last executing test programs: 8.897415668s ago: executing program 1 (id=1480): syz_clone3(&(0x7f0000000080)={0x180801400, &(0x7f0000000000), 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_io_uring_setup(0x1a5a, &(0x7f0000000200)={0x0, 0xcd3e, 0x10100, 0x4, 0x6}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x79a5, 0x2, 0x46, 0x0, 0x0) 8.722470482s ago: executing program 1 (id=1481): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$usbfs(&(0x7f0000003f00), 0xba5d, 0xa401) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 4.630878565s ago: executing program 1 (id=1500): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0}) 4.369105436s ago: executing program 1 (id=1503): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d010203010902120001"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$usbfs(&(0x7f0000003f00), 0xba5d, 0xa401) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a300000000040000380080001400000000008000240000000002c0900000000000000656e65766530000000000000000000140001007767320000000000000000000000000048000000180a0101000b000000000000010000000900020073797a3000000000090001007379"], 0xfc}}, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 3.218602779s ago: executing program 2 (id=1511): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_N2(r0, 0x103, 0x3, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)={0x14, r5, 0x711, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x24004894}, 0x0) 3.218349179s ago: executing program 0 (id=1512): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x2, [@enum64={0x9, 0x5, 0x0, 0x13, 0x0, 0x1, [{0x9, 0x6, 0x4}, {0x4, 0xffffff9d}, {0xd, 0x13, 0xb4b2}, {0x6, 0x8, 0xb79}, {0xb, 0xd3d7, 0x80000001}]}]}}, &(0x7f0000000100)=""/141, 0x62, 0x8d, 0x1, 0x7}, 0x28) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="180800ec0c00000000000000000000001801000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000040)={'tunl0\x00', 0x0, 0x8000, 0x7800, 0x9, 0x1, {{0x5, 0x4, 0x0, 0x3e, 0x14, 0x64, 0x0, 0x7, 0x29, 0x0, @loopback, @loopback}}}}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 2.674863884s ago: executing program 0 (id=1513): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000059c0)='./bus\x00', 0x1400e, &(0x7f0000000100)={[{@quota}]}, 0x1, 0x441, &(0x7f00000009c0)="$eJzs28tvG8UfAPDvrp3219cvpiqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCgpC5YgqcUcckfgLOMEFASckrnBHlSrUSwsno7V3E8exncQ4ccGfj7TJzO5EM1/vjD2zEwcwtMayH0nE7oj4NSJGG9mVBcYav+7cujLz560rM0nUam/8kdTL3b51ZaYoWvzdriJTjkg/SeJgm3oXLl0+N12tzl3M8xOL59+dWLh0+Zmz56fPzJ2ZuzB18uTxY5PPnZh6ti9xZnHdPvDB/KH9r7x1/bWZU9ff/vHrpIi/JY4+Get28fFarc/VDdaepnRSHmBD2JBSY5jGSH38j0Yplm/eaLz88UAbB2yqWq1Wu6/z5as14D8siUG3ABiM4oM+W/8WxxZNPe4KN19oLICyuO/kR+NKOdK8zEjL+rafxiLi1NW/vsiO2JznEAAAK3ybzX+ebjf/S6P5udD/8z2USkTcExF7I+JEROyLiHsj6mXvj4gHNlh/6ybJ6vlPeqOnwNYpm/89n+9trZz/FbO/qJTy3J56/CPJ6bPVuaP5a3IkRrZn+ckudXz30i+fdbrWPP/Ljqz+Yi6Yt+NGeXufgm3j5kcRB8rt4k+WdgKSiNgfEQd6rOPsk18d6nRt7fi76MM+U+3LiCca9/9qtMRfSLrvT078L6pzRyeKXrHaTz9fe71T/euKP/nncXaS3f+dEVF0sdXx76kkzfu1Cxuv49pvn3Zc0/TS/2enF6e3JW+uOPf+9OLixcmIbcmr9Xyl+fxUS7mp5fJZ/EcOtx//e2P5lTgYEVknfjAiHoqIh/O2PxIRj0bE4S7x//DiY+/0Hv/myuKfbfv+t9TpWu7/cmJbtJ5pnyid+/6bFZVWNhJ/dv+P11NH8jPZ/V8rrvW0q7feDAAAAP8+aUTsjiQdX0qn6fh443/498XOtDq/sPjU6fn3Lsw2viNQiZG0eNI12vQ8dDJf1hf5sZb8sfy58eelHfX8+Mx8dXbQwcOQ29Vh/Gd+Lw26dcCm830tGF7GPwwv4x+Gl/EPw6vN+N8xiHYAW6/d5/+HA2gHsPVaxr9tPxgi1v8wvMrW+zC0fP7DUFrYEWt/SV5CYlUi0ruiGRI9JtKI6FZm0O9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/fF3AAAA//+edt38") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x11, r0, 0x0) read(r0, &(0x7f0000001400)=""/4096, 0x1000) 2.260205447s ago: executing program 2 (id=1514): syz_mount_image$nilfs2(&(0x7f0000000080), &(0x7f0000000040)='./file2\x00', 0x3200400, &(0x7f0000000c00)=ANY=[], 0x1, 0xa76, &(0x7f00000000c0)="$eJzs3U2MG1cBAOA33vUmmwTilIQuSWgTftry091ms4SfCJqquRA1FbdKEZcoTUtEGhCpBK0qkeTEjVZVuPIjTuVQAUJqLyjqiUslGolLxaFw4EAUpEocoJC4iv2e136xNfb+2V5/n/T89s0bz3szOx6PZ+a9F4CJVWm8Li3NFSFcffPV4/984B+zd6Y82pqj1nidbktVQwhFTE9ny3tvqhnfev+lM93iIiw2XlM6PHmz9d7tIYRL4UC4Fmph79Xrr7y9+MTJyyeuHHzntaM31mftAQBgsnzr2tGlPX/7875dH7x+37GwpTU9nZ/XYnpHPO8/Fk/80/l/JXSmi7bQbiabbzqGSjbfVJf52supZvNN9yh/JltutZW/r2O+LSXlT7VN67beMM7SflwLRWW+I12pzM83f5OHxu/6mWL+wrnzz1wcUkWBNffv+0MIB4RBQ71e/3FjA45AXdY/3KgPvw7CeoT6zmEfgQCa8vuFd7mUX1lYndbSpvsr/+Zjle7vhzWw0fu/8ser/F9fjuWf+uu61oPJsFm/v9J6pc/RjpjO7yPkzy8N+vlPy5uKL9PZ8sv0uo8wLvcXetVzaoPrsVK96p/vF5vV12OctsM3svz2z0/+Px2X/zHQ3X8m7Pr/gRGow6YO1RGog9B3qA/7AASMrOXn5prqUcrPn+vL87eU5G8tyZ8tyd9Wkr+9JB8m2e+f/2l4uVj+nZ//ph/0eli6zvaRGH90wPrk1yMHLT9/7ndQqy0/f54YRtkbp586+5WnT11vPv9ftPb/23F/PxDTtfjZuhZnSNcL8+vqrWf/a53lVHrMd09Wn3TcqGxJ89ebJe7unK/Yvbyc0Hacuasec53v29lrvv2d89Wy+WZj2JrVNz8/2Za9L51/pONq2l7T2fpWs/WYyeqRjiu7YpzXA1Yi7Y+9nv9P++dcqBbPnDt/9pGYTvvpn6aqW+5MP9S+0N9sTN2B1em3/c9c6Gz/s6M1vVppPy7sXJ5etB8Xatn0xWaydZs8TT8c0+l77jtTs43p82e+d/7ptV55mHAXX3jxu6fPnz/7A3+kP2ZtFn/4Y9hHJmC9LTz/3PcXLr7w4sPnnjv97Nlnz144fOTI4cXFI189vLTQOK9faD+7BzaT5S/9YdcEAAAAAAAAAAAA6NcPTxy//pe3vvxus/3/cvu/1P4/Pfmb2v//JGv/n7eTT+3gUzvAXV3yG+PuvdFZj5lsvmoMH8vquzsrZ0/2vo/HuDWOX2z/n9rb5/26pvrcm03P++9N82XdCdzVX8pM1gdJPl7gp2J8Jca/CjBExWz3yTHu6N863N2/ddrXU/8U+qUYT+n/lvaG1I9Jav/dq1+ndPzftQF1ZO1tRHPCYa8j0N2/Rr7/77Yz8aHXZQKC7TxRoV43igcwGoY9/me67pniC3/85tY7Ic1287HO42XefymsxqiPP6n8URj/s1izSrTGv+vr+Neld/WOfp77H13hvz+/8W5bsWFvv8ffy9mqp36gd5eX2e6DWH5a/wdDf+XXf5mVn98Q6tP/svK39Vn+Xeu/f2Xl/z+WnzbbQ5/ut/xmjYtKZz3y68bp/l9+3Ti5la1/6ttz4PVf4UCNt2P5MMl6jzPb7wi2o2ko4/92uT+6UvlzGF+K6XQgTM855N/Ig9Y/PV+Rvgf2ZMsvSr7fxmWc4l4mffzfr8W47POQxv9N+2OtS7rSlq522bbjvq/AZvPeyN//G7NwaQTqIIxomB2BOnSGer2+vhe0Sgy1cIa+/Yd993nY5Q97+5fJx//Nz+Hz8X8r2Q+IfPzf/P35+L95fj6+Xp6fj/+bb898/N88/95sufkV7LmS/E+U5O8tyd+3nD/bLX9/yfs/WZJ/MMRzkh7595W8//6S/HtK8qdK8j9Tkv/ZkvwHSvIfKsn/XEn+Zpfao0zq+sMky9vn+fzD5Ej3f3p9/neX5APj62evH3r81O++XWu2/59p/V5L9/GOxXQ1/nb+UUzn971DW/pO3lsx/fcsf9Svd8AkyfvPyL/fHyzJB8ZXes7L5xsmUNG9x55++63qdZ7PePl8jL8Q4y/G+OEYz8d4IcaHYry4QfVjfTz+2z8cfblY/r2/M8vv93nyvD1Q3k/U4T7rk18fGPR59rwfv0GttvwVNgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYmkrjdWlprgjh6puvHn/q5LmFO1Mebc1Ra7xOt6WqrfeF8EiMp2L8i/jHrfdfOtMe345xERZDEYrW9PDkzVZJ20MIl8KBcC3Uwt6r1195e/GJk5dPXDn4zmtHb6zfFgAAAIDN78MAAAD//+bcHCE=") open(&(0x7f0000000180)='./bus\x00', 0xa37e, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='io\x00') r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) 1.912797185s ago: executing program 0 (id=1516): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x6c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0xe, 0x4}, {}, {0xfff2, 0xffff}}, [@filter_kind_options=@f_matchall={{0xd}, {0x38, 0x2, [@TCA_MATCHALL_ACT={0x34, 0x2, [@m_gact={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffffd, 0x400, 0x1, 0x6, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.419131515s ago: executing program 0 (id=1519): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x43, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=") sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x4810) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, &(0x7f00000000c0)) 1.350382881s ago: executing program 2 (id=1520): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]}) 1.310784364s ago: executing program 3 (id=1521): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r1, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x7, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3a}}, 0x10) r2 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000003c0)=[{0x0, 0x1, 0x2, 0xa}], 0x10, 0x8}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[], 0x0, 0x32}, 0x28) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r3, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r3, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x80}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, 0x0}}], 0x3, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)}, 0x0) setsockopt$sock_attach_bpf(r2, 0x84, 0x10, &(0x7f0000000000), 0x8) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r4, 0x1) sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 1.170371356s ago: executing program 3 (id=1522): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000080)='./file0\x00', 0xa00004, &(0x7f0000000980)={[{@adinicb}, {@iocharset={'iocharset', 0x3d, 'maciceland'}}, {@utf8}, {@uid}, {}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@mode={'mode', 0x3d, 0x8}}, {@iocharset={'iocharset', 0x3d, 'iso8859-13'}}, {@adinicb}, {@gid_forget}, {@lastblock={'lastblock', 0x3d, 0x7}}, {@gid_forget}, {@anchor={'anchor', 0x3d, 0x907}}]}, 0x1, 0xc4d, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfGy3FldxWTJwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQwWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xr546nTaZsOhh9AYAOCBuDz2tVNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+/LzQ+e7eak98wH199pn49WxKxcbL83enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvnZr8vr1hcaZ585u2nx74L3+J44PXBh65uTT3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORopnv/+z1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnz32Fq6mt/6UZ2HL1UDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/ijilUjx87dPxLV8n6nuNV+MeKXMH0a8WeaLEan8YpyLeHeb7xGPploU8efl9b+wliar+0H3vnLp642vzlyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcRnIsXL//ZH1bjiqMalH7sw9PsDv9w7ZvypD9lPWfa5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vv2wGwMAAAAAAAAAAAAAAAAAAPCxVsRPI8UL75xIy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIt6PFN/55lqKFBHNiIno5Er/w24dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDqT0X8IFI0/qB5Z10tIlL1b8eJ8pdz0Txc5iejOVTmi9G8mLNVZa357YfQfnanLxXxk0jRX3/rzgXP17+v8+nO1yDe/NbGp8/WOnmou3Hgvf4njh+7MDTy+ad2Wk7bNWDwUnvm1u3G+PDIyFjP6lo++id71g3k4xZ703UiYuH1N15rTU9Pzd//QvkVuM/q3Su5i6M/yIVUe2SaamEvFqJ2IJrxcPq+Sf1h3JzYd+Xz/91I8dvv/Hv3gd95/tfjlzqf7jzh4xd/svH8f2Hrju7x+V/bWi8//8snwXbP/yd71r2QfzfSV4uoL96c6zseUV94/Y2T7ZutG1M3pmbOnTr1laGhr5w91Xc4on69PT3Vs7QnpwsAAAAAAAAAAAAAAADgwUlF/G6kaP1kLTUi4nY1XmvgwtAzJ58+FIeq8Vabxm2/OnblYuOl2Ztz81MLC1OTjfGZ9rXZyal7PVy9Gu41PjyyL535UEf2uf1H6i/Nzr0+377xh4vbbj9av3h1YXG+dW37zXEkiohm75rBqsHjwyNVo6fbrZmq6ui2g+k/ur5UxH9EimvnGukLeV0e/791hP+m8f9LW3e0h+P/P390Y/zfJ3qKlsdMqYhfRIrf+oun4gtVO4/GXecsl/ubSDF4/nO5XBwuy3Xb0HmvQGdkYFn2fyLFP7y/uWx3POSTG2VPf6ST+wgor/+xSPGDP/te/Hpet/n9D9tf/6Nbd7RP73/4VM+6o5veV7DrrpOv/8lI8eKTb8VvVGv+7wPf/9F9Y8OJTuGN93Ps0/X/1Z51A/m4v7lXnQcAAAAAAAAAAHiE9aUi/jZS/Giklp7P6+7l7/9Nbt3RPv39r0/3rJvcm/mKPnRh1ycVAAAAAA6IvlTETyPFjcW37oyh3jz+u2f85+9sjP8cTlu2Vn/O9yvVewP28s//eg3k407svtsAAAAAAAAAAAAAAAAAAABwoKRUxPN5PvWJajz/5I7zqa9Eipf/69lcLh0vy3XngR+ofq1fnp05eXF6erYei62r01ONsbnWtamy7qcixdpffy7XLar51bvzzXfmeN+Yi30+Uoz8XbdsZy727tzknfnA6+vrEafLsp+IFP/595vL5qmp89zR1X7PlGX/KlJ845+2L3t8o+zZsuz3IsWPv9Holj1alu2+H/XTG2WfuzZb7MNVAQAAAAAAAAAAAAAAAAAA4OOmLxXxp5Hiv28u3xnLn+f/7+v5WHnzWz3z/W9xu5rnf6Ca/3+n5fuZ/796r8DSTkcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHU4oi3ogUc5fX0kp/+bmjfqk9c+v2+PDI9tWOpKrmoap8+VM/febsuS8/P3S+mx9cf699Jl4du3Kx8dLszbn5qYWFqcnG+Ez72uzk1D3vYbf1txqsTkDj5mu3Jq9fX2icee7sps23B97rf+L4wIWhZ04+3S07PjwyMtZTptZ330e/S9ph/eEo4i8jxbPf/1n6UX9EEbs/Fx/y3dlvR6pODFadGB8eqToy3W7NLJYbR7snooho9FRqds/RA7gWu9KMWCqbXzZ4sOze2FxrvnV1eqox2ppfbC+2Z2dGU6e1ZX8aUcT5FLEcEav9d++uL4p4LVJ899ha+uf+iEPd8/Cly2NfO3Vm53YU+9jHe1C2s9EXsVw8AtfsAOuPIv4xUvz87RPxL/0Rtej8xBcjXinzhxFvRud6p/KLcS7i3W2+RzyaalHE/5bX/8Jaeru/vB907yuXvt746sz12Z6y3fvKI/98eJAO+L2pHkX8uLrjr6V/9d81AAAAAAAAAAAAAAAAwAFSxK9FihfeOZGq8cF3xhS3Z240rrSuTneG9XXH/nXHTK+vr683UiebOSdyLuVczrmSczVnFLl+zmaZ9fX1ifx5KedyzpWcqznjUK6fs5lzIudSzuWcKzlXc0Yt18/ZzDmRcynncs6VnKs544CM3QMAAAAAAAAAAAAAAAAAAB4vRfVPiu98cy2t93fml56ITq6YD/Sx9/8BAAD//9kg9g0=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) 1.076160453s ago: executing program 3 (id=1523): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d010203010902120001000000000904"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$usbfs(&(0x7f0000003f00), 0xba5d, 0xa401) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 1.008148389s ago: executing program 0 (id=1524): r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)}], 0x1, 0x0, 0x0, 0x600}, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, "fbddf0", 0x8, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @loopback, {[], @echo_request={0x80, 0x0, 0x0, 0x0, 0x9}}}}}}, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$sock_linger(r3, 0x1, 0x3d, &(0x7f00000002c0)={0x1}, 0x8) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x800) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r4 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) r6 = syz_init_net_socket$ax25(0x3, 0x2, 0xc4) ioctl$sock_TIOCOUTQ(r6, 0x5411, &(0x7f0000000040)) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6(0xa, 0x2, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffff274}]}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x5, 0xb68, 0xfffffffffffffeb9, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0xe}, 0x48) 906.546257ms ago: executing program 2 (id=1525): write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x4, 0x0, {0x3}}, 0x28) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0) mount(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000040)='smb3\x00', 0x4000, &(0x7f00000000c0)='rdma') 846.924732ms ago: executing program 2 (id=1526): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi1\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4f27, 0x1, 0x10000, 0x4, 0x5, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e58, 0xb, 0xe69, 0x3c, 0x8, 0x6, 0x0, 0xfffffff8]}) preadv(r0, &(0x7f0000001cc0)=[{&(0x7f0000000200)=""/130, 0x82}], 0x1, 0x0, 0x7f) 745.98283ms ago: executing program 2 (id=1527): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x9d, 0xea, 0x78, 0x40, 0x18b4, 0xfffb, 0xdc7b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0xa0, 0x1f, 0x71}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000000)={0x0, 0x0, 0x1, "01"}, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0x0, &(0x7f00000001c0)}, {0x2, 0x201, 0x0, 0x0}], 0x2}) 525.649648ms ago: executing program 1 (id=1528): socket$inet(0x10, 0x800, 0xfffff959) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x2000000, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {}, {0x4, 0xffff}}, [@filter_kind_options=@f_basic={{0xa}, {0x14, 0x2, [@TCA_BASIC_EMATCHES={0x10, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1404c885}, 0x2000d8d0) 438.570385ms ago: executing program 3 (id=1529): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x2000000, &(0x7f0000000080), 0x1, 0x45f, &(0x7f0000001300)="$eJzs3MtrXNUfAPDvvZO0vz6TX62PPtRoFYOPpEmrduFCRcGFguCmLmOSltppI00EW4pWkboRpOBeXAr+Ba50I+pKcKt7KRTpxioII3fm3syjM9MknWRi5/OB25xz75mc851zz8y59/QmgIE1lv2TROyMiF8jYqSWbS4wVvtx4/rF2b+uX5xNolJ544+kWu7P6xdni6LF63bkmfE0Iv04iQNt6l08f+H0TLk8fy7PTy6deWdy8fyFp06dmTk5f3L+7PSxY0ePTD37zPTTPYnz/1lb97+/cHDfK29eeW32+JW3fvw6KeJvieM2VfL3YaxboUcrlR5VtznsakgnQ31sCKtSioisu4ar438kSlHvvJF4+aO+Ng5YV5Vch8OXKsAdLIl+twDoj+KLPrv+LbaNm33037UXahdAWdw38q12ZCjSqF0YDbdc3/bSWEQcv/T3F9kWvb0PAQDQ1rfZ/OfJdvO/NO5pKLc7XxsazddS9kTEXRGxNyLujqiWvTci7ltl/a2LJJ/ubp3/pFfXFNgKZfO/5/K1reb5X1oUGS3luV3VzHBy4lR5/nD+nozH8NYsP9Wlju9e+uWzTsca53/ZltVfzAXzdlwd2tr8mrmZpZnbibnRtQ8j9g+1iz9ZXglIImJfROxfYx2nHv/qYKdjrfFXkm6/6fnmbA/WmSpfRjxW6/9L0RJ/Iem+Pjn5vyjPH54szoqb/fTz5dc71X/r/l9fWf9vb3v+L8c/mjSu1y6uvo7Lv33S8ZpmYk3nf33HlvznezNLS+emIrYkr9Ya3bh/uv7aIl+Uz+IfP9R+/O+J+jtxICKyk/j+iHggIh7M++6hiHg4Ig51if+HFx95u9OxzdD/cy39P9pcpKX/64kt0bqnfaJ0+vtvmn9jPbmyz7+j1dR4vif//Pun2wr6Stq1trMZAAAA/nvSiNgZSTqxnE7TiYna/+HfG9vT8sLi0hMnFt49O1d7RmA0htPiTlftfnDtfuhUfllf5Kdb8kfy+8afl7ZV8xOzC+W5fgcPA25Hh/Gf+b3U79YB687zWjC4jH8YXMY/DC7jHwZX8QdAGmzrV1uAjdXu+/+DerIyspGNATZUy/i37AcDxPU/DC7jHwZX4/jv+vw9cCdZ3Ba3fkheQuKmRKR5ovj22CwNW0siWedRsLPfAa4+0ecPJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB75NwAA//8p2uPf") r0 = open(&(0x7f0000000000)='./file2\x00', 0x144c82, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) r3 = syz_open_dev$swradio(&(0x7f0000000300), 0x0, 0x2) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc0f8565c, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000100)={'syztnl2\x00', &(0x7f0000000440)={'syztnl0\x00', r2, 0x1, 0x8, 0x5, 0x75, {{0x14, 0x4, 0x0, 0x34, 0x50, 0x66, 0x0, 0x72, 0x2f, 0x0, @remote, @broadcast, {[@end, @timestamp_prespec={0x44, 0x4, 0xf4, 0x3, 0x9}, @lsrr={0x83, 0xb, 0xd2, [@dev={0xac, 0x14, 0x14, 0x24}, @empty]}, @lsrr={0x83, 0x1f, 0x31, [@remote, @multicast2, @multicast2, @rand_addr=0x64010100, @remote, @remote, @loopback]}, @end, @ssrr={0x89, 0xb, 0x4, [@local, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}}) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)=@updpolicy={0x228, 0x19, 0x20, 0x70bd28, 0x25dfdbfe, {{@in=@broadcast, @in6=@dev={0xfe, 0x80, '\x00', 0x3f}, 0x4e23, 0x0, 0x4e20, 0x3, 0x2, 0x0, 0x60, 0x33, r2}, {0x400, 0x6, 0x5, 0x10001, 0x5, 0x8, 0x1, 0xd}, {0x967, 0x69, 0xa, 0xfffffffffffffff9}, 0x0, 0x6e6bbc, 0x2, 0x0, 0x3, 0x2}, [@etimer_thresh={0x8, 0xc, 0x8}, @encap={0x1c, 0x4, {0x3, 0x4e21, 0x4e21, @in6=@local}}, @XFRMA_IF_ID={0x8, 0x1f, 0x4}, @proto={0x5, 0x19, 0x32}, @sa={0xe0, 0x6, {{@in=@remote, @in=@dev={0xac, 0x14, 0x14, 0xd}, 0x4e22, 0x100, 0x4e22, 0x0, 0x2, 0x20, 0x80, 0x5c, r5, 0xffffffffffffffff}, {@in6=@loopback, 0x4d2, 0x3c}, @in=@local, {0x5e39, 0x4, 0x7, 0x3ff, 0x3, 0x1, 0x9, 0x7}, {0x3, 0x5, 0x2, 0x9}, {0x0, 0x3, 0x3}, 0x70bd2b, 0x3500, 0xa, 0x1}}, @algo_aead={0x60, 0x12, {{'authencesn(sha224-arm64-neon,ctr-camellia-asm)\x00'}, 0xa0, 0x60, "8568a043f60eb20978c3c70b764845e52f5c0354"}}]}, 0x228}}, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@bridge_setlink={0x20, 0x13, 0xa2f, 0x70bd25, 0x0, {0x7, 0x0, 0x68, 0x0, 0x900}}, 0x20}}, 0x40) ioctl$SIOCGSKNS(r0, 0x894c, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x49, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1}}) 147.506438ms ago: executing program 3 (id=1530): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r1, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x7, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3a}}, 0x10) r2 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000003c0)=[{0x0, 0x1, 0x2, 