last executing test programs: 17.792161191s ago: executing program 1 (id=1499): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f0000000d00)=""/224, 0xe0}, {&(0x7f0000000640)=""/240, 0xf0}, {&(0x7f0000000f80)=""/4054, 0xfd6}, {&(0x7f0000000c00)=""/207, 0xcf}, {&(0x7f0000000b00)=""/96, 0x60}, {&(0x7f0000002200)=""/4066, 0xfe2}, {&(0x7f0000000540)=""/241, 0xf1}, {&(0x7f0000000800)=""/150, 0x96}, {&(0x7f0000000940)=""/179, 0xb3}], 0x9}, 0x40002002) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0) recvmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 17.679062501s ago: executing program 1 (id=1500): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) clock_getres(0xfffffffffffffffe, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501) ioctl$USBDEVFS_SETCONFIGURATION(r3, 0x80045505, &(0x7f0000000000)=0x1) syz_pidfd_open(0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_subtree(r4, &(0x7f0000000200), 0x2, 0x0) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0xac63094eb3328933, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x21081e, &(0x7f0000000280)={[{@grpquota}, {@abort}, {@errors_remount}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r5 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x181043, 0x45) ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000000)) ioctl$EXT4_IOC_MIGRATE(r5, 0x6609) bpf$PROG_LOAD(0x5, 0x0, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) 5.567947541s ago: executing program 1 (id=1558): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) 5.567559979s ago: executing program 2 (id=1559): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f0000000d00)=""/224, 0xe0}, {&(0x7f0000000640)=""/240, 0xf0}, {&(0x7f0000000f80)=""/4054, 0xfd6}, {&(0x7f0000000a00)=""/196, 0xc4}, {&(0x7f0000000b00)=""/96, 0x60}, {&(0x7f0000002200)=""/4066, 0xfe2}, {&(0x7f0000000540)=""/241, 0xf1}, {&(0x7f0000000800)=""/150, 0x96}, {&(0x7f0000000940)=""/179, 0xb3}], 0x9}, 0x40002002) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0) recvmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 5.44193911s ago: executing program 1 (id=1563): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000, 0x0) pipe2$watch_queue(0x0, 0x80) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000)) ioctl$sock_ax25_SIOCADDRT(r1, 0x890b, &(0x7f00000000c0)={@default, @default, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null]}) syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ax25_SIOCADDRT(r1, 0x890b, &(0x7f00000001c0)={@default, @null, 0x7, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 5.279911824s ago: executing program 1 (id=1564): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="2fd929bd7000fdffffff1000000008000300", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x8004}, 0x0) 5.265868632s ago: executing program 0 (id=1565): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, 0x0, 0x0) 4.159514421s ago: executing program 2 (id=1567): openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) close(0xffffffffffffffff) faccessat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) timer_settime(0x0, 0x1, &(0x7f0000000300)={{}, {0x0, 0x989680}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@bridge_getneigh={0x20, 0x1e, 0x3c964e403b131b43}, 0x20}}, 0x0) 4.148835387s ago: executing program 1 (id=1568): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) clock_getres(0xfffffffffffffffe, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501) ioctl$USBDEVFS_SETCONFIGURATION(r3, 0x80045505, &(0x7f0000000000)=0x1) syz_pidfd_open(0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_subtree(r4, &(0x7f0000000200), 0x2, 0x0) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0xac63094eb3328933, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x21081e, &(0x7f0000000280)={[{@grpquota}, {@abort}, {@errors_remount}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r5 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x181043, 0x45) ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000000)) ioctl$EXT4_IOC_MIGRATE(r5, 0x6609) bpf$PROG_LOAD(0x5, 0x0, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) 3.868536165s ago: executing program 0 (id=1571): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0200, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000340)=0x2) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x189a42, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$tun(r3, &(0x7f0000000a00)=ANY=[@ANYBLOB="6d6ff16901641101fe88000000000000000000000000000100000000000000000000ffff0a010102081e0000000000000401dac2f115138f95319f4d4b947bc1c4"], 0x18c) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000040)=0xfffffffd) close(r1) 3.167852656s ago: executing program 2 (id=1573): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002020207b1af8ff00"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc) socket$alg(0x26, 0x5, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r0}, 0xc) 3.038929484s ago: executing program 2 (id=1575): setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) 2.950992517s ago: executing program 0 (id=1578): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000380)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) 2.917105663s ago: executing program 4 (id=1579): r0 = socket(0x2, 0x80805, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000007fc0)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000100)=0x10) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0x55af) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x7a, &(0x7f0000000080), &(0x7f0000000000)=0x8) 2.822934624s ago: executing program 3 (id=1580): r0 = socket$inet(0x2, 0x3, 0x3) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000001ec0)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x400000001900], 0xff00, 0x0, &(0x7f0000001900)=ANY=[@ANYBLOB="0071a8528d59f8394500000000000031130000000000000000000000000000000000000000000097f5ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000be9ac7069ee2dee65cbaec74692eb0feffffff00"/140]}, 0x104) 2.295219598s ago: executing program 3 (id=1581): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, 0x0, 0x0) 1.895688759s ago: executing program 4 (id=1582): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100feffffff000000003900000008000300", @ANYRES32=r1, @ANYBLOB="2c005a800c00018005000400f0ff"], 0x48}}, 0x0) 1.794662801s ago: executing program 4 (id=1583): openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) close(0xffffffffffffffff) faccessat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) timer_settime(0x0, 0x1, &(0x7f0000000300)={{}, {0x0, 0x989680}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@bridge_getneigh={0x20, 0x1e, 0x3c964e403b131b43}, 0x20}}, 0x0) 863.745724ms ago: executing program 3 (id=1584): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0x7fd, 0x2d) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x5, @loopback, 0x2}, 0x1c) 862.480155ms ago: executing program 4 (id=1585): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000080)='H', 0x1}], 0x1}, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r0, &(0x7f0000000080)=ANY=[], 0x6) close(0x3) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_devices(r1, 0x0, 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r3, 0x0, 0x80) socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) socket$inet(0x10, 0x3, 0x0) 699.071684ms ago: executing program 3 (id=1586): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc) socket$alg(0x26, 0x5, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r0}, 0xc) 693.917772ms ago: executing program 3 (id=1587): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={0xffffffffffffffff, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x37, 0x0, 0x0, 0x10, &(0x7f0000000600), &(0x7f0000000640), 0x8, 0x76, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff08021100"], 0x6f4}}, 0x0) 584.884796ms ago: executing program 3 (id=1588): r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x6) connect$ax25(r0, &(0x7f00000000c0)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2}, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}, 0x48) 292.135959ms ago: executing program 0 (id=1589): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000, 0x0) pipe2$watch_queue(0x0, 0x80) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000)) ioctl$sock_ax25_SIOCADDRT(r1, 0x890b, &(0x7f00000000c0)={@default, @default, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null]}) syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ax25_SIOCADDRT(r1, 0x890b, &(0x7f00000001c0)={@default, @null, 0x7, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 163.216823ms ago: executing program 4 (id=1590): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f0000000d00)=""/224, 0xe0}, {&(0x7f0000000640)=""/240, 0xf0}, {&(0x7f0000000f80)=""/4054, 0xfd6}, {0x0}, {&(0x7f0000000a00)=""/196, 0xc4}, {&(0x7f0000000b00)=""/96, 0x60}, {&(0x7f0000002200)=""/4066, 0xfe2}, {&(0x7f0000000540)=""/241, 0xf1}, {&(0x7f0000000800)=""/150, 0x96}, {&(0x7f0000000940)=""/179, 0xb3}], 0xa}, 0x40002002) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0) recvmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 162.27654ms ago: executing program 0 (id=1591): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) recvfrom$netrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x7) sendto$inet6(r2, 0x0, 0x0, 0x24000000, &(0x7f00000000c0)={0xa, 0x1, 0x3088, @ipv4={'\x00', '\xff\xff', @loopback}, 0x8}, 0x1c) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r3, &(0x7f00000007c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x4}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, 0x0, 0x0) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, &(0x7f0000000100)=0x24, 0x2) r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) getsockopt$bt_BT_RCVMTU(r4, 0x112, 0xd, 0x0, &(0x7f0000000180)) recvmsg(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000002c0)=""/106, 0x6a}], 0x1}, 0x2) 120.947469ms ago: executing program 4 (id=1592): r0 = socket(0x2, 0x80805, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000007fc0)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000100)=0x10) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0x55af) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x7a, &(0x7f0000000080), &(0x7f0000000000)=0x8) 77.380216ms ago: executing program 2 (id=1593): writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000340)="8a226ff432407a7f5fd09590d734f795e12e57ce9fed3f0300eb6368ed559a85603b0080", 0x24}], 0x2) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b36, &(0x7f0000000000)={'wlan0\x00'}) 22.703526ms ago: executing program 0 (id=1594): ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x2f, 0x0, 0x3, 0x2, 0x1, @loopback, @ipv4={'\x00', '\xff\xff', @local}, 0x8000, 0x700, 0x0, 0x60}}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x3, 0x1000000, 0x0, 0x100, 0x1, 0x10001, '\x00', r0, 0xffffffffffffffff, 0x5, 0x2, 0x3, 0x0, @void, @value, @void, @value}, 0x50) r1 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="227b91b2c54ce48e5fceedd69440dd514792673f84d10a32a6d2918df8cef6b4e57f35e70a9d8a6c979d28f1c7a2e8d6cd46f9e04074d17b3058ecf2d02acdd2dda1442fde4bc77d99fcf31e405b20272f1f57799f206eca99", 0x59) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) sendto$packet(0xffffffffffffffff, &(0x7f0000000300)="15fc7940cc82a8803ad0e70c0c000a6a6819a75ec934b9e3e6d6797abf08b2cafd5fb9262fa54e3ca59b5a1004de85ca3f7d67352c913640f861dc5cc1288aca19e1f1df270fff45f6e8c1c08a5b1e238a3548620087ef2ab0bedec270648db92b2c6dec2c71f8c3600619b8806d57e7ea0912bb46a635b5bc303a1cebcaa3fb2e600076b845d692475e296ddfdfb193a295aa5ca66867172b03819634dff9fc0ad90276d685ca986ead094ac20f1e6b7d837660987a811d8896cdb3ca4bf10a6095bb232fccf5d6d29fc2c85a519733b4a72ff2d967fc7a110df61919e0fc63", 0xe0, 0x800, &(0x7f0000000400)={0x11, 0xf8, r0, 0x1, 0xb0, 0x6, @multicast}, 0x14) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000440)={0x0, 0x28, "16b5c5413da1afbd1b9f154657d56d931e3a7b7fce77e5209e2727cdb8793d9d9762ac0bfd5778e4"}, &(0x7f0000000480)=0x30) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendto$packet(0xffffffffffffffff, &(0x7f0000000740)="5c0285996423134f0ce15a", 0xb, 0x10, &(0x7f0000000780)={0x11, 0x16, r0, 0x1, 0x8}, 0x14) sendmsg$NFT_BATCH(r2, &(0x7f0000003c40)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000003c00)={&(0x7f0000000800)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x7}}, @NFT_MSG_NEWSETELEM={0x14, 0xc, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x9}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x880) socket$netlink(0x10, 0x3, 0x14) r3 = accept$inet6(r2, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000003fc0), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r4, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000004040)={0x1c0, r5, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_SEC_DEVKEY={0xb0, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_ID={0x3c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xfffffffd}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x5}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x7}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x7}, @NL802154_DEVKEY_ATTR_ID={0x34, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x120000000000000}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}]}, @NL802154_ATTR_SEC_DEVKEY={0xe8, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x7c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x48, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xf15}, @NL802154_DEVKEY_ATTR_ID={0x3c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xb9}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x81}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x280000000}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x80}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}]}]}]}, 0x1c0}, 0x1, 0x0, 0x0, 0x40000}, 0x408c0) 0s ago: executing program 2 (id=1595): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={r2, 0x6}, &(0x7f0000000180)=0x8) kernel console output (not intermixed with test programs): bsolete (PF_INET,SOCK_PACKET) [ 51.218554][ T28] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 51.796518][ T54] Bluetooth: hci4: command 0x0405 tx timeout [ 51.887536][ T28] usb 1-1: Using ep0 maxpacket: 16 [ 51.901784][ T28] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 51.918922][ T6710] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 51.921286][ T6710] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 51.954737][ T28] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 51.960871][ T28] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 51.963060][ T28] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.964976][ T28] usb 1-1: Product: syz [ 51.965953][ T28] usb 1-1: Manufacturer: syz [ 51.978399][ T28] usb 1-1: SerialNumber: syz [ 52.932281][ T28] usb 1-1: 0:2 : does not exist [ 52.935807][ T28] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 52.953753][ T28] usb 1-1: USB disconnect, device number 2 [ 53.156500][ T6734] rtc-efi rtc-efi.0: write status is 3 [ 54.127171][ T6012] Bluetooth: hci4: command 0x0405 tx timeout [ 54.412300][ T6727] udevd[6727]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 57.478211][ T6791] hub 1-0:1.0: USB hub found [ 57.479802][ T6791] hub 1-0:1.0: 1 port detected [ 57.562248][ T6791] block device autoloading is deprecated and will be removed. [ 59.030825][ T6810] loop2: detected capacity change from 0 to 40427 [ 59.037262][ T6810] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 59.039356][ T6810] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 59.044339][ T6810] F2FS-fs (loop2): invalid crc value [ 59.063757][ T6810] F2FS-fs (loop2): Found nat_bits in checkpoint [ 59.088430][ T6810] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 59.090269][ T6810] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 59.191266][ T6794] loop0: detected capacity change from 0 to 40427 [ 59.205859][ T6794] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 59.220640][ T6794] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 