last executing test programs: 14.24314587s ago: executing program 4 (id=996): r0 = socket$inet6(0xa, 0x1, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet(0x2, 0xa, 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$xdp(0x2c, 0x3, 0x0) fstat(0xffffffffffffffff, &(0x7f00000000c0)) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='oom_adj\x00') read$FUSE(r4, 0x0, 0x0) sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)={0x14, r1, 0x1, 0x70bd2c}, 0x14}}, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0xfffffefffffbffaf, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000001600), 0x0, 0x4004095, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f000001a640)=""/102400, 0x19000, 0x0, 0x0, 0x40020000}, &(0x7f00000008c0)=0x3b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl(0xffffffffffffffff, 0x8b22, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x14, 0x15, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x24040808) 12.511511088s ago: executing program 4 (id=999): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x8008af26, &(0x7f0000000040)={0x1}) 12.398645769s ago: executing program 4 (id=1001): mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x40, 0x0) capset(0x0, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x2}) r0 = open_tree(0xffffffffffffff9c, 0x0, 0x89901) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r6, 0x8983, &(0x7f0000000000)={0x0, 'veth0_vlan\x00', {0x20001}}) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r7, 0x0, 0x10, &(0x7f0000000080)="170000000200020000ffbe8c5ee17688a2003c000303000afdff02a257fc5ad90200bb6a880000d6c9db0000db00000200df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac2dfc061f15003901dee2ffffffffe9000000000000000062068f5ee50ce5af9b1c568302ffff02ff0331dd3bab0840024f0298e9e90539062a80e605007f71174ab498a30b3e5a1b47b63a6323ded2aa084cd36276a3afff", 0xb8) connect$inet(r7, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) 11.399527674s ago: executing program 3 (id=1003): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xf8}], 0x1}, 0x40011f23) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) 11.399253174s ago: executing program 1 (id=1004): r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000840000000504"], 0x18, 0x800}, 0x4080000) 11.216954215s ago: executing program 1 (id=1005): syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82000) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000139209f422ca2f1d3568c599f830b1f821bc25fa46eaf53917fbae01ac"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, 0x0, 0x0) shutdown(r0, 0x1) 10.846523847s ago: executing program 4 (id=1009): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x89b0, &(0x7f0000000180)={'vcan0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r6 = userfaultfd(0x1) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000004c0)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') bind$inet(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x0}, 0x20) unshare(0xe000480) getsockopt$bt_BT_VOICE(r0, 0x112, 0x10, &(0x7f00000001c0), &(0x7f0000000200)=0x2) 9.753846142s ago: executing program 2 (id=1010): r0 = socket$unix(0x1, 0x2, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000440), 0x10) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(r0, r3, 0x0) 9.753593702s ago: executing program 1 (id=1011): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYRES32], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x2c, 0x2, 0x3, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x1}}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x8}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x30}]}, 0x2c}}, 0x40840) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r4) sendmsg$IEEE802154_ASSOCIATE_RESP(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r6, 0x221, 0x70bd26, 0x25dfdbfa}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) r7 = syz_open_dev$usbfs(0x0, 0x80000000003, 0x101301) syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[], 0x0) ioctl$USBDEVFS_FREE_STREAMS(r7, 0x802c550a, &(0x7f0000000000)=ANY=[]) 9.753386642s ago: executing program 3 (id=1012): ioctl$VIDIOC_QUERYBUF_DMABUF(0xffffffffffffffff, 0xc0585609, &(0x7f00000000c0)={0x1, 0x6, 0x4, 0x20, 0x10000, {}, {0x5, 0x2, 0x21, 0x81, 0xf, 0xfe, "931e8027"}, 0x0, 0x4, {}, 0x5}) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000004100)='sched_switch\x00', r1}, 0x18) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$gtp(&(0x7f00000005c0), r5) sendmsg$GTP_CMD_GETPDP(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r6, 0x531, 0x70bd2a, 0x25dfdbfb, {}, [@GTPA_VERSION={0x8, 0x2, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20044005}, 0x20000040) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) quotactl$Q_QUOTAOFF(0xffffffff80000302, 0x0, 0x0, 0x0) truncate(0x0, 0x4) socket$nl_route(0x10, 0x3, 0x0) 7.412257544s ago: executing program 4 (id=1013): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000002004000b7080000000000007b8af8ff00000000b708000000020000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_setup(0x110d, &(0x7f0000000140), &(0x7f00000000c0), &(0x7f0000000280)) r2 = io_uring_setup(0xaab, &(0x7f0000000340)={0x0, 0x40000001}) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x4, @loopback}, 0x1c) listen(r3, 0x20000005) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r5 = accept4(r3, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000100), r5) close_range(r2, 0xffffffffffffffff, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)=ANY=[@ANYBLOB="00000000000000000000000000000000b558a2910ffdd76628063f9458562c195a68aa2fccd731f485c3dfb6f403ff56f32506d06427c4b3749d665c0ab403f71282600d074df74eace25a45f8ad5ab01f07851ce4c2f2b8188c575d015bf12494dec562cd89780676c1c4733ec3f1631ca4c23a9e5e91390b0ea1c0161d52e466c8f4903d464ea8bc"], 0x10}}, 0x20000004) 7.031476025s ago: executing program 2 (id=1015): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) getpeername$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000000c0)=0x14) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDGKBDIACR(r5, 0x4b4a, &(0x7f0000000300)=""/88) r6 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00'}, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000069c0)=ANY=[@ANYBLOB="6800000040000900fffffffffddbdf250200000004001f00500001804c"], 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 6.366581599s ago: executing program 1 (id=1016): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x4, 0x4000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000500)={0x80a0000, 0x10000, 0x1}) 4.779403786s ago: executing program 3 (id=1018): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.779123176s ago: executing program 1 (id=1019): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x4533, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f0000000340)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @dev, 0x8}], 0x1c) 4.719428857s ago: executing program 0 (id=1020): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_GETPARAMS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000004c0)={0x0}, 0x1, 0x0, 0x0, 0x20000040}, 0x44000) writev(0xffffffffffffffff, 0x0, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r3) sendmsg$IEEE802154_LLSEC_GETPARAMS(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)={0x14, r4, 0x1, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4) 4.678074947s ago: executing program 3 (id=1021): r0 = timerfd_create(0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301) ioctl$USBDEVFS_CLAIM_PORT(r1, 0x80045518, &(0x7f0000000000)=0x1) getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$inet6(0xa, 0x80002, 0x0) fsopen(&(0x7f0000005880)='zonefs\x00', 0x0) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={@mcast2, @private1, @ipv4={'\x00', '\xff\xff', @remote}, 0x4, 0x7f, 0x7, 0x100, 0x6, 0x1000008}) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000880)=ANY=[@ANYBLOB], 0x0, 0x53, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r5, 0x29, 0x8, 0x0, &(0x7f00007d0000)) sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) creat(&(0x7f00000001c0)='./bus\x00', 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x14) socket$inet6(0xa, 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.891432471s ago: executing program 2 (id=1022): syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82000) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000139209f422ca2f1d3568c599f830b1f821bc25fa46eaf53917fbae01ac"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, 0x0, 0x0) shutdown(r0, 0x1) 3.187087334s ago: executing program 0 (id=1023): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000006c0), 0x20480, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$cgroup(0x0, &(0x7f0000000340)='./cgroup.cpu/cpuset.cpus\x00', &(0x7f0000000040), 0x0, &(0x7f0000000940)={[{@name={'name', 0x3d, 'm\xa5\x8c\xb0J\r\x11\xc2\xff_W~n\xbc\xceidP\x81\xe5\xb5@\xe5\x82\xf7\xc0.\xd1\xfe\x9fA2\xe1\xc2\x81$\x17sw\v\xc0\xc67\x92\xf1\xd7\x02\xd2\xab\xa75\xc9\xbf\xe2`\x19\x97\xb2\x89\xc9 \xe7\xeb\xcfq\x8e\\\\7\x01\x95\xa3 \xe3[b\xe5\x05\x1bh\x8e\fc:@;\x8df\xfdr\xcd\r\xab.\xa19\x97{0C?\x9ba\xad\x86\xf7\xfa\xa8\x9f9\x04\xac\xccr\xe8\x809\b\xd1\v\x9a\xc5\xb9\xa7\xe2k\xe6\x1b\x1e\xf0\xd5\xf0d\x140xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c5602117436c379000000000100000058000b4824ca945f6400940f6a03", 0x2c}], 0x1) 2.467493748s ago: executing program 2 (id=1025): r0 = socket$unix(0x1, 0x2, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) listen(r1, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(r0, r3, 0x0) 2.304199149s ago: executing program 0 (id=1026): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r0, &(0x7f0000002200)={0x23, 0x0, 0x9}, 0x4) 2.10446511s ago: executing program 0 (id=1027): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x100, 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000340)}) 2.02337345s ago: executing program 4 (id=1028): ioctl$VIDIOC_QUERYBUF_DMABUF(0xffffffffffffffff, 0xc0585609, &(0x7f00000000c0)={0x1, 0x6, 0x4, 0x20, 0x10000, {}, {0x5, 0x2, 0x21, 0x81, 0xf, 0xfe, "931e8027"}, 0x0, 0x4, {}, 0x5}) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000004100)='sched_switch\x00', r1}, 0x18) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$gtp(&(0x7f00000005c0), r5) sendmsg$GTP_CMD_GETPDP(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r6, 0x531, 0x70bd2a, 0x25dfdbfb, {}, [@GTPA_VERSION={0x8, 0x2, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20044005}, 0x20000040) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) quotactl$Q_QUOTAOFF(0xffffffff80000302, 0x0, 0x0, 0x0) truncate(0x0, 0x4) socket$nl_route(0x10, 0x3, 0x0) 1.828585021s ago: executing program 3 (id=1029): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) listen(r0, 0x101) r1 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000440)={0x71, {{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x33}}}}, 0x88) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) getpeername(r0, &(0x7f0000000500)=@can, &(0x7f0000000580)=0x80) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket(0x2, 0x2, 0x1) bind$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @private1}, 0x1c) r6 = syz_init_net_socket$ax25(0x3, 0x3, 0xce) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ax25_SIOCDELRT(r6, 0x890c, &(0x7f0000000180)={@default, @null, 0x1, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r7 = socket$inet6_sctp(0xa, 0x4, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f00000003c0)={0x3, 0x100, 0x200, 0x5}, &(0x7f0000000400)=0x10) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg$inet(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="dc0e4ddb06f9ec52a5ccf27680d696", 0xf}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000600)="f1210e92e468f2fb04", 0x9}], 0x1}}, {{&(0x7f00000007c0)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000bc0)=[{0x0}, {0x0}, {&(0x7f0000000ac0)}], 0x3}}, {{0x0, 0x0, 0x0}}], 0x4, 0x800) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0x111, 0x4b4, 0x120, 0xd4feffff, 0x258, 0x20a, 0x278, 0x258, 0x278, 0x3, 0x0, {[{{@ipv6={@private0, @empty, [], [], 'syz_tun\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ipv6={@loopback, @local, [], [], 'netdevsim0\x00', 'veth1_to_bridge\x00'}, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@unspec=@nfacct={{0x48}, {'syz1\x00'}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x388) socket$nl_netfilter(0x10, 0x3, 0xc) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x1b, 0x8032, 0xffffffffffffffff, 0x0) 1.215717394s ago: executing program 0 (id=1030): ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) close(0xffffffffffffffff) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000002c0)=0x108005, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r0}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 1.011248865s ago: executing program 2 (id=1031): r0 = io_uring_setup(0x2662, &(0x7f00000003c0)) rt_sigtimedwait(&(0x7f0000000000)={[0xfffffffeffffffff]}, 0x0, 0x0, 0x8) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x19, 0x20000000, 0x0) 23.53926ms ago: executing program 2 (id=1032): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000}) ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r2, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) 23.01896ms ago: executing program 3 (id=1033): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_GETPARAMS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000004c0)={0x0}, 0x1, 0x0, 0x0, 0x20000040}, 0x44000) writev(0xffffffffffffffff, 0x0, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r3) sendmsg$IEEE802154_LLSEC_GETPARAMS(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)={0x14, r4, 0x1, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4) 0s ago: executing program 0 (id=1034): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, &(0x7f0000000000), &(0x7f0000000040)=r0}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x15) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000100)=0xcf5) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) ppoll(&(0x7f0000000140)=[{r2}], 0x1, 0x0, 0x0, 0x0) r3 = syz_open_pts(r2, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$TIOCSETD(r2, 0x5423, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TCSETSW2(r4, 0x5437, 0x0) kernel console output (not intermixed with test programs): y [ 63.791864][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.803402][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.811573][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 63.821814][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.851579][ T4168] device veth0_macvtap entered promiscuous mode [ 63.892952][ T4168] device veth1_macvtap entered promiscuous mode [ 63.901581][ T4166] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.922051][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.937429][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.949735][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.958766][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.966650][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.975747][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.989239][ T4167] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.010078][ T4166] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.019932][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.037611][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.053706][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.070437][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.090069][ T4168] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.103282][ T4166] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.112120][ T4166] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.121614][ T4166] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.130609][ T4166] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.145890][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.154853][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.166179][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.177479][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.188797][ T4168] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.231708][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.241078][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.251754][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.262094][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.271157][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.280403][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.289418][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.297305][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.306911][ T4168] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.316077][ T4168] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.325553][ T4168] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.334994][ T4168] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.361734][ T4172] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.399433][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.411891][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.427036][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.435561][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.454316][ T4181] device veth0_vlan entered promiscuous mode [ 64.510584][ T4172] device veth0_vlan entered promiscuous mode [ 64.518459][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.527293][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.536120][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.545271][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.555016][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.563655][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.572675][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.582269][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.591780][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.600176][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.619537][ T4167] device veth0_vlan entered promiscuous mode [ 64.628229][ T1224] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.638759][ T1224] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.652552][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 64.682330][ T4172] device veth1_vlan entered promiscuous mode [ 64.694042][ T4181] device veth1_vlan entered promiscuous mode [ 64.719865][ T4167] device veth1_vlan entered promiscuous mode [ 64.763232][ T1224] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.771274][ T1224] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.790255][ T3087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.800802][ T3087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.816314][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 64.827322][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 64.835746][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 64.844890][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 64.856944][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 64.866459][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 64.874927][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 64.883295][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 64.891165][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.901489][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.928891][ T4167] device veth0_macvtap entered promiscuous mode [ 64.960114][ T4172] device veth0_macvtap entered promiscuous mode [ 64.981862][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.993917][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.004998][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.023815][ T4172] device veth1_macvtap entered promiscuous mode [ 65.038380][ T3087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.050791][ T4181] device veth0_macvtap entered promiscuous mode [ 65.061604][ T3087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.070943][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.080682][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.092451][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.103616][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.112427][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 65.126496][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.134527][ T4224] Bluetooth: hci4: command 0x040f tx timeout [ 65.140859][ T4224] Bluetooth: hci3: command 0x040f tx timeout [ 65.153498][ T4224] Bluetooth: hci1: command 0x040f tx timeout [ 65.154693][ T4167] device veth1_macvtap entered promiscuous mode [ 65.164502][ T4245] loop2: detected capacity change from 0 to 512 [ 65.172675][ T4224] Bluetooth: hci0: command 0x040f tx timeout [ 65.180167][ T4224] Bluetooth: hci2: command 0x040f tx timeout [ 65.205137][ T4181] device veth1_macvtap entered promiscuous mode [ 65.222092][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.235113][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.245303][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.257414][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.268732][ T4172] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.290902][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.320606][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.342267][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.354097][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.366560][ T4245] mmap: syz.2.3 (4245) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 65.372298][ T4172] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.401284][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.411082][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.421821][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 65.432983][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.583769][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 65.782112][ T3087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.018907][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.197127][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.207558][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.218231][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.239094][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.256839][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.276625][ T4167] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.327639][ T4172] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.344945][ T4252] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 66.364844][ T4172] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.390480][ T4172] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.410762][ T4172] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.438942][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.459304][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.538079][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.551407][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.561328][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.572184][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.582337][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.593313][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.609878][ T4167] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.355445][ T4224] Bluetooth: hci2: command 0x0419 tx timeout [ 67.373549][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.392793][ T4224] Bluetooth: hci0: command 0x0419 tx timeout [ 67.405098][ T4224] Bluetooth: hci1: command 0x0419 tx timeout [ 67.419745][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.430659][ T4224] Bluetooth: hci3: command 0x0419 tx timeout [ 67.438909][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.450071][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.464079][ T4224] Bluetooth: hci4: command 0x0419 tx timeout [ 67.476723][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.490053][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.501793][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.517177][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.544524][ T4181] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.566368][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.606487][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.621589][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.637452][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.666442][ T4167] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.695429][ T4167] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.710878][ T4167] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.732407][ T4167] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.794962][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.842778][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.854767][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.865867][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.879684][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.896895][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.942655][ T4181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.980423][ T4181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.109507][ T4181] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.204802][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 68.220021][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.234192][ T4263] loop0: detected capacity change from 0 to 40427 [ 68.234396][ T4181] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.251673][ T4181] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.291435][ T4181] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.362147][ T4181] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.539514][ T4263] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 68.605008][ T4263] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 68.662066][ T4246] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.679525][ T4263] F2FS-fs (loop0): invalid crc value [ 68.711072][ T4246] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.728107][ T4263] F2FS-fs (loop0): Found nat_bits in checkpoint [ 68.760508][ T4246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.781494][ T4246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.878857][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.907435][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.989628][ T4263] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 69.003934][ T4263] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 69.184541][ T4277] loop2: detected capacity change from 0 to 40427 [ 69.218730][ T4277] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 69.226624][ T4277] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 69.238687][ T4277] F2FS-fs (loop2): invalid crc value [ 69.300201][ T4246] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.342898][ T4246] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.350947][ T4277] F2FS-fs (loop2): Found nat_bits in checkpoint [ 69.412308][ T4277] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 69.419850][ T4277] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 69.442823][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.506332][ T4246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.523430][ T4246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.577858][ T3087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.603088][ T3087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.713040][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.721154][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.765422][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.558514][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.701193][ T3087] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 70.726777][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 70.753015][ T144] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 70.764644][ T4295] loop1: detected capacity change from 0 to 128 [ 70.772743][ T3087] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 70.812744][ T144] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 70.853782][ T4295] ======================================================= [ 70.853782][ T4295] WARNING: The mand mount option has been deprecated and [ 70.853782][ T4295] and is ignored by this kernel. Remove the mand [ 70.853782][ T4295] option from the mount to silence this warning. [ 70.853782][ T4295] ======================================================= [ 71.806296][ T1425] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.812949][ T1425] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.872892][ T4295] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 72.909869][ T4302] loop4: detected capacity change from 0 to 32768 [ 73.015837][ T1092] block nbd2: Attempted send on invalid socket [ 73.023311][ T1092] blk_update_request: I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 73.038683][ T4312] vxfs: unable to read disk superblock at 1 [ 73.047756][ T1092] block nbd2: Attempted send on invalid socket [ 73.176436][ T1092] blk_update_request: I/O error, dev nbd2, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 73.187554][ T4312] vxfs: unable to read disk superblock at 8 [ 73.193575][ T4312] vxfs: can't find superblock. [ 73.357635][ T4302] XFS (loop4): Mounting V5 Filesystem [ 73.579788][ T4306] loop1: detected capacity change from 0 to 32768 [ 73.590124][ T4302] XFS (loop4): Ending clean mount [ 73.642350][ T4325] loop2: detected capacity change from 0 to 1024 [ 73.658999][ T4212] XFS (loop4): Metadata CRC error detected at xfs_allocbt_read_verify+0x39/0xc0, xfs_bnobt block 0x8 [ 73.680741][ T4212] XFS (loop4): Unmount and run xfs_repair [ 73.700753][ T4306] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.16 (4306) [ 73.710118][ T4212] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 73.739945][ T4212] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 73.757036][ T4212] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 40 ...............@ [ 73.808276][ T4212] 00000020: ca 7e 21 01 b8 f1 48 38 8e 2d 76 37 b9 06 20 e6 .~!...H8.-v7.. . [ 73.880498][ T4212] 00000030: 00 00 00 00 07 00 00 00 00 00 00 00 00 00 00 03 ................ [ 73.929586][ T4212] 00000040: 00 00 02 a4 00 00 0d 5c 00 00 02 a0 00 00 0d 60 .......\.......