0xa}], 0x10, 0x8}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[], 0x0, 0x32}, 0x28) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r3, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r3, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x80}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, 0x0}}], 0x3, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)}, 0x0) setsockopt$sock_attach_bpf(r2, 0x84, 0x10, &(0x7f0000000000), 0x8) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r4, 0x1) sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 26.290608ms ago: executing program 3 (id=1531): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRESHEX=0x0], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x200000000000003e, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000940), 0x81000, 0x0) ioctl$PTP_SYS_OFFSET(r1, 0x43403d05, 0x0) openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, 0x0, 0x0) ioprio_set$pid(0x6, 0x0, 0x2004) syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e22, @remote}, 0x10) ioprio_set$pid(0x1, 0x0, 0x4007) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="1800d252dbe47dc21a000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x4c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000380)='mr_dereg\x00', r7, 0x0, 0x6}, 0x18) sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f68737200000000140001"], 0xfc}}, 0x20000004) sendfile(r4, r5, 0x0, 0x20000023896) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) 13.840159ms ago: executing program 0 (id=1532): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) r1 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r1, &(0x7f0000000740)=[{{&(0x7f00000002c0)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000540)='Po', 0x2}], 0x1}}], 0x1, 0x0) 0s ago: executing program 1 (id=1533): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) dup(0xffffffffffffffff) accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100)) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0xfffffffc, 0x4, 0x3, 0x0, 0x5}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x10}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) modify_ldt$read(0x0, 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40186f40, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r3, 0x0, 0x800000008ec0, 0xa) kernel console output (not intermixed with test programs): ad [ 106.655891][ T6108] hub 8-0:1.0: USB hub found [ 106.668282][ T6108] hub 8-0:1.0: 1 port detected [ 108.970914][ T6118] loop3: detected capacity change from 0 to 32768 [ 109.018080][ T6118] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 109.480778][ T27] audit: type=1326 audit(1754613523.240:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6117 comm="syz.3.60" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcc1278ebe9 code=0x0 [ 109.791032][ T5786] ocfs2: Unmounting device (7,3) on (node local) [ 111.045615][ T6135] sctp: [Deprecated]: syz.2.69 (pid 6135) Use of struct sctp_assoc_value in delayed_ack socket option. [ 111.045615][ T6135] Use struct sctp_sack_info instead [ 111.945747][ T6139] netlink: 36 bytes leftover after parsing attributes in process `syz.0.64'. [ 115.744263][ T6151] loop1: detected capacity change from 0 to 32768 [ 115.857231][ T6151] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 115.995065][ T6151] (syz.1.75,6151,0):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options [ 116.086053][ T6171] ubi: mtd0 is already attached to ubi31 [ 116.701529][ T6174] netlink: 36 bytes leftover after parsing attributes in process `syz.3.80'. [ 117.292563][ T6151] syz.1.75 (6151) used greatest stack depth: 19312 bytes left [ 117.432209][ T5784] ocfs2: Unmounting device (7,1) on (node local) [ 119.630198][ T6198] loop0: detected capacity change from 0 to 32768 [ 119.745215][ T6198] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 119.959003][ T27] audit: type=1326 audit(1754613533.950:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6197 comm="syz.0.89" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f632278ebe9 code=0x0 [ 120.564193][ T5787] ocfs2: Unmounting device (7,0) on (node local) [ 120.890815][ T6212] loop3: detected capacity change from 0 to 1024 [ 120.908894][ T6194] loop1: detected capacity change from 0 to 40427 [ 120.930183][ T6194] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff [ 120.942533][ T6194] F2FS-fs (loop1): Image doesn't support compression [ 120.959786][ T6194] F2FS-fs (loop1): Image doesn't support compression [ 120.986413][ T6194] F2FS-fs (loop1): invalid crc value [ 121.123587][ T6194] F2FS-fs (loop1): Found nat_bits in checkpoint [ 121.167321][ T6212] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.244923][ T6219] ubi: mtd0 is already attached to ubi31 [ 121.424154][ T6194] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 121.506731][ T27] audit: type=1800 audit(1754613535.520:4): pid=6194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.87" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 122.582743][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.805596][ T5784] syz-executor: attempt to access beyond end of device [ 122.805596][ T5784] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 123.300095][ T5784] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 123.400930][ T6229] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 123.927784][ T6233] loop3: detected capacity change from 0 to 32768 [ 124.051940][ T6233] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 124.053163][ T6236] loop0: detected capacity change from 0 to 64 [ 124.275686][ T27] audit: type=1326 audit(1754613538.280:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6232 comm="syz.3.98" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcc1278ebe9 code=0x0 [ 125.363527][ T5786] ocfs2: Unmounting device (7,3) on (node local) [ 126.126613][ T6249] hub 8-0:1.0: USB hub found [ 126.139414][ T6249] hub 8-0:1.0: 1 port detected [ 126.377251][ T6253] ubi: mtd0 is already attached to ubi31 [ 127.327596][ T6257] loop1: detected capacity change from 0 to 1024 [ 127.362763][ T6260] 9pnet_fd: Insufficient options for proto=fd [ 127.530583][ T6257] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.360925][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.668332][ T6274] usb usb1: usbfs: process 6274 (syz.1.110) did not claim interface 0 before use [ 130.005521][ T6287] ubi: mtd0 is already attached to ubi31 [ 131.832851][ T6303] sctp: [Deprecated]: syz.2.118 (pid 6303) Use of struct sctp_assoc_value in delayed_ack socket option. [ 131.832851][ T6303] Use struct sctp_sack_info instead [ 132.458214][ T6305] loop1: detected capacity change from 0 to 1024 [ 132.537760][ T6305] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.139580][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.145905][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.393124][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.708124][ T6321] loop3: detected capacity change from 0 to 512 [ 135.496752][ T6324] loop1: detected capacity change from 0 to 16 [ 135.546617][ T6324] erofs: (device loop1): mounted with root inode @ nid 36. [ 135.734512][ T6329] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 135.745406][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 135.755138][ T6329] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 135.766000][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 135.775510][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 135.785368][ T6329] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 135.796292][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 135.805712][ T6329] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 135.816639][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 135.826006][ T6329] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 135.836841][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 135.846190][ T6329] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 135.857186][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 135.866686][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 135.876224][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 135.887081][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 135.897128][ T6329] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 135.908069][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 135.918148][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 135.927640][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 135.937609][ T6329] erofs: (device loop1): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 135.948454][ T6329] syz.1.124: attempt to access beyond end of device [ 135.948454][ T6329] loop1: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 135.962989][ T6329] syz.1.124: attempt to access beyond end of device [ 135.962989][ T6329] loop1: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 135.977942][ T6329] syz.1.124: attempt to access beyond end of device [ 135.977942][ T6329] loop1: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 135.993412][ T6329] syz.1.124: attempt to access beyond end of device [ 135.993412][ T6329] loop1: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 136.470023][ T6321] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 136.656792][ T6321] EXT4-fs (loop3): orphan cleanup on readonly fs [ 136.766767][ T6321] Quota error (device loop3): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 136.932449][ T6321] EXT4-fs warning (device loop3): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 137.015915][ T6321] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 137.415219][ T6335] fuse: Bad value for 'fd' [ 137.420693][ T6321] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.123: bg 0: block 40: padding at end of block bitmap is not set [ 137.921143][ T6321] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 138.047022][ T6321] EXT4-fs (loop3): 1 truncate cleaned up [ 138.076200][ T6321] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 138.375994][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.512826][ T6346] sctp: [Deprecated]: syz.1.130 (pid 6346) Use of struct sctp_assoc_value in delayed_ack socket option. [ 138.512826][ T6346] Use struct sctp_sack_info instead [ 141.390898][ T6358] loop0: detected capacity change from 0 to 512 [ 141.746716][ T6358] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 141.756142][ T6358] EXT4-fs (loop0): orphan cleanup on readonly fs [ 141.765565][ T6358] Quota error (device loop0): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 141.776582][ T6358] EXT4-fs warning (device loop0): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 141.829909][ T6358] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 141.857029][ T6358] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.134: bg 0: block 40: padding at end of block bitmap is not set [ 141.882445][ T6358] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 141.951475][ T6358] EXT4-fs (loop0): 1 truncate cleaned up [ 142.004062][ T6358] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 142.535232][ T6362] loop1: detected capacity change from 0 to 32768 [ 142.692542][ T6358] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 143.039732][ T6362] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 143.153549][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.179033][ T27] audit: type=1326 audit(1754613557.190:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6357 comm="syz.1.135" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa7dd58ebe9 code=0x0 [ 143.953216][ T5784] ocfs2: Unmounting device (7,1) on (node local) [ 144.025693][ T6374] fuse: Bad value for 'fd' [ 146.567924][ T6388] sctp: [Deprecated]: syz.0.141 (pid 6388) Use of struct sctp_assoc_value in delayed_ack socket option. [ 146.567924][ T6388] Use struct sctp_sack_info instead [ 147.581657][ T6398] loop0: detected capacity change from 0 to 512 [ 149.552114][ T6398] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 149.572913][ T6398] EXT4-fs (loop0): orphan cleanup on readonly fs [ 149.604227][ T6398] Quota error (device loop0): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 149.722744][ T6398] EXT4-fs warning (device loop0): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 149.845313][ T6398] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 149.912299][ T6398] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.144: bg 0: block 40: padding at end of block bitmap is not set [ 149.969931][ T6398] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 149.992993][ T6398] EXT4-fs (loop0): 1 truncate cleaned up [ 150.036131][ T6398] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 150.244179][ T6397] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 150.529981][ T6409] fuse: Bad value for 'fd' [ 151.286108][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.417302][ T6417] loop0: detected capacity change from 0 to 16 [ 151.436245][ T6417] erofs: (device loop0): mounted with root inode @ nid 36. [ 151.660184][ T6418] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 151.671174][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 151.680663][ T6418] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 151.849382][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 151.861599][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 151.871224][ T6418] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 152.535605][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 152.545856][ T6418] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 152.672340][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 152.689628][ T6418] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 152.713654][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 152.729756][ T6418] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 152.760592][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 152.779363][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 152.799445][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 152.850112][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 152.942297][ T6427] sctp: [Deprecated]: syz.1.152 (pid 6427) Use of struct sctp_assoc_value in delayed_ack socket option. [ 152.942297][ T6427] Use struct sctp_sack_info instead [ 153.678920][ T6418] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 153.723025][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 153.746003][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 153.934626][ T6428] loop2: detected capacity change from 0 to 32768 [ 154.004797][ T6428] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 154.019125][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 154.137919][ T27] audit: type=1326 audit(1754613568.150:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6425 comm="syz.2.151" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4bd9d8ebe9 code=0x0 [ 154.581000][ T6418] erofs: (device loop0): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 154.659648][ T6418] syz.0.149: attempt to access beyond end of device [ 154.659648][ T6418] loop0: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 154.721190][ T6418] syz.0.149: attempt to access beyond end of device [ 154.721190][ T6418] loop0: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 154.819474][ T6418] syz.0.149: attempt to access beyond end of device [ 154.819474][ T6418] loop0: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 154.933599][ T6418] syz.0.149: attempt to access beyond end of device [ 154.933599][ T6418] loop0: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 155.011184][ T5785] ocfs2: Unmounting device (7,2) on (node local) [ 157.450270][ T6444] tty tty2: ldisc open failed (-12), clearing slot 1 [ 159.716955][ T6457] loop0: detected capacity change from 0 to 256 [ 159.724012][ T6457] exfat: Deprecated parameter 'namecase' [ 159.729802][ T6457] exfat: Deprecated parameter 'utf8' [ 159.735148][ T6457] exfat: Unknown parameter 'gÈd' [ 159.845573][ T5788] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 160.727894][ T6460] loop3: detected capacity change from 0 to 32768 [ 161.439652][ T6460] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 161.591142][ T6463] loop1: detected capacity change from 0 to 4096 [ 161.694757][ T27] audit: type=1326 audit(1754613575.710:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6459 comm="syz.3.161" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcc1278ebe9 code=0x0 [ 161.763109][ T6463] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 161.959791][ T6469] loop0: detected capacity change from 0 to 16 [ 162.089019][ T6469] erofs: (device loop0): mounted with root inode @ nid 36. [ 162.344131][ T5786] ocfs2: Unmounting device (7,3) on (node local) [ 162.371675][ T6472] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 162.382868][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 162.576310][ T6472] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 162.587161][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 162.596391][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 162.605937][ T6472] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 162.616848][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 162.626351][ T6472] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 162.637294][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 162.646665][ T6472] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 162.659213][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 162.682110][ T6471] loop2: detected capacity change from 0 to 512 [ 162.738443][ T6472] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 162.749482][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 162.758614][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 162.767887][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 162.777311][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 