59.285086][ T6794] F2FS-fs (loop0): invalid crc value [ 59.301732][ T6824] syz.2.87: attempt to access beyond end of device [ 59.301732][ T6824] loop2: rw=2049, sector=77824, nr_sectors = 520 limit=40427 [ 59.381471][ T6794] F2FS-fs (loop0): Found nat_bits in checkpoint [ 59.405747][ T6794] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 59.411748][ T6794] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 59.635835][ T6832] tipc: Started in network mode [ 59.637763][ T6832] tipc: Node identity 7f000001, cluster identity 4711 [ 59.640500][ T6832] tipc: Enabled bearer , priority 10 [ 60.783857][ T45] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 60.784143][ T6498] tipc: Node number set to 2130706433 [ 60.795037][ T45] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 61.700174][ T2273] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 61.965692][ T2273] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 61.997304][ T2273] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 62.020620][ T2273] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 62.045400][ T2273] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 62.082010][ T2273] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 62.148543][ T2273] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 62.174377][ T2273] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 62.194224][ T2273] usb 1-1: Product: syz [ 62.198762][ T2273] usb 1-1: Manufacturer: syz [ 62.285136][ T2273] cdc_wdm 1-1:1.0: skipping garbage [ 62.286570][ T2273] cdc_wdm 1-1:1.0: skipping garbage [ 62.296888][ T2273] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 62.298385][ T2273] cdc_wdm 1-1:1.0: Unknown control protocol [ 62.528210][ T6498] usb 1-1: USB disconnect, device number 3 [ 64.367660][ T6890] Zero length message leads to an empty skb [ 64.410999][ T6876] loop1: detected capacity change from 0 to 40427 [ 64.507546][ T2365] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.509194][ T2365] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.538956][ T6876] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 64.540941][ T6876] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 64.560543][ T6876] F2FS-fs (loop1): invalid crc value [ 64.582684][ T6876] F2FS-fs (loop1): Found nat_bits in checkpoint [ 64.649914][ T6876] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 64.651833][ T6876] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 64.922354][ T287] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 64.927677][ T6921] syz_tun: entered promiscuous mode [ 64.932571][ T6921] syz_tun: left promiscuous mode [ 64.935225][ T287] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 66.145985][ T6946] capability: warning: `syz.4.133' uses deprecated v2 capabilities in a way that may be insecure [ 67.104546][ T6960] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 67.895872][ T6952] loop4: detected capacity change from 0 to 40427 [ 67.969047][ T6952] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 67.970953][ T6952] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 68.129744][ T6972] process 'syz.0.143' launched './file1' with NULL argv: empty string added [ 69.192302][ T6952] F2FS-fs (loop4): invalid crc value [ 69.200536][ T6952] F2FS-fs (loop4): Found nat_bits in checkpoint [ 69.249945][ T6952] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 69.251915][ T6952] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 69.677116][ T1780] cfg80211: failed to load regulatory.db [ 69.844096][ T62] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 69.850508][ T62] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 71.224600][ T7008] hub 1-0:1.0: USB hub found [ 71.226707][ T7008] hub 1-0:1.0: 1 port detected [ 72.536748][ T7017] warning: `syz.2.159' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 72.598411][ T7019] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 73.051732][ T7031] input: syz0 as /devices/virtual/input/input2 [ 74.116469][ T31] kauditd_printk_skb: 31 callbacks suppressed [ 74.116504][ T31] audit: type=1326 audit(74.050:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7026 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 74.124276][ T31] audit: type=1326 audit(74.050:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7026 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 74.373771][ T31] audit: type=1326 audit(74.090:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7026 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 74.425364][ T31] audit: type=1326 audit(74.090:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7026 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 74.447813][ T31] audit: type=1326 audit(74.090:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7026 comm="syz.0.163" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 75.771038][ T7058] netlink: 60 bytes leftover after parsing attributes in process `syz.4.170'. [ 75.786463][ T7054] netlink: 60 bytes leftover after parsing attributes in process `syz.4.170'. [ 75.789757][ T7058] netlink: 60 bytes leftover after parsing attributes in process `syz.4.170'. [ 77.211292][ T7085] input: syz0 as /devices/virtual/input/input3 [ 77.313666][ T31] audit: type=1326 audit(77.280:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7077 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 77.452133][ T31] audit: type=1326 audit(77.280:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7077 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 77.659629][ T31] audit: type=1326 audit(77.280:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7077 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 77.810649][ T31] audit: type=1326 audit(77.280:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7077 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 77.815845][ T31] audit: type=1326 audit(77.280:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7077 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 78.048943][ T7091] netlink: 'syz.3.183': attribute type 1 has an invalid length. [ 78.053959][ T7091] netlink: 195524 bytes leftover after parsing attributes in process `syz.3.183'. [ 78.059211][ T7091] netlink: 'syz.3.183': attribute type 2 has an invalid length. [ 78.063409][ T7091] netlink: 'syz.3.183': attribute type 1 has an invalid length. [ 78.095800][ T7100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 78.098700][ T7100] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 78.105465][ T7100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 78.111755][ T7100] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 78.320178][ T7100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 78.322798][ T7100] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 80.074674][ T7126] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 80.179921][ T7163] netlink: 'syz.0.212': attribute type 29 has an invalid length. [ 80.229616][ T7163] netlink: 'syz.0.212': attribute type 29 has an invalid length. [ 80.245617][ T7163] netlink: 'syz.0.212': attribute type 29 has an invalid length. [ 80.261841][ T7163] netlink: 'syz.0.212': attribute type 29 has an invalid length. [ 81.347554][ T7182] loop2: detected capacity change from 0 to 40427 [ 81.354999][ T7182] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 81.357041][ T7182] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 81.378332][ T7182] F2FS-fs (loop2): invalid crc value [ 81.401193][ T7182] F2FS-fs (loop2): Found nat_bits in checkpoint [ 81.433259][ T7182] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 81.435067][ T7182] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 81.456324][ T6012] Bluetooth: hci0: command 0x0401 tx timeout [ 82.078989][ T7193] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.217' sets config #1 [ 82.584660][ T7209] netlink: 'syz.4.230': attribute type 8 has an invalid length. [ 82.588506][ T7209] netlink: 194488 bytes leftover after parsing attributes in process `syz.4.230'. [ 82.814927][ T7215] loop4: detected capacity change from 0 to 2048 [ 82.853786][ T7215] loop4: detected capacity change from 0 to 1024 [ 82.864493][ T7215] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 82.875179][ T7215] JBD2: no valid journal superblock found [ 82.883382][ T7215] EXT4-fs (loop4): Could not load journal inode [ 82.896487][ T7215] tmpfs: Unknown parameter './file1' [ 83.252281][ T7220] loop0: detected capacity change from 0 to 40427 [ 83.256394][ T7220] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 83.258342][ T7220] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 83.262642][ T7220] F2FS-fs (loop0): invalid crc value [ 83.270072][ T7220] F2FS-fs (loop0): Found nat_bits in checkpoint [ 83.282044][ T7220] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 83.283842][ T7220] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 83.424724][ T7211] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 84.073044][ T7236] netlink: 24 bytes leftover after parsing attributes in process `syz.4.239'. [ 84.244923][ T7242] netlink: 60 bytes leftover after parsing attributes in process `syz.3.241'. [ 84.267416][ T7241] netlink: 60 bytes leftover after parsing attributes in process `syz.3.241'. [ 84.338963][ T7249] netlink: 60 bytes leftover after parsing attributes in process `syz.3.241'. [ 84.347123][ T7244] Illegal XDP return value 4294967274 on prog (id 15) dev N/A, expect packet loss! [ 84.552224][ T7255] hub 1-0:1.0: USB hub found [ 84.554937][ T7255] hub 1-0:1.0: 1 port detected [ 84.816920][ T6012] Bluetooth: hci0: command 0x0401 tx timeout [ 85.188483][ T7259] loop1: detected capacity change from 0 to 2048 [ 85.241597][ T7259] loop1: detected capacity change from 0 to 1024 [ 85.249790][ T7259] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 85.254062][ T7259] JBD2: no valid journal superblock found [ 85.255536][ T7259] EXT4-fs (loop1): Could not load journal inode [ 85.310970][ T7259] tmpfs: Unknown parameter './file1' [ 86.186140][ T7266] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 86.286295][ T7270] netlink: 8 bytes leftover after parsing attributes in process `syz.0.248'. [ 86.289596][ T7270] IPVS: Error joining to the multicast group [ 86.527162][ T7274] netlink: 24 bytes leftover after parsing attributes in process `syz.4.253'. [ 86.990985][ T7296] netlink: 'syz.1.260': attribute type 29 has an invalid length. [ 87.997783][ T7297] Cannot find del_set index 4 as target [ 88.028407][ T7297] syz.0.256 uses old SIOCAX25GETINFO [ 88.240341][ T7300] hub 1-0:1.0: USB hub found [ 88.242092][ T7300] hub 1-0:1.0: 1 port detected [ 88.266413][ T54] Bluetooth: hci0: command 0x0401 tx timeout [ 88.777837][ T7313] loop2: detected capacity change from 0 to 2048 [ 89.023988][ T7317] loop1: detected capacity change from 0 to 512 [ 89.027017][ T7317] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 89.041449][ T7317] EXT4-fs (loop1): orphan cleanup on readonly fs [ 89.048989][ T7317] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.267: bg 0: block 248: padding at end of block bitmap is not set [ 89.054826][ T7317] Quota error (device loop1): write_blk: dquota write failed [ 89.057164][ T7317] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 89.059809][ T7317] EXT4-fs error (device loop1): ext4_acquire_dquot:6927: comm syz.1.267: Failed to acquire dquot type 1 [ 89.064371][ T7290] loop4: detected capacity change from 0 to 40427 [ 89.069370][ T7317] EXT4-fs (loop1): 1 truncate cleaned up [ 89.079193][ T7290] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 89.087712][ T7290] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 89.095162][ T7290] F2FS-fs (loop4): invalid crc value [ 89.102640][ T7290] F2FS-fs (loop4): Found nat_bits in checkpoint [ 89.110242][ T7317] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 89.119702][ T7290] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 89.122635][ T7290] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 89.822340][ T6445] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.885732][ T7329] netlink: 24 bytes leftover after parsing attributes in process `syz.2.269'. [ 90.676222][ T7336] netlink: 'syz.0.272': attribute type 10 has an invalid length. [ 90.678100][ T7336] netlink: 40 bytes leftover after parsing attributes in process `syz.0.272'. [ 91.211810][ T759] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 91.216056][ T759] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 91.252035][ T7336] team0: Port device geneve0 added [ 92.098203][ T7347] hub 1-0:1.0: USB hub found [ 92.099779][ T7347] hub 1-0:1.0: 1 port detected [ 92.203550][ T7357] loop0: detected capacity change from 0 to 2048 [ 92.534315][ T7368] netlink: 24 bytes leftover after parsing attributes in process `syz.2.283'. [ 92.734979][ T7377] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.743285][ T7377] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.888929][ T7371] loop4: detected capacity change from 0 to 40427 [ 92.902043][ T7371] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 92.909146][ T7371] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 92.912473][ T7371] F2FS-fs (loop4): invalid crc value [ 92.916576][ T7371] F2FS-fs (loop4): Found nat_bits in checkpoint [ 92.933453][ T7371] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 92.935262][ T7371] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 94.154324][ T7392] netlink: 'syz.0.291': attribute type 29 has an invalid length. [ 94.157389][ T7392] netlink: 'syz.0.291': attribute type 29 has an invalid length. [ 94.159644][ T7392] netlink: 'syz.0.291': attribute type 29 has an invalid length. [ 95.149474][ T7410] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 95.170649][ T7410] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.714192][ T7431] loop0: detected capacity change from 0 to 2048 [ 95.895949][ T7431] loop0: detected capacity change from 0 to 1024 [ 95.919819][ T7431] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 95.931943][ T7431] JBD2: no valid journal superblock found [ 95.939395][ T7431] EXT4-fs (loop0): Could not load journal inode [ 96.732968][ T7431] tmpfs: Unknown parameter './file1' [ 97.158236][ T287] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 97.161443][ T287] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 97.164763][ T7448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 97.179153][ T7448] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 97.187948][ T7448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 97.190519][ T7448] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 99.503846][ T7485] loop0: detected capacity change from 0 to 2048 [ 99.555459][ T7485] loop0: detected capacity change from 0 to 1024 [ 99.594449][ T7485] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 99.602218][ T7485] JBD2: no valid journal superblock found [ 99.603818][ T7485] EXT4-fs (loop0): Could not load journal inode [ 99.712279][ T7485] tmpfs: Bad value for 'nr_inodes' [ 100.656978][ T6012] Bluetooth: hci3: command 0x0406 tx timeout [ 100.760965][ T31] audit: type=1326 audit(100.720:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7506 comm="syz.0.329" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 100.765931][ T31] audit: type=1326 audit(100.720:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7506 comm="syz.0.329" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 100.806477][ T31] audit: type=1326 audit(100.720:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7506 comm="syz.0.329" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=107 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 100.825727][ T31] audit: type=1326 audit(100.730:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7506 comm="syz.0.329" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 100.869212][ T31] audit: type=1326 audit(100.730:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7506 comm="syz.0.329" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 100.874646][ T31] audit: type=1326 audit(100.730:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7506 comm="syz.0.329" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=110 