981][T10960] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1577.149307][T11243] loop1: detected capacity change from 0 to 64 [ 1577.267539][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-label/untitled.tmp-b7:1' failed: Read-only file system [ 1577.488715][ T1115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1577.530923][ T1115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1577.689528][ T1290] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1577.699873][ T1290] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1578.516035][T11278] netlink: 'syz.5.16795': attribute type 6 has an invalid length. [ 1578.766325][T11288] netlink: 'syz.4.16803': attribute type 1 has an invalid length. [ 1578.801114][T11288] netlink: 9312 bytes leftover after parsing attributes in process `syz.4.16803'. [ 1578.810343][T11288] netlink: 'syz.4.16803': attribute type 1 has an invalid length. [ 1579.135922][T11298] loop4: detected capacity change from 0 to 256 [ 1580.104027][T11317] sctp: [Deprecated]: syz.1.16815 (pid 11317) Use of int in maxseg socket option. [ 1580.104027][T11317] Use struct sctp_assoc_value instead [ 1581.316726][T11348] netlink: 312 bytes leftover after parsing attributes in process `syz.3.16830'. [ 1581.642908][T11327] loop4: detected capacity change from 0 to 32768 [ 1581.703076][T11327] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.16822 (11327) [ 1581.798098][T11327] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1581.838554][ T5327] udevd[5327]: symlink '../../loop4' '/dev/disk/by-uuid/c9fe44da-de57-406a-8241-57ec7d4412cf.tmp-b7:4' failed: Read-only file system [ 1581.864003][T11327] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 1581.894174][T11327] BTRFS info (device loop4): using free-space-tree [ 1582.172865][T11358] sctp: [Deprecated]: syz.1.16832 (pid 11358) Use of int in max_burst socket option. [ 1582.172865][T11358] Use struct sctp_assoc_value instead [ 1582.457056][T11387] binder: 11386:11387 ioctl c018620b 0 returned -14 [ 1582.509335][T11391] netlink: 32 bytes leftover after parsing attributes in process `syz.1.16840'. [ 1582.646316][T10960] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1586.115324][T11492] sctp: [Deprecated]: syz.1.16880 (pid 11492) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1586.115324][T11492] Use struct sctp_sack_info instead [ 1586.692961][ T5459] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 1586.890843][ T5459] usb 2-1: Using ep0 maxpacket: 16 [ 1586.899272][ T5459] usb 2-1: config 0 has an invalid descriptor of length 115, skipping remainder of the config [ 1586.941212][ T5459] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1586.972314][ T5459] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 101, changing to 10 [ 1587.010784][ T5459] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24675, setting to 1024 [ 1587.050804][ T5459] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1587.106363][ T5459] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1587.133019][ T5459] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1587.167301][ T5459] usb 2-1: Manufacturer: syz [ 1587.193538][ T5459] usb 2-1: config 0 descriptor?? [ 1587.207328][ T5459] mceusb 2-1:0.0: mceusb_dev_probe: device setup failed! [ 1587.256126][ T5459] mceusb 2-1:0.0: probe with driver mceusb failed with error -12 [ 1587.289752][ T5459] usbhid 2-1:0.0: can't add hid device: -22 [ 1587.313488][ T5459] usbhid 2-1:0.0: probe with driver usbhid failed with error -22 [ 1587.345041][T11526] cifs: Unknown parameter 'mode' [ 1587.410858][ T350] usb 2-1: USB disconnect, device number 50 [ 1587.892508][T11543] loop4: detected capacity change from 0 to 8 [ 1587.930098][T11543] SQUASHFS error: Unable to read directory block [631:26] [ 1588.855561][T11573] loop1: detected capacity change from 0 to 512 [ 1588.919003][T11573] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.16911: casefold flag without casefold feature [ 1588.962486][T11573] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.16911: couldn't read orphan inode 15 (err -117) [ 1588.983047][T11573] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1589.042164][T11573] EXT4-fs warning (device loop1): ext4_empty_dir:3096: inode #2: comm syz.1.16911: directory missing '.' [ 1589.150038][ T5329] udevd[5329]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 1589.164845][ T5332] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1589.392901][T11589] loop1: detected capacity change from 0 to 1024 [ 1589.474895][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-label/untitled.tmp-b7:1' failed: Read-only file system [ 1589.569210][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-uuid/06db47fa-2d76-30cf-a5fe-21149ac7af4a.tmp-b7:1' failed: Read-only file system [ 1589.736492][T11595] loop1: detected capacity change from 0 to 2048 [ 1589.808115][T11595] Alternate GPT is invalid, using primary GPT. [ 1589.816992][T11595] loop1: p1 p2 p3 [ 1589.899182][ T5491] udevd[5491]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 1589.899477][ T5327] udevd[5327]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 1589.924936][ T5329] udevd[5329]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 1590.252042][T11604] loop4: detected capacity change from 0 to 2048 [ 1590.323809][T11610] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1590.333115][ T5327] udevd[5327]: symlink '../../loop4' '/dev/disk/by-uuid/1a95d291-cd32-4c4d-814a-8221d1aa3beb.tmp-b7:4' failed: Read-only file system [ 1590.730997][T11616] netlink: 'syz.2.16930': attribute type 15 has an invalid length. [ 1590.757011][T11618] program syz.4.16931 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1591.073666][T11624] loop4: detected capacity change from 0 to 512 [ 1591.110274][T11624] EXT4-fs: Ignoring removed bh option [ 1591.163081][T11624] EXT4-fs error (device loop4): __ext4_iget:4985: inode #15: block 1803188595: comm syz.4.16934: invalid block [ 1591.191844][T11624] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.16934: couldn't read orphan inode 15 (err -117) [ 1591.206500][T11624] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1591.236050][ T5327] udevd[5327]: symlink '../../loop4' '/dev/disk/by-label/\x86\x5b.tmp-b7:4' failed: Read-only file system [ 1591.285335][T10960] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1591.446315][T11633] loop4: detected capacity change from 0 to 128 [ 1591.519762][T11635] loop0: detected capacity change from 0 to 512 [ 1591.571342][T11635] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1591.626936][ T5327] udevd[5327]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system [ 1591.724728][T11635] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1591.802919][T11635] ext4 filesystem being mounted at /638/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1591.855681][T11607] loop1: detected capacity change from 0 to 40427 [ 1591.871810][T11635] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 1591.907795][T11607] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1591.945488][T11644] loop4: detected capacity change from 0 to 1024 [ 1591.975950][T11607] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1592.035282][T11607] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1592.109249][ T5491] udevd[5491]: symlink '../../loop4' '/dev/disk/by-label/untitled.tmp-b7:4' failed: Read-only file system [ 1592.203049][ T802] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1592.231532][ T1115] hfsplus: b-tree write err: -5, ino 4 [ 1592.351044][T11607] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1592.358463][T11607] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1592.608377][T11662] loop4: detected capacity change from 0 to 64 [ 1593.082779][T11669] kernel profiling enabled (shift: 0) [ 1593.928455][T11675] ip6gretap1: entered allmulticast mode [ 1595.369857][T11669] syz.4.16953: vmalloc error: size 738197504, failed to allocated page array size 1441792, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1595.470846][T11669] CPU: 0 UID: 0 PID: 11669 Comm: syz.4.16953 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1595.481801][T11669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1595.491900][T11669] Call Trace: [ 1595.495237][T11669] [ 1595.498211][T11669] dump_stack_lvl+0x241/0x360 [ 1595.502956][T11669] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1595.508213][T11669] ? __pfx__printk+0x10/0x10 [ 1595.512863][T11669] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 1595.519347][T11669] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1595.525078][T11669] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 1595.531632][T11669] warn_alloc+0x278/0x410 [ 1595.536036][T11669] ? __pfx_warn_alloc+0x10/0x10 [ 1595.540941][T11669] ? profile_init+0xb1/0x100 [ 1595.545589][T11669] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1595.551265][T11669] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1595.556931][T11669] ? __get_vm_area_node+0x23d/0x270 [ 1595.562185][T11669] __vmalloc_node_range_noprof+0x6a2/0x1400 [ 1595.568105][T11669] ? _printk+0xd5/0x120 [ 1595.572330][T11669] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1595.578700][T11669] ? rcu_is_watching+0x15/0xb0 [ 1595.583518][T11669] ? rcu_is_watching+0x15/0xb0 [ 1595.588320][T11669] ? profile_init+0xb1/0x100 [ 1595.592949][T11669] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1595.598186][T11669] vzalloc_noprof+0x79/0x90 [ 1595.602725][T11669] ? profile_init+0xb1/0x100 [ 1595.607346][T11669] profile_init+0xb1/0x100 [ 1595.611813][T11669] profiling_store+0x6c/0xf0 [ 1595.616461][T11669] kernfs_fop_write_iter+0x3a3/0x500 [ 1595.621796][T11669] vfs_write+0xa74/0xc90 [ 1595.626082][T11669] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1595.631936][T11669] ? __pfx_vfs_write+0x10/0x10 [ 1595.636725][T11669] ? do_futex+0x392/0x560 [ 1595.641106][T11669] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1595.646799][T11669] ksys_write+0x1a0/0x2c0 [ 1595.651168][T11669] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1595.656855][T11669] ? __pfx_ksys_write+0x10/0x10 [ 1595.661748][T11669] ? do_syscall_64+0x100/0x230 [ 1595.666542][T11669] ? do_syscall_64+0xb6/0x230 [ 1595.671243][T11669] do_syscall_64+0xf3/0x230 [ 1595.675780][T11669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1595.681714][T11669] RIP: 0033:0x7fcd8657def9 [ 1595.686153][T11669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1595.705799][T11669] RSP: 002b:00007fcd872a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1595.714272][T11669] RAX: ffffffffffffffda RBX: 00007fcd86735f80 RCX: 00007fcd8657def9 [ 1595.722288][T11669] RDX: 0000000000000048 RSI: 0000000020000280 RDI: 0000000000000003 [ 1595.730305][T11669] RBP: 00007fcd865f09f6 R08: 0000000000000000 R09: 0000000000000000 [ 1595.738314][T11669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1595.746314][T11669] R13: 0000000000000000 R14: 00007fcd86735f80 R15: 00007ffeb027b9f8 [ 1595.754338][T11669] [ 1596.210993][T11669] Mem-Info: [ 1596.214381][T11669] active_anon:16806 inactive_anon:0 isolated_anon:0 [ 1596.214381][T11669] active_file:8593 inactive_file:111271 isolated_file:2 [ 1596.214381][T11669] unevictable:767 dirty:247 writeback:0 [ 1596.214381][T11669] slab_reclaimable:25396 slab_unreclaimable:119384 [ 1596.214381][T11669] mapped:44094 shmem:7798 pagetables:1164 [ 1596.214381][T11669] sec_pagetables:0 bounce:0 [ 1596.214381][T11669] kernel_misc_reclaimable:0 [ 1596.214381][T11669] free:1137775 free_pcp:2754 free_cma:0 [ 1596.389643][T11669] Node 0 active_anon:64420kB inactive_anon:0kB active_file:34372kB inactive_file:445612kB unevictable:1536kB isolated(anon):0kB isolated(file):8kB mapped:176376kB dirty:984kB writeback:0kB shmem:28656kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11720kB pagetables:4756kB sec_pagetables:0kB all_unreclaimable? no [ 1596.480855][T11669] Node 1 active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1532kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1596.580903][T11669] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1596.631131][T11669] lowmem_reserve[]: 0 2467 2468 0 0 [ 1596.646774][T11669] Node 0 DMA32 free:577740kB boost:0kB min:34228kB low:42784kB high:51340kB reserved_highatomic:0KB active_anon:59900kB inactive_anon:0kB active_file:34372kB inactive_file:445668kB unevictable:1536kB writepending:1116kB present:3129332kB managed:2554984kB mlocked:0kB bounce:0kB free_pcp:22280kB local_pcp:20672kB free_cma:0kB [ 1596.705544][T11699] loop1: detected capacity change from 0 to 40427 [ 1596.725622][T11699] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1596.756381][T11699] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1596.786528][T11699] F2FS-fs (loop1): invalid crc value [ 1596.788703][T11669] lowmem_reserve[]: 0 0 0 0 0 [ 