162.786905][ T6472] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 162.810137][ T6471] EXT4-fs: Ignoring removed nomblk_io_submit option [ 162.821040][ T6471] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 162.933942][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 162.943201][ T6471] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 163.195050][ T6471] EXT4-fs (loop2): 1 truncate cleaned up [ 163.212657][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 163.348505][ T6471] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.413984][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 163.489483][ T6472] erofs: (device loop0): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 163.523204][ T6472] syz.0.163: attempt to access beyond end of device [ 163.523204][ T6472] loop0: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 163.641728][ T6472] syz.0.163: attempt to access beyond end of device [ 163.641728][ T6472] loop0: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 163.729369][ T6472] syz.0.163: attempt to access beyond end of device [ 163.729369][ T6472] loop0: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 163.802386][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.832795][ T6472] syz.0.163: attempt to access beyond end of device [ 163.832795][ T6472] loop0: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 165.777362][ T6480] loop1: detected capacity change from 0 to 32768 [ 165.797113][ T6480] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.166 (6480) [ 165.939101][ T6480] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 165.993456][ T6480] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 166.016954][ T6480] BTRFS info (device loop1): setting nodatacow, compression disabled [ 166.039269][ T6480] BTRFS info (device loop1): setting datacow [ 166.045539][ T6480] BTRFS info (device loop1): doing ref verification [ 166.065063][ T6480] BTRFS info (device loop1): force clearing of disk cache [ 166.084478][ T6480] BTRFS info (device loop1): turning off barriers [ 166.109295][ T6480] BTRFS info (device loop1): enabling ssd optimizations [ 166.116482][ T6480] BTRFS info (device loop1): using spread ssd allocation scheme [ 166.146218][ T6480] BTRFS info (device loop1): using free space tree [ 166.549426][ T5792] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 166.559399][ T5792] Bluetooth: hci1: Injecting HCI hardware error event [ 166.581049][ T5799] Bluetooth: hci1: hardware error 0x00 [ 166.599444][ T6480] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 166.618405][ T6480] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 166.711393][ T6480] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 166.726353][ T6480] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 166.737640][ T6480] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 166.747895][ T6480] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 166.758589][ T6480] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 166.780136][ T6480] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 166.922285][ T6480] BTRFS error (device loop1): open_ctree failed: -12 [ 168.889527][ T5799] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 171.048700][ T6541] loop0: detected capacity change from 0 to 32768 [ 171.128922][ T6541] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 171.233240][ T27] audit: type=1326 audit(1754613585.250:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6540 comm="syz.0.181" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f632278ebe9 code=0x0 [ 172.023144][ T5787] ocfs2: Unmounting device (7,0) on (node local) [ 173.988561][ T6556] hub 8-0:1.0: USB hub found [ 174.032105][ T6556] hub 8-0:1.0: 1 port detected [ 174.448596][ T6567] syz.1.179: attempt to access beyond end of device [ 174.448596][ T6567] nbd1: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 174.462330][ T6567] EXT4-fs (nbd1): unable to read superblock [ 175.134042][ T6564] loop2: detected capacity change from 0 to 4096 [ 175.211854][ T6564] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 175.417738][ T6574] loop0: detected capacity change from 0 to 128 [ 175.435773][ T6574] FAT-fs (loop0): Directory bread(block 414) failed [ 175.444150][ T6574] FAT-fs (loop0): Directory bread(block 415) failed [ 175.450857][ T6574] FAT-fs (loop0): Directory bread(block 416) failed [ 175.457612][ T6574] FAT-fs (loop0): Directory bread(block 417) failed [ 175.464289][ T6574] FAT-fs (loop0): Directory bread(block 418) failed [ 175.470998][ T6574] FAT-fs (loop0): Directory bread(block 419) failed [ 175.477603][ T6574] FAT-fs (loop0): Directory bread(block 420) failed [ 175.484389][ T6574] FAT-fs (loop0): Directory bread(block 421) failed [ 176.360542][ T6574] FAT-fs (loop0): Directory bread(block 414) failed [ 176.367563][ T6574] FAT-fs (loop0): Directory bread(block 415) failed [ 176.377725][ T6574] syz.0.188: attempt to access beyond end of device [ 176.377725][ T6574] loop0: rw=3, sector=478, nr_sectors = 2 limit=128 [ 176.391292][ T6574] syz.0.188: attempt to access beyond end of device [ 176.391292][ T6574] loop0: rw=2051, sector=480, nr_sectors = 6 limit=128 [ 176.521922][ T6574] syz.0.188: attempt to access beyond end of device [ 176.521922][ T6574] loop0: rw=3, sector=486, nr_sectors = 2 limit=128 [ 176.535838][ T6574] syz.0.188: attempt to access beyond end of device [ 176.535838][ T6574] loop0: rw=2051, sector=488, nr_sectors = 6 limit=128 [ 177.354510][ T6582] loop2: detected capacity change from 0 to 32768 [ 177.415720][ T6582] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 177.649949][ T27] audit: type=1326 audit(1754613591.610:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6581 comm="syz.2.191" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4bd9d8ebe9 code=0x0 [ 178.319361][ T5866] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 179.098370][ T5785] ocfs2: Unmounting device (7,2) on (node local) [ 179.237739][ T5866] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.348621][ T5866] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 179.448913][ T5866] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 179.553072][ T5866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.726703][ T5866] usb 1-1: config 0 descriptor?? [ 180.419572][ T6607] syz.1.190: attempt to access beyond end of device [ 180.419572][ T6607] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 180.432802][ T6607] efs: cannot read volume header [ 181.215296][ T5866] uclogic 0003:256C:006D.0001: interface is invalid, ignoring [ 181.458735][ T5866] usb 1-1: USB disconnect, device number 2 [ 186.604396][ T6639] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.060721][ T6649] ubi: mtd0 is already attached to ubi31 [ 187.327732][ T6664] netlink: 12 bytes leftover after parsing attributes in process `syz.2.216'. [ 187.817774][ T6672] bridge_slave_0: left allmulticast mode [ 187.824576][ T6672] bridge_slave_0: left promiscuous mode [ 187.834433][ T6672] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.874053][ T6672] bridge_slave_1: left allmulticast mode [ 187.881702][ T6672] bridge_slave_1: left promiscuous mode [ 187.887687][ T6672] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.916939][ T6672] bond0: (slave bond_slave_0): Releasing backup interface [ 187.992588][ T6672] bond0: (slave bond_slave_1): Releasing backup interface [ 188.159609][ T6672] team0: Port device team_slave_0 removed [ 188.200329][ T6672] team0: Port device team_slave_1 removed [ 188.210637][ T6672] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 188.218275][ T6672] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 188.228276][ T6672] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 188.236685][ T6672] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 188.304177][ T6675] team0: Mode changed to "activebackup" [ 188.315307][ T6677] warning: `syz.2.219' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 188.335751][ T6673] vlan0: entered promiscuous mode [ 188.379083][ T6673] team0: Port device vlan0 added [ 188.391722][ T6681] tipc: Started in network mode [ 188.402722][ T6681] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 188.411543][ T6681] tipc: Enabled bearer , priority 0 [ 188.731003][ T6688] loop1: detected capacity change from 0 to 4096 [ 188.752316][ T6688] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 188.778872][ T6691] netlink: 4 bytes leftover after parsing attributes in process `syz.0.225'. [ 188.800231][ T6691] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 188.807687][ T6691] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 188.833493][ T6692] ubi: mtd0 is already attached to ubi31 [ 188.836359][ T6691] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 188.858676][ T6691] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 189.410976][ T5866] tipc: Node number set to 11578026 [ 189.569930][ T6702] syzkaller0: entered promiscuous mode [ 189.588216][ T6702] syzkaller0: entered allmulticast mode [ 190.566737][ T6685] loop3: detected capacity change from 0 to 131072 [ 190.586839][ T6685] F2FS-fs (loop3): invalid crc value [ 190.620299][ T6685] F2FS-fs (loop3): Found nat_bits in checkpoint [ 190.694154][ T6685] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 190.758197][ T6685] F2FS-fs (loop3): Corrupted max_depth of 3: 16842753 [ 191.499279][ T5799] Bluetooth: hci2: command 0x0406 tx timeout [ 191.507656][ T5799] Bluetooth: hci0: command 0x0406 tx timeout [ 193.598403][ T6746] netlink: 'syz.2.243': attribute type 10 has an invalid length. [ 193.765844][ T6746] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 194.979832][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.986520][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.307960][ T6757] loop3: detected capacity change from 0 to 4096 [ 195.611939][ T6759] loop2: detected capacity change from 0 to 32768 [ 195.658637][ T6757] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 195.940465][ T6759] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 196.566993][ T27] audit: type=1326 audit(1754613610.570:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6758 comm="syz.2.248" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4bd9d8ebe9 code=0x0 [ 197.460914][ T5785] ocfs2: Unmounting device (7,2) on (node local) [ 197.600818][ T6777] netlink: 8 bytes leftover after parsing attributes in process `syz.0.252'. [ 199.447418][ T27] audit: type=1326 audit(1754613613.460:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6792 comm="syz.0.258" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f632278ebe9 code=0x0 [ 200.707676][ T6808] ksmbd: Unknown IPC event: 6, ignore. [ 200.976488][ T6810] tipc: Enabled bearer , priority 0 [ 200.994564][ T6810] syzkaller0: entered promiscuous mode [ 201.009257][ T6810] syzkaller0: entered allmulticast mode [ 201.215855][ T6816] tipc: Resetting bearer [ 201.240161][ T6809] tipc: Resetting bearer [ 201.310202][ T6809] tipc: Disabling bearer [ 202.762530][ T27] audit: type=1326 audit(1754613616.780:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6828 comm="syz.0.271" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f632278ebe9 code=0x0 [ 204.140600][ T6840] syz.0.274: attempt to access beyond end of device [ 204.140600][ T6840] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 204.185038][ T6840] efs: cannot read volume header [ 204.650239][ T6845] netlink: 72 bytes leftover after parsing attributes in process `syz.2.276'. [ 205.095443][ T6854] hub 8-0:1.0: USB hub found [ 205.116880][ T6854] hub 8-0:1.0: 1 port detected [ 205.335612][ T6861] loop1: detected capacity change from 0 to 32768 [ 205.367170][ T6861] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 206.053763][ T27] audit: type=1326 audit(1754613619.520:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.1.281" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa7dd58ebe9 code=0x0 [ 206.061804][ T5784] ocfs2: Unmounting device (7,1) on (node local) [ 206.859272][ T5790] Bluetooth: hci3: command 0x0406 tx timeout [ 211.466970][ T6907] hub 8-0:1.0: USB hub found [ 211.483794][ T6907] hub 8-0:1.0: 1 port detected [ 211.742178][ T6913] netlink: 72 bytes leftover after parsing attributes in process `syz.1.299'. [ 212.478337][ T6924] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 213.299695][ T6926] loop1: detected capacity change from 0 to 32768 [ 213.434092][ T6926] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 213.498421][ T6926] (syz.1.305,6926,0):ocfs2_parse_options:1448 ERROR: Unrecognized mount option "ÿÿ184467440737095516150xffffffffffffffff18446744073709551615±ñV?Œù³ßCp~'~8pٻ젌|ž^½Ö(cŸoö—ÈêM ) Çÿÿÿÿÿÿÿÿÿ" or missing value [ 213.521510][ T6926] syz.1.305 (6926) used greatest stack depth: 18736 bytes left [ 213.591906][ T5784] ocfs2: Unmounting device (7,1) on (node local) [ 214.110855][ T6940] netlink: 72 bytes leftover after parsing attributes in process `syz.0.310'. [ 214.375462][ T6936] netlink: 'syz.1.309': attribute type 16 has an invalid length. [ 214.404390][ T6936] netlink: 'syz.1.309': attribute type 17 has an invalid length. [ 214.481241][ T5177] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.499885][ T6936] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 214.719440][ T5177] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.839724][ T6947] vcan0: tx drop: invalid sa for name 0xfffffffffffffffd [ 215.610070][ T6951] netlink: zone id is out of range [ 215.649926][ T6951] netlink: zone id is out of range [ 217.079359][ T6974] syz.3.320: attempt to access beyond end of device [ 217.079359][ T6974] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 217.092277][ T6974] efs: cannot read volume header [ 218.087547][ T6985] loop3: detected capacity change from 0 to 512 [ 218.221065][ T6985] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 218.231840][ T6985] EXT4-fs (loop3): orphan cleanup on readonly fs [ 218.246846][ T6985] Quota error (device loop3): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 218.257624][ T6985] EXT4-fs warning (device loop3): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 218.285291][ T6985] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 218.296398][ T6985] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.325: bg 0: block 40: padding at end of block bitmap is not set [ 218.311861][ T6985] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 218.322409][ T6985] EXT4-fs (loop3): 1 truncate cleaned up [ 218.333340][ T6985] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 218.381367][ T6985] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 218.937897][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.455734][ T7001] ksmbd: Unknown IPC event: 6, ignore. [ 219.951655][ T27] audit: type=1326 audit(1754613633.970:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7002 comm="syz.0.333" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f632278ebe9 code=0x0 [ 221.381193][ T7017] syz.0.335: attempt to access beyond end of device [ 221.381193][ T7017] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 221.393999][ T7017] efs: cannot read volume header [ 221.999923][ T7020] netlink: 16 bytes leftover after parsing attributes in process `syz.3.338'. [ 222.049120][ T7020] team0: No ports can be present during mode change [ 222.059071][ T7022] Bluetooth: MGMT ver 1.22 [ 222.077567][ T7020] vlan0: entered promiscuous mode [ 222.154493][ T7020] team0: Port device vlan0 added [ 222.185645][ T7025] tipc: Started in network mode [ 222.201514][ T7025] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 222.219550][ T7025] tipc: Enabled bearer , priority 0 [ 222.643585][ T7034] loop1: detected capacity change from 0 to 32768 [ 222.717300][ T7034] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 222.744692][ T27] audit: type=1326 audit(1754613636.760:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7033 comm="syz.1.343" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa7dd58ebe9 code=0x0 [ 222.834750][ T7040] hub 8-0:1.0: USB hub found [ 222.842427][ T7040] hub 8-0:1.0: 1 port detected [ 222.950573][ T7044] ubi: mtd0 is already attached to ubi31 [ 223.328129][ T5784] ocfs2: Unmounting device (7,1) on (node local) [ 223.335171][ T3670] tipc: Node number set to 11578026 [ 224.288074][ T7059] syz.1.349: attempt to access beyond end of device [ 224.288074][ T7059] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 224.302762][ T7059] efs: cannot read volume header [ 228.106993][ T7102] hub 8-0:1.0: USB hub found [ 228.113360][ T7102] hub 8-0:1.0: 1 port detected [ 228.830403][ T7109] ubi: mtd0 is already attached to ubi31 [ 229.739380][ T7115] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 231.478243][ T7146] syz.0.382: attempt to access beyond end of device [ 231.478243][ T7146] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 231.491679][ T7146] efs: cannot read volume header [ 232.107037][ T8] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 232.120346][ T7153] ubi: mtd0 is already attached to ubi31 [ 232.329319][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 232.341715][ T8] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 232.353576][ T8] usb 3-1: config 0 has no interface number 0 [ 232.373976][ T8] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 232.388916][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.409260][ T8] usb 3-1: Product: syz [ 232.421550][ T8] usb 3-1: Manufacturer: syz [ 232.591797][ T8] usb 3-1: SerialNumber: syz [ 232.606286][ T8] usb 3-1: config 0 descriptor?? [ 232.626989][ T8] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 233.576150][ T8] gspca_spca1528: reg_w err -110 [ 233.620446][ T8] spca1528: probe of 3-1:0.1 failed with error -110 [ 233.667986][ T8] usb 3-1: USB disconnect, device number 4 [ 234.086499][ T7175] syzkaller0: entered promiscuous mode [ 234.092166][ T7175] syzkaller0: entered allmulticast mode [ 235.653695][ T7178] loop3: detected capacity change from 0 to 131072 [ 235.682255][ T7178] F2FS-fs (loop3): invalid crc value [ 235.717000][ T7178] F2FS-fs (loop3): Found nat_bits in checkpoint [ 235.848736][ T7178] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 236.830647][ T7182] netlink: 20 bytes leftover after parsing attributes in process `syz.2.392'. [ 237.061619][ T7198] loop3: detected capacity change from 0 to 16 [ 237.145728][ T7198] erofs: (device loop3): mounted with root inode @ nid 36. [ 237.971390][ T7198] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 237.982222][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 237.991375][ T7198] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 238.001993][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 238.011203][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 238.020401][ T7198] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 238.031007][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 238.040131][ T7198] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 238.050837][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 238.060099][ T7198] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 238.070668][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 238.079811][ T7198] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 238.090360][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 238.099496][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 238.108615][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 238.117955][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 238.127210][ T7198] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 238.137860][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 238.147276][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 238.156416][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 238.165651][ T7198] erofs: (device loop3): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 238.175008][ T7198] syz.3.398: attempt to access beyond end of device [ 238.175008][ T7198] loop3: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 238.188667][ T7198] syz.3.398: attempt to access beyond end of device [ 238.188667][ T7198] loop3: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 238.203006][ T7198] syz.3.398: attempt to access beyond end of device [ 238.203006][ T7198] loop3: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 238.217282][ T7198] syz.3.398: attempt to access beyond end of device [ 238.217282][ T7198] loop3: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 238.429659][ T7209] syz.1.404 uses obsolete (PF_INET,SOCK_PACKET) [ 238.871078][ T7221] loop1: detected capacity change from 0 to 16 [ 238.891583][ T7221] erofs: (device loop1): mounted with root inode @ nid 36. [ 238.952185][ T7221] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 238.963043][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 238.972536][ T7221] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 238.983186][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 238.992419][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 239.001639][ T7221] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 239.012243][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 239.021477][ T7221] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 239.032102][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 239.041272][ T7221] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 239.051885][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 239.061032][ T7221] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 239.071947][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 239.081125][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 239.090262][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 239.099622][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 239.108853][ T7221] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 239.119512][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 239.128736][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 239.137884][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 239.147149][ T7221] erofs: (device loop1): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 239.156566][ T7221] syz.1.409: attempt to access beyond end of device [ 239.156566][ T7221] loop1: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 239.170294][ T7221] syz.1.409: attempt to access beyond end of device [ 239.170294][ T7221] loop1: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 239.185109][ T7221] syz.1.409: attempt to access beyond end of device [ 239.185109][ T7221] loop1: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 239.199507][ T7221] syz.1.409: attempt to access beyond end of device [ 239.199507][ T7221] loop1: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 240.233899][ T7254] syz.1.422: attempt to access beyond end of device [ 240.233899][ T7254] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 240.246712][ T7254] efs: cannot read volume header [ 241.130051][ T7270] loop2: detected capacity change from 0 to 32768 [ 241.168322][ T7270] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 241.213005][ T27] audit: type=1326 audit(1754613655.230:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7269 comm="syz.2.431" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4bd9d8ebe9 code=0x0 [ 242.696151][ T5785] ocfs2: Unmounting device (7,2) on (node local) [ 242.949519][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 243.153521][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 243.176493][ T9] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 243.209016][ T9] usb 1-1: config 0 has no interface number 0 [ 243.225404][ T7303] syz.1.442: attempt to access beyond end of device [ 243.225404][ T7303] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 243.238338][ T7303] efs: cannot read volume header [ 243.269671][ T9] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 243.322246][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.365282][ T9] usb 1-1: Product: syz [ 243.388068][ T9] usb 1-1: Manufacturer: syz [ 243.406323][ T9] usb 1-1: SerialNumber: syz [ 243.480605][ T9] usb 1-1: config 0 descriptor?? [ 243.519775][ T9] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 244.095604][ T7311] loop3: detected capacity change from 0 to 32768 [ 244.197898][ T7311] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 244.241534][ T9] gspca_spca1528: reg_w err -110 [ 244.339585][ T9] spca1528: probe of 1-1:0.1 failed with error -110 [ 244.630846][ T27] audit: type=1326 audit(1754613658.650:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7310 comm="syz.3.447" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcc1278ebe9 code=0x0 [ 245.277560][ T28] usb 1-1: USB disconnect, device number 3 [ 245.638546][ T5786] ocfs2: Unmounting device (7,3) on (node local) [ 248.117238][ T7350] loop1: detected capacity change from 0 to 32768 [ 248.326793][ T7350] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 248.650756][ T27] audit: type=1326 audit(1754613662.670:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7349 comm="syz.1.459" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa7dd58ebe9 code=0x0 [ 248.858484][ T5784] ocfs2: Unmounting device (7,1) on (node local) [ 249.100233][ T5888] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 249.289281][ T5888] usb 4-1: Using ep0 maxpacket: 16 [ 249.357341][ T5888] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 249.369949][ T5888] usb 4-1: config 0 has no interface number 0 [ 249.385127][ T5888] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 249.394424][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.404256][ T5888] usb 4-1: Product: syz [ 249.408527][ T5888] usb 4-1: Manufacturer: syz [ 249.415026][ T5888] usb 4-1: SerialNumber: syz [ 249.441595][ T5888] usb 4-1: config 0 descriptor?? [ 250.028397][ T5888] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 250.322464][ T5888] gspca_spca1528: reg_w err -71 [ 250.364834][ T5888] spca1528: probe of 4-1:0.1 failed with error -71 [ 250.396637][ T5888] usb 4-1: USB disconnect, device number 2 [ 250.505543][ T7378] tipc: Enabled bearer , priority 0 [ 250.515713][ T7378] syzkaller0: entered promiscuous mode [ 250.524789][ T7378] syzkaller0: entered allmulticast mode [ 250.588434][ T7378] tipc: Resetting bearer [ 250.809671][ T7377] tipc: Resetting bearer [ 251.076468][ T7377] tipc: Disabling bearer [ 251.570746][ T7386] loop3: detected capacity change from 0 to 32768 [ 251.662954][ T7386] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 251.699281][ T27] audit: type=1326 audit(1754613665.710:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7385 comm="syz.3.470" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcc1278ebe9 code=0x0 [ 252.248549][ T5786] ocfs2: Unmounting device (7,3) on (node local) [ 252.259424][ T6147] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 252.460914][ T6147] usb 1-1: Using ep0 maxpacket: 16 [ 252.489366][ T6147] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 252.512101][ T6147] usb 1-1: config 0 has no interface number 0 [ 252.523982][ T6147] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 252.541111][ T6147] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.551986][ T6147] usb 1-1: Product: syz [ 252.563495][ T6147] usb 1-1: Manufacturer: syz [ 252.568171][ T6147] usb 1-1: SerialNumber: syz [ 252.577003][ T6147] usb 1-1: config 0 descriptor?? [ 252.596086][ T6147] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 253.093027][ T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 253.300593][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 253.314336][ T6147] gspca_spca1528: reg_w err -110 [ 253.336127][ T23] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 253.373051][ T23] usb 2-1: config 0 has no interface number 0 [ 253.380120][ T6147] spca1528: probe of 1-1:0.1 failed with error -110 [ 253.439997][ T23] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 253.483069][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.499458][ T23] usb 2-1: Product: syz [ 253.503801][ T23] usb 2-1: Manufacturer: syz [ 253.509458][ T23] usb 2-1: SerialNumber: syz [ 253.543510][ T23] usb 2-1: config 0 descriptor?? [ 253.576603][ T23] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 253.793671][ T6147] usb 1-1: USB disconnect, device number 4 [ 254.093793][ T7425] loop2: detected capacity change from 0 to 32768 [ 254.114125][ T23] gspca_spca1528: reg_w err -71 [ 254.155235][ T7425] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 254.169653][ T23] spca1528: probe of 2-1:0.1 failed with error -71 [ 254.189471][ T27] audit: type=1326 audit(1754613668.200:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7424 comm="syz.2.484" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4bd9d8ebe9 code=0x0 [ 254.199771][ T23] usb 2-1: USB disconnect, device number 3 [ 254.845627][ T7435] syz.0.487: attempt to access beyond end of device [ 254.845627][ T7435] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 254.858328][ T7435] efs: cannot read volume header [ 254.935381][ T5785] ocfs2: Unmounting device (7,2) on (node local) [ 255.749725][ T23] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 255.959424][ T23] usb 4-1: Using ep0 maxpacket: 16 [ 255.980641][ T23] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 255.989462][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.995837][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.004576][ T23] usb 4-1: config 0 has no interface number 0 [ 256.015738][ T23] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 256.043475][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.063353][ T23] usb 4-1: Product: syz [ 256.076251][ T23] usb 4-1: Manufacturer: syz [ 256.088842][ T23] usb 4-1: SerialNumber: syz [ 256.105435][ T23] usb 4-1: config 0 descriptor?? [ 256.115604][ T23] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 256.709287][ T27] audit: type=1326 audit(1754613670.710:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7463 comm="syz.0.498" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f632278ebe9 code=0x0 [ 256.779774][ T5883] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 257.039582][ T5883] usb 3-1: Using ep0 maxpacket: 16 [ 257.129976][ T23] gspca_spca1528: reg_w err -110 [ 257.185705][ T5883] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 257.198257][ T23] spca1528: probe of 4-1:0.1 failed with error -110 [ 257.205081][ T5883] usb 3-1: config 0 has no interface number 0 [ 257.245465][ T5883] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 257.279476][ T5883] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.287611][ T5883] usb 3-1: Product: syz [ 257.300835][ T5883] usb 3-1: Manufacturer: syz [ 257.305486][ T5883] usb 3-1: SerialNumber: syz [ 257.315126][ T5866] usb 4-1: USB disconnect, device number 3 [ 257.354945][ T5883] usb 3-1: config 0 descriptor?? [ 257.372520][ T5883] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 257.546091][ T7474] syz.0.500: attempt to access beyond end of device [ 257.546091][ T7474] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 257.558778][ T7474] efs: cannot read volume header [ 257.869904][ T5883] gspca_spca1528: reg_w err -71 [ 257.909404][ T5883] spca1528: probe of 3-1:0.1 failed with error -71 [ 257.920458][ T5883] usb 3-1: USB disconnect, device number 5 [ 258.082073][ T7488] netlink: 4 bytes leftover after parsing attributes in process `syz.3.505'. [ 258.842938][ T7497] loop2: detected capacity change from 0 to 32768 [ 258.881590][ T7497] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 258.929392][ T27] audit: type=1326 audit(1754613672.940:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7496 comm="syz.2.508" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4bd9d8ebe9 code=0x0 [ 258.936970][ T7503] loop1: detected capacity change from 0 to 16 [ 259.000115][ T7503] erofs: (device loop1): mounted with root inode @ nid 36. [ 259.052435][ T7507] syz.0.511: attempt to access beyond end of device [ 259.052435][ T7507] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 259.065136][ T7507] efs: cannot read volume header [ 259.371505][ T7509] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 259.382392][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 259.391996][ T7509] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 259.402988][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 259.412686][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 259.422558][ T7509] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 259.433666][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 259.443462][ T7509] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 259.454467][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 259.464207][ T7509] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 259.475049][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 259.484443][ T7509] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 259.495230][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 259.504669][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 259.514039][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 259.523938][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 259.533872][ T7509] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 259.544833][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 259.554881][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 259.564269][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 259.574203][ T7509] erofs: (device loop1): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 259.584832][ T7509] syz.1.510: attempt to access beyond end of device [ 259.584832][ T7509] loop1: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 259.599080][ T7509] syz.1.510: attempt to access beyond end of device [ 259.599080][ T7509] loop1: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 259.613920][ T7509] syz.1.510: attempt to access beyond end of device [ 259.613920][ T7509] loop1: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 259.628620][ T7509] syz.1.510: attempt to access beyond end of device [ 259.628620][ T7509] loop1: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 259.939958][ T5785] ocfs2: Unmounting device (7,2) on (node local) [ 260.199249][ T5883] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 260.399782][ T5883] usb 2-1: Using ep0 maxpacket: 16 [ 260.429763][ T5883] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 260.457066][ T5883] usb 2-1: config 0 has no interface number 0 [ 260.520104][ T5883] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 260.545849][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.553972][ T5883] usb 2-1: Product: syz [ 260.558237][ T5883] usb 2-1: Manufacturer: syz [ 260.562982][ T5883] usb 2-1: SerialNumber: syz [ 260.650762][ T5883] usb 2-1: config 0 descriptor?? [ 260.842270][ T5883] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 260.859274][ T27] audit: type=1326 audit(1754613674.870:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7521 comm="syz.0.516" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f632278ebe9 code=0x0 [ 261.410050][ T5883] gspca_spca1528: reg_w err -110 [ 261.530468][ T5883] spca1528: probe of 2-1:0.1 failed with error -110 [ 261.702558][ T5883] usb 2-1: USB disconnect, device number 4 [ 262.234033][ T7543] loop2: detected capacity change from 0 to 32768 [ 262.384922][ T7543] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 262.425871][ T27] audit: type=1326 audit(1754613676.430:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7541 comm="syz.2.523" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4bd9d8ebe9 code=0x0 [ 263.050596][ T5785] ocfs2: Unmounting device (7,2) on (node local) [ 263.155769][ T7564] tipc: Started in network mode [ 263.170496][ T7564] tipc: Node identity 060ac12b0c78, cluster identity 