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 100.904115][ T31] audit: type=1326 audit(100.730:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7506 comm="syz.0.329" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff831b6904 code=0x7ffc0000 [ 100.912936][ T31] audit: type=1326 audit(100.730:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7506 comm="syz.0.329" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff831b6904 code=0x7ffc0000 [ 100.923283][ T31] audit: type=1326 audit(100.730:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7506 comm="syz.0.329" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff831b6904 code=0x7ffc0000 [ 100.935252][ T31] audit: type=1326 audit(100.730:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7506 comm="syz.0.329" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff831b6904 code=0x7ffc0000 [ 101.157521][ T7503] loop2: detected capacity change from 0 to 40427 [ 101.161633][ T7503] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 101.164002][ T7503] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 101.170511][ T7503] F2FS-fs (loop2): invalid crc value [ 101.177575][ T7503] F2FS-fs (loop2): Found nat_bits in checkpoint [ 101.211977][ T7503] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 101.214691][ T7503] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 101.678947][ T287] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 101.682968][ T287] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 101.814013][ T7533] loop1: detected capacity change from 0 to 2048 [ 101.855092][ T7533] loop1: detected capacity change from 0 to 1024 [ 101.867330][ T7533] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 101.884228][ T7533] JBD2: no valid journal superblock found [ 101.885745][ T7533] EXT4-fs (loop1): Could not load journal inode [ 101.901190][ T7533] tmpfs: Bad value for 'nr_inodes' [ 102.370966][ T7531] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 102.512148][ T54] Bluetooth: Wrong link type (-57) [ 102.867600][ T7551] netlink: 24 bytes leftover after parsing attributes in process `syz.3.344'. [ 103.537908][ T54] Bluetooth: hci0: command 0x0401 tx timeout [ 103.606298][ T7562] netlink: 'syz.4.348': attribute type 10 has an invalid length. [ 103.608312][ T7562] netlink: 40 bytes leftover after parsing attributes in process `syz.4.348'. [ 103.610513][ T7562] team0: entered promiscuous mode [ 103.611742][ T7562] team_slave_0: entered promiscuous mode [ 103.613273][ T7562] team_slave_1: entered promiscuous mode [ 103.614769][ T7562] team0: entered allmulticast mode [ 103.615978][ T7562] team_slave_0: entered allmulticast mode [ 103.644157][ T7562] team_slave_1: entered allmulticast mode [ 103.648681][ T7562] bridge0: port 3(team0) entered blocking state [ 103.653329][ T7562] bridge0: port 3(team0) entered disabled state [ 103.663363][ T7562] bridge0: port 3(team0) entered blocking state [ 103.665153][ T7562] bridge0: port 3(team0) entered forwarding state [ 103.890651][ T7577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.898485][ T7577] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.903206][ T7576] loop0: detected capacity change from 0 to 2048 [ 103.969272][ T7579] netlink: 8 bytes leftover after parsing attributes in process `syz.4.356'. [ 103.977198][ T7579] bridge0: port 3(team0) entered disabled state [ 103.979179][ T7579] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.981732][ T7579] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.008784][ T7576] loop0: detected capacity change from 0 to 1024 [ 104.022522][ T7576] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 104.027078][ T7576] JBD2: no valid journal superblock found [ 104.028700][ T7576] EXT4-fs (loop0): Could not load journal inode [ 104.165303][ T7576] tmpfs: Bad value for 'nr_inodes' [ 104.318011][ T7587] netlink: 24 bytes leftover after parsing attributes in process `syz.1.357'. [ 104.682350][ T7566] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 105.696372][ T54] Bluetooth: hci0: command 0x0401 tx timeout [ 105.767058][ T7624] netlink: 24 bytes leftover after parsing attributes in process `syz.0.372'. [ 106.813796][ T7632] loop4: detected capacity change from 0 to 40427 [ 106.823421][ T7632] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 106.830265][ T7632] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 106.835375][ T7632] F2FS-fs (loop4): invalid crc value [ 106.881200][ T7632] F2FS-fs (loop4): Found nat_bits in checkpoint [ 106.980777][ T7632] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 106.988685][ T7632] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 107.426253][ T7664] netlink: 24 bytes leftover after parsing attributes in process `syz.0.386'. [ 108.686524][ T6604] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 108.776210][ T6604] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 109.374776][ T7702] netlink: 24 bytes leftover after parsing attributes in process `syz.0.402'. [ 110.217739][ T7718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.220047][ T7718] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.943841][ T7701] loop1: detected capacity change from 0 to 40427 [ 110.948178][ T7701] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 110.950247][ T7701] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 110.994435][ T7701] F2FS-fs (loop1): invalid crc value [ 111.045327][ T7701] F2FS-fs (loop1): Found nat_bits in checkpoint [ 111.192346][ T7701] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 111.194302][ T7701] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 111.656252][ T7745] netlink: 24 bytes leftover after parsing attributes in process `syz.4.417'. [ 112.517906][ T7757] tipc: Enabling of bearer rejected, failed to enable media [ 113.560054][ T7778] loop0: detected capacity change from 0 to 128 [ 113.571271][ T7778] VFS: Found a Xenix FS (block size = 1024) on device loop0 [ 113.895102][ T7789] loop0: detected capacity change from 0 to 40427 [ 113.902593][ T7789] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 113.904646][ T7789] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 113.911238][ T7789] F2FS-fs (loop0): invalid crc value [ 113.915147][ T7789] F2FS-fs (loop0): Found nat_bits in checkpoint [ 113.933490][ T7789] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 113.935367][ T7789] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 114.287895][ T7801] netlink: 60 bytes leftover after parsing attributes in process `syz.2.440'. [ 114.291503][ T7801] netlink: 60 bytes leftover after parsing attributes in process `syz.2.440'. [ 114.961260][ T7396] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 114.984977][ T7396] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 115.773370][ T7837] netlink: 60 bytes leftover after parsing attributes in process `syz.2.453'. [ 115.785994][ T7837] netlink: 60 bytes leftover after parsing attributes in process `syz.2.453'. [ 116.250457][ T7858] input: syz0 as /devices/virtual/input/input4 [ 116.259312][ T6012] Bluetooth: hci4: command 0x0405 tx timeout [ 116.261072][ T31] kauditd_printk_skb: 3053 callbacks suppressed [ 116.261085][ T31] audit: type=1326 audit(116.230:3116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7851 comm="syz.3.458" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa735ad28 code=0x7ffc0000 [ 116.288634][ T31] audit: type=1326 audit(116.230:3117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7851 comm="syz.3.458" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa735ad28 code=0x7ffc0000 [ 116.304849][ T31] audit: type=1326 audit(116.230:3118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7851 comm="syz.3.458" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffffa735ad28 code=0x7ffc0000 [ 116.330414][ T31] audit: type=1326 audit(116.230:3119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7851 comm="syz.3.458" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa735ad28 code=0x7ffc0000 [ 116.350503][ T31] audit: type=1326 audit(116.230:3120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7851 comm="syz.3.458" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa735ad28 code=0x7ffc0000 [ 116.723035][ T7857] loop1: detected capacity change from 0 to 40427 [ 116.730902][ T7857] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 116.735782][ T7857] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 116.742144][ T7857] F2FS-fs (loop1): invalid crc value [ 116.753946][ T7857] F2FS-fs (loop1): Found nat_bits in checkpoint [ 116.778606][ T7857] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 116.783940][ T7857] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 117.677836][ T7893] netlink: 24 bytes leftover after parsing attributes in process `syz.0.466'. [ 117.678566][ T7891] netlink: 60 bytes leftover after parsing attributes in process `syz.4.465'. [ 117.699771][ T7891] netlink: 60 bytes leftover after parsing attributes in process `syz.4.465'. [ 117.933728][ T7396] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 117.940616][ T7396] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 118.169719][ T7915] input: syz0 as /devices/virtual/input/input5 [ 118.175529][ T31] audit: type=1326 audit(118.150:3121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz.2.473" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 118.205760][ T31] audit: type=1326 audit(118.150:3122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz.2.473" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 118.376058][ T31] audit: type=1326 audit(118.160:3123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz.2.473" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 118.376221][ T54] Bluetooth: hci4: command 0x0405 tx timeout [ 118.391892][ T31] audit: type=1326 audit(118.160:3124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz.2.473" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 118.578557][ T31] audit: type=1326 audit(118.160:3125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7910 comm="syz.2.473" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 118.862223][ T7919] loop3: detected capacity change from 0 to 512 [ 118.916562][ T7919] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.476: corrupted in-inode xattr: invalid ea_ino [ 118.937083][ T7919] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.476: couldn't read orphan inode 15 (err -117) [ 118.953871][ T7919] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 119.815057][ T7934] netlink: 60 bytes leftover after parsing attributes in process `syz.2.479'. [ 119.846067][ T7933] netlink: 60 bytes leftover after parsing attributes in process `syz.2.479'. [ 119.878819][ T7934] netlink: 60 bytes leftover after parsing attributes in process `syz.2.479'. [ 120.005010][ T6443] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.739374][ T7952] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 121.748799][ T7958] loop3: detected capacity change from 0 to 512 [ 121.925616][ T7958] loop3: detected capacity change from 0 to 32768 [ 122.071871][ T7958] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 122.075834][ T7958] bcachefs (loop3): initializing new filesystem [ 122.080787][ T7958] bcachefs (loop3): going read-write [ 122.156355][ T7958] bcachefs (loop3): marking superblocks [ 122.167759][ T7958] bcachefs (loop3): initializing freespace [ 122.170181][ T7958] bcachefs (loop3): done initializing freespace [ 122.173890][ T7958] bcachefs (loop3): reading snapshots table [ 122.175464][ T7958] bcachefs (loop3): reading snapshots done [ 122.233917][ T7939] loop0: detected capacity change from 0 to 40427 [ 122.242893][ T7939] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 122.247518][ T7939] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 122.251866][ T7958] bcachefs (loop3): done starting filesystem [ 122.253440][ T7939] F2FS-fs (loop0): invalid crc value [ 122.287373][ T7984] netlink: 60 bytes leftover after parsing attributes in process `syz.4.493'. [ 122.295958][ T7977] netlink: 60 bytes leftover after parsing attributes in process `syz.4.493'. [ 122.311364][ T7984] netlink: 60 bytes leftover after parsing attributes in process `syz.4.493'. [ 122.411439][ T7939] F2FS-fs (loop0): Found nat_bits in checkpoint [ 122.440624][ T7939] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 122.443541][ T7939] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 122.599455][ T6443] bcachefs (loop3): shutting down [ 122.600786][ T6443] bcachefs (loop3): going read-only [ 122.602286][ T6443] bcachefs (loop3): finished waiting for writes to stop [ 122.686754][ T6443] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3 [ 122.814519][ T12] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 122.818840][ T12] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 122.927454][ T7995] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 123.343942][ T6443] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3 [ 123.527670][ T6443] bcachefs (loop3): clean shutdown complete, journal seq 4 [ 123.570255][ T6443] bcachefs (loop3): marking filesystem clean [ 123.718402][ T6443] bcachefs (loop3): shutdown complete [ 124.409178][ T8001] loop4: detected capacity change from 0 to 1764 [ 124.472348][ T8001] ISOFS: unable to read i-node block [ 124.474008][ T8001] isofs_fill_super: get root inode failed [ 125.265519][ T8019] netlink: 8 bytes leftover after parsing attributes in process `syz.4.506'. [ 125.936680][ T2365] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.938447][ T2365] ieee802154 phy1 wpan1: encryption failed: -22 [ 126.278491][ T8028] loop4: detected capacity change from 0 to 40427 [ 126.280952][ T8028] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 126.283117][ T8028] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 126.301712][ T8028] F2FS-fs (loop4): invalid crc value [ 126.418102][ T8028] F2FS-fs (loop4): Found nat_bits in checkpoint [ 126.437963][ T8028] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 126.439942][ T8028] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 127.305007][ T8057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.358756][ T8057] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 129.720504][ T7402] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 129.736944][ T7402] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 130.381847][ T8091] loop4: detected capacity change from 0 to 128 [ 130.388915][ T8091] ufs: Invalid option: "0[p¶ÅI [ 130.388915][ T8091] q 4BOÀL¢‡s‰4æçŠì!