last executing test programs: 10.094310672s ago: executing program 1 (id=906): syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "ff00f7000000000000000000af88008300"}) r1 = syz_open_pts(r0, 0x141601) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0xfffffffc, 0x0, 0x0, "682341f2fd71a6a76177920ea7e60c0ac7a4a5"}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) syz_open_dev$swradio(0x0, 0x1, 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) 9.666158385s ago: executing program 3 (id=910): syz_usb_connect(0x6, 0x24, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500", @ANYRES32=r2], 0x50}, 0x1, 0xba01}, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x404c080) write(r4, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) 9.07288778s ago: executing program 1 (id=917): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x18, 0x3, &(0x7f0000000c40)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d649379071c33390e418ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afcc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab2e4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647323c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151fcda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ecec37e83efceefd7ca2533659edc8bef9cb85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d350000000000000000e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e5a61561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce987c56cd31121624d7455f2a3666276c3c0e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041a1e7b55"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001680)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 8.931218444s ago: executing program 1 (id=918): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000500)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001e40)={0x2c, &(0x7f0000001c00)={0x0, 0x0, 0x1, 'i'}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000001300)={0x34, &(0x7f0000001080), 0x0, 0x0, 0x0, 0x0, 0x0}) 8.454990968s ago: executing program 3 (id=921): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0xaf4, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x303}, "2a4001011f891d5b", "11682d84dd05bb63ae661f051e1e79ceafeaa60a5bd1dc83db142ade2bd907fd", "fd6ed24e", "d4e9e1c90d89691c"}, 0x38) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000540)={0x2020}, 0x2020) 5.515317108s ago: executing program 1 (id=930): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x19, 0x82, 0x30, 0x20, 0x413, 0x6023, 0xece5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xee, 0x48, 0xb1, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0xb}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000340)={0x1c, &(0x7f0000000200)={0x20, 0x14, 0x3, "209b69"}, 0x0, 0x0}) 5.36455637s ago: executing program 3 (id=931): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46a, 0x27, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x3, [{{0x9, 0x4, 0x0, 0x9, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x6, 0xff}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000706000000ff"], 0x0, 0x0, 0x0, 0x0}, 0x0) 5.035268397s ago: executing program 0 (id=935): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x3}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 4.926934816s ago: executing program 0 (id=936): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f00000003c0), &(0x7f0000000100)='./file0\x00', 0x201048c, &(0x7f0000002180)=ANY=[@ANYRES64=0x0, @ANYRES8=r4, @ANYRES64=r2, @ANYRESOCT=0x0, @ANYRESHEX=r1, @ANYRESOCT, @ANYRESOCT=r1], 0xfd, 0x640, &(0x7f0000000680)="$eJzs3c1vHGcdB/DvbDZONpTUTZM2oEq1GgkQFolf5IK5EBBCPlSoKgfOVuI0VjZpsV3kVoia92sP/QPKwTdOSNwjlQsXuPXqYyUkLr1gTotmdna98VvtNvGu288nmn2eZ5+ZZ37Pb3Z2dteKJsCX1sJkmg9TZGHylfWyvbU5297anL3fqyc5l2QjaSZpJCn+2+l0PkxuJkV/mGJXucf7y/OvffTJ1sfdVrNeqvUbh213NBv1kokkZ+rycY1363OPV/RneDPJtbqEoTubpPOIX/zjqX7PgNZ+W58/kRiBJ6voXjf3GE8u1Cd6+Tmge1XsXrNPtY1hBwAAAAAn4OntbGe9uDjsOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC02Ni5/39dre7vXxQbyUSK3v3/x+q+1PXR8uLxVn/4pOIAAAAAAAAAgBP04na2s56LvXanqP7m/1LVuFw9fiVvZTVLWcn1rGcxa1nLSqaTjA8MNLa+uLa2Mn2ELWf23XLmUwI9V5etxzNvAAAAAAAAAPiC+W0Wdv7+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo6BIznSLarncq4+n0UxyPslYud5G8q9e/TR7OOwAAAAA4AQ8vZ3trOdir90pqu/8z1Xf+8/nrTzIWpazlnaWcrv6LaD7rb+xtTnb3tqcvV8ue8f94X+OFUY1Yrq/Pey/56vVGq3cyXL1zPXcyhtp53Ya1Zalq3U8vVF3xfWbMqbiB7UjRna7LsuZv1eXe7x7rMke5Jg/poxXGTnbz8hUHVuZjWd6R2b/I3TMo7N7T9Np9IO9vGtPuybxmXJ+oS7L+fzxoJwPxe5MzAy8+p47POfJN//2l5/fbT+4d/fO6uToTOloztRlp3ps7c3E7EAmnv8iZ2KPqSoTV/rthfwkP8tkJvJqVrKcX2Yxa1nKRH5c1Rbr13MxcMofkKmbj7Re/bRIxupXaPdgHS+ml6ptL2Y5P80buZ2lvFz9m8l0vpu5zGV+4AhfOfwIV2d944CzvvPVfYO/9q260kryp7ocDWVenxnI6+B77njVN/jMTpYuHSFLx3xvbH69rpT7+F1djobdmZgeyMSzh2fiz9Xbymr7wb2Vu4tvHm13l96rK+V59IeRukqUr5dL5cGqWo++Osq+Z/ftm676Lvf7Gnv6rvT7umfqxoFn6lj9GW7vSDNV3/P79s1WfVcH+vb7vAXAyLvw7QtjrX+3/tn6oPX71t3WK+d/dO57514Yy9m/n/1+c+rMNxovFH/NB/n1zvd/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgs1t9+517i+320squSqfTefeArtNc6d3O7AR3+rWnkpGY+1Ar/+t0OvUzxSjEc3ilUxuVeIZRGfIbE/DE3Vi7/+aN1bff+c7y/cXXl15fejA/Nzc/NT/38uyNO8vtpanu47CjBJ6EnYt+1TzmragBAAAAAAAAAACAYTiJ/04w7DkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9vCZJoPU2R66vpU2d7anG2XS6++s2YzSSNJ8auk+DC5me6S8YHhioP28/7y/GsffbL18c5Yzd76jcO2O5qNeslEkjN1+bjGu/W5xyv6MywTdq2XOBi2/wcAAP//fTAP4A==") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @private0, 0x2}, 0x1c) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) 3.946237176s ago: executing program 0 (id=938): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0xaf4, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x303}, "2a4001011f891d5b", "11682d84dd05bb63ae661f051e1e79ceafeaa60a5bd1dc83db142ade2bd907fd", "fd6ed24e", "d4e9e1c90d89691c"}, 0x38) 3.423459441s ago: executing program 2 (id=939): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x18, 0x3, &(0x7f0000000c40)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d649379071c33390e418ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afcc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab2e4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647323c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151fcda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ecec37e83efceefd7ca2533659edc8bef9cb85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d350000000000000000e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e5a61561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce987c56cd31121624d7455f2a3666276c3c0e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041a1e7b55"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001680)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 3.321212329s ago: executing program 2 (id=940): socket$inet_udp(0x2, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) socket(0x1, 0x2, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a00000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) r1 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) writev(r1, &(0x7f0000000240)=[{&(0x7f0000000040)="97003c74a159175c4fc8b38ebdc9990722ddc13782908bda3be35be5afc5f5cafadba8767bc18f", 0x27}, {&(0x7f0000000000)="987aa19a2e0c51e9ddefe01dba3369a8ecbbee78da6ebb008c", 0x19}], 0x2) 3.320139948s ago: executing program 3 (id=941): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0xaf4, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x303}, "2a4001011f891d5b", "11682d84dd05bb63ae661f051e1e79ceafeaa60a5bd1dc83db142ade2bd907fd", "fd6ed24e", "d4e9e1c90d89691c"}, 0x38) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000540)={0x2020}, 0x2020) 3.207980358s ago: executing program 2 (id=942): r0 = syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000006c0)=ANY=[@ANYRES64=0x0, @ANYRES8=0x0, @ANYRESHEX, @ANYRESDEC, @ANYBLOB=',errors=continue,iocharset=cp861,uid=', @ANYRES32, @ANYRES8, @ANYRESHEX=0x0, @ANYBLOB="004b8704a39ec4ecba7f0274f152a4c76d2777397dba6073bd43f93f24f2cfb6eac22c83063bed99f3519f7c0e162ba9ffa617964d688673fa8311", @ANYRESHEX, @ANYBLOB=',iocharset=cp869,errors=continue,\x00'], 0x1, 