4711 [ 263.189524][ T7564] tipc: Enabled bearer , priority 0 [ 263.208620][ T7568] syzkaller0: entered promiscuous mode [ 263.243250][ T7568] syzkaller0: entered allmulticast mode [ 263.315659][ T7564] tipc: Resetting bearer [ 263.344941][ T7563] tipc: Resetting bearer [ 263.412227][ T7563] tipc: Disabling bearer [ 263.545428][ T7574] netlink: 8 bytes leftover after parsing attributes in process `syz.3.531'. [ 264.090684][ T7582] loop2: detected capacity change from 0 to 32768 [ 264.197573][ T7587] syz.0.537: attempt to access beyond end of device [ 264.197573][ T7587] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 264.210508][ T7587] efs: cannot read volume header [ 264.496295][ T7582] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 264.598700][ T27] audit: type=1326 audit(1754613678.580:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7581 comm="syz.2.535" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4bd9d8ebe9 code=0x0 [ 264.813430][ T5785] ocfs2: Unmounting device (7,2) on (node local) [ 264.943400][ T7604] netlink: 4 bytes leftover after parsing attributes in process `syz.0.543'. [ 267.072384][ T7628] syz.3.550: attempt to access beyond end of device [ 267.072384][ T7628] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 267.085268][ T7628] efs: cannot read volume header [ 268.334828][ T7641] netlink: 'syz.2.555': attribute type 13 has an invalid length. [ 268.367003][ T7641] netlink: 'syz.2.555': attribute type 17 has an invalid length. [ 268.461741][ T7644] fuse: Unknown parameter 'group_i00000000000000000000' [ 268.517868][ T7640] loop1: detected capacity change from 0 to 32768 [ 268.613054][ T7640] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 268.719487][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.734271][ T27] audit: type=1326 audit(1754613682.750:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7639 comm="syz.1.556" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa7dd58ebe9 code=0x0 [ 269.010042][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 269.425845][ T7637] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 270.819298][ T5784] ocfs2: Unmounting device (7,1) on (node local) [ 270.896375][ T7641] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 273.334250][ T7715] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 275.203646][ T7746] tipc: Enabled bearer , priority 0 [ 275.211434][ T7746] syzkaller0: entered promiscuous mode [ 275.219916][ T7746] syzkaller0: entered allmulticast mode [ 275.242136][ T7746] tipc: Resetting bearer [ 275.309057][ T7745] tipc: Resetting bearer [ 275.374359][ T7745] tipc: Disabling bearer [ 275.455556][ T7749] hub 8-0:1.0: USB hub found [ 275.508508][ T7749] hub 8-0:1.0: 1 port detected [ 275.682864][ T7751] syzkaller0: entered promiscuous mode [ 275.697830][ T7751] syzkaller0: entered allmulticast mode [ 279.615897][ T7775] loop3: detected capacity change from 0 to 32768 [ 279.630135][ T7780] sctp: [Deprecated]: syz.1.605 (pid 7780) Use of struct sctp_assoc_value in delayed_ack socket option. [ 279.630135][ T7780] Use struct sctp_sack_info instead [ 280.623966][ T7775] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 281.001073][ T27] audit: type=1326 audit(1754613694.780:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7774 comm="syz.3.607" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcc1278ebe9 code=0x0 [ 281.114184][ T5786] ocfs2: Unmounting device (7,3) on (node local) [ 281.178328][ T7791] syzkaller0: entered promiscuous mode [ 281.199975][ T7791] syzkaller0: entered allmulticast mode [ 281.279416][ T5888] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 281.483282][ T5888] usb 3-1: Using ep0 maxpacket: 16 [ 281.491123][ T5888] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 281.499493][ T5888] usb 3-1: config 0 has no interface number 0 [ 281.508456][ T5888] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 281.520233][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.531753][ T5888] usb 3-1: Product: syz [ 281.544435][ T5888] usb 3-1: Manufacturer: syz [ 281.553922][ T7806] hub 8-0:1.0: USB hub found [ 281.559300][ T7806] hub 8-0:1.0: 1 port detected [ 281.566642][ T5888] usb 3-1: SerialNumber: syz [ 281.577936][ T5888] usb 3-1: config 0 descriptor?? [ 281.600444][ T5888] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 282.046697][ T7787] netlink: 44 bytes leftover after parsing attributes in process `syz.2.609'. [ 282.055795][ T7787] netlink: 28 bytes leftover after parsing attributes in process `syz.2.609'. [ 282.085672][ T5888] gspca_spca1528: reg_w err -71 [ 282.120183][ T5888] spca1528: probe of 3-1:0.1 failed with error -71 [ 282.141124][ T5888] usb 3-1: USB disconnect, device number 6 [ 284.697074][ T7819] sctp: [Deprecated]: syz.0.619 (pid 7819) Use of struct sctp_assoc_value in delayed_ack socket option. [ 284.697074][ T7819] Use struct sctp_sack_info instead [ 285.002468][ T7821] loop2: detected capacity change from 0 to 32768 [ 285.090044][ T7821] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 285.571489][ T27] audit: type=1326 audit(1754613699.210:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7820 comm="syz.2.620" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4bd9d8ebe9 code=0x0 [ 285.860172][ T5785] ocfs2: Unmounting device (7,2) on (node local) [ 286.041544][ T7832] ubi: mtd0 is already attached to ubi31 [ 286.499256][ T5888] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 286.699734][ T5888] usb 3-1: Using ep0 maxpacket: 16 [ 286.718547][ T5888] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 286.746777][ T5888] usb 3-1: config 0 has no interface number 0 [ 286.781323][ T5888] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 286.802160][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.820493][ T5888] usb 3-1: Product: syz [ 286.832305][ T5888] usb 3-1: Manufacturer: syz [ 286.837004][ T5888] usb 3-1: SerialNumber: syz [ 286.874156][ T5888] usb 3-1: config 0 descriptor?? [ 286.892417][ T5888] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 287.298089][ T7834] netlink: 44 bytes leftover after parsing attributes in process `syz.2.624'. [ 287.307714][ T7834] netlink: 28 bytes leftover after parsing attributes in process `syz.2.624'. [ 287.325525][ T5888] gspca_spca1528: reg_w err -71 [ 287.389512][ T5888] spca1528: probe of 3-1:0.1 failed with error -71 [ 287.398759][ T5888] usb 3-1: USB disconnect, device number 7 [ 288.058001][ T7840] syzkaller0: entered promiscuous mode [ 288.277828][ T7840] syzkaller0: entered allmulticast mode [ 288.508022][ T7851] loop3: detected capacity change from 0 to 32768 [ 288.550158][ T7851] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 288.647924][ T27] audit: type=1326 audit(1754613702.660:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7848 comm="syz.3.630" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcc1278ebe9 code=0x0 [ 289.229320][ T5786] ocfs2: Unmounting device (7,3) on (node local) [ 289.317954][ T7854] hub 8-0:1.0: USB hub found [ 289.349748][ T7854] hub 8-0:1.0: 1 port detected [ 290.072698][ T7867] fuse: Bad value for 'group_id' [ 293.253012][ T7869] loop2: detected capacity change from 0 to 131072 [ 293.307511][ T7869] F2FS-fs (loop2): invalid crc value [ 293.384390][ T7869] F2FS-fs (loop2): Found nat_bits in checkpoint [ 293.492866][ T7869] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 293.748665][ T7884] Illegal XDP return value 4294967274 on prog (id 36) dev N/A, expect packet loss! [ 294.389324][ T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 294.590003][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 294.604433][ T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 294.619294][ T9] usb 2-1: config 0 has no interface number 0 [ 294.635018][ T9] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 294.651781][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.660754][ T9] usb 2-1: Product: syz [ 294.664948][ T9] usb 2-1: Manufacturer: syz [ 294.669997][ T9] usb 2-1: SerialNumber: syz [ 294.687042][ T9] usb 2-1: config 0 descriptor?? [ 294.700668][ T9] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 294.784957][ T7906] ubi: mtd0 is already attached to ubi31 [ 295.125857][ T7891] netlink: 44 bytes leftover after parsing attributes in process `syz.1.642'. [ 295.134923][ T7891] netlink: 28 bytes leftover after parsing attributes in process `syz.1.642'. [ 295.154623][ T9] gspca_spca1528: reg_w err -71 [ 295.190061][ T9] spca1528: probe of 2-1:0.1 failed with error -71 [ 295.215402][ T9] usb 2-1: USB disconnect, device number 5 [ 295.880838][ T7915] syzkaller0: entered promiscuous mode [ 295.886537][ T7915] syzkaller0: entered allmulticast mode [ 298.236146][ T7941] syz.1.655: attempt to access beyond end of device [ 298.236146][ T7941] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 298.249072][ T7941] efs: cannot read volume header [ 298.299494][ T5888] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 298.519413][ T5888] usb 1-1: Using ep0 maxpacket: 16 [ 298.543071][ T5888] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 298.571921][ T5888] usb 1-1: config 0 has no interface number 0 [ 298.604976][ T5888] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 298.620023][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 298.628328][ T5888] usb 1-1: Product: syz [ 298.636509][ T5888] usb 1-1: Manufacturer: syz [ 298.641478][ T5888] usb 1-1: SerialNumber: syz [ 298.648629][ T5888] usb 1-1: config 0 descriptor?? [ 298.662629][ T5888] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 299.081333][ T7937] netlink: 44 bytes leftover after parsing attributes in process `syz.0.659'. [ 299.090568][ T7937] netlink: 28 bytes leftover after parsing attributes in process `syz.0.659'. [ 299.108793][ T5888] gspca_spca1528: reg_w err -71 [ 299.156672][ T5888] spca1528: probe of 1-1:0.1 failed with error -71 [ 299.183685][ T5888] usb 1-1: USB disconnect, device number 5 [ 302.639423][ T3670] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 302.831470][ T3670] usb 1-1: Using ep0 maxpacket: 16 [ 302.877942][ T3670] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 302.894186][ T3670] usb 1-1: config 0 has no interface number 0 [ 302.903703][ T3670] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 302.918923][ T3670] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.927112][ T3670] usb 1-1: Product: syz [ 302.932354][ T3670] usb 1-1: Manufacturer: syz [ 302.937075][ T3670] usb 1-1: SerialNumber: syz [ 302.954925][ T3670] usb 1-1: config 0 descriptor?? [ 302.978847][ T3670] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 303.689987][ T3670] gspca_spca1528: reg_w err -110 [ 303.719928][ T3670] spca1528: probe of 1-1:0.1 failed with error -110 [ 304.096752][ T7966] pim6reg1: entered promiscuous mode [ 304.109481][ T7966] pim6reg1: entered allmulticast mode [ 304.110798][ T9] usb 1-1: USB disconnect, device number 6 [ 304.929525][ T3670] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 305.129244][ T3670] usb 3-1: Using ep0 maxpacket: 16 [ 305.141078][ T3670] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 305.154677][ T3670] usb 3-1: config 0 has no interface number 0 [ 305.167793][ T3670] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 305.184128][ T3670] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.297394][ T3670] usb 3-1: Product: syz [ 305.303693][ T3670] usb 3-1: Manufacturer: syz [ 305.315678][ T3670] usb 3-1: SerialNumber: syz [ 305.324552][ T3670] usb 3-1: config 0 descriptor?? [ 305.336661][ T3670] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 305.753965][ T7986] netlink: 44 bytes leftover after parsing attributes in process `syz.2.675'. [ 305.762950][ T7986] netlink: 28 bytes leftover after parsing attributes in process `syz.2.675'. [ 305.786509][ T3670] gspca_spca1528: reg_w err -71 [ 305.819817][ T3670] spca1528: probe of 3-1:0.1 failed with error -71 [ 305.849661][ T3670] usb 3-1: USB disconnect, device number 8 [ 306.025438][ T8012] syz.0.682: attempt to access beyond end of device [ 306.025438][ T8012] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 306.038196][ T8012] efs: cannot read volume header [ 312.299750][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 313.503416][ T8103] sctp: [Deprecated]: syz.2.714 (pid 8103) Use of struct sctp_assoc_value in delayed_ack socket option. [ 313.503416][ T8103] Use struct sctp_sack_info instead [ 316.723726][ T8128] ubi: mtd0 is already attached to ubi31 [ 318.029438][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.035771][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.770004][ T8141] sctp: [Deprecated]: syz.2.729 (pid 8141) Use of struct sctp_assoc_value in delayed_ack socket option. [ 318.770004][ T8141] Use struct sctp_sack_info instead [ 321.209278][ T3670] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 321.218529][ T8162] syz.3.732: attempt to access beyond end of device [ 321.218529][ T8162] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 321.255748][ T8162] efs: cannot read volume header [ 321.409312][ T3670] usb 3-1: Using ep0 maxpacket: 16 [ 321.441654][ T3670] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 321.459340][ T3670] usb 3-1: config 0 has no interface number 0 [ 321.468190][ T3670] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 321.487720][ T3670] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.501069][ T3670] usb 3-1: Product: syz [ 321.505270][ T3670] usb 3-1: Manufacturer: syz [ 321.519261][ T3670] usb 3-1: SerialNumber: syz [ 321.531822][ T3670] usb 3-1: config 0 descriptor?? [ 321.554470][ T3670] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 322.269918][ T3670] gspca_spca1528: reg_w err -110 [ 322.300139][ T3670] spca1528: probe of 3-1:0.1 failed with error -110 [ 322.537353][ T8153] netlink: 44 bytes leftover after parsing attributes in process `syz.2.733'. [ 322.547792][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 322.558686][ T8153] netlink: 28 bytes leftover after parsing attributes in process `syz.2.733'. [ 322.641668][ T5866] usb 3-1: USB disconnect, device number 9 [ 322.929032][ T8178] sctp: [Deprecated]: syz.1.741 (pid 8178) Use of struct sctp_assoc_value in delayed_ack socket option. [ 322.929032][ T8178] Use struct sctp_sack_info instead [ 323.241484][ T8183] ubi: mtd0 is already attached to ubi31 [ 327.824472][ T8216] syz.0.749: attempt to access beyond end of device [ 327.824472][ T8216] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 327.889320][ T8216] efs: cannot read volume header [ 331.513093][ T8260] syz.3.770: attempt to access beyond end of device [ 331.513093][ T8260] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 331.567154][ T8260] efs: cannot read volume header [ 333.932306][ T8279] sctp: [Deprecated]: syz.0.776 (pid 8279) Use of struct sctp_assoc_value in delayed_ack socket option. [ 333.932306][ T8279] Use struct sctp_sack_info instead [ 334.057526][ T8286] loop2: detected capacity change from 0 to 16 [ 334.066443][ T8286] erofs: (device loop2): mounted with root inode @ nid 36. [ 334.161767][ T8287] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 334.172530][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 334.181841][ T8287] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36 [ 334.192558][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 334.202061][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 45 @ nid 36 [ 334.211765][ T8287] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 334.222645][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 43 @ nid 36 [ 334.232012][ T8287] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 334.242793][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 42 @ nid 36 [ 334.252316][ T8287] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 334.263037][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 41 @ nid 36 [ 334.272418][ T8287] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36 [ 334.283100][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 334.292481][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 334.301886][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 334.311740][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 36 @ nid 36 [ 334.321795][ T8287] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36 [ 334.332716][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 31 @ nid 36 [ 334.342755][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 334.352161][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 334.362034][ T8287] erofs: (device loop2): z_erofs_readahead: readahead error at folio 19 @ nid 36 [ 334.372807][ T8287] syz.2.779: attempt to access beyond end of device [ 334.372807][ T8287] loop2: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 334.387037][ T8287] syz.2.779: attempt to access beyond end of device [ 334.387037][ T8287] loop2: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 334.401911][ T8287] syz.2.779: attempt to access beyond end of device [ 334.401911][ T8287] loop2: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 334.417773][ T8287] syz.2.779: attempt to access beyond end of device [ 334.417773][ T8287] loop2: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 336.391749][ T8319] fuse: Unknown parameter 'group_i00000000000000000000' [ 336.422243][ T8315] wg2: entered promiscuous mode [ 336.477806][ T8315] wg2: entered allmulticast mode [ 337.250204][ T8328] loop2: detected capacity change from 0 to 16 [ 337.282047][ T8328] erofs: (device loop2): mounted with root inode @ nid 36. [ 337.899512][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 338.135241][ T8331] sctp: [Deprecated]: syz.3.791 (pid 8331) Use of struct sctp_assoc_value in delayed_ack socket option. [ 338.135241][ T8331] Use struct sctp_sack_info instead [ 339.230948][ T8343] pim6reg1: entered promiscuous mode [ 339.247195][ T8343] pim6reg1: entered allmulticast mode [ 339.621251][ T8358] fuse: Unknown