1596.836497][T11669] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:808kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 1596.872363][T11699] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1596.889113][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:1' failed: Read-only file system [ 1596.952234][T11669] lowmem_reserve[]: 0 0 0 0 0 [ 1596.990834][T11669] Node 1 Normal free:3949160kB boost:0kB min:55660kB low:69572kB high:83484kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1532kB writepending:4kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:2552kB local_pcp:504kB free_cma:0kB [ 1597.094302][T11699] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1597.100796][T11669] lowmem_reserve[]: 0 0 0 0 0 [ 1597.112058][T11669] Node 0 DMA: [ 1597.112219][T11699] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1597.112238][T11669] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1597.174467][T11669] Node 0 DMA32: 2*4kB (UE) 1*8kB (E) 85*16kB (UME) 106*32kB (ME) 175*64kB (UME) 38*128kB (UME) 15*256kB (UME) 34*512kB (UME) 170*1024kB (UME) 4*2048kB (UME) 86*4096kB (UM) = 576608kB [ 1597.238075][T11669] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 1597.286139][T11669] Node 1 Normal: 0*4kB 9*8kB (U) 10*16kB (U) 4*32kB (U) 4*64kB (UM) 8*128kB (U) 8*256kB (UM) 6*512kB (UM) 4*1024kB (U) 3*2048kB (UM) 960*4096kB (M) = 3949160kB [ 1597.323357][T11669] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1597.390166][T11669] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=1 hugepages_size=2048kB [ 1597.431313][T11669] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1597.451366][T22613] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1597.460816][T11669] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1597.485885][T22613] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 1597.500756][T11669] 126541 total pagecache pages [ 1597.530048][T11669] 1 pages in swap cache [ 1597.540155][T11669] Free swap = 124148kB [ 1597.545841][T11719] netlink: 'syz.3.16974': attribute type 25 has an invalid length. [ 1597.550276][T11669] Total swap = 124996kB [ 1597.571685][T11719] netlink: 'syz.3.16974': attribute type 8 has an invalid length. [ 1597.574651][T11669] 2097051 pages RAM [ 1597.610870][T11669] 0 pages HighMem/MovableOnly [ 1597.620758][T11669] 426967 pages reserved [ 1597.641442][T11669] 0 pages cma reserved [ 1597.970153][T10820] Bluetooth: hci8: command 0x0405 tx timeout [ 1598.137079][T11726] loop0: detected capacity change from 0 to 256 [ 1598.212835][T11726] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1599.204517][ T29] audit: type=1326 audit(2000000970.940:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11744 comm="syz.4.16985" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcd8657def9 code=0x0 [ 1600.352541][T11773] loop4: detected capacity change from 0 to 1024 [ 1600.632065][T11778] tun0: tun_chr_ioctl cmd 1074025678 [ 1600.651678][T11778] tun0: group set to 0 [ 1600.793747][T11785] loop4: detected capacity change from 0 to 1024 [ 1600.852868][T11788] bpf: Bad value for 'uid' [ 1600.880444][ T5327] udevd[5327]: symlink '../../loop4' '/dev/disk/by-label/untitled.tmp-b7:4' failed: Read-only file system [ 1600.882803][T11785] hfsplus: bad catalog folder thread [ 1600.923349][ T5327] udevd[5327]: symlink '../../loop4' '/dev/disk/by-uuid/06db47fa-2d76-30cf-a5fe-21149ac7af4a.tmp-b7:4' failed: Read-only file system [ 1601.588515][T11812] program syz.4.17016 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1601.828029][T11819] loop1: detected capacity change from 0 to 64 [ 1601.842509][T11818] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17020'. [ 1602.002405][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-label/untitled.tmp-b7:1' failed: Read-only file system [ 1602.102941][ T5332] hfs: node 4:3 still has 1 user(s)! [ 1602.299254][T11833] tipc: Resetting bearer [ 1602.612167][ T5383] IPVS: starting estimator thread 0... [ 1602.629842][T11845] IPVS: sed: SCTP 172.20.20.187:0 - no destination available [ 1602.701367][T11847] IPVS: using max 16 ests per chain, 38400 per kthread [ 1602.703242][T11854] loop4: detected capacity change from 0 to 512 [ 1602.814924][T11854] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1602.829177][T11854] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1602.857477][ T5327] udevd[5327]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 1602.883877][T11854] EXT4-fs: Remounting file system with no journal so ignoring journalled data option [ 1602.893942][T11854] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1602.941303][T11854] EXT4-fs error (device loop4): __ext4_remount:6491: comm syz.4.17036: Abort forced by user [ 1602.961999][T11854] EXT4-fs (loop4): Remounting filesystem read-only [ 1603.133071][T10960] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1603.147119][ T29] audit: type=1326 audit(2000000974.880:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11866 comm="syz.1.17042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eb8d7def9 code=0x7ffc0000 [ 1603.247427][ T29] audit: type=1326 audit(2000000974.880:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11866 comm="syz.1.17042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eb8d7def9 code=0x7ffc0000 [ 1603.361957][ T29] audit: type=1326 audit(2000000974.890:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11866 comm="syz.1.17042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9eb8d7def9 code=0x7ffc0000 [ 1603.501236][ T29] audit: type=1326 audit(2000000974.890:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11866 comm="syz.1.17042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eb8d7def9 code=0x7ffc0000 [ 1603.587362][ T29] audit: type=1326 audit(2000000974.890:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11866 comm="syz.1.17042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9eb8d7def9 code=0x7ffc0000 [ 1603.638448][ T29] audit: type=1326 audit(2000000974.970:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11866 comm="syz.1.17042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eb8d7def9 code=0x7ffc0000 [ 1603.740919][ T29] audit: type=1326 audit(2000000974.980:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11866 comm="syz.1.17042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eb8d7def9 code=0x7ffc0000 [ 1603.766890][T11879] loop1: detected capacity change from 0 to 1024 [ 1603.786309][ T29] audit: type=1326 audit(2000000974.980:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11866 comm="syz.1.17042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f9eb8d7def9 code=0x7ffc0000 [ 1603.863716][ T29] audit: type=1326 audit(2000000974.980:1516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11866 comm="syz.1.17042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eb8d7def9 code=0x7ffc0000 [ 1603.944187][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-label/untitled.tmp-b7:1' failed: Read-only file system [ 1603.982925][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-uuid/4da50ae9-7d30-3220-a998-cec1f675fd4a.tmp-b7:1' failed: Read-only file system [ 1604.032402][ T1290] hfsplus: b-tree write err: -5, ino 4 [ 1604.795650][T11894] netlink: 'syz.3.17053': attribute type 1 has an invalid length. [ 1605.849502][T11921] loop1: detected capacity change from 0 to 4096 [ 1605.883799][T11921] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1605.933115][T11926] program syz.3.17067 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1606.017860][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-label/쨙ಘ긓kaller.tmp-b7:1' failed: Read-only file system [ 1606.040807][T11921] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1606.088036][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-uuid/68CE0ED73BAA5F78.tmp-b7:1' failed: Read-only file system [ 1606.134014][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.536444][T11969] netlink: 104 bytes leftover after parsing attributes in process `syz.4.17088'. [ 1608.202004][T11989] netlink: 16 bytes leftover after parsing attributes in process `syz.2.17097'. [ 1608.418944][T11997] loop0: detected capacity change from 0 to 164 [ 1608.464393][T11997] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 1608.523281][ T5327] udevd[5327]: symlink '../../loop0' '/dev/disk/by-label/CDROM.tmp-b7:0' failed: Read-only file system [ 1608.553284][ T5327] udevd[5327]: symlink '../../loop0' '/dev/disk/by-uuid/2022-11-22-16-59-57-00.tmp-b7:0' failed: Read-only file system [ 1608.570125][T11997] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 1608.650944][ T5459] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 1608.862359][ T5459] usb 2-1: Using ep0 maxpacket: 8 [ 1608.910884][ T5459] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1608.930366][ T5459] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1608.964823][ T5459] usb 2-1: Product: syz [ 1608.969075][ T5459] usb 2-1: Manufacturer: syz [ 1609.021251][ T5459] usb 2-1: SerialNumber: syz [ 1609.042013][ T5459] usb 2-1: config 0 descriptor?? [ 1609.107471][T12019] netlink: 44 bytes leftover after parsing attributes in process `syz.2.17112'. [ 1609.300825][ T5459] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 1609.814446][T12037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17121'. [ 1609.905042][ T5459] usb write operation failed. (-71) [ 1609.946526][ T5459] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1610.007217][ T5459] dvbdev: DVB: registering new adapter (Terratec H7) [ 1610.045662][ T5459] usb 2-1: media controller created [ 1610.074539][ T5459] usb read operation failed. (-71) [ 1610.104737][ T5459] usb write operation failed. (-71) [ 1610.121652][ T5459] dvb_usb_az6007 2-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 1610.143637][ T5459] usb 2-1: USB disconnect, device number 51 [ 1611.298352][T12073] loop1: detected capacity change from 0 to 64 [ 1611.492495][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-label/untitled.tmp-b7:1' failed: Read-only file system [ 1612.279697][T12101] netlink: 129384 bytes leftover after parsing attributes in process `syz.3.17150'. [ 1612.491638][T12107] netlink: 'syz.4.17152': attribute type 32 has an invalid length. [ 1613.202714][T12080] loop0: detected capacity change from 0 to 32768 [ 1613.264017][T12080] XFS: noikeep mount option is deprecated. [ 1613.301153][T12080] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 1613.331531][T12080] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1613.385944][ T5327] udevd[5327]: symlink '../../loop0' '/dev/disk/by-uuid/bfdc47fc-10d8-4eed-a562-11a831b3f791.tmp-b7:0' failed: Read-only file system [ 1613.429338][T12129] loop1: detected capacity change from 0 to 4096 [ 1613.514726][T12129] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1613.588941][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system [ 1613.621989][T12144] sctp: [Deprecated]: syz.3.17165 (pid 12144) Use of int in maxseg socket option. [ 1613.621989][T12144] Use struct sctp_assoc_value instead [ 1613.662828][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-uuid/68CE0ED73BAA5F78.tmp-b7:1' failed: Read-only file system [ 1613.706437][T12129] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1613.732544][T12129] ntfs3: loop1: Failed to load $Extend (-22). [ 1613.772055][T12080] XFS (loop0): Ending clean mount [ 1613.778161][T12129] ntfs3: loop1: Failed to initialize $Extend. [ 1613.855147][T12080] XFS (loop0): User initiated shutdown received. [ 1613.907847][T12080] XFS (loop0): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0xe2/0x160 (fs/xfs/xfs_fsops.c:453). Shutting down filesystem. [ 1613.963398][T12080] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 1614.071378][T12155] netlink: 1 bytes leftover after parsing attributes in process `syz.2.17172'. [ 1614.084847][ T802] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1614.243187][T12157] netlink: 3084 bytes leftover after parsing attributes in process `syz.5.17171'. [ 1614.320911][T12157] netlink: 'syz.5.17171': attribute type 1 has an invalid length. [ 1614.420699][T12157] netlink: 193500 bytes leftover after parsing attributes in process `syz.5.17171'. [ 1614.579275][T12168] QAT: Invalid ioctl -805268450 [ 1614.951326][T12178] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 1614.958894][T12178] macvtap1: entered promiscuous mode [ 1614.985664][T12178] macvtap1: entered allmulticast mode [ 1615.003308][T12178] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 1615.287651][T12181] netlink: 12 bytes leftover after parsing attributes in process `syz.5.17181'. [ 1615.367452][T12191] loop1: detected capacity change from 0 to 2048 [ 1615.451372][T12191] NILFS (loop1): invalid segment: Checksum error in segment payload [ 1615.481918][T12191] NILFS (loop1): trying rollback from an earlier position [ 1615.522306][ T5327] udevd[5327]: symlink '../../loop1' '/dev/disk/by-uuid/33ea582e-c541-419d-a8ce-517211853ed2.tmp-b7:1' failed: Read-only file system [ 1615.553039][T12191] NILFS (loop1): recovery complete [ 1615.561728][T12198] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1616.202780][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 1616.202805][ T29] audit: type=1326 audit(2000000987.940:1518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12211 comm="syz.5.17194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67cf77def9 code=0x7ffc0000 [ 1616.321286][ T29] audit: type=1326 audit(2000000987.980:1519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12211 comm="syz.5.17194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67cf77def9 code=0x7ffc0000 [ 1616.442054][ T29] audit: type=1326 audit(2000000988.040:1520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12211 comm="syz.5.17194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67cf77def9 code=0x7ffc0000 [ 1616.466528][T12222] netlink: 'syz.0.17202': attribute type 10 has an invalid length. [ 1616.559035][ T29] audit: type=1326 audit(2000000988.090:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12211 comm="syz.5.17194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67cf77def9 code=0x7ffc0000 [ 1616.703264][ T29] audit: type=1326 audit(2000000988.220:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12211 comm="syz.5.17194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67cf77def9 code=0x7ffc0000 [ 1616.810847][ T29] audit: type=1326 audit(2000000988.220:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12211 comm="syz.5.17194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67cf77def9 code=0x7ffc0000 [ 1616.871840][ T29] audit: type=1326 audit(2000000988.220:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12211 comm="syz.5.17194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f67cf774ea7 code=0x7ffc0000 [ 1616.941279][ T29] audit: type=1326 audit(2000000988.220:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12211 comm="syz.5.17194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f67cf719869 code=0x7ffc0000 [ 1616.985382][ T5446] printk: udevd: 5 output lines suppressed due to ratelimiting [ 1617.080950][ T29] audit: type=1326 audit(2000000988.220:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12211 comm="syz.5.17194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f67cf774ea7 code=0x7ffc0000 [ 1617.210766][ T29] audit: type=1326 audit(2000000988.220:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12211 comm="syz.5.17194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f67cf719869 code=0x7ffc0000 [ 1617.745700][T12253] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17214'. [ 1618.045749][T12257] loop4: detected capacity change from 0 to 64 [ 1618.681267][T12268] netlink: 12 bytes leftover after parsing attributes in process `syz.4.17219'. [ 1618.840904][ T25] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 1619.031794][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 1619.049803][ T25] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 1619.071088][ T25] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1619.108290][ T25] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1619.132934][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1619.170918][ T25] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1619.203683][ T25] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1619.250896][ T25] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1619.287487][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1619.308900][ T25] usb 2-1: config 0 descriptor?? [ 1619.536236][ T25] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 52 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1619.742618][ T25] usb 2-1: USB disconnect, device number 52 [ 1619.767029][ T25] usblp0: removed [ 1619.987360][T12291] loop4: detected capacity change from 0 to 128 [ 1620.044038][T12291] VFS: Found a Xenix FS (block size = 512) on device loop4 [ 1620.085641][T12291] sysv_free_block: trying to free block not in datazone [ 1620.140229][T12291] sysv_count_free_blocks: free block count was -2041545929, correcting to 9 [ 1620.253189][T12291] sysv_count_free_inodes: unable to read inode table [ 1620.420890][T10960] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 1620.479472][T12301] program syz.1.17233 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1620.753106][T12305] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1620.848574][T12309] loop4: detected capacity change from 0 to 512 [ 1620.871898][T12309] EXT4-fs: Ignoring removed bh option [ 1620.916599][T12309] EXT4-fs error (device loop4): __ext4_iget:4985: inode #15: block 1803188595: comm syz.4.17238: invalid block [ 1620.961192][T12309] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.17238: couldn't read orphan inode 15 (err -117) [ 1620.975648][T12309] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1621.073571][T10960] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1621.369793][T12322] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 1621.813342][T12340] loop1: detected capacity change from 0 to 2048 [ 1621.845505][T12340] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 1621.870767][T12340] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1622.340326][T12356] loop0: detected capacity change from 0 to 512 [ 1622.563174][T12363] loop0: detected capacity change from 0 to 64 [ 1624.432798][ T29] kauditd_printk_skb: 34 callbacks suppressed [ 1624.432822][ T29] audit: type=1326 audit(2000000996.170:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12400 comm="syz.4.17281" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcd8657def9 code=0x0 [ 1625.203119][T12393] loop0: detected capacity change from 0 to 32768 [ 1625.237755][T12393] btrfs: Deprecated parameter 'usebackuproot' [ 1625.259258][T12393] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1625.301110][T12393] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.17275 (12393) [ 1625.361491][T12393] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1625.402873][T12393] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 1625.440310][T12393] BTRFS info (device loop0): using free-space-tree [ 1625.501907][T12426] netlink: 104 bytes leftover after parsing attributes in process `syz.3.17291'. [ 1625.592953][ T146] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xdd624956 level 0 [ 1625.674502][T12393] BTRFS warning (device loop0): couldn't read tree root [ 1625.681839][T12393] BTRFS warning (device loop0): try to load backup roots slot 1 [ 1625.852287][T12393] BTRFS info (device loop0 state M): force compression, level 0 [ 1626.381177][T12464] program syz.4.17304 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1626.412493][ T802] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1626.664128][T12467] netlink: 104 bytes leftover after parsing attributes in process `syz.4.17305'. [ 1627.325547][ C1] vkms_vblank_simulate: vblank timer overrun [ 1627.839200][T12485] loop4: detected capacity change from 0 to 2048 [ 1627.897398][T12485] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1628.254301][T12497] loop1: detected capacity change from 0 to 256 [ 1628.369721][T12497] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x72684843, utbl_chksum : 0xe619d30d) [ 1628.542573][T12501] loop0: detected capacity change from 0 to 512 [ 1628.602016][T12501] EXT4-fs (loop0): Unsupported encryption level 9 [ 1629.378606][T12520] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.17329'. [ 1629.963902][T12501] loop0: detected capacity change from 0 to 32768 [ 1630.010988][T12501] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.17320 (12501) [ 1630.091453][T12501] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1630.130860][T12501] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 1630.162027][T12501] BTRFS info (device loop0): using free-space-tree [ 1630.190356][T12537] loop4: detected capacity change from 0 to 128 [ 1630.244718][T12537] VFS: Found a Xenix FS (block size = 512) on device loop4 [ 1630.417832][T10960] sysv_free_block: trying to free block not in datazone [ 1630.456410][T12501] BTRFS error (device loop0): target device ̮Id OQl0mь%ۣֈhB{[+  is invalid! [ 1630.490665][T10960] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 1630.701935][ T802] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1630.809960][T12526] loop1: detected capacity change from 0 to 32768 [ 1630.854932][T12526] XFS: attr2 mount option is deprecated. [ 1630.887858][T12560] loop4: detected capacity change from 0 to 512 [ 1630.932638][T12560] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1630.998907][T12526] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1631.020904][T12560] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #16: comm syz.4.17342: invalid indirect mapped block 4294967295 (level 0) [ 1631.122286][T12560] EXT4-fs (loop4): Remounting filesystem read-only [ 1631.151355][T12560] EXT4-fs (loop4): 1 orphan inode deleted [ 1631.174960][T12526] XFS (loop1): Ending clean mount [ 1631.213611][T12560] EXT4-fs (loop4): 1 truncate cleaned up [ 1631.234313][T12560] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1631.298419][ T5332] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1631.573944][T12576] batadv0: entered promiscuous mode [ 1631.588804][ T29] audit: type=1326 audit(2000001003.320:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12582 comm="syz.2.17349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f274c57def9 code=0x7ffc0000 [ 1631.695820][T10960] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1631.705568][T12576] macsec1: entered promiscuous mode [ 1631.711034][ T29] audit: type=1326 audit(2000001003.350:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12582 comm="syz.2.17349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f274c57def9 code=0x7ffc0000 [ 1631.821249][T12576] macsec1: entered allmulticast mode [ 1631.825094][ T29] audit: type=1326 audit(2000001003.390:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12582 comm="syz.2.17349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f274c57def9 code=0x7ffc0000 [ 1631.851233][ T29] audit: type=1326 audit(2000001003.390:1566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12582 comm="syz.2.17349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f274c57def9 code=0x7ffc0000 [ 1631.858834][T12576] batadv0: entered allmulticast mode [ 1631.883466][ T29] audit: type=1326 audit(2000001003.400:1567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12582 comm="syz.2.17349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f274c57def9 code=0x7ffc0000 [ 1631.942749][ T29] audit: type=1326 audit(2000001003.400:1568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12582 comm="syz.2.17349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f274c57def9 code=0x7ffc0000 [ 1632.056598][ T29] audit: type=1326 audit(2000001003.400:1569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12582 comm="syz.2.17349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f274c57def9 code=0x7ffc0000 [ 1632.167483][ T29] audit: type=1326 audit(2000001003.400:1570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12582 comm="syz.2.17349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f274c57def9 code=0x7ffc0000 [ 1632.289747][ T29] audit: type=1326 audit(2000001003.400:1571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12582 comm="syz.2.17349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f274c57def9 code=0x7ffc0000 [ 1632.414727][ T29] audit: type=1326 audit(2000001003.400:1572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12582 comm="syz.2.17349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f274c57def9 code=0x7ffc0000 [ 1634.221663][T12646] loop0: detected capacity change from 0 to 256 [ 1634.256454][T12646] exfat: Deprecated parameter 'utf8' [ 1634.322075][T12646] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xfa3b3837, utbl_chksum : 0xe619d30d) [ 1634.433238][T12646] CUSE: zero length info key specified [ 1637.290930][T12708] netlink: 4 bytes leftover after parsing attributes in process `syz.0.17404'. [ 1637.300061][T12708] netlink: 'syz.0.17404': attribute type 1 has an invalid length. [ 1637.425894][T12711] program syz.4.17405 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1637.774573][T12720] netlink: 'syz.3.17410': attribute type 9 has an invalid length. [ 1637.820728][T12720] netlink: 399 bytes leftover after parsing attributes in process `syz.3.17410'. [ 1638.174153][T12731] loop0: detected capacity change from 0 to 8 [ 1638.205512][T12731] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 1638.342739][T12731] cramfs: Error -3 while decompressing! [ 1638.374556][T12731] cramfs: ffffffff9a470638(42)->ffff88803169d000(4096) [ 1639.053211][T12747] loop0: detected capacity change from 0 to 1024 [ 1639.085558][T12747] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1639.117018][T12747] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1639.175614][T12747] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1639.579082][ T802] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1639.665647][T12754] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1640.070962][T12761] netlink: 'syz.4.17425': attribute type 1 has an invalid length. [ 1640.071239][T12759] tap0: tun_chr_ioctl cmd 2147767521 [ 1640.078832][T12761] netlink: 224 bytes leftover after parsing attributes in process `syz.4.17425'. [ 1640.406035][T12769] mkiss: ax0: crc mode is auto. [ 1640.432804][T12771] ip6gretap0: entered promiscuous mode [ 1640.496735][T12771] ip6gretap0: left promiscuous mode [ 1640.881904][T12782] loop4: detected capacity change from 0 to 4096 [ 1640.928676][T12782] ntfs3: loop4: Different NTFS sector size (1024) and media sector size (512). [ 1641.015476][T12791] netlink: 20 bytes leftover after parsing attributes in process `syz.0.17439'. [ 1641.019524][T12782] ntfs3: loop4: Failed to load $Extend (-22). [ 1641.057019][T12782] ntfs3: loop4: Failed to initialize $Extend. [ 1641.674986][T12814] netlink: 8 bytes leftover after parsing attributes in process `syz.0.17451'. [ 1641.703015][T12814] netlink: 16 bytes leftover after parsing attributes in process `syz.0.17451'. [ 1641.751210][ T25] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 1641.950890][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 1641.959505][ T25] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1642.001766][ T25] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1642.042067][ T25] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1642.042273][T12823] netlink: 'syz.2.17454': attribute type 10 has an invalid length. [ 1642.071281][ T25] usb 2-1: config 1 has no interface number 1 [ 1642.084560][ T25] usb 2-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 1642.096494][T12823] netlink: 55 bytes leftover after parsing attributes in process `syz.2.17454'. [ 1642.122584][ T25] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1642.171528][ T25] usb 2-1: config 1 interface 2 has no altsetting 0 [ 1642.206292][ T25] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1642.228435][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1642.269454][ T25] usb 2-1: Product: syz [ 1642.278871][ T25] usb 2-1: Manufacturer: syz [ 1642.303909][ T25] usb 2-1: SerialNumber: syz [ 1642.311441][T11249] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 1642.401315][T11249] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 1642.561558][ T5410] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 1642.603189][ T25] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor [ 1642.640010][ T25] usb 2-1: 2:1 : format type 39 is not supported yet [ 1642.651376][ T5410] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 1642.679539][ T25] usb 2-1: selecting invalid altsetting 0 [ 1642.711193][ T5410] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 1642.750300][ T25] usb 2-1: USB disconnect, device number 53 [ 1642.774549][T12838] netlink: 4 bytes leftover after parsing attributes in process `syz.4.17463'. [ 1642.791029][ T5410] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 1642.830075][T12838] xfrm1: entered promiscuous mode [ 1642.888983][T12838] xfrm1: entered allmulticast mode [ 1642.961035][T25711] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 1642.999407][T12839] loop0: detected capacity change from 0 to 4096 [ 1643.275942][ T25] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 1643.741606][ T25] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 1643.876306][T11249] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 1644.092789][T11249] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1644.132905][T11249] usb 5-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 1644.181206][T11249] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1644.214764][T11249] usb 5-1: config 0 descriptor?? [ 1644.244939][T11249] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1644.502201][T11249] usb 5-1: USB disconnect, device number 42 [ 1644.731123][ T5410] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 1644.911431][ T5410] usb 4-1: Using ep0 maxpacket: 16 [ 1644.919670][ T5410] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1644.926230][T12885] loop0: detected capacity change from 0 to 4096 [ 1644.932841][ T5410] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1644.967863][ T5410] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1644.980402][T12885] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 1645.003702][T12874] loop1: detected capacity change from 0 to 32768 [ 1645.018821][ T5410] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1645.030186][T12874] btrfs: Deprecated parameter 'usebackuproot' [ 1645.042435][T12874] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1645.053823][ T5410] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1645.105494][ T5410] usb 4-1: config 0 descriptor?? [ 1645.109717][T12885] ntfs3: loop0: failed to convert "c46c" to iso8859-7 [ 1645.112558][T12874] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.17479 (12874) [ 1645.191348][T12874] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1645.239482][T12874] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 1645.270925][T12874] BTRFS info (device loop1): using free-space-tree [ 1645.377573][T22613] BTRFS warning (device loop1): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xdd624956 level 0 [ 1645.411178][T12874] BTRFS warning (device loop1): couldn't read tree root [ 1645.432766][T12874] BTRFS warning (device loop1): try to load backup roots slot 1 [ 1645.457098][T12903] loop4: detected capacity change from 0 to 1764 [ 1645.536553][T12903] iso9660: Corrupted directory entry in block 0 of inode 1792 [ 1645.566992][T12874] BTRFS info (device loop1 state M): force compression, level 0 [ 1645.589109][ T5410] microsoft 0003:045E:07DA.00A8: No inputs registered, leaving [ 1645.647548][ T5410] microsoft 0003:045E:07DA.00A8: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 1645.690722][ T5410] microsoft 0003:045E:07DA.00A8: no inputs found [ 1645.720261][ T5410] microsoft 0003:045E:07DA.00A8: could not initialize ff, continuing anyway [ 1645.772523][T12911] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17488'. [ 1645.945611][T11249] usb 4-1: USB disconnect, device number 10 [ 1645.949118][ T5332] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1646.287371][ C1] vkms_vblank_simulate: vblank timer overrun [ 1646.548682][ C1] vkms_vblank_simulate: vblank timer overrun [ 1646.771086][ T5336] Bluetooth: hci11: Opcode 0x1003 failed: -110 [ 1646.985991][T12935] loop4: detected capacity change from 0 to 4096 [ 1647.744819][T12954] loop4: detected capacity change from 0 to 1024 [ 1647.785852][T12954] EXT4-fs: Ignoring removed i_version option [ 1647.864912][T12954] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1648.184179][T10960] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1648.196057][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 1648.196079][ T29] audit: type=1326 audit(2000001019.930:1596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12967 comm="syz.0.17516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f840f17def9 code=0x7ffc0000 [ 1648.337273][ T29] audit: type=1326 audit(2000001019.960:1597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12967 comm="syz.0.17516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f840f17def9 code=0x7ffc0000 [ 1648.443737][ T29] audit: type=1326 audit(2000001019.970:1598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12967 comm="syz.0.17516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f840f17def9 code=0x7ffc0000 [ 1648.552951][T12974] Process accounting resumed [ 1648.553290][ T29] audit: type=1326 audit(2000001019.970:1599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12967 comm="syz.0.17516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f840f17def9 code=0x7ffc0000 [ 1648.681080][ T29] audit: type=1326 audit(2000001019.970:1600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12967 comm="syz.0.17516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f840f17def9 code=0x7ffc0000 [ 1648.749297][T12977] loop1: detected capacity change from 0 to 4096 [ 1648.778129][ T29] audit: type=1326 audit(2000001019.980:1601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12967 comm="syz.0.17516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f840f17def9 code=0x7ffc0000 [ 1648.868853][ T29] audit: type=1326 audit(2000001019.980:1602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12967 comm="syz.0.17516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f840f17def9 code=0x7ffc0000 [ 1648.963275][ T29] audit: type=1326 audit(2000001019.980:1603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12967 comm="syz.0.17516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f840f174ea7 code=0x7ffc0000 [ 1649.081564][ T29] audit: type=1326 audit(2000001019.980:1604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12967 comm="syz.0.17516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f840f119869 code=0x7ffc0000 [ 1649.170652][ T29] audit: type=1326 audit(2000001019.980:1605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12967 comm="syz.0.17516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f840f174ea7 code=0x7ffc0000 [ 1649.502790][T13003] netlink: 104 bytes leftover after parsing attributes in process `syz.2.17530'. [ 1649.873554][T13016] netlink: 'syz.3.17536': attribute type 10 has an invalid length. [ 1649.902774][T13016] netlink: 55 bytes leftover after parsing attributes in process `syz.3.17536'. [ 1650.096339][T13024] vxcan1: tx address claim with dest, not broadcast [ 1650.385516][T13031] loop4: detected capacity change from 0 to 1024 [ 1650.582439][T13038] bridge0: port 1(bridge_slave_0) entered blocking state [ 1650.589676][T13038] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1650.755829][T13040] ipvlan2: entered promiscuous mode [ 1650.773696][T13042] loop1: detected capacity change from 0 to 1024 [ 1650.846161][T13042] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1651.204792][T13056] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17555'. [ 1651.254287][ T5332] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1651.572065][T13068] netlink: 'syz.1.17558': attribute type 10 has an invalid length. [ 1651.601304][T13068] netlink: 55 bytes leftover after parsing attributes in process `syz.1.17558'. [ 1651.635314][T13064] netlink: 'syz.5.17557': attribute type 1 has an invalid length. [ 1651.682809][T13064] netlink: 168 bytes leftover after parsing attributes in process `syz.5.17557'. [ 1651.761057][T13064] netlink: 'syz.5.17557': attribute type 1 has an invalid length. [ 1651.803149][T13064] netlink: 20 bytes leftover after parsing attributes in process `syz.5.17557'. [ 1651.813643][T13070] netlink: 'syz.3.17561': attribute type 1 has an invalid length. [ 1652.109107][T13075] loop4: detected capacity change from 0 to 2048 [ 1652.136424][T13075] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1652.178007][T13083] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1652.576546][T13093] loop4: detected capacity change from 0 to 1024 [ 1652.613341][T13093] hfsplus: Filesystem is marked locked, mounting read-only. [ 1653.694851][T13117] netlink: 'syz.4.17577': attribute type 10 has an invalid length. [ 1653.741083][T13117] netlink: 55 bytes leftover after parsing attributes in process `syz.4.17577'. [ 1654.564784][T13132] loop1: detected capacity change from 0 to 64 [ 1654.662983][T13135] @: renamed from vlan0 (while UP) [ 1655.439544][T13157] netlink: 4 bytes leftover after parsing attributes in process `syz.1.17595'. [ 1655.957986][T13171] @: renamed from vlan0 (while UP) [ 1656.168717][T13176] loop1: detected capacity change from 0 to 1024 [ 1656.313016][T13176] hfsplus: bad catalog entry type [ 1656.713102][T11177] hfsplus: b-tree write err: -5, ino 4 [ 1656.907278][T13164] loop4: detected capacity change from 0 to 40427 [ 1656.940702][T13164] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1656.966532][T13164] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1657.036174][T13164] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1657.310624][T13164] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1657.341158][T13164] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1657.548729][T13209] loop0: detected capacity change from 0 to 64 [ 1659.701450][ T5410] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 1659.890750][ T5410] usb 2-1: Using ep0 maxpacket: 16 [ 1659.929451][ T5410] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 