last executing test programs: 6.651982235s ago: executing program 4 (id=318): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8101, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000080)="0f783666ba2000ed66baf80cb8f6a21287ef66bafc0cec660fd2c9c4a1d1eacab9a00b00000f3226470f01ca66b83c000f00d8660f388168d6664b0f7ec2", 0x3e}], 0x1, 0x49, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6.29846313s ago: executing program 4 (id=324): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100f9ffffff0000000017000000400006803c00040067636d2861657329"], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) 6.163592922s ago: executing program 4 (id=326): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x8eb, &(0x7f0000000140)={0x0, 0xe2ec, 0x400, 0xeffffffb, 0x330}, 0x0, &(0x7f0000ff4000)) r0 = syz_io_uring_setup(0x88f, &(0x7f0000000480)={0x0, 0xfb8d, 0x1000, 0x10000001, 0xffdffffd}, &(0x7f00000000c0)=0x0, &(0x7f0000000340)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, 0x0, 0x0, 0x4) io_uring_enter(r0, 0x47f6, 0xffffffff, 0x4a, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x14, 0x0, &(0x7f00000001c0)=[@request_death, @exit_looper], 0x0, 0x0, 0x0}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r2) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) 4.801219124s ago: executing program 4 (id=338): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="54000000020601040000000000000000000000000c00078008000640000000010500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}}, 0x0) 4.715417715s ago: executing program 4 (id=340): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x0, 0x100}, 'syz0\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f00000028c0)={0x2020}, 0x2020) 4.619968217s ago: executing program 4 (id=342): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000280)) r3 = socket$packet(0x11, 0x3, 0x300) r4 = dup(r3) r5 = fcntl$dupfd(r2, 0x0, r3) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0}) ioctl$VHOST_NET_SET_BACKEND(r5, 0x4008af30, &(0x7f0000000080)={0x0, r4}) write$tun(r0, &(0x7f00000005c0)=ANY=[], 0xfdef) 2.249674655s ago: executing program 0 (id=361): r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c5602117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000b0c100000000000224e0000", 0x58}], 0x1) 2.099437807s ago: executing program 0 (id=363): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x5}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r1, &(0x7f00000039c0)=[{{&(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x2000c044) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="8000000002000200080004000000000008001b"], 0x30}}, 0x0) sendto$inet(r1, 0x0, 0x0, 0x60, 0x0, 0x0) 1.527365476s ago: executing program 0 (id=367): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback, 0x200000}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000180), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000440)="83", 0x1, 0x4000, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "2000a200009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f0000000100)=0x7d06, 0x4) recvfrom$inet6(r0, &(0x7f0000000300)=""/19, 0x4000, 0x40000041, 0x0, 0x0) 1.382440608s ago: executing program 0 (id=369): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000000)="0fea2f66b9030100c00f30efe1ef19362e3636368a4b2e0fc7320f81cad82a2fd4d4caf30f1eca", 0x27}], 0x1, 0x1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0}, 0x8804) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50) write$sysctl(0xffffffffffffffff, &(0x7f0000000000)='2\x00', 0x2) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 1.222175371s ago: executing program 0 (id=371): mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = epoll_create1(0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f0000002900)=[{&(0x7f0000001580)="65363fcbaa6bcb47859cfb67b888a239ab7b6414575d6df38c6e55220bf8f2ed14c0329ad10fae816f708c5e1192b9a1baaae296311806bc41fafe14b3a72865ff6a558d2a101f5f482a1edae43b4be58597457df2631ebf29dfd8e02d84a68bdca904f1d1b840301a47ab27e4c7c500100e9efd01df705ab67b66ea050723a57000bdf7492a394f7ea29f3b2ecd2560d648ac9a2ac4e8221d32b43c84912661bdde0055bcc3fd00f68ad6f51a9bc63a6fc04c48d26c0430c418473aa7c2560467b7498991b0583a778fae1f6e17336c4641e4d42df648dc8997dd9fed5be86563e66fe72c9c3d15569177e2677ed06e1ba19d236778edde975e0e5c46e3f31cc2137ede96a02225d590fce32f86aa0e16973839c45f4edccbf5dbd01ef00a9a1a1d6b79b41527a5b7db0ffd68481893dd3aa6b441a66f467e27796c2dcf515938ba5226f6d2b4786c7b9fa8d1b14e5e781d05459026d03a236bdc467708b17279df7c105cb796b9304754ec7bd4984cf3b07e2dd12c79b3959d182ac59ca1446f493794b0c211c07a47a8f48d94121c52378acf4e00a2ce01ff78596315420cbc449d48d24490d9c3e733a675516639299617ee1ac0f7967f07ebfcc2c11c6e5ef512795c44c39f85a961267e3211479dd1d5ec19171ca16caf06a730158cca1a8177745d50a740905ab578b6b5c4825a0d0b483ec564d5a3a8e594e7ae5e5d68cccd10b21f417ed46823959ac207c9bfa7999f25593ec98565ccbd67930a890e8269d93179ebef008fe36dee739aee8f3d37c5b39c8e694b7ac2e2f509f15d00b21c56e94e9c36be6df8d06731ca6072d08eb24a8558315e4d1f9e7f365fb394b8e9afb15c6d56d61fd394cf1a415ceddef3d46ecaaa232785695fe46dc2ac0c264a4f3c7faee92322fc29bd7f3d5cee52e069acb67e52bb795b5c9cb6fa1287a7c4b5df6d60eaf920da5c95aefac8a301c18facf004bab99bc7612b1cdd42e32e87e8a75af111dd2a2fd0c488c12d7cfcf21458cc9f7a1aeb93672ea2d882475ac91e1753679a440bea347455766313c61ca1394572c57344973909dd1682605b62c70c3bc55b5f7a9eff30aee8cd1db514a07cb75005971ba3cb58f1c66e8108312a4f7d93b65934843bd49a0051caf35796d07a567486dd2ed1c9d6d9fdd4fe246362f0b1e4fbc35d2960c5780cfe9dd684ced72d3394cdc93eb45b4d8d73f1ae24536daa2dc25b314f242a45754acdf1ad0e0038394bb2eff184dab55c7a5958a8e9956f61ff3783d2a8fc019fe6b2da8bf6acc52c109c8e29f80ed875164178d63b612eeace5a222d0dea1473308ced55dcb0a78456d5665164462073a720121e4743aa35010e884236c368d0f2615b5915200d86aff554f56c65cc3076b490a3d66a8d19c2c3df21fc41be2ab9d22a171fb9226899bc644d49b76132a7b10feee6c91f36aca6ea0d8a6f164018774a7d8804d244624b7661c14c1d46c2302e71e44056d5aff84221fd6a38634057f44a426c1fff655fdbb55061651ad24168b4e777bae6cf3b56e5868d59330adf476328c6c6548de05845d7bf22e1d8ccad88a41055019cb8626400bb240c350d90d37d923630928f1898e22eb353f8b4a62227faef39c82f1fde641ec84499b11f0b4477ffbbdcc11978dc995a01510308c4da92e3849a086df65bc36e4b45a5f3c35b94938d38edf8a2646c9da92c193c9fb149067ea3296a356ba6a30e519bf580e9f167d1bb6b6e6db0f87074f63db098d8c30931a8ab1f1174a9c2bb83561d3d5954bc48921e1f7bd7f75345d27d8809847fa41b887318f9fb448005336941bbdfea84d9d17308162967b1f96e9f60f1d77916af6e921b3ae9827a9a42b544873d83ba71c0426070c3d6ec80be09750b9da906630b4f94500ac6c479e0eee3a1f9593d2d2b677560c29c0fba8e6da7549fed2125ce2be088f4bf8c3f96ec6c2a3ff415ed1c3f83bb55c72aa6146637e05110488f6417caec33e27f7d474f4b769c7d6f7616f600e9b43d1c9d43be1581fbf65cfa7e39ea7a3e54a6599f2788d79b07c6775164462251a851e23cf4c9473006c256e8693d1ccca9e2e8761dc74b9fea835130931aef0f20021e67a944df16585366093e3d176ab2985727d1c8a7459ef01acd37d5181f4c1fd9fdfb2d599e883f8ba3b44b2c66ec6a84d2c0d264b92c03faf1efc57d401cb72826468888ff892085e75ab63fd99137a45ac9f97611e500c5a5c28788a0b6b3f04ed3581bf1cb9c7d34a0645cb18100a553e82195c5c012a01f6f9cde086cf86c2aefddc96b188fe9d41674ffd0d9dd2832d8eb305871328471458ca1d511064f70c45e506a96c9c4e55e6181258d2b6bfd09b17a4c7010adef40cd1a4d99fd52bfb00332ee57643eb16ddb86760e70277d8b213e48c24ae9dbd67fc23960367e254db02ce7f1096230b4c847de76b587efcdc846d9673655e50002204b7ffdda9c1d40ee468f234b8150717f0ed7659cd086b5895615132f2823b719b1c5b4e95b2f95a33a28238a223b2d30dc8d98657ef1bf89ed321578799b56af990395979d0f6084aebfaaa7235c243023e42a09c41bc6717a665bdbf055c767374a062ee10b62d23a1b16a971c5d4fb32627136476b10b270ae142f9b541b3c5405c7d323dbf2a51569db9a14", 0x769}], 0x1}}], 0x1, 0x4048884) close_range(r0, 0xffffffffffffffff, 0x0) 1.179611302s ago: executing program 1 (id=372): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e601bae74656e642c6163638173733d616e792c63616368653d66736361636865"]) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000480), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) mknodat$loop(0xffffffffffffffff, 0x0, 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 1.011631914s ago: executing program 2 (id=374): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='hugetlb.2MB.rsvd.max_usage_in_bytes\x00', 0x2, 0x0) preadv(r1, &(0x7f0000000600)=[{&(0x7f0000000140)=""/248, 0xf8}], 0x1, 0x1, 0x1) 984.491645ms ago: executing program 1 (id=375): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, 0x0) close(r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r4 = eventfd2(0x8, 0x80801) statx(r4, 0xfffffffffffffffd, 0x1000, 0x20, 0x0) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3) sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) close(r6) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r7, 0x0, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffff9, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r10, {}, {0x2, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x10}]}}]}, 0x38}}, 0x4008000) ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 919.551676ms ago: executing program 3 (id=376): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@deltaction={0x18, 0x31, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@TCA_ACT_TAB={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) 904.981866ms ago: executing program 2 (id=377): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000070500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r0], 0x4c}}, 0x40000) 854.740267ms ago: executing program 3 (id=378): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) ioctl$COMEDI_CMD(r0, 0x80506409, &(0x7f0000000100)={0x5, 0x20, 0x80, 0x6dd, 0x0, 0x4, 0x2, 0xd, 0xffffff6f, 0x4, 0x0, 0x8008, 0x0, 0x0, 0x0}) 743.585948ms ago: executing program 2 (id=379): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd26, 0x8000, {0x0, 0x0, 0x0, r3, {0x8, 0x1}, {}, {0xffff, 0xfff3}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x109a6}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 734.228109ms ago: executing program 3 (id=380): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@local}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000040)={&(0x7f0000000280)={{@local, 0x3}, {@my=0x0, 0x6}, 0x400, "067c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fe1825253be9e8480cb4f3524914f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336f04000300000000008e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba09000000000000001c9e4a41d3e16af21d6c16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf4928745692b037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed081729b5ea722a98b34d0dac6de995de4ee263c81b2567b3f87e0897857edd5d7e97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a72345772b3ce9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2246cb5c953048c43266485bbd9d0caecf009000000433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b89efe26674d65f908f9c3a8c201f661fc26efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc10d05f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe399939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193db8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b0237437200"}, 0x418, 0x7fffffff}) 630.164641ms ago: executing program 3 (id=381): ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x1, 0x3, 0xfffffffe, 0x717e387b, 0x40, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x6, 0x2}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0xf9) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000001c0)=0x9) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000280)=0xb3) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000240)=0x45) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0xc) 571.560531ms ago: executing program 2 (id=382): r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) ioctl$I2C_SMBUS(r0, 0x720, &(0x7f00000000c0)={0x1, 0x0, 0x5, &(0x7f0000000080)={0x0, "90f541a5e64f61909103f1fbbc2bd3c9f144d76e44c7b2986eb5e52829e7cb8393"}}) openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi3\x00', 0xa0602, 0x0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) ioctl$COMEDI_CMD(r1, 0x80506409, &(0x7f0000000100)={0x1, 0x20, 0x80, 0x6dd, 0x0, 0x4, 0x2, 0xd, 0xffffff6f, 0x4, 0x0, 0x8008, &(0x7f0000001140)=[0x6], 0x1, 0x0}) 570.108422ms ago: executing program 1 (id=383): r0 = syz_open_procfs(0x0, &(0x7f0000000280)='oom_score_adj\x00') write$binfmt_elf32(r0, &(0x7f0000000840)=ANY=[], 0x580) 539.449772ms ago: executing program 3 (id=384): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r1, 0x4068aea3, &(0x7f00000003c0)={0xbc, 0x0, 0x1}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, 0x0}], 0x1, 0x80, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000040)="0f019d51350000b9800000c00f3235008000000f30b9930a0000b850c20000ba000000000f3066ba4200ed650f01c8640f38026c752c66baf80cb80adfb883ef66bafc0cb000ee0f01c866baa000ed66baf80cb85c624087ef66bafc0cb881000000ef", 0x63}], 0x1, 0x13, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 474.503703ms ago: executing program 2 (id=385): ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000240)={{0x3, 0x100, 0x5, 0xb7a4, 0x1, 0xffff}, 0x341, [0xc, 0x40, 0xcd6, 0x4, 0x6, 0x0, 0x3, 0x7, 0x9, 0x7a18fde9, 0x9, 0xf12, 0x4, 0x3, 0x378, 0x350bae1a, 0x4, 0x0, 0x1, 0xffff06bd, 0x0, 0xd4f, 0x7, 0xf2, 0xe, 0x5, 0x8, 0x10001, 0x401, 0x80000000, 0x401, 0x3ca5, 0x1, 0x0, 0xff, 0x4, 0x4, 0x3, 0x0, 0x0, 0x40000000, 0x80000000, 0x7fff, 0x7, 0x3, 0xa, 0x0, 0x10000, 0x401, 0x8, 0xffff, 0x91ba, 0x7, 0x9, 0x1, 0xb6, 0x24, 0xcb, 0x5, 0x7f, 0x5, 0x311, 0x66d1, 0xfffffffd, 0xa7d6, 0xb6eb, 0xc74, 0x77, 0x1, 0xff, 0x5cb5, 0xfffffffe, 0x401, 0xedf4, 0x4, 0x1000, 0x6, 0xfffffffe, 0x8001, 0xc1, 0x1, 0x10000008, 0x1, 0x32, 0x98, 0x7f, 0x2, 0x401, 0x2, 0x2, 0x4680, 0x7, 0xe665, 0x3c6e, 0x3, 0x40, 0x80, 0x4b, 0x8000, 0x2, 0xb, 0x6, 0x4fa4, 0x80000000, 0x1, 0xb, 0x0, 0xfffffffa, 0x3, 0x9, 0xfd, 0x101, 0x4, 0x40, 0xa, 0x1b, 0x1ff, 0x7ff, 0x2, 0x80000000, 0xffff, 0x9, 0x0, 0x6, 0x2, 0x1, 0x3, 0xa0, 0xf, 0x1ff, 0x9, 0x7, 0x6, 0x400, 0x8, 0xff2, 0x6, 0x0, 0x6, 0x0, 0x9, 0x1, 0xf1a, 0x664, 0x4, 0x9, 0x9, 0x2, 0x4, 0xfffffffd, 0x10, 0x0, 0x9, 0x10000, 0x1, 0x9, 0xf7a, 0xc6, 0x1, 0x4, 0x6, 0xffffffff, 0x6, 0x10001, 0x8, 0x68, 0x7, 0x1, 0x5, 0x3, 0x9a3f, 0x400000, 0x0, 0x80000067, 0xffffff7e, 0x7, 0x10000000, 0x10001, 0x7, 0x3, 0x10, 0x10a, 0x2, 0x40, 0x1c, 0x80, 0xb5f8, 0x8bc, 0x3, 0x101, 0x5, 0x63, 0x4, 0x8001, 0x10, 0x1000, 0x288c, 0x1ffe, 0x73ee, 0x1, 0x5, 0x9, 0x7fffffff, 0x73, 0x7, 0x8, 0x6, 0x400, 0x40, 0x0, 0x0, 0x0, 0x546c, 0x981, 0x5aa, 0x7fff, 0x7, 0x4, 0x8, 0x6688, 0x45e3, 0x5, 0x7, 0x3, 0x5, 0x3, 0x0, 0x1, 0x2, 0xffffffff, 0x4, 0xce, 0xf, 0x0, 0x1, 0x667, 0x3, 0x0, 0x9, 0x9, 0x37d, 0x10001, 0xc, 0x1, 0x1, 0x2, 0x6, 0x4, 0x6, 0x1, 0x9, 0x6, 0xfffffffa, 0x5, 0x0, 0x9, 0x5, 0x2, 0x7, 0x3, 0xffffff1b, 0x9, 0x2, 0xd, 0x34ea, 0x10000, 0x0, 0x80000001, 0x8, 0x8000, 0x3a, 0x10, 0x8, 0x9, 0x5, 0x1, 0x6, 0x10001, 0x0, 0x4, 0x10000, 0x4, 0xffff, 0xe, 0x89, 0x2, 0x7, 0x1, 0x73, 0x3, 0x9, 0x4, 0x1, 0x9, 0x0, 0x8, 0x0, 0x2, 0x80000004, 0x9, 0x9, 0x0, 0x4, 0x4, 0x0, 0x1, 0x4, 0x5, 0x4, 0x10001, 0xf, 0x9, 0x100, 0x4, 0x59b, 0x7, 0x8, 0x9, 0x3, 0x2, 0x4, 0xbf, 0x0, 0x8, 0x40, 0xd3, 0x7, 0x1, 0x89aa, 0x8, 0x0, 0xf0ce, 0x4, 0x1, 0x0, 0x2, 0xc6, 0x1000, 0x1, 0x937, 0xa, 0x6, 0x3, 0xffffffff, 0x5, 0x9, 0x5, 0xffffffff, 0xbe, 0x1, 0x7, 0x0, 0xffffffff, 0x0, 0x3d6, 0x0, 0xc, 0x6, 0x1, 0xfffffeff, 0x4, 0x2, 0x7fff, 0x101, 0x7, 0x6, 0x706, 0x2, 0x49, 0x10, 0xfffffff7, 0xfffff772, 0x6, 0x80000000, 0x5, 0x1, 0xa9c, 0x9, 0x8, 0x1, 0x2, 0x5, 0x1000, 0x5, 0x1ff, 0x9, 0x3, 0x3, 0x10001, 0xffff0000, 0xf, 0x1, 0xffffa5ba, 0xffffa9b4, 0x1, 0x4, 0x5, 0x3, 0x4b5f, 0x6, 0x7fffffff, 0xffffffff, 0x1, 0x80000000, 0xb, 0x0, 0xc8f, 0x1, 0x7, 0x8, 0x1, 0x10000, 0x57dc, 0x818a, 0x10, 0x8, 0x13, 0xfffffffc, 0xfffff001, 0xa, 0x5, 0x5, 0x4, 0xfff, 0x9, 0x10, 0xfffffffd, 0x4, 0xc2, 0x400, 0x4, 0x2, 0x80000000, 0xd, 0x3, 0x1, 0x0, 0x5, 0xb6, 0x101, 0x401, 0x2, 0x7, 0xc, 0x6623258, 0xf2, 0x741, 0xae6, 0x9, 0xffffa0ae, 0x9, 0x6, 0x2, 0x8, 0x9, 0x1, 0x7f, 0x9a, 0x9, 0xb, 0x800, 0x4, 0x3ff, 0x5, 0x7, 0x7, 0x8, 0xfe, 0x7f, 0x9, 0x4, 0x2, 0x20000000, 0x2, 0x8000, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x7, 0x8000001, 0x0, 0xfff, 0x101, 0x4, 0x0, 0x96c6, 0xc, 0x5, 0xfff, 0x100, 0xffff, 0x1, 0x401, 0xf0, 0x0, 0xfffff53d, 0x9, 0x2, 0x6, 0x0, 0x6, 0x4b15, 0x10000, 0x1, 0x9, 0x1, 0xd, 0x9, 0x4, 0xfffffe01, 0x1, 0x6, 0x0, 0x3, 0x10001, 0x1, 0x7, 0x1, 0x5, 0x8, 0xffffc487, 0x200, 0x10001, 0x37c, 0x7, 0x6, 0x6, 0x8, 0xfffffe00, 0x1, 0x1, 0x0, 0xe, 0x0, 0x2, 0x4, 0x80000000, 0xb46d, 0x3, 0xffe, 0x1eb4bce6, 0x10, 0x8, 0x1, 0x5, 0x1, 0x5, 0x9, 0x1000, 0x7, 0x62f2f805, 0x9, 0x3, 0xffffffff, 0x9, 0x7f, 0x6, 0x8, 0x40, 0x5, 0x2, 0xa, 0x5, 0x6, 0x80000000, 0x25, 0x8, 0x7, 0x7, 0x4, 0x5, 0x9, 0x6709, 0x80000001, 0x0, 0x80, 0x8, 0x6, 0x0, 0xa95a, 0xff, 0x5, 0x2, 0x2, 0x4, 0x10000, 0x80000001, 0x5, 0x8001, 0x9, 0x0, 0xb7, 0x3, 0xff, 0x9, 0xffff, 0x80, 0xfea5, 0x7fff, 0x7, 0x7, 0x7, 0x7485, 0x9, 0x8, 0x0, 0x5, 0xf, 0x5, 0xe, 0x8, 0x1000, 0x2, 0x7, 0x382d, 0x459, 0xcad, 0x9, 0x0, 0x2, 0x9, 0x6, 0x20000a4, 0xe0, 0xfffffffb, 0x5, 0xffffffff, 0x2, 0x7, 0xa05a, 