0x1538, &(0x7f0000003980)="$eJzs3AuYTtUaOPD3XWvtMSbxNcllWGu9my+5LJMkuSTJJUkqSZJbQtIkRxISQ0jSkITkMiaJISSXiUnu9/stIUmaJAnJLVn/Z5K/0+mcf51z+h/nOfP+nmc/1mvvd+13f+988629mfmm69DaTerUaERE8G/BC38kA0AsAAwEgHwAEABAhfgK8dn7c0tM/vdOwv5cD6Rf7grY5cT9z9m4/zkb9z9n4/7nbNz/nI37n7Nx/3M27j9jOdmmqYWv4i3nbvz8Pyfjz///IVllx36xpuw13QBi/mgK9z9n4/7/zwr+yEHc/5yN+59TxV7uAth/AX7/5wS5/uEe7n/Oxv1nLCe73M+fL/cGkf+y1+BI7guN+U9dP2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wx9h9w2l+iAODi+HLXxRhjjDHGGGOMsT+Pz3W5K2CMMcYYY4wxxtj/fwgCJCgIIAZyQSzkhjgQAHAl5IV8EIGrIB6uhvxwDRSAglAICkMCFIGioMGABYIQikFxiMK1UAKug5JQCkpDGXBQFhLheigHN0B5uBEqwE1QEW6GSlAZqkBVuAWqwa1QHW6DGnA71IRaUBvqwB1QF+6EenAX1Ie7oQHcA/fCfdAQ7odG8AA0hgehCTwETeFhaAbNoQW0hFb/Uv5z0BOeh17QG5KhD/SFF6Af9IcB8CIMhJdgELwMg+EVSIEhMBRehWHwGgyH12EEjIRR8AaMhjdhDIyFcTAeUmECpMFbMBHehknwDkyGKZAOU2EavAvTYQbMhPdgFrwPs2EOzIV5kAEfwHxYAJnwISyEj2ARLIYlsBSWwXJYASthFayGNbAW1sF62ABpsAk2wxbYCttgO+yAj2EnfAK7YDfsgU9hL3z2O/kb/yb/1N/kd0NAQIECFSqMwRiMxViMwzjMg3kwL+bFCEYwHuMxP+bHAlgAC2EhTMAELIpF0aBBQsJiWAyjGMUSWAJLYkksjaXRocNETMRyeAOWx/JYAStgRayIlbAyVsaqWBWrYTWsjtWxBtbAmlgTa2NtvAPvwD5YD+thfayPDbDBxcdT2AgbYWNsjE2wCTbFptgMm2ELbIGtsBW2xtbYBttgO2yH7bE9dsAOmIRJ2BE7YifshJ2xM3bBLtgVu2I37I7ds57LBfg8Po+9sabog32xL/bDlFwD8EV8EV/CQfgyvoyvYAoOwaH4Kr6Kr+FwPIkjcCSOwlFYTbyJY3AskhiPqZiKaZiGE3EiZhf6Dk7BdJyK03AaTscZOAPfw1n4Pr6Pc3AOzsMMzMD5uAAzMRMX4ilchItxCS7FZbgcl+FKXIUrcQ2uxTW4HtfjRtyIm3EzbsWtuB2348eoAPAT3I27MQX34l7ch/twP+7HA3gAszALD+JBPISH8DAexiN4BI/iMTyOx/AEnsCTeApP42k8i2fxHD6T8FXjj0utTgGRTQklYkSMiBWxIk7EiTwij8gr8oqIiIh4ES/yi/yigCggColCIkEkiKKiqDDCCBJhDACIqIiKEqKEKClKitKitHDCiUSRKMqJcqK8KC8qiJtERXGzqCQqi7auqqgqqol2rrq4TdQQNURNUUvUFnVEHVFX1BX1RD1RX9QXDUQDca+4TzQUfXAAPiCyO9NEDMGmYig2E82F/OU7WGsxHNuItqKdeEyMxBHYQbR2SeJJ0VGMwU7iL2IsPi26iPHYVTwruonuood4TvQUbVwv0VtMwj6ir5iC/UR/MUC8KKZjLfEezspdW7wiUsQQMVS8Kubha2K4eF2MECPFKPGGGC3eFGPEWDFOjBepYoJIE2+JieJtMUm8IyaLKSJdTBXTxLtiupghZor3xCzxvpgt5oi5Yp7IEB+I+WKByBQfioXiI1FHLBZLxFKxTCwXK8RKsUqsFmvEWrFOrBcbxEaxSWwWW0QsbBPbxQ7xsdgpPhG7xG6xR3wq9orPxD7xudgvvhAHxJciS3wlDoqvxSHxjTgsvhVHxHfiqDgmjovvxQnxgzgpTonT4ow4K34U58RP4rzwAiRKIaVUMpAxMpeMlbllnLxC5pHBL6/uVTJeXi3zy2tkAVlQFpKFZYIsIotKLY20kmQoi8niMiqvlSXkdbKkLCVLyzLSybIyUV4vy8kbZHl5o6wgb5IV5c2ykqwsq8iq8hZZTd4qIXLhHDVlLVlb1pF3yGS4U9aTd8n68m7ZQN4j75X3yYbyftlIPiAbywdlE/mQbCofls1kc9lCtpSt5COytXxUtpFtZTv5mGwvH5cd5BMyST4pO0r/y5fI07KLfEZ2lc/KbrK77CF/kuell71kbwl9QPaVL8h+sr8cEAsA8iU5SL4sB8tXZIocIofKV+Uw+ZocLl+XI+RIOUq+IUfLN+UYOVaOk+Nlqpwg0+RbcqJ8W06S78jJcopMl1PlADnw55lmSvm7+W/9nfzBP599o9wkN8stcqvcJrfLHfJjuVPulLvkLrlH7pF75V65T+6T++V+eUAekFkySx6UB+UheUgeloflEXlEHpXH5Bn5vTwhf5An5Sl5Sp6RZ+VZee6X1wAUKqGkUipQMSqXilW5VZy6QuVRV6q8Kp+KqKtUvLpa5VfXqAKqoCqkCqsEVUQVVVoZZRWpUBVTxVVUXYu/fMGo0qqMcqqsSlTX/zP5qoS6TpVUpX6Vf7G+5H9QXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVJJKUh1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VrJJVX/WC6qf6qwHqRTVQvaQGqUFqsBqsUlSKGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpVqSpNpamJaqKapCapyWqySlfpapqapqar6WqmmqlmqVlqtpqt5qq5KkNlqPlqvspUmWqhWqgWqcVqsVqqlqrlarlaqVaq1Wq1WqvWqvVqvVqkNqlNaovaorapbWqH2qF2qp1ql9il9qg9aq/aq/apfWq/2q8OqAMqS2Wpg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nL/sCEYhABSqICWKC2CA2iAvigjxBniBvkDeIBJEgPogP8gfXBAWCgkGhoHCQEBQJigY6MIENxC9NjwbXBiWC64KSQamgdFAmcEHZIDG4PigX3BCUD24MKgQ3BRWDm4NKQeWgSlA1uCWoFtwaVA9uC2oEtwc1g1pB7aBOcEdQN7gzqBfcFdQP7g4aBPcE9wb3BQ2D+4NGwQNB4+DBoEnwUNA0eDhoFjQPWgQtg1Z/6vzenyz4qOule+tk3Uf31S/ofrq/HqBf1AP1S3qQflkP1q/oFD1ED9Wv6mH6NT1cv65H6JF6lH5Dj9Zv6jF6rB6nx+tUPUGn6bf0RP22nqTf0ZP1FJ2up+pp+l09Xc/QM/V7epZ+X8/Wc/RcPU9n6A/0fL1AZ+oP9UL9kV6kF+sleqleppfrFXqlXqVX6zV6rV6n1+sNeqPepDfrLXqr3qa36x36Y71Tf6J36d16j/5U79Wf6X36c71ff6EP6C91lv5KH9Rf60P6G31Yf6uP6O/0UX1MH9ff6xP6B31Sn9Kn9Rl9Vv+oz+mf9Hntsxf32R/vRhllYkyMiTWxJs7EmTwmj8lr8pqIiZh4E2/ym/ymgClgCplCJsEkmKKmqMlGhkwxU8xETdSUMCVMSVPSlDaljTPOJJpEU86UM+VNeVPBVDAVTUVTyVQyVUwVc4u5xdxqbjW3mdvM7eZ2U8vUMnVMHVPX1DX1TD1T39Q3DUwDc6+51zQ0DU0j08g0No1NE9PENDVNTTPTzLQwLUwr08q0Nq1NG9PGtDPtTHvT3nQwHUySSTIdTUfTyXQynU1n08V0MV1NV9PNdDM9TA/T0/Q0vUwvk2ySTV/T1/Qz/cwAM8AMNAPNIDPIDDaDTYpJMUPNUDPMDDPDzXAzwow0o7IXquZNM8aMNePMeJNqUk2aSTMTzUQzyUwyk81kk27SzTQzzUw3081MM9PMMrPMbDPbzDVzTYbJMPPNfJNpMs1Cs9AsMovMErPELDPLzAqzwqwyq8was8asg3Vmg9lgNplNZovZYraZbWaH2WF2mp1ml9ll9pg9Zq/Za/aZfWa/2W8OmAMmy2SZg+agOWQOmcPmsDlijpij5qg5bo6bE+aEOWlOmtPmtDlrCv7yeelNrM1t4+wVNo+90ua1+ezfxoVsYZtgi9iiVtsCtuCvYmOtLWlL2dK2jHW2rE201/8mrmQr2yq2qr3FVrO32uq/ievaO209e5etb++2dewdv4ob2Hts9uqkISKAbW4b25a2iX3INrUP22a2uW1hW9r29nHbwT5hk+yTtqN96jfxfLvArrKr7Rq71u6yu+1pe8Yest/Ys/ZH28v2tgPtS3aQfdkOtq/YFDvkN/Eo+4Ydbd+0Y+xYO86O/0082U6x6XaqnWbftdPtjN/EGfYDO8tm2tl2jp1r5/0cZ9eUaT+0C+1HdpENYIldapfZ5XaFXXmxVp/Prrcb7Ea7035it9itdpvdbndcXAjb3XaP/dTutZ/Zg/Zru99+YQ/YwzbLfvVznH19h+239oj9zh61x+xx+709YX9QF7Ozr/17+5M9b70FQgKSpCigGMpFsZSb4ugKykNXUl7KRxG6iuLpaspP11ABKkiFqDAlUBEqSpoMWSIKqRgVpyhdSxfLK01lyFFZSqTrqRzdQOXpRqpAN1FFupkqUWWqQlXpFqpGt1J1uo1q0O1Uk2pRbapDd1BdupPq0V1Un+6mBnQP3Uv3UUO6nxrRA9SYHqQm9BA1pYepGTWnFtSSWtEj1JoepTbUltrRY9SeHqcO9AQl0ZPUkZ6iTvQX6kxPUxd6hrrSs9SNulMPeo560vPUi3pTMvWhvvQC9aP+NIBepIH0Eg2il2kwvUIpNISG0qs0jF6j4fQ6jaCRNIreoNH0Jo2hsTSOxlMqTaA0eosm0ts0id6hyTSF0mkqTaN3aTrNoJn0Hs2i92k2zaG5NI8y6AOaTwsokz6khfQRLaLFtISW0jJaTitoJa2i1bSG1tI6Wk8baCNtos20hbbSNtpOO+hj2kmf0C7aTXvoU9pLnxHS57SfvqAD9CVl0Vd0kL6mQ/QNHaZvfW/6jo7SMTpO39MJ+oFO0ik6TWfoLP1I5+gnOk+eIMRQhDJUYRDGhLnC2DB3GBdeEeYJrwzzhvnCSHhVGB9eHeYPrwkLhAXDQmHhMCEsEhYNdWhCG1IYhsXC4mE0vDYsEV4XlgxLhaXDMqELy4aJ4fVhufCGsHx4Y1ghvCmsGN4cVgorhw/dXTW8JawW3hpWD28La4S3hzXDWmHtsE54R1g3vDOsF94V1g/vDsuH94T3hveFDcP7w0bhA2Hj8MGwSfhQ2DR8OGwWNg9bhC3DVuEjYevw0bBN2DZsFz4Wtg8fDzuET4RJ4ZNhx/Cpn/ffs+Af708O+4R9wxfCF0Lv75Jzo/OiGdEPovOjC6KZ0Q+jC6MfRRdFF0eXRJdGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGva+TCxw64aRTLnAxLpeLdbldnLvC5XFXurwun4u4q1y8u9rld9e4Aq6gK+QKuwRXxBV12hlnHbnQFXPFXdRd60q461xJV8qVdmWcc2VdomvpWrlWrrV71LVxbV0795h7zD3uHndPuCfck66je8p1cn9xnd3Trot7xj3jnnXdXHfXwz3neroJeS+8J5NdX9fX9XP93AA3wA10A90gN8gNdoNdiktxQ91QN8wNc8PdcDfCjXCj3Cg32o12Y9wYN86Nc6ku1aW5NDfRTXST3CQ32U126S7dTXPT3HQ33VWbceEss91sN9fNdRkuw8132WvGTLfQLXSL3CK3xC1xy9wyt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfD7XA73U63y+e7MKnb6/a5fW6/2+8OuC9dlvvKHXRfu0PuG3fYfeuOuO/cUXfMHXffuxPuB3fSnXKn3Rl31v3ozrmf3HnnXWpkQiQt8lZkYuTtyKTIO5HJkSmR9MjUyLTIu5HpkRmRmZH3IrMi70dmR+ZE5kbmRTIiH0TmRxZEMiMfRhZGPoosiiyOLIksjSyLLI94X2RL6Iv54j7qr/Ul/HW+pC/lS/sy3vmyPtFf78v5G3x5f6Ov4G/yFf3NvpKv7Kv4h30z39y38C19K/+Ib+0f9W18W9/OP+bb+8d9B/+ET/JP+o7+Kd/J/8V39k/7Lv4Z39U/67v57r6Hf8739M/7Xr63T/Z9fF//gu/n+/sB/kU/0L/kB/mX/WD/ik/xQ/xQ/6of5l/zw/3rfoQf6UfFvOFHX7xFhvE+1U/waf4tP9G/7Sf5d/xkP8Wn+6l+mn/XT/cz/Ez/np/l3/ez/Rw/18/zGf4DP98v8Jn+Q7/Qf+QX+cUXHyr7FX6lX+VX+zV+rV/n1/sNfqPf5Df7LX6r3+a3+x3+Y7/Tf+J3+d1+j//U7/Wf+X3+c7/ff+EP+C99lv/KH/Rf+0P+G3/Yf+uP+O/8UX/MH/ff+xP+B3/Sn/Kn/Rl/1v/oz/mf/Pk/9DNryX/4qThjjDHG2P+qCZeG4td7LjzO7/N3csRfHdwXAK7cWjjrr/dnryjXFbgw7i8S2kcA4MneXR+4uNWsmZx8cSW2SEJQfA7AxX8JyhYDl+LF0A4ehyRoC+X+bv39Rfez9DvzR28CiPurnFi4FF+a/3MA/O36sL945LFR8yuGp+P/H/PPAShZ/FJObrgUL4Z2Pz9faQvl/0H9BVv/Tv25v0gFaPNXOXngUnyp/kR4FJ6CpF8dyRhjjDHGGGOMXdBfVOl88f7z4v/4/Hv35wnqUk4uuBT/3v05Y4wxxhhjjDHGLr+nu/d44pGkpLad//lB9d8/Rv1rM/88aAr/amE8+JcG3gP838YBwL85IUD2QP4nr2Lzf+RcKb+8df5217IzPoD/jlb+GYPL/I2JMcYYY4wx9qe7tOj/9d+ry1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWA/27v+MN/sBv6bvc18gYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xdbv8nAAD//8/q+bs=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b400000040008", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x13, 0x17, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811000051c36ce82677a1cc881a0f110a519d9e96ae58a6b63f4b6948ce580f5409ef83b6973fc7b6705a08993780b87632aa55e66ceac4411167284d2fcd02709059bf407659eb1c0bb85db236b47839924c83af75b9dcd68ad0c1390258ec330fe85aff800f2eab479dbed5d001e6e4e2815cf7cd93f5f2a97c0ff5c721e4864036cfb61fa7d4bda8a8a642f16fc365f7dd86755b5f44938c86030957453e236568f1017eb95340e0c2a6bcfcce8d59da5f0af66198a0819cc38c15757a58f7371a239b3cb2b0c5a691f1d4d8abfecbf8c0ebdd47be31b89fc1e3dffe1cd2da8dd607e6e6ee8b6b26fce75fd3fee604cb3d818c2411173f252a74fef14a9ed1a33b59efd2705cc8e6dd2a51c5cdc2cb624608aaf18fbf679d698ddf15d0598e59f21d282beb99891694dcc8c2306d4ea2ff059a2172d2b4c1035478fdbdb402f25f857f9980027149cec5e40fa9369de5845e6a6118ee0643457e232273b77b2a5751dd85438e1b370292fa734081876d02abf308dbca879fd9df9d8687acffe1375df1ab253b0a38356706472bc0193b6f9594d27f6ecbff238a9beca63bee72f61788cb7b6eb3c89bd8f8c58d355a3c0682a5acccd330077b7dd75b0e73543b23f61ff43f775f1eaa", @ANYRESDEC=r5], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0x5, 0x0, 0x7}, 0xc) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @private}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r7, 0x89f3, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}}}) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r8 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) 2.831769623s ago: executing program 1 (id=943): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) name_to_handle_at(r1, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)=@FILEID_BTRFS_WITHOUT_PARENT={0x28}, &(0x7f0000000300), 0x200) 2.742393424s ago: executing program 1 (id=944): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406f90005240000000d"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000002c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x20, 0x80, 0x1c, {0x9, 0x926, 0x6, 0x4, 0x2, 0x8, 0x7, 0x0, 0x25f, 0x8000, 0x4, 0xf644}}, 0x0, 0x0, 0x0, 0x0}) 2.248959187s ago: executing program 2 (id=945): syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "ff00f7000000000000000000af88008300"}) r1 = syz_open_pts(r0, 0x141601) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0xfffffffc, 0x0, 0x0, "682341f2fd71a6a76177920ea7e60c0ac7a4a5"}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) syz_open_dev$swradio(0x0, 0x1, 0x2) 2.17718908s ago: executing program 4 (id=946): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}], 0x10, 0x0, @void, @value}, 0x90) r0 = socket$kcm(0x2, 0x1, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10) sendmsg$inet(r0, 0x0, 0x0) 2.099256912s ago: executing program 4 (id=947): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) io_submit(0x0, 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x100, 0x1, 0x0, 0xc7}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x13012, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r3, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 1.453900666s ago: executing program 2 (id=948): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f00000003c0), &(0x7f0000000100)='./file0\x00', 0x201048c, &(0x7f0000002180)=ANY=[@ANYRES64=0x0, @ANYRES8=r4, @ANYRES64=r2, @ANYRESOCT=0x0, @ANYRESHEX=r1, @ANYRESOCT, @ANYRESOCT=r1], 0xfd, 0x640, &(0x7f0000000680)="$eJzs3c1vHGcdB/DvbDZONpTUTZM2oEq1GgkQFolf5IK5EBBCPlSoKgfOVuI0VjZpsV3kVoia92sP/QPKwTdOSNwjlQsXuPXqYyUkLr1gTotmdna98VvtNvGu288nmn2eZ5+ZZ37Pb3Z2dteKJsCX1sJkmg9TZGHylfWyvbU5297anL3fqyc5l2QjaSZpJCn+2+l0PkxuJkV/mGJXucf7y/OvffTJ1sfdVrNeqvUbh213NBv1kokkZ+rycY1363OPV/RneDPJtbqEoTubpPOIX/zjqX7PgNZ+W58/kRiBJ6voXjf3GE8u1Cd6+Tmge1XsXrNPtY1hBwAAAAAn4OntbGe9uDjsOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC02Ni5/39dre7vXxQbyUSK3v3/x+q+1PXR8uLxVn/4pOIAAAAAAAAAgBP04na2s56LvXanqP7m/1LVuFw9fiVvZTVLWcn1rGcxa1nLSqaTjA8MNLa+uLa2Mn2ELWf23XLmUwI9V5etxzNvAAAAAAAAAPiC+W0Wdv7+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo6BIznSLarncq4+n0UxyPslYud5G8q9e/TR7OOwAAAAA4AQ8vZ3trOdir90pqu/8z1Xf+8/nrTzIWpazlnaWcrv6LaD7rb+xtTnb3tqcvV8ue8f94X+OFUY1Yrq/Pey/56vVGq3cyXL1zPXcyhtp53Ya1Zalq3U8vVF3xfWbMqbiB7UjRna7LsuZv1eXe7x7rMke5Jg/poxXGTnbz8hUHVuZjWd6R2b/I3TMo7N7T9Np9IO9vGtPuybxmXJ+oS7L+fzxoJwPxe5MzAy8+p47POfJN//2l5/fbT+4d/fO6uToTOloztRlp3ps7c3E7EAmnv8iZ2KPqSoTV/rthfwkP8tkJvJqVrKcX2Yxa1nKRH5c1Rbr13MxcMofkKmbj7Re/bRIxupXaPdgHS+ml6ptL2Y5P80buZ2lvFz9m8l0vpu5zGV+4AhfOfwIV2d944CzvvPVfYO/9q260kryp7ocDWVenxnI6+B77njVN/jMTpYuHSFLx3xvbH69rpT7+F1djobdmZgeyMSzh2fiz9Xbymr7wb2Vu4tvHm13l96rK+V59IeRukqUr5dL5cGqWo++Osq+Z/ftm676Lvf7Gnv6rvT7umfqxoFn6lj9GW7vSDNV3/P79s1WfVcH+vb7vAXAyLvw7QtjrX+3/tn6oPX71t3WK+d/dO57514Yy9m/n/1+c+rMNxovFH/NB/n1zvd/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgs1t9+517i+320squSqfTefeArtNc6d3O7AR3+rWnkpGY+1Ar/+t0OvUzxSjEc3ilUxuVeIZRGfIbE/DE3Vi7/+aN1bff+c7y/cXXl15fejA/Nzc/NT/38uyNO8vtpanu47CjBJ6EnYt+1TzmragBAAAAAAAAAACAYTiJ/04w7DkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9vCZJoPU2R66vpU2d7anG2XS6++s2YzSSNJ8auk+DC5me6S8YHhioP28/7y/GsffbL18c5Yzd76jcO2O5qNeslEkjN1+bjGu/W5xyv6MywTdq2XOBi2/wcAAP//fTAP4A==") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @private0, 0x2}, 0x1c) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) 1.256925578s ago: executing program 4 (id=949): socket$nl_generic(0x10, 0x3, 0x10) socket$key(0xf, 0x3, 0x2) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000080)=0x400000001, 0x4) setsockopt$inet6_tcp_int(r1, 0x6, 0x22, &(0x7f0000356000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000340)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) sendmmsg(r1, &(0x7f0000001880)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)='\r', 0x1}], 0x1}}], 0x1, 0x400c878) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) 842.087052ms ago: executing program 0 (id=950): syz_usb_connect(0x6, 0x24, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500", @ANYRES32=r2], 0x50}, 0x1, 0xba01}, 0x0) 573.802523ms ago: executing program 2 (id=951): r0 = socket(0x2b, 0x1, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00'}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) 374.555392ms ago: executing program 4 (id=952): socket$inet_udp(0x2, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) socket(0x1, 0x2, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a00000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) r1 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) writev(r1, &(0x7f0000000240)=[{&(0x7f0000000040)="97003c74a159175c4fc8b38ebdc9990722ddc13782908bda3be35be5afc5f5cafadba8767bc18f", 0x27}, {&(0x7f0000000000)="987aa19a2e0c51e9ddefe01dba3369a8ecbbee78da6ebb008c", 0x19}], 0x2) 249.722104ms ago: executing program 0 (id=953): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="02000000050000f586"]) 208.674736ms ago: executing program 4 (id=954): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) name_to_handle_at(r1, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)=@FILEID_BTRFS_WITHOUT_PARENT={0x28}, &(0x7f0000000300), 0x200) 202.490142ms ago: executing program 3 (id=955): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18020100000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff0000", @ANYRES32=r0, @ANYBLOB="0000000002000000b70500000800000085000000c500000095"], &(0x7f0000000640)='syzkaller\x00', 0x8, 0xff6, &(0x7f0000001e00)=""/4086, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 114.901254ms ago: executing program 4 (id=956): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) syz_emit_ethernet(0x8a, &(0x7f0000000200)=ANY=[], 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000400)='net/mcfilter6\x00') r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r3, 0x541c, &(0x7f0000000000)) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000400)='./file1\x00', 0x0, &(0x7f0000000900)=ANY=[], 0xff, 0x1f9, &(0x7f0000000700)="$eJzsmb9rFEEUx78zu7mNQQQbCxsLA0Y0++tU0qSIIFaCEEUtD7MJp5ucXFZIAkKCjY2liGDrP2BhcbWdna0WKggWXilYCCPz43bHu9tzhZM7yPvAzX3n7dv3ZubuvsUtCII4tHz5/OPT08tLN84DOIp5eCb+zSlyuJX/8cXDc8+Wr7x8/eHV261jjzr99WYBCIFa1f4M2MeKg6zk+rwcnv8ZuwmOs0bfAoOv5S+h0JMEDHdMzj1Lt44YkSb+3Va6tt5Mk1AOkRxiOdTtXi6A7gHDWr43IZh1fXt3734jTZN2v5gRvT4Dl/5VjDo/tb4VjmUzl+uTn9ftJ48P5NycDUJwfZYAInBERtfBsGr0Ejz4vl8cibX/k25R36my/0kJ9lN/DWTk+OLYWziY9AanVQhvKpZRQbD+iPxB55ET3c67wbu+/sf1eOOpw1DiOMq4AOSRqybn/VyaXqvcAvu6TBHpufzQuwp/Yi5wxvInF27uH0G2+SDY3t1bbG42NpKNZCuO65fCC2F4MQ7Wmx7CQNnRCP+bVf40Z9WfKcmtsRp2GlnWjnaArB3l81iPluOuvml9V/dw5X8cC6d1DXnIatve8B7MvLh6l2rBKV08QRAEQRAEQRAEQRAEQRDEX7H/jDwFBv0IRD2oEiXE11X27wAAAP//ndJmFg==") 57.013067ms ago: executing program 3 (id=957): r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x1, @loopback, 0x8}, 0x1c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) sendfile(r0, r1, 0x0, 0x180000000000000) 0s ago: executing program 0 (id=958): socket$inet6(0xa, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6(0xa, 0x3, 0x4) read$FUSE(0xffffffffffffffff, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r0, &(0x7f00000003c0)=""/102392, 0x18ff8) bind$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88bd9edace00000000000000002100000002ff02000000000000000000000000000104004e20004d"], 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) eventfd2(0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000280)={0x0, 0x0}) kernel console output (not intermixed with test programs): [ 62.897373][ T5857] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 62.908156][ T5857] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 62.975408][ T5844] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.985624][ T5844] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.998120][ T5844] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.030413][ T5844] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.071018][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.110092][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 63.118791][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 63.143042][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 63.155577][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 63.173386][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.197450][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.233413][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.246871][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.254058][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.274279][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.281371][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.299761][ T5857] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.321420][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.328537][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.350846][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.364278][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.371360][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.403439][ T1334] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.410506][ T1334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.444957][ T1334] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.452031][ T1334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.536984][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.561830][ T5857] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 63.579823][ T5857] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.597670][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.633099][ T5850] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.685013][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.697580][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.708093][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.728697][ T1032] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.736045][ T1032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.782089][ T1032] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.789242][ T1032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.799504][ T1032] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.806645][ T1032] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.835055][ T1032] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.842182][ T1032] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.950220][ T5841] veth0_vlan: entered promiscuous mode [ 63.989158][ T5841] veth1_vlan: entered promiscuous mode [ 64.014620][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.047070][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.099159][ T5841] veth0_macvtap: entered promiscuous mode [ 64.154586][ T5841] veth1_macvtap: entered promiscuous mode [ 64.224220][ T5857] veth0_vlan: entered promiscuous mode [ 64.238687][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.254443][ T54] Bluetooth: hci1: command tx timeout [ 64.254770][ T5157] Bluetooth: hci3: command tx timeout [ 64.264897][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.275489][ T5850] veth0_vlan: entered promiscuous mode [ 64.286035][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.307889][ T5841] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.317113][ T5841] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.326034][ T5841] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.332617][ T5157] Bluetooth: hci4: command tx timeout [ 64.336521][ T54] Bluetooth: hci2: command tx timeout [ 64.340078][ T5854] Bluetooth: hci0: command tx timeout [ 64.351643][ T5841] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.370125][ T5857] veth1_vlan: entered promiscuous mode [ 64.378576][ T5850] veth1_vlan: entered promiscuous mode [ 64.421954][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.474866][ T5844] veth0_vlan: entered promiscuous mode [ 64.517955][ T5844] veth1_vlan: entered promiscuous mode [ 64.539945][ T5850] veth0_macvtap: entered promiscuous mode [ 64.551718][ T5857] veth0_macvtap: entered promiscuous mode [ 64.589644][ T5844] veth0_macvtap: entered promiscuous mode [ 64.599230][ T5857] veth1_macvtap: entered promiscuous mode [ 64.616857][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.628141][ T5850] veth1_macvtap: entered promiscuous mode [ 64.635553][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.653160][ T5844] veth1_macvtap: entered promiscuous mode [ 64.696839][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.717594][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.729916][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.751294][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.762983][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.772842][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.783367][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.794919][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.809466][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.813167][ T1032] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.830232][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.830365][ T1032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.845454][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.866663][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.877915][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.888356][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.899702][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.909787][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.921190][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.932239][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.945663][ T5844] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.957377][ T5844] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.967722][ T5844] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.977393][ T5844] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.988901][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.001377][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.011839][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.023241][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.034645][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.047648][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.058878][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.070028][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.085852][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.097004][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.107578][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.119042][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.119849][ T5841] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 65.157093][ T5850] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.166289][ T5850] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.175410][ T5850] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.184283][ T5850] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.214293][ T5842] veth0_vlan: entered promiscuous mode [ 65.234324][ T5857] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.243388][ T5857] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.252437][ T5857] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.261133][ T5857] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.307291][ T5842] veth1_vlan: entered promiscuous mode [ 65.329802][ T5842] veth0_macvtap: entered promiscuous mode [ 65.338582][ T5842] veth1_macvtap: entered promiscuous mode [ 65.353701][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.364466][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.374741][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.385552][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.395574][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.406027][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.415943][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.426427][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.438075][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.449882][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.460948][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.470797][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.481359][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.491361][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.501831][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.511681][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.522324][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.533899][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.544086][ T5842] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.552875][ T5842] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.561577][ T5842] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.570511][ T5842] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.696602][ T1032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.706150][ T1032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.789774][ T1032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.822505][ T1032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.836035][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.843948][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.913205][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.943800][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.957959][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.966149][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.989415][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.002178][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.111293][ T5948] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 66.139857][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.142984][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.147894][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.167687][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.292993][ T5952] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 66.339089][ T5854] Bluetooth: hci3: command tx timeout [ 66.348314][ T5854] Bluetooth: hci1: command tx timeout [ 66.413219][ T5854] Bluetooth: hci0: command tx timeout [ 66.419050][ T5157] Bluetooth: hci4: command tx timeout [ 66.424665][ T5157] Bluetooth: hci2: command tx timeout [ 66.429462][ T5957] loop0: detected capacity change from 0 to 1024 [ 