` [ 74.133748][ T4212] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 74.145669][ T4212] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 74.147055][ T4336] netlink: 'syz.3.19': attribute type 10 has an invalid length. [ 74.155172][ T4212] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 74.173331][ T4302] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x26e/0x370" at daddr 0x8 len 8 error 74 [ 74.218495][ T4302] XFS (loop4): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x659/0xa60 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 74.254755][ T4306] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 74.269703][ T4336] device syz_tun entered promiscuous mode [ 74.303258][ T4302] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 74.326326][ T4336] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 74.328540][ T4306] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 74.393488][ T4181] XFS (loop4): Unmounting Filesystem [ 74.424859][ T4306] BTRFS info (device loop1): use zstd compression, level 3 [ 74.437127][ T4306] BTRFS info (device loop1): using free space tree [ 74.444304][ T4306] BTRFS info (device loop1): has skinny extents [ 74.510952][ T4246] hfsplus: b-tree write err: -5, ino 4 [ 74.579778][ T4343] loop0: detected capacity change from 0 to 1024 [ 74.588252][ T4346] loop3: detected capacity change from 0 to 512 [ 74.703444][ T4343] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 74.937716][ T4346] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 75.054778][ T4346] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 76.133430][ T4306] BTRFS error (device loop1): open_ctree failed [ 77.893017][ T4210] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 78.178984][ T4418] netlink: 4 bytes leftover after parsing attributes in process `syz.4.36'. [ 78.227176][ T4418] netlink: 12 bytes leftover after parsing attributes in process `syz.4.36'. [ 78.365500][ T4210] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 78.397057][ T4210] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 78.563087][ T4210] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 78.609460][ T4429] loop1: detected capacity change from 0 to 64 [ 78.616855][ T4210] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.145973][ T4210] usb 3-1: config 0 descriptor?? [ 79.247440][ T4438] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 79.539976][ T4408] udc-core: couldn't find an available UDC or it's busy [ 79.576746][ T4408] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 79.865642][ T4210] usbhid 3-1:0.0: can't add hid device: -71 [ 79.872214][ T4210] usbhid: probe of 3-1:0.0 failed with error -71 [ 80.815465][ T4450] netlink: 92 bytes leftover after parsing attributes in process `syz.1.43'. [ 81.322700][ C0] sched: RT throttling activated [ 81.345705][ T4210] usb 3-1: USB disconnect, device number 2 [ 81.593864][ T23] cfg80211: failed to load regulatory.db [ 83.033709][ T4459] loop1: detected capacity change from 0 to 64 [ 85.676961][ T4490] binder: 4479:4490 ioctl c0306201 0 returned -14 [ 85.735712][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 85.745170][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 85.762750][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 85.771758][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 85.780770][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 85.801570][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 85.810507][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 85.819398][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 85.828292][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 85.837238][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 88.584692][ T4510] loop0: detected capacity change from 0 to 4096 [ 88.789260][ T4510] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 88.846761][ T4510] NILFS (loop0): mounting unchecked fs [ 89.751734][ T4518] loop1: detected capacity change from 0 to 1024 [ 89.823026][ T4510] NILFS (loop0): recovery complete [ 91.693125][ T4510] NILFS (loop0): error -4 creating segctord thread [ 92.052172][ T295] hfsplus: b-tree write err: -5, ino 4 [ 105.817703][ T4669] loop4: detected capacity change from 0 to 256 [ 106.718089][ T4669] FAT-fs (loop4): Directory bread(block 64) failed [ 106.773998][ T4669] FAT-fs (loop4): Directory bread(block 65) failed [ 106.832861][ T4669] FAT-fs (loop4): Directory bread(block 66) failed [ 106.989785][ T4669] FAT-fs (loop4): Directory bread(block 67) failed [ 106.998552][ T4669] FAT-fs (loop4): Directory bread(block 68) failed [ 107.006215][ T4669] FAT-fs (loop4): Directory bread(block 69) failed [ 107.013359][ T4669] FAT-fs (loop4): Directory bread(block 70) failed [ 107.020057][ T4669] FAT-fs (loop4): Directory bread(block 71) failed [ 107.029748][ T4669] FAT-fs (loop4): Directory bread(block 72) failed [ 107.082881][ T4669] FAT-fs (loop4): Directory bread(block 73) failed [ 107.328194][ T4679] binder: 4672:4679 ioctl c0306201 0 returned -14 [ 108.710364][ T4691] xt_l2tp: v2 doesn't support IP mode [ 109.177468][ T4210] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 110.156518][ T4699] loop1: detected capacity change from 0 to 1764 [ 110.692919][ T4210] usb 5-1: Using ep0 maxpacket: 16 [ 110.745590][ T4224] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 110.804306][ T4224] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 110.863211][ T4210] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 110.989485][ T4210] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 111.025221][ T4210] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 111.052731][ T4210] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.116083][ T4210] usb 5-1: config 0 descriptor?? [ 111.240497][ T4210] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input5 [ 111.490181][ T4243] usb 5-1: USB disconnect, device number 2 [ 111.513464][ T4570] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -19 [ 115.402859][ T4224] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 115.715343][ T4755] netlink: 4 bytes leftover after parsing attributes in process `syz.0.132'. [ 116.207659][ T4224] usb 4-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=b5.35 [ 116.219086][ T4224] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 116.228503][ T4224] usb 4-1: Product: syz [ 116.235041][ T4224] usb 4-1: Manufacturer: syz [ 116.406557][ T4224] usb 4-1: SerialNumber: syz [ 116.891544][ T4224] usb 4-1: config 0 descriptor?? [ 116.955108][ T4224] gspca_main: sonixb-2.14.0 probing 0c45:60a8 [ 119.133277][ T4224] sonixb 4-1:0.0: Error reading register 00: -110 [ 119.166313][ T4224] usb 4-1: USB disconnect, device number 2 [ 119.437285][ T4791] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.555692][ T4791] device batadv_slave_0 entered promiscuous mode [ 125.053072][ T4833] netlink: 8 bytes leftover after parsing attributes in process `syz.1.154'. [ 125.115499][ T4835] netlink: 8 bytes leftover after parsing attributes in process `syz.1.154'. [ 126.831648][ T4850] loop3: detected capacity change from 0 to 4096 [ 127.165435][ T4850] NILFS (loop3): invalid segment: Checksum error in segment payload [ 127.532428][ T4859] loop0: detected capacity change from 0 to 1024 [ 128.868713][ T4850] NILFS (loop3): trying rollback from an earlier position [ 129.068071][ T4850] NILFS (loop3): recovery complete [ 129.097907][ T4850] NILFS (loop3): error -4 creating segctord thread [ 129.282564][ T4859] hfsplus: request for non-existent node -709361664 in B*Tree [ 129.290464][ T4859] hfsplus: request for non-existent node -709361664 in B*Tree [ 129.299595][ T4859] hfsplus: b-tree write err: -5, ino 8 [ 129.634615][ T4862] loop1: detected capacity change from 0 to 1024 [ 129.697878][ T4862] EXT4-fs (loop1): Ignoring removed nobh option [ 129.919286][ T4862] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.163: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 130.004536][ T4862] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.163: couldn't read orphan inode 11 (err -117) [ 130.036942][ T4862] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 132.798301][ T1425] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.804718][ T1425] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.840332][ T4871] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 10: padding at end of block bitmap is not set [ 136.185393][ T4909] loop0: detected capacity change from 0 to 32768 [ 136.313452][ T4909] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.176 (4909) [ 136.963042][ T4909] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 137.002899][ T4909] BTRFS info (device loop0): setting nodatacow, compression disabled [ 137.093402][ T4909] BTRFS info (device loop0): setting datacow [ 137.099453][ T4909] BTRFS info (device loop0): doing ref verification [ 137.122761][ T4909] BTRFS info (device loop0): setting nodatacow, compression disabled [ 137.168021][ T4909] BTRFS info (device loop0): turning off barriers [ 137.193196][ T4909] BTRFS info (device loop0): enabling ssd optimizations [ 137.203418][ T26] audit: type=1326 audit(1733068848.073:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4925 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7ab92849 code=0x7ffc0000 [ 137.244529][ T4909] BTRFS info (device loop0): using spread ssd allocation scheme [ 137.272650][ T4909] BTRFS info (device loop0): not using ssd optimizations [ 137.280133][ T4909] BTRFS info (device loop0): not using spread ssd allocation scheme [ 137.292919][ T26] audit: type=1326 audit(1733068848.123:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4925 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7ab92849 code=0x7ffc0000 [ 137.377186][ T4909] BTRFS info (device loop0): using free space tree [ 137.387335][ T26] audit: type=1326 audit(1733068848.123:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4925 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f8c7ab92849 code=0x7ffc0000 [ 137.420927][ T4243] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 137.438455][ T4931] loop4: detected capacity change from 0 to 512 [ 137.462268][ T4909] BTRFS info (device loop0): has skinny extents [ 137.470381][ T4243] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz1 [ 137.760230][ T26] audit: type=1326 audit(1733068848.123:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4925 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7ab92849 code=0x7ffc0000 [ 137.918774][ T26] audit: type=1326 audit(1733068848.133:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4925 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7ab92849 code=0x7ffc0000 [ 137.974636][ T26] audit: type=1326 audit(1733068848.133:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4925 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f8c7ab92849 code=0x7ffc0000 [ 138.012808][ T26] audit: type=1326 audit(1733068848.133:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4925 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7ab92849 code=0x7ffc0000 [ 138.265324][ T4909] BTRFS error (device loop0): open_ctree failed [ 139.462275][ T4929] loop2: detected capacity change from 0 to 32768 [ 139.542410][ T4929] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.182 (4929) [ 139.629183][ T4929] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 139.658356][ T4929] BTRFS info (device loop2): setting nodatacow, compression disabled [ 139.682993][ T4929] BTRFS info (device loop2): setting datacow [ 139.712746][ T4929] BTRFS info (device loop2): doing ref verification [ 139.736310][ T4929] BTRFS info (device loop2): setting nodatacow, compression disabled [ 139.789958][ T4929] BTRFS info (device loop2): turning off barriers [ 139.829271][ T4929] BTRFS info (device loop2): enabling ssd optimizations [ 139.929790][ T4929] BTRFS info (device loop2): using spread ssd allocation scheme [ 139.958114][ T4929] BTRFS info (device loop2): not using ssd optimizations [ 140.003029][ T4929] BTRFS info (device loop2): not using spread ssd allocation scheme [ 140.055614][ T4929] BTRFS info (device loop2): using free space tree [ 140.062411][ T4929] BTRFS info (device loop2): has skinny extents [ 140.934047][ T4929] BTRFS error (device loop2): open_ctree failed [ 142.897664][ T5021] loop4: detected capacity change from 0 to 128 [ 143.512022][ T5021] EXT4-fs (loop4): mounted filesystem without journal. Opts: minixdf,nodelalloc,,errors=continue. Quota mode: none. [ 143.904593][ T5021] ext4 filesystem being mounted at /44/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 151.974256][ T5098] loop2: detected capacity change from 0 to 16 [ 152.085961][ T5098] erofs: (device loop2): mounted with root inode @ nid 36. [ 154.471580][ T5118] loop2: detected capacity change from 0 to 4096 [ 154.576491][ T5125] loop4: detected capacity change from 0 to 2048 [ 154.629903][ T5118] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 155.260829][ T5125] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 155.459977][ T5125] UDF-fs: Scanning with blocksize 512 failed [ 155.473936][ T5125] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 156.754809][ T5119] loop1: detected capacity change from 0 to 32768 [ 157.021485][ T5123] loop0: detected capacity change from 0 to 32768 [ 157.992119][ T4160] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by udevd (4160) [ 158.388077][ T5145] loop4: detected capacity change from 0 to 32768 [ 158.730258][ T5145] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.236 (5145) [ 159.216721][ T5145] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 159.283622][ T5157] netlink: 'syz.0.239': attribute type 10 has an invalid length. [ 159.291653][ T5145] BTRFS info (device loop4): force clearing of disk cache [ 159.322955][ T5145] BTRFS info (device loop4): force zlib compression, level 3 [ 159.330399][ T5145] BTRFS info (device loop4): enabling auto defrag [ 159.360431][ T5157] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.369355][ T5157] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.378091][ T5145] BTRFS info (device loop4): max_inline at 0 [ 159.432811][ T5145] BTRFS info (device loop4): using free space tree [ 159.439368][ T5145] BTRFS info (device loop4): has skinny extents [ 159.573700][ T5157] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.580887][ T5157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.590501][ T5157] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.598447][ T5157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.672598][ T5157] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 159.757868][ T5145] BTRFS info (device loop4): enabling ssd optimizations [ 159.821553][ T5145] BTRFS info (device loop4): clearing free space tree [ 159.843530][ T5154] loop1: detected capacity change from 0 to 32768 [ 159.867157][ T5162] netlink: 4 bytes leftover after parsing attributes in process `syz.0.239'. [ 159.870953][ T5145] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 159.889210][ T5162] device bridge_slave_1 left promiscuous mode [ 159.911989][ T5145] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 159.917879][ T5162] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.985684][ T5162] device bridge_slave_0 left promiscuous mode [ 160.037170][ T5154] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 160.051493][ T5145] BTRFS info (device loop4): creating free space tree [ 160.059653][ T5162] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.067538][ T5154] BTRFS info (device loop1): enabling auto defrag [ 160.079869][ T5145] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 160.090105][ T5154] BTRFS info (device loop1): disabling tree log [ 160.106954][ T5154] BTRFS info (device loop1): use no compression [ 160.132739][ T5145] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 160.143076][ T5154] BTRFS info (device loop1): force clearing of disk cache [ 160.150236][ T5154] BTRFS info (device loop1): disabling free space tree [ 160.186240][ T5154] BTRFS info (device loop1): has skinny extents [ 160.230196][ T5162] bond0: (slave bridge0): Releasing backup interface [ 160.426184][ T4404] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 160.793941][ T5154] BTRFS info (device loop1): enabling ssd optimizations [ 160.806282][ T5154] BTRFS info (device loop1): clearing free space tree [ 160.818712][ T5154] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 160.829546][ T5154] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 162.609439][ T5236] netlink: 48 bytes leftover after parsing attributes in process `syz.1.242'. [ 163.051646][ T5243] x_tables: ip_tables: osf match: only valid for protocol 6 [ 163.065478][ T5243] Zero length message leads to an empty skb [ 164.786940][ T5256] loop4: detected capacity change from 0 to 32768 [ 165.146234][ T5256] JBD2: Ignoring recovery information on journal [ 165.303621][ T5256] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 165.796666][ T26] audit: type=1800 audit(1733068876.673:9): pid=5256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.252" name="file1" dev="loop4" ino=17058 res=0 errno=0 [ 166.050924][ T4181] ocfs2: Unmounting device (7,4) on (node local) [ 167.172275][ T5303] loop4: detected capacity change from 0 to 64 [ 169.834835][ T5322] netlink: 24 bytes leftover after parsing attributes in process `syz.4.272'. [ 169.893492][ T5326] loop3: detected capacity change from 0 to 1024 [ 171.824960][ T5348] loop2: detected capacity change from 0 to 1764 [ 