0x0, 0x0, 0x0, 0x35, 0x8, 0x1, 0x1, 0x30, 0xffffff7e, 0x1, 0x2, 0x9, 0x3, 0x7, 0x8, 0x8, 0x0, 0x1, 0x4, 0x15294b70, 0x3, 0x3, 0x2, 0x43, 0x3, 0x9, 0x5, 0x80000000, 0x9, 0x0, 0x5, 0x81, 0x1, 0x2, 0x3fd, 0x1df, 0x6, 0x6, 0xfffffffa, 0x1a, 0x9, 0x2, 0x9, 0xffffffff, 0x9, 0x7, 0x2c1, 0x9e95, 0x2, 0xfffffedd, 0x30c8, 0x2, 0x38a0, 0x7b, 0x0, 0x8, 0x9, 0x6, 0x9, 0x9, 0x8, 0x5, 0x8, 0x1ff, 0x7fff, 0x3, 0x2, 0x8, 0x2b, 0x200006, 0x4, 0x7, 0x0, 0xfb4, 0xbfb, 0x7, 0x405, 0x6, 0x4, 0x8001, 0x9, 0x8, 0x3, 0x6ae574d2, 0x6, 0xfffffe00, 0x1000, 0x5, 0x92, 0x3, 0x7fffffff, 0xd7, 0x8001, 0x905, 0x3, 0x6, 0xfffffb31, 0xb, 0x4, 0x7, 0x8, 0x1, 0x6, 0x1, 0xff, 0x100, 0x4, 0x3, 0x6, 0x80000000, 0x0, 0x100a, 0x7fffffff, 0x7fff, 0x2, 0xfffffff8, 0x2, 0x9af, 0x10001, 0x8, 0x4, 0x8, 0x6, 0x7742348d, 0x5, 0x5, 0x1f, 0x40, 0x0, 0x6, 0x7fffffff, 0x7, 0x7, 0x8, 0x17f, 0x6, 0x2, 0x5, 0x6, 0x1, 0xb, 0xe, 0x5, 0x1, 0xfe7, 0xfffffffc, 0x8, 0x7ff, 0x3e9, 0x0, 0x3, 0x2000, 0xd, 0x3, 0x4, 0x3, 0x81, 0x8, 0x14, 0x8, 0x9, 0x6, 0xffff, 0xf28c, 0x7, 0x6, 0x4, 0x7fffffff, 0xffff, 0x7fffffff, 0xc9, 0x2, 0x0, 0x924, 0x6, 0x100, 0x1, 0x5, 0xffff351b, 0x8, 0xfffffffb, 0x7, 0x9, 0x2, 0x5, 0x4, 0x1, 0x4, 0xff, 0xee, 0x2, 0x4, 0x8, 0x9f, 0x7, 0x3, 0x9, 0xc9, 0x1, 0x1, 0x1, 0xfffffff7, 0x0, 0x5, 0x5, 0x6, 0x400, 0x51, 0x7, 0xefb, 0xb8, 0x8, 0x5, 0xfffffff7, 0x7, 0x7, 0x5, 0x6332, 0x0, 0x6, 0xea, 0x0, 0xfff, 0x809, 0x6, 0x0, 0x6, 0xffff, 0xfffffffa, 0x3, 0x0, 0x1, 0x6, 0xfffffc00, 0x5, 0x7, 0x64c822e3, 0x9, 0x6, 0x3ff, 0x6, 0xfff, 0x0, 0xa7b, 0x62cc, 0xfffffff7, 0x7, 0x44, 0xa, 0x9b, 0x3, 0xe, 0x1, 0x1, 0xc, 0x40, 0x3, 0x4, 0x5, 0x5, 0x7ff, 0x5, 0x8, 0x5, 0x3, 0x9, 0x2, 0x80000001, 0x54, 0x400, 0x1, 0x8, 0xa, 0x9, 0xc0, 0x3, 0x72, 0x80, 0x1000, 0x7, 0x800, 0x6, 0xd19, 0x77, 0x93c, 0x6, 0x0, 0x0, 0xe, 0x5, 0x3, 0xfffffffa, 0xa01, 0xf3, 0xffffff00, 0x8, 0xe, 0x3, 0x3ff, 0x5, 0x2, 0x6, 0xfffffff8, 0xffff, 0xfffffff9, 0x3fe, 0x5, 0x62, 0x8, 0x1, 0xfffffffc, 0x1af88, 0x2, 0x9, 0x7, 0x0, 0x7, 0x8, 0x10000, 0x3f, 0x8, 0x7, 0x2b, 0x6, 0x10, 0x5, 0x200, 0x9, 0x6, 0x3, 0x8, 0x10, 0x4, 0x6, 0x4, 0xf05, 0x0, 0x101, 0x200, 0x7, 0x7ff, 0x0, 0x1, 0x1, 0x10000, 0x9, 0x40, 0x9, 0x0, 0x7f, 0x8, 0x6, 0xe, 0x3, 0x80000001, 0x0, 0x8, 0x8, 0x7, 0xdd, 0x8, 0x89, 0x0, 0x100, 0x1, 0x9, 0xe75, 0x400, 0x1, 0x0, 0x200, 0xe9ab, 0xfffffff8, 0x8000, 0x13, 0x2, 0x2, 0x43, 0x3ff, 0x0, 0x7, 0x9, 0x1, 0x6, 0x7, 0xa, 0xf, 0xf39d, 0x71, 0xfff, 0x5, 0x8]}) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) write$char_usb(r0, &(0x7f0000000040)="e2", 0x12d8) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, &(0x7f0000000140)={0x0, 0x3938700}, 0x0, 0x0) 431.596054ms ago: executing program 1 (id=386): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x2, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000001340)="0e98"}) 331.625835ms ago: executing program 1 (id=387): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xa9a, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x800, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffffffc, 0x0, 0x4771], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe, 0xe2]}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, 0x0, 0x0) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 292.593656ms ago: executing program 2 (id=388): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x2, 0x0) ioctl$COMEDI_DEVINFO(r0, 0x80b06401, &(0x7f0000000040)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="12000000120001000200000000000000100000000c00001700000000000000000f10"], 0x30}], 0x1, 0x0, 0x0, 0x20004000}, 0x0) r3 = dup(r2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0, 0xfffffffffffffdaf}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 227.575457ms ago: executing program 0 (id=389): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@broadcast, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x9000000) 88.442819ms ago: executing program 3 (id=390): r0 = openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f0000000380)={0xc, 0x8, 0xfa00, {0x0}}, 0x6b) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000500)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000600)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x3, @loopback, 0x1}, {0xa, 0x0, 0x5, @mcast2}, r1}}, 0x48) 0s ago: executing program 1 (id=391): r0 = socket(0x10, 0x3, 0x6) r1 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x90, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x60, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}, @TCA_RATE={0x6}]}, 0x90}}, 0x20000000) kernel console output (not intermixed with test programs): mes ready [ 72.329098][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.342366][ T4185] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.391043][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.405991][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.415983][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.423164][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.462160][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.476185][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.486533][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.504021][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.511201][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.521088][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 72.530494][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 72.539159][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.548926][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.558898][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.589297][ T1400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 72.612035][ T1400] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.612302][ T4259] Bluetooth: hci0: command 0x041b tx timeout [ 72.627167][ T1400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 72.639873][ T4259] Bluetooth: hci1: command 0x041b tx timeout [ 72.647959][ T1400] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.680193][ T4269] Bluetooth: hci4: command 0x041b tx timeout [ 72.686597][ T4185] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.687889][ T4269] Bluetooth: hci2: command 0x041b tx timeout [ 72.714993][ T4185] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.729378][ T4269] Bluetooth: hci3: command 0x041b tx timeout [ 72.735108][ T4184] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.763104][ T4183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.776687][ T1400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 72.787963][ T1400] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.817961][ T4187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.830018][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.837643][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.853847][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.865498][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.886780][ T4184] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.911657][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.930225][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.942173][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.954813][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.967392][ T4186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.978818][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.988545][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.997565][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.004685][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.018137][ T4183] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.034049][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.046720][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.059056][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.071286][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.078390][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.135329][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.146466][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.162339][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.169464][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.181941][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.189493][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.197878][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 73.207475][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.217385][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.226685][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.235795][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.248935][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.257824][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.267580][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.276259][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.285146][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.294034][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.301154][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.310327][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.322765][ T4185] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.350512][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.358628][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.367110][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.378664][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.387473][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.397666][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.407500][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.417467][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.436140][ T4184] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.448484][ T4184] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.479174][ T4187] device veth0_vlan entered promiscuous mode [ 73.489126][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.498403][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.507955][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 73.517406][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.535876][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.549898][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.566806][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.575569][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.607458][ T1394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.623668][ T1394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.642412][ T1394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.653935][ T1394] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.663949][ T1394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.672919][ T1394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.685629][ T1394] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.693876][ T1394] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.703774][ T4186] device veth0_vlan entered promiscuous mode [ 73.713749][ T1394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 73.723918][ T1394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.741351][ T1394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.753431][ T1394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.780698][ T4187] device veth1_vlan entered promiscuous mode [ 73.795754][ T4183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.810913][ T4186] device veth1_vlan entered promiscuous mode [ 73.825557][ T4185] device veth0_vlan entered promiscuous mode [ 73.847010][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.855668][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 73.864318][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.875012][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.883718][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.892887][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.901121][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.939918][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 73.948943][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.959521][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.976244][ T4185] device veth1_vlan entered promiscuous mode [ 73.998423][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 74.008024][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 74.017278][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.032103][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.042808][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.051991][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.063599][ T4186] device veth0_macvtap entered promiscuous mode [ 74.075320][ T4184] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.086002][ T4187] device veth0_macvtap entered promiscuous mode [ 74.097641][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.108268][ T477] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.140808][ T4187] device veth1_macvtap entered promiscuous mode [ 74.158106][ T4186] device veth1_macvtap entered promiscuous mode [ 74.179774][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 74.188531][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.216314][ T4185] device veth0_macvtap entered promiscuous mode [ 74.235727][ T4184] device veth0_vlan entered promiscuous mode [ 74.242898][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.253204][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.262951][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 74.271700][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.288218][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.302261][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.315063][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.327343][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.338955][ T4185] device veth1_macvtap entered promiscuous mode [ 74.352130][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.362641][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.371267][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.379051][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 74.387035][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.395839][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.405442][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.414225][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.426594][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.438591][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.452863][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.464464][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.474797][ T4184] device veth1_vlan entered promiscuous mode [ 74.496276][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 74.504746][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.513919][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.523850][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.533024][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.542218][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 74.550960][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 74.563075][ T4186] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.572300][ T4186] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.586188][ T4186] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.603581][ T4186] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.627204][ T4183] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.646372][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.662598][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.678617][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.680198][ T4238] Bluetooth: hci1: command 0x040f tx timeout [ 74.701325][ T4238] Bluetooth: hci0: command 0x040f tx timeout [ 74.705001][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.725671][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.735164][ T4187] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.744140][ T4187] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.764247][ T4187] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.775169][ T4187] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.781126][ T4238] Bluetooth: hci3: command 0x040f tx timeout [ 74.796018][ T4238] Bluetooth: hci2: command 0x040f tx timeout [ 74.803418][ T4238] Bluetooth: hci4: command 0x040f tx timeout [ 74.803726][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 74.819968][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.828713][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.842528][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.853237][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.863336][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.874095][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.885719][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.913431][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.925259][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.934785][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.943928][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.961000][ T4185] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.970230][ T4185] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.978946][ T4185] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.987931][ T4185] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.031843][ T4184] device veth0_macvtap entered promiscuous mode [ 75.047412][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 75.058707][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 75.067889][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 75.086631][ T4184] device veth1_macvtap entered promiscuous mode [ 75.100554][ T4183] device veth0_vlan entered promiscuous mode [ 75.107280][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 75.117730][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 75.126321][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.167742][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.183640][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.231511][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.251309][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.263143][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.273976][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.284039][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.294611][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.305943][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.317420][ T4183] device veth1_vlan entered promiscuous mode [ 75.342405][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 75.356236][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.368534][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.381073][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.392643][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.404091][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.414056][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.424706][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.435985][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.458541][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 75.467866][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.470232][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.491849][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.491916][ T4184] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.508649][ T4184] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.518783][ T4184] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.527932][ T4184] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.558068][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.566283][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.575217][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.597592][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.606704][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 75.617542][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.630525][ T4183] device veth0_macvtap entered promiscuous mode [ 75.672744][ T4183] device veth1_macvtap entered promiscuous mode [ 75.673753][ T477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.697491][ T477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.714435][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.725775][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.745256][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 75.753822][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 75.762033][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.771982][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.815183][ T1394] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.832161][ T1394] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.854786][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.870919][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.886521][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.897437][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.908783][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.920939][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.931217][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.941991][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.953484][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.967153][ T477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.973324][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.987114][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.999005][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.001396][ T477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.010658][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.026961][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.037805][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.049900][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.060522][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.073314][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.081895][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.090541][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.099417][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.108589][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.117197][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.127815][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.145240][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.174947][ T4183] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.193187][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.208076][ T4183] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.223686][ T4183] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.244010][ T4183] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.301333][ T1394] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.365561][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #208!!! [ 76.487946][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.535259][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.551195][ T4309] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3'. [ 76.570772][ T1400] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.619054][ T4305] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.651209][ T4313] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 76.670152][ T4305] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.710956][ T4310] loop0: detected capacity change from 0 to 2048 [ 76.722307][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.755388][ T1400] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.761650][ T4238] Bluetooth: hci0: command 0x0419 tx timeout [ 76.781543][ T1400] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.788330][ T4238] Bluetooth: hci1: command 0x0419 tx timeout [ 76.799818][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.801470][ T4310] ======================================================= [ 76.801470][ T4310] WARNING: The mand mount option has been deprecated and [ 76.801470][ T4310] and is ignored by this kernel. Remove the mand [ 76.801470][ T4310] option from the mount to silence this warning. [ 76.801470][ T4310] ======================================================= [ 76.851245][ T7] Bluetooth: hci4: command 0x0419 tx timeout [ 77.015769][ T4310] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 77.052810][ T4310] UDF-fs: Scanning with blocksize 512 failed [ 77.120334][ T4310] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 77.148230][ T4322] loop3: detected capacity change from 0 to 40427 [ 77.161278][ T7] Bluetooth: hci2: command 0x0419 tx timeout [ 77.167438][ T7] Bluetooth: hci3: command 0x0419 tx timeout [ 77.183577][ T4322] F2FS-fs (loop3): invalid crc value [ 77.218523][ T4322] F2FS-fs (loop3): Found nat_bits in checkpoint [ 77.277648][ T4322] F2FS-fs (loop3): Start checkpoint disabled! [ 77.320101][ T4322] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 77.442966][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #10!!! [ 77.452549][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #12!!! [ 77.461707][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #12!!! [ 77.470670][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #12!!! [ 77.479689][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #12!!! [ 77.488648][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #12!!! [ 77.497587][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #92!!! [ 77.507421][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 77.516440][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 77.935797][ T4335] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 78.014816][ T4336] attempt to access beyond end of device [ 78.014816][ T4336] loop3: rw=2049, want=40976, limit=40427 [ 78.041466][ T4335] mmap: syz.2.7 (4335) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 79.539816][ T7] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 79.618986][ T4356] loop0: detected capacity change from 0 to 512 [ 79.722521][ T4353] loop1: detected capacity change from 0 to 8192 [ 79.765991][ T4353] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 79.768941][ T4356] EXT4-fs warning (device loop0): ext4_enable_quotas:6459: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 79.783566][ T4353] REISERFS (device loop1): using ordered data mode [ 79.798287][ T4353] reiserfs: using flush barriers [ 79.819878][ T4353] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 79.888963][ T4353] REISERFS (device loop1): checking transaction log (loop1) [ 79.909937][ T7] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 79.924347][ T4356] EXT4-fs (loop0): mount failed [ 79.924673][ T4353] REISERFS (device loop1): Using r5 hash to sort names [ 79.936066][ T7] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 79.970137][ T4353] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 79.973520][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.024525][ T7] usb 5-1: config 0 descriptor?? [ 80.116017][ T7] pwc: Askey VC010 type 2 USB webcam detected. [ 80.144251][ T26] audit: type=1800 audit(1753505320.297:2): pid=4353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.13" name="file1" dev="loop1" ino=2 res=0 errno=0 [ 81.752767][ T4361] loop0: detected capacity change from 0 to 512 [ 82.008077][ T7] pwc: send_video_command error -71 [ 82.026330][ T7] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 82.065943][ T7] Philips webcam: probe of 5-1:0.0 failed with error -71 [ 82.155656][ T4361] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 82.174309][ T4361] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 82.204508][ T7] usb 5-1: USB disconnect, device number 2 [ 82.224651][ T4361] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2228: inode #15: comm syz.0.12: corrupted in-inode xattr [ 82.253357][ T4361] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.12: couldn't read orphan inode 15 (err -117) [ 82.266685][ T4361] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,grpquota,debug_want_extra_isize=0x0000000000000068,mb_optimize_scan=0x0000000000000001,block_validity,dioread_lock,,errors=continue. Quota mode: writeback. [ 82.306899][ T4369] loop2: detected capacity change from 0 to 8192 [ 82.394046][ T4369] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 82.558805][ T4369] REISERFS (device loop2): using ordered data mode [ 82.579861][ T4369] reiserfs: using flush barriers [ 82.598433][ T4369] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 82.720298][ T4369] REISERFS (device loop2): checking transaction log (loop2) [ 82.732651][ T4374] loop0: detected capacity change from 0 to 512 [ 82.777167][ T4369] REISERFS (device loop2): Using r5 hash to sort names [ 82.850351][ T4369] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 84.086980][ T4381] loop1: detected capacity change from 0 to 4096 [ 87.047626][ T4396] loop4: detected capacity change from 0 to 8192 [ 87.298107][ T1334] cfg80211: failed to load regulatory.db [ 87.876847][ T4381] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 87.947209][ T4396] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 87.956527][ T4396] REISERFS (device loop4): using ordered data mode [ 87.963351][ T4396] reiserfs: using flush barriers [ 87.970442][ T4396] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 87.987272][ T4396] REISERFS (device loop4): checking transaction log (loop4) [ 87.998140][ T4396] REISERFS warning: reiserfs-5085 is_leaf: item length seems wrong: *3.5*[1 2 0(1) DIR], item_len 0, item_location 4004, free_space(entry_count) 2 [ 88.013232][ T4396] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 88.023795][ T4396] REISERFS (device loop4): Remounting filesystem read-only [ 88.031579][ T4396] REISERFS error (device loop4): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] [ 88.177563][ T4381] ntfs: volume version 3.1. [ 88.337216][ T4381] ntfs: (device loop1): ntfs_mark_quotas_out_of_date(): Quota defaults entry version 0x5 is not supported. [ 88.406843][ T4381] ntfs: (device loop1): load_system_files(): Failed to mark quotas out of date. Mounting read-only. Run chkdsk. [ 89.644531][ T4416] loop2: detected capacity change from 0 to 256 [ 89.778952][ T4410] loop1: detected capacity change from 0 to 8192 [ 89.994673][ T4416] exfat: Unknown parameter '' [ 90.071997][ T4410] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 90.097123][ T4410] REISERFS (device loop1): using ordered data mode [ 90.239764][ T4410] reiserfs: using flush barriers [ 90.269906][ T4410] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 90.400512][ T4410] REISERFS (device loop1): checking transaction log (loop1) [ 90.444532][ T4410] REISERFS (device loop1): Using r5 hash to sort names [ 90.470177][ T4410] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 90.488749][ T4424] loop2: detected capacity change from 0 to 128 [ 90.543007][ T4424] binder: 4423:4424 ioctl 4018620d 0 returned -22 [ 90.580563][ T26] audit: type=1800 audit(1753505330.737:3): pid=4410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.23" name="file1" dev="loop1" ino=2 res=0 errno=0 [ 90.709011][ T4402] loop0: detected capacity change from 0 to 32768 [ 90.888709][ T4402] XFS: ikeep mount option is deprecated. [ 91.197426][ T4422] loop3: detected capacity change from 0 to 8192 [ 91.261977][ T4402] XFS (loop0): Mounting V5 Filesystem [ 91.425984][ T4422] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 91.490789][ T4422] REISERFS (device loop3): using ordered data mode [ 91.589677][ T4422] reiserfs: using flush barriers [ 91.649984][ T4402] XFS (loop0): Ending clean mount [ 91.657312][ T4422] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 91.687224][ T4402] XFS (loop0): Quotacheck needed: Please wait. [ 91.804118][ T4442] loop1: detected capacity change from 0 to 1024 [ 91.810960][ T4422] REISERFS (device loop3): checking transaction log (loop3) [ 91.880703][ T4422] REISERFS warning: reiserfs-5085 is_leaf: item length seems wrong: *3.5*[1 2 0(1) DIR], item_len 0, item_location 4004, free_space(entry_count) 2 [ 91.891344][ T4402] XFS (loop0): Quotacheck: Done. [ 91.971703][ T4422] REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 91.982769][ T4185] XFS (loop0): Unmounting Filesystem [ 92.042438][ T4422] REISERFS (device loop3): Remounting filesystem read-only [ 92.105151][ T4422] REISERFS error (device loop3): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] [ 92.182717][ T4428] loop4: detected capacity change from 0 to 32768 [ 92.206681][ T1400] hfsplus: b-tree write err: -5, ino 4 [ 92.371767][ T4428] hsr0: VLAN not yet supported [ 92.401407][ T4445] FAULT_INJECTION: forcing a failure. [ 92.401407][ T4445] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 92.424263][ T4428] diRead: diIAGRead returned -5 [ 92.432661][ T4428] jfs_lookup: iget failed on inum 196612 [ 92.450377][ T4445] CPU: 0 PID: 4445 Comm: syz.1.31 Not tainted 5.15.189-syzkaller #0 [ 92.458434][ T4445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 92.468549][ T4445] Call Trace: [ 92.471866][ T4445] [ 92.474823][ T4445] dump_stack_lvl+0x168/0x230 [ 92.479547][ T4445] ? show_regs_print_info+0x20/0x20 [ 92.484783][ T4445] ? load_image+0x3b0/0x3b0 [ 92.489349][ T4445] ? __lock_acquire+0x7c60/0x7c60 [ 92.494413][ T4445] ? __lock_acquire+0x12d9/0x7c60 [ 92.499481][ T4445] ? verify_lock_unused+0x140/0x140 [ 92.504723][ T4445] should_fail+0x38c/0x4c0 [ 92.509178][ T4445] prepare_alloc_pages+0x1e4/0x5f0 [ 92.514336][ T4445] __alloc_pages+0x10e/0x470 [ 92.518966][ T4445] ? zone_statistics+0x170/0x170 [ 92.523948][ T4445] ? count_memcg_event_mm+0x311/0x360 [ 92.529350][ T4445] ? remove_device_exclusive_entry+0xa70/0xa70 [ 92.535538][ T4445] alloc_pages_vma+0x393/0x7c0 [ 92.540368][ T4445] handle_mm_fault+0x2382/0x43c0 [ 92.545348][ T4445] ? get_page+0xe0/0xe0 [ 92.549549][ T4445] ? vmacache_find+0x238/0x590 [ 92.554344][ T4445] ? find_vma+0xd2/0x230 [ 92.558618][ T4445] do_user_addr_fault+0x489/0xc80 [ 92.563686][ T4445] exc_page_fault+0x60/0x100 [ 92.568307][ T4445] asm_exc_page_fault+0x22/0x30 [ 92.573195][ T4445] RIP: 0033:0x7f8055c7bd50 [ 92.577639][ T4445] Code: 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 47 0f b6 0c 08 45 84 c9 74 08 <45> 88 0c 00 49 8b 47 10 48 83 c0 01 49 89 47 10 83 e9 01 73 d3 41 [ 92.581050][ T4440] loop2: detected capacity change from 0 to 32768 [ 92.597487][ T4445] RSP: 002b:00007f8053c204a0 EFLAGS: 00010202 [ 92.610035][ T4445] RAX: 0000000000005000 RBX: 00007f8053c20540 RCX: 000000000000000f [ 92.618028][ T4445] RDX: 00000000000000ff RSI: 0000000000000400 RDI: 00007f8053c205e0 [ 92.626019][ T4445] RBP: 0000000000000012 R08: 00007f804b801000 R09: 0000000000000046 [ 92.634020][ T4445] R10: 000020000003d9c2 R11: 000000000001ec7d R12: 0000000000000301 [ 92.642019][ T4445] R13: 00007f8055e57880 R14: 0000000000000013 R15: 00007f8053c205e0 [ 92.650037][ T4445] [ 92.665753][ T4447] Cannot find map_set index 0 as target [ 92.682366][ T4445] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 92.685471][ T4428] diRead: diIAGRead returned -5 [ 92.706762][ T4440] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop2 scanned by syz.2.28 (4440) [ 92.777118][ T4428] jfs_lookup: iget failed on inum 196612 [ 92.823571][ T4440] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 92.833841][ T150] block nbd0: Attempted send on invalid socket [ 92.846666][ T150] blk_update_request: I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.847155][ T4428] overlayfs: failed to resolve './file1': -5 [ 92.883504][ T263] block nbd0: Attempted send on invalid socket [ 92.893541][ T263] blk_update_request: I/O error, dev nbd0, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.905859][ T4445] loop1: detected capacity change from 0 to 4096 [ 92.920456][ T4440] BTRFS info (device loop2): using free space tree [ 92.945131][ T4447] loop0: detected capacity change from 0 to 1024 [ 92.955053][ T4440] BTRFS info (device loop2): has skinny extents [ 93.004610][ T4445] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 93.029639][ T1334] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 93.041302][ T4445] ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 93.069160][ T4447] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 93.106233][ T4445] ntfs: (device loop1): read_ntfs_boot_sector(): Hot-fix: Recovery of primary boot sector failed: Read-only mount. [ 93.131263][ T4447] EXT4-fs (loop0): orphan cleanup on readonly fs [ 93.204202][ T4445] ntfs: (device loop1): read_ntfs_boot_sector(): Using backup boot sector. [ 93.245390][ T4447] EXT4-fs error (device loop0): __ext4_get_inode_loc:4321: comm syz.0.30: Invalid inode table block 0 in block_group 0 [ 93.253654][ T4440] BTRFS info (device loop2): enabling ssd optimizations [ 93.360280][ T4445] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 3) do not match. Run ntfsfix or chkdsk. [ 93.389959][ T4445] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 93.390260][ T1334] usb 5-1: config 0 has no interfaces? [ 93.410295][ T4447] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 93.443129][ T1334] usb 5-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 93.480354][ T1334] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.519667][ T4445] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 93.542304][ T1334] usb 5-1: config 0 descriptor?? [ 93.547641][ T4447] EXT4-fs error (device loop0): ext4_quota_write:6619: inode #3: comm syz.0.30: mark_inode_dirty error [ 93.612653][ T4447] Quota error (device loop0): write_blk: dquota write failed [ 93.628560][ T4445] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 93.690128][ T4447] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 93.769963][ T4447] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.30: Failed to acquire dquot type 0 [ 93.842659][ T4445] ntfs: volume version 3.1. [ 93.893803][ T4447] EXT4-fs error (device loop0): __ext4_get_inode_loc:4321: comm syz.0.30: Invalid inode table block 0 in block_group 0 [ 94.021659][ T4447] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 94.141136][ T4447] EXT4-fs error (device loop0): ext4_ext_truncate:4456: inode #15: comm syz.0.30: mark_inode_dirty error [ 94.210358][ T4447] EXT4-fs error (device loop0): __ext4_get_inode_loc:4321: comm syz.0.30: Invalid inode table block 0 in block_group 0 [ 94.257871][ T4447] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 94.332186][ T4447] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 94.370876][ T4447] EXT4-fs error (device loop0): __ext4_get_inode_loc:4321: comm syz.0.30: Invalid inode table block 0 in block_group 0 [ 94.451833][ T4447] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 94.490997][ T4447] EXT4-fs error (device loop0): ext4_truncate:4273: inode #15: comm syz.0.30: mark_inode_dirty error [ 94.540232][ T4447] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 94.637022][ T4447] EXT4-fs (loop0): 1 truncate cleaned up [ 94.689951][ T4447] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 94.832188][ T1334] usb 5-1: USB disconnect, device number 3 [ 96.038354][ T4481] Falling back ldisc for ptm0. [ 96.266137][ T4472] loop1: detected capacity change from 0 to 40427 [ 96.404401][ T4472] F2FS-fs (loop1): Found nat_bits in checkpoint [ 96.687782][ T4472] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 97.501090][ T4506] loop0: detected capacity change from 0 to 4096 [ 97.709387][ T4472] sctp: failed to load transform for md5: -2 [ 97.729490][ T4506] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 97.927454][ T4183] attempt to access beyond end of device [ 97.927454][ T4183] loop1: rw=2049, want=45104, limit=40427 [ 98.032604][ T4538] loop4: detected capacity change from 0 to 1024 [ 98.275015][ T4336] hfsplus: b-tree write err: -5, ino 4 [ 98.407072][ T4543] loop0: detected capacity change from 0 to 128 [ 98.495595][ T4543] binder: 4542:4543 ioctl 4018620d 0 returned -22 [ 98.968262][ T4556] loop1: detected capacity change from 0 to 2048 [ 99.068903][ T4556] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 99.097567][ T4556] UDF-fs: Scanning with blocksize 512 failed [ 99.151195][ T4556] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 99.625391][ T150] block nbd1: Attempted send on invalid socket [ 99.631870][ T150] blk_update_request: I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.651854][ T263] block nbd1: Attempted send on invalid socket [ 99.662492][ T263] blk_update_request: I/O error, dev nbd1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.776429][ T4559] loop4: detected capacity change from 0 to 32768 [ 99.791254][ T4567] loop1: detected capacity change from 0 to 1024 [ 99.917359][ T4562] loop3: detected capacity change from 0 to 32768 [ 100.029718][ T4559] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop4 scanned by syz.4.46 (4559) [ 100.087884][ T4567] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 100.112264][ T4567] EXT4-fs (loop1): orphan cleanup on readonly fs [ 100.122231][ T4559] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 100.138994][ T4567] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz.1.47: Invalid inode table block 0 in block_group 0 [ 100.158197][ T4562] diRead: diIAGRead returned -5 [ 100.163549][ T4562] jfs_lookup: iget failed on inum 196612 [ 100.192427][ T4562] diRead: diIAGRead returned -5 [ 100.197421][ T4562] jfs_lookup: iget failed on inum 196612 [ 100.235045][ T4559] BTRFS info (device loop4): using free space tree [ 100.309879][ T4567] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 100.332729][ T4562] overlayfs: failed to resolve './file1': -5 [ 100.349734][ T4559] BTRFS info (device loop4): has skinny extents [ 100.411266][ T4567] EXT4-fs error (device loop1): ext4_quota_write:6619: inode #3: comm syz.1.47: mark_inode_dirty error [ 100.584950][ T4567] __quota_error: 15 callbacks suppressed [ 100.584971][ T4567] Quota error (device loop1): write_blk: dquota write failed [ 100.619648][ T23] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 100.669787][ T4567] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 100.676819][ T4569] loop2: detected capacity change from 0 to 8192 [ 100.759816][ T4559] BTRFS info (device loop4): enabling ssd optimizations [ 100.779166][ T4567] EXT4-fs error (device loop1): ext4_acquire_dquot:6207: comm syz.1.47: Failed to acquire dquot type 0 [ 100.883347][ T4569] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 100.892654][ T4569] REISERFS (device loop2): using ordered data mode [ 100.899179][ T4569] reiserfs: using flush barriers [ 100.905824][ T4569] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 100.916300][ T4567] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz.1.47: Invalid inode table block 0 in block_group 0 [ 100.922471][ T4569] REISERFS (device loop2): checking transaction log (loop2) [ 100.944672][ T4569] REISERFS warning: reiserfs-5085 is_leaf: item length seems wrong: *3.5*[1 2 0(1) DIR], item_len 0, item_location 4004, free_space(entry_count) 2 [ 100.959670][ T4569] REISERFS error (device loop2): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 100.970611][ T4569] REISERFS (device loop2): Remounting filesystem read-only [ 100.977949][ T4569] REISERFS error (device loop2): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] [ 101.046000][ T4567] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 101.060827][ T23] usb 4-1: config 0 has no interfaces? [ 101.066484][ T23] usb 4-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 101.084938][ T4567] EXT4-fs error (device loop1): ext4_ext_truncate:4456: inode #15: comm syz.1.47: mark_inode_dirty error [ 101.149485][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.239979][ T4567] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz.1.47: Invalid inode table block 0 in block_group 0 [ 101.380797][ T4567] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 101.400471][ T23] usb 4-1: config 0 descriptor?? [ 101.424414][ T4574] loop0: detected capacity change from 0 to 8192 [ 101.435569][ T4567] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 101.508295][ T4567] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz.1.47: Invalid inode table block 0 in block_group 0 [ 101.633993][ T4567] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 101.699941][ T4567] EXT4-fs error (device loop1): ext4_truncate:4273: inode #15: comm syz.1.47: mark_inode_dirty error [ 101.726161][ T4574] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 101.809792][ T4567] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 101.844780][ T4574] REISERFS (device loop0): using ordered data mode [ 101.881937][ T4567] EXT4-fs (loop1): 1 truncate cleaned up [ 101.887788][ T4567] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 101.979883][ T4574] reiserfs: using flush barriers [ 102.053478][ T4574] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 102.160230][ T4574] REISERFS (device loop0): checking transaction log (loop0) [ 102.412953][ T4574] REISERFS warning: reiserfs-5085 is_leaf: item length seems wrong: *3.5*[1 2 0(1) DIR], item_len 0, item_location 4004, free_space(entry_count) 2 [ 102.454250][ T4417] usb 4-1: USB disconnect, device number 2 [ 102.529849][ T4574] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 102.611399][ T4574] REISERFS (device loop0): Remounting filesystem read-only [ 102.700936][ T4574] REISERFS error (device loop0): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] [ 103.463709][ T4601] loop3: detected capacity change from 0 to 256 [ 103.581879][ T4601] exfat: Unknown parameter '' [ 104.414527][ T4620] loop4: detected capacity change from 0 to 8192 [ 104.467804][ T4622] loop2: detected capacity change from 0 to 1024 [ 104.534905][ T4620] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 104.544669][ T4620] REISERFS (device loop4): using ordered data mode [ 104.559796][ T4620] reiserfs: using flush barriers [ 104.580386][ T4620] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 104.610096][ T4620] REISERFS (device loop4): checking transaction log (loop4) [ 104.669311][ T4620] REISERFS (device loop4): Using r5 hash to sort names [ 104.720182][ T4620] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 104.735540][ T4336] hfsplus: b-tree write err: -5, ino 4 [ 104.819719][ T26] audit: type=1800 audit(1753505344.967:4): pid=4620 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.50" name="file1" dev="loop4" ino=2 res=0 errno=0 [ 105.052455][ T4630] loop2: detected capacity change from 0 to 2048 [ 105.122384][ T4630] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 105.439812][ T4630] UDF-fs: Scanning with blocksize 512 failed [ 105.475590][ T4618] loop3: detected capacity change from 0 to 32768 [ 105.516719][ T4630] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 105.595675][ T4618] XFS: ikeep mount option is deprecated. [ 105.780170][ T4618] XFS (loop3): Mounting V5 Filesystem [ 106.675687][ T4618] XFS (loop3): Ending clean mount [ 106.693845][ T4618] XFS (loop3): Quotacheck needed: Please wait. [ 106.799658][ T4618] XFS (loop3): Quotacheck: Done. [ 106.859041][ T4654] loop4: detected capacity change from 0 to 128 [ 106.988298][ T4616] netlink: 8 bytes leftover after parsing attributes in process `syz.3.54'. [ 107.040148][ T4616] netlink: 8 bytes leftover after parsing attributes in process `syz.3.54'. [ 107.040665][ T4654] binder: 4653:4654 ioctl 4018620d 0 returned -22 [ 107.226734][ T4184] XFS (loop3): Unmounting Filesystem [ 107.388775][ T4660] loop2: detected capacity change from 0 to 2048 [ 107.515749][ T4660] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 107.526902][ T4652] loop0: detected capacity change from 0 to 32768 [ 107.566454][ T4660] UDF-fs: Scanning with blocksize 512 failed [ 107.578695][ T4660] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 107.694494][ T4652] diRead: diIAGRead returned -5 [ 107.699464][ T4652] jfs_lookup: iget failed on inum 196612 [ 107.755469][ T4652] diRead: diIAGRead returned -5 [ 107.770565][ T4652] jfs_lookup: iget failed on inum 196612 [ 107.820525][ T4652] overlayfs: failed to resolve './file1': -5 [ 108.132921][ T150] block nbd2: Attempted send on invalid socket [ 108.139662][ T150] blk_update_request: I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 108.157061][ T4245] usb 1-1: new low-speed USB device number 2 using dummy_hcd [ 108.165165][ T150] block nbd2: Attempted send on invalid socket [ 108.171554][ T150] blk_update_request: I/O error, dev nbd2, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 108.204924][ T4673] loop2: detected capacity change from 0 to 1024 [ 108.306144][ T4673] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 108.339415][ T4673] EXT4-fs (loop2): orphan cleanup on readonly fs [ 108.357845][ T4673] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.64: Invalid inode table block 0 in block_group 0 [ 108.388106][ T4673] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 108.450167][ T4673] EXT4-fs error (device loop2): ext4_quota_write:6619: inode #3: comm syz.2.64: mark_inode_dirty error [ 108.535792][ T4673] Quota error (device loop2): write_blk: dquota write failed [ 108.540786][ T4245] usb 1-1: config 0 has no interfaces? [ 108.559657][ T4245] usb 1-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 108.568752][ T4245] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.602358][ T4673] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 108.619056][ T4245] usb 1-1: config 0 descriptor?? [ 108.639695][ T4673] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.64: Failed to acquire dquot type 0 [ 108.686437][ T4673] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.64: Invalid inode table block 0 in block_group 0 [ 108.890303][ T4673] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 108.951916][ T4673] EXT4-fs error (device loop2): ext4_ext_truncate:4456: inode #15: comm syz.2.64: mark_inode_dirty error [ 109.045853][ T4673] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.64: Invalid inode table block 0 in block_group 0 [ 109.114421][ T4679] loop1: detected capacity change from 0 to 256 [ 109.170961][ T4679] exfat: Unknown parameter '' [ 109.177017][ T4673] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 109.272341][ T4673] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 109.349259][ T4673] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.64: Invalid inode table block 0 in block_group 0 [ 109.459757][ T4673] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 109.511618][ T4673] EXT4-fs error (device loop2): ext4_truncate:4273: inode #15: comm syz.2.64: mark_inode_dirty error [ 109.600390][ T4673] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 109.669298][ T4673] EXT4-fs (loop2): 1 truncate cleaned up [ 109.678860][ T4670] loop3: detected capacity change from 0 to 32768 [ 109.685970][ T4673] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 109.783360][ T4613] usb 1-1: USB disconnect, device number 2 [ 109.819253][ T4670] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop3 scanned by syz.3.62 (4670) [ 109.986400][ T4670] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 110.049631][ T4670] BTRFS info (device loop3): using free space tree [ 110.056216][ T4670] BTRFS info (device loop3): has skinny extents [ 110.531129][ T4670] BTRFS info (device loop3): enabling ssd optimizations [ 112.002899][ T4717] loop0: detected capacity change from 0 to 8192 [ 112.225393][ T4717] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 112.270214][ T4717] REISERFS (device loop0): using ordered data mode [ 112.277824][ T4717] reiserfs: using flush barriers [ 112.307470][ T4717] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 112.324983][ T4717] REISERFS (device loop0): checking transaction log (loop0) [ 112.692500][ T4717] REISERFS (device loop0): Using r5 hash to sort names [ 112.712511][ T4731] loop1: detected capacity change from 0 to 128 [ 112.735415][ T4717] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 112.794204][ T4731] binder: 4730:4731 ioctl 4018620d 0 returned -22 [ 112.957125][ T26] audit: type=1800 audit(1753505353.107:5): pid=4717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.71" name="file1" dev="loop0" ino=2 res=0 errno=0 [ 113.765734][ T4745] loop1: detected capacity change from 0 to 512 [ 115.194607][ T4750] loop1: detected capacity change from 0 to 512 [ 115.287713][ T4750] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 115.504127][ T4750] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2228: inode #15: comm syz.1.80: corrupted in-inode xattr [ 115.518510][ T4750] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.80: couldn't read orphan inode 15 (err -117) [ 115.530982][ T4750] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,debug_want_extra_isize=0x0000000000000068,mb_optimize_scan=0x0000000000000001,block_validity,dioread_lock,,errors=continue. Quota mode: writeback. [ 116.306511][ T4764] loop4: detected capacity change from 0 to 4096 [ 116.356961][ T4764] ntfs: (device loop4): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 116.601213][ T4764] ntfs: volume version 3.1. [ 116.650718][ T4764] ntfs: (device loop4): ntfs_mark_quotas_out_of_date(): Quota defaults entry version 0x5 is not supported. [ 116.662422][ T4764] ntfs: (device loop4): load_system_files(): Failed to mark quotas out of date. Mounting read-only. Run chkdsk. [ 117.069511][ T4771] Cannot find map_set index 0 as target [ 117.179622][ T263] block nbd3: Attempted send on invalid socket [ 117.186424][ T263] blk_update_request: I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 117.197713][ T263] block nbd3: Attempted send on invalid socket [ 117.204502][ T263] blk_update_request: I/O error, dev nbd3, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 117.243185][ T4771] loop3: detected capacity change from 0 to 1024 [ 117.307292][ T4767] loop0: detected capacity change from 0 to 8192 [ 117.365156][ T4767] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 117.384725][ T4767] REISERFS (device loop0): using ordered data mode [ 117.392815][ T4771] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 117.394824][ T4767] reiserfs: using flush barriers [ 117.443296][ T4771] EXT4-fs (loop3): orphan cleanup on readonly fs [ 117.460636][ T4771] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz.3.86: Invalid inode table block 0 in block_group 0 [ 117.489854][ T4767] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 117.527774][ T4771] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 117.568163][ T4767] REISERFS (device loop0): checking transaction log (loop0) [ 117.575937][ T4771] EXT4-fs error (device loop3): ext4_quota_write:6619: inode #3: comm syz.3.86: mark_inode_dirty error [ 117.628833][ T4771] Quota error (device loop3): write_blk: dquota write failed [ 117.637320][ T4767] REISERFS (device loop0): Using r5 hash to sort names [ 117.655467][ T4767] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 117.676528][ T4771] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 117.738846][ T4771] EXT4-fs error (device loop3): ext4_acquire_dquot:6207: comm syz.3.86: Failed to acquire dquot type 0 [ 117.796971][ T4771] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz.3.86: Invalid inode table block 0 in block_group 0 [ 117.868465][ T4771] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 117.930874][ T4771] EXT4-fs error (device loop3): ext4_ext_truncate:4456: inode #15: comm syz.3.86: mark_inode_dirty error [ 118.083214][ T4771] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz.3.86: Invalid inode table block 0 in block_group 0 [ 118.087817][ T4768] loop1: detected capacity change from 0 to 32768 [ 118.170121][ T4771] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 118.245018][ T4771] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 118.277299][ T4771] EXT4-fs error (device loop3): __ext4_get_inode_loc:4321: comm syz.3.86: Invalid inode table block 0 in block_group 0 [ 118.352462][ T4771] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 118.382357][ T4768] diRead: diIAGRead returned -5 [ 118.390784][ T4771] EXT4-fs error (device loop3): ext4_truncate:4273: inode #15: comm syz.3.86: mark_inode_dirty error [ 118.418469][ T4768] jfs_lookup: iget failed on inum 196612 [ 118.502072][ T4771] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 118.522311][ T4768] diRead: diIAGRead returned -5 [ 118.576002][ T4771] EXT4-fs (loop3): 1 truncate cleaned up [ 118.598781][ T4771] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 118.628160][ T4768] jfs_lookup: iget failed on inum 196612 [ 118.639973][ T4768] overlayfs: failed to resolve './file1': -5 [ 118.999698][ T4741] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 119.304320][ T4785] loop0: detected capacity change from 0 to 4096 [ 119.389958][ T4741] usb 2-1: config 0 has no interfaces? [ 119.395692][ T4741] usb 2-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 119.425083][ T4785] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 119.462193][ T4741] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.503139][ T4741] usb 2-1: config 0 descriptor?? [ 119.578439][ T4785] ntfs: volume version 3.1. [ 119.630414][ T4785] ntfs: (device loop0): ntfs_mark_quotas_out_of_date(): Quota defaults entry version 0x5 is not supported. [ 119.672578][ T4785] ntfs: (device loop0): load_system_files(): Failed to mark quotas out of date. Mounting read-only. Run chkdsk. [ 119.747925][ T4613] usb 2-1: USB disconnect, device number 2 [ 120.637802][ T4808] loop2: detected capacity change from 0 to 512 [ 120.684983][ T4806] loop3: detected capacity change from 0 to 8192 [ 120.791774][ T4806] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 120.885236][ T4806] REISERFS (device loop3): using ordered data mode [ 120.932607][ T4806] reiserfs: using flush barriers [ 121.011308][ T4806] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 121.028677][ T4813] loop4: detected capacity change from 0 to 8192 [ 121.060136][ T4806] REISERFS (device loop3): checking transaction log (loop3) [ 121.176616][ T4815] loop2: detected capacity change from 0 to 512 [ 121.232126][ T4806] REISERFS (device loop3): Using r5 hash to sort names [ 121.345403][ T4815] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 121.501181][ T4813] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 121.524928][ T4806] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 121.606902][ T4815] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2228: inode #15: comm syz.2.95: corrupted in-inode xattr [ 121.622105][ T4815] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.95: couldn't read orphan inode 15 (err -117) [ 121.637561][ T4815] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,grpquota,debug_want_extra_isize=0x0000000000000068,mb_optimize_scan=0x0000000000000001,block_validity,dioread_lock,,errors=continue. Quota mode: writeback. [ 121.757472][ T4813] REISERFS (device loop4): using ordered data mode [ 121.794034][ T4813] reiserfs: using flush barriers [ 121.817594][ T4813] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 121.842086][ T26] audit: type=1800 audit(1753505361.997:6): pid=4806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.93" name="file1" dev="loop3" ino=2 res=0 errno=0 [ 122.080523][ T4813] REISERFS (device loop4): checking transaction log (loop4) [ 122.105537][ T4813] REISERFS (device loop4): Using r5 hash to sort names [ 122.237911][ T4813] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 122.494998][ T4802] loop1: detected capacity change from 0 to 32768 [ 122.526902][ T4801] loop0: detected capacity change from 0 to 32768 [ 122.562523][ T26] audit: type=1800 audit(1753505362.717:7): pid=4813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.97" name="file1" dev="loop4" ino=2 res=0 errno=0 [ 122.774206][ T4802] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop1 scanned by syz.1.89 (4802) [ 122.892604][ T4802] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 123.170520][ T4802] BTRFS info (device loop1): using free space tree [ 123.228012][ T4802] BTRFS info (device loop1): has skinny extents [ 123.519961][ T4802] BTRFS error (device loop1): open_ctree failed: -12 [ 123.580440][ T4298] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop1 scanned by udevd (4298) [ 123.689838][ T4850] loop2: detected capacity change from 0 to 8192 [ 123.914557][ T4850] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 123.925272][ T4850] REISERFS (device loop2): using ordered data mode [ 123.931933][ T4850] reiserfs: using flush barriers [ 123.955236][ T4850] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 123.971865][ T4850] REISERFS (device loop2): checking transaction log (loop2) [ 123.983940][ T4850] REISERFS warning: reiserfs-5085 is_leaf: item length seems wrong: *3.5*[1 2 0(1) DIR], item_len 0, item_location 4004, free_space(entry_count) 2 [ 123.999289][ T4850] REISERFS error (device loop2): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 124.011010][ T4850] REISERFS (device loop2): Remounting filesystem read-only [ 124.018390][ T4850] REISERFS error (device loop2): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] [ 124.842729][ T4870] loop1: detected capacity change from 0 to 512 [ 124.939807][ T4870] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 125.013323][ T4870] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2228: inode #15: comm syz.1.103: corrupted in-inode xattr [ 125.032199][ T4870] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.103: couldn't read orphan inode 15 (err -117) [ 125.049453][ T4870] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,debug_want_extra_isize=0x0000000000000068,mb_optimize_scan=0x0000000000000001,block_validity,dioread_lock,,errors=continue. Quota mode: writeback. [ 125.236243][ T4871] loop4: detected capacity change from 0 to 8192 [ 125.302649][ T263] block nbd2: Attempted send on invalid socket [ 125.302685][ T263] blk_update_request: I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 125.305437][ T263] block nbd2: Attempted send on invalid socket [ 125.305463][ T263] blk_update_request: I/O error, dev nbd2, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 125.325042][ T4878] loop2: detected capacity change from 0 to 1024 [ 125.411705][ T4871] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 125.432874][ T4878] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 125.470483][ T4871] REISERFS (device loop4): using ordered data mode [ 125.477489][ T4871] reiserfs: using flush barriers [ 125.520547][ T4871] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 125.561292][ T4878] EXT4-fs (loop2): orphan cleanup on readonly fs [ 125.630882][ T4871] REISERFS (device loop4): checking transaction log (loop4) [ 125.646005][ T4878] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.106: Invalid inode table block 0 in block_group 0 [ 125.714468][ T4871] REISERFS (device loop4): Using r5 hash to sort names [ 125.735619][ T4877] loop3: detected capacity change from 0 to 32768 [ 125.751957][ T4871] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 125.841064][ T4878] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 125.893992][ T4878] EXT4-fs error (device loop2): ext4_quota_write:6619: inode #3: comm syz.2.106: mark_inode_dirty error [ 125.938323][ T4878] Quota error (device loop2): write_blk: dquota write failed [ 125.952349][ T4877] diRead: diIAGRead returned -5 [ 125.977443][ T4877] jfs_lookup: iget failed on inum 196612 [ 125.987975][ T4878] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 126.073915][ T4878] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.106: Failed to acquire dquot type 0 [ 126.169265][ T4878] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.106: Invalid inode table block 0 in block_group 0 [ 126.215378][ T4878] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 126.226207][ T4878] EXT4-fs error (device loop2): ext4_ext_truncate:4456: inode #15: comm syz.2.106: mark_inode_dirty error [ 126.319970][ T4878] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.106: Invalid inode table block 0 in block_group 0 [ 126.386488][ T4878] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 126.437275][ T4866] loop0: detected capacity change from 0 to 32768 [ 126.483960][ T4878] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 126.564369][ T4878] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.106: Invalid inode table block 0 in block_group 0 [ 126.696407][ T4878] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 126.746568][ T4878] EXT4-fs error (device loop2): ext4_truncate:4273: inode #15: comm syz.2.106: mark_inode_dirty error [ 126.859736][ T4878] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 126.903316][ T4878] EXT4-fs (loop2): 1 truncate cleaned up [ 126.995183][ T4878] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 127.494345][ T4903] loop3: detected capacity change from 0 to 4096 [ 127.524245][ T4903] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 127.654981][ T4903] ntfs: volume version 3.1. [ 127.698424][ T4903] ntfs: (device loop3): ntfs_mark_quotas_out_of_date(): Quota defaults entry version 0x5 is not supported. [ 127.765567][ T4903] ntfs: (device loop3): load_system_files(): Failed to mark quotas out of date. Mounting read-only. Run chkdsk. [ 127.812036][ T4909] loop2: detected capacity change from 0 to 8192 [ 127.883268][ T4909] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 127.925332][ T4909] REISERFS (device loop2): using ordered data mode [ 127.933396][ T4909] reiserfs: using flush barriers [ 128.023515][ T4909] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 128.059293][ T4907] loop4: detected capacity change from 0 to 32768 [ 128.106427][ T4907] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 128.148265][ T4907] BTRFS info (device loop4): using free space tree [ 128.149168][ T4909] REISERFS (device loop2): checking transaction log (loop2) [ 128.165832][ T4907] BTRFS info (device loop4): has skinny extents [ 128.218250][ T4909] REISERFS (device loop2): Using r5 hash to sort names [ 128.244632][ T4909] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 128.308845][ T4933] loop1: detected capacity change from 0 to 128 [ 128.353215][ T26] audit: type=1800 audit(1753505368.507:8): pid=4909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.114" name="file1" dev="loop2" ino=2 res=0 errno=0 [ 128.607593][ T4933] binder: 4930:4933 ioctl 4018620d 0 returned -22 [ 128.879516][ T4907] BTRFS info (device loop4): enabling ssd optimizations [ 129.862022][ T4955] loop3: detected capacity change from 0 to 8192 [ 130.039256][ T4951] loop1: detected capacity change from 0 to 8192 [ 130.126197][ T4958] loop2: detected capacity change from 0 to 512 [ 130.159359][ T4955] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 130.168764][ T4955] REISERFS (device loop3): using ordered data mode [ 130.175426][ T4955] reiserfs: using flush barriers [ 130.189918][ T4955] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 130.206558][ T4955] REISERFS (device loop3): checking transaction log (loop3) [ 130.219342][ T4951] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 130.243677][ T4955] REISERFS warning: reiserfs-5085 is_leaf: item length seems wrong: *3.5*[1 2 0(1) DIR], item_len 0, item_location 4004, free_space(entry_count) 2 [ 130.259779][ T4955] REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 130.270767][ T4955] REISERFS (device loop3): Remounting filesystem read-only [ 130.278017][ T4955] REISERFS error (device loop3): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] [ 130.289970][ T4951] REISERFS (device loop1): using ordered data mode [ 130.350233][ T4951] reiserfs: using flush barriers [ 130.401047][ T4951] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 130.418801][ T4958] EXT4-fs warning (device loop2): ext4_enable_quotas:6459: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 130.487234][ T4951] REISERFS (device loop1): checking transaction log (loop1) [ 130.492631][ T4958] EXT4-fs (loop2): mount failed [ 130.526519][ T4951] REISERFS (device loop1): Using r5 hash to sort names [ 130.549523][ T4951] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 130.998082][ T4976] loop2: detected capacity change from 0 to 512 [ 131.268015][ T4976] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 131.458712][ T4976] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2228: inode #15: comm syz.2.122: corrupted in-inode xattr [ 131.478287][ T4976] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.122: couldn't read orphan inode 15 (err -117) [ 131.514253][ T4976] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,grpquota,debug_want_extra_isize=0x0000000000000068,mb_optimize_scan=0x0000000000000001,block_validity,dioread_lock,,errors=continue. Quota mode: writeback. [ 131.866571][ T4982] loop4: detected capacity change from 0 to 2048 [ 131.968679][ T150] block nbd1: Attempted send on invalid socket [ 131.975560][ T150] blk_update_request: I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 131.987045][ T150] block nbd1: Attempted send on invalid socket [ 131.993420][ T150] blk_update_request: I/O error, dev nbd1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 132.006048][ T4966] loop0: detected capacity change from 0 to 32768 [ 132.033111][ T4982] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 132.046005][ T4981] loop1: detected capacity change from 0 to 1024 [ 132.056547][ T4982] UDF-fs: Scanning with blocksize 512 failed [ 132.067852][ T4982] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 132.113289][ T4981] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 132.170952][ T4981] EXT4-fs (loop1): orphan cleanup on readonly fs [ 132.254112][ T4981] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz.1.128: Invalid inode table block 0 in block_group 0 [ 132.347573][ T4993] binder: 4992:4993 ioctl 4018620d 0 returned -22 [ 132.354880][ T4981] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 132.419108][ T4981] EXT4-fs error (device loop1): ext4_quota_write:6619: inode #3: comm syz.1.128: mark_inode_dirty error [ 132.678477][ T4981] Quota error (device loop1): write_blk: dquota write failed [ 132.730182][ T4981] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 132.817807][ T4981] EXT4-fs error (device loop1): ext4_acquire_dquot:6207: comm syz.1.128: Failed to acquire dquot type 0 [ 132.954974][ T4981] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz.1.128: Invalid inode table block 0 in block_group 0 [ 133.100224][ T1430] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.106599][ T1430] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.130486][ T4853] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 133.153936][ T4981] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 133.270045][ T4981] EXT4-fs error (device loop1): ext4_ext_truncate:4456: inode #15: comm syz.1.128: mark_inode_dirty error [ 133.330548][ T4981] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz.1.128: Invalid inode table block 0 in block_group 0 [ 133.413713][ T4981] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 133.499267][ T4981] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 133.519947][ T4853] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 133.560739][ T4853] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 133.570666][ T4981] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz.1.128: Invalid inode table block 0 in block_group 0 [ 133.641270][ T4853] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.642871][ T4981] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 133.710431][ T4853] usb 3-1: config 0 descriptor?? [ 133.782577][ T4853] pwc: Askey VC010 type 2 USB webcam detected. [ 133.790499][ T4981] EXT4-fs error (device loop1): ext4_truncate:4273: inode #15: comm syz.1.128: mark_inode_dirty error [ 133.946492][ T4981] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 134.029771][ T4853] pwc: send_video_command error -71 [ 134.059109][ T4853] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 134.291002][ T4981] EXT4-fs (loop1): 1 truncate cleaned up [ 134.296870][ T4981] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 134.328955][ T4853] Philips webcam: probe of 3-1:0.0 failed with error -71 [ 134.568006][ T5025] loop4: detected capacity change from 0 to 32768 [ 134.653194][ T5025] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 scanned by syz.4.141 (5025) [ 134.670008][ T4853] usb 3-1: USB disconnect, device number 2 [ 134.782863][ T5002] loop3: detected capacity change from 0 to 32768 [ 134.836687][ T5025] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 134.846438][ T5025] BTRFS info (device loop4): using free space tree [ 134.853214][ T5025] BTRFS info (device loop4): has skinny extents [ 134.887580][ T5002] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop3 scanned by syz.3.136 (5002) [ 135.007321][ T5002] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 135.068048][ T5002] BTRFS info (device loop3): using free space tree [ 135.131716][ T5002] BTRFS info (device loop3): has skinny extents [ 135.198907][ T5025] BTRFS info (device loop4): enabling ssd optimizations [ 135.208657][ T5026] loop0: detected capacity change from 0 to 8192 [ 135.228394][ T5040] loop1: detected capacity change from 0 to 2048 [ 135.280614][ T5020] BTRFS warning (device loop4): 'nologreplay' is deprecated, use 'rescue=nologreplay' instead [ 135.292377][ T5020] BTRFS info (device loop4): disabling log replay at mount time [ 135.300233][ T5020] BTRFS error (device loop4): nologreplay must be used with ro mount option [ 135.348266][ T5026] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 135.366671][ T5026] REISERFS (device loop0): using ordered data mode [ 135.384381][ T5040] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 135.433065][ T5026] reiserfs: using flush barriers [ 135.469772][ T5040] UDF-fs: Scanning with blocksize 512 failed [ 135.483676][ T5002] BTRFS info (device loop3): enabling ssd optimizations [ 135.511603][ T5026] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 135.542342][ T5040] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 135.761206][ T5026] REISERFS (device loop0): checking transaction log (loop0) [ 135.880578][ T5026] REISERFS warning: reiserfs-5085 is_leaf: item length seems wrong: *3.5*[1 2 0(1) DIR], item_len 0, item_location 4004, free_space(entry_count) 2 [ 136.059708][ T5026] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 136.172956][ T5026] REISERFS (device loop0): Remounting filesystem read-only [ 136.251007][ T5026] REISERFS error (device loop0): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] [ 136.312160][ T5076] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 136.648877][ T5080] loop1: detected capacity change from 0 to 128 [ 136.722925][ T5080] binder: 5079:5080 ioctl 4018620d 0 returned -22 [ 137.034870][ T5069] loop2: detected capacity change from 0 to 32768 [ 137.445987][ T150] block nbd2: Attempted send on invalid socket [ 137.453151][ T150] blk_update_request: I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 137.468097][ T150] block nbd2: Attempted send on invalid socket [ 137.475848][ T150] blk_update_request: I/O error, dev nbd2, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 137.625642][ T5106] loop2: detected capacity change from 0 to 1024 [ 137.842448][ T5106] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 137.883241][ T5106] EXT4-fs (loop2): orphan cleanup on readonly fs [ 137.979977][ T5106] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.154: Invalid inode table block 0 in block_group 0 [ 138.029814][ T23] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 138.100463][ T5106] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 138.151746][ T5106] EXT4-fs error (device loop2): ext4_quota_write:6619: inode #3: comm syz.2.154: mark_inode_dirty error [ 138.180042][ T5106] Quota error (device loop2): write_blk: dquota write failed [ 138.229287][ T5106] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 138.283675][ T5106] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.154: Failed to acquire dquot type 0 [ 138.347212][ T5106] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.154: Invalid inode table block 0 in block_group 0 [ 138.410147][ T5106] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 138.449745][ T5106] EXT4-fs error (device loop2): ext4_ext_truncate:4456: inode #15: comm syz.2.154: mark_inode_dirty error [ 138.506953][ T5106] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.154: Invalid inode table block 0 in block_group 0 [ 138.535430][ T23] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 138.561540][ T5106] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 138.566478][ T23] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 138.623806][ T5106] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 138.657760][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.659731][ T5106] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.154: Invalid inode table block 0 in block_group 0 [ 138.702217][ T23] usb 4-1: config 0 descriptor?? [ 138.717801][ T5106] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 138.782671][ T5106] EXT4-fs error (device loop2): ext4_truncate:4273: inode #15: comm syz.2.154: mark_inode_dirty error [ 138.796519][ T23] pwc: Askey VC010 type 2 USB webcam detected. [ 138.824870][ T5106] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 138.845207][ T5106] EXT4-fs (loop2): 1 truncate cleaned up [ 138.875222][ T5095] loop1: detected capacity change from 0 to 32768 [ 138.889996][ T5106] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 138.984308][ T5095] diRead: diIAGRead returned -5 [ 139.024669][ T5111] loop0: detected capacity change from 0 to 2048 [ 139.045822][ T5095] jfs_lookup: iget failed on inum 196612 [ 139.049731][ T23] pwc: send_video_command error -71 [ 139.056974][ T23] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 139.083171][ T5103] loop4: detected capacity change from 0 to 32768 [ 139.109877][ T23] Philips webcam: probe of 4-1:0.0 failed with error -71 [ 139.126079][ T5111] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 139.135646][ T5111] UDF-fs: Scanning with blocksize 512 failed [ 139.161083][ T5103] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop4 scanned by syz.4.155 (5103) [ 139.181647][ T5111] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 139.195262][ T23] usb 4-1: USB disconnect, device number 3 [ 139.261290][ T5103] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 139.327896][ T5103] BTRFS info (device loop4): using free space tree [ 139.349808][ T5103] BTRFS info (device loop4): has skinny extents [ 139.482425][ T5126] loop1: detected capacity change from 0 to 128 [ 139.697270][ T5126] binder: 5125:5126 ioctl 4018620d 0 returned -22 [ 140.662121][ T5133] loop2: detected capacity change from 0 to 32768 [ 140.854477][ T5146] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 141.033204][ T5103] BTRFS error (device loop4): open_ctree failed: -12 [ 141.034214][ T5133] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 scanned by syz.2.160 (5133) [ 141.074202][ T4403] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop4 scanned by udevd (4403) [ 141.074291][ T5133] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 141.095837][ T5133] BTRFS info (device loop2): using free space tree [ 141.102431][ T5133] BTRFS info (device loop2): has skinny extents [ 141.686194][ T5133] BTRFS info (device loop2): enabling ssd optimizations [ 141.702736][ T5182] loop3: detected capacity change from 0 to 2048 [ 141.765100][ T5127] BTRFS warning (device loop2): 'nologreplay' is deprecated, use 'rescue=nologreplay' instead [ 141.775588][ T5127] BTRFS info (device loop2): disabling log replay at mount time [ 141.783378][ T5127] BTRFS error (device loop2): nologreplay must be used with ro mount option [ 141.842700][ T5190] loop4: detected capacity change from 0 to 1024 [ 141.896769][ T5182] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 141.962675][ T5182] UDF-fs: Scanning with blocksize 512 failed [ 141.971576][ T5190] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 142.014623][ T5190] EXT4-fs (loop4): orphan cleanup on readonly fs [ 142.034119][ T5182] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 142.212167][ T5190] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz.4.170: Invalid inode table block 0 in block_group 0 [ 142.329920][ T5190] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 142.405422][ T5190] EXT4-fs error (device loop4): ext4_quota_write:6619: inode #3: comm syz.4.170: mark_inode_dirty error [ 142.492438][ T5190] Quota error (device loop4): write_blk: dquota write failed [ 142.526410][ T5190] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 142.584846][ T5190] EXT4-fs error (device loop4): ext4_acquire_dquot:6207: comm syz.4.170: Failed to acquire dquot type 0 [ 142.633820][ T5192] loop0: detected capacity change from 0 to 32768 [ 142.634277][ T5190] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz.4.170: Invalid inode table block 0 in block_group 0 [ 142.673721][ T5190] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 142.707651][ T5190] EXT4-fs error (device loop4): ext4_ext_truncate:4456: inode #15: comm syz.4.170: mark_inode_dirty error [ 142.754975][ T5199] loop3: detected capacity change from 0 to 128 [ 142.772751][ T5192] diRead: diIAGRead returned -5 [ 142.777728][ T5192] jfs_lookup: iget failed on inum 196612 [ 142.828998][ T5190] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz.4.170: Invalid inode table block 0 in block_group 0 [ 142.909911][ T5190] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 143.018507][ T5190] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 143.047008][ T5199] binder: 5198:5199 ioctl 4018620d 0 returned -22 [ 143.080419][ T5202] loop2: detected capacity change from 0 to 40427 [ 143.090623][ T5190] EXT4-fs error (device loop4): __ext4_get_inode_loc:4321: comm syz.4.170: Invalid inode table block 0 in block_group 0 [ 143.145101][ T5202] F2FS-fs (loop2): invalid crc value [ 143.168426][ T5202] F2FS-fs (loop2): Found nat_bits in checkpoint [ 143.179331][ T5190] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 143.217845][ T5202] F2FS-fs (loop2): Start checkpoint disabled! [ 143.246268][ T5202] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 143.320120][ T5190] EXT4-fs error (device loop4): ext4_truncate:4273: inode #15: comm syz.4.170: mark_inode_dirty error [ 143.341300][ T5190] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 143.395224][ T5190] EXT4-fs (loop4): 1 truncate cleaned up [ 143.462942][ T5190] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 143.988846][ T5214] netlink: 36 bytes leftover after parsing attributes in process `syz.3.176'. [ 144.045663][ T4389] attempt to access beyond end of device [ 144.045663][ T4389] loop2: rw=2049, want=40976, limit=40427 [ 144.173897][ T5222] netlink: 24 bytes leftover after parsing attributes in process `syz.0.180'. [ 144.813437][ T5247] loop2: detected capacity change from 0 to 128 [ 145.718668][ T5249] loop0: detected capacity change from 0 to 32768 [ 145.766052][ T5249] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 scanned by syz.0.183 (5249) [ 145.800009][ T5247] binder: 5246:5247 ioctl 4018620d 0 returned -22 [ 145.853356][ T5249] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 145.864427][ T5249] BTRFS info (device loop0): using free space tree [ 145.871047][ T5249] BTRFS info (device loop0): has skinny extents [ 146.182040][ T5262] loop2: detected capacity change from 0 to 1024 [ 146.302538][ T5258] loop1: detected capacity change from 0 to 40427 [ 146.317603][ T5262] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 146.363984][ T5258] F2FS-fs (loop1): invalid crc value [ 146.378784][ T5262] EXT4-fs (loop2): orphan cleanup on readonly fs [ 146.399432][ T5258] F2FS-fs (loop1): Found nat_bits in checkpoint [ 146.399773][ T5249] BTRFS info (device loop0): enabling ssd optimizations [ 146.415398][ T5262] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.189: Invalid inode table block 0 in block_group 0 [ 146.442222][ T5262] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 146.449372][ T5258] F2FS-fs (loop1): Start checkpoint disabled! [ 146.452586][ T5262] EXT4-fs error (device loop2): ext4_quota_write:6619: inode #3: comm syz.2.189: mark_inode_dirty error [ 146.470837][ T5262] Quota error (device loop2): write_blk: dquota write failed [ 146.478724][ T5262] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 146.509893][ T5262] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.189: Failed to acquire dquot type 0 [ 146.567074][ T5245] BTRFS warning (device loop0): 'nologreplay' is deprecated, use 'rescue=nologreplay' instead [ 146.577696][ T5245] BTRFS info (device loop0): disabling log replay at mount time [ 146.585419][ T5245] BTRFS error (device loop0): nologreplay must be used with ro mount option [ 146.589144][ T5262] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.189: Invalid inode table block 0 in block_group 0 [ 146.620268][ T5258] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 146.671293][ T5262] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 146.710059][ T5262] EXT4-fs error (device loop2): ext4_ext_truncate:4456: inode #15: comm syz.2.189: mark_inode_dirty error [ 146.760142][ T5262] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.189: Invalid inode table block 0 in block_group 0 [ 146.803679][ T5262] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 146.870787][ T5251] loop4: detected capacity change from 0 to 32768 [ 146.882681][ T5262] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 146.958347][ T5262] EXT4-fs error (device loop2): __ext4_get_inode_loc:4321: comm syz.2.189: Invalid inode table block 0 in block_group 0 [ 146.977245][ T5262] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 147.204076][ T5251] diRead: diIAGRead returned -5 [ 147.226541][ T5262] EXT4-fs error (device loop2): ext4_truncate:4273: inode #15: comm syz.2.189: mark_inode_dirty error [ 147.362897][ T5251] jfs_lookup: iget failed on inum 196612 [ 147.407126][ T5262] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 147.447974][ T5262] EXT4-fs (loop2): 1 truncate cleaned up [ 147.468418][ T5262] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 147.877467][ T5293] netlink: 36 bytes leftover after parsing attributes in process `syz.0.193'. [ 148.040493][ T4389] attempt to access beyond end of device [ 148.040493][ T4389] loop1: rw=2049, want=40976, limit=40427 [ 148.407332][ T5305] loop4: detected capacity change from 0 to 4096 [ 148.536144][ T5305] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 148.648735][ T5314] loop0: detected capacity change from 0 to 128 [ 148.659317][ T5305] ntfs3: loop4: Failed to load root. [ 148.826899][ T5314] binder: 5313:5314 ioctl 4018620d 0 returned -22 [ 149.049199][ T5325] loop0: detected capacity change from 0 to 1024 [ 150.068779][ T5326] loop1: detected capacity change from 0 to 32768 [ 150.109128][ T5326] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop1 scanned by syz.1.204 (5326) [ 150.151496][ T5325] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 150.171196][ T5326] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 150.180911][ T5326] BTRFS info (device loop1): using free space tree [ 150.187452][ T5326] BTRFS info (device loop1): has skinny extents [ 150.240775][ T5325] EXT4-fs (loop0): orphan cleanup on readonly fs [ 150.331373][ T5325] EXT4-fs error (device loop0): __ext4_get_inode_loc:4321: comm syz.0.205: Invalid inode table block 0 in block_group 0 [ 150.370485][ T5325] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 150.382234][ T5346] netlink: 36 bytes leftover after parsing attributes in process `syz.4.208'. [ 150.422500][ T5325] EXT4-fs error (device loop0): ext4_quota_write:6619: inode #3: comm syz.0.205: mark_inode_dirty error [ 150.486771][ T5325] Quota error (device loop0): write_blk: dquota write failed [ 150.506439][ T5325] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 150.563813][ T5325] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.205: Failed to acquire dquot type 0 [ 150.588861][ T5325] EXT4-fs error (device loop0): __ext4_get_inode_loc:4321: comm syz.0.205: Invalid inode table block 0 in block_group 0 [ 150.638485][ T5325] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 150.684312][ T5325] EXT4-fs error (device loop0): ext4_ext_truncate:4456: inode #15: comm syz.0.205: mark_inode_dirty error [ 150.734001][ T5326] BTRFS info (device loop1): enabling ssd optimizations [ 150.787406][ T5325] EXT4-fs error (device loop0): __ext4_get_inode_loc:4321: comm syz.0.205: Invalid inode table block 0 in block_group 0 [ 150.819251][ T5324] BTRFS warning (device loop1): 'nologreplay' is deprecated, use 'rescue=nologreplay' instead [ 150.829916][ T5324] BTRFS info (device loop1): disabling log replay at mount time [ 150.837594][ T5324] BTRFS error (device loop1): nologreplay must be used with ro mount option [ 150.851784][ T5325] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 150.905636][ T5325] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 150.945065][ T5325] EXT4-fs error (device loop0): __ext4_get_inode_loc:4321: comm syz.0.205: Invalid inode table block 0 in block_group 0 [ 151.005831][ T5325] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 151.037694][ T5325] EXT4-fs error (device loop0): ext4_truncate:4273: inode #15: comm syz.0.205: mark_inode_dirty error [ 151.117037][ T5325] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 151.154400][ T5369] loop2: detected capacity change from 0 to 64 [ 151.193850][ T5325] EXT4-fs (loop0): 1 truncate cleaned up [ 151.212188][ T5325] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 151.280063][ T5369] process 'syz.2.213' launched './file2' with NULL argv: empty string added [ 151.341275][ T5369] attempt to access beyond end of device [ 151.341275][ T5369] loop2: rw=0, want=1026, limit=64 [ 151.446278][ T5369] Buffer I/O error on dev loop2, logical block 512, async page read [ 151.486805][ T5369] attempt to access beyond end of device [ 151.486805][ T5369] loop2: rw=0, want=113154, limit=64 [ 151.499153][ T5369] Buffer I/O error on dev loop2, logical block 56576, async page read [ 151.538726][ T5372] attempt to access beyond end of device [ 151.538726][ T5372] loop2: rw=0, want=1026, limit=64 [ 151.538840][ T5372] Buffer I/O error on dev loop2, logical block 512, async page read [ 151.538968][ T5372] attempt to access beyond end of device [ 151.538968][ T5372] loop2: rw=0, want=113154, limit=64 [ 151.538989][ T5372] Buffer I/O error on dev loop2, logical block 56576, async page read [ 151.643767][ T4188] Bluetooth: hci1: link tx timeout [ 151.643864][ T4188] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa [ 151.644911][ T4188] Bluetooth: hci1: link tx timeout [ 151.644935][ T4188] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 151.649994][ T5331] loop3: detected capacity change from 0 to 32768 [ 151.768088][ T5331] diRead: diIAGRead returned -5 [ 151.768178][ T5331] jfs_lookup: iget failed on inum 196612 [ 151.822599][ T5380] loop2: detected capacity change from 0 to 128 [ 151.863805][ T5380] binder: 5379:5380 ioctl 4018620d 0 returned -22 [ 152.213387][ T5382] loop3: detected capacity change from 0 to 8192 [ 152.276172][ T5382] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 152.276264][ T5382] REISERFS (device loop3): using ordered data mode [ 152.276276][ T5382] reiserfs: using flush barriers [ 152.277434][ T5382] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 152.277769][ T5382] REISERFS (device loop3): checking transaction log (loop3) [ 152.283155][ T5382] REISERFS warning: reiserfs-5085 is_leaf: item length seems wrong: *3.5*[1 2 0(1) DIR], item_len 0, item_location 4004, free_space(entry_count) 2 [ 152.283184][ T5382] REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 152.283203][ T5382] REISERFS (device loop3): Remounting filesystem read-only [ 152.283225][ T5382] REISERFS error (device loop3): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] [ 152.786824][ T5378] loop4: detected capacity change from 0 to 32768 [ 152.844428][ T5378] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 152.889685][ T5378] BTRFS info (device loop4): using free space tree [ 152.928569][ T5378] BTRFS info (device loop4): has skinny extents [ 153.305235][ T5378] BTRFS info (device loop4): enabling ssd optimizations [ 153.331695][ T150] block nbd1: Attempted send on invalid socket [ 153.337994][ T150] blk_update_request: I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 153.350396][ T263] block nbd1: Attempted send on invalid socket [ 153.356627][ T263] blk_update_request: I/O error, dev nbd1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 153.417833][ T5429] loop1: detected capacity change from 0 to 1024 [ 153.652268][ T5429] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 153.719671][ T4862] Bluetooth: hci1: command 0x0406 tx timeout [ 153.755028][ T5429] EXT4-fs (loop1): orphan cleanup on readonly fs [ 153.815757][ T5429] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz.1.225: Invalid inode table block 0 in block_group 0 [ 153.915606][ T5429] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 153.950847][ T5429] EXT4-fs error (device loop1): ext4_quota_write:6619: inode #3: comm syz.1.225: mark_inode_dirty error [ 153.979801][ T5442] loop3: detected capacity change from 0 to 64 [ 153.994621][ T5439] netlink: 36 bytes leftover after parsing attributes in process `syz.2.227'. [ 154.019788][ T5429] Quota error (device loop1): write_blk: dquota write failed [ 154.057866][ T5429] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 154.098790][ T5429] EXT4-fs error (device loop1): ext4_acquire_dquot:6207: comm syz.1.225: Failed to acquire dquot type 0 [ 154.189845][ T5429] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz.1.225: Invalid inode table block 0 in block_group 0 [ 154.269836][ T5429] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 154.309849][ T5429] EXT4-fs error (device loop1): ext4_ext_truncate:4456: inode #15: comm syz.1.225: mark_inode_dirty error [ 154.345258][ T5429] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz.1.225: Invalid inode table block 0 in block_group 0 [ 154.396854][ T5448] loop3: detected capacity change from 0 to 128 [ 154.430618][ T5429] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 154.465271][ T5429] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 154.535074][ T5429] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz.1.225: Invalid inode table block 0 in block_group 0 [ 154.598465][ T5450] loop2: detected capacity change from 0 to 1024 [ 154.615335][ T5429] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem [ 154.679212][ T5429] EXT4-fs error (device loop1): ext4_truncate:4273: inode #15: comm syz.1.225: mark_inode_dirty error [ 154.859304][ T5429] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 155.033413][ T5429] EXT4-fs (loop1): 1 truncate cleaned up [ 155.042983][ T5429] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 155.143994][ T5452] loop3: detected capacity change from 0 to 8192 [ 155.144807][ T5450] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.377524][ T5431] loop0: detected capacity change from 0 to 32768 [ 155.487198][ T5452] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 155.496693][ T5452] REISERFS (device loop3): using ordered data mode [ 155.503409][ T5452] reiserfs: using flush barriers [ 155.510174][ T5452] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 155.526723][ T5452] REISERFS (device loop3): checking transaction log (loop3) [ 155.544629][ T5452] REISERFS warning: reiserfs-5085 is_leaf: item length seems wrong: *3.5*[1 2 0(1) DIR], item_len 0, item_location 4004, free_space(entry_count) 2 [ 155.560121][ T5452] REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 155.570677][ T5431] diRead: diIAGRead returned -5 [ 155.570739][ T5431] jfs_lookup: iget failed on inum 196612 [ 155.575595][ T5452] REISERFS (device loop3): Remounting filesystem read-only [ 155.575625][ T5452] REISERFS error (device loop3): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] [ 155.814199][ T4853] Bluetooth: hci1: command 0x0406 tx timeout [ 155.907201][ T5465] loop3: detected capacity change from 0 to 2048 [ 156.274379][ T5473] Zero length message leads to an empty skb [ 156.460811][ T5479] netlink: 'syz.4.242': attribute type 21 has an invalid length. [ 156.513427][ T5479] netlink: 'syz.4.242': attribute type 6 has an invalid length. [ 156.536364][ T5479] netlink: 132 bytes leftover after parsing attributes in process `syz.4.242'. [ 156.718167][ T5482] loop0: detected capacity change from 0 to 2048 [ 156.812741][ T5488] loop2: detected capacity change from 0 to 7 [ 156.838916][ T5482] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 156.870222][ T5482] UDF-fs: Scanning with blocksize 512 failed [ 156.909042][ T5482] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 156.916219][ T5488] Dev loop2: unable to read RDB block 7 [ 156.932489][ T5490] netlink: 'syz.3.246': attribute type 25 has an invalid length. [ 156.974823][ T5490] netlink: 'syz.3.246': attribute type 7 has an invalid length. [ 156.990213][ T5488] loop2: AHDI p1 p2 p3 [ 156.994445][ T5488] loop2: partition table partially beyond EOD, truncated [ 157.055210][ T5488] loop2: p1 start 1601398130 is beyond EOD, truncated [ 157.090169][ T5488] loop2: p2 start 1702059890 is beyond EOD, truncated [ 157.314575][ T5501] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 157.379619][ T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 157.627208][ T5510] netlink: 12 bytes leftover after parsing attributes in process `syz.0.253'. [ 157.640989][ T23] usb 2-1: Using ep0 maxpacket: 8 [ 157.645882][ T5510] netlink: 28 bytes leftover after parsing attributes in process `syz.0.253'. [ 157.759919][ T23] usb 2-1: config index 0 descriptor too short (expected 19730, got 18) [ 157.768599][ T23] usb 2-1: config 0 has too many interfaces: 54, using maximum allowed: 32 [ 157.790590][ T23] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 54 [ 157.835721][ T4245] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 157.989870][ T23] usb 2-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=c4.6d [ 157.999146][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.008487][ T23] usb 2-1: Product: syz [ 158.013468][ T23] usb 2-1: Manufacturer: syz [ 158.023463][ T23] usb 2-1: SerialNumber: syz [ 158.039184][ T23] usb 2-1: config 0 descriptor?? [ 158.120014][ T4245] usb 5-1: Using ep0 maxpacket: 8 [ 158.259945][ T4245] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 158.287339][ T5525] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.302529][ T4245] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 158.312610][ T4245] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 158.343167][ T4245] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 158.348273][ T23] usb 2-1: USB disconnect, device number 3 [ 158.356795][ T4245] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 158.374805][ T4245] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.445404][ T5528] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.528059][ T5525] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.659843][ T4245] usb 5-1: GET_CAPABILITIES returned 0 [ 158.670150][ T4245] usbtmc 5-1:16.0: can't read capabilities [ 158.879709][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 158.891242][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 158.900385][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 158.909490][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 158.918612][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 158.927723][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 158.936838][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 158.946037][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 158.955165][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 158.964279][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 158.973416][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 158.982528][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 158.991638][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 159.000751][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 159.009853][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 159.018969][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 159.054314][ T4476] usb 5-1: USB disconnect, device number 4 [ 159.441703][ T5547] xt_hashlimit: size too large, truncated to 1048576 [ 160.519252][ T5569] netlink: 12 bytes leftover after parsing attributes in process `syz.4.277'. [ 160.531440][ T5572] netlink: 8 bytes leftover after parsing attributes in process `syz.0.278'. [ 160.799636][ T4476] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 161.001292][ T4389] wlan1: Trigger new scan to find an IBSS to join [ 161.079710][ T4476] usb 4-1: Using ep0 maxpacket: 32 [ 161.229886][ T4476] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 161.259611][ T4476] usb 4-1: config 155 interface 0 altsetting 0 has an invalid endpoint with address 0xE2, skipping [ 161.289645][ T4476] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 161.499880][ T4476] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 161.529494][ T4476] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.537920][ T4476] usb 4-1: Product: syz [ 161.542360][ T4476] usb 4-1: Manufacturer: syz [ 161.547025][ T4476] usb 4-1: SerialNumber: syz [ 161.622024][ T4476] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 161.639887][ T4476] imon 4-1:155.0: unable to initialize intf0, err -19 [ 161.657171][ T4476] imon:imon_probe: failed to initialize context! [ 161.663701][ T4476] imon 4-1:155.0: unable to register, err -19 [ 162.734006][ T5576] netlink: 'syz.4.280': attribute type 1 has an invalid length. [ 163.088468][ T5589] tmpfs: Unknown parameter 'quota' [ 163.198430][ T5593] tmpfs: Unknown parameter 'usrquota' [ 163.770025][ T23] usb 4-1: USB disconnect, device number 4 [ 163.928095][ T5617] comedi comedi3: driver 'ni_daq_700' does not support attach using comedi_config [ 164.349086][ T5630] syz.4.302 uses obsolete (PF_INET,SOCK_PACKET) [ 164.500644][ T4476] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 164.527030][ T5632] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 164.544604][ T5634] tls_set_device_offload_rx: netdev not found [ 164.580274][ T4245] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 164.869911][ T4245] usb 4-1: Using ep0 maxpacket: 8 [ 165.000233][ T1400] wlan1: Trigger new scan to find an IBSS to join [ 165.010472][ T4245] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 165.020568][ T4245] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 165.031327][ T4245] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 165.041738][ T4245] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 165.064652][ T4245] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 165.074530][ T4476] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 165.093353][ T4245] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.101913][ T4476] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.118041][ T4476] usb 1-1: Product: syz [ 165.134025][ T5648] block device autoloading is deprecated and will be removed. [ 165.141692][ T4476] usb 1-1: Manufacturer: syz [ 165.146416][ T4476] usb 1-1: SerialNumber: syz [ 165.153187][ T5649] block device autoloading is deprecated and will be removed. [ 165.221575][ T4476] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 165.379931][ T4245] usb 4-1: GET_CAPABILITIES returned 0 [ 165.386341][ T4245] usbtmc 4-1:16.0: can't read capabilities [ 165.589076][ T23] usb 4-1: USB disconnect, device number 5 [ 165.698436][ T5666] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 165.707632][ T5666] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 165.915458][ T1400] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.935776][ T4476] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 165.988720][ T5677] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 166.015676][ T5677] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 166.100419][ T5686] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.184575][ T5693] loop6: detected capacity change from 0 to 524287999 [ 166.201340][ C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.212485][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 166.225013][ C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.236044][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 166.249900][ C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.260990][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 166.270948][ C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.281949][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 166.335673][ T5686] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.346586][ C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.357561][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 166.379258][ C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.390346][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 166.408761][ C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.420235][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 166.434245][ C0] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.445308][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 166.453712][ T5693] ldm_validate_partition_table(): Disk read failed. [ 166.462720][ C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.473873][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 166.490733][ C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.501755][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 166.516565][ T5693] Dev loop6: unable to read RDB block 0 [ 166.525345][ T5693] loop6: unable to read partition table [ 166.536262][ T5693] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 166.621750][ T5686] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.641209][ T3562] ldm_validate_partition_table(): Disk read failed. [ 166.662214][ T3562] Dev loop6: unable to read RDB block 0 [ 166.673578][ T3562] loop6: unable to read partition table [ 166.771732][ T5686] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.914958][ T5703] udc-core: couldn't find an available UDC or it's busy [ 166.930350][ T5703] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 166.999733][ T4476] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 167.016441][ T4476] ath9k_htc: Failed to initialize the device [ 167.136359][ T5686] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.204233][ T5686] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.226282][ T5686] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.280046][ T5686] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.466361][ T5737] input: syz0 as /devices/virtual/input/input5 [ 167.980119][ T7] usb 1-1: USB disconnect, device number 3 [ 168.006639][ T7] usb 1-1: ath9k_htc: USB layer deinitialized [ 168.200401][ T5765] overlayfs: missing 'lowerdir' [ 170.072679][ T4188] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 170.083293][ T4188] CPU: 1 PID: 4188 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0 [ 170.091673][ T4188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.101765][ T4188] Workqueue: hci3 hci_rx_work [ 170.106481][ T4188] Call Trace: [ 170.109777][ T4188] [ 170.112738][ T4188] dump_stack_lvl+0x168/0x230 [ 170.117568][ T4188] ? show_regs_print_info+0x20/0x20 [ 170.122813][ T4188] ? load_image+0x3b0/0x3b0 [ 170.127367][ T4188] sysfs_create_dir_ns+0x252/0x280 [ 170.129370][ T5797] netlink: 12 bytes leftover after parsing attributes in process `syz.3.364'. [ 170.132513][ T4188] ? __lock_acquire+0x7c60/0x7c60 [ 170.146438][ T4188] ? sysfs_warn_dup+0xa0/0xa0 [ 170.151148][ T4188] ? le_conn_complete_evt+0xcbc/0x1590 [ 170.156647][ T4188] ? hci_event_packet+0xe05/0x12f0 [ 170.161795][ T4188] ? process_one_work+0x863/0x1000 [ 170.166945][ T4188] ? do_raw_spin_unlock+0x11d/0x230 [ 170.172184][ T4188] kobject_add_internal+0x662/0xd00 [ 170.177428][ T4188] kobject_add+0x152/0x210 [ 170.181885][ T4188] ? kobject_init+0x1d0/0x1d0 [ 170.186662][ T4188] ? klist_children_get+0x50/0x50 [ 170.191730][ T4188] ? get_device_parent+0x121/0x3f0 [ 170.196876][ T4188] device_add+0x483/0xfb0 [ 170.201253][ T4188] hci_conn_add_sysfs+0xd1/0x1e0 [ 170.206232][ T4188] le_conn_complete_evt+0xcbc/0x1590 [ 170.211575][ T4188] ? cs_le_create_conn+0x5e0/0x5e0 [ 170.216741][ T4188] ? __mutex_trylock_common+0x14f/0x250 [ 170.222336][ T4188] hci_le_meta_evt+0x289/0x3b80 [ 170.227249][ T4188] ? hci_event_packet+0x36d/0x12f0 [ 170.232402][ T4188] ? hci_event_packet+0x2e2/0x12f0 [ 170.237549][ T4188] ? __lock_acquire+0x7c60/0x7c60 [ 170.242640][ T4188] ? hci_remote_host_features_evt+0x280/0x280 [ 170.248747][ T4188] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 170.254419][ T4188] ? mark_lock+0x94/0x320 [ 170.258788][ T4188] ? mutex_unlock+0x10/0x10 [ 170.263336][ T4188] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 170.269362][ T4188] ? lock_chain_count+0x20/0x20 [ 170.274255][ T4188] ? __rwlock_init+0x140/0x140 [ 170.275783][ T5800] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 170.279064][ T4188] hci_event_packet+0xe05/0x12f0 [ 170.279097][ T4188] ? lockdep_hardirqs_on+0x94/0x140 [ 170.279129][ T4188] ? rcu_lock_release+0x20/0x20 [ 170.279154][ T4188] ? hci_send_to_monitor+0x9c/0x4a0 [ 170.317870][ T4188] hci_rx_work+0x255/0xa10 [ 170.322347][ T4188] process_one_work+0x863/0x1000 [ 170.327340][ T4188] ? worker_detach_from_pool+0x240/0x240 [ 170.333013][ T4188] ? lockdep_hardirqs_off+0x70/0x100 [ 170.338335][ T4188] ? _raw_spin_lock_irq+0xab/0xe0 [ 170.343407][ T4188] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 170.348820][ T4188] ? wq_worker_running+0x97/0x170 [ 170.353877][ T4188] worker_thread+0xaa8/0x12a0 [ 170.358615][ T4188] kthread+0x436/0x520 [ 170.363236][ T4188] ? rcu_lock_release+0x20/0x20 [ 170.368156][ T4188] ? kthread_blkcg+0xd0/0xd0 [ 170.372779][ T4188] ret_from_fork+0x1f/0x30 [ 170.377241][ T4188] [ 170.385224][ T4188] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 170.399405][ T4188] Bluetooth: hci3: failed to register connection device [ 170.444637][ T5799] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 170.619486][ T5807] tmpfs: Unknown parameter 'usrquota' [ 170.720471][ T5812] netlink: 8 bytes leftover after parsing attributes in process `syz.1.368'. [ 170.749011][ T5812] device veth0_virt_wifi entered promiscuous mode [ 170.757319][ T5812] device batadv_slave_0 entered promiscuous mode [ 170.798651][ T5814] kvm: pic: non byte write [ 170.824358][ T5814] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 170.880303][ T5814] kvm: pic: non byte write [ 171.063338][ T5823] 9pnet_virtio: no channels available for device syz [ 171.346651][ T5834] tipc: Started in network mode [ 171.357763][ T5834] tipc: Node identity ca83aafe6c71, cluster identity 4711 [ 171.380081][ T5834] tipc: Enabled bearer , priority 0 [ 171.394559][ T5834] device syzkaller0 entered promiscuous mode [ 171.466545][ T5832] tipc: Resetting bearer [ 171.508300][ T5832] tipc: Disabling bearer [ 171.786179][ T5855] binder: 5851:5855 ioctl c0306201 200000001440 returned -11 [ 171.805639][ T5849] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 171.826558][ T5849] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 171.930167][ T5858] input: syz0 as /devices/virtual/input/input6 [ 172.170140][ T7] [ 172.172517][ T7] ====================================================== [ 172.179550][ T7] WARNING: possible circular locking dependency detected [ 172.186595][ T7] 5.15.189-syzkaller #0 Not tainted [ 172.191941][ T7] ------------------------------------------------------ [ 172.198982][ T7] kworker/0:0/7 is trying to acquire lock: [ 172.204808][ T7] ffff8880745d8c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 172.215991][ T7] [ 172.215991][ T7] but task is already holding lock: [ 172.223374][ T7] ffffffff8d4be228 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x43/0x170 [ 172.232500][ T7] [ 172.232500][ T7] which lock already depends on the new lock. [ 172.232500][ T7] [ 172.242935][ T7] [ 172.242935][ T7] the existing dependency chain (in reverse order) is: [ 172.251992][ T7] [ 172.251992][ T7] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 172.260118][ T7] __mutex_lock_common+0x1eb/0x2390 [ 172.265868][ T7] mutex_lock_nested+0x17/0x20 [ 172.271194][ T7] rfkill_register+0x33/0x8a0 [ 172.276467][ T7] hci_register_dev+0x452/0x970 [ 172.281867][ T7] vhci_create_device+0x32c/0x5c0 [ 172.287446][ T7] vhci_write+0x391/0x450 [ 172.292341][ T7] vfs_write+0x712/0xd00 [ 172.297136][ T7] ksys_write+0x14d/0x250 [ 172.302192][ T7] do_syscall_64+0x4c/0xa0 [ 172.307167][ T7] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 172.313625][ T7] [ 172.313625][ T7] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 172.321493][ T7] __mutex_lock_common+0x1eb/0x2390 [ 172.327258][ T7] mutex_lock_nested+0x17/0x20 [ 172.332590][ T7] vhci_send_frame+0x88/0x100 [ 172.337823][ T7] hci_send_frame+0x1a9/0x2e0 [ 172.343062][ T7] hci_tx_work+0x9f9/0x1710 [ 172.348121][ T7] process_one_work+0x863/0x1000 [ 172.353618][ T7] worker_thread+0xaa8/0x12a0 [ 172.358861][ T7] kthread+0x436/0x520 [ 172.363498][ T7] ret_from_fork+0x1f/0x30 [ 172.368490][ T7] [ 172.368490][ T7] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 172.377731][ T7] __flush_work+0xdd/0x1b0 [ 172.382710][ T7] hci_dev_do_close+0x1e7/0x1030 [ 172.388367][ T7] hci_dev_close+0xd7/0x180 [ 172.393427][ T7] sock_do_ioctl+0xd3/0x2f0 [ 172.398515][ T7] sock_ioctl+0x4ed/0x6e0 [ 172.403402][ T7] __se_sys_ioctl+0xfa/0x170 [ 172.408593][ T7] do_syscall_64+0x4c/0xa0 [ 172.413569][ T7] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 172.420037][ T7] [ 172.420037][ T7] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 172.427726][ T7] __mutex_lock_common+0x1eb/0x2390 [ 172.433492][ T7] mutex_lock_nested+0x17/0x20 [ 172.438815][ T7] bg_scan_update+0x44/0x3b0 [ 172.443975][ T7] process_one_work+0x863/0x1000 [ 172.449482][ T7] worker_thread+0xaa8/0x12a0 [ 172.454723][ T7] kthread+0x436/0x520 [ 172.459343][ T7] ret_from_fork+0x1f/0x30 [ 172.464313][ T7] [ 172.464313][ T7] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 172.474167][ T7] __lock_acquire+0x2c33/0x7c60 [ 172.479592][ T7] lock_acquire+0x197/0x3f0 [ 172.484649][ T7] __flush_work+0xdd/0x1b0 [ 172.489620][ T7] __cancel_work_timer+0x3ac/0x520 [ 172.495286][ T7] hci_request_cancel_all+0xcc/0x300 [ 172.501229][ T7] hci_dev_do_close+0x4e/0x1030 [ 172.506636][ T7] hci_rfkill_set_block+0x10a/0x190 [ 172.512392][ T7] rfkill_set_block+0x1c6/0x420 [ 172.517803][ T7] rfkill_epo+0x75/0x170 [ 172.522603][ T7] rfkill_op_handler+0x76/0x220 [ 172.528017][ T7] process_one_work+0x863/0x1000 [ 172.533502][ T7] worker_thread+0xaa8/0x12a0 [ 172.538734][ T7] kthread+0x436/0x520 [ 172.543659][ T7] ret_from_fork+0x1f/0x30 [ 172.548723][ T7] [ 172.548723][ T7] other info that might help us debug this: [ 172.548723][ T7] [ 172.558979][ T7] Chain exists of: [ 172.558979][ T7] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 172.558979][ T7] [ 172.574742][ T7] Possible unsafe locking scenario: [ 172.574742][ T7] [ 172.582223][ T7] CPU0 CPU1 [ 172.587620][ T7] ---- ---- [ 172.593013][ T7] lock(rfkill_global_mutex); [ 172.597817][ T7] lock(&data->open_mutex); [ 172.604960][ T7] lock(rfkill_global_mutex); [ 172.612515][ T7] lock((work_completion)(&hdev->bg_scan_update)); [ 172.619878][ T7] [ 172.619878][ T7] *** DEADLOCK *** [ 172.619878][ T7] [ 172.628054][ T7] 3 locks held by kworker/0:0/7: [ 172.633027][ T7] #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 [ 172.643447][ T7] #1: ffffc90000cc7d00 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 [ 172.653882][ T7] #2: ffffffff8d4be228 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x43/0x170 [ 172.663444][ T7] [ 172.663444][ T7] stack backtrace: [ 172.669366][ T7] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 5.15.189-syzkaller #0 [ 172.677383][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.687481][ T7] Workqueue: events rfkill_op_handler [ 172.692916][ T7] Call Trace: [ 172.696235][ T7] [ 172.699207][ T7] dump_stack_lvl+0x168/0x230 [ 172.703927][ T7] ? load_image+0x3b0/0x3b0 [ 172.708469][ T7] ? show_regs_print_info+0x20/0x20 [ 172.713709][ T7] ? print_circular_bug+0x12b/0x1a0 [ 172.718938][ T7] check_noncircular+0x274/0x310 [ 172.723913][ T7] ? add_chain_block+0x940/0x940 [ 172.728994][ T7] ? lockdep_lock+0xdc/0x1e0 [ 172.733621][ T7] ? __lock_acquire+0x12d9/0x7c60 [ 172.738689][ T7] ? lockdep_lock+0x1e0/0x1e0 [ 172.743432][ T7] ? mark_lock+0x94/0x320 [ 172.747799][ T7] __lock_acquire+0x2c33/0x7c60 [ 172.752693][ T7] ? mark_lock+0x94/0x320 [ 172.757066][ T7] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 172.763092][ T7] ? verify_lock_unused+0x140/0x140 [ 172.768341][ T7] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 172.774568][ T7] lock_acquire+0x197/0x3f0 [ 172.779118][ T7] ? __flush_work+0xc1/0x1b0 [ 172.783743][ T7] ? __lock_acquire+0x7c60/0x7c60 [ 172.788804][ T7] ? read_lock_is_recursive+0x10/0x10 [ 172.794214][ T7] ? start_flush_work+0x776/0x820 [ 172.803103][ T7] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 172.815788][ T7] __flush_work+0xdd/0x1b0 [ 172.823154][ T7] ? __flush_work+0xc1/0x1b0 [ 172.833732][ T7] ? flush_work+0x20/0x20 [ 172.839021][ T7] ? try_to_grab_pending+0xf3/0x7e0 [ 172.844619][ T7] ? lockdep_hardirqs_off+0x70/0x100 [ 172.852338][ T7] ? mark_lock+0x94/0x320 [ 172.859539][ T7] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 172.866011][ T7] ? lock_chain_count+0x20/0x20 [ 172.873208][ T7] ? lockdep_hardirqs_off+0x70/0x100 [ 172.880267][ T7] ? mark_lock+0x94/0x320 [ 172.885059][ T7] ? __cancel_work_timer+0x331/0x520 [ 172.892809][ T7] __cancel_work_timer+0x3ac/0x520 [ 172.899014][ T7] ? cancel_work_sync+0x20/0x20 [ 172.903981][ T7] ? __cancel_work+0x1f4/0x2d0 [ 172.909241][ T7] ? lockdep_hardirqs_on+0x94/0x140 [ 172.914773][ T7] ? __cancel_work+0x26f/0x2d0 [ 172.920979][ T7] ? cancel_work+0x20/0x20 [ 172.926229][ T7] hci_request_cancel_all+0xcc/0x300 [ 172.932954][ T7] hci_dev_do_close+0x4e/0x1030 [ 172.939841][ T7] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 172.946113][ T7] ? _raw_spin_unlock+0x40/0x40 [ 172.952495][ T7] ? kobject_uevent_env+0x371/0x890 [ 172.957719][ T7] hci_rfkill_set_block+0x10a/0x190 [ 172.963015][ T7] ? rcu_lock_release+0x20/0x20 [ 172.967868][ T7] rfkill_set_block+0x1c6/0x420 [ 172.972724][ T7] rfkill_epo+0x75/0x170 [ 172.976971][ T7] rfkill_op_handler+0x76/0x220 [ 172.981828][ T7] process_one_work+0x863/0x1000 [ 172.986774][ T7] ? worker_detach_from_pool+0x240/0x240 [ 172.992410][ T7] ? lockdep_hardirqs_off+0x70/0x100 [ 172.997706][ T7] ? _raw_spin_lock_irq+0xab/0xe0 [ 173.002734][ T7] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 173.008112][ T7] ? wq_worker_running+0x97/0x170 [ 173.013140][ T7] worker_thread+0xaa8/0x12a0 [ 173.017839][ T7] kthread+0x436/0x520 [ 173.021910][ T7] ? rcu_lock_release+0x20/0x20 [ 173.026932][ T7] ? kthread_blkcg+0xd0/0xd0 [ 173.031543][ T7] ret_from_fork+0x1f/0x30 [ 173.035989][ T7]