±Àþ`" or missing value [ 130.391984][ T8091] ufs: wrong mount options [ 130.406058][ T8091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.409251][ T8091] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.080097][ T8095] loop2: detected capacity change from 0 to 512 [ 131.110265][ T8095] EXT4-fs (loop2): orphan cleanup on readonly fs [ 131.119337][ T8095] EXT4-fs error (device loop2): ext4_quota_enable:7097: comm syz.2.529: Bad quota inum: 5, type: 1 [ 131.134630][ T8095] EXT4-fs warning (device loop2): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-117, ino=5). Please run e2fsck to fix. [ 131.316764][ T8095] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 131.389600][ T8095] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 131.935851][ T6442] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.685976][ T8116] input: syz0 as /devices/virtual/input/input6 [ 132.690267][ T31] audit: type=1326 audit(132.670:3126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.3.534" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa735ad28 code=0x7ffc0000 [ 132.702073][ T31] audit: type=1326 audit(132.670:3127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.3.534" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa735ad28 code=0x7ffc0000 [ 132.715236][ T31] audit: type=1326 audit(132.670:3128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.3.534" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffffa735ad28 code=0x7ffc0000 [ 132.740635][ T31] audit: type=1326 audit(132.670:3129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.3.534" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa735ad28 code=0x7ffc0000 [ 132.755029][ T31] audit: type=1326 audit(132.670:3130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8111 comm="syz.3.534" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa735ad28 code=0x7ffc0000 [ 132.802084][ T8105] loop0: detected capacity change from 0 to 40427 [ 132.805720][ T8105] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 132.810483][ T8105] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 132.822091][ T8105] F2FS-fs (loop0): invalid crc value [ 132.831062][ T8105] F2FS-fs (loop0): Found nat_bits in checkpoint [ 132.851371][ T8105] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 132.853263][ T8105] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 133.764481][ T8136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.771659][ T8136] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.743613][ T7402] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 134.746779][ T7402] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 134.939075][ T8153] netlink: 60 bytes leftover after parsing attributes in process `syz.2.547'. [ 134.941404][ T8151] netlink: 60 bytes leftover after parsing attributes in process `syz.2.547'. [ 134.947041][ T8151] netlink: 60 bytes leftover after parsing attributes in process `syz.2.547'. [ 135.183564][ T8160] loop1: detected capacity change from 0 to 512 [ 138.978063][ T8212] Cannot find del_set index 4 as target [ 138.996410][ T8212] xt_CT: You must specify a L4 protocol and not use inversions on it [ 142.388665][ T1780] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 142.824502][ T28] libceph: connect (1)[c::]:6789 error -101 [ 142.930081][ T1780] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 142.933062][ T1780] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.945124][ T28] libceph: mon0 (1)[c::]:6789 connect error [ 143.226658][ T6012] Bluetooth: hci4: command 0x0405 tx timeout [ 143.284719][ T1780] usb 1-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 143.287639][ T1780] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 143.289602][ T1780] usb 1-1: Manufacturer: syz [ 143.295590][ T1780] usb 1-1: config 0 descriptor?? [ 143.317723][ T8265] ceph: No mds server is up or the cluster is laggy [ 143.326625][ T28] libceph: connect (1)[c::]:6789 error -101 [ 143.328341][ T28] libceph: mon0 (1)[c::]:6789 connect error [ 143.660387][ T8287] netlink: 60 bytes leftover after parsing attributes in process `syz.4.588'. [ 143.698040][ T8283] netlink: 60 bytes leftover after parsing attributes in process `syz.4.588'. [ 143.709604][ T8283] netlink: 60 bytes leftover after parsing attributes in process `syz.4.588'. [ 143.853754][ T1780] cougar 0003:060B:700A.0001: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 145.642348][ T6498] usb 1-1: USB disconnect, device number 4 [ 145.942310][ T6329] libceph: connect (1)[c::]:6789 error -101 [ 145.944867][ T6329] libceph: mon0 (1)[c::]:6789 connect error [ 146.402010][ T6329] libceph: connect (1)[c::]:6789 error -101 [ 146.413336][ T6329] libceph: mon0 (1)[c::]:6789 connect error [ 146.437429][ T8318] ceph: No mds server is up or the cluster is laggy [ 146.477980][ T8317] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.598'. [ 146.489865][ T8317] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.598'. [ 147.473601][ T8349] loop2: detected capacity change from 0 to 128 [ 147.475819][ T8349] ufs: Invalid option: "0[p¶ÅI [ 147.475819][ T8349] q 4BOÀL¢‡s‰4æçŠì!±Àþ`" or missing value [ 147.482575][ T8349] ufs: wrong mount options [ 148.623364][ T2273] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 148.882446][ T2273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 148.888315][ T2273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.895416][ T2273] usb 1-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 148.901092][ T2273] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 148.905174][ T2273] usb 1-1: Manufacturer: syz [ 148.908013][ T6012] Bluetooth: hci4: command 0x0405 tx timeout [ 149.370296][ T2273] usb 1-1: config 0 descriptor?? [ 149.788775][ T2273] cougar 0003:060B:700A.0002: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 149.904532][ T8391] loop4: detected capacity change from 0 to 128 [ 150.397607][ T8391] ufs: Invalid option: "0[p¶ÅI [ 150.397607][ T8391] q 4BOÀL¢‡s‰4æçŠì!±Àþ`" or missing value [ 150.460875][ T8391] ufs: wrong mount options [ 150.630418][ T8398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.646454][ T8400] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.626'. [ 150.650271][ T8400] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.626'. [ 150.673995][ T8398] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 151.842398][ T11] usb 1-1: USB disconnect, device number 5 [ 152.391836][ T8422] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 152.514442][ T8428] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.637'. [ 152.528467][ T8428] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.637'. [ 152.627884][ T8433] netlink: 8 bytes leftover after parsing attributes in process `syz.3.634'. [ 154.109728][ T8455] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.116989][ T8455] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 154.338330][ T8462] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 154.479184][ T8466] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.648'. [ 154.495308][ T8466] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.648'. [ 154.514165][ T8445] loop1: detected capacity change from 0 to 40427 [ 154.527517][ T8445] F2FS-fs (loop1): invalid crc value [ 154.533128][ T8445] F2FS-fs (loop1): Found nat_bits in checkpoint [ 154.579910][ T8445] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 154.859758][ T8483] netlink: 8 bytes leftover after parsing attributes in process `syz.3.654'. [ 155.763071][ T8501] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 155.852519][ T8507] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.662'. [ 155.862053][ T8507] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.662'. [ 157.918231][ T8527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 157.946934][ T8527] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.909094][ T8552] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.673'. [ 159.920780][ T8552] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.673'. [ 161.959802][ T8503] Set syz1 is full, maxelem 65536 reached [ 162.049219][ T8594] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.685'. [ 162.055040][ T8594] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.685'. [ 162.097906][ T8595] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.100368][ T8595] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.879260][ T6453] Bluetooth: hci0: command 0x0401 tx timeout [ 163.881327][ T6458] Bluetooth: hci2: command 0x0406 tx timeout [ 163.883318][ T6453] Bluetooth: hci1: command 0x0406 tx timeout [ 163.885498][ T6458] Bluetooth: hci3: command 0x0406 tx timeout [ 164.433038][ T8625] loop1: detected capacity change from 0 to 64 [ 165.318283][ T8633] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.697'. [ 165.323763][ T8633] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.697'. [ 165.541450][ T8640] loop2: detected capacity change from 0 to 512 [ 165.572959][ T8640] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 165.593301][ T8640] EXT4-fs (loop2): orphan cleanup on readonly fs [ 165.595783][ T8640] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.698: bg 0: block 248: padding at end of block bitmap is not set [ 165.600202][ T8640] Quota error (device loop2): write_blk: dquota write failed [ 165.602036][ T8640] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 165.604636][ T8640] EXT4-fs error (device loop2): ext4_acquire_dquot:6927: comm syz.2.698: Failed to acquire dquot type 1 [ 165.614231][ T8640] EXT4-fs (loop2): 1 truncate cleaned up [ 165.636684][ T8648] netlink: 8 bytes leftover after parsing attributes in process `syz.0.702'. [ 165.639064][ T8648] IPVS: Error joining to the multicast group [ 165.640794][ T8640] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 166.882919][ T6442] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.091761][ T8666] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.093951][ T8666] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.767861][ T8671] loop2: detected capacity change from 0 to 512 [ 167.777780][ T8671] EXT4-fs: Ignoring removed nobh option [ 167.792801][ T8671] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 167.804563][ T8673] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.710'. [ 167.806979][ T8671] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 167.813551][ T8673] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.710'. [ 167.828267][ T8671] EXT4-fs (loop2): 1 truncate cleaned up [ 167.830059][ T8671] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.704813][ T6442] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.837169][ T8716] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.722'. [ 169.841821][ T8716] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.722'. [ 170.041213][ T8725] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 170.043550][ T8725] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 172.875561][ T8758] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.733'. [ 172.879030][ T8758] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.733'. [ 173.049987][ T8761] block device autoloading is deprecated and will be removed. [ 173.053539][ T8761] syz.3.731: attempt to access beyond end of device [ 173.053539][ T8761] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 173.743615][ T8770] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 174.087203][ T8776] input: syz0 as /devices/virtual/input/input7 [ 175.699316][ T8786] loop2: detected capacity change from 0 to 128 [ 175.704223][ T8786] ufs: Invalid option: "0[p¶ÅI [ 175.704223][ T8786] q 4BOÀL¢‡s‰4æçŠì!±Àþ`" or missing value [ 175.706899][ T8786] ufs: wrong mount options [ 175.716897][ T8786] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.719935][ T8786] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 179.325162][ T8862] netlink: 8 bytes leftover after parsing attributes in process `syz.1.767'. [ 180.022327][ T8869] loop2: detected capacity change from 0 to 64 [ 182.398337][ T8893] loop2: detected capacity change from 0 to 2048 [ 182.547990][ T8893] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.582536][ T8893] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 182.587792][ T8893] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 33 with error 28 [ 182.590990][ T8893] EXT4-fs (loop2): This should not happen!! Data will be lost [ 182.590990][ T8893] [ 182.606750][ T8893] EXT4-fs (loop2): Total free blocks count 0 [ 182.608659][ T8893] EXT4-fs (loop2): Free/Dirty block details [ 182.616314][ T8893] EXT4-fs (loop2): free_blocks=2415919104 [ 182.617833][ T8893] EXT4-fs (loop2): dirty_blocks=48 [ 182.619103][ T8893] EXT4-fs (loop2): Block reservation details [ 182.620604][ T8893] EXT4-fs (loop2): i_reserved_data_blocks=3 [ 182.692429][ T6442] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.815919][ T8918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.782'. [ 183.657352][ T8924] loop1: detected capacity change from 0 to 64 [ 185.047369][ T8929] hub 1-0:1.0: USB hub found [ 185.048761][ T8929] hub 1-0:1.0: 1 port detected [ 186.773954][ T8961] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.794' sets config #1 [ 186.781526][ T8961] loop2: detected capacity change from 0 to 512 [ 187.065424][ T8961] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.377776][ T2365] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.379387][ T2365] ieee802154 phy1 wpan1: encryption failed: -22 [ 189.854887][ T1780] libceph: connect (1)[c::]:6789 error -101 [ 189.865013][ T1780] libceph: mon0 (1)[c::]:6789 connect error [ 189.951339][ T6442] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.278077][ T8976] ceph: No mds server is up or the cluster is laggy [ 190.555576][ T8990] hub 1-0:1.0: USB hub found [ 190.556992][ T8990] hub 1-0:1.0: 1 port detected [ 190.608352][ T1780] libceph: connect (1)[c::]:6789 error -101 [ 190.610046][ T1780] libceph: mon0 (1)[c::]:6789 connect error [ 191.458881][ T9011] loop3: detected capacity change from 0 to 512 [ 191.665778][ T9011] EXT4-fs (loop3): blocks per group (71) and clusters per group (20800) inconsistent [ 193.084290][ T9022] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.810' sets config #1 [ 193.118925][ T9022] loop0: detected capacity change from 0 to 512 [ 193.218344][ T9022] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.317491][ T9022] EXT4-fs error (device loop0): ext4_do_update_inode:5154: inode #18: comm syz.0.810: corrupted inode contents [ 193.326620][ T9022] EXT4-fs (loop0): Remounting filesystem read-only [ 193.328413][ T9022] EXT4-fs warning (device loop0): ext4_evict_inode:276: xattr delete (err -5) [ 194.513330][ T9039] hub 1-0:1.0: USB hub found [ 194.514973][ T9039] hub 1-0:1.0: 1 port detected [ 195.806817][ T6444] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.829346][ T6495] libceph: connect (1)[c::]:6789 error -101 [ 195.830906][ T6495] libceph: mon0 (1)[c::]:6789 connect error [ 196.331134][ T6495] libceph: connect (1)[c::]:6789 error -101 [ 196.332767][ T6495] libceph: mon0 (1)[c::]:6789 connect error [ 197.514601][ T6495] libceph: connect (1)[c::]:6789 error -101 [ 197.516518][ T6495] libceph: mon0 (1)[c::]:6789 connect error [ 197.704980][ T9051] ceph: No mds server is up or the cluster is laggy [ 198.638543][ T9086] loop3: detected capacity change from 0 to 128 [ 198.640757][ T9086] ufs: Invalid option: "0[p¶ÅI [ 198.640757][ T9086] q 4BOÀL¢‡s‰4æçŠì!±Àþ`" or missing value [ 198.643339][ T9086] ufs: wrong mount options [ 198.836811][ T9086] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.839042][ T9086] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 199.406874][ T9088] hub 1-0:1.0: USB hub found [ 199.408256][ T9088] hub 1-0:1.0: 1 port detected [ 199.791719][ T9096] loop2: detected capacity change from 0 to 512 [ 199.817434][ T9096] EXT4-fs (loop2): blocks per group (71) and clusters per group (20800) inconsistent [ 199.942621][ T9099] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.830' sets config #1 [ 199.949926][ T9099] loop0: detected capacity change from 0 to 512 [ 200.700055][ T9099] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.801353][ T9104] EXT4-fs error (device loop0): ext4_do_update_inode:5154: inode #18: comm syz.0.830: corrupted inode contents [ 200.807486][ T9104] EXT4-fs (loop0): Remounting filesystem read-only [ 200.809176][ T9104] EXT4-fs warning (device loop0): ext4_evict_inode:276: xattr delete (err -5) [ 202.601168][ T6444] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.362522][ T11] libceph: connect (1)[c::]:6789 error -101 [ 203.364094][ T11] libceph: mon0 (1)[c::]:6789 connect error [ 203.588658][ T9113] ceph: No mds server is up or the cluster is laggy [ 205.175546][ T9137] hub 1-0:1.0: USB hub found [ 205.177235][ T9137] hub 1-0:1.0: 1 port detected [ 206.087105][ T9153] netlink: 60 bytes leftover after parsing attributes in process `syz.1.844'. [ 206.090264][ T9153] netlink: 60 bytes leftover after parsing attributes in process `syz.1.844'. [ 206.202851][ T9156] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.845' sets config #1 [ 206.209794][ T9156] loop3: detected capacity change from 0 to 512 [ 206.318922][ T9157] netlink: 308 bytes leftover after parsing attributes in process `syz.0.846'. [ 207.046199][ T9146] netlink: 60 bytes leftover after parsing attributes in process `syz.1.844'. [ 207.196971][ T9156] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.354045][ T9163] EXT4-fs error (device loop3): ext4_do_update_inode:5154: inode #18: comm syz.3.845: corrupted inode contents [ 207.362171][ T9163] EXT4-fs (loop3): Remounting filesystem read-only [ 207.364048][ T9163] EXT4-fs warning (device loop3): ext4_evict_inode:276: xattr delete (err -5) [ 209.761840][ T9177] loop4: detected capacity change from 0 to 128 [ 209.764060][ T9177] ufs: Invalid option: "0[p¶ÅI [ 209.764060][ T9177] q 4BOÀL¢‡s‰4æçŠì!