171.887449][ T5215] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.920397][ T5215] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 171.954086][ T5215] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz1 [ 173.659360][ T5367] Unsupported ieee802154 address type: 0 [ 174.065417][ T5352] loop3: detected capacity change from 0 to 32768 [ 174.488154][ T5352] XFS (loop3): Mounting V5 Filesystem [ 174.760284][ T5352] XFS (loop3): Ending clean mount [ 174.782150][ T5352] XFS (loop3): Quotacheck needed: Please wait. [ 177.283217][ T5403] loop1: detected capacity change from 0 to 16 [ 179.471463][ T5401] loop4: detected capacity change from 0 to 2048 [ 179.486763][ T5352] XFS (loop3): Quotacheck: Done. [ 179.585529][ T4172] XFS (loop3): Unmounting Filesystem [ 179.620999][ T5401] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 185.201059][ T5452] loop0: detected capacity change from 0 to 256 [ 186.287733][ T23] Bluetooth: hci2: command 0x0406 tx timeout [ 186.295418][ T5452] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 186.304649][ T5452] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 186.313434][ T5452] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 186.322156][ T5452] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 186.330982][ T5452] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 186.339939][ T5452] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 186.348735][ T5452] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 186.357543][ T5452] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 186.366329][ T5452] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 186.375246][ T5452] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 186.389063][ T26] audit: type=1800 audit(1733068897.263:10): pid=5452 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.307" name="file1" dev="loop0" ino=1048592 res=0 errno=0 [ 186.392933][ T23] Bluetooth: hci1: command 0x0406 tx timeout [ 186.433001][ T23] Bluetooth: hci3: command 0x0406 tx timeout [ 186.439083][ T23] Bluetooth: hci4: command 0x0406 tx timeout [ 186.463360][ T23] Bluetooth: hci0: command 0x0406 tx timeout [ 186.517947][ T5468] loop3: detected capacity change from 0 to 1024 [ 186.582050][ T26] audit: type=1800 audit(1733068897.293:11): pid=5463 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.307" name="file1" dev="loop0" ino=1048592 res=0 errno=0 [ 186.920059][ T5468] EXT4-fs (loop3): Ignoring removed orlov option [ 186.996104][ T5468] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 187.383819][ T5475] loop4: detected capacity change from 0 to 64 [ 187.513574][ T5468] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 188.194168][ T5468] process 'syz.3.312' launched './file0/file0' with NULL argv: empty string added [ 190.737376][ T5497] device ip6gre1 entered promiscuous mode [ 191.206522][ T5515] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 192.244862][ T5528] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 192.812797][ T4384] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 193.062921][ T4384] usb 2-1: device descriptor read/64, error -71 [ 193.553146][ T5576] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 193.587792][ T4384] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 194.255752][ T1425] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.262224][ T1425] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.502805][ T4384] usb 2-1: device descriptor read/64, error -71 [ 194.673075][ T4384] usb usb2-port1: attempt power cycle [ 195.170104][ T4384] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 195.937290][ T4384] usb 2-1: device not accepting address 4, error -71 [ 197.089704][ T5620] loop1: detected capacity change from 0 to 256 [ 197.329887][ T5622] loop0: detected capacity change from 0 to 4096 [ 198.642764][ T5631] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 198.705452][ T5633] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 198.812603][ T5635] xt_nat: multiple ranges no longer supported [ 204.574712][ T5668] loop0: detected capacity change from 0 to 1024 [ 204.616423][ T5670] loop4: detected capacity change from 0 to 16 [ 204.750482][ T5670] erofs: (device loop4): mounted with root inode @ nid 36. [ 204.927386][ T5668] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 205.003526][ T5681] netlink: 8 bytes leftover after parsing attributes in process `syz.2.356'. [ 205.012974][ T5681] netlink: 8 bytes leftover after parsing attributes in process `syz.2.356'. [ 210.153024][ T5731] misc userio: Invalid payload size [ 211.715407][ T5735] loop0: detected capacity change from 0 to 4096 [ 212.051615][ T5752] xt_cgroup: xt_cgroup: no path or classid specified [ 212.133314][ T5735] EXT4-fs (loop0): mounted filesystem without journal. Opts: norecovery,grpquota,lazytime,user_xattr,dioread_lock,,errors=continue. Quota mode: writeback. [ 216.350879][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 216.476218][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 216.558109][ T5790] netlink: 12 bytes leftover after parsing attributes in process `syz.2.384'. [ 216.745159][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 217.041605][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 217.095027][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 217.140130][ T5790] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 217.149560][ T5790] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 217.158436][ T5790] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 217.167196][ T5790] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 217.189999][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 217.204547][ T5790] device vxlan0 entered promiscuous mode [ 217.223300][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 217.251136][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 217.271382][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 217.289550][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 217.309554][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 217.347794][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 217.403725][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 217.467743][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 218.432187][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 218.458182][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 218.482323][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 218.504705][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 218.535443][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 218.562274][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 218.592958][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 218.610739][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 218.629514][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 218.650182][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 218.685057][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 218.721056][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 219.889331][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 219.898835][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 219.907288][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 219.915953][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 219.924633][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 219.932156][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 219.940849][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 219.952790][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 219.962983][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 219.970502][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 219.979896][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 219.988261][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 219.996087][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 220.003886][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 220.011295][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 220.019212][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 220.026979][ T4171] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 220.052723][ T4171] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz0 [ 220.721006][ T5823] loop4: detected capacity change from 0 to 1764 [ 221.291970][ T5808] loop1: detected capacity change from 0 to 32768 [ 221.818025][ T4211] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 221.952306][ T4211] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz0] on syz1 [ 222.039629][ T5832] netlink: 8 bytes leftover after parsing attributes in process `syz.0.396'. [ 224.050136][ T5844] loop1: detected capacity change from 0 to 1024 [ 224.399386][ T5840] block nbd3: NBD_DISCONNECT [ 224.607939][ T26] audit: type=1326 audit(1733068935.463:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f063fec4849 code=0x7ffc0000 [ 224.677841][ T5840] block nbd3: Send disconnect failed -89 [ 224.715172][ T5844] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 224.807679][ T5849] nbd3: detected capacity change from 0 to 12 [ 224.888876][ T26] audit: type=1326 audit(1733068935.463:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f063fec4849 code=0x7ffc0000 [ 224.990925][ T1092] block nbd3: Send control failed (result -89) [ 224.997937][ T1092] block nbd3: Request send failed, requeueing [ 225.012519][ T1092] block nbd3: Disconnected due to user request. [ 225.025478][ T1092] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 225.038765][ T1092] Buffer I/O error on dev nbd3, logical block 0, async page read [ 225.057705][ T1092] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 225.069538][ T1092] Buffer I/O error on dev nbd3, logical block 0, async page read [ 225.085722][ T1092] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 225.097498][ T1092] Buffer I/O error on dev nbd3, logical block 0, async page read [ 225.142391][ T1092] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 225.153361][ T1092] Buffer I/O error on dev nbd3, logical block 0, async page read [ 225.161853][ T1092] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 225.172809][ T1092] Buffer I/O error on dev nbd3, logical block 0, async page read [ 225.180936][ T1092] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 225.191863][ T1092] Buffer I/O error on dev nbd3, logical block 0, async page read [ 225.200149][ T1092] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 225.211664][ T1092] Buffer I/O error on dev nbd3, logical block 0, async page read [ 225.220477][ T1092] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 225.231363][ T1092] Buffer I/O error on dev nbd3, logical block 0, async page read [ 225.239472][ T4570] ldm_validate_partition_table(): Disk read failed. [ 225.282909][ T1092] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 225.294104][ T1092] Buffer I/O error on dev nbd3, logical block 0, async page read [ 225.362540][ T150] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 225.373888][ T150] Buffer I/O error on dev nbd3, logical block 0, async page read [ 225.546143][ T26] audit: type=1326 audit(1733068935.483:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f063fec4849 code=0x7ffc0000 [ 225.551267][ T4570] Dev nbd3: unable to read RDB block 0 [ 225.568494][ T26] audit: type=1326 audit(1733068935.483:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5848 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f063fec4849 code=0x7ffc0000 [ 225.596559][ T26] audit: type=1804 audit(1733068936.373:16): pid=5844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.397" name="/newroot/67/file1/file1" dev="loop1" ino=15 res=1 errno=0 [ 225.618461][ T26] audit: type=1804 audit(1733068936.373:17): pid=5844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.397" name="/newroot/67/file1/file1" dev="loop1" ino=15 res=1 errno=0 [ 225.643092][ T4570] nbd3: unable to read partition table [ 225.649225][ T4570] nbd3: partition table beyond EOD, truncated [ 226.208533][ T4570] ldm_validate_partition_table(): Disk read failed. [ 226.218368][ T4570] Dev nbd3: unable to read RDB block 0 [ 226.264788][ T4570] nbd3: unable to read partition table [ 226.317432][ T4570] nbd3: partition table beyond EOD, truncated [ 226.568248][ T5843] loop0: detected capacity change from 0 to 32768 [ 226.725241][ T5843] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 226.772757][ T5843] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 227.288707][ T5883] Sensor A: ================= START STATUS ================= [ 227.309541][ T5883] Sensor A: Test Pattern: 75% Colorbar [ 227.330537][ T5883] Sensor A: Show Information: All [ 227.350509][ T5883] Sensor A: Vertical Flip: false [ 227.361176][ T5883] Sensor A: Horizontal Flip: false [ 227.368542][ T5883] Sensor A: Brightness: 128 [ 227.382542][ T5883] Sensor A: Contrast: 128 [ 227.387621][ T5883] Sensor A: Hue: 0 [ 227.398807][ T5883] Sensor A: Saturation: 128 [ 227.408541][ T5883] Sensor A: ================== END STATUS ================== [ 227.923134][ T5843] gfs2: fsid=syz:syz.s: journal 0 mapped with 16 extents in 0ms [ 228.149227][ T4211] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 228.160220][ T4211] Bluetooth: hci3: Injecting HCI hardware error event [ 228.169924][ T4175] Bluetooth: hci3: hardware error 0x00 [ 229.171947][ T5843] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 229.340527][ T5873] loop3: detected capacity change from 0 to 32768 [ 230.807824][ T5911] loop4: detected capacity change from 0 to 8 [ 230.912934][ T26] audit: type=1326 audit(1733068941.683:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5906 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7ab92849 code=0x7ffc0000 [ 231.182815][ T26] audit: type=1326 audit(1733068941.683:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5906 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7ab92849 code=0x7ffc0000 [ 231.225793][ T26] audit: type=1326 audit(1733068941.683:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5906 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f8c7ab92849 code=0x7ffc0000 [ 231.290196][ T26] audit: type=1326 audit(1733068941.683:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5906 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7ab92849 code=0x7ffc0000 [ 233.152762][ T26] audit: type=1326 audit(1733068941.683:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5906 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c7ab92849 code=0x7ffc0000 [ 233.240646][ T5924] tipc: Started in network mode [ 233.272761][ T5924] tipc: Node identity 3a20300a74797065, cluster identity 4711 [ 233.292687][ T26] audit: type=1326 audit(1733068941.683:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5906 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f8c7ab92849 code=0x7ffc0000 [ 233.399422][ T5924] tipc: Enabling of bearer rejected, failed to enable media [ 233.425156][ T26] audit: type=1326 audit(1733068941.683:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5906 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8c7ab92883 code=0x7ffc0000 [ 233.447389][ T26] audit: type=1326 audit(1733068941.683:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5906 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f8c7ab912ff code=0x7ffc0000 [ 233.482701][ T26] audit: type=1326 audit(1733068941.683:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5906 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f8c7ab928d7 code=0x7ffc0000 [ 233.516643][ T26] audit: type=1326 audit(1733068941.683:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5906 comm="syz.4.