parameter 'group_i00000000000000000000' [ 341.781123][ T8362] sctp: [Deprecated]: syz.3.802 (pid 8362) Use of struct sctp_assoc_value in delayed_ack socket option. [ 341.781123][ T8362] Use struct sctp_sack_info instead [ 341.996890][ T8364] hub 8-0:1.0: USB hub found [ 342.002306][ T8364] hub 8-0:1.0: 1 port detected [ 343.573112][ T8394] fuse: Unknown parameter 'group_i00000000000000000000' [ 346.655127][ T8398] hub 8-0:1.0: USB hub found [ 346.661129][ T8398] hub 8-0:1.0: 1 port detected [ 346.711041][ T8402] loop1: detected capacity change from 0 to 16 [ 346.729334][ T8402] erofs: (device loop1): mounted with root inode @ nid 36. [ 349.561981][ T8447] fuse: Unknown parameter 'group_id00000000000000000000' [ 351.289297][ T3670] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 351.499289][ T3670] usb 2-1: Using ep0 maxpacket: 16 [ 351.507672][ T3670] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 351.519026][ T3670] usb 2-1: config 0 has no interface number 0 [ 351.541685][ T3670] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 351.551231][ T3670] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.569522][ T3670] usb 2-1: Product: syz [ 351.573738][ T3670] usb 2-1: Manufacturer: syz [ 351.578356][ T3670] usb 2-1: SerialNumber: syz [ 351.601718][ T3670] usb 2-1: config 0 descriptor?? [ 351.620930][ T3670] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 351.828344][ T8475] syz.2.837: attempt to access beyond end of device [ 351.828344][ T8475] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 351.841287][ T8475] efs: cannot read volume header [ 352.207653][ T3670] gspca_spca1528: reg_w err -110 [ 352.342492][ T3670] spca1528: probe of 2-1:0.1 failed with error -110 [ 352.512203][ T9] usb 2-1: USB disconnect, device number 6 [ 354.204228][ T8498] fuse: Unknown parameter 'group_id00000000000000000000' [ 355.712467][ T8533] sctp: [Deprecated]: syz.3.859 (pid 8533) Use of struct sctp_assoc_value in delayed_ack socket option. [ 355.712467][ T8533] Use struct sctp_sack_info instead [ 356.621541][ T8567] sctp: [Deprecated]: syz.3.870 (pid 8567) Use of struct sctp_assoc_value in delayed_ack socket option. [ 356.621541][ T8567] Use struct sctp_sack_info instead [ 357.618554][ T8597] sctp: [Deprecated]: syz.0.879 (pid 8597) Use of struct sctp_assoc_value in delayed_ack socket option. [ 357.618554][ T8597] Use struct sctp_sack_info instead [ 358.668266][ T8621] ubi: mtd0 is already attached to ubi31 [ 358.700967][ T8622] sctp: [Deprecated]: syz.0.889 (pid 8622) Use of struct sctp_assoc_value in delayed_ack socket option. [ 358.700967][ T8622] Use struct sctp_sack_info instead [ 360.144526][ T8651] sctp: [Deprecated]: syz.2.898 (pid 8651) Use of struct sctp_assoc_value in delayed_ack socket option. [ 360.144526][ T8651] Use struct sctp_sack_info instead [ 360.360228][ T8656] syz.2.899[8656] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 360.360361][ T8656] syz.2.899[8656] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 361.542968][ T8680] sctp: [Deprecated]: syz.3.907 (pid 8680) Use of struct sctp_assoc_value in delayed_ack socket option. [ 361.542968][ T8680] Use struct sctp_sack_info instead [ 361.940936][ T8691] pim6reg1: entered promiscuous mode [ 361.958431][ T8691] pim6reg1: entered allmulticast mode [ 362.145341][ T8701] ubi: mtd0 is already attached to ubi31 [ 362.318281][ T8703] sctp: [Deprecated]: syz.0.916 (pid 8703) Use of struct sctp_assoc_value in delayed_ack socket option. [ 362.318281][ T8703] Use struct sctp_sack_info instead [ 363.731055][ T8728] sctp: [Deprecated]: syz.1.926 (pid 8728) Use of struct sctp_assoc_value in delayed_ack socket option. [ 363.731055][ T8728] Use struct sctp_sack_info instead [ 363.964341][ T8734] ubi: mtd0 is already attached to ubi31 [ 364.669291][ T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 365.698667][ T9] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 365.725212][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.736606][ T9] usb 1-1: config 0 descriptor?? [ 365.849531][ T8] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 366.230169][ T8] usb 2-1: unable to get BOS descriptor or descriptor too short [ 366.264677][ T8] usb 2-1: not running at top speed; connect to a high speed hub [ 366.324407][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 366.335163][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 366.433029][ T8] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 366.445549][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.454894][ T8] usb 2-1: Product: syz [ 366.459727][ T8] usb 2-1: Manufacturer: syz [ 366.467629][ T8] usb 2-1: SerialNumber: syz [ 366.476223][ T8754] sctp: [Deprecated]: syz.3.936 (pid 8754) Use of struct sctp_assoc_value in delayed_ack socket option. [ 366.476223][ T8754] Use struct sctp_sack_info instead [ 366.592665][ T8756] loop3: detected capacity change from 0 to 1024 [ 366.605738][ T8756] EXT4-fs: Ignoring removed orlov option [ 366.611687][ T8756] EXT4-fs: Ignoring removed nomblk_io_submit option [ 366.652468][ T8756] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 366.817352][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 367.134005][ T9] pegasus: probe of 1-1:0.0 failed with error -71 [ 367.202031][ T8] usb 2-1: cannot find UAC_HEADER [ 367.303369][ T9] usb 1-1: USB disconnect, device number 7 [ 367.655490][ T8766] hub 8-0:1.0: USB hub found [ 367.661418][ T8766] hub 8-0:1.0: 1 port detected [ 367.771285][ T8771] loop3: detected capacity change from 0 to 256 [ 367.776674][ T8] snd-usb-audio: probe of 2-1:1.0 failed with error -22 [ 367.858896][ T8] usb 2-1: USB disconnect, device number 7 [ 367.944131][ T5788] udevd[5788]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 368.249396][ T8783] sctp: [Deprecated]: syz.0.945 (pid 8783) Use of struct sctp_assoc_value in delayed_ack socket option. [ 368.249396][ T8783] Use struct sctp_sack_info instead [ 369.204409][ T8789] ubi: mtd0 is already attached to ubi31 [ 369.459561][ T23] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 369.489726][ T8799] loop3: detected capacity change from 0 to 1024 [ 369.648337][ T8799] syz.3.952: attempt to access beyond end of device [ 369.648337][ T8799] loop3: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 369.670508][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 369.688316][ T23] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 369.692099][ T8799] Buffer I/O error on dev loop3, logical block 100663296, async page read [ 369.707170][ T23] usb 2-1: config 0 has no interface number 0 [ 369.707679][ T8799] hfsplus: unable to mark blocks free: error -5 [ 369.722874][ T8799] hfsplus: can't free extent [ 369.745315][ T23] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 369.775377][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.786225][ T23] usb 2-1: Product: syz [ 369.793173][ T23] usb 2-1: Manufacturer: syz [ 369.800662][ T23] usb 2-1: SerialNumber: syz [ 369.822827][ T23] usb 2-1: config 0 descriptor?? [ 369.839100][ T23] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 370.605297][ T8803] netlink: 44 bytes leftover after parsing attributes in process `syz.1.949'. [ 370.642768][ T8803] netlink: 28 bytes leftover after parsing attributes in process `syz.1.949'. [ 370.679531][ T23] gspca_spca1528: reg_w err -110 [ 370.715755][ T23] spca1528: probe of 2-1:0.1 failed with error -110 [ 371.250237][ T8816] sctp: [Deprecated]: syz.2.956 (pid 8816) Use of struct sctp_assoc_value in delayed_ack socket option. [ 371.250237][ T8816] Use struct sctp_sack_info instead [ 373.034214][ T8839] sctp: [Deprecated]: syz.2.965 (pid 8839) Use of struct sctp_assoc_value in delayed_ack socket option. [ 373.034214][ T8839] Use struct sctp_sack_info instead [ 373.865052][ T6147] usb 2-1: USB disconnect, device number 8 [ 374.021752][ T8847] ubi: mtd0 is already attached to ubi31 [ 376.019359][ T8] IPVS: starting estimator thread 0... [ 376.099776][ T8904] ubi: mtd0 is already attached to ubi31 [ 376.108711][ T3476] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 376.127671][ T3476] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 376.135900][ T8903] IPVS: using max 34 ests per chain, 81600 per kthread [ 378.137403][ T8963] syz.1.1000: attempt to access beyond end of device [ 378.137403][ T8963] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 378.150509][ T8963] efs: cannot read volume header [ 378.354697][ T8967] syzkaller0: entered promiscuous mode [ 378.361818][ T8967] syzkaller0: entered allmulticast mode [ 378.579640][ T5866] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 378.811315][ T5866] usb 3-1: config 0 has an invalid interface number: 46 but max is 0 [ 378.829700][ T5866] usb 3-1: config 0 has no interface number 0 [ 378.835879][ T5866] usb 3-1: config 0 interface 46 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 378.863115][ T5866] usb 3-1: config 0 interface 46 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 378.863217][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.881160][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.886037][ T5866] usb 3-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01 [ 378.918054][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 378.950551][ T5866] usb 3-1: Product: syz [ 378.954886][ T5866] usb 3-1: Manufacturer: syz [ 378.973077][ T5866] usb 3-1: SerialNumber: syz [ 378.996957][ T5866] usb 3-1: config 0 descriptor?? [ 379.036868][ T8994] sctp: [Deprecated]: syz.3.1012 (pid 8994) Use of struct sctp_assoc_value in delayed_ack socket option. [ 379.036868][ T8994] Use struct sctp_sack_info instead [ 379.062995][ T5866] ums-karma 3-1:0.46: USB Mass Storage device detected [ 379.164197][ T5866] ums-karma: probe of 3-1:0.46 failed with error -5 [ 379.205874][ T9002] ubi: mtd0 is already attached to ubi31 [ 379.301840][ T9004] syzkaller0: entered promiscuous mode [ 379.323734][ T9004] syzkaller0: entered allmulticast mode [ 379.554788][ T9008] 9pnet: Could not find request transport: 0xffffffffffffffff [ 379.888556][ T9016] syz.1.1020: attempt to access beyond end of device [ 379.888556][ T9016] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 379.901524][ T9016] efs: cannot read volume header [ 380.405289][ T9026] sctp: [Deprecated]: syz.3.1023 (pid 9026) Use of struct sctp_assoc_value in delayed_ack socket option. [ 380.405289][ T9026] Use struct sctp_sack_info instead [ 380.520283][ T9028] fuse: Bad value for 'fd' [ 381.277733][ T7422] usb 3-1: USB disconnect, device number 10 [ 381.446687][ T9037] syzkaller0: entered promiscuous mode [ 381.482528][ T9037] syzkaller0: entered allmulticast mode [ 382.090072][ T27] audit: type=1326 audit(1754613796.090:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.3.1035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc1278ebe9 code=0x7ffc0000 [ 382.139685][ T27] audit: type=1326 audit(1754613796.090:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.3.1035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc1278ebe9 code=0x7ffc0000 [ 382.164995][ T27] audit: type=1326 audit(1754613796.090:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.3.1035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7fcc1278ebe9 code=0x7ffc0000 [ 382.190000][ T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 382.190964][ T27] audit: type=1326 audit(1754613796.090:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.3.1035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc1278ebe9 code=0x7ffc0000 [ 382.349383][ T9] usb 2-1: device descriptor read/64, error -71 [ 382.429426][ T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 382.619776][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 382.694352][ T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 383.459500][ T8] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 383.467931][ T8] usb 3-1: config 0 has no interface number 0 [ 383.482208][ T8] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 383.491506][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.499641][ T8] usb 3-1: Product: syz [ 383.504005][ T8] usb 3-1: Manufacturer: syz [ 383.509059][ T8] usb 3-1: SerialNumber: syz [ 383.516442][ T8] usb 3-1: config 0 descriptor?? [ 383.524935][ T8] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 383.610528][ T9] usb 2-1: device descriptor read/64, error -71 [ 383.732675][ T9] usb usb2-port1: attempt power cycle [ 384.003875][ T9087] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1036'. [ 384.014513][ T9087] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1036'. [ 384.189511][ T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 384.220488][ T9] usb 2-1: device descriptor read/8, error -71 [ 384.239666][ T8] gspca_spca1528: reg_w err -110 [ 384.271133][ T8] spca1528: probe of 3-1:0.1 failed with error -110 [ 384.489402][ T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 384.547523][ T9] usb 2-1: device descriptor read/8, error -71 [ 384.679652][ T9] usb usb2-port1: unable to enumerate USB device [ 385.927255][ T7422] usb 3-1: USB disconnect, device number 11 [ 386.217716][ T9111] ubi: mtd0 is already attached to ubi31 [ 386.586587][ T9122] fuse: Bad value for 'fd' [ 388.620044][ T9133] sctp: [Deprecated]: syz.0.1066 (pid 9133) Use of struct sctp_assoc_value in delayed_ack socket option. [ 388.620044][ T9133] Use struct sctp_sack_info instead [ 389.530929][ T9135] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1067'. [ 389.588271][ T9135] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1067'. [ 389.642875][ T9142] syzkaller0: entered promiscuous mode [ 389.648403][ T9142] syzkaller0: entered allmulticast mode [ 390.141407][ T9160] sctp: [Deprecated]: syz.2.1077 (pid 9160) Use of struct sctp_assoc_value in delayed_ack socket option. [ 390.141407][ T9160] Use struct sctp_sack_info instead [ 391.146935][ T9171] syz.0.1078: attempt to access beyond end of device [ 391.146935][ T9171] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 391.160244][ T9171] efs: cannot read volume header [ 391.185992][ T9174] ubi: mtd0 is already attached to ubi31 [ 391.893739][ T9185] syzkaller0: entered promiscuous mode [ 391.915908][ T9185] syzkaller0: entered allmulticast mode [ 392.237491][ T9194] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1088'. [ 392.246560][ T9194] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1088'. [ 392.749283][ T7422] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 392.929279][ T7422] usb 1-1: Using ep0 maxpacket: 32 [ 392.937383][ T7422] usb 1-1: config 0 has an invalid interface number: 85 but max is 0 [ 392.949571][ T7422] usb 1-1: config 0 has no interface number 0 [ 392.956009][ T7422] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 392.967495][ T7422] usb 1-1: config 0 interface 85 has no altsetting 0 [ 392.979102][ T7422] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 392.988516][ T7422] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.996875][ T7422] usb 1-1: Product: syz [ 393.001619][ T7422] usb 1-1: Manufacturer: syz [ 393.006277][ T7422] usb 1-1: SerialNumber: syz [ 393.013696][ T7422] usb 1-1: config 0 descriptor?? [ 393.458335][ T9233] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1103'. [ 393.467886][ T9233] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1103'. [ 393.645604][ T7422] appletouch 1-1:0.85: Geyser mode initialized. [ 393.656066][ T7422] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input5 [ 393.824890][ T9241] syzkaller0: entered promiscuous mode [ 393.830718][ T9241] syzkaller0: entered allmulticast mode [ 393.865874][ T7422] usb 1-1: USB disconnect, device number 8 [ 393.890079][ T7422] appletouch 1-1:0.85: input: appletouch disconnected [ 394.180391][ T9245] syzkaller0: entered promiscuous mode [ 394.199703][ T9245] syzkaller0: entered allmulticast mode [ 396.835555][ T9279] ubi: mtd0 is already attached to ubi31 [ 397.079571][ T7422] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 397.269402][ T7422] usb 3-1: Using ep0 maxpacket: 16 [ 397.292923][ T7422] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 397.305239][ T7422] usb 3-1: config 0 has no interface number 0 [ 397.316898][ T7422] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 397.328256][ T7422] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.336942][ T7422] usb 3-1: Product: syz [ 397.345113][ T7422] usb 3-1: Manufacturer: syz [ 397.351395][ T7422] usb 3-1: SerialNumber: syz [ 397.372388][ T7422] usb 3-1: config 0 descriptor?? [ 397.402335][ T7422] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 397.960522][ T7422] gspca_spca1528: reg_w err -110 [ 397.989926][ T7422] spca1528: probe of 3-1:0.1 failed with error -110 [ 398.197107][ T7422] usb 3-1: USB disconnect, device number 12 [ 399.542138][ T9312] ubi: mtd0 is already attached to ubi31 [ 399.810375][ T9324] ubi: mtd0 is already attached to ubi31 [ 400.021287][ T9330] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1136'. [ 400.030827][ T9330] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1136'. [ 400.445772][ T9329] syzkaller0: entered promiscuous mode [ 400.453009][ T9329] syzkaller0: entered allmulticast mode [ 403.297664][ T9347] ubi: mtd0 is already attached to ubi31 [ 404.520346][ T9374] ubi: mtd0 is already attached to ubi31 [ 405.452019][ T9382] fuse: Unknown parameter '0x0000000000000005' [ 407.165127][ T9408] sctp: [Deprecated]: syz.0.1157 (pid 9408) Use of struct sctp_assoc_value in delayed_ack socket option. [ 407.165127][ T9408] Use struct sctp_sack_info instead [ 408.543917][ T9420] fuse: Unknown parameter '0xffffffffffffffff' [ 408.572823][ T9422] loop1: detected capacity change from 0 to 128 [ 408.773638][ T9422] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 409.001907][ T9422] ext4 filesystem being mounted at /288/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 409.680667][ T9434] sctp: [Deprecated]: syz.2.1166 (pid 9434) Use of struct sctp_assoc_value in delayed_ack socket option. [ 409.680667][ T9434] Use