±Àþ`" or missing value [ 209.766834][ T9177] ufs: wrong mount options [ 209.769973][ T9177] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 209.772134][ T9177] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 211.011946][ T9181] loop2: detected capacity change from 0 to 40427 [ 211.015369][ T9181] F2FS-fs (loop2): build fault injection attr: rate: 692, type: 0x1fffff [ 211.017465][ T9181] F2FS-fs (loop2): extra_attr or flexible_inline_xattr feature is off [ 211.441396][ T6443] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.497497][ T9188] loop2: detected capacity change from 0 to 64 [ 212.858629][ T9207] netlink: 60 bytes leftover after parsing attributes in process `syz.3.858'. [ 212.864663][ T9204] netlink: 60 bytes leftover after parsing attributes in process `syz.3.858'. [ 212.904386][ T9207] netlink: 60 bytes leftover after parsing attributes in process `syz.3.858'. [ 213.533693][ T9220] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.864' sets config #1 [ 213.563774][ T9220] loop3: detected capacity change from 0 to 512 [ 213.647860][ T9220] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.732776][ T9220] EXT4-fs error (device loop3): ext4_do_update_inode:5154: inode #18: comm syz.3.864: corrupted inode contents [ 213.744313][ T9220] EXT4-fs (loop3): Remounting filesystem read-only [ 213.746245][ T9220] EXT4-fs warning (device loop3): ext4_evict_inode:276: xattr delete (err -5) [ 214.516343][ T9232] netlink: 308 bytes leftover after parsing attributes in process `syz.1.867'. [ 216.044147][ T6443] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.057555][ T9240] loop2: detected capacity change from 0 to 64 [ 217.044467][ T9251] netlink: 5 bytes leftover after parsing attributes in process `syz.1.873'. [ 217.047102][ T9251] 0ªX¹¦D: renamed from gretap0 (while UP) [ 217.144549][ T9251] 0ªX¹¦D: entered allmulticast mode [ 217.147389][ T9251] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 217.169609][ T9256] netlink: 60 bytes leftover after parsing attributes in process `syz.4.874'. [ 217.178440][ T9253] netlink: 60 bytes leftover after parsing attributes in process `syz.4.874'. [ 217.205808][ T9256] netlink: 60 bytes leftover after parsing attributes in process `syz.4.874'. [ 217.634308][ T9272] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.879' sets config #1 [ 217.921113][ T9272] loop4: detected capacity change from 0 to 512 [ 218.407082][ T9272] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 218.522597][ T9276] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #18: comm syz.4.879: corrupted inode contents [ 218.526975][ T9276] EXT4-fs (loop4): Remounting filesystem read-only [ 218.528827][ T9276] EXT4-fs warning (device loop4): ext4_evict_inode:276: xattr delete (err -5) [ 219.332856][ T9286] netlink: 308 bytes leftover after parsing attributes in process `syz.3.883'. [ 221.224382][ T6456] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.420741][ T9333] netlink: 308 bytes leftover after parsing attributes in process `syz.1.895'. [ 225.460170][ T9343] loop2: detected capacity change from 0 to 512 [ 225.777717][ T9343] loop2: detected capacity change from 0 to 32768 [ 226.430518][ T9343] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 226.434556][ T9343] bcachefs (loop2): initializing new filesystem [ 226.479136][ T9343] bcachefs (loop2): going read-write [ 226.522138][ T9364] loop3: detected capacity change from 0 to 512 [ 226.536967][ T9343] bcachefs (loop2): marking superblocks [ 226.542366][ T9343] bcachefs (loop2): initializing freespace [ 226.544678][ T9343] bcachefs (loop2): done initializing freespace [ 226.547243][ T9343] bcachefs (loop2): reading snapshots table [ 226.548785][ T9343] bcachefs (loop2): reading snapshots done [ 227.268511][ T9343] bcachefs (loop2): done starting filesystem [ 227.440306][ T9362] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 228.746268][ T6454] Bluetooth: hci0: command 0x0401 tx timeout [ 228.907459][ T6442] bcachefs (loop2): shutting down [ 228.908759][ T6442] bcachefs (loop2): going read-only [ 228.911167][ T6442] bcachefs (loop2): finished waiting for writes to stop [ 229.074027][ T6442] bcachefs (loop2): flushing journal and stopping allocators, journal seq 4 [ 229.083685][ T6442] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 4 [ 229.089948][ T9390] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.097957][ T6442] bcachefs (loop2): clean shutdown complete, journal seq 5 [ 229.100450][ T6442] bcachefs (loop2): marking filesystem clean [ 229.122350][ T6442] bcachefs (loop2): shutdown complete [ 229.804977][ T9390] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.970991][ T9405] netlink: 308 bytes leftover after parsing attributes in process `syz.0.918'. [ 231.438084][ T9390] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.635693][ T9390] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.905779][ T9426] loop3: detected capacity change from 0 to 128 [ 231.931860][ T9390] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.941118][ T9390] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.947584][ T9390] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.953750][ T9390] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.158594][ T9446] syz.4.935: attempt to access beyond end of device [ 233.158594][ T9446] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 234.046304][ T9457] netlink: 308 bytes leftover after parsing attributes in process `syz.4.938'. [ 234.735076][ T9468] loop3: detected capacity change from 0 to 128 [ 234.845422][ T9468] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 234.857078][ T9474] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.860868][ T9474] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.609620][ T9480] ip6t_rpfilter: unknown options [ 236.034228][ T6443] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 236.089631][ T9492] loop2: detected capacity change from 0 to 2048 [ 236.177950][ T9492] loop2: detected capacity change from 0 to 1024 [ 236.190823][ T9492] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 236.225757][ T9492] JBD2: no valid journal superblock found [ 236.230329][ T9492] EXT4-fs (loop2): Could not load journal inode [ 236.247418][ T9492] tmpfs: Bad value for 'nr_inodes' [ 236.538299][ T9502] netlink: 308 bytes leftover after parsing attributes in process `syz.4.950'. [ 237.792208][ T9510] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 239.411238][ T9523] loop4: detected capacity change from 0 to 128 [ 239.544103][ T9523] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 239.982599][ T9543] ip6t_rpfilter: unknown options [ 240.586263][ T9545] netlink: 308 bytes leftover after parsing attributes in process `syz.1.963'. [ 241.141320][ T6456] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 241.171010][ T9555] loop2: detected capacity change from 0 to 1024 [ 241.279284][ T9557] loop1: detected capacity change from 0 to 128 [ 241.281413][ T9557] ufs: Invalid option: "0[p¶ÅI [ 241.281413][ T9557] q 4BOÀL¢‡s‰4æçŠì!±Àþ`" or missing value [ 241.283996][ T9557] ufs: wrong mount options [ 241.287280][ T9557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 241.289491][ T9557] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 242.352835][ T759] hfsplus: b-tree write err: -5, ino 4 [ 243.571325][ T9585] loop0: detected capacity change from 0 to 128 [ 243.752035][ T9585] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 244.845008][ T9596] ip6t_rpfilter: unknown options [ 245.179955][ T6444] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 246.343896][ T9614] netlink: 44 bytes leftover after parsing attributes in process `syz.1.981'. [ 246.959661][ T9628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 246.967714][ T9628] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 247.992495][ T9640] netlink: 308 bytes leftover after parsing attributes in process `syz.4.988'. [ 248.592664][ T9643] loop3: detected capacity change from 0 to 128 [ 248.656444][ T9643] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 248.760333][ T9646] loop0: detected capacity change from 0 to 512 [ 248.867530][ T2365] ieee802154 phy0 wpan0: encryption failed: -22 [ 248.869222][ T2365] ieee802154 phy1 wpan1: encryption failed: -22 [ 248.882997][ T9649] ip6t_rpfilter: unknown options [ 248.929865][ T9646] loop0: detected capacity change from 0 to 32768 [ 248.937896][ T9650] loop4: detected capacity change from 0 to 2048 [ 248.942135][ T9650] EXT4-fs: Ignoring removed mblk_io_submit option [ 248.995949][ T9650] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 249.017317][ T9646] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 249.021477][ T9646] bcachefs (loop0): initializing new filesystem [ 249.031246][ T9646] bcachefs (loop0): going read-write [ 249.055963][ T6456] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.076337][ T9646] bcachefs (loop0): marking superblocks [ 249.081902][ T9646] bcachefs (loop0): initializing freespace [ 249.084128][ T9646] bcachefs (loop0): done initializing freespace [ 249.086786][ T9646] bcachefs (loop0): reading snapshots table [ 249.088445][ T9646] bcachefs (loop0): reading snapshots done [ 249.150807][ T9646] bcachefs (loop0): done starting filesystem [ 250.194542][ T6443] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 250.712710][ T9675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 250.788373][ T9675] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 251.128169][ T6444] bcachefs (loop0): shutting down [ 251.129525][ T6444] bcachefs (loop0): going read-only [ 251.130800][ T6444] bcachefs (loop0): finished waiting for writes to stop [ 251.160657][ T6444] bcachefs (loop0): flushing journal and stopping allocators, journal seq 4 [ 251.791554][ T6444] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 5 [ 251.801370][ T6444] bcachefs (loop0): clean shutdown complete, journal seq 6 [ 251.821560][ T6444] bcachefs (loop0): marking filesystem clean [ 251.917096][ T6444] bcachefs (loop0): shutdown complete [ 252.078062][ T9694] loop4: detected capacity change from 0 to 128 [ 252.151602][ T9698] netlink: 308 bytes leftover after parsing attributes in process `syz.1.1003'. [ 252.323776][ T9699] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 253.047657][ T9694] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 253.290655][ T9705] ip6t_rpfilter: unknown options [ 253.450920][ T6456] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 254.328763][ T9709] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 254.597987][ T9718] hub 1-0:1.0: USB hub found [ 254.603203][ T9718] hub 1-0:1.0: 1 port detected [ 256.107349][ T6460] Bluetooth: hci0: command 0x0401 tx timeout [ 257.090430][ T9732] loop2: detected capacity change from 0 to 32768 [ 257.870486][ T9732] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 258.082832][ T6442] ocfs2: Unmounting device (7,2) on (node local) [ 258.265926][ T9751] loop2: detected capacity change from 0 to 128 [ 258.313051][ T9751] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 258.573087][ T9758] ip6t_rpfilter: unknown options [ 258.715283][ T9764] netlink: 308 bytes leftover after parsing attributes in process `syz.3.1018'. [ 259.157552][ T6442] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 260.406508][ T9763] loop1: detected capacity change from 0 to 40427 [ 260.710706][ T9763] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 260.712590][ T9763] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 261.253890][ T9763] F2FS-fs (loop1): invalid crc value [ 261.271408][ T9763] F2FS-fs (loop1): Found nat_bits in checkpoint [ 264.156625][ T9809] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 264.790217][ T9811] could not allocate digest TFM handle poly1305-simd [ 264.899501][ T31] audit: type=1326 audit(264.870:3131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9819 comm="syz.2.1036" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 264.912307][ T9824] loop0: detected capacity change from 0 to 128 [ 264.916521][ T31] audit: type=1326 audit(264.870:3132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9819 comm="syz.2.1036" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 264.945951][ T31] audit: type=1326 audit(264.870:3133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9819 comm="syz.2.1036" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=448 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 264.971308][ T9824] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 264.973159][ T31] audit: type=1326 audit(264.870:3134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9819 comm="syz.2.1036" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 265.053801][ T9833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 265.056059][ T9833] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 265.289512][ T9824] ip6t_rpfilter: unknown options [ 265.799157][ T6444] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 266.019275][ T9845] loop1: detected capacity change from 0 to 64 [ 266.024692][ T9845] hfs: Bad value for 'dir_umask' [ 266.902552][ T9839] loop3: detected capacity change from 0 to 40427 [ 266.918653][ T9839] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 266.923118][ T9839] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 266.952131][ T9839] F2FS-fs (loop3): invalid crc value [ 266.973654][ T9853] bridge0: port 3(team0) entered disabled state [ 266.976495][ T9839] F2FS-fs (loop3): Found nat_bits in checkpoint [ 266.983913][ T9853] bridge_slave_0: left allmulticast mode [ 266.985846][ T9853] bridge_slave_0: left promiscuous mode [ 266.992515][ T9853] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.609472][ T9853] bridge_slave_1: left allmulticast mode [ 267.612800][ T9839] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 267.614742][ T9839] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 267.619416][ T9853] bridge_slave_1: left promiscuous mode [ 267.629585][ T9860] netlink: 308 bytes leftover after parsing attributes in process `syz.0.1042'. [ 267.632432][ T9853] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.640888][ T9853] bond0: (slave bond_slave_0): Releasing backup interface [ 267.679932][ T9853] bond0: (slave bond_slave_1): Releasing backup interface [ 267.719756][ T9853] team_slave_0: left promiscuous mode [ 267.722416][ T9853] team_slave_0: left allmulticast mode [ 267.743109][ T9853] team0: Port device team_slave_0 removed [ 267.745447][ T9853] team_slave_1: left promiscuous mode [ 267.750734][ T9853] team_slave_1: left allmulticast mode [ 267.754918][ T9853] team0: Port device team_slave_1 removed [ 267.758618][ T9853] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 267.760716][ T9853] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 267.764181][ T9853] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 267.769995][ T9853] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 267.959511][ T9867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 267.963251][ T9867] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 268.330045][ T9878] loop2: detected capacity change from 0 to 128 [ 268.332264][ T9878] ufs: Invalid option: "0[p¶ÅI [ 268.332264][ T9878] q 4BOÀL¢‡s‰4æçŠì!