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8c7ab911b0 code=0x7ffc0000 [ 234.965979][ T5932] loop4: detected capacity change from 0 to 1024 [ 238.621586][ T5979] loop2: detected capacity change from 0 to 512 [ 238.729788][ T5979] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 238.752821][ T5979] ext4 filesystem being mounted at /97/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 238.882119][ T5963] loop1: detected capacity change from 0 to 32768 [ 239.532567][ T5990] overlayfs: failed to resolve './file1': -2 [ 239.970841][ T5972] loop0: detected capacity change from 0 to 32768 [ 240.033384][ T5972] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 scanned by syz.0.438 (5972) [ 240.926718][ T5972] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 240.956087][ T5972] BTRFS info (device loop0): using free space tree [ 240.972781][ T5972] BTRFS info (device loop0): has skinny extents [ 241.399357][ T5972] BTRFS error (device loop0): open_ctree failed [ 241.666948][ T6005] loop2: detected capacity change from 0 to 32768 [ 241.835690][ T6005] (syz.2.446,6005,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 241.940097][ T6005] (syz.2.446,6005,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 243.151117][ T6005] JBD2: Ignoring recovery information on journal [ 243.256672][ T6039] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_bridge, syncid = 0, id = 0 [ 243.403083][ T6005] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 244.235256][ T6055] loop3: detected capacity change from 0 to 128 [ 244.326340][ T4166] ocfs2: Unmounting device (7,2) on (node local) [ 244.550120][ T6055] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 244.616759][ T6055] ext4 filesystem being mounted at /95/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 244.680364][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 244.680379][ T26] audit: type=1326 audit(1733068955.553:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.4.458" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c7ab92849 code=0x0 [ 244.780960][ T6055] EXT4-fs (loop3): shut down requested (0) [ 245.253739][ T6065] netlink: 'syz.2.457': attribute type 10 has an invalid length. [ 245.288444][ T6065] netlink: 2 bytes leftover after parsing attributes in process `syz.2.457'. [ 245.338737][ T6065] device team0 entered promiscuous mode [ 245.361332][ T6065] device team_slave_0 entered promiscuous mode [ 245.419741][ T6065] device team_slave_1 entered promiscuous mode [ 245.472890][ T6065] bridge0: port 3(team0) entered blocking state [ 245.512859][ T6065] bridge0: port 3(team0) entered disabled state [ 245.777150][ T6065] bridge0: port 3(team0) entered blocking state [ 245.783511][ T6065] bridge0: port 3(team0) entered forwarding state [ 245.820667][ T6070] loop3: detected capacity change from 0 to 40427 [ 246.010743][ T6070] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 246.010852][ T6070] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 246.049577][ T6070] F2FS-fs (loop3): invalid crc value [ 246.227867][ T6070] F2FS-fs (loop3): Found nat_bits in checkpoint [ 246.703497][ T6070] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 246.710910][ T6070] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 249.075858][ T6091] cgroup: No subsys list or none specified [ 249.109069][ T6090] sd 0:0:1:0: device reset [ 249.126500][ T6092] input: syz0 as /devices/virtual/input/input7 [ 249.174538][ T5584] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 249.190963][ T5584] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 249.714957][ T6104] input: syz0 as /devices/virtual/input/input8 [ 249.918639][ T6110] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 249.926250][ T6110] UDF-fs: Scanning with blocksize 512 failed [ 249.934512][ T6110] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 249.942059][ T6110] UDF-fs: Scanning with blocksize 1024 failed [ 250.079406][ T6110] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 250.086975][ T6110] UDF-fs: Scanning with blocksize 2048 failed [ 250.098959][ T6110] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 250.106569][ T6110] UDF-fs: Scanning with blocksize 4096 failed [ 250.272729][ T5216] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 250.563260][ T5216] usb 1-1: Using ep0 maxpacket: 16 [ 250.683036][ T5216] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 250.691242][ T5216] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 250.982485][ T5216] usb 1-1: config 0 has no interface number 0 [ 251.009903][ T5216] usb 1-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 251.050029][ T5216] usb 1-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 251.091902][ T5216] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.146826][ T5216] usb 1-1: config 0 descriptor?? [ 251.186244][ T5216] usbhid 1-1:0.1: couldn't find an input interrupt endpoint [ 251.476382][ T6126] capability: warning: `syz.2.478' uses deprecated v2 capabilities in a way that may be insecure [ 252.004832][ T4212] usb 1-1: USB disconnect, device number 2 [ 253.222897][ T4954] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 254.523086][ T4954] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 254.693971][ T4954] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 254.959929][ T4954] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 255.112492][ T4954] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.143439][ T4954] usb 1-1: config 0 descriptor?? [ 255.644557][ T1425] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.650886][ T1425] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.925453][ T4954] hid (null): bogus close delimiter [ 257.082839][ T4954] usb 1-1: string descriptor 0 read error: -71 [ 257.139166][ T4954] uclogic 0003:256C:006D.0006: failed retrieving string descriptor #200: -71 [ 257.365924][ T4954] uclogic 0003:256C:006D.0006: failed retrieving pen parameters: -71 [ 257.435069][ T4954] uclogic 0003:256C:006D.0006: failed probing pen v2 parameters: -71 [ 257.451868][ T4954] uclogic 0003:256C:006D.0006: failed probing parameters: -71 [ 257.468001][ T4954] uclogic: probe of 0003:256C:006D.0006 failed with error -71 [ 257.508930][ T4954] usb 1-1: USB disconnect, device number 3 [ 258.564944][ T5212] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 258.642759][ T5215] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 258.761701][ T6213] netlink: 28 bytes leftover after parsing attributes in process `syz.2.506'. [ 258.923008][ T5212] usb 2-1: config 0 has an invalid interface number: 237 but max is 0 [ 258.944606][ T5212] usb 2-1: config 0 has no interface number 0 [ 258.964824][ T5212] usb 2-1: config 0 interface 237 altsetting 0 has an invalid endpoint with address 0xF7, skipping [ 258.990961][ T5212] usb 2-1: config 0 interface 237 altsetting 0 has an invalid endpoint with address 0x5E, skipping [ 259.705451][ T5212] usb 2-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.be [ 259.715590][ T5215] usb 5-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38 [ 259.735238][ T5215] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.750226][ T5212] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.779089][ T5215] usb 5-1: Product: syz [ 259.789183][ T5212] usb 2-1: Product: syz [ 259.807908][ T5215] usb 5-1: Manufacturer: syz [ 259.813050][ T5212] usb 2-1: Manufacturer: syz [ 259.829636][ T5215] usb 5-1: SerialNumber: syz [ 259.834729][ T5212] usb 2-1: SerialNumber: syz [ 260.714293][ T5215] usb 5-1: config 0 descriptor?? [ 260.720326][ T5212] usb 2-1: config 0 descriptor?? [ 260.743011][ T5215] usb 5-1: can't set config #0, error -71 [ 260.749172][ T5212] usb 2-1: can't set config #0, error -71 [ 260.843322][ T5212] usb 2-1: USB disconnect, device number 6 [ 260.850895][ T5215] usb 5-1: USB disconnect, device number 3 [ 263.964349][ T150] block nbd1: Attempted send on invalid socket [ 263.970646][ T150] print_req_error: 25 callbacks suppressed [ 263.970661][ T150] blk_update_request: I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 263.996139][ T6266] binder: 6260:6266 ioctl c0306201 0 returned -14 [ 265.819826][ T6276] loop3: detected capacity change from 0 to 32768 [ 267.328742][ T6276] (syz.3.525,6276,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 267.771157][ T6276] (syz.3.525,6276,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 268.149051][ T6276] (syz.3.525,6276,0):ocfs2_initialize_super:2310 ERROR: status = -12 [ 268.222809][ T6276] (syz.3.525,6276,0):ocfs2_fill_super:1177 ERROR: status = -12 [ 268.511521][ T6311] loop0: detected capacity change from 0 to 1024 [ 268.771688][ T6311] EXT4-fs (loop0): Ignoring removed nobh option [ 268.859589][ T6311] EXT4-fs error (device loop0): ext4_ext_check_inode:501: inode #11: comm syz.0.532: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 268.949147][ T6311] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.532: couldn't read orphan inode 11 (err -117) [ 268.993097][ T6311] EXT4-fs (loop0): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 269.247276][ T6324] binder: 6322:6324 ioctl c0306201 0 returned -14 [ 269.437096][ T6326] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz.0.532: Invalid block bitmap block 0 in block_group 0 [ 269.461570][ T6326] Quota error (device loop0): write_blk: dquota write failed [ 269.469732][ T6326] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 269.479777][ T6326] EXT4-fs error (device loop0): ext4_acquire_dquot:6197: comm syz.0.532: Failed to acquire dquot type 0 [ 271.233469][ T6339] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.541'. [ 272.516002][ T6360] infiniband syz2: set active [ 272.521243][ T6360] infiniband syz2: added team_slave_1 [ 272.790723][ T6360] RDS/IB: syz2: added [ 272.795847][ T6360] smc: adding ib device syz2 with port count 1 [ 272.802723][ T6360] smc: ib device syz2 port 1 has pnetid [ 273.080511][ T6363] binder: 6358:6363 ioctl c0306201 0 returned -14 [ 273.468145][ T6351] loop0: detected capacity change from 0 to 32768 [ 273.639246][ T6368] loop1: detected capacity change from 0 to 1024 [ 273.661726][ T6351] JBD2: Ignoring recovery information on journal [ 273.824034][ T6351] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 273.880324][ T26] audit: type=1800 audit(1733068984.753:34): pid=6351 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.547" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 274.071324][ T6368] EXT4-fs (loop1): Ignoring removed nobh option [ 274.547826][ T6368] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.551: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 274.666382][ T6368] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.551: couldn't read orphan inode 11 (err -117) [ 274.678680][ T6368] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 276.068976][ T6392] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.551: Invalid block bitmap block 0 in block_group 0 [ 276.084001][ T6392] Quota error (device loop1): write_blk: dquota write failed [ 276.091906][ T6392] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 276.103116][ T6392] EXT4-fs error (device loop1): ext4_acquire_dquot:6197: comm syz.1.551: Failed to acquire dquot type 0 [ 276.163034][ T6351] (syz.0.547,6351,1):ocfs2_dio_end_io:2428 ERROR: Direct IO failed, bytes = -4 [ 276.205415][ T6351] syz.0.547 (6351) used greatest stack depth: 18232 bytes left [ 276.420912][ T4168] ocfs2: Unmounting device (7,0) on (node local) [ 277.087094][ T6424] syz.3.570 sent an empty control message without MSG_MORE. [ 277.098280][ T6421] binder: 6413:6421 ioctl c0306201 0 returned -14 [ 278.214404][ T6434] loop1: detected capacity change from 0 to 1024 [ 278.613313][ T6439] bridge: RTM_NEWNEIGH with invalid ether address [ 278.636898][ T6434] EXT4-fs (loop1): Ignoring removed nobh option [ 278.760253][ T6434] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.573: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 278.821737][ T6434] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.573: couldn't read orphan inode 11 (err -117) [ 278.845307][ T6434] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 280.470674][ T6451] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.573: Invalid block bitmap block 0 in block_group 0 [ 280.503023][ T6451] Quota error (device loop1): write_blk: dquota write failed [ 280.510486][ T6451] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 280.520765][ T6451] EXT4-fs error (device loop1): ext4_acquire_dquot:6197: comm syz.1.573: Failed to acquire dquot type 0 [ 281.307242][ T6462] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 281.314943][ T6462] UDF-fs: Scanning with blocksize 512 failed [ 281.327709][ T6462] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 281.335381][ T6462] UDF-fs: Scanning with blocksize 1024 failed [ 281.550483][ T6462] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 281.558134][ T6462] UDF-fs: Scanning with blocksize 2048 failed [ 281.565866][ T6462] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 281.573401][ T6462] UDF-fs: Scanning with blocksize 4096 failed [ 281.733795][ T6467] tipc: Started in network mode [ 281.813365][ T6467] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 281.837713][ T6467] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 282.105365][ T6467] tipc: Enabled bearer , priority 10 [ 282.157746][ T6476] binder: 6470:6476 ioctl c0306201 0 returned -14 [ 283.312510][ T6487] loop2: detected capacity change from 0 to 1024 [ 283.329271][ C0] Unknown status report in ack skb [ 283.395439][ T6492] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 0, id = 0 [ 283.414463][ T4954] tipc: Node number set to 1 [ 283.442024][ T6487] EXT4-fs (loop2): Ignoring removed nobh option [ 283.518164][ T6487] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.591: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 283.543924][ T6487] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.591: couldn't read orphan inode 11 (err -117) [ 283.602981][ T6487] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 284.511325][ T6495] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 10: padding at end of block bitmap is not set [ 284.537145][ T6497] syz.0.593 (6497): drop_caches: 2 [ 284.573869][ T6503] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.591: Invalid block bitmap block 0 in block_group 0 [ 284.613716][ T6503] Quota error (device loop2): write_blk: dquota write failed [ 284.622713][ T6503] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 284.632725][ T6503] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.591: Failed to acquire dquot type 0 [ 284.892241][ T6511] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 284.899991][ T6511] UDF-fs: Scanning with blocksize 512 failed [ 284.908931][ T6511] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 284.916513][ T6511] UDF-fs: Scanning with blocksize 1024 failed [ 284.924458][ T6511] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 284.932167][ T6511] UDF-fs: Scanning with blocksize 2048 failed [ 285.066401][ T6511] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 285.074044][ T6511] UDF-fs: Scanning with blocksize 4096 failed [ 287.102976][ T6547] loop2: detected capacity change from 0 to 1024 [ 287.424770][ T6547] EXT4-fs (loop2): Ignoring removed nobh option [ 287.514939][ T6547] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.607: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 287.661446][ T6547] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.607: couldn't read orphan inode 11 (err -117) [ 287.694370][ T6545] dccp_close: ABORT with 32 bytes unread [ 287.758069][ T6547] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 289.432727][ T6555] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 10: padding at end of block bitmap is not set [ 289.513958][ T6569] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.607: Invalid block bitmap block 0 in block_group 0 [ 289.527975][ T6569] Quota error (device loop2): write_blk: dquota write failed [ 289.535502][ T6569] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 289.545545][ T6569] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.607: Failed to acquire dquot type 0 [ 292.361917][ T6606] netlink: 'syz.0.621': attribute type 10 has an invalid length. [ 292.478625][ T6606] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 