1659.971353][ T5410] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1660.005724][ T5410] usb 2-1: Product: syz [ 1660.020321][ T5410] usb 2-1: Manufacturer: syz [ 1660.030011][ T5410] usb 2-1: SerialNumber: syz [ 1660.072126][ T5410] usb 2-1: config 0 descriptor?? [ 1660.272874][T13262] netlink: 60 bytes leftover after parsing attributes in process `syz.2.17643'. [ 1660.434043][T13264] netlink: 'syz.3.17644': attribute type 4 has an invalid length. [ 1660.515607][ T5410] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 1660.543474][ T5410] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1660.584065][ T5410] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 1660.612781][ T5410] usb 2-1: media controller created [ 1660.637289][T13239] loop4: detected capacity change from 0 to 32768 [ 1660.693822][T13239] XFS (loop4): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 1660.734798][ T5410] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1660.827449][T13239] XFS (loop4): Ending clean mount [ 1660.942768][T10960] XFS (loop4): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 1660.989402][ T5410] zl10353_read_register: readreg error (reg=127, ret==0) [ 1661.000605][ T5410] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 1661.022270][ T5410] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 1661.043101][ T5410] usb 2-1: USB disconnect, device number 54 [ 1661.143877][ T5410] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 1662.427617][T13281] loop0: detected capacity change from 0 to 40427 [ 1662.492492][T13281] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 1662.522198][T13281] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1662.582562][T13281] F2FS-fs (loop0): invalid crc value [ 1662.681098][T13302] : renamed from batadv_slave_0 (while UP) [ 1662.682996][T13281] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1662.743001][T13302] netlink: 16 bytes leftover after parsing attributes in process `syz.4.17648'. [ 1662.752676][T13302] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check. [ 1662.993882][T13281] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1663.031376][T13281] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 1663.126113][T13289] loop1: detected capacity change from 0 to 32768 [ 1663.141234][T13310] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 1663.151871][T13289] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.17654 (13289) [ 1663.231062][ T29] kauditd_printk_skb: 27 callbacks suppressed [ 1663.231092][ T29] audit: type=1800 audit(2000001034.960:1633): pid=13281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17649" name="bus" dev="loop0" ino=10 res=0 errno=0 [ 1663.293588][T13289] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1663.343803][T13289] BTRFS info (device loop1): using sha256 (sha256-ni) checksum algorithm [ 1663.403403][T13281] syz.0.17649: attempt to access beyond end of device [ 1663.403403][T13281] loop0: rw=2049, sector=77824, nr_sectors = 848 limit=40427 [ 1663.553498][T13289] BTRFS info (device loop1): rebuilding free space tree [ 1663.587578][T13289] BTRFS info (device loop1): disabling free space tree [ 1663.611556][T13289] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1663.626098][T13289] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1663.672278][ T802] syz-executor: attempt to access beyond end of device [ 1663.672278][ T802] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1663.734616][ T802] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 1664.234155][ T5332] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1664.311148][T13334] sp0: Synchronizing with TNC [ 1664.947138][T13347] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17670'. [ 1665.021763][T13349] netlink: 'syz.4.17671': attribute type 1 has an invalid length. [ 1665.090598][T13349] netlink: 9280 bytes leftover after parsing attributes in process `syz.4.17671'. [ 1665.132186][T13349] netlink: 'syz.4.17671': attribute type 1 has an invalid length. [ 1665.161186][T13349] netlink: 56 bytes leftover after parsing attributes in process `syz.4.17671'. [ 1665.471960][T13359] sch_tbf: burst 32769 is lower than device lo mtu (65550) ! [ 1665.552350][ T5410] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 1665.740739][ T350] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1665.763230][ T5410] usb 2-1: Using ep0 maxpacket: 16 [ 1665.773477][ T5410] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1665.814719][ T5410] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79 [ 1665.841503][ T5410] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1665.885220][ T5410] usb 2-1: Product: syz [ 1665.889518][ T5410] usb 2-1: Manufacturer: syz [ 1665.920861][ T5410] usb 2-1: SerialNumber: syz [ 1665.941522][ T350] usb 6-1: Using ep0 maxpacket: 16 [ 1665.954225][ T5410] usb 2-1: config 0 descriptor?? [ 1666.004613][ T350] usb 6-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 1666.024634][ T350] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1666.050748][ T350] usb 6-1: Product: syz [ 1666.078204][ T350] usb 6-1: Manufacturer: syz [ 1666.114296][ T350] usb 6-1: SerialNumber: syz [ 1666.144396][ T350] usb 6-1: config 0 descriptor?? [ 1666.205851][ T5410] usb 2-1: Not enough endpoints found in device, aborting! [ 1666.469630][ T5410] usb 2-1: USB disconnect, device number 55 [ 1666.532307][T25711] usb 6-1: USB disconnect, device number 8 [ 1666.568011][T13379] loop4: detected capacity change from 0 to 512 [ 1666.624032][T13368] could not allocate digest TFM handle sha512-neon [ 1666.818110][T13381] loop0: detected capacity change from 0 to 512 [ 1666.848592][T13381] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.17685: bad orphan inode 4 [ 1666.873398][T13381] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1667.254328][ T802] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1667.390931][T13395] binder: 13394:13395 ioctl 40046205 0 returned -22 [ 1667.448839][T13397] loop0: detected capacity change from 0 to 512 [ 1667.468445][T13399] loop1: detected capacity change from 0 to 512 [ 1667.542937][T13397] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1667.548245][T13399] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1667.588013][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 1667.604436][T13399] ext4 filesystem being mounted at /3227/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1667.614106][T13397] ext4 filesystem being mounted at /759/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1667.822436][ T5332] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1667.967837][ T802] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1668.321968][T13416] ieee802154 phy1 wpan1: encryption failed: -90 [ 1668.380237][T13391] loop4: detected capacity change from 0 to 32768 [ 1668.496375][T13391] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1668.643898][T13434] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1668.709540][ T52] Bluetooth: hci11: Frame reassembly failed (-84) [ 1668.791619][T13391] XFS (loop4): Ending clean mount [ 1668.842786][T13391] XFS (loop4): Quotacheck needed: Please wait. [ 1669.108925][T13391] XFS (loop4): Quotacheck: Done. [ 1669.562991][T10960] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1670.010720][ T5410] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 1670.213618][ T5410] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1670.235253][ T5410] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1670.241321][T13444] loop0: detected capacity change from 0 to 32768 [ 1670.257368][ T5410] usb 2-1: New USB device found, idVendor=056a, idProduct=00b5, bcdDevice= 0.00 [ 1670.301847][ T29] audit: type=1800 audit(2000001042.030:1634): pid=13444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17707" name="bus" dev="loop0" ino=7 res=0 errno=0 [ 1670.333746][ T5410] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1670.372060][ T5410] usb 2-1: config 0 descriptor?? [ 1670.763064][ T5336] Bluetooth: hci11: Opcode 0x1003 failed: -110 [ 1670.868912][ T5410] wacom 0003:056A:00B5.00A9: Unknown device_type for 'HID 056a:00b5'. Assuming pen. [ 1671.001827][ T5410] wacom 0003:056A:00B5.00A9: hidraw0: USB HID v0.00 Device [HID 056a:00b5] on usb-dummy_hcd.1-1/input0 [ 1671.047374][ T5410] input: Wacom Intuos3 6x11 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:00B5.00A9/input/input142 [ 1671.162795][ T5410] usb 2-1: USB disconnect, device number 56 [ 1671.906041][T13484] loop1: detected capacity change from 0 to 2048 [ 1671.994386][T13487] pim6reg: entered allmulticast mode [ 1672.042504][T13484] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1672.054922][T13487] macvlan1: entered allmulticast mode [ 1672.060334][T13487] veth1_vlan: entered allmulticast mode [ 1672.394715][ T5332] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1672.596406][T13505] netlink: 'syz.4.17735': attribute type 49 has an invalid length. [ 1672.625146][T13509] loop1: detected capacity change from 0 to 4096 [ 1672.651112][T13510] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1673.228388][T13527] openvswitch: netlink: Missing key (keys=20040, expected=80) [ 1674.018486][T13556] netlink: 14 bytes leftover after parsing attributes in process `syz.2.17755'. [ 1674.089146][T13557] sctp: [Deprecated]: syz.1.17756 (pid 13557) Use of int in max_burst socket option deprecated. [ 1674.089146][T13557] Use struct sctp_assoc_value instead [ 1675.054742][T13587] loop4: detected capacity change from 0 to 256 [ 1676.025204][T13611] loop0: detected capacity change from 0 to 4096 [ 1676.226967][T13618] netlink: 'syz.5.17784': attribute type 11 has an invalid length. [ 1676.356609][T13583] loop1: detected capacity change from 0 to 40427 [ 1676.460154][T13583] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1676.722299][T13583] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1676.942179][ T5332] syz-executor: attempt to access beyond end of device [ 1676.942179][ T5332] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1676.950138][T13640] loop4: detected capacity change from 0 to 256 [ 1676.991514][ T5332] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 1678.523284][T13669] netlink: 176 bytes leftover after parsing attributes in process `syz.1.17795'. [ 1678.543499][T13669] ip6gretap0: entered promiscuous mode [ 1678.560736][ T5383] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 1678.564015][T13669] netlink: 176 bytes leftover after parsing attributes in process `syz.1.17795'. [ 1678.800522][ T5383] usb 6-1: Using ep0 maxpacket: 8 [ 1678.871819][ T5383] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1678.930839][ T5383] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1679.084542][ T5383] usb 6-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.40 [ 1679.100658][ T5383] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1679.157980][ T5383] usb 6-1: Product: syz [ 1679.162408][ T5383] usb 6-1: Manufacturer: syz [ 1679.198649][ T5383] usb 6-1: SerialNumber: syz [ 1679.261436][T13687] loop1: detected capacity change from 0 to 128 [ 1679.458724][ T29] audit: type=1800 audit(2000001051.190:1635): pid=13687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.17814" name="bus" dev="loop1" ino=1049000 res=0 errno=0 [ 1679.514559][ T5383] usbhid 6-1:1.0: can't add hid device: -22 [ 1679.540772][ T5383] usbhid 6-1:1.0: probe with driver usbhid failed with error -22 [ 1679.742770][ T5410] usb 6-1: USB disconnect, device number 9 [ 1680.695018][T13681] loop4: detected capacity change from 0 to 40427 [ 1680.754318][T13681] F2FS-fs (loop4): invalid crc value [ 1680.779911][T13714] loop0: detected capacity change from 0 to 1764 [ 1680.805785][T13681] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1681.027672][T13681] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1681.241961][T10960] syz-executor: attempt to access beyond end of device [ 1681.241961][T10960] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1681.292117][T10960] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 1681.371946][T13733] loop0: detected capacity change from 0 to 512 [ 1681.379256][T13733] EXT4-fs: Ignoring removed mblk_io_submit option [ 1681.386891][T13733] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 1681.461161][T13733] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b056c118, mo2=0002] [ 1681.542234][T13733] System zones: 1-12 [ 1681.624050][T13733] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.17835: corrupted in-inode xattr: e_value size too large [ 1681.671503][T13733] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.17835: couldn't read orphan inode 15 (err -117) [ 1681.722975][T13733] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1682.122885][ T802] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1682.960850][T13764] loop4: detected capacity change