±Àþ`" or missing value [ 268.334932][ T9878] ufs: wrong mount options [ 268.338658][ T9878] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 268.347347][ T9878] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 268.722466][ T2106] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 268.728339][ T2106] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 269.684789][ T9895] loop2: detected capacity change from 0 to 512 [ 269.862535][ T9895] loop2: detected capacity change from 0 to 32768 [ 270.640956][ T9895] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 270.645041][ T9895] bcachefs (loop2): initializing new filesystem [ 270.647304][ T9911] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 270.656743][ T9895] bcachefs (loop2): going read-write [ 270.662635][ T9911] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 270.686392][ T9895] bcachefs (loop2): marking superblocks [ 270.692772][ T9895] bcachefs (loop2): initializing freespace [ 270.695114][ T9895] bcachefs (loop2): done initializing freespace [ 270.697854][ T9895] bcachefs (loop2): reading snapshots table [ 270.699351][ T9895] bcachefs (loop2): reading snapshots done [ 270.727758][ T9895] bcachefs (loop2): done starting filesystem [ 272.011001][ T9899] loop4: detected capacity change from 0 to 40427 [ 272.015176][ T9899] F2FS-fs (loop4): Corrupted extension count (64 + 1 > 64) [ 272.023061][ T9899] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 272.032088][ T9899] F2FS-fs (loop4): Found nat_bits in checkpoint [ 272.080099][ T9899] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 272.085225][ T9899] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 272.196990][ T6442] bcachefs (loop2): shutting down [ 272.205926][ T6442] bcachefs (loop2): going read-only [ 272.215264][ T6442] bcachefs (loop2): finished waiting for writes to stop [ 272.277877][ T6442] bcachefs (loop2): flushing journal and stopping allocators, journal seq 4 [ 272.352555][ T6442] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 4 [ 272.364894][ T6442] bcachefs (loop2): clean shutdown complete, journal seq 5 [ 272.365772][ T9916] loop0: detected capacity change from 0 to 40427 [ 272.371047][ T6442] bcachefs (loop2): marking filesystem clean [ 272.373431][ T9916] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1fffff [ 272.384992][ T9916] F2FS-fs (loop0): invalid crc value [ 272.439209][ T9932] netlink: 308 bytes leftover after parsing attributes in process `syz.3.1063'. [ 272.567511][ T9916] F2FS-fs (loop0): Found nat_bits in checkpoint [ 272.580682][ T6442] bcachefs (loop2): shutdown complete [ 272.630309][ T9938] loop4: detected capacity change from 0 to 128 [ 272.635429][ T9916] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 272.974714][ T9943] loop4: detected capacity change from 0 to 128 [ 272.983751][ T9943] ufs: Invalid option: "0[p¶ÅI [ 272.983751][ T9943] q 4BOÀL¢‡s‰4æçŠì!±Àþ`" or missing value [ 272.991215][ T9943] ufs: wrong mount options [ 272.994863][ T9943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 272.997805][ T9943] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 273.410022][ T9950] ALSA: mixer_oss: invalid OSS volume '' [ 274.192823][ T9958] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.1071' sets config #1 [ 274.227427][ T9958] loop0: detected capacity change from 0 to 512 [ 274.410212][ T9958] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 274.551949][ T9962] EXT4-fs error (device loop0): ext4_do_update_inode:5154: inode #18: comm syz.0.1071: corrupted inode contents [ 274.564937][ T9962] EXT4-fs (loop0): Remounting filesystem read-only [ 274.566903][ T9962] EXT4-fs warning (device loop0): ext4_evict_inode:276: xattr delete (err -5) [ 275.654388][ T9973] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1074' sets config #1 [ 276.635085][ T9976] loop3: detected capacity change from 0 to 4096 [ 277.694965][ T6444] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.957037][T10003] usb usb8: usbfs: process 10003 (syz.3.1085) did not claim interface 0 before use [ 279.026527][ T6527] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 279.034516][T10011] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1086'. [ 279.123212][T10014] loop3: detected capacity change from 0 to 512 [ 279.195591][ T6527] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 279.203656][ T6527] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.209762][ T6527] usb 1-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 279.212162][ T6527] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 279.214937][ T6527] usb 1-1: Manufacturer: syz [ 279.220191][ T6527] usb 1-1: config 0 descriptor?? [ 279.293309][T10014] loop3: detected capacity change from 0 to 32768 [ 279.431843][T10014] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 279.436047][T10014] bcachefs (loop3): initializing new filesystem [ 279.440702][T10014] bcachefs (loop3): going read-write [ 279.476357][T10014] bcachefs (loop3): marking superblocks [ 279.483257][T10014] bcachefs (loop3): initializing freespace [ 279.485817][T10014] bcachefs (loop3): done initializing freespace [ 279.488749][T10014] bcachefs (loop3): reading snapshots table [ 279.490230][T10014] bcachefs (loop3): reading snapshots done [ 279.520635][T10014] bcachefs (loop3): done starting filesystem [ 279.690847][T10029] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1090'. [ 279.715530][ T6527] cougar 0003:060B:700A.0003: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 280.487433][ T28] usb 1-1: USB disconnect, device number 6 [ 280.573747][ T6443] bcachefs (loop3): shutting down [ 280.575280][ T6443] bcachefs (loop3): going read-only [ 280.579916][T10036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 280.582128][T10036] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 280.584936][ T6443] bcachefs (loop3): finished waiting for writes to stop [ 280.636112][ T6443] bcachefs (loop3): flushing journal and stopping allocators, journal seq 4 [ 280.700139][ T6443] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 5 [ 280.710470][ T6443] bcachefs (loop3): clean shutdown complete, journal seq 6 [ 280.712832][ T6443] bcachefs (loop3): marking filesystem clean [ 280.798246][ T6443] bcachefs (loop3): shutdown complete [ 283.426295][T10070] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1101'. [ 283.428646][T10070] IPVS: Error joining to the multicast group [ 284.379538][T10080] loop1: detected capacity change from 0 to 512 [ 284.556446][T10080] loop1: detected capacity change from 0 to 32768 [ 284.606332][T10093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 284.609204][T10093] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 284.839281][T10080] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 284.843242][T10080] bcachefs (loop1): initializing new filesystem [ 284.845925][T10080] bcachefs (loop1): going read-write [ 284.876433][T10080] bcachefs (loop1): marking superblocks [ 284.881922][T10080] bcachefs (loop1): initializing freespace [ 284.884217][T10080] bcachefs (loop1): done initializing freespace [ 284.887012][T10080] bcachefs (loop1): reading snapshots table [ 284.888557][T10080] bcachefs (loop1): reading snapshots done [ 284.916317][T10080] bcachefs (loop1): done starting filesystem [ 285.548753][ T6445] bcachefs (loop1): shutting down [ 285.554151][ T6445] bcachefs (loop1): going read-only [ 285.556775][ T6445] bcachefs (loop1): finished waiting for writes to stop [ 285.586683][ T6445] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3 [ 285.664521][ T6445] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 4 [ 285.683365][ T6445] bcachefs (loop1): clean shutdown complete, journal seq 5 [ 285.686907][ T6445] bcachefs (loop1): marking filesystem clean [ 285.709566][ T6445] bcachefs (loop1): shutdown complete [ 286.843191][T10131] loop0: detected capacity change from 0 to 512 [ 287.020441][T10131] loop0: detected capacity change from 0 to 32768 [ 287.314011][T10131] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 287.318461][T10131] bcachefs (loop0): initializing new filesystem [ 287.321112][T10131] bcachefs (loop0): going read-write [ 287.328036][T10147] loop1: detected capacity change from 0 to 4096 [ 287.385003][T10153] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 287.388297][T10131] bcachefs (loop0): marking superblocks [ 287.394336][T10131] bcachefs (loop0): initializing freespace [ 287.396775][T10131] bcachefs (loop0): done initializing freespace [ 287.399457][T10131] bcachefs (loop0): reading snapshots table [ 287.401007][T10131] bcachefs (loop0): reading snapshots done [ 287.419955][T10139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 287.422225][T10139] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 287.682622][T10131] bcachefs (loop0): done starting filesystem [ 289.211014][ T6444] bcachefs (loop0): shutting down [ 289.212288][ T6444] bcachefs (loop0): going read-only [ 289.213544][ T6444] bcachefs (loop0): finished waiting for writes to stop [ 289.236629][ T6444] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3 [ 289.291808][T10184] loop1: detected capacity change from 0 to 512 [ 289.427994][ T6444] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 4 [ 289.435543][ T6444] bcachefs (loop0): clean shutdown complete, journal seq 5 [ 289.442772][ T6444] bcachefs (loop0): marking filesystem clean [ 289.462627][T10184] loop1: detected capacity change from 0 to 32768 [ 289.501706][ T6444] bcachefs (loop0): shutdown complete [ 289.511429][T10176] loop4: detected capacity change from 0 to 32768 [ 289.681110][T10194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 289.683578][T10194] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 290.212686][T10184] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 290.216829][T10184] bcachefs (loop1): initializing new filesystem [ 290.252743][T10184] bcachefs (loop1): going read-write [ 290.307770][T10184] bcachefs (loop1): marking superblocks [ 290.313153][T10184] bcachefs (loop1): initializing freespace [ 290.315443][T10184] bcachefs (loop1): done initializing freespace [ 290.318085][T10184] bcachefs (loop1): reading snapshots table [ 290.319579][T10184] bcachefs (loop1): reading snapshots done [ 290.364616][T10184] bcachefs (loop1): done starting filesystem [ 291.108849][ T6445] bcachefs (loop1): shutting down [ 291.110143][ T6445] bcachefs (loop1): going read-only [ 291.111400][ T6445] bcachefs (loop1): finished waiting for writes to stop [ 291.132237][T10207] veth0_to_team: entered promiscuous mode [ 291.133627][T10207] veth0_to_team: entered allmulticast mode [ 291.165604][ T6445] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3 [ 291.229904][T10214] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1143'. [ 291.266246][ T6445] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 4 [ 291.386326][ T6445] bcachefs (loop1): clean shutdown complete, journal seq 5 [ 291.396852][ T6445] bcachefs (loop1): marking filesystem clean [ 291.485639][ T6445] bcachefs (loop1): shutdown complete [ 291.536874][T10228] loop4: detected capacity change from 0 to 512 [ 291.697810][T10228] loop4: detected capacity change from 0 to 32768 [ 291.771621][T10231] loop2: detected capacity change from 0 to 512 [ 291.950298][T10231] loop2: detected capacity change from 0 to 32768 [ 292.291773][T10228] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 292.291910][T10231] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 292.294276][T10228] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 292.298303][T10231] bcachefs (loop2): initializing new filesystem [ 292.303601][ T6527] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 292.305597][T10231] bcachefs (loop2): going read-write [ 292.334632][T10228] bcachefs: bch2_fs_get_tree() error: EINVAL [ 292.386399][T10231] bcachefs (loop2): marking superblocks [ 292.391789][T10231] bcachefs (loop2): initializing freespace [ 292.394239][T10231] bcachefs (loop2): done initializing freespace [ 292.396901][T10231] bcachefs (loop2): reading snapshots table [ 292.398475][T10231] bcachefs (loop2): reading snapshots done [ 292.453889][T10231] bcachefs (loop2): done starting filesystem [ 293.594447][ T6527] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 293.602418][ T6527] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 293.613106][ T6527] usb 1-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 293.615479][ T6527] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 294.209826][ T6527] usb 1-1: Manufacturer: syz [ 294.221509][ T6527] usb 1-1: config 0 descriptor?? [ 295.291445][ T6527] cougar 0003:060B:700A.0004: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 295.307484][ T6442] bcachefs (loop2): shutting down [ 295.308913][ T6442] bcachefs (loop2): going read-only [ 295.322723][ T6442] bcachefs (loop2): finished waiting for writes to stop [ 295.408770][ T6442] bcachefs (loop2): flushing journal and stopping allocators, journal seq 5 [ 295.525709][ T6442] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 5 [ 295.531812][ T6442] bcachefs (loop2): clean shutdown complete, journal seq 6 [ 295.541318][ T6442] bcachefs (loop2): marking filesystem clean [ 295.570618][ T6442] bcachefs (loop2): shutdown complete [ 295.789558][T10285] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1159'. [ 296.732250][ T6495] usb 1-1: USB disconnect, device number 7 [ 296.738344][T10293] loop3: detected capacity change from 0 to 64 [ 298.682435][T10313] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1168'. [ 299.586072][T10330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 299.608282][T10330] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 299.650445][T10329] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1171'. [ 300.107450][T10342] loop1: detected capacity change from 0 to 64 [ 301.058819][T10348] veth0_to_team: entered promiscuous mode [ 301.060217][T10348] veth0_to_team: entered allmulticast mode [ 302.566285][ T6495] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 302.948029][ T6495] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 302.956278][ T6495] usb 1-1: config 0 has no interfaces? [ 302.957701][ T6495] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 302.959811][ T6495] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.963453][ T6495] usb 1-1: config 0 descriptor?? [ 303.971021][T10362] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 303.979402][T10362] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 304.141581][T10362] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 304.147132][T10362] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 304.214575][T10362] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 304.224670][T10362] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 304.244594][T10362] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 304.263415][T10362] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 304.272463][T10362] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 304.291557][T10362] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 304.322673][T10397] veth0_to_team: entered promiscuous mode [ 304.324222][T10397] veth0_to_team: entered allmulticast mode [ 304.358366][ T1780] usb 1-1: USB disconnect, device number 8 [ 304.422233][T10408] bridge_slave_0: invalid flags given to default FDB implementation [ 306.488866][ T6460] Bluetooth: hci1: command 0x0406 tx timeout [ 306.490380][ T6460] Bluetooth: hci2: command 0x0406 tx timeout [ 306.491890][ T6460] Bluetooth: hci3: command 0x0406 tx timeout [ 306.493465][ T6460] Bluetooth: hci0: command 0x0401 tx timeout [ 306.494975][ T6460] Bluetooth: hci4: command 0x0405 tx timeout [ 307.380533][T10450] hub 1-0:1.0: USB hub found [ 307.381861][T10450] hub 1-0:1.0: 1 port detected [ 307.881285][T10459] loop1: detected capacity change from 0 to 512 [ 308.050617][T10459] loop1: detected capacity change from 0 to 32768 [ 308.204818][T10459] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 308.208962][T10459] bcachefs (loop1): initializing new filesystem [ 308.212087][T10459] bcachefs (loop1): going read-write [ 308.246847][T10459] bcachefs (loop1): marking superblocks [ 308.252142][T10459] bcachefs (loop1): initializing freespace [ 308.254377][T10459] bcachefs (loop1): done initializing freespace [ 308.257050][T10459] bcachefs (loop1): reading snapshots table [ 308.258537][T10459] bcachefs (loop1): reading snapshots done [ 308.372907][T10459] bcachefs (loop1): done starting filesystem [ 308.970093][ T6460] Bluetooth: hci4: command 0x0405 tx timeout [ 308.971861][ T6460] Bluetooth: hci0: command 0x0401 tx timeout [ 308.973544][ T6460] Bluetooth: hci2: command 0x0406 tx timeout [ 308.975239][ T6460] Bluetooth: hci1: command 0x0406 tx timeout [ 309.699593][ T6445] bcachefs (loop1): shutting down [ 309.700953][ T6445] bcachefs (loop1): going read-only [ 309.702293][ T6445] bcachefs (loop1): finished waiting for writes to stop [ 309.755131][ T6445] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3 [ 309.836163][ T6445] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 4 [ 309.840059][ T6445] bcachefs (loop1): clean shutdown complete, journal seq 5 [ 309.842680][ T6445] bcachefs (loop1): marking filesystem clean [ 309.956859][ T6445] bcachefs (loop1): shutdown complete [ 310.261569][ T2365] ieee802154 phy0 wpan0: encryption failed: -22 [ 310.263397][ T2365] ieee802154 phy1 wpan1: encryption failed: -22 [ 311.060289][ T6460] Bluetooth: hci4: command 0x0405 tx timeout [ 311.086211][T10499] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 311.287548][T10520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 311.289837][T10520] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 311.315464][T10520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 311.335368][T10520] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 311.408365][T10523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 311.410583][T10523] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 312.421659][T10534] hub 1-0:1.0: USB hub found [ 312.423053][T10534] hub 1-0:1.0: 1 port detected [ 312.469295][T10532] ipip0: entered promiscuous mode [ 312.830818][T10552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 312.841212][T10552] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 312.872491][T10552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 312.874857][T10552] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 312.906868][T10552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 312.909293][T10552] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 313.066747][ T6460] Bluetooth: hci0: command 0x0401 tx timeout [ 313.886289][ T6460] Bluetooth: hci4: command 0x0405 tx timeout [ 314.501264][T10578] loop4: detected capacity change from 0 to 128 [ 314.503564][T10578] ufs: Invalid option: "0[p¶ÅI [ 314.503564][T10578] q 4BOÀL¢‡s‰4æçŠì!