292.563582][ T6606] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 292.663432][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 292.962053][ T6621] loop3: detected capacity change from 0 to 1024 [ 292.983199][ T21] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 293.062140][ T6621] EXT4-fs (loop3): Ignoring removed nobh option [ 293.111929][ T6621] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #11: comm syz.3.624: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 293.169961][ T6621] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.624: couldn't read orphan inode 11 (err -117) [ 293.362825][ T21] usb 1-1: Using ep0 maxpacket: 16 [ 293.385883][ T6621] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 293.483270][ T6627] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 293.490834][ T6627] UDF-fs: Scanning with blocksize 512 failed [ 293.499047][ T6627] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 293.506876][ T6627] UDF-fs: Scanning with blocksize 1024 failed [ 293.514927][ T6627] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 293.522555][ T6627] UDF-fs: Scanning with blocksize 2048 failed [ 293.649932][ T6627] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 293.657490][ T6627] UDF-fs: Scanning with blocksize 4096 failed [ 294.054680][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 294.481817][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 294.516234][ T21] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 294.539319][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.550761][ T6634] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.624: Invalid block bitmap block 0 in block_group 0 [ 294.570302][ T6634] Quota error (device loop3): write_blk: dquota write failed [ 294.577809][ T6634] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 294.587885][ T6634] EXT4-fs error (device loop3): ext4_acquire_dquot:6197: comm syz.3.624: Failed to acquire dquot type 0 [ 294.804623][ T21] usb 1-1: config 0 descriptor?? [ 295.566896][ T21] corsair 0003:1B1C:1B02.0007: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.0-1/input0 [ 296.070392][ T21] corsair 0003:1B1C:1B02.0007: Read invalid backlight brightness: c6. [ 296.318697][ T5216] usb 1-1: USB disconnect, device number 4 [ 297.228613][ T6659] IPv6: ADDRCONF(NETDEV_CHANGE): geneve2: link becomes ready [ 297.371867][ T6667] binder: 6654:6667 ioctl c0306201 0 returned -14 [ 297.783403][ T6671] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 297.790994][ T6671] UDF-fs: Scanning with blocksize 512 failed [ 297.799594][ T6671] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 297.807463][ T6671] UDF-fs: Scanning with blocksize 1024 failed [ 297.818180][ T6671] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 297.825807][ T6671] UDF-fs: Scanning with blocksize 2048 failed [ 298.015837][ T6671] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 298.024290][ T6671] UDF-fs: Scanning with blocksize 4096 failed [ 298.269573][ T6681] loop2: detected capacity change from 0 to 1024 [ 300.401190][ T6681] EXT4-fs (loop2): Ignoring removed nobh option [ 300.608409][ T6681] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.639: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 300.698838][ T6681] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.639: couldn't read orphan inode 11 (err -117) [ 300.752839][ T6681] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 303.663766][ T6726] input: syz0 as /devices/virtual/input/input9 [ 303.670061][ T6726] input: failed to attach handler leds to device input9, error: -6 [ 303.719302][ T6725] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.639: Invalid block bitmap block 0 in block_group 0 [ 303.733030][ T6725] Quota error (device loop2): write_blk: dquota write failed [ 303.740443][ T6725] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 303.750771][ T6725] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.639: Failed to acquire dquot type 0 [ 304.801521][ T6741] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 304.809120][ T6741] UDF-fs: Scanning with blocksize 512 failed [ 304.971284][ T6741] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 304.980289][ T6741] UDF-fs: Scanning with blocksize 1024 failed [ 305.371264][ T6741] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 305.378988][ T6741] UDF-fs: Scanning with blocksize 2048 failed [ 305.386234][ T6741] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 305.393769][ T6741] UDF-fs: Scanning with blocksize 4096 failed [ 306.917868][ T6767] syz.3.660 uses obsolete (PF_INET,SOCK_PACKET) [ 307.398513][ T6776] loop1: detected capacity change from 0 to 1024 [ 307.467492][ T6781] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 308.354885][ T6776] EXT4-fs (loop1): Ignoring removed nobh option [ 308.432227][ T6776] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.662: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 308.454744][ T6776] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.662: couldn't read orphan inode 11 (err -117) [ 308.473230][ T6776] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 310.274150][ T6799] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.662: Invalid block bitmap block 0 in block_group 0 [ 310.288179][ T6799] Quota error (device loop1): write_blk: dquota write failed [ 310.295727][ T6799] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 310.306095][ T6799] EXT4-fs error (device loop1): ext4_acquire_dquot:6197: comm syz.1.662: Failed to acquire dquot type 0 [ 310.365125][ T6796] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 310.373048][ T6796] UDF-fs: Scanning with blocksize 512 failed [ 310.380655][ T6796] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 310.388236][ T6796] UDF-fs: Scanning with blocksize 1024 failed [ 310.394836][ T6796] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 310.402867][ T6796] UDF-fs: Scanning with blocksize 2048 failed [ 310.409523][ T6796] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 310.417268][ T6796] UDF-fs: Scanning with blocksize 4096 failed [ 311.042753][ T5215] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 311.289552][ T6809] dccp_close: ABORT with 32 bytes unread [ 311.302981][ T5215] usb 3-1: Using ep0 maxpacket: 8 [ 311.423025][ T5215] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 311.452940][ T5215] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 311.483639][ T6833] PKCS7: Unknown OID: [4] 2.19.13055.170809666(bad) [ 311.492542][ T6833] PKCS7: Only support pkcs7_signedData type [ 311.503676][ T6832] loop4: detected capacity change from 0 to 1024 [ 311.510273][ T5215] usb 3-1: config 0 has no interface number 0 [ 311.521924][ T6833] netlink: 68 bytes leftover after parsing attributes in process `syz.1.678'. [ 312.378245][ T6832] EXT4-fs (loop4): Ignoring removed nobh option [ 312.391998][ T5215] usb 3-1: config 0 interface 52 has no altsetting 0 [ 312.414683][ T6832] EXT4-fs error (device loop4): ext4_ext_check_inode:501: inode #11: comm syz.4.680: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 312.435783][ T6832] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.680: couldn't read orphan inode 11 (err -117) [ 312.453283][ T6832] EXT4-fs (loop4): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 312.683428][ T5215] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 312.701414][ T5215] usb 3-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 312.718323][ T5215] usb 3-1: Manufacturer: syz [ 313.932223][ T6848] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 313.935655][ T6846] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:476: comm syz.4.680: Invalid block bitmap block 0 in block_group 0 [ 313.939789][ T6848] UDF-fs: Scanning with blocksize 512 failed [ 313.955759][ T6846] Quota error (device loop4): write_blk: dquota write failed [ 313.961717][ T6848] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 313.967062][ T6846] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 313.974520][ T6848] UDF-fs: Scanning with blocksize 1024 failed [ 313.975048][ T6848] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 313.984750][ T6846] EXT4-fs error (device loop4): ext4_acquire_dquot:6197: comm syz.4.680: Failed to acquire dquot type 0 [ 313.991623][ T6848] UDF-fs: Scanning with blocksize 2048 failed [ 314.017222][ T6848] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 314.024860][ T6848] UDF-fs: Scanning with blocksize 4096 failed [ 314.073642][ T5215] usb 3-1: config 0 descriptor?? [ 314.141891][ T5215] usb 3-1: can't set config #0, error -71 [ 314.176093][ T5215] usb 3-1: USB disconnect, device number 3 [ 315.535529][ T6862] netlink: 'syz.2.686': attribute type 3 has an invalid length. [ 315.585498][ T6862] netlink: 8 bytes leftover after parsing attributes in process `syz.2.686'. [ 315.909571][ T6872] netlink: 'syz.3.688': attribute type 29 has an invalid length. [ 316.683701][ T5212] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 317.064560][ T1425] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.070897][ T1425] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.172678][ T5213] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 317.263483][ T5212] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.294251][ T5212] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 317.323275][ T5212] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 317.355325][ T5212] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.382228][ T5212] usb 2-1: config 0 descriptor?? [ 317.413099][ T5212] usb 2-1: can't set config #0, error -71 [ 317.424771][ T5212] usb 2-1: USB disconnect, device number 7 [ 317.543117][ T5213] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.584862][ T5213] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 317.631678][ T5213] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 317.690464][ T5213] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.793768][ T5213] usb 4-1: config 0 descriptor?? [ 318.008949][ T6888] loop1: detected capacity change from 0 to 1024 [ 318.424619][ T6892] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 318.432239][ T6892] UDF-fs: Scanning with blocksize 512 failed [ 318.438925][ T6892] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 318.446454][ T6892] UDF-fs: Scanning with blocksize 1024 failed [ 318.453043][ T6892] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 318.460521][ T6892] UDF-fs: Scanning with blocksize 2048 failed [ 318.467100][ T6892] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 318.474619][ T6892] UDF-fs: Scanning with blocksize 4096 failed [ 319.569063][ T5213] hid (null): bogus close delimiter [ 319.650955][ T6888] EXT4-fs (loop1): Ignoring removed nobh option [ 319.705543][ T6888] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.696: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 319.722886][ T5213] usb 4-1: string descriptor 0 read error: -71 [ 319.744412][ T6888] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.696: couldn't read orphan inode 11 (err -117) [ 319.757965][ T6888] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 320.000241][ T5213] uclogic 0003:256C:006D.0008: failed retrieving string descriptor #200: -71 [ 320.010476][ T5213] uclogic 0003:256C:006D.0008: failed retrieving pen parameters: -71 [ 320.020001][ T5213] uclogic 0003:256C:006D.0008: failed probing pen v2 parameters: -71 [ 320.044385][ T5213] uclogic 0003:256C:006D.0008: failed probing parameters: -71 [ 320.789831][ T6911] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.696: Invalid block bitmap block 0 in block_group 0 [ 320.803983][ T6911] Quota error (device loop1): write_blk: dquota write failed [ 320.811486][ T6911] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 320.822266][ T6911] EXT4-fs error (device loop1): ext4_acquire_dquot:6197: comm syz.1.696: Failed to acquire dquot type 0 [ 321.572711][ T5213] uclogic: probe of 0003:256C:006D.0008 failed with error -71 [ 321.592844][ T5213] usb 4-1: USB disconnect, device number 3 [ 325.703400][ T4950] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 325.953095][ T6953] loop3: detected capacity change from 0 to 1024 [ 326.071244][ T6953] EXT4-fs (loop3): Ignoring removed nobh option [ 326.142721][ T6953] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #11: comm syz.3.711: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 327.023338][ T4950] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 327.040137][ T4950] usb 5-1: config 0 has no interfaces? [ 327.046028][ T4950] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=37.c2 [ 327.061722][ T6953] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.711: couldn't read orphan inode 11 (err -117) [ 327.079358][ T4950] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.133806][ T4950] usb 5-1: config 0 descriptor?? [ 327.180033][ T6953] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 327.476836][ T5212] usb 5-1: USB disconnect, device number 4 [ 328.368955][ T6959] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 10: padding at end of block bitmap is not set [ 328.383890][ T6969] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.711: Invalid block bitmap block 0 in block_group 0 [ 328.397918][ T6969] Quota error (device loop3): write_blk: dquota write failed [ 328.405403][ T6969] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 328.415527][ T6969] EXT4-fs error (device loop3): ext4_acquire_dquot:6197: comm syz.3.711: Failed to acquire dquot type 0 [ 329.646620][ T6979] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 329.654816][ T6979] UDF-fs: Scanning with blocksize 512 failed [ 329.667924][ T6979] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 329.675571][ T6979] UDF-fs: Scanning with blocksize 1024 failed [ 329.685540][ T6979] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 329.693221][ T6979] UDF-fs: Scanning with blocksize 2048 failed [ 329.823453][ T6979] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 329.831044][ T6979] UDF-fs: Scanning with blocksize 4096 failed [ 331.036368][ T7003] x_tables: ip_tables: osf match: only valid for protocol 6 [ 332.873891][ T7012] loop4: detected capacity change from 0 to 1024 [ 332.928111][ T7012] EXT4-fs (loop4): Ignoring removed nobh option [ 332.986813][ T7012] EXT4-fs error (device loop4): ext4_ext_check_inode:501: inode #11: comm syz.4.725: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 333.013520][ T7012] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.725: couldn't read orphan inode 11 (err -117) [ 333.036131][ T7023] binder: 7017:7023 ioctl c0306201 0 returned -14 [ 333.047826][ T7012] EXT4-fs (loop4): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 333.465299][ T7025] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:476: comm syz.4.725: Invalid block bitmap block 0 in block_group 0 [ 333.612073][ T7025] Quota error (device loop4): write_blk: dquota write failed [ 333.619559][ T7025] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 333.629624][ T7025] EXT4-fs error (device loop4): ext4_acquire_dquot:6197: comm syz.4.725: Failed to acquire dquot type 0 [ 335.313181][ T7050] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 335.320692][ T7050] UDF-fs: Scanning with blocksize 512 failed [ 335.327567][ T7050] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 335.335141][ T7050] UDF-fs: Scanning with blocksize 1024 failed [ 335.341832][ T7050] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 335.349405][ T7050] UDF-fs: Scanning with blocksize 2048 failed [ 335.356141][ T7050] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 335.365262][ T7050] UDF-fs: Scanning with blocksize 4096 failed [ 335.652703][ T26] audit: type=1326 audit(1733069046.503:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7053 comm="syz.1.