from 0 to 1024 [ 1682.996105][T13764] syz.4.17849: attempt to access beyond end of device [ 1682.996105][T13764] loop4: rw=2049, sector=5778, nr_sectors = 2 limit=1024 [ 1683.017271][T13764] Buffer I/O error on dev loop4, logical block 2889, lost async page write [ 1683.068424][T13769] syz.4.17849: attempt to access beyond end of device [ 1683.068424][T13769] loop4: rw=2049, sector=5778, nr_sectors = 2 limit=1024 [ 1683.143357][T13769] Buffer I/O error on dev loop4, logical block 2889, lost async page write [ 1683.217006][T13766] loop0: detected capacity change from 0 to 4096 [ 1683.863578][T13793] loop0: detected capacity change from 0 to 1764 [ 1684.267011][T13776] loop1: detected capacity change from 0 to 32768 [ 1684.276946][T13776] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.17853 (13776) [ 1684.298218][T13776] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1684.321487][T13776] BTRFS info (device loop1): using sha256 (sha256-ni) checksum algorithm [ 1684.471702][T13776] BTRFS info (device loop1): rebuilding free space tree [ 1684.551744][T13776] BTRFS info (device loop1): disabling free space tree [ 1684.558778][T13776] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1684.612468][T13776] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1684.796254][ T29] audit: type=1800 audit(2000001056.530:1636): pid=13776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.17853" name="file2" dev="loop1" ino=261 res=0 errno=0 [ 1684.935692][T13834] loop4: detected capacity change from 0 to 1024 [ 1685.018832][ T5336] Bluetooth: hci9: command 0x0406 tx timeout [ 1685.318776][ T5332] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1685.421320][T13844] netlink: 24 bytes leftover after parsing attributes in process `syz.0.17877'. [ 1685.760140][T13853] loop0: detected capacity change from 0 to 512 [ 1685.861440][T13853] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 1685.911103][T13853] EXT4-fs (loop0): 1 truncate cleaned up [ 1685.928601][T13853] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1686.141771][ T802] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1688.138710][T13909] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17908'. [ 1688.188776][T13879] loop0: detected capacity change from 0 to 32768 [ 1688.321750][T13894] loop1: detected capacity change from 0 to 32768 [ 1688.408605][T13894] find_entry called with index >= next_index [ 1688.440729][T13894] find_entry called with index >= next_index [ 1688.453924][T13879] find_entry called with index = 0 [ 1688.490489][T13894] find_entry called with index >= next_index [ 1688.500602][T13879] find_entry called with index = 0 [ 1688.510359][T13914] jfs: Unrecognized mount option "00000000000000000000004 Z* m.Dc8'@C9G9?9S{1Jլ5 æԌqqY糔" or missing value [ 1688.577820][T13879] jfs_lookup: iget failed on inum 32 [ 1688.584593][T13879] jfs_lookup: iget failed on inum 32 [ 1688.768769][T13922] pim6reg: entered allmulticast mode [ 1688.862014][T13920] pim6reg: left allmulticast mode [ 1689.501031][T13933] loop0: detected capacity change from 0 to 128 [ 1689.566245][T13933] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1689.642948][T13936] loop1: detected capacity change from 0 to 4096 [ 1689.651039][T13933] ext4 filesystem being mounted at /791/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1689.689444][T13936] NILFS (loop1): invalid segment: Checksum error in segment payload [ 1689.698743][T13936] NILFS (loop1): trying rollback from an earlier position [ 1689.736091][T13936] NILFS (loop1): recovery complete [ 1689.742740][T13940] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1689.862076][T13933] fscrypt (loop0, inode 12): Unsupported encryption flags (0x1b) [ 1690.144656][ T802] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1690.333975][T13948] dlm: no local IP address has been set [ 1690.383764][T13948] dlm: cannot start dlm midcomms -107 [ 1692.000834][T13951] loop0: detected capacity change from 0 to 40427 [ 1692.028457][T13951] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1692.047001][T13951] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1692.086609][T13951] F2FS-fs (loop0): invalid crc value [ 1692.111793][T13951] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1692.370602][T13951] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1692.410893][T13951] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1693.120652][ T25] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 1693.312651][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1693.367897][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1693.398383][ T25] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1693.431495][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1693.464029][ T25] usb 2-1: config 0 descriptor?? [ 1693.899535][ T25] hid (null): bogus close delimiter [ 1693.943043][T14007] loop4: detected capacity change from 0 to 1024 [ 1693.981166][T14007] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1694.004253][T14007] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1694.041843][T14007] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1694.099603][T14007] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 1694.139916][T14007] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1694.299028][ T25] uclogic 0003:256C:006D.00AA: failed retrieving Huion firmware version: -71 [ 1694.308259][ T25] uclogic 0003:256C:006D.00AA: failed probing parameters: -71 [ 1694.318513][ T25] uclogic 0003:256C:006D.00AA: probe with driver uclogic failed with error -71 [ 1694.348146][ T25] usb 2-1: USB disconnect, device number 57 [ 1694.478413][T10960] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1694.672421][T14026] netlink: 'syz.5.17955': attribute type 8 has an invalid length. [ 1695.016776][T14036] loop0: detected capacity change from 0 to 512 [ 1695.044388][T14036] EXT4-fs: Ignoring removed i_version option [ 1695.071307][T14036] EXT4-fs: Ignoring removed nobh option [ 1695.091903][T14036] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 1695.144906][T14036] EXT4-fs (loop0): 1 truncate cleaned up [ 1695.190296][T14036] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1695.550287][ T802] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /796/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 1695.582613][T14033] loop4: detected capacity change from 0 to 32768 [ 1695.630652][T14033] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.17959 (14033) [ 1695.685317][T14033] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1695.697922][ T802] EXT4-fs error (device loop0): ext4_empty_dir:3126: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 1695.730828][T14033] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 1695.744483][ T802] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /796/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 1695.750979][T14033] BTRFS info (device loop4): using free-space-tree [ 1695.792613][ T802] EXT4-fs error (device loop0): ext4_empty_dir:3126: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 1695.919922][ T802] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /796/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 1695.989965][ T802] EXT4-fs error (device loop0): ext4_empty_dir:3126: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 1696.111683][ T802] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /796/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 1696.164479][ T802] EXT4-fs error (device loop0): ext4_empty_dir:3126: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 1696.202328][ T802] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /796/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 1696.244376][T14082] netlink: 8 bytes leftover after parsing attributes in process `syz.5.17974'. [ 1696.271031][ T802] EXT4-fs error (device loop0): ext4_empty_dir:3126: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 1696.399294][T10960] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1697.743088][T14116] netlink: 208036 bytes leftover after parsing attributes in process `syz.1.17991'. [ 1697.802398][T11225] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1697.805404][T14116] openvswitch: netlink: Duplicate key (type 0). [ 1698.360899][ T5383] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 1698.600774][ T5383] usb 5-1: Using ep0 maxpacket: 16 [ 1698.661396][ T5383] usb 5-1: config 0 has an invalid interface number: 214 but max is 0 [ 1698.669722][ T5383] usb 5-1: config 0 has no interface number 0 [ 1698.704648][ T5383] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 1698.773478][ T5383] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1698.783389][ T5383] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1698.837171][ T5383] usb 5-1: Product: syz [ 1698.883416][ T5383] usb 5-1: Manufacturer: syz [ 1698.888118][ T5383] usb 5-1: SerialNumber: syz [ 1698.916792][ T5383] usb 5-1: config 0 descriptor?? [ 1699.031372][ T1290] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1699.414567][ T1290] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1699.426795][T14131] loop1: detected capacity change from 0 to 256 [ 1699.451051][T14131] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 1699.480122][T14127] netlink: 16 bytes leftover after parsing attributes in process `syz.3.17999'. [ 1699.586841][ T5383] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.214/input/input145 [ 1699.747501][ T1290] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1699.884349][ T5383] usb 5-1: USB disconnect, device number 43 [ 1699.943852][T14139] netlink: 12 bytes leftover after parsing attributes in process `syz.1.18005'. [ 1700.146176][ T5336] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1700.165987][ T5336] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1700.178036][ T5336] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1700.200887][ T5336] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1700.218519][ T5336] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1700.231460][ T5336] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1700.268732][ T1290] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1700.547042][T14141] lo speed is unknown, defaulting to 1000 [ 1700.967166][T14161] program syz.1.18014 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1701.186431][T14163] loop1: detected capacity change from 0 to 1024 [ 1701.234174][T14163] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1701.237161][ T1290] bridge_slave_1: left allmulticast mode [ 1701.273120][ T1290] bridge_slave_1: left promiscuous mode [ 1701.283540][ T1290] bridge0: port 2(bridge_slave_1) entered disabled state [ 1701.313790][T14163] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.18015: Invalid block bitmap block 0 in block_group 0 [ 1701.351925][T14163] Quota error (device loop1): write_blk: dquota write failed [ 1701.359430][T14163] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 1701.400832][T14163] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.18015: Failed to acquire dquot type 0 [ 1701.417282][ T1290] bridge_slave_0: left allmulticast mode [ 1701.447573][ T1290] bridge_slave_0: left promiscuous mode [ 1701.451984][T14163] EXT4-fs error (device loop1): ext4_free_blocks:6590: comm syz.1.18015: Freeing blocks not in datazone - block = 0, count = 4096 [ 1701.474925][ T1290] bridge0: port 1(bridge_slave_0) entered disabled state [ 1701.483751][T14163] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.18015: Invalid inode bitmap blk 0 in block_group 0 [ 1701.500788][T11177] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-8 [ 1701.523439][T11177] EXT4-fs error (device loop1): ext4_release_dquot:6871: comm kworker/u8:0: Failed to release dquot type 0 [ 1701.534977][T14163] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 1701.535443][T14163] EXT4-fs (loop1): 1 orphan inode deleted [ 1701.576611][T14163] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1701.676949][T14175] loop4: detected capacity change from 0 to 128 [ 1701.681724][T14163] EXT4-fs error (device loop1): __ext4_get_inode_loc:4436: comm syz.1.18015: Invalid inode table block 12884901889 in block_group 0 [ 1701.719192][T14175] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1701.730626][T14163] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5810: Corrupt filesystem [ 1701.791455][T14175] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 1701.947605][ T1115] EXT4-fs error (device loop1): __ext4_get_inode_loc:4436: comm kworker/u8:7: Invalid inode table block 12884901889 in block_group 0 [ 1702.056142][ T5332] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1702.361685][ T5336] Bluetooth: hci1: command tx timeout [ 1702.416851][T14189] overlayfs: workdir and upperdir must reside under the same mount [ 1704.472228][ T5336] Bluetooth: hci1: command tx timeout [ 1704.750171][T14225] sctp: [Deprecated]: syz.5.18041 (pid 14225) Use of int in maxseg socket option. [ 1704.750171][T14225] Use struct sctp_assoc_value instead [ 1705.289687][ T1290] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1705.307098][ T1290] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1705.324837][ T1290] bond0 (unregistering): Released all slaves [ 1705.630516][ T1290] tipc: Disabling bearer [ 1705.671418][ T1290] tipc: Left network mode [ 1705.861685][ T5410] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 1706.080913][ T5410] usb 2-1: Using ep0 maxpacket: 32 [ 1706.088623][ T5410] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1706.131809][ T5410] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1706.151029][ T5410] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1706.180415][ T5410] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1706.180721][T14141] chnl_net:caif_netlink_parms(): no params data found [ 1706.195755][ T5410] usb 2-1: config 0 descriptor?? [ 1706.199004][ T5410] hub 2-1:0.0: USB hub found [ 1706.247939][T14245] lo speed is unknown, defaulting to 1000 [ 1706.402887][ T5410] hub 2-1:0.0: 1 port detected [ 1706.526223][ T5336] Bluetooth: hci1: command tx timeout [ 1706.774174][ T1290] hsr_slave_0: left promiscuous mode [ 1706.802198][ T1290] hsr_slave_1: left promiscuous mode [ 1706.833999][ T5410] usb 2-1: USB disconnect, device number 58 [ 1706.891409][ T1290] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1706.898946][ T1290] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1706.958984][ T1290] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1706.988148][ T1290] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1707.095868][ T1290] veth1_macvtap: left promiscuous mode [ 1707.112263][ T1290] veth0_macvtap: left promiscuous mode [ 1707.124671][ T1290] veth1_vlan: left allmulticast mode [ 1707.137160][ T1290] veth1_vlan: left promiscuous mode [ 1707.150786][ T1290] veth0_vlan: left promiscuous mode [ 1707.614609][ T1290] pim6reg (unregistering): left allmulticast mode [ 1707.885563][ T1290] macvlan1 (unregistering): left allmulticast mode [ 1708.575277][ T30] INFO: task syz.3.16558:10703 blocked for more than 143 seconds. [ 1708.583522][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1708.591907][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1708.604019][ T5336] Bluetooth: hci1: command tx timeout [ 1708.618574][ T30] task:syz.3.16558 state:D stack:26360 pid:10703 tgid:10699 ppid:5334 flags:0x00000004 [ 1708.638464][ T30] Call Trace: [ 1708.645707][ T30] [ 1708.648794][ T30] __schedule+0x1800/0x4a60 [ 1708.661835][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1708.677840][ T30] ? __pfx___schedule+0x10/0x10 [ 1708.698081][ T30] ? __blk_flush_plug+0x449/0x500 [ 1708.708198][ T30] ? __pfx_lock_release+0x10/0x10 [ 1708.720629][ T30] ? __blk_flush_plug+0x449/0x500 [ 1708.725783][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1708.747996][ T30] ? __pfx___blk_flush_plug+0x10/0x10 [ 1708.760403][ T30] ? schedule+0x90/0x320 [ 1708.764963][ T30] schedule+0x14b/0x320 [ 1708.769201][ T30] io_schedule+0x8d/0x110 [ 1708.781583][ T30] folio_wait_bit_common+0x882/0x12b0 [ 1708.797330][ T30] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 1708.807440][ T30] ? __pfx_wake_page_function+0x10/0x10 [ 1708.820479][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1708.825806][ T30] z_erofs_runqueue+0xa8c/0x2010 [ 1708.840745][ T30] ? __pfx_z_erofs_runqueue+0x10/0x10 [ 1708.856282][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1708.870522][ T30] ? _raw_spin_unlock+0x28/0x50 [ 1708.875565][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1708.891956][ T30] ? lockref_put_or_lock+0x75/0xc0 [ 1708.907397][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1708.917526][ T30] z_erofs_readahead+0xbae/0xf00 [ 1708.923628][ T30] ? __pfx_z_erofs_readahead+0x10/0x10 [ 1708.929291][ T30] ? __pfx_lock_release+0x10/0x10 [ 1708.934688][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1708.950384][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1708.956230][ T30] ? blk_start_plug+0x70/0x1b0 [ 1708.970280][ T30] read_pages+0x180/0x840 [ 1708.979250][ T30] ? __pfx_lru_add_fn+0x10/0x10 [ 1709.010826][ T30] ? __pfx_read_pages+0x10/0x10 [ 1709.015786][ T30] ? filemap_add_folio+0x26d/0x650 [ 1709.040694][ T30] ? __pfx_filemap_add_folio+0x10/0x10 [ 1709.046585][ T30] page_cache_ra_unbounded+0x6ce/0x7f0 [ 1709.055015][ T30] force_page_cache_ra+0x280/0x2f0 [ 1709.064264][ T30] generic_fadvise+0x528/0x840 [ 1709.072858][ T30] ? __pfx_generic_fadvise+0x10/0x10 [ 1709.081754][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.094484][ T30] ? __fget_files+0x3f6/0x470 [ 1709.102921][ T30] ? __fget_files+0x29/0x470 [ 1709.114250][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.124343][ T30] __x64_sys_fadvise64+0x145/0x190 [ 1709.133180][ T30] do_syscall_64+0xf3/0x230 [ 1709.141456][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1709.151967][ T30] RIP: 0033:0x7f3860f7def9 [ 1709.156658][ T30] RSP: 002b:00007f3861d38038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 1709.166705][ T30] RAX: ffffffffffffffda RBX: 00007f3861136058 RCX: 00007f3860f7def9 [ 1709.175602][ T30] RDX: 0000000000004101 RSI: 0000000000e0ffff RDI: 0000000000000005 [ 1709.183999][ T30] RBP: 00007f3860ff09f6 R08: 0000000000000000 R09: 0000000000000000 [ 1709.201133][ T30] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 1709.209290][ T30] R13: 0000000000000000 R14: 00007f3861136058 R15: 00007ffd5f5fd068 [ 1709.229598][ T30] [ 1709.234163][ T30] INFO: task syz.4.16584:10763 blocked for more than 144 seconds. [ 1709.278707][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1709.286635][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1709.296738][ T30] task:syz.4.16584 state:D stack:23280 pid:10763 tgid:10762 ppid:8327 flags:0x00004004 [ 1709.307625][ T30] Call Trace: [ 1709.311032][ T30] [ 1709.314008][ T30] __schedule+0x1800/0x4a60 [ 1709.318697][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.325561][ T30] ? __pfx___schedule+0x10/0x10 [ 1709.331129][ T30] ? __pfx_lock_release+0x10/0x10 [ 1709.336226][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.343623][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.349349][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1709.356850][ T30] ? schedule+0x90/0x320 [ 1709.361785][ T30] schedule+0x14b/0x320 [ 1709.366018][ T30] io_schedule+0x8d/0x110 [ 1709.370643][ T30] folio_wait_bit_common+0x882/0x12b0 [ 1709.376119][ T30] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 1709.382189][ T30] ? __pfx_wake_page_function+0x10/0x10 [ 1709.387824][ T30] ? free_pages_prepare+0x379/0xa20 [ 1709.408622][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.415811][ T30] migrate_pages_batch+0xbb1/0x3560 [ 1709.430485][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.440387][ T30] ? __pfx_compaction_alloc+0x10/0x10 [ 1709.445901][ T30] ? __pfx_compaction_free+0x10/0x10 [ 1709.467926][ T30] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1709.481858][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.490621][ T30] ? isolate_movable_page+0x2a/0xbf0 [ 1709.501055][ T30] ? __pfx_lock_release+0x10/0x10 [ 1709.507032][ T30] migrate_pages+0x262b/0x3460 [ 1709.519103][ T30] ? __pfx_compaction_free+0x10/0x10 [ 1709.530724][ T30] ? __pfx_compaction_alloc+0x10/0x10 [ 1709.546478][ T30] ? __pfx_migrate_pages+0x10/0x10 [ 1709.556615][ T30] ? isolate_migratepages_block+0x22b1/0x64f0 [ 1709.572322][ T30] ? __pageblock_pfn_to_page+0xd3/0x3c0 [ 1709.580515][ T30] ? __pageblock_pfn_to_page+0xd3/0x3c0 [ 1709.586171][ T30] compact_zone+0x3404/0x4af0 [ 1709.599202][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.605573][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.611730][ T30] ? __pfx_compact_zone+0x10/0x10 [ 1709.616933][ T30] ? __lock_acquire+0x137a/0x2040 [ 1709.622182][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.628087][ T30] sysctl_compaction_handler+0x496/0x990 [ 1709.634433][ T30] ? __pfx_sysctl_compaction_handler+0x10/0x10 [ 1709.640883][ T30] ? __virt_addr_valid+0x183/0x530 [ 1709.646178][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.652195][ T30] ? __virt_addr_valid+0x45f/0x530 [ 1709.657369][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.671649][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.681893][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.698511][ T30] ? __check_object_size+0x49c/0x900 [ 1709.704085][ T30] ? __pfx_sysctl_compaction_handler+0x10/0x10 [ 1709.717974][ T30] proc_sys_call_handler+0x553/0x8b0 [ 1709.730693][ T30] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1709.740612][ T30] iter_file_splice_write+0xbd9/0x14e0 [ 1709.746212][ T30] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1709.767414][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.779984][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.788014][ T30] ? rcu_read_lock_any_held+0xb7/0x160 [ 1709.795481][ T30] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1709.804413][ T30] direct_splice_actor+0x120/0x220 [ 1709.809646][ T30] splice_direct_to_actor+0x590/0xc90 [ 1709.815824][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.821725][ T30] ? __pfx_direct_splice_actor+0x10/0x10 [ 1709.827521][ T30] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1709.833562][ T30] ? __fget_files+0x29/0x470 [ 1709.838319][ T30] ? __pfx_lock_release+0x10/0x10 [ 1709.844001][ T30] do_splice_direct+0x28c/0x3e0 [ 1709.849027][ T30] ? __pfx_do_splice_direct+0x10/0x10 [ 1709.854685][ T30] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1709.860991][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.866719][ T30] ? rw_verify_area+0x1d2/0x6b0 [ 1709.872217][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.877933][ T30] do_sendfile+0x56d/0xe20 [ 1709.883231][ T30] ? __might_fault+0xaa/0x120 [ 1709.888105][ T30] ? __pfx_do_sendfile+0x10/0x10 [ 1709.894605][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.920519][ T30] ? __might_fault+0xc6/0x120 [ 1709.931057][ T30] __se_sys_sendfile64+0x100/0x1e0 [ 1709.940594][ T30] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 1709.946350][ T30] ? do_syscall_64+0x100/0x230 [ 1709.960856][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1709.970502][ T30] do_syscall_64+0xf3/0x230 [ 1709.976389][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1709.983143][ T30] RIP: 0033:0x7fa82697def9 [ 1709.987746][ T30] RSP: 002b:00007fa827787038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1710.000852][ T30] RAX: ffffffffffffffda RBX: 00007fa826b35f80 RCX: 00007fa82697def9 [ 1710.013845][ T30] RDX: 00000000200001c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 1710.022205][ T30] RBP: 00007fa8269f09f6 R08: 0000000000000000 R09: 0000000000000000 [ 1710.030691][ T30] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000 [ 1710.038842][ T30] R13: 0000000000000000 R14: 00007fa826b35f80 R15: 00007fff63475988 [ 1710.047728][ T30] [ 1710.051388][ T30] INFO: task syz.4.16584:10764 blocked for more than 144 seconds. [ 1710.059528][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1710.090553][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1710.114422][ T30] task:syz.4.16584 state:D stack:23288 pid:10764 tgid:10762 ppid:8327 flags:0x00004006 [ 1710.139745][ T30] Call Trace: [ 1710.147296][ T30] [ 1710.155377][ T30] __schedule+0x1800/0x4a60 [ 1710.165974][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.178231][ T30] ? __pfx___schedule+0x10/0x10 [ 1710.189445][ T30] ? __pfx_lock_release+0x10/0x10 [ 1710.201093][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.220470][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.226238][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1710.245851][ T30] ? schedule+0x90/0x320 [ 1710.254718][ T30] schedule+0x14b/0x320 [ 1710.264587][ T30] io_schedule+0x8d/0x110 [ 1710.273493][ T30] folio_wait_bit_common+0x882/0x12b0 [ 1710.285695][ T30] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 1710.299163][ T30] ? __pfx_wake_page_function+0x10/0x10 [ 1710.310576][ T30] ? __pfx___folio_put+0x10/0x10 [ 1710.318787][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.328870][ T30] migrate_pages_batch+0xbb1/0x3560 [ 1710.334522][ T30] ? __pfx_compaction_alloc+0x10/0x10 [ 1710.340168][ T30] ? __pfx_compaction_free+0x10/0x10 [ 1710.346288][ T30] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1710.352637][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.358550][ T30] ? isolate_movable_page+0x2a/0xbf0 [ 1710.375093][ T30] ? __pfx_lock_release+0x10/0x10 [ 1710.390720][ T30] migrate_pages+0x262b/0x3460 [ 1710.396900][ T30] ? __pfx_compaction_free+0x10/0x10 [ 1710.408469][ T30] ? __pfx_compaction_alloc+0x10/0x10 [ 1710.424022][ T30] ? __pfx_migrate_pages+0x10/0x10 [ 1710.434803][ T30] ? isolate_migratepages_block+0x22b1/0x64f0 [ 1710.452425][ T30] ? __pageblock_pfn_to_page+0xd3/0x3c0 [ 1710.466454][ T30] ? __pageblock_pfn_to_page+0xd3/0x3c0 [ 1710.480599][ T30] compact_zone+0x3404/0x4af0 [ 1710.490435][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.496424][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.503015][ T30] ? __pfx_compact_zone+0x10/0x10 [ 1710.508233][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.514094][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.521034][ T30] sysctl_compaction_handler+0x496/0x990 [ 1710.526909][ T30] ? __pfx_sysctl_compaction_handler+0x10/0x10 [ 1710.534093][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.539951][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.545824][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.552918][ T30] ? __kmalloc_node_noprof+0x247/0x440 [ 1710.558602][ T30] ? __kvmalloc_node_noprof+0x72/0x190 [ 1710.573791][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.586790][ T30] ? __check_object_size+0x98/0x900 [ 1710.599438][ T30] ? __pfx_sysctl_compaction_handler+0x10/0x10 [ 1710.614139][ T30] proc_sys_call_handler+0x553/0x8b0 [ 1710.627092][ T30] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1710.640594][ T30] vfs_write+0xa74/0xc90 [ 1710.645122][ T30] ? __pfx_proc_sys_write+0x10/0x10 [ 1710.654634][ T30] ? __pfx_vfs_write+0x10/0x10 [ 1710.659689][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.665667][ T30] ksys_write+0x1a0/0x2c0 [ 1710.670185][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.676520][ T30] ? __pfx_ksys_write+0x10/0x10 [ 1710.684057][ T30] ? exc_page_fault+0x590/0x8c0 [ 1710.689185][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1710.695204][ T30] ? do_syscall_64+0xb6/0x230 [ 1710.700110][ T30] do_syscall_64+0xf3/0x230 [ 1710.705059][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1710.711837][ T30] RIP: 0033:0x7fa82697def9 [ 1710.716492][ T30] RSP: 002b:00007fa827766038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1710.739203][ T30] RAX: ffffffffffffffda RBX: 00007fa826b36058 RCX: 00007fa82697def9 [ 1710.748077][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 1710.768600][ T30] RBP: 00007fa8269f09f6 R08: 0000000000000000 R09: 0000000000000000 [ 1710.786349][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1710.805609][ T30] R13: 0000000000000001 R14: 00007fa826b36058 R15: 00007fff63475988 [ 1710.821969][ T30] [ 1710.834537][ T30] [ 1710.834537][ T30] Showing all locks held in the system: [ 1710.850695][ T30] 1 lock held by khungtaskd/30: [ 1710.862206][ T30] #0: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 1710.876164][ T30] 3 locks held by kworker/u8:3/52: [ 1710.881711][ T30] #0: ffff88801ac81148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1710.894129][ T30] #1: ffffc90000bc7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1710.905887][ T30] #2: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 1710.915624][ T30] 2 locks held by kworker/u8:5/146: [ 1710.921674][ T30] 5 locks held by kworker/u8:9/1290: [ 1710.931703][ T30] #0: ffff88801bae5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1710.943110][ T30] #1: ffffc90004bb7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1710.954580][ T30] #2: ffffffff8fc7f750 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 1710.964386][ T30] #3: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 1710.988479][ T30] #4: ffffffff8e93d6f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 1711.000252][ T30] 2 locks held by getty/4980: [ 1711.022176][ T30] #0: ffff88823bd268a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1711.041858][ T30] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00 [ 1711.060519][ T30] 3 locks held by kworker/u8:2/22613: [ 1711.065996][ T30] #0: ffff888030560148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1711.078017][ T30] #1: ffffc9000a5efd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1711.093657][ T30] #2: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 1711.103356][ T30] 3 locks held by syz.5.11855/31805: [ 1711.108706][ T30] 1 lock held by syz.3.16558/10703: [ 1711.114206][ T30] #0: ffff88805d2e5870 (mapping.invalidate_lock#16){.+.+}-{3:3}, at: page_cache_ra_unbounded+0xf7/0x7f0 [ 1711.126173][ T30] 1 lock held by syz.4.16584/10763: [ 1711.148157][ T30] #0: ffff88807601e420 (sb_writers#3){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x220 [ 1711.180706][ T30] 2 locks held by syz.4.16584/10764: [ 1711.186104][ T30] #0: ffff88807cdfd248 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x310 [ 1711.210767][ T30] #1: ffff88807601e420 (sb_writers#3){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 [ 1711.219847][ T30] 1 lock held by syz-executor/14141: [ 1711.241890][ T30] #0: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1711.270437][ T30] 2 locks held by syz.4.18051/14245: [ 1711.275954][ T30] #0: ffffffff8fc7f750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 1711.286099][ T30] #1: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1f/0x1e0 [ 1711.295718][ T30] 1 lock held by syz.2.18060/14271: [ 1711.301269][ T30] #0: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1711.314567][ T30] 1 lock held by syz.3.18061/14273: [ 1711.319958][ T30] #0: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1711.330031][ T30] 1 lock held by syz.1.18063/14275: [ 1711.335474][ T30] #0: ffffffff8fc8c308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1711.354369][ T30] [ 1711.389005][ T30] ============================================= [ 1711.389005][ T30] [ 1711.397810][ T30] NMI backtrace for cpu 0 [ 1711.402177][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1711.412786][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1711.422863][ T30] Call Trace: [ 1711.426158][ T30] [ 1711.429196][ T30] dump_stack_lvl+0x241/0x360 [ 1711.433915][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1711.439142][ T30] ? __pfx__printk+0x10/0x10 [ 1711.443759][ T30] ? vprintk_emit+0x667/0x7c0 [ 1711.448465][ T30] ? __pfx_vprintk_emit+0x10/0x10 [ 1711.453537][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 1711.458520][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1711.464022][ T30] ? _printk+0xd5/0x120 [ 1711.468190][ T30] ? __pfx__printk+0x10/0x10 [ 1711.472790][ T30] ? __wake_up_klogd+0xcc/0x110 [ 1711.477661][ T30] ? __pfx__printk+0x10/0x10 [ 1711.482263][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1711.487911][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 1711.492952][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1711.498965][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 1711.504988][ T30] watchdog+0xff4/0x1040 [ 1711.509272][ T30] ? watchdog+0x1ea/0x1040 [ 1711.513736][ T30] ? __pfx_watchdog+0x10/0x10 [ 1711.518447][ T30] kthread+0x2f2/0x390 [ 1711.522543][ T30] ? __pfx_watchdog+0x10/0x10 [ 1711.527245][ T30] ? __pfx_kthread+0x10/0x10 [ 1711.531849][ T30] ret_from_fork+0x4d/0x80 [ 1711.536286][ T30] ? __pfx_kthread+0x10/0x10 [ 1711.540897][ T30] ret_from_fork_asm+0x1a/0x30 [ 1711.545721][ T30] [ 1711.551373][ T30] Sending NMI from CPU 0 to CPUs 1: [ 1711.556722][ C1] NMI backtrace for cpu 1 [ 1711.556742][ C1] CPU: 1 UID: 0 PID: 1115 Comm: kworker/u8:7 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1711.556780][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1711.556796][ C1] Workqueue: bat_events batadv_nc_worker [ 1711.556836][ C1] RIP: 0010:check_preemption_disabled+0x5c/0x120 [ 1711.556868][ C1] Code: 25 28 00 00 00 48 3b 44 24 08 0f 85 ce 00 00 00 89 d8 48 83 c4 10 5b 41 5c 41 5e 41 5f e9 b7 88 36 00 48 c7 04 24 00 00 00 00 <9c> 8f 04 24 f7 04 24 00 02 00 00 74 c5 49 89 f6 49 89 ff 65 4c 8b [ 1711.556888][ C1] RSP: 0018:ffffc90004557948 EFLAGS: 00000046 [ 1711.556907][ C1] RAX: 0000000080000000 RBX: 0000000000000001 RCX: 285ae548acfd7f00 [ 1711.556924][ C1] RDX: dffffc0000000000 RSI: ffffffff8c0ae6e0 RDI: ffffffff8c608f40 [ 1711.556943][ C1] RBP: ffffc90004557ad0 R08: ffffffff941e4847 R09: 1ffffffff283c908 [ 1711.556961][ C1] R10: dffffc0000000000 R11: fffffbfff283c909 R12: 1ffff920008aaf38 [ 1711.556978][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000246 [ 1711.556999][ C1] FS: 0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000 [ 1711.557018][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1711.557035][ C1] CR2: 0000555580aa05c8 CR3: 000000000e734000 CR4: 0000000000350ef0 [ 1711.557054][ C1] Call Trace: [ 1711.557065][ C1] [ 1711.557077][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 1711.557110][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1711.557148][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1711.557192][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1711.557223][ C1] ? nmi_handle+0x151/0x5a0 [ 1711.557248][ C1] ? nmi_handle+0x2a/0x5a0 [ 1711.557271][ C1] ? check_preemption_disabled+0x5c/0x120 [ 1711.557298][ C1] ? default_do_nmi+0x63/0x160 [ 1711.557330][ C1] ? exc_nmi+0x123/0x1f0 [ 1711.557360][ C1] ? end_repeat_nmi+0xf/0x53 [ 1711.557402][ C1] ? check_preemption_disabled+0x5c/0x120 [ 1711.557429][ C1] ? check_preemption_disabled+0x5c/0x120 [ 1711.557458][ C1] ? check_preemption_disabled+0x5c/0x120 [ 1711.557486][ C1] [ 1711.557493][ C1] [ 1711.557505][ C1] lock_acquire+0x1fd/0x550 [ 1711.557538][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1711.557576][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1711.557608][ C1] ? batadv_nc_process_nc_paths+0xb5/0x3a0 [ 1711.557645][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 1711.557676][ C1] ? __pfx_lock_release+0x10/0x10 [ 1711.557708][ C1] ? batadv_nc_purge_paths+0x312/0x3b0 [ 1711.557744][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1711.557786][ C1] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 1711.557823][ C1] ? __pfx_batadv_nc_to_purge_nc_path_decoding+0x10/0x10 [ 1711.557865][ C1] ? __pfx_batadv_nc_sniffed_purge+0x10/0x10 [ 1711.557903][ C1] batadv_nc_process_nc_paths+0xd6/0x3a0 [ 1711.557940][ C1] ? batadv_nc_process_nc_paths+0xb5/0x3a0 [ 1711.557978][ C1] ? batadv_nc_process_nc_paths+0xb5/0x3a0 [ 1711.558018][ C1] batadv_nc_worker+0x52c/0x610 [ 1711.558057][ C1] ? process_scheduled_works+0x945/0x1830 [ 1711.558089][ C1] process_scheduled_works+0xa2e/0x1830 [ 1711.558142][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 1711.558181][ C1] ? assign_work+0x364/0x3d0 [ 1711.558215][ C1] worker_thread+0x86d/0xd10 [ 1711.558255][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1711.558296][ C1] ? __kthread_parkme+0x169/0x1d0 [ 1711.558332][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1711.558365][ C1] kthread+0x2f2/0x390 [ 1711.558386][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1711.558418][ C1] ? __pfx_kthread+0x10/0x10 [ 1711.558439][ C1] ret_from_fork+0x4d/0x80 [ 1711.558473][ C1] ? __pfx_kthread+0x10/0x10 [ 1711.558494][ C1] ret_from_fork_asm+0x1a/0x30 [ 1711.558540][ C1] [ 1711.953896][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1711.960819][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1711.971361][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1711.981453][ T30] Call Trace: [ 1711.984774][ T30] [ 1711.987740][ T30] dump_stack_lvl+0x241/0x360 [ 1711.992486][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1711.997758][ T30] ? __pfx__printk+0x10/0x10 [ 1712.002394][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1712.008443][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1712.014133][ T30] ? vscnprintf+0x5d/0x90 [ 1712.018517][ T30] panic+0x349/0x860 [ 1712.022456][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1712.028146][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 1712.034358][ T30] ? __pfx_panic+0x10/0x10 [ 1712.038814][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 1712.044229][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1712.049890][ T30] ? __irq_work_queue_local+0x137/0x410 [ 1712.055469][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1712.061138][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1712.066553][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 1712.072741][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 1712.078936][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1712.084608][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 1712.090796][ T30] watchdog+0x1033/0x1040 [ 1712.095157][ T30] ? watchdog+0x1ea/0x1040 [ 1712.099600][ T30] ? __pfx_watchdog+0x10/0x10 [ 1712.104308][ T30] kthread+0x2f2/0x390 [ 1712.108390][ T30] ? __pfx_watchdog+0x10/0x10 [ 1712.113097][ T30] ? __pfx_kthread+0x10/0x10 [ 1712.117703][ T30] ret_from_fork+0x4d/0x80 [ 1712.122153][ T30] ? __pfx_kthread+0x10/0x10 [ 1712.126775][ T30] ret_from_fork_asm+0x1a/0x30 [ 1712.131592][ T30] [ 1712.134854][ T30] Kernel Offset: disabled [ 1712.139182][ T30] Rebooting in 86400 seconds..