struct sctp_sack_info instead [ 409.993366][ T5784] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 410.812678][ T9454] fuse: Unknown parameter '0xffffffffffffffff' [ 411.942528][ T9471] sctp: [Deprecated]: syz.3.1180 (pid 9471) Use of struct sctp_assoc_value in delayed_ack socket option. [ 411.942528][ T9471] Use struct sctp_sack_info instead [ 411.994419][ T9475] ubi: mtd0 is already attached to ubi31 [ 412.363484][ T9492] fuse: Unknown parameter 'fd0x0000000000000005' [ 412.899513][ T7422] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 413.120447][ T9499] sctp: [Deprecated]: syz.3.1190 (pid 9499) Use of struct sctp_assoc_value in delayed_ack socket option. [ 413.120447][ T9499] Use struct sctp_sack_info instead [ 413.267965][ T7422] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 413.296233][ T7422] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 413.326077][ T7422] usb 1-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 413.348777][ T7422] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.399005][ T7422] usb 1-1: config 0 descriptor?? [ 413.619424][ T3670] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 413.809246][ T3670] usb 2-1: Using ep0 maxpacket: 32 [ 413.815959][ T3670] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 413.824522][ T3670] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 413.833204][ T3670] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 413.845828][ T7422] elo 0003:04E7:0030.0002: unknown main item tag 0x0 [ 413.852775][ T3670] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 413.862565][ T7422] elo 0003:04E7:0030.0002: item fetching failed at offset 3/7 [ 413.870744][ T3670] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 413.881539][ T7422] elo 0003:04E7:0030.0002: parse failed [ 413.887163][ T7422] elo: probe of 0003:04E7:0030.0002 failed with error -22 [ 413.894548][ T3670] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 413.904550][ T3670] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 413.917358][ T3670] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 413.930477][ T3670] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 413.939590][ T3670] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.950357][ T3670] usb 2-1: config 0 descriptor?? [ 414.055160][ T54] usb 1-1: USB disconnect, device number 9 [ 414.180346][ T3670] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 13 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 414.222769][ T3670] usb 2-1: USB disconnect, device number 13 [ 414.245300][ T3670] usblp0: removed [ 414.294620][ T9523] syzkaller0: entered promiscuous mode [ 414.303411][ T9523] syzkaller0: entered allmulticast mode [ 414.664127][ T9529] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 416.413739][ T9533] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1201'. [ 416.425262][ T9533] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1201'. [ 419.877960][ T9570] loop2: detected capacity change from 0 to 512 [ 419.900618][ T9570] EXT4-fs: Ignoring removed nobh option [ 419.999871][ T9575] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1214'. [ 420.006124][ T9570] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.1213: bg 0: block 393: padding at end of block bitmap is not set [ 420.009315][ T9575] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1214'. [ 420.214525][ T9570] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 420.359957][ T9570] EXT4-fs (loop2): 2 truncates cleaned up [ 420.367104][ T9570] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 420.589029][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 421.186434][ T9584] block device autoloading is deprecated and will be removed. [ 421.206122][ T9584] syz.2.1218: attempt to access beyond end of device [ 421.206122][ T9584] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 422.653601][ T9568] veth0_to_team: entered promiscuous mode [ 422.675223][ T9586] netlink: 'syz.0.1219': attribute type 1 has an invalid length. [ 422.686069][ T9586] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 422.826817][ T9592] syzkaller0: entered promiscuous mode [ 422.849920][ T9592] syzkaller0: entered allmulticast mode [ 423.407760][ T9613] sctp: [Deprecated]: syz.0.1226 (pid 9613) Use of struct sctp_assoc_value in delayed_ack socket option. [ 423.407760][ T9613] Use struct sctp_sack_info instead [ 424.389340][ T8] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 424.550533][ T8] usb 1-1: device descriptor read/64, error -71 [ 424.731743][ T9630] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1232'. [ 424.849284][ T8] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 424.918435][ T9634] fuse: Unknown parameter 'user_i00000000000000000000' [ 425.019379][ T8] usb 1-1: device descriptor read/64, error -71 [ 425.160696][ T8] usb usb1-port1: attempt power cycle [ 425.583042][ T8] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 425.636430][ T8] usb 1-1: device descriptor read/8, error -71 [ 425.924582][ T8] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 425.977892][ T8] usb 1-1: device descriptor read/8, error -71 [ 426.112863][ T8] usb usb1-port1: unable to enumerate USB device [ 426.666934][ T9657] ubi: mtd0 is already attached to ubi31 [ 428.156252][ T9698] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 428.448074][ T9711] ubi: mtd0 is already attached to ubi31 [ 428.845790][ T9717] ubi: mtd0 is already attached to ubi31 [ 430.275940][ T9720] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 430.303785][ T7422] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 430.553277][ T9728] loop1: detected capacity change from 0 to 256 [ 430.605754][ T9730] fuse: Unknown parameter 'user_i00000000000000000000' [ 431.350429][ T6147] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 432.333348][ T9764] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1288'. [ 432.373227][ T9767] ubi: mtd0 is already attached to ubi31 [ 432.478945][ T9773] loop2: detected capacity change from 0 to 8 [ 432.577432][ T9773] SQUASHFS error: lzo decompression failed, data probably corrupt [ 432.593736][ T9773] SQUASHFS error: Failed to read block 0x1dd: -5 [ 432.608373][ T9773] SQUASHFS error: Unable to read metadata cache entry [1db] [ 432.625401][ T9773] SQUASHFS error: Unable to read inode 0xa7 [ 432.881809][ T27] audit: type=1326 audit(1754613846.880:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9784 comm="syz.1.1298" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa7dd58ebe9 code=0x0 [ 432.909721][ T3670] usb 1-1: new low-speed USB device number 14 using dummy_hcd [ 432.943822][ T9786] dvmrp1: entered allmulticast mode [ 433.034659][ T9792] loop2: detected capacity change from 0 to 256 [ 433.131446][ T3670] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 433.142914][ T3670] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.181082][ T3670] usb 1-1: config 0 descriptor?? [ 433.408322][ T9798] ubi: mtd0 is already attached to ubi31 [ 434.412427][ T9812] loop1: detected capacity change from 0 to 128 [ 434.431510][ T3670] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 434.449357][ T3670] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 434.468519][ T3670] asix: probe of 1-1:0.0 failed with error -71 [ 434.475690][ T9812] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 434.478582][ T3670] usb 1-1: USB disconnect, device number 14 [ 434.524980][ T9812] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 436.144213][ T5792] Bluetooth: hci3: command 0x0406 tx timeout [ 436.375948][ T9843] loop2: detected capacity change from 0 to 16 [ 436.410663][ T9843] erofs: (device loop2): mounted with root inode @ nid 36. [ 437.371314][ T9850] loop1: detected capacity change from 0 to 64 [ 437.537286][ T9856] loop2: detected capacity change from 0 to 256 [ 437.971149][ T9872] loop1: detected capacity change from 0 to 1024 [ 438.056084][ T9872] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 438.305504][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 438.800953][ T9896] sctp: [Deprecated]: syz.1.1344 (pid 9896) Use of struct sctp_assoc_value in delayed_ack socket option. [ 438.800953][ T9896] Use struct sctp_sack_info instead [ 439.879717][ T5177] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 439.889781][ T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 439.927570][ T9918] loop1: detected capacity change from 0 to 128 [ 439.956815][ T9918] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 440.002584][ T9918] ext4 filesystem being mounted at /324/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 440.061805][ T9918] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 440.084091][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 440.092918][ T5177] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 440.095622][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 440.115134][ T9] usb 1-1: config 0 has an invalid interface number: 52 but max is 0 [ 440.123945][ T9] usb 1-1: config 0 has no interface number 0 [ 440.124221][ T5177] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.134741][ T9] usb 1-1: config 0 interface 52 has no altsetting 0 [ 440.149930][ T5177] usb 3-1: config 0 descriptor?? [ 440.161205][ T5177] cp210x 3-1:0.0: cp210x converter detected [ 440.172281][ T9] usb 1-1: New USB device found, idVendor=a68a, idProduct=a6a5, bcdDevice=cd.7c [ 440.184464][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 440.194036][ T9] usb 1-1: Product: syz [ 440.198361][ T9] usb 1-1: Manufacturer: syz [ 440.207894][ T9] usb 1-1: SerialNumber: syz [ 440.218021][ T9] usb 1-1: config 0 descriptor?? [ 440.306725][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.319417][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.376292][ T9929] overlay: ./file0 is not a directory [ 440.444207][ T9] usb-storage 1-1:0.52: USB Mass Storage device detected [ 440.527872][ T9] usb 1-1: USB disconnect, device number 15 [ 440.586268][ T9902] loop2: detected capacity change from 0 to 1024 [ 440.601740][ T9935] sctp: [Deprecated]: syz.1.1358 (pid 9935) Use of struct sctp_assoc_value in delayed_ack socket option. [ 440.601740][ T9935] Use struct sctp_sack_info instead [ 440.647823][ T9902] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 440.665689][ T5177] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 440.685749][ T5177] usb 3-1: cp210x converter now attached to ttyUSB0 [ 440.886607][ T7422] usb 3-1: USB disconnect, device number 13 [ 440.923831][ T7422] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 440.981641][ T7422] cp210x 3-1:0.0: device disconnected [ 441.309345][ T54] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 441.437284][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 441.500144][ T54] usb 1-1: Using ep0 maxpacket: 8 [ 441.510009][ T54] usb 1-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 441.529251][ T54] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 441.542823][ T54] usb 1-1: Product: syz [ 441.547042][ T54] usb 1-1: Manufacturer: syz [ 441.547219][ T9966] loop2: detected capacity change from 0 to 1024 [ 441.552358][ T54] usb 1-1: SerialNumber: syz [ 441.573448][ T54] usb 1-1: config 0 descriptor?? [ 441.587973][ T54] radio-usb-si4713 1-1:0.0: Si4713 development board discovered: (10C4:8244) [ 441.649436][ T9] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 441.765378][ T12] hfsplus: b-tree write err: -5, ino 3 [ 441.839360][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 441.856171][ T9] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 441.873505][ T9] usb 2-1: config 0 has no interface number 0 [ 441.884940][ T9] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 441.911064][ T9] usb 2-1: config 0 interface 85 has no altsetting 0 [ 441.941253][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 441.962654][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 441.983677][ T9] usb 2-1: Product: syz [ 441.989433][ T9] usb 2-1: Manufacturer: syz [ 441.994195][ T9] usb 2-1: SerialNumber: syz [ 442.015382][ T9] usb 2-1: config 0 descriptor?? [ 442.216637][ T54] radio-usb-si4713: probe of 1-1:0.0 failed with error -71 [ 442.238473][ T54] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 442.269936][ T54] usb 1-1: USB disconnect, device number 16 [ 442.452215][ T9] appletouch 2-1:0.85: Geyser mode initialized. [ 442.471188][ T9] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input6 [ 442.528987][ T9990] fuse: Bad value for 'fd' [ 442.662349][ T9993] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1378'. [ 442.679704][ T54] usb 2-1: USB disconnect, device number 14 [ 442.679747][ T9993] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 442.700215][ T54] appletouch 2-1:0.85: input: appletouch disconnected [ 442.729087][ T9993] bond1: entered allmulticast mode [ 442.735560][ T9993] 8021q: adding VLAN 0 to HW filter on device bond1 [ 442.949685][T10005] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 442.982204][T10005] CIFS mount error: No usable UNC path provided in device string! [ 442.982204][T10005] [ 442.995223][T10005] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 443.099543][ T5177] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 443.309385][ T5177] usb 3-1: Using ep0 maxpacket: 8 [ 443.321045][ T5177] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 17 [ 443.333168][ T5177] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=c8.07 [ 443.343411][ T5177] usb 3-1: New USB device strings: Mfr=209, Product=185, SerialNumber=60 [ 443.352074][ T5177] usb 3-1: Product: syz [ 443.356953][ T5177] usb 3-1: Manufacturer: syz [ 443.362701][ T5177] usb 3-1: SerialNumber: syz [ 443.370191][ T5177] usb 3-1: config 0 descriptor?? [ 443.590237][ T5177] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 443.622535][T10026] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 444.190004][ T5177] gspca_sunplus: reg_w_riv err -71 [ 444.205534][ T5177] sunplus: probe of 3-1:0.0 failed with error -71 [ 444.226516][ T5177] usb 3-1: USB disconnect, device number 14 [ 445.080186][ T54] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 445.312928][ T54] usb 3-1: Using ep0 maxpacket: 16 [ 445.325182][ T54] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 445.345759][ T54] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 445.364890][ T54] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 445.376879][ T54] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 445.387555][ T54] usb 3-1: Product: syz [ 445.395311][ T54] usb 3-1: Manufacturer: syz [ 445.397752][T10060] loop1: detected capacity change from 0 to 1024 [ 445.401500][ T54] usb 3-1: SerialNumber: syz [ 445.417630][ T54] usb 3-1: config 0 descriptor?? [ 445.570987][ T149] hfsplus: b-tree write err: -5, ino 4 [ 445.924396][T10066] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1405'. [ 446.622238][T10083] loop1: detected capacity change from 0 to 4096 [ 446.640535][T10083] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 446.717932][T10083] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 447.034175][ T5792] Bluetooth: hci2: unexpected event for opcode 0x041c [ 447.185264][T10109] netlink: 'syz.1.1419': attribute type 5 has an invalid length. [ 447.193654][T10109] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1419'. [ 447.212629][T10109] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.334361][T10112] loop1: detected capacity change from 0 to 512 [ 447.342027][T10112] EXT4-fs: Ignoring removed oldalloc option [ 447.381490][T10112] EXT4-fs error (device loop1): ext4_xattr_inode_iget:436: comm syz.1.1420: Parent and EA inode have the same ino 15 [ 447.403333][T10112] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 447.420252][T10112] EXT4-fs error (device loop1): ext4_xattr_inode_iget:436: comm syz.1.1420: Parent and EA inode have the same ino 15 [ 447.438112][T10112] EXT4-fs (loop1): 1 orphan inode deleted [ 447.444967][T10112] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 447.504184][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 447.611190][T10117] loop7: detected capacity change from 0 to 100 [ 447.843387][ T7422] usb 3-1: USB disconnect, device number 15 [ 447.879743][T10125] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1425'. [ 448.440579][T10153] loop2: detected capacity change from 0 to 1024 [ 448.483487][T10153] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 448.519935][ T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 448.577729][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 448.712062][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 448.726807][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 448.737257][ T9] usb 2-1: New USB device found, idVendor=056e, idProduct=00fd, bcdDevice= 0.00 [ 448.755726][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.777139][ T9] usb 2-1: config 0 descriptor?? [ 448.869274][T10170] loop2: detected capacity change from 0 to 1024 [ 448.936876][ T42] hfsplus: b-tree write err: -5, ino 4 [ 448.973821][T10172] 9pnet_fd: Insufficient options for proto=fd [ 449.179065][T10180] fuse: Unknown parameter '0x0000000000000005' [ 449.213344][ T9] elecom 0003:056E:00FD.0003: ignoring exceeding usage max [ 449.235514][ T9] elecom 0003:056E:00FD.0003: hidraw0: USB HID v0.00 Device [HID 056e:00fd] on usb-dummy_hcd.1-1/input0 [ 449.419594][ T23] usb 2-1: USB disconnect, device number 15 [ 449.776122][T10191] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1454'. [ 449.785845][T10191] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1454'. [ 450.259350][ T9] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 450.400600][T10204] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1459'. [ 450.469331][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 450.482310][ T9] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 450.501713][ T9] usb 2-1: config 0 has no interface number 0 [ 450.525432][ T9] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 