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f809f849 code=0x7ffc0000 [ 335.688063][ T7054] autofs4:pid:7054:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e) [ 335.755266][ T26] audit: type=1326 audit(1733069046.503:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7053 comm="syz.1.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f809f849 code=0x7ffc0000 [ 336.337199][ T26] audit: type=1326 audit(1733069046.553:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7053 comm="syz.1.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f30f809f849 code=0x7ffc0000 [ 336.580774][ T7078] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_vlan, syncid = 4, id = 0 [ 336.630811][ T7077] loop1: detected capacity change from 0 to 1024 [ 336.661278][ T26] audit: type=1326 audit(1733069046.553:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7053 comm="syz.1.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f809f849 code=0x7ffc0000 [ 336.801586][ T26] audit: type=1326 audit(1733069046.553:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7053 comm="syz.1.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f30f809f849 code=0x7ffc0000 [ 336.824962][ T26] audit: type=1326 audit(1733069046.553:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7053 comm="syz.1.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f809f849 code=0x7ffc0000 [ 336.847850][ T26] audit: type=1326 audit(1733069046.553:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7053 comm="syz.1.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7f30f809f849 code=0x7ffc0000 [ 336.872225][ T26] audit: type=1326 audit(1733069046.553:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7053 comm="syz.1.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30f809f849 code=0x7ffc0000 [ 336.917109][ T7077] EXT4-fs (loop1): Ignoring removed nobh option [ 336.997879][ T7077] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.743: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 338.774777][ T7094] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 338.782306][ T7094] UDF-fs: Scanning with blocksize 512 failed [ 338.790172][ T7094] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 338.797709][ T7094] UDF-fs: Scanning with blocksize 1024 failed [ 338.804333][ T7094] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 338.811833][ T7094] UDF-fs: Scanning with blocksize 2048 failed [ 338.818773][ T7094] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 338.826427][ T7094] UDF-fs: Scanning with blocksize 4096 failed [ 338.993401][ T7077] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.743: couldn't read orphan inode 11 (err -117) [ 339.104325][ T7077] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 340.930744][ T7111] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.743: Invalid block bitmap block 0 in block_group 0 [ 340.947173][ T7111] __quota_error: 16 callbacks suppressed [ 340.947194][ T7111] Quota error (device loop1): write_blk: dquota write failed [ 340.960423][ T7111] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 340.970453][ T7111] EXT4-fs error (device loop1): ext4_acquire_dquot:6197: comm syz.1.743: Failed to acquire dquot type 0 [ 341.142111][ T7114] loop2: detected capacity change from 0 to 1764 [ 343.318423][ T7124] loop3: detected capacity change from 0 to 1024 [ 344.057631][ T7124] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 344.643287][ T7124] EXT4-fs warning (device loop3): ext4_rmdir:3243: inode #11: comm syz.3.755: empty directory 'file1' has too many links (111) [ 345.290633][ T7154] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 345.300489][ T7154] UDF-fs: Scanning with blocksize 512 failed [ 345.358518][ T7154] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 345.366421][ T7154] UDF-fs: Scanning with blocksize 1024 failed [ 346.153918][ T7154] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 346.161743][ T7154] UDF-fs: Scanning with blocksize 2048 failed [ 346.168400][ T7154] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 346.175984][ T7154] UDF-fs: Scanning with blocksize 4096 failed [ 346.394319][ T7165] loop2: detected capacity change from 0 to 1024 [ 346.478323][ T7165] EXT4-fs (loop2): Ignoring removed nobh option [ 346.758133][ T7165] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.764: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 347.317412][ T7165] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.764: couldn't read orphan inode 11 (err -117) [ 347.328903][ T7168] Process accounting resumed [ 347.332225][ T7165] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 347.717854][ T7179] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.764: Invalid block bitmap block 0 in block_group 0 [ 347.734561][ T7179] Quota error (device loop2): write_blk: dquota write failed [ 347.742084][ T7179] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 347.752462][ T7179] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.764: Failed to acquire dquot type 0 [ 350.788205][ T7201] netlink: 'syz.4.771': attribute type 1 has an invalid length. [ 350.796000][ T7201] netlink: 224 bytes leftover after parsing attributes in process `syz.4.771'. [ 351.627136][ T7206] loop4: detected capacity change from 0 to 4096 [ 351.806758][ T7210] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 354.307857][ T7233] loop3: detected capacity change from 0 to 1024 [ 354.485647][ T7233] EXT4-fs (loop3): Ignoring removed nobh option [ 354.615092][ T7233] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #11: comm syz.3.782: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 354.725559][ T7233] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.782: couldn't read orphan inode 11 (err -117) [ 354.804146][ T7233] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 355.931787][ T7247] dccp_close: ABORT with 32 bytes unread [ 355.985282][ T7251] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.782: Invalid block bitmap block 0 in block_group 0 [ 355.999025][ T7251] Quota error (device loop3): write_blk: dquota write failed [ 356.006598][ T7251] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 356.017694][ T7251] EXT4-fs error (device loop3): ext4_acquire_dquot:6197: comm syz.3.782: Failed to acquire dquot type 0 [ 356.510812][ T7264] binder: 7254:7264 ioctl c0306201 0 returned -14 [ 358.619366][ T7278] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 358.627289][ T7278] UDF-fs: Scanning with blocksize 512 failed [ 358.642976][ T7278] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 358.650477][ T7278] UDF-fs: Scanning with blocksize 1024 failed [ 358.657807][ T7278] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 358.665583][ T7278] UDF-fs: Scanning with blocksize 2048 failed [ 358.672208][ T7278] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 358.679791][ T7278] UDF-fs: Scanning with blocksize 4096 failed [ 359.533466][ T7284] Sensor A: ================= START STATUS ================= [ 359.541150][ T7284] Sensor A: Test Pattern: 75% Colorbar [ 359.546853][ T7284] Sensor A: Show Information: All [ 359.551881][ T7284] Sensor A: Vertical Flip: false [ 359.557382][ T7284] Sensor A: Horizontal Flip: false [ 359.562507][ T7284] Sensor A: Brightness: 128 [ 359.567049][ T7284] Sensor A: Contrast: 128 [ 359.571393][ T7284] Sensor A: Hue: 0 [ 359.575242][ T7284] Sensor A: Saturation: 128 [ 359.579746][ T7284] Sensor A: ================== END STATUS ================== [ 362.218258][ T7309] loop2: detected capacity change from 0 to 1024 [ 362.299756][ T7309] EXT4-fs (loop2): Ignoring removed nobh option [ 362.545027][ T7309] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.798: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 362.655992][ T7309] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.798: couldn't read orphan inode 11 (err -117) [ 362.679363][ T7309] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 364.684370][ T7314] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 10: padding at end of block bitmap is not set [ 364.738448][ T7329] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.798: Invalid block bitmap block 0 in block_group 0 [ 364.752396][ T7329] Quota error (device loop2): write_blk: dquota write failed [ 364.759858][ T7329] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 364.769890][ T7329] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.798: Failed to acquire dquot type 0 [ 376.489916][ T7429] netlink: 32 bytes leftover after parsing attributes in process `syz.4.829'. [ 379.298781][ T1425] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.305228][ T1425] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.871195][ T7479] binder: 7468:7479 ioctl c0306201 0 returned -14 [ 384.992973][ T7501] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 385.000602][ T7501] UDF-fs: Scanning with blocksize 512 failed [ 385.015625][ T7501] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 385.027687][ T7501] UDF-fs: Scanning with blocksize 1024 failed [ 385.346447][ T7501] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 385.354129][ T7501] UDF-fs: Scanning with blocksize 2048 failed [ 385.394072][ T7501] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 385.401929][ T7501] UDF-fs: Scanning with blocksize 4096 failed [ 386.439254][ T7519] loop1: detected capacity change from 0 to 1024 [ 386.922181][ T7519] EXT4-fs (loop1): Ignoring removed nobh option [ 387.615512][ T7519] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.854: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 388.744221][ T7519] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.854: couldn't read orphan inode 11 (err -117) [ 388.817135][ T7519] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 389.382946][ T7545] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.854: Invalid block bitmap block 0 in block_group 0 [ 389.399876][ T7545] Quota error (device loop1): write_blk: dquota write failed [ 389.407677][ T7545] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 389.418075][ T7545] EXT4-fs error (device loop1): ext4_acquire_dquot:6197: comm syz.1.854: Failed to acquire dquot type 0 [ 392.242817][ T7568] dccp_close: ABORT with 32 bytes unread [ 394.980765][ T7591] binder: 7580:7591 ioctl c0306201 0 returned -14 [ 395.425072][ T7594] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 395.432701][ T7594] UDF-fs: Scanning with blocksize 512 failed [ 395.440949][ T7594] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 395.448592][ T7594] UDF-fs: Scanning with blocksize 1024 failed [ 395.456602][ T7594] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 395.464208][ T7594] UDF-fs: Scanning with blocksize 2048 failed [ 395.593311][ T7594] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 395.601483][ T7594] UDF-fs: Scanning with blocksize 4096 failed [ 397.582772][ T7606] loop3: detected capacity change from 0 to 1024 [ 397.637690][ T7606] EXT4-fs (loop3): Ignoring removed nobh option [ 398.013285][ T7606] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #11: comm syz.3.873: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 398.359648][ T7606] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.873: couldn't read orphan inode 11 (err -117) [ 398.623079][ T7606] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 399.299714][ T7620] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.873: Invalid block bitmap block 0 in block_group 0 [ 399.317466][ T7620] Quota error (device loop3): write_blk: dquota write failed [ 399.325141][ T7620] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 399.335399][ T7620] EXT4-fs error (device loop3): ext4_acquire_dquot:6197: comm syz.3.873: Failed to acquire dquot type 0 [ 399.798490][ T7623] x_tables: unsorted underflow at hook 3 [ 405.395135][ T7670] loop1: detected capacity change from 0 to 1024 [ 405.672908][ T7670] EXT4-fs (loop1): Ignoring removed nobh option [ 406.476909][ T7670] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.888: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 406.558672][ T7670] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.888: couldn't read orphan inode 11 (err -117) [ 406.841059][ T7687] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 407.137204][ T7670] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 408.468839][ T7696] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.888: Invalid block bitmap block 0 in block_group 0 [ 408.618576][ T7696] Quota error (device loop1): write_blk: dquota write failed [ 408.626257][ T7696] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 408.636575][ T7696] EXT4-fs error (device loop1): ext4_acquire_dquot:6197: comm syz.1.888: Failed to acquire dquot type 0 [ 410.060398][ T7708] netlink: 28 bytes leftover after parsing attributes in process `syz.4.898'. [ 410.194542][ T7716] binder: 7713:7716 ioctl c0306201 0 returned -14 [ 411.393016][ T7730] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 411.400587][ T7730] UDF-fs: Scanning with blocksize 512 failed [ 411.407979][ T7730] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 411.415547][ T7730] UDF-fs: Scanning with blocksize 1024 failed [ 411.422172][ T7730] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 411.429718][ T7730] UDF-fs: Scanning with blocksize 2048 failed [ 411.436618][ T7730] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 411.444108][ T7730] UDF-fs: Scanning with blocksize 4096 failed [ 413.005596][ T7744] loop4: detected capacity change from 0 to 1024 [ 413.182852][ T7744] EXT4-fs (loop4): Ignoring removed nobh option [ 414.016229][ T7744] EXT4-fs error (device loop4): ext4_ext_check_inode:501: inode #11: comm syz.4.909: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 414.183225][ T7744] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.909: couldn't read orphan inode 11 (err -117) [ 415.074626][ T7744] EXT4-fs (loop4): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 416.256813][ T7758] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:476: comm syz.4.909: Invalid block bitmap block 0 in block_group 0 [ 416.271647][ T7758] Quota error (device loop4): write_blk: dquota write failed [ 416.279168][ T7758] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 416.289551][ T7758] EXT4-fs error (device loop4): ext4_acquire_dquot:6197: comm syz.4.909: Failed to acquire dquot type 0 [ 418.266501][ T7775] dccp_close: ABORT with 32 bytes unread [ 419.123169][ T7782] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 419.130686][ T7782] UDF-fs: Scanning with blocksize 512 failed [ 419.138329][ T7782] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 419.145916][ T7782] UDF-fs: Scanning with blocksize 1024 failed [ 419.153981][ T7782] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 419.161503][ T7782] UDF-fs: Scanning with blocksize 2048 failed [ 419.169151][ T7782] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 419.176711][ T7782] UDF-fs: Scanning with blocksize 4096 failed [ 421.367440][ T7797] loop1: detected capacity change from 0 to 1024 [ 421.439733][ T7797] EXT4-fs (loop1): Ignoring removed nobh option [ 421.575118][ T7797] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.923: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 421.693170][ T7797] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.923: couldn't read orphan inode 11 (err -117) [ 421.717515][ T7797] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 423.250376][ T7814] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.923: Invalid block bitmap block 0 in block_group 0 [ 423.276681][ T7814] Quota error (device loop1): write_blk: dquota write failed [ 423.284252][ T7814] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 423.294678][ T7814] EXT4-fs error (device loop1): ext4_acquire_dquot:6197: comm syz.1.923: Failed to acquire dquot type 0 [ 423.465835][ T7817] block nbd3: NBD_DISCONNECT [ 423.474045][ T7816] block nbd3: Disconnected due to user request. [ 423.682918][ T7821] binder: 7798:7821 ioctl c0306201 0 returned -14 [ 423.703706][ T7816] block nbd3: shutting down sockets [ 424.323160][ T7823] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 