66.492010][ T5957] loop0: detected capacity change from 0 to 16 [ 66.537604][ T5958] loop3: detected capacity change from 0 to 512 [ 66.546169][ T5957] erofs: (device loop0): mounted with root inode @ nid 36. [ 66.609469][ T5962] loop4: detected capacity change from 0 to 512 [ 66.624856][ T5960] loop1: detected capacity change from 0 to 512 [ 66.633871][ T5962] EXT4-fs: Ignoring removed i_version option [ 66.641262][ T5960] EXT4-fs: Ignoring removed orlov option [ 66.643703][ T5962] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 66.679601][ T5962] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 66.807483][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 66.960811][ T5958] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #12: comm syz.3.12: corrupted in-inode xattr: invalid ea_ino [ 66.963042][ T5960] EXT4-fs error (device loop1): dx_probe:823: inode #2: comm syz.1.2: Attempting to read directory block (0) that is past i_size (256) [ 67.012290][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 67.025535][ T5958] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.12: couldn't read orphan inode 12 (err -117) [ 67.032442][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 67.291116][ T5958] EXT4-fs (loop3): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 67.330201][ T5960] EXT4-fs (loop1): Remounting filesystem read-only [ 67.335607][ T5962] EXT4-fs (loop4): 1 truncate cleaned up [ 67.342367][ T5960] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 67.343255][ T5960] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 67.548183][ T5962] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 67.597632][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.656707][ T5970] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 68.087630][ T5850] EXT4-fs (loop3): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 68.135419][ T5972] loop2: detected capacity change from 0 to 512 [ 68.191925][ T5972] ======================================================= [ 68.191925][ T5972] WARNING: The mand mount option has been deprecated and [ 68.191925][ T5972] and is ignored by this kernel. Remove the mand [ 68.191925][ T5972] option from the mount to silence this warning. [ 68.191925][ T5972] ======================================================= [ 68.273739][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 68.282549][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 68.292214][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 68.459042][ T5972] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 68.505229][ T54] Bluetooth: hci1: command tx timeout [ 68.510975][ T54] Bluetooth: hci3: command tx timeout [ 68.516837][ T54] Bluetooth: hci0: command tx timeout [ 68.522404][ T54] Bluetooth: hci2: command tx timeout [ 68.527916][ T54] Bluetooth: hci4: command tx timeout [ 68.569075][ T5972] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 68.626072][ T5972] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e800e118, mo2=0003] [ 68.651356][ T5972] System zones: 0-1, 15-15, 18-18, 34-34 [ 68.661350][ T5972] EXT4-fs (loop2): orphan cleanup on readonly fs [ 68.668237][ T5972] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 68.677979][ T5972] EXT4-fs warning (device loop2): ext4_enable_quotas:7105: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 68.693259][ T5972] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 68.758344][ T5972] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.14: bg 0: block 40: padding at end of block bitmap is not set [ 68.804411][ T5972] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 68.845447][ T5972] EXT4-fs (loop2): 1 truncate cleaned up [ 68.851992][ T5972] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 68.893529][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.906757][ T5977] kvm: kvm [5976]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x15e00000070 [ 68.923352][ T5977] kvm: kvm [5976]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x15f00000044 [ 68.941787][ T5977] kvm: kvm [5976]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0x2d7000000f0 [ 69.193270][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.638768][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.716961][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.742311][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.800938][ T0] NOHZ tick-stop error: local softirq work is pending, handler #302!!! [ 70.902175][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 71.541129][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.547761][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.060920][ T5999] loop3: detected capacity change from 0 to 32768 [ 72.095564][ T5999] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.22 (5999) [ 72.527647][ T5999] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 72.617801][ T5999] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 72.777686][ T5999] BTRFS info (device loop3): disk space caching is enabled [ 72.995576][ T5999] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 73.485306][ T6031] loop2: detected capacity change from 0 to 512 [ 73.661720][ T6031] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 74.631831][ T6037] Zero length message leads to an empty skb [ 74.661438][ T54] Bluetooth: hci4: command 0x0405 tx timeout [ 75.242603][ T5999] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 75.246869][ T5999] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 75.259808][ T6031] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2863: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 75.298613][ T5999] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 75.298788][ T5999] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 75.327707][ T6025] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 75.355307][ T6031] EXT4-fs (loop2): 1 truncate cleaned up [ 75.361836][ T6031] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.412827][ T5999] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 75.413068][ T5999] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 75.432432][ T5999] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 75.470607][ T5999] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 75.504872][ T5999] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 75.524201][ T5999] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 75.539883][ T5999] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 75.626707][ T5999] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 75.682923][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.739698][ T5999] BTRFS error (device loop3): open_ctree failed [ 75.938976][ T6041] loop4: detected capacity change from 0 to 32768 [ 76.372466][ T6041] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.34 (6041) [ 76.509820][ T6041] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 76.562237][ T6041] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 76.571498][ T6041] BTRFS info (device loop4): disk space caching is enabled [ 76.636763][ T6068] loop0: detected capacity change from 0 to 16 [ 76.640166][ T6041] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 76.803291][ T6066] loop2: detected capacity change from 0 to 1024 [ 76.836578][ T6072] loop1: detected capacity change from 0 to 8 [ 76.854494][ T6068] erofs: (device loop0): mounted with root inode @ nid 36. [ 76.858102][ T25] cfg80211: failed to load regulatory.db [ 76.943107][ T6072] squashfs: Unknown parameter '' [ 77.537955][ T6090] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 77.551787][ T6090] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 77.612147][ T6041] BTRFS info (device loop4): rebuilding free space tree [ 77.756334][ T6041] BTRFS info (device loop4): disabling free space tree [ 77.802300][ T6041] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 78.174435][ T6041] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 78.505942][ T5842] BTRFS info (device loop4): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 79.688554][ T6109] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 80.063664][ T6123] loop4: detected capacity change from 0 to 1024 [ 80.235139][ T6100] loop1: detected capacity change from 0 to 32768 [ 80.273177][ T6100] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.41 (6100) [ 80.314538][ T6100] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 80.357041][ T6100] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 80.380949][ T6100] BTRFS info (device loop1): using free-space-tree [ 80.481378][ T6100] BTRFS info (device loop1): rebuilding free space tree [ 80.679119][ T29] audit: type=1800 audit(1730487126.972:2): pid=6100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.41" name="bus" dev="loop1" ino=263 res=0 errno=0 [ 81.008986][ T6119] loop3: detected capacity change from 0 to 32768 [ 81.037354][ T6119] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.48 (6119) [ 81.069108][ T6119] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 81.092257][ T6119] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 81.101511][ T6119] BTRFS info (device loop3): disk space caching is enabled [ 81.152217][ T6119] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 81.179456][ T5857] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 82.517295][ T6119] BTRFS info (device loop3): rebuilding free space tree [ 82.592965][ T6119] BTRFS info (device loop3): disabling free space tree [ 82.599988][ T6119] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 82.658145][ T6119] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 83.025115][ T6170] loop4: detected capacity change from 0 to 32768 [ 83.561499][ T6143] loop0: detected capacity change from 0 to 32768 [ 83.628558][ T6143] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.50 (6143) [ 83.730925][ T6177] loop1: detected capacity change from 0 to 16 [ 83.746901][ T6177] erofs: (device loop1): mounted with root inode @ nid 36. [ 84.183335][ T6170] BTRFS: device /dev/loop4 (7:4) using temp-fsid 86c86889-8c83-49c9-b8a6-9c046cd3d4e2 [ 84.193386][ T6170] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.54 (6170) [ 84.227921][ T5850] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 84.271112][ T6177] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 84.359032][ T6177] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 84.410868][ T6170] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 84.450476][ T6170] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 84.595941][ T6170] BTRFS info (device loop4): disk space caching is enabled [ 84.603500][ T6170] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 84.703418][ T836] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 84.915704][ T6190] loop2: detected capacity change from 0 to 128 [ 85.048185][ T6194] usb usb9: usbfs: process 6194 (syz.1.59) did not claim interface 0 before use [ 85.736362][ T6170] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 85.737006][ T6170] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 85.937762][ T836] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 85.958563][ T836] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 86.974252][ T836] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 87.332787][ T836] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 87.345449][ T6170] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 87.345499][ T836] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.345707][ T6170] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 87.361165][ T836] usb 1-1: Product: syz [ 87.375922][ T836] usb 1-1: Manufacturer: syz [ 87.380531][ T836] usb 1-1: SerialNumber: syz [ 87.494429][ T6199] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 87.572503][ T6170] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 87.572730][ T6170] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 87.598468][ T836] usb 1-1: can't set config #1, error -71 [ 87.617731][ T836] usb 1-1: USB disconnect, device number 2 [ 87.649450][ T6170] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 87.654935][ T6170] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 87.955829][ T6170] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 88.048509][ T6170] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 88.295121][ T6170] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 88.324301][ T6170] BTRFS error (device loop4): open_ctree failed [ 88.489173][ T6218] loop0: detected capacity change from 0 to 256 [ 88.544666][ T6218] exfat: Deprecated parameter 'codepage' [ 88.578068][ T6218] exfat: Bad value for 'codepage' [ 88.692906][ T6218] loop0: detected capacity change from 256 to 0 [ 90.373362][ T6226] loop4: detected capacity change from 0 to 32768 [ 90.395661][ T6226] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.67 (6226) [ 90.420975][ T6226] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 90.433268][ T6226] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 90.441932][ T6226] BTRFS info (device loop4): using free-space-tree [ 90.642641][ T836] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 90.755746][ T6255] loop0: detected capacity change from 0 to 256 [ 90.800813][ T6255] exfat: Deprecated parameter 'codepage' [ 90.818478][ T6255] exfat: Bad value for 'codepage' [ 90.891514][ T6259] 9pnet_virtio: no channels available for device syz [ 90.967138][ T6266] input: syz1 as /devices/virtual/input/input5 [ 91.005872][ T836] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 91.052512][ T836] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 91.114412][ T6226] BTRFS info (device loop4): rebuilding free space tree [ 91.143358][ T6260] loop0: detected capacity change from 256 to 0 [ 91.171761][ T6107] loop: Write error at byte offset 9223372036854775807, length 4096. [ 91.302584][ T836] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 91.453524][ C1] I/O error, dev loop0, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 91.462928][ C1] Buffer I/O error on dev loop0, logical block 1, async page read [ 91.548775][ C1] I/O error, dev loop0, sector 0 op 0x1:(WRITE) flags 0x0 phys_seg 1 prio class 0 [ 91.558102][ C1] Buffer I/O error on dev loop0, logical block 0, lost async page write [ 91.735348][ T836] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 91.754817][ T836] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.773804][ T836] usb 4-1: Product: syz [ 91.778000][ T836] usb 4-1: Manufacturer: syz [ 91.794931][ T836] usb 4-1: SerialNumber: syz [ 91.814869][ T836] usb 4-1: selecting invalid altsetting 1 [ 91.885276][ T5842] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 92.520903][ T6281] loop0: detected capacity change from 0 to 8 [ 92.712193][ T5897] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 92.765525][ T836] cdc_ncm 4-1:1.0: SET_NTB_FORMAT failed [ 92.790721][ T836] usb 4-1: selecting invalid altsetting 1 [ 92.797632][ T836] cdc_ncm 4-1:1.0: bind() failure [ 92.811163][ T836] usb 4-1: USB disconnect, device number 2 [ 92.886360][ T5897] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 92.906832][ T5897] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 92.947022][ T5897] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 92.958693][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.978491][ T5897] usb 3-1: Product: syz [ 92.988455][ T5897] usb 3-1: Manufacturer: syz [ 92.998759][ T5897] usb 3-1: SerialNumber: syz [ 93.807531][ T6278] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 96.300823][ T5897] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS [ 96.309907][ T5897] cdc_ncm 3-1:1.0: bind() failure [ 96.570636][ T5897] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 96.592117][ T5897] cdc_ncm 3-1:1.1: bind() failure [ 96.771471][ T5897] usb 3-1: USB disconnect, device number 2 [ 97.406117][ T6322] loop2: detected capacity change from 0 to 16 [ 97.453721][ T6322] erofs: (device loop2): mounted with root inode @ nid 36. [ 97.472726][ T6322] syz.2.88: attempt to access beyond end of device [ 97.472726][ T6322] loop2: rw=0, sector=4294967295, nr_sectors = 1 limit=16 [ 97.577541][ T6327] loop1: detected capacity change from 0 to 1024 [ 97.683705][ T6327] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.244621][ T6331] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 98.686932][ T6107] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 98.852133][ T6107] EXT4-fs (loop1): This should not happen!! Data will be lost [ 98.852133][ T6107] [ 98.871854][ T6107] EXT4-fs (loop1): Total free blocks count 0 [ 98.883920][ T6107] EXT4-fs (loop1): Free/Dirty block details [ 98.889929][ T6107] EXT4-fs (loop1): free_blocks=68451041280 [ 98.895865][ T6107] EXT4-fs (loop1): dirty_blocks=16 [ 98.900994][ T6107] EXT4-fs (loop1): Block reservation details [ 98.907031][ T6107] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 99.011484][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.238779][ T54] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 99.247904][ T54] Bluetooth: hci0: Injecting HCI hardware error event [ 99.259204][ T54] Bluetooth: hci0: hardware error 0x00 [ 100.052187][ T5934] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 100.252816][ T5934] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 100.282164][ T5934] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 100.321935][ T5934] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 100.433267][ T5934] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 100.452118][ T5934] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.460159][ T5934] usb 2-1: Product: syz [ 100.553060][ T5934] usb 2-1: Manufacturer: syz [ 100.557707][ T5934] usb 2-1: SerialNumber: syz [ 100.598157][ T5934] usb 2-1: selecting invalid altsetting 1 [ 