450.554046][ T9] usb 2-1: config 0 interface 85 has no altsetting 0 [ 450.570279][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 450.582773][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.591471][ T9] usb 2-1: Product: syz [ 450.596393][ T9] usb 2-1: Manufacturer: syz [ 450.607479][ T9] usb 2-1: SerialNumber: syz [ 450.621215][ T9] usb 2-1: config 0 descriptor?? [ 451.191624][ T9] appletouch 2-1:0.85: Geyser mode initialized. [ 451.201556][ T9] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input7 [ 451.751545][ T9] usb 2-1: USB disconnect, device number 16 [ 451.980075][ T9] appletouch 2-1:0.85: input: appletouch disconnected [ 452.273184][T10239] CIFS mount error: No usable UNC path provided in device string! [ 452.273184][T10239] [ 452.285161][T10239] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 453.592781][T10265] bridge_slave_0: left allmulticast mode [ 453.607706][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 453.631737][T10266] fuse: Unknown parameter '0x0000000000000009' [ 453.644171][T10265] bridge_slave_0: left promiscuous mode [ 453.690005][ T3670] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 453.725679][T10265] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.928328][T10265] bridge_slave_1: left allmulticast mode [ 453.934818][ T3670] usb 2-1: Using ep0 maxpacket: 16 [ 453.987205][ T3670] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 454.002006][T10265] bridge_slave_1: left promiscuous mode [ 454.051411][T10265] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.087545][ T3670] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 454.183794][ T3670] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 454.256875][T10265] bond0: (slave bond_slave_0): Releasing backup interface [ 454.275730][ T3670] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.329750][ T3670] usb 2-1: Product: syz [ 454.335331][T10265] bond0: (slave bond_slave_1): Releasing backup interface [ 454.343425][ T3670] usb 2-1: Manufacturer: syz [ 454.353554][ T3670] usb 2-1: SerialNumber: syz [ 454.372474][ T3670] usb 2-1: config 0 descriptor?? [ 454.391700][T10265] team0: Failed to send options change via netlink (err -105) [ 454.409051][T10265] team0: Port device team_slave_0 removed [ 454.453775][T10265] team0: Port device team_slave_1 removed [ 454.483523][T10271] CIFS mount error: No usable UNC path provided in device string! [ 454.483523][T10271] [ 454.516840][T10271] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 454.619453][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 454.819415][ T5866] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 455.049806][ T23] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 455.759362][ T23] usb 1-1: Using ep0 maxpacket: 16 [ 455.774787][ T23] usb 1-1: unable to get BOS descriptor or descriptor too short [ 455.786977][ T23] usb 1-1: config 0 has an invalid interface number: 52 but max is 0 [ 455.796953][ T23] usb 1-1: config 0 has no interface number 0 [ 455.805924][ T23] usb 1-1: config 0 interface 52 has no altsetting 0 [ 455.817200][ T23] usb 1-1: New USB device found, idVendor=a68a, idProduct=a6a5, bcdDevice=cd.7c [ 455.830520][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.842609][ T23] usb 1-1: Product: syz [ 455.848140][ T23] usb 1-1: Manufacturer: syz [ 455.855205][ T23] usb 1-1: SerialNumber: syz [ 455.864945][ T23] usb 1-1: config 0 descriptor?? [ 455.875622][T10292] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1493'. [ 455.884859][T10292] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1493'. [ 455.905671][ T5866] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 455.915069][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.923106][ T5866] usb 3-1: Product: syz [ 455.927278][ T5866] usb 3-1: Manufacturer: syz [ 455.931938][ T5866] usb 3-1: SerialNumber: syz [ 455.939093][ T5866] usb 3-1: config 0 descriptor?? [ 456.115167][ T23] usb-storage 1-1:0.52: USB Mass Storage device detected [ 456.150686][ T5866] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 456.172362][ T23] usb 1-1: USB disconnect, device number 17 [ 456.552702][ T5866] dvb_usb_rtl28xxu: probe of 3-1:0.0 failed with error -71 [ 456.570871][ T5866] usb 3-1: USB disconnect, device number 16 [ 456.663920][T10302] CIFS mount error: No usable UNC path provided in device string! [ 456.663920][T10302] [ 456.675637][T10302] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 456.754456][ T23] usb 2-1: USB disconnect, device number 17 [ 457.489577][ T5866] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 457.804446][ T5866] usb 2-1: Using ep0 maxpacket: 16 [ 457.836287][ T5866] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 457.875498][ T5866] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 457.915983][ T5866] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 457.968325][T10329] CIFS mount error: No usable UNC path provided in device string! [ 457.968325][T10329] [ 457.969043][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 457.990421][T10329] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 457.994244][ T5866] usb 2-1: Product: syz [ 458.023621][ T5866] usb 2-1: Manufacturer: syz [ 458.028275][ T5866] usb 2-1: SerialNumber: syz [ 458.062641][ T5866] usb 2-1: config 0 descriptor?? [ 459.214434][T10344] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1503'. [ 459.234529][T10344] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1503'. [ 459.392934][T10348] loop2: detected capacity change from 0 to 2048 [ 459.828083][T10355] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 460.148455][T10365] sctp: [Deprecated]: syz.3.1521 (pid 10365) Use of struct sctp_assoc_value in delayed_ack socket option. [ 460.148455][T10365] Use struct sctp_sack_info instead [ 460.496009][T10376] CIFS mount error: No usable UNC path provided in device string! [ 460.496009][T10376] [ 460.507949][T10376] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 460.861363][ T23] usb 2-1: USB disconnect, device number 18 [ 460.989452][ T54] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 461.230563][ T54] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 461.238614][ T54] usb 3-1: config 0 has no interface number 0 [ 461.263114][ T54] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 461.280347][ T54] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.288502][ T54] usb 3-1: Product: syz [ 461.300301][ T54] usb 3-1: Manufacturer: syz [ 461.304948][ T54] usb 3-1: SerialNumber: syz [ 461.316303][T10386] sctp: [Deprecated]: syz.3.1530 (pid 10386) Use of struct sctp_assoc_value in delayed_ack socket option. [ 461.316303][T10386] Use struct sctp_sack_info instead [ 461.344629][ T54] usb 3-1: config 0 descriptor?? [ 461.436415][T10388] BUG: assuming non migratable context at include/linux/filter.h:599 [ 461.451763][T10388] in_atomic(): 0, irqs_disabled(): 0, migration_disabled() 0 pid: 10388, name: syz.0.1532 [ 461.462162][T10388] 3 locks held by syz.0.1532/10388: [ 461.467441][T10388] #0: ffff88807e0f8970 (sk_lock-AF_INET){+.+.}-{0:0}, at: sctp_sendmsg+0xb92/0x27e0 [ 461.479009][T10388] #1: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: __ip_queue_xmit+0x5c/0x1a00 [ 461.490269][T10388] #2: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: nf_hook+0x9e/0x370 [ 461.500056][T10388] CPU: 0 PID: 10388 Comm: syz.0.1532 Not tainted 6.6.101-syzkaller #0 [ 461.508261][T10388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 461.518329][T10388] Call Trace: [ 461.521607][T10388] [ 461.524542][T10388] dump_stack_lvl+0x16c/0x230 [ 461.529248][T10388] ? show_regs_print_info+0x20/0x20 [ 461.534471][T10388] ? ipt_do_table+0x2b2/0x15f0 [ 461.539249][T10388] __cant_migrate+0x234/0x2e0 [ 461.543966][T10388] ? __cant_sleep+0x210/0x210 [ 461.548645][T10388] ? nf_nat_packet+0xf0/0xf0 [ 461.553244][T10388] nf_hook_run_bpf+0x90/0x1e0 [ 461.557919][T10388] ? ipt_alloc_initial_table+0x610/0x610 [ 461.563545][T10388] ? bpf_nf_link_attach+0x810/0x810 [ 461.568744][T10388] ? nf_nat_ipv4_out+0x3af/0x4d0 [ 461.573680][T10388] ? bpf_nf_link_attach+0x810/0x810 [ 461.578867][T10388] nf_hook_slow+0xbd/0x200 [ 461.583283][T10388] nf_hook+0x215/0x370 [ 461.587357][T10388] ? nf_hook+0x9e/0x370 [ 461.591514][T10388] ? __ip_local_out+0x5f0/0x5f0 [ 461.596374][T10388] ? ip_mc_finish_output+0x250/0x250 [ 461.601656][T10388] ? __lock_acquire+0x7c80/0x7c80 [ 461.606678][T10388] ? ip_fast_csum+0x1ee/0x2b0 [ 461.611357][T10388] ip_output+0x16c/0x210 [ 461.615598][T10388] ? ip_mc_finish_output+0x250/0x250 [ 461.620881][T10388] __ip_queue_xmit+0x1094/0x1a00 [ 461.625814][T10388] ? sctp_v4_xmit+0x3b7/0xe80 [ 461.630496][T10388] ? __ip_queue_xmit+0x5c/0x1a00 [ 461.635433][T10388] sctp_packet_transmit+0x2488/0x2a30 [ 461.640820][T10388] sctp_packet_singleton+0x234/0x330 [ 461.646106][T10388] ? sctp_outq_select_transport+0x570/0x570 [ 461.652002][T10388] ? sctp_outq_select_transport+0x45d/0x570 [ 461.657894][T10388] ? sctp_transport_burst_limited+0x197/0x280 [ 461.663975][T10388] sctp_outq_flush+0x4f1/0x3100 [ 461.668828][T10388] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 461.674728][T10388] ? _raw_spin_unlock+0x40/0x40 [ 461.679578][T10388] ? rcu_is_watching+0x15/0xb0 [ 461.684340][T10388] ? enqueue_timer+0x225/0x530 [ 461.689098][T10388] ? sctp_outq_tail+0x8b0/0x8b0 [ 461.693950][T10388] ? sctp_outq_tail+0x604/0x8b0 [ 461.698795][T10388] ? sctp_outq_uncork+0x4d/0xa0 [ 461.703641][T10388] sctp_do_sm+0x52d6/0x59a0 [ 461.708152][T10388] ? sctp_generate_t3_rtx_event+0x340/0x340 [ 461.714044][T10388] ? __sys_sendmmsg+0x275/0x4a0 [ 461.718908][T10388] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 461.725006][T10388] ? __sk_mem_raise_allocated+0xaa9/0x1370 [ 461.730825][T10388] sctp_primitive_ASSOCIATE+0x95/0xc0 [ 461.736200][T10388] sctp_sendmsg_to_asoc+0x101c/0x17f0 [ 461.741563][T10388] ? __asan_memcpy+0x40/0x70 [ 461.746165][T10388] ? sctp_assoc_add_peer+0xcf3/0x13a0 [ 461.751548][T10388] ? sctp_sendmsg_check_sflags+0x2e0/0x2e0 [ 461.757350][T10388] ? __sctp_connect+0xd20/0xd20 [ 461.762198][T10388] ? __local_bh_enable_ip+0x12e/0x1c0 [ 461.767578][T10388] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 461.773119][T10388] ? security_sctp_bind_connect+0x89/0xb0 [ 461.778835][T10388] sctp_sendmsg+0x1941/0x27e0 [ 461.783520][T10388] ? sctp_getsockopt+0xb60/0xb60 [ 461.788468][T10388] ? aa_sk_perm+0x7fc/0x930 [ 461.792988][T10388] ? aa_af_perm+0x2b0/0x2b0 [ 461.797492][T10388] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 461.803913][T10388] ? sock_rps_record_flow+0x19/0x400 [ 461.809195][T10388] ? inet_send_prepare+0x260/0x260 [ 461.814296][T10388] ? inet_sendmsg+0xe9/0x2f0 [ 461.818883][T10388] ? inet_send_prepare+0x260/0x260 [ 461.823986][T10388] ____sys_sendmsg+0x5bf/0x950 [ 461.828761][T10388] ? __asan_memset+0x22/0x40 [ 461.833353][T10388] ? __sys_sendmsg_sock+0x30/0x30 [ 461.838376][T10388] ? __import_iovec+0x5f2/0x860 [ 461.843234][T10388] ? import_iovec+0x73/0xa0 [ 461.847737][T10388] ___sys_sendmsg+0x220/0x290 [ 461.852417][T10388] ? __sys_sendmsg+0x270/0x270 [ 461.857214][T10388] __sys_sendmmsg+0x275/0x4a0 [ 461.861898][T10388] ? __ia32_sys_sendmsg+0x90/0x90 [ 461.866930][T10388] ? __ia32_sys_get_robust_list+0x90/0x90 [ 461.872654][T10388] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 461.878633][T10388] ? lock_chain_count+0x20/0x20 [ 461.883484][T10388] __x64_sys_sendmmsg+0xa0/0xb0 [ 461.888339][T10388] do_syscall_64+0x55/0xb0 [ 461.892752][T10388] ? clear_bhb_loop+0x40/0x90 [ 461.897420][T10388] ? clear_bhb_loop+0x40/0x90 [ 461.902090][T10388] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 461.907986][T10388] RIP: 0033:0x7f632278ebe9 [ 461.912414][T10388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 461.932023][T10388] RSP: 002b:00007f6323516038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 461.940435][T10388] RAX: ffffffffffffffda RBX: 00007f63229b5fa0 RCX: 00007f632278ebe9 [ 461.948399][T10388] RDX: 0000000000000001 RSI: 0000200000000740 RDI: 0000000000000006 [ 461.956363][T10388] RBP: 00007f6322811e19 R08: 0000000000000000 R09: 0000000000000000 [ 461.964328][T10388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 461.972370][T10388] R13: 00007f63229b6038 R14: 00007f63229b5fa0 R15: 00007ffec963b5a8 [ 461.980372][T10388] [ 462.005658][ T54] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 462.025051][ T54] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 462.029301][T10388] BUG: using smp_processor_id() in preemptible [00000000] code: syz.0.1532/10388 [ 462.038938][ T54] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 462.044476][T10388] caller is nf_hook_run_bpf+0x157/0x1e0 [ 462.057120][ T54] usb 3-1: media controller created [ 462.058288][T10388] CPU: 1 PID: 10388 Comm: syz.0.1532 Tainted: G W 6.6.101-syzkaller #0 [ 462.073143][T10388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 462.082875][ T54] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 462.083194][T10388] Call Trace: [ 462.083203][T10388] [ 462.097733][T10388] dump_stack_lvl+0x16c/0x230 [ 462.102426][T10388] ? show_regs_print_info+0x20/0x20 [ 462.107654][T10388] ? load_image+0x3b0/0x3b0 [ 462.112184][T10388] ? __cant_migrate+0x240/0x2e0 [ 462.117071][T10388] ? __cant_sleep+0x210/0x210 [ 462.121787][T10388] check_preemption_disabled+0x104/0x110 [ 462.127448][T10388] nf_hook_run_bpf+0x157/0x1e0 [ 462.132206][T10388] ? ipt_alloc_initial_table+0x610/0x610 [ 462.137833][T10388] ? bpf_nf_link_attach+0x810/0x810 [ 462.143024][T10388] ? nf_nat_ipv4_out+0x3af/0x4d0 [ 462.147953][T10388] ? bpf_nf_link_attach+0x810/0x810 [ 462.153157][T10388] nf_hook_slow+0xbd/0x200 [ 462.157597][T10388] nf_hook+0x215/0x370 [ 462.161758][T10388] ? nf_hook+0x9e/0x370 [ 462.165918][T10388] ? __ip_local_out+0x5f0/0x5f0 [ 462.170773][T10388] ? ip_mc_finish_output+0x250/0x250 [ 462.176069][T10388] ? __lock_acquire+0x7c80/0x7c80 [ 462.181109][T10388] ? ip_fast_csum+0x1ee/0x2b0 [ 462.185802][T10388] ip_output+0x16c/0x210 [ 462.190054][T10388] ? ip_mc_finish_output+0x250/0x250 [ 462.195338][T10388] __ip_queue_xmit+0x1094/0x1a00 [ 462.200283][T10388] ? sctp_v4_xmit+0x3b7/0xe80 [ 462.204985][T10388] ? __ip_queue_xmit+0x5c/0x1a00 [ 462.209934][T10388] sctp_packet_transmit+0x2488/0x2a30 [ 462.215322][T10388] sctp_packet_singleton+0x234/0x330 [ 462.220610][T10388] ? sctp_outq_select_transport+0x570/0x570 [ 462.226506][T10388] ? sctp_outq_select_transport+0x45d/0x570 [ 462.232397][T10388] ? sctp_transport_burst_limited+0x197/0x280 [ 462.238473][T10388] sctp_outq_flush+0x4f1/0x3100 [ 462.243322][T10388] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 462.249233][T10388] ? _raw_spin_unlock+0x40/0x40 [ 462.254095][T10388] ? rcu_is_watching+0x15/0xb0 [ 462.258855][T10388] ? enqueue_timer+0x225/0x530 [ 462.263611][T10388] ? sctp_outq_tail+0x8b0/0x8b0 [ 462.268464][T10388] ? sctp_outq_tail+0x604/0x8b0 [ 462.273309][T10388] ? sctp_outq_uncork+0x4d/0xa0 [ 462.278163][T10388] sctp_do_sm+0x52d6/0x59a0 [ 462.282677][T10388] ? sctp_generate_t3_rtx_event+0x340/0x340 [ 462.288576][T10388] ? __sys_sendmmsg+0x275/0x4a0 [ 462.293429][T10388] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 462.299527][T10388] ? __sk_mem_raise_allocated+0xaa9/0x1370 [ 462.305335][T10388] sctp_primitive_ASSOCIATE+0x95/0xc0 [ 462.310710][T10388] sctp_sendmsg_to_asoc+0x101c/0x17f0 [ 462.316077][T10388] ? __asan_memcpy+0x40/0x70 [ 462.320671][T10388] ? sctp_assoc_add_peer+0xcf3/0x13a0 [ 462.326053][T10388] ? sctp_sendmsg_check_sflags+0x2e0/0x2e0 [ 462.331856][T10388] ? __sctp_connect+0xd20/0xd20 [ 462.336702][T10388] ? __local_bh_enable_ip+0x12e/0x1c0 [ 462.342078][T10388] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 462.347621][T10388] ? security_sctp_bind_connect+0x89/0xb0 [ 462.353340][T10388] sctp_sendmsg+0x1941/0x27e0 [ 462.358028][T10388] ? sctp_getsockopt+0xb60/0xb60 [ 462.362972][T10388] ? aa_sk_perm+0x7fc/0x930 [ 462.367477][T10388] ? aa_af_perm+0x2b0/0x2b0 [ 462.371977][T10388] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 462.378392][T10388] ? sock_rps_record_flow+0x19/0x400 [ 462.383675][T10388] ? inet_send_prepare+0x260/0x260 [ 462.388780][T10388] ? inet_sendmsg+0xe9/0x2f0 [ 462.393362][T10388] ? inet_send_prepare+0x260/0x260 [ 462.398470][T10388] ____sys_sendmsg+0x5bf/0x950 [ 462.403244][T10388] ? __asan_memset+0x22/0x40 [ 462.407868][T10388] ? __sys_sendmsg_sock+0x30/0x30 [ 462.412890][T10388] ? __import_iovec+0x5f2/0x860 [ 462.417749][T10388] ? import_iovec+0x73/0xa0 [ 462.422275][T10388] ___sys_sendmsg+0x220/0x290 [ 462.426974][T10388] ? __sys_sendmsg+0x270/0x270 [ 462.431788][T10388] __sys_sendmmsg+0x275/0x4a0 [ 462.436481][T10388] ? __ia32_sys_sendmsg+0x90/0x90 [ 462.441525][T10388] ? __ia32_sys_get_robust_list+0x90/0x90 [ 462.447258][T10388] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 462.453242][T10388] ? lock_chain_count+0x20/0x20 [ 462.458094][T10388] __x64_sys_sendmmsg+0xa0/0xb0 [ 462.462955][T10388] do_syscall_64+0x55/0xb0 [ 462.467373][T10388] ? clear_bhb_loop+0x40/0x90 [ 462.472047][T10388] ? clear_bhb_loop+0x40/0x90 [ 462.476718][T10388] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 462.482617][T10388] RIP: 0033:0x7f632278ebe9 [ 462.487046][T10388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 462.506654][T10388] RSP: 002b:00007f6323516038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 462.515070][T10388] RAX: ffffffffffffffda RBX: 00007f63229b5fa0 RCX: 00007f632278ebe9 [ 462.523039][T10388] RDX: 0000000000000001 RSI: 0000200000000740 RDI: 0000000000000006 [ 462.531007][T10388] RBP: 00007f6322811e19 R08: 0000000000000000 R09: 0000000000000000 [ 462.538974][T10388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 462.546956][T10388] R13: 00007f63229b6038 R14: 00007f63229b5fa0 R15: 00007ffec963b5a8 [ 462.554943][T10388] [ 463.181628][T10380] usb 3-1: dvb_usb_ec168: I2C read not implemented [ 463.181659][ T54] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 463.251612][ T54] usb 3-1: USB disconnect, device number 17