424.330672][ T7823] UDF-fs: Scanning with blocksize 512 failed [ 424.342697][ T7823] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 424.350287][ T7823] UDF-fs: Scanning with blocksize 1024 failed [ 424.356918][ T7823] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 424.364638][ T7823] UDF-fs: Scanning with blocksize 2048 failed [ 424.371146][ T7823] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 424.378984][ T7823] UDF-fs: Scanning with blocksize 4096 failed [ 424.884657][ T7839] netlink: 4 bytes leftover after parsing attributes in process `syz.0.933'. [ 427.658268][ T7857] tmpfs: Unknown parameter 'usrquota' [ 428.752028][ T7860] loop1: detected capacity change from 0 to 1024 [ 428.963597][ T7860] EXT4-fs (loop1): Ignoring removed nobh option [ 428.996866][ T7868] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 429.397943][ T7860] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.939: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 429.574262][ T7860] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.939: couldn't read orphan inode 11 (err -117) [ 429.727418][ T7877] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 429.735058][ T7877] UDF-fs: Scanning with blocksize 512 failed [ 429.743371][ T7877] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 429.751612][ T7877] UDF-fs: Scanning with blocksize 1024 failed [ 429.759794][ T7877] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 429.767368][ T7877] UDF-fs: Scanning with blocksize 2048 failed [ 429.775262][ T7877] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 429.782963][ T7877] UDF-fs: Scanning with blocksize 4096 failed [ 429.838466][ T26] audit: type=1326 audit(1733069140.645:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7872 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c4c69c849 code=0x7ffc0000 [ 430.057488][ T7860] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 430.172760][ T26] audit: type=1326 audit(1733069140.645:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7872 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c4c69c849 code=0x7ffc0000 [ 430.298264][ T26] audit: type=1326 audit(1733069140.655:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7872 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f4c4c69c849 code=0x7ffc0000 [ 431.828535][ T7888] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.939: Invalid block bitmap block 0 in block_group 0 [ 431.846786][ T7888] Quota error (device loop1): write_blk: dquota write failed [ 431.854334][ T7888] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 431.864662][ T7888] EXT4-fs error (device loop1): ext4_acquire_dquot:6197: comm syz.1.939: Failed to acquire dquot type 0 [ 432.972856][ T7900] binder: 7880:7900 ioctl c0306201 0 returned -14 [ 433.053212][ T7904] netlink: 'syz.0.949': attribute type 1 has an invalid length. [ 435.325978][ T4275] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 435.775599][ T4275] usb 1-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10 [ 435.991924][ T4275] usb 1-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 436.056866][ T4275] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.531802][ T7929] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 436.539721][ T7929] UDF-fs: Scanning with blocksize 512 failed [ 436.548704][ T7929] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 436.556425][ T7929] UDF-fs: Scanning with blocksize 1024 failed [ 436.569294][ T7929] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 436.576884][ T7929] UDF-fs: Scanning with blocksize 2048 failed [ 436.727375][ T4275] usb 1-1: string descriptor 0 read error: -71 [ 436.734603][ T4275] hub 1-1:32.0: USB hub found [ 436.739719][ T7929] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 436.747240][ T7929] UDF-fs: Scanning with blocksize 4096 failed [ 436.854529][ T4275] hub 1-1:32.0: config failed, can't read hub descriptor (err -22) [ 437.182513][ T7935] loop2: detected capacity change from 0 to 1024 [ 437.198474][ T4275] usb 1-1: USB disconnect, device number 5 [ 437.335698][ T7935] EXT4-fs (loop2): Ignoring removed nobh option [ 437.560212][ T7935] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.958: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 437.631131][ T7935] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.958: couldn't read orphan inode 11 (err -117) [ 437.790832][ T7935] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 439.402963][ T7948] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.958: Invalid block bitmap block 0 in block_group 0 [ 439.416947][ T7948] Quota error (device loop2): write_blk: dquota write failed [ 439.424437][ T7948] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 439.434487][ T7948] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.958: Failed to acquire dquot type 0 [ 440.713671][ T1425] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.720216][ T1425] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.442776][ T7988] loop2: detected capacity change from 0 to 1024 [ 445.585238][ T7988] EXT4-fs (loop2): Ignoring removed nobh option [ 445.929540][ T7988] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.972: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 446.323050][ T7988] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.972: couldn't read orphan inode 11 (err -117) [ 446.367886][ T7988] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 446.797254][ T8000] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 446.806168][ T8000] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0 [ 446.945620][ T8004] binder: 7980:8004 ioctl c0306201 0 returned -14 [ 447.482919][ T7993] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 10: padding at end of block bitmap is not set [ 447.500118][ T8003] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.972: Invalid block bitmap block 0 in block_group 0 [ 447.514077][ T8003] Quota error (device loop2): write_blk: dquota write failed [ 447.521491][ T8003] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 447.531536][ T8003] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.972: Failed to acquire dquot type 0 [ 447.610050][ T8002] netlink: 'syz.4.974': attribute type 21 has an invalid length. [ 447.650703][ T8002] netlink: 'syz.4.974': attribute type 1 has an invalid length. [ 447.683042][ T8002] netlink: 144 bytes leftover after parsing attributes in process `syz.4.974'. [ 448.145193][ T8018] ubi0: attaching mtd0 [ 448.189884][ T8018] ubi0: scanning is finished [ 448.203202][ T8018] ubi0: empty MTD device detected [ 448.823553][ T8018] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 449.188128][ T8018] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 449.245278][ T8018] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 449.263258][ T8018] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 449.292797][ T8018] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 449.352770][ T8018] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 449.383747][ T8018] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3697016561 [ 449.393812][ T8018] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 449.474218][ T8024] ubi0: background thread "ubi_bgt0d" started, PID 8024 [ 452.713427][ T8049] binder: 8042:8049 ioctl c0306201 0 returned -14 [ 457.676459][ T8100] overlayfs: missing 'lowerdir' [ 466.193886][ T8181] cgroup: Name too long [ 469.224681][ T8210] page:ffffea0001135940 refcount:4 mapcount:1 mapping:ffff88801c3a8350 index:0x0 pfn:0x44d65 [ 469.236011][ T8210] memcg:ffff88805fcd0000 [ 469.240296][ T8210] aops:shmem_aops ino:ee [ 469.244586][ T8210] flags: 0xfff00000080015(locked|uptodate|lru|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 469.254420][ T8210] raw: 00fff00000080015 ffffea00010f5108 ffffea0001135988 ffff88801c3a8350 [ 469.263027][ T8210] raw: 0000000000000000 0000000000000000 0000000400000000 ffff88805fcd0000 [ 469.271626][ T8210] page dumped because: VM_BUG_ON_PAGE(page_mapped(page)) [ 469.278660][ T8210] page_owner tracks the page as allocated [ 469.284376][ T8210] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 8211, ts 469162254567, free_ts 467802536210 [ 469.299157][ T8210] get_page_from_freelist+0x3b78/0x3d40 [ 469.304727][ T8210] __alloc_pages+0x272/0x700 [ 469.309342][ T8210] alloc_pages_vma+0x39a/0x800 [ 469.314116][ T8210] shmem_alloc_and_acct_page+0x4d1/0xd10 [ 469.319768][ T8210] shmem_getpage_gfp+0x17b1/0x3190 [ 469.324893][ T8210] shmem_read_mapping_page_gfp+0xfd/0x180 [ 469.330634][ T8210] udmabuf_create+0xa62/0x15e0 [ 469.335418][ T8210] udmabuf_ioctl+0x300/0x4e0 [ 469.340024][ T8210] __se_sys_ioctl+0xf1/0x160 [ 469.344629][ T8210] do_syscall_64+0x3b/0xb0 [ 469.349062][ T8210] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 469.354981][ T8210] page last free stack trace: [ 469.359661][ T8210] free_unref_page_prepare+0xc34/0xcf0 [ 469.365138][ T8210] free_unref_page_list+0x1f7/0x8e0 [ 469.370350][ T8210] release_pages+0x1bb9/0x1f40 [ 469.375131][ T8210] __pagevec_release+0x80/0xf0 [ 469.379908][ T8210] shmem_undo_range+0x67a/0x1b50 [ 469.384861][ T8210] shmem_evict_inode+0x21b/0xa00 [ 469.389813][ T8210] evict+0x529/0x930 [ 469.393723][ T8210] __dentry_kill+0x436/0x650 [ 469.398400][ T8210] dentry_kill+0xbb/0x290 [ 469.402753][ T8210] dput+0xd8/0x1a0 [ 469.406487][ T8210] __fput+0x636/0x8e0 [ 469.410482][ T8210] task_work_run+0x129/0x1a0 [ 469.415107][ T8210] do_exit+0x6a3/0x2480 [ 469.419280][ T8210] do_group_exit+0x144/0x310 [ 469.423885][ T8210] get_signal+0xc66/0x14e0 [ 469.428316][ T8210] arch_do_signal_or_restart+0xc3/0x1890 [ 469.434098][ T8210] ------------[ cut here ]------------ [ 469.439561][ T8210] kernel BUG at mm/filemap.c:166! [ 469.444631][ T8210] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 469.450712][ T8210] CPU: 0 PID: 8210 Comm: syz.2.1032 Not tainted 5.15.173-syzkaller #0 [ 469.458874][ T8210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 469.468942][ T8210] RIP: 0010:unaccount_page_cache_page+0x79d/0x8b0 [ 469.475382][ T8210] Code: e8 b8 77 d8 ff 4c 89 f7 48 c7 c6 c0 14 b3 8a e8 c9 c9 0e 00 0f 0b e8 a2 77 d8 ff 4c 89 f7 48 c7 c6 00 15 b3 8a e8 b3 c9 0e 00 <0f> 0b 48 85 ed 75 62 e8 87 77 d8 ff 4c 89 eb eb 60 e8 7d 77 d8 ff [ 469.495015][ T8210] RSP: 0018:ffffc9000369f610 EFLAGS: 00010046 [ 469.501110][ T8210] RAX: a347b823b6108900 RBX: 0000000000000000 RCX: ffff8880293c0000 [ 469.509109][ T8210] RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff [ 469.517099][ T8210] RBP: 0000000000000000 R08: ffffffff81d10e84 R09: ffffed10171c4f24 [ 469.525180][ T8210] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffffd4000226b29 [ 469.533168][ T8210] R13: ffffea0001135948 R14: ffffea0001135940 R15: dffffc0000000000 [ 469.541162][ T8210] FS: 000055557a72b500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 469.550132][ T8210] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 469.556742][ T8210] CR2: 000000110c39509c CR3: 00000000547fb000 CR4: 00000000003506f0 [ 469.564740][ T8210] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 469.572741][ T8210] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 469.580737][ T8210] Call Trace: [ 469.584027][ T8210] [ 469.586968][ T8210] ? __die_body+0x5e/0xa0 [ 469.591318][ T8210] ? die+0x83/0xb0 [ 469.595054][ T8210] ? do_trap+0x11e/0x350 [ 469.599314][ T8210] ? unaccount_page_cache_page+0x79d/0x8b0 [ 469.605136][ T8210] ? unaccount_page_cache_page+0x79d/0x8b0 [ 469.611016][ T8210] ? do_error_trap+0x13d/0x1e0 [ 469.615802][ T8210] ? unaccount_page_cache_page+0x79d/0x8b0 [ 469.621624][ T8210] ? do_int3+0x30/0x30 [ 469.625710][ T8210] ? unaccount_page_cache_page+0x79d/0x8b0 [ 469.631551][ T8210] ? handle_invalid_op+0x2c/0x40 [ 469.636505][ T8210] ? unaccount_page_cache_page+0x79d/0x8b0 [ 469.642447][ T8210] ? exc_invalid_op+0x2f/0x40 [ 469.647139][ T8210] ? asm_exc_invalid_op+0x16/0x20 [ 469.652263][ T8210] ? __dump_page_owner+0x414/0x620 [ 469.657480][ T8210] ? unaccount_page_cache_page+0x79d/0x8b0 [ 469.663295][ T8210] ? rcu_is_watching+0x11/0xa0 [ 469.668071][ T8210] __delete_from_page_cache+0xd1/0x860 [ 469.673554][ T8210] ? __rwlock_init+0x140/0x140 [ 469.678348][ T8210] ? __bpf_trace_file_check_and_advance_wb_err+0x30/0x30 [ 469.685391][ T8210] ? _raw_spin_lock_irq+0xdb/0x110 [ 469.690516][ T8210] ? _raw_spin_lock_irqsave+0x120/0x120 [ 469.696078][ T8210] ? page_mapping+0x312/0x440 [ 469.700773][ T8210] delete_from_page_cache+0x126/0x190 [ 469.706171][ T8210] truncate_inode_page+0x8d/0xb0 [ 469.711133][ T8210] shmem_undo_range+0x535/0x1b50 [ 469.716098][ T8210] ? shmem_truncate_range+0xa0/0xa0 [ 469.721322][ T8210] ? __lock_acquire+0x1ff0/0x1ff0 [ 469.726445][ T8210] ? do_raw_spin_lock+0x14a/0x370 [ 469.731488][ T8210] shmem_evict_inode+0x21b/0xa00 [ 469.736458][ T8210] ? _raw_spin_unlock+0x24/0x40 [ 469.741330][ T8210] ? inode_wait_for_writeback+0x21f/0x280 [ 469.747094][ T8210] ? shmem_free_in_core_inode+0xb0/0xb0 [ 469.752654][ T8210] ? bit_waitqueue+0x30/0x30 [ 469.757259][ T8210] ? do_raw_spin_unlock+0x137/0x8b0 [ 469.762477][ T8210] ? shmem_free_in_core_inode+0xb0/0xb0 [ 469.768038][ T8210] evict+0x529/0x930 [ 469.771949][ T8210] ? mode_strip_sgid+0x210/0x210 [ 469.776904][ T8210] ? _raw_spin_unlock+0x24/0x40 [ 469.781770][ T8210] ? iput+0x6f5/0x8b0 [ 469.785764][ T8210] __dentry_kill+0x436/0x650 [ 469.790367][ T8210] dentry_kill+0xbb/0x290 [ 469.794715][ T8210] dput+0xd8/0x1a0 [ 469.798455][ T8210] __fput+0x636/0x8e0 [ 469.802458][ T8210] task_work_run+0x129/0x1a0 [ 469.807065][ T8210] exit_to_user_mode_loop+0x106/0x130 [ 469.812447][ T8210] exit_to_user_mode_prepare+0xb1/0x140 [ 469.818003][ T8210] syscall_exit_to_user_mode+0x5d/0x240 [ 469.823666][ T8210] do_syscall_64+0x47/0xb0 [ 469.828105][ T8210] ? clear_bhb_loop+0x15/0x70 [ 469.832907][ T8210] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 469.838927][ T8210] RIP: 0033:0x7f063fec4849 [ 469.843374][ T8210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 469.863012][ T8210] RSP: 002b:00007ffdac391618 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 469.871451][ T8210] RAX: 0000000000000000 RBX: 00007f064008bba0 RCX: 00007f063fec4849 [ 469.879447][ T8210] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 469.887440][ T8210] RBP: 00007f064008bba0 R08: 00000000000000c4 R09: 00007ffdac3918ff [ 469.895439][ T8210] R10: 00000000003ffd1c R11: 0000000000000246 R12: 0000000000072124 [ 469.903462][ T8210] R13: 00007ffdac391720 R14: 0000000000000032 R15: ffffffffffffffff [ 469.911468][ T8210] [ 469.914498][ T8210] Modules linked in: [ 469.918434][ T8210] ---[ end trace 5502502c3dbaae49 ]--- [ 469.923992][ T8210] RIP: 0010:unaccount_page_cache_page+0x79d/0x8b0 [ 469.930436][ T8210] Code: e8 b8 77 d8 ff 4c 89 f7 48 c7 c6 c0 14 b3 8a e8 c9 c9 0e 00 0f 0b e8 a2 77 d8 ff 4c 89 f7 48 c7 c6 00 15 b3 8a e8 b3 c9 0e 00 <0f> 0b 48 85 ed 75 62 e8 87 77 d8 ff 4c 89 eb eb 60 e8 7d 77 d8 ff [ 469.950062][ T8210] RSP: 0018:ffffc9000369f610 EFLAGS: 00010046 [ 469.956147][ T8210] RAX: a347b823b6108900 RBX: 0000000000000000 RCX: ffff8880293c0000 [ 469.964118][ T8210] RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff [ 469.972081][ T8210] RBP: 0000000000000000 R08: ffffffff81d10e84 R09: ffffed10171c4f24 [ 469.980045][ T8210] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffffd4000226b29 [ 469.988030][ T8210] R13: ffffea0001135948 R14: ffffea0001135940 R15: dffffc0000000000 [ 469.996000][ T8210] FS: 000055557a72b500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 470.004928][ T8210] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 470.011525][ T8210] CR2: 000000110c39509c CR3: 00000000547fb000 CR4: 00000000003506f0 [ 470.019507][ T8210] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 470.029129][ T8210] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 470.037260][ T8210] Kernel panic - not syncing: Fatal exception [ 470.043687][ T8210] Kernel Offset: disabled [ 470.048013][ T8210] Rebooting in 86400 seconds..