102.196629][ T5934] cdc_ncm 2-1:1.0: SET_NTB_FORMAT failed [ 102.224331][ T5934] usb 2-1: selecting invalid altsetting 1 [ 102.238584][ T54] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 102.299380][ T5934] cdc_ncm 2-1:1.0: bind() failure [ 102.438746][ T6369] loop3: detected capacity change from 0 to 128 [ 102.448438][ T6369] vfat: Bad value for 'gid' [ 102.455679][ T6369] vfat: Bad value for 'gid' [ 102.534891][ T5934] usb 2-1: USB disconnect, device number 2 [ 104.104423][ T6389] Bluetooth: MGMT ver 1.23 [ 106.075481][ T6400] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 107.205176][ T6412] loop1: detected capacity change from 0 to 8 [ 112.405106][ T6451] loop1: detected capacity change from 0 to 1024 [ 112.987873][ T6454] loop0: detected capacity change from 0 to 1024 [ 113.467212][ T6454] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.699457][ T6464] loop3: detected capacity change from 0 to 512 [ 113.730249][ T6464] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.125: invalid block [ 113.752967][ T6464] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.125: invalid indirect mapped block 4294967295 (level 1) [ 113.771838][ T29] audit: type=1800 audit(1730487160.062:3): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.127" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 113.822430][ T6464] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.125: invalid indirect mapped block 4294967295 (level 1) [ 113.845455][ T6464] EXT4-fs (loop3): 2 truncates cleaned up [ 113.874159][ T6464] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.035224][ T6472] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 114.058729][ T6472] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 8191 with max blocks 2 with error 28 [ 114.071722][ T6472] EXT4-fs (loop0): This should not happen!! Data will be lost [ 114.071722][ T6472] [ 114.082094][ T6472] EXT4-fs (loop0): Total free blocks count 0 [ 114.112529][ T6472] EXT4-fs (loop0): Free/Dirty block details [ 114.153151][ T6472] EXT4-fs (loop0): free_blocks=68451041280 [ 114.159189][ T6472] EXT4-fs (loop0): dirty_blocks=32 [ 114.165907][ T6472] EXT4-fs (loop0): Block reservation details [ 114.173691][ T6472] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 114.592444][ T6471] netlink: 'syz.1.131': attribute type 29 has an invalid length. [ 114.604615][ T6474] netlink: 'syz.1.131': attribute type 29 has an invalid length. [ 114.635370][ T5850] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.644517][ T6475] netlink: 'syz.1.131': attribute type 29 has an invalid length. [ 114.731934][ T6477] netlink: 'syz.1.131': attribute type 29 has an invalid length. [ 114.746559][ T6478] netlink: 'syz.1.131': attribute type 29 has an invalid length. [ 114.776483][ T6480] netlink: 'syz.1.131': attribute type 29 has an invalid length. [ 114.870566][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.951827][ T6487] loop2: detected capacity change from 0 to 128 [ 115.003699][ T6487] EXT4-fs: Ignoring removed mblk_io_submit option [ 115.011803][ T6487] EXT4-fs: Ignoring removed nomblk_io_submit option [ 115.035881][ T6487] EXT4-fs (loop2): can't mount with journal_checksum, fs mounted w/o journal [ 115.212019][ T6493] process 'syz.3.138' launched './file1' with NULL argv: empty string added [ 116.461663][ T6489] loop0: detected capacity change from 0 to 32768 [ 116.522314][ T6489] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.135 (6489) [ 116.772277][ T6489] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 116.783605][ T6489] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 116.805351][ T6489] BTRFS info (device loop0): using free-space-tree [ 117.026788][ T6489] BTRFS info (device loop0): rebuilding free space tree [ 117.157827][ T29] audit: type=1800 audit(1730487163.442:4): pid=6489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.135" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 117.493313][ T6537] loop2: detected capacity change from 0 to 1024 [ 117.546323][ T5844] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 117.580672][ T6537] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002] [ 117.608313][ T6537] System zones: 0-1, 3-12 [ 117.681751][ T6537] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.393758][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.471687][ T6555] loop0: detected capacity change from 0 to 512 [ 118.597855][ T6555] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 118.642795][ T6555] EXT4-fs (loop0): 1 truncate cleaned up [ 118.750603][ T6555] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.876312][ T6563] loop1: detected capacity change from 0 to 2048 [ 119.991664][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.033805][ T6563] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 120.193890][ T6579] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 120.218215][ T6579] loop0: detected capacity change from 0 to 1024 [ 120.226395][ T6579] ext4: Invalid uid '0x00000000ffffffff' [ 120.277993][ T6563] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none. [ 122.122181][ T6591] loop2: detected capacity change from 0 to 1024 [ 122.137208][ T6591] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 122.137233][ T6591] EXT4-fs (loop2): group descriptors corrupted! [ 122.197575][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.243304][ T6591] loop2: detected capacity change from 0 to 512 [ 122.245956][ T6591] EXT4-fs (loop2): blocks per group (255) and clusters per group (8192) inconsistent [ 124.535639][ T47] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 124.812510][ T47] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 124.857750][ T47] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 124.954799][ T47] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 124.974311][ T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.003234][ T47] usb 4-1: Product: syz [ 125.022250][ T47] usb 4-1: Manufacturer: syz [ 125.026878][ T47] usb 4-1: SerialNumber: syz [ 125.290360][ T6622] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 125.669885][ T6632] loop4: detected capacity change from 0 to 32768 [ 125.718331][ T6632] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.180 (6632) [ 125.771736][ T6632] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 125.812258][ T6632] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 125.826834][ T6632] BTRFS info (device loop4): using free-space-tree [ 126.530078][ T6659] netlink: 2 bytes leftover after parsing attributes in process `syz.2.183'. [ 126.549834][ T6659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.602144][ T6659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.620683][ T6659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.652909][ T6659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.722287][ T6659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.772155][ T6659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.815961][ T6659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.872164][ T6659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.920466][ T6659] batadv_slave_1: entered promiscuous mode [ 126.922615][ T47] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 126.972314][ T47] cdc_ncm 4-1:1.0: bind() failure [ 126.995821][ T47] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 127.027199][ T47] cdc_ncm 4-1:1.1: bind() failure [ 127.060457][ T47] usb 4-1: USB disconnect, device number 3 [ 127.159678][ T5842] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 127.851002][ T6682] loop2: detected capacity change from 0 to 1024 [ 128.251958][ T6682] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.321649][ T29] audit: type=1800 audit(1730487174.602:5): pid=6682 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.192" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 128.537418][ T29] audit: type=1804 audit(1730487174.832:6): pid=6682 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.192" name="/newroot/40/file1/file1" dev="loop2" ino=15 res=1 errno=0 [ 128.538462][ T6682] EXT4-fs error (device loop2): ext4_xattr_inode_iget:440: inode #11: comm syz.2.192: missing EA_INODE flag [ 129.602506][ T6682] EXT4-fs error (device loop2): ext4_xattr_inode_iget:445: comm syz.2.192: error while reading EA inode 11 err=-117 [ 129.622877][ T6162] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.699195][ T29] audit: type=1804 audit(1730487175.992:7): pid=6682 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.192" name="/newroot/40/file1/file1" dev="loop2" ino=15 res=1 errno=0 [ 130.436361][ T6682] syz.2.192 (6682) used greatest stack depth: 17528 bytes left [ 130.492236][ T875] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 130.664476][ T875] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 130.677034][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.686208][ T875] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 130.802466][ T875] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 130.812905][ T875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.820926][ T875] usb 5-1: Product: syz [ 130.869039][ T875] usb 5-1: Manufacturer: syz [ 130.884626][ T875] usb 5-1: SerialNumber: syz [ 130.895678][ T6724] loop1: detected capacity change from 0 to 512 [ 130.927341][ T6724] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 131.661526][ T6699] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 131.669100][ T6724] EXT4-fs (loop1): 1 truncate cleaned up [ 131.682933][ T6724] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.300609][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.393323][ T6741] fuse: Bad value for 'fd' [ 132.509965][ T875] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS [ 132.516398][ T875] cdc_ncm 5-1:1.0: bind() failure [ 132.525334][ T875] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 132.553022][ T875] cdc_ncm 5-1:1.1: bind() failure [ 132.591854][ T875] usb 5-1: USB disconnect, device number 2 [ 132.907147][ T6749] loop2: detected capacity change from 0 to 1024 [ 132.992575][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.999020][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.227065][ T6751] loop0: detected capacity change from 0 to 32768 [ 134.246533][ T6751] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.217 (6751) [ 134.327460][ T6751] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 134.349883][ T6751] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 134.362188][ T6751] BTRFS info (device loop0): using free-space-tree [ 134.392862][ T6772] loop4: detected capacity change from 0 to 1024 [ 134.415399][ T6772] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 134.437455][ T6772] EXT4-fs (loop4): group descriptors corrupted! [ 134.493130][ T6772] loop4: detected capacity change from 0 to 512 [ 134.521805][ T6772] EXT4-fs (loop4): blocks per group (255) and clusters per group (8192) inconsistent [ 134.997188][ T6789] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 135.188730][ T6791] loop2: detected capacity change from 0 to 1024 [ 135.217125][ T6751] BTRFS info (device loop0): rebuilding free space tree [ 135.787383][ T6800] kvm: emulating exchange as write [ 136.010494][ T5844] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 136.062546][ T875] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 136.226611][ T875] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 136.322266][ T875] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 136.370502][ T875] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 136.389879][ T875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.433829][ T875] usb 2-1: Product: syz [ 136.460773][ T875] usb 2-1: Manufacturer: syz [ 136.475927][ T875] usb 2-1: SerialNumber: syz [ 136.761165][ T6806] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 136.885798][ T29] audit: type=1326 audit(1730487183.182:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6814 comm="syz.4.232" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc2b137e719 code=0x0 [ 137.080841][ T6820] loop0: detected capacity change from 0 to 8 [ 137.755685][ T875] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS [ 137.765466][ T875] cdc_ncm 2-1:1.0: bind() failure [ 137.782572][ T875] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 137.794947][ T875] cdc_ncm 2-1:1.1: bind() failure [ 137.857076][ T875] usb 2-1: USB disconnect, device number 3 [ 138.058955][ T6828] loop4: detected capacity change from 0 to 1024 [ 138.078567][ T6828] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 138.110443][ T6828] EXT4-fs (loop4): group descriptors corrupted! [ 141.869705][ T6107] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.051739][ T6861] loop1: detected capacity change from 0 to 8 [ 143.027342][ T875] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 143.187419][ T875] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 143.220378][ T875] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 143.378130][ T875] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 143.485740][ T875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.588015][ T875] usb 1-1: Product: syz [ 143.644334][ T875] usb 1-1: Manufacturer: syz [ 143.704962][ T875] usb 1-1: SerialNumber: syz [ 144.079381][ T6865] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 144.188923][ T6881] loop4: detected capacity change from 0 to 2048 [ 144.477343][ T6881] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.517013][ T875] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS [ 144.526502][ T875] cdc_ncm 1-1:1.0: bind() failure [ 144.542905][ T6881] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none. [ 144.560431][ T875] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 144.598098][ T875] cdc_ncm 1-1:1.1: bind() failure [ 144.673665][ T875] usb 1-1: USB disconnect, device number 3 [ 144.916512][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.639535][ T6920] loop1: detected capacity change from 0 to 512 [ 145.673685][ T6920] EXT4-fs: Ignoring removed i_version option [ 145.702620][ T6920] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 145.811958][ T6920] EXT4-fs (loop1): 1 truncate cleaned up [ 145.821991][ T6920] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.438631][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.942214][ T836] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 146.951848][ T6945] netlink: 12 bytes leftover after parsing attributes in process `syz.0.274'. [ 146.970308][ T6945] netlink: 'syz.0.274': attribute type 25 has an invalid length. [ 147.022141][ T6945] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.031143][ T6945] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.039927][ T6945] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.048731][ T6945] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.133688][ T836] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 147.145201][ T836] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 147.162998][ T836] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 147.172614][ T836] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.180891][ T836] usb 4-1: Product: syz [ 147.186049][ T836] usb 4-1: Manufacturer: syz [ 147.190929][ T836] usb 4-1: SerialNumber: syz [ 147.417426][ T6938] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 148.008566][ T6958] loop0: detected capacity change from 0 to 1024 [ 148.219288][ T6960] loop1: detected capacity change from 0 to 256 [ 148.304737][ T6960] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 148.435543][ T836] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 148.448910][ T836] cdc_ncm 4-1:1.0: bind() failure [ 148.460361][ T836] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 148.484174][ T836] cdc_ncm 4-1:1.1: bind() failure [ 148.501024][ T836] usb 4-1: USB disconnect, device number 4 [ 148.830395][ T6961] dccp_close: ABORT with 40 bytes unread [ 150.500268][ T29] audit: type=1800 audit(1730487196.792:9): pid=6960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.280" name="file1" dev="loop1" ino=1048600 res=0 errno=0 [ 151.210055][ T6987] netlink: 12 bytes leftover after parsing attributes in process `syz.1.289'. [ 151.243768][ T6987] netlink: 'syz.1.289': attribute type 25 has an invalid length. [ 151.296918][ T6987] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 151.305751][ T6987] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 151.314549][ T6987] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 151.323347][ T6987] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 152.695420][ T7002] loop1: detected capacity change from 0 to 1024 [ 153.112542][ T7007] loop4: detected capacity change from 0 to 16 [ 153.136096][ T7007] erofs: (device loop4): mounted with root inode @ nid 36. [ 153.467057][ T7014] loop1: detected capacity change from 0 to 512 [ 153.490621][ T7014] EXT4-fs: Ignoring removed i_version option [ 153.497716][ T7014] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 153.600701][ T7010] netlink: 'syz.4.296': attribute type 21 has an invalid length. [ 153.605345][ T7014] EXT4-fs (loop1): 1 truncate cleaned up [ 153.609115][ T7010] netlink: 156 bytes leftover after parsing attributes in process `syz.4.296'. [ 153.655033][ T7014] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.725054][ T7036] loop3: detected capacity change from 0 to 1024 [ 154.795450][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.809867][ T7036] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 156.290586][ T61] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 156.362930][ T61] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 12 with error 28 [ 156.393306][ T61] EXT4-fs (loop3): This should not happen!! Data will be lost [