±Àþ`" or missing value [ 314.506387][T10578] ufs: wrong mount options [ 314.509688][T10578] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.512020][T10578] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.515112][T10576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.517962][T10576] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 315.032397][T10590] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1254'. [ 315.034811][T10588] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1254'. [ 315.040776][T10588] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1254'. [ 315.966286][ T6460] Bluetooth: hci4: command 0x0405 tx timeout [ 316.035870][T10607] netlink: 308 bytes leftover after parsing attributes in process `syz.2.1259'. [ 316.594474][T10622] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1264'. [ 317.616034][T10632] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 317.618640][T10632] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 318.016212][ T6460] Bluetooth: hci4: command 0x0405 tx timeout [ 318.863819][T10659] loop1: detected capacity change from 0 to 128 [ 318.867162][T10659] ufs: Invalid option: "0[p¶ÅI [ 318.867162][T10659] q 4BOÀL¢‡s‰4æçŠì!±Àþ`" or missing value [ 318.869723][T10659] ufs: wrong mount options [ 318.872894][T10659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 318.875172][T10659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 319.216749][T10660] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.1278' sets config #1 [ 319.224183][T10660] loop0: detected capacity change from 0 to 512 [ 319.318955][T10660] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 319.440417][T10668] EXT4-fs error (device loop0): ext4_do_update_inode:5154: inode #18: comm syz.0.1278: corrupted inode contents [ 319.443738][T10668] EXT4-fs (loop0): Remounting filesystem read-only [ 319.445495][T10668] EXT4-fs warning (device loop0): ext4_evict_inode:276: xattr delete (err -5) [ 319.688916][T10673] netlink: 308 bytes leftover after parsing attributes in process `syz.3.1283'. [ 320.117048][ T6460] Bluetooth: hci4: command 0x0405 tx timeout [ 320.343841][T10690] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1285'. [ 321.229493][ T6444] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 321.803596][T10706] netlink: 308 bytes leftover after parsing attributes in process `syz.0.1295'. [ 322.145829][T10728] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1300' sets config #1 [ 322.153145][T10728] loop1: detected capacity change from 0 to 512 [ 322.259446][T10728] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 322.365799][T10738] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #18: comm syz.1.1300: corrupted inode contents [ 322.370736][T10738] EXT4-fs (loop1): Remounting filesystem read-only [ 322.372616][T10738] EXT4-fs warning (device loop1): ext4_evict_inode:276: xattr delete (err -5) [ 322.646195][T10741] netlink: 308 bytes leftover after parsing attributes in process `syz.3.1308'. [ 323.027311][T10755] loop3: detected capacity change from 0 to 128 [ 323.052414][T10755] ufs: Invalid option: "0[p¶ÅI [ 323.052414][T10755] q 4BOÀL¢‡s‰4æçŠì!±Àþ`" or missing value [ 323.079219][T10755] ufs: wrong mount options [ 323.111350][T10751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 323.139842][T10751] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 323.220418][T10715] loop2: detected capacity change from 0 to 40427 [ 323.239258][T10715] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 323.251419][T10715] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 323.265812][T10715] F2FS-fs (loop2): invalid crc value [ 323.359178][T10715] F2FS-fs (loop2): Found nat_bits in checkpoint [ 323.413320][T10715] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 323.419617][T10715] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 323.515973][ T13] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 323.530861][ T13] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 323.840779][ T6445] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 324.422560][T10785] netlink: 308 bytes leftover after parsing attributes in process `syz.4.1321'. [ 324.857021][T10802] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.1328' sets config #1 [ 324.864087][T10802] loop0: detected capacity change from 0 to 512 [ 324.890019][T10802] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 324.919408][T10802] EXT4-fs error (device loop0): ext4_do_update_inode:5154: inode #18: comm syz.0.1328: corrupted inode contents [ 324.922792][T10802] EXT4-fs (loop0): Remounting filesystem read-only [ 324.924505][T10802] EXT4-fs warning (device loop0): ext4_evict_inode:276: xattr delete (err -5) [ 324.948620][ T6444] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 325.185761][T10799] loop2: detected capacity change from 0 to 40427 [ 325.189047][T10799] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 325.192169][T10799] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 325.200081][T10799] F2FS-fs (loop2): invalid crc value [ 325.208621][T10799] F2FS-fs (loop2): Found nat_bits in checkpoint [ 325.296739][T10799] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 325.298377][T10799] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 325.818724][ T287] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 325.823062][ T287] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 326.142773][T10835] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.1339' sets config #1 [ 326.149856][T10835] loop0: detected capacity change from 0 to 512 [ 326.171454][T10835] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 326.251029][T10835] EXT4-fs error (device loop0): ext4_do_update_inode:5154: inode #18: comm syz.0.1339: corrupted inode contents [ 326.254001][T10835] EXT4-fs (loop0): Remounting filesystem read-only [ 326.255695][T10835] EXT4-fs warning (device loop0): ext4_evict_inode:276: xattr delete (err -5) [ 326.279443][T10841] netlink: 308 bytes leftover after parsing attributes in process `syz.3.1340'. [ 326.394519][ T6444] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 327.361959][T10864] loop2: detected capacity change from 0 to 128 [ 327.364065][T10864] ufs: Invalid option: "0[p¶ÅI [ 327.364065][T10864] q 4BOÀL¢‡s‰4æçŠì!±Àþ`" or missing value [ 327.418265][T10864] ufs: wrong mount options [ 327.426057][T10863] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 327.429342][T10863] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 327.554109][T10855] loop3: detected capacity change from 0 to 40427 [ 327.587845][T10855] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 327.589686][T10855] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 327.592635][T10855] F2FS-fs (loop3): invalid crc value [ 327.619605][T10855] F2FS-fs (loop3): Found nat_bits in checkpoint [ 327.657421][T10874] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.1352' sets config #1 [ 327.664633][T10874] loop0: detected capacity change from 0 to 512 [ 327.672257][T10855] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 327.674015][T10855] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 327.689136][T10874] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 327.739234][T10874] EXT4-fs error (device loop0): ext4_do_update_inode:5154: inode #18: comm syz.0.1352: corrupted inode contents [ 327.742753][T10874] EXT4-fs (loop0): Remounting filesystem read-only [ 327.744432][T10874] EXT4-fs warning (device loop0): ext4_evict_inode:276: xattr delete (err -5) [ 327.771561][ T6444] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 327.780589][T10868] loop1: detected capacity change from 0 to 40427 [ 327.793693][T10868] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 327.795672][T10868] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 327.817605][ T13] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 327.820050][T10868] F2FS-fs (loop1): invalid crc value [ 327.822176][ T13] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 327.834559][T10868] F2FS-fs (loop1): Found nat_bits in checkpoint [ 327.894170][T10868] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 327.895841][T10868] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 328.135950][ T12] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 328.142002][ T12] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 328.268833][T10900] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1356'. [ 328.275872][T10900] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1356'. [ 328.892543][T10915] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1363' sets config #1 [ 328.923624][T10915] loop3: detected capacity change from 0 to 512 [ 329.094366][T10915] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 329.270042][T10915] EXT4-fs error (device loop3): ext4_do_update_inode:5154: inode #18: comm syz.3.1363: corrupted inode contents [ 329.305008][T10915] EXT4-fs (loop3): Remounting filesystem read-only [ 329.313686][T10915] EXT4-fs warning (device loop3): ext4_evict_inode:276: xattr delete (err -5) [ 329.805650][T10923] loop1: detected capacity change from 0 to 40427 [ 329.811079][T10923] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 329.833040][T10923] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 329.838457][T10923] F2FS-fs (loop1): invalid crc value [ 329.843502][T10923] F2FS-fs (loop1): Found nat_bits in checkpoint [ 329.862145][T10923] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 329.865482][T10923] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 329.902945][ T12] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 329.912718][ T12] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 330.043946][T10948] team0: left promiscuous mode [ 330.045369][T10948] team0: left allmulticast mode [ 330.838678][T10948] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.841245][T10948] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.843645][T10948] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.845874][T10948] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.157512][T10965] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1379'. [ 331.396334][T10979] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1385'. [ 331.775281][T10974] loop4: detected capacity change from 0 to 40427 [ 331.805918][T10974] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 331.813994][T10974] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 331.822396][T10974] F2FS-fs (loop4): invalid crc value [ 331.826803][T10974] F2FS-fs (loop4): Found nat_bits in checkpoint [ 331.851453][T10974] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 331.853753][T10999] syzkaller1: entered promiscuous mode [ 331.855303][T10999] syzkaller1: entered allmulticast mode [ 331.858242][T10974] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 331.915044][ T7396] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 331.917900][ T7396] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 332.294303][T11006] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1395'. [ 332.408051][T11010] netlink: 'syz.2.1397': attribute type 5 has an invalid length. [ 332.410046][T11010] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1397'. [ 332.489060][ T6443] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 332.538873][T11017] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1398'. [ 332.781757][T11027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 332.784008][T11027] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 332.856317][T11034] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1404'. [ 332.869004][T11031] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1404'. [ 333.115556][T11037] 8021q: adding VLAN 0 to HW filter on device bond1 [ 333.447648][T11055] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1410' sets config #1 [ 333.470629][T11055] loop1: detected capacity change from 0 to 512 [ 333.523824][T11055] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 333.887361][T11067] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #18: comm syz.1.1410: corrupted inode contents [ 333.919088][T11067] EXT4-fs (loop1): Remounting filesystem read-only [ 333.937960][T11067] EXT4-fs warning (device loop1): ext4_evict_inode:276: xattr delete (err -5) [ 334.949229][T11089] loop2: detected capacity change from 0 to 128 [ 334.990894][T11089] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 335.932427][T11103] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1426'. [ 335.963795][ T6442] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 336.243845][T11111] input: syz0 as /devices/virtual/input/input8 [ 336.268510][ T31] audit: type=1326 audit(336.240:3135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1427" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 336.391515][ T31] audit: type=1326 audit(336.240:3136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1427" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 336.520119][ T31] audit: type=1326 audit(336.250:3137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1427" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 336.647379][ T31] audit: type=1326 audit(336.250:3138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1427" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 336.761818][ T31] audit: type=1326 audit(336.250:3139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1427" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 336.797793][T11112] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1429'. [ 338.141852][T11137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1439'. [ 338.318754][T11142] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1440'. [ 339.192381][T11143] netlink: 'syz.2.1441': attribute type 12 has an invalid length. [ 339.351090][T11152] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1444'. [ 339.487866][T11157] input: syz0 as /devices/virtual/input/input9 [ 339.591339][ T31] audit: type=1326 audit(339.490:3140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 339.742888][ T31] audit: type=1326 audit(339.490:3141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 339.899637][ T31] audit: type=1326 audit(339.490:3142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 340.027485][ T31] audit: type=1326 audit(339.490:3143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 340.036062][ T31] audit: type=1326 audit(339.490:3144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11149 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 341.823605][T11190] input: syz0 as /devices/virtual/input/input10 [ 341.891953][ T31] audit: type=1326 audit(341.820:3145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.4.1457" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 342.040942][ T31] audit: type=1326 audit(341.820:3146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.4.1457" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 342.233441][ T31] audit: type=1326 audit(341.820:3147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.4.1457" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 342.380518][ T31] audit: type=1326 audit(341.820:3148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.4.1457" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 342.385890][ T31] audit: type=1326 audit(341.820:3149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.4.1457" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 342.544883][T11194] netlink: 'syz.2.1459': attribute type 29 has an invalid length. [ 342.548499][T11194] netlink: 'syz.2.1459': attribute type 29 has an invalid length. [ 342.550888][T11194] netlink: 'syz.2.1459': attribute type 29 has an invalid length. [ 342.553323][T11194] netlink: 'syz.2.1459': attribute type 29 has an invalid length. [ 343.924444][T11216] ALSA: mixer_oss: invalid OSS volume '' [ 344.618660][T11225] netlink: 'syz.4.1470': attribute type 29 has an invalid length. [ 344.621664][T11225] netlink: 'syz.4.1470': attribute type 29 has an invalid length. [ 344.627625][T11225] netlink: 'syz.4.1470': attribute type 29 has an invalid length. [ 344.633854][T11225] netlink: 'syz.4.1470': attribute type 29 has an invalid length. [ 344.791676][T11231] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1474'. [ 345.626599][T11235] input: syz0 as /devices/virtual/input/input11 [ 346.004321][ T31] audit: type=1326 audit(345.910:3150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11224 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 346.009586][ T31] audit: type=1326 audit(345.910:3151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11224 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 346.014811][ T31] audit: type=1326 audit(345.910:3152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11224 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 346.038313][ T31] audit: type=1326 audit(345.910:3153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11224 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 346.057238][ T31] audit: type=1326 audit(345.910:3154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11224 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 347.162935][T11263] netlink: 'syz.4.1484': attribute type 29 has an invalid length. [ 347.186299][T11263] netlink: 'syz.4.1484': attribute type 29 has an invalid length. [ 347.188798][T11263] netlink: 'syz.4.1484': attribute type 29 has an invalid length. [ 347.197081][T11263] netlink: 'syz.4.1484': attribute type 29 has an invalid length. [ 347.487936][ T6445] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 347.737133][T11278] input: syz0 as /devices/virtual/input/input12 [ 348.545196][ T31] audit: type=1326 audit(348.440:3155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11271 comm="syz.4.1489" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 348.554608][ T31] audit: type=1326 audit(348.440:3156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11271 comm="syz.4.1489" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 348.791278][T11284] loop2: detected capacity change from 0 to 64 [ 348.794497][ T31] audit: type=1326 audit(348.610:3157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11271 comm="syz.4.1489" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 348.917210][ T31] audit: type=1326 audit(348.610:3158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11271 comm="syz.4.1489" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 348.922379][ T31] audit: type=1326 audit(348.610:3159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11271 comm="syz.4.1489" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 349.357357][T11300] netlink: 'syz.1.1499': attribute type 29 has an invalid length. [ 349.365518][T11300] netlink: 'syz.1.1499': attribute type 29 has an invalid length. [ 349.595242][T11307] hub 1-0:1.0: USB hub found [ 349.596975][T11307] hub 1-0:1.0: 1 port detected [ 350.254264][T11310] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1500' sets config #1 [ 350.523758][T11310] loop1: detected capacity change from 0 to 512 [ 351.178185][T11310] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 351.329748][T11334] validate_nla: 2 callbacks suppressed [ 351.329765][T11334] netlink: 'syz.0.1510': attribute type 29 has an invalid length. [ 351.343646][T11334] netlink: 'syz.0.1510': attribute type 29 has an invalid length. [ 351.360044][T11334] netlink: 'syz.0.1510': attribute type 29 has an invalid length. [ 351.370559][T11334] netlink: 'syz.0.1510': attribute type 29 has an invalid length. [ 351.485839][T11340] loop0: detected capacity change from 0 to 64 [ 351.575927][T11341] input: syz0 as /devices/virtual/input/input13 [ 351.686639][ T31] audit: type=1326 audit(351.590:3160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11328 comm="syz.4.1508" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 351.856512][ T31] audit: type=1326 audit(351.590:3161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11328 comm="syz.4.1508" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 352.019120][ T31] audit: type=1326 audit(351.590:3162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11328 comm="syz.4.1508" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 352.118720][ T31] audit: type=1326 audit(351.600:3163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11328 comm="syz.4.1508" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 352.123834][ T31] audit: type=1326 audit(351.600:3164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11328 comm="syz.4.1508" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 352.269982][T11338] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.597081][T11352] hub 1-0:1.0: USB hub found [ 352.598731][T11352] hub 1-0:1.0: 1 port detected [ 353.002590][T11338] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.408446][T11338] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.658147][T11338] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.403014][T11338] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.410631][T11373] netlink: 'syz.2.1522': attribute type 29 has an invalid length. [ 354.413880][T11373] netlink: 'syz.2.1522': attribute type 29 has an invalid length. [ 354.417374][T11373] netlink: 'syz.2.1522': attribute type 29 has an invalid length. [ 354.419896][T11373] netlink: 'syz.2.1522': attribute type 29 has an invalid length. [ 354.498983][T11338] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.532669][T11338] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.586231][T11338] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.716889][T11381] input: syz0 as /devices/virtual/input/input14 [ 354.745447][ T31] audit: type=1326 audit(354.710:3165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11374 comm="syz.2.1524" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 354.845976][ T31] audit: type=1326 audit(354.710:3166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11374 comm="syz.2.1524" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 354.980461][ T31] audit: type=1326 audit(354.720:3167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11374 comm="syz.2.1524" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 355.161691][ T31] audit: type=1326 audit(354.720:3168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11374 comm="syz.2.1524" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 355.273360][ T31] audit: type=1326 audit(354.720:3169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11374 comm="syz.2.1524" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8315ad28 code=0x7ffc0000 [ 355.355387][T11383] loop3: detected capacity change from 0 to 64 [ 356.713663][T11403] netlink: 'syz.3.1534': attribute type 29 has an invalid length. [ 356.725706][T11403] netlink: 'syz.3.1534': attribute type 29 has an invalid length. [ 356.739583][T11405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 356.740329][T11403] netlink: 'syz.3.1534': attribute type 29 has an invalid length. [ 356.741829][T11405] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 356.756482][T11405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 356.766446][T11405] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 356.768476][T11403] netlink: 'syz.3.1534': attribute type 29 has an invalid length. [ 357.182345][T11419] input: syz0 as /devices/virtual/input/input15 [ 357.274487][ T31] audit: type=1326 audit(357.250:3170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11410 comm="syz.0.1538" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 357.332642][ T31] audit: type=1326 audit(357.250:3171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11410 comm="syz.0.1538" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 357.425953][ T31] audit: type=1326 audit(357.250:3172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11410 comm="syz.0.1538" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 357.559425][ T31] audit: type=1326 audit(357.250:3173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11410 comm="syz.0.1538" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 357.731489][ T31] audit: type=1326 audit(357.250:3174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11410 comm="syz.0.1538" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8235ad28 code=0x7ffc0000 [ 357.748422][T11422] loop4: detected capacity change from 0 to 64 [ 359.219167][T11439] netlink: 'syz.3.1547': attribute type 29 has an invalid length. [ 359.222329][T11439] netlink: 'syz.3.1547': attribute type 29 has an invalid length. [ 359.224780][T11439] netlink: 'syz.3.1547': attribute type 29 has an invalid length. [ 359.612963][T11441] netlink: 'syz.3.1547': attribute type 29 has an invalid length. [ 360.824138][T11464] input: syz0 as /devices/virtual/input/input16 [ 360.922183][ T31] audit: type=1326 audit(360.820:3175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11461 comm="syz.4.1556" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 361.072248][ T31] audit: type=1326 audit(360.820:3176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11461 comm="syz.4.1556" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 361.259114][ T31] audit: type=1326 audit(360.820:3177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11461 comm="syz.4.1556" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 361.372681][ T31] audit: type=1326 audit(360.820:3178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11461 comm="syz.4.1556" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 361.378088][ T31] audit: type=1326 audit(360.820:3179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11461 comm="syz.4.1556" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa615ad28 code=0x7ffc0000 [ 361.527587][ T6445] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 361.678514][T11473] netlink: 'syz.2.1559': attribute type 29 has an invalid length. [ 361.816267][T11473] netlink: 'syz.2.1559': attribute type 29 has an invalid length. [ 362.678531][T11473] netlink: 'syz.2.1559': attribute type 29 has an invalid length. [ 362.818809][T11473] netlink: 'syz.2.1559': attribute type 29 has an invalid length. [ 362.839546][T11485] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1564'. [ 363.943148][T11505] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1568' sets config #1 [ 363.981795][T11508] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1572'. [ 363.990497][T11505] loop1: detected capacity change from 0 to 512 [ 364.034027][T11505] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 364.153607][T11505] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #18: comm syz.1.1568: corrupted inode contents [ 364.166904][T11521] netlink: 'syz.3.1577': attribute type 29 has an invalid length. [ 364.182086][T11521] netlink: 'syz.3.1577': attribute type 29 has an invalid length. [ 364.192382][T11505] EXT4-fs (loop1): Remounting filesystem read-only [ 364.194003][T11505] EXT4-fs warning (device loop1): ext4_evict_inode:276: xattr delete (err -5) [ 364.208106][T11521] netlink: 'syz.3.1577': attribute type 29 has an invalid length. [ 364.214081][T11521] netlink: 'syz.3.1577': attribute type 29 has an invalid length. [ 366.560441][T11552] ax25_connect(): syz.3.1588 uses autobind, please contact jreuter@yaina.de [ 366.911453][T11556] netlink: 'syz.4.1590': attribute type 29 has an invalid length. [ 366.917925][T11556] netlink: 'syz.4.1590': attribute type 29 has an invalid length. [ 366.931085][T11556] netlink: 'syz.4.1590': attribute type 29 has an invalid length. [ 366.940549][T11556] netlink: 'syz.4.1590': attribute type 29 has an invalid length. [ 367.408857][T11552] ------------[ cut here ]------------ [ 367.410744][T11552] refcount_t: decrement hit 0; leaking memory. [ 367.443407][T11552] WARNING: CPU: 0 PID: 11552 at lib/refcount.c:31 refcount_warn_saturate+0x1e8/0x20c [ 367.445840][T11552] Modules linked in: [ 367.446843][T11552] CPU: 0 UID: 0 PID: 11552 Comm: syz.3.1588 Not tainted 6.14.0-rc7-syzkaller-gb5737d35364f #0 [ 367.449426][T11552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 367.451729][T11552] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 367.453714][T11552] pc : refcount_warn_saturate+0x1e8/0x20c [ 367.455180][T11552] lr : refcount_warn_saturate+0x1e8/0x20c [ 367.456711][T11552] sp : ffff80009bf375b0 [ 367.457793][T11552] x29: ffff80009bf375b0 x28: dfff800000000000 x27: ffff0000c2788080 [ 367.459846][T11552] x26: dfff800000000000 x25: ffff7000137e6ec0 x24: ffff0000d541a010 [ 367.461916][T11552] x23: ffff0000d5a64000 x22: ffff80009bf37620 x21: 0000000000000004 [ 367.463944][T11552] x20: ffff0000c6d7664c x19: ffff800092f0b000 x18: 1fffe000366f1886 [ 367.465995][T11552] x17: ffff80008fbbd000 x16: ffff800080469530 x15: 0000000000000001 [ 367.468034][T11552] x14: 1fffe000366f42f0 x13: ffff80009bf38000 x12: 0000000000000003 [ 367.470001][T11552] x11: 0000000000000001 x10: 0000000000000003 x9 : 255ca6f85f77e800 [ 367.472031][T11552] x8 : 255ca6f85f77e800 x7 : ffff8000803d59a0 x6 : 0000000000000000 [ 367.474112][T11552] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000 [ 367.476096][T11552] x2 : 0000000000000006 x1 : ffff80008b87a760 x0 : ffff800123c84000 [ 367.478165][T11552] Call trace: [ 367.478968][T11552] refcount_warn_saturate+0x1e8/0x20c (P) [ 367.480389][T11552] ref_tracker_free+0x550/0x6ac [ 367.481612][T11552] ax25_release+0x348/0x8a4 [ 367.482722][T11552] sock_close+0xa4/0x1e8 [ 367.483772][T11552] __fput+0x340/0x760 [ 367.484854][T11552] ____fput+0x20/0x30 [ 367.485897][T11552] task_work_run+0x230/0x2e0 [ 367.487046][T11552] get_signal+0x1324/0x1500 [ 367.488236][T11552] do_signal+0x22c/0x3a04 [ 367.489344][T11552] do_notify_resume+0x74/0x1f4 [ 367.490508][T11552] el0_svc+0xac/0x168 [ 367.491523][T11552] el0t_64_sync_handler+0x84/0x108 [ 367.492798][T11552] el0t_64_sync+0x198/0x19c [ 367.493993][T11552] irq event stamp: 996 [ 367.495045][T11552] hardirqs last enabled at (995): [] finish_lock_switch+0xbc/0x1e4 [ 367.497356][T11552] hardirqs last disabled at (996): [] el1_dbg+0x24/0x80 [ 367.499504][T11552] softirqs last enabled at (940): [] ax25_cb_del+0x14c/0x198 [ 367.501859][T11552] softirqs last disabled at (936): [] ax25_cb_del+0x30/0x198 [ 367.504123][T11552] ---[ end trace 0000000000000000 ]--- [ 368.977323][ T6445] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 371.698963][ T2365] ieee802154 phy0 wpan0: encryption failed: -22 [ 371.700582][ T2365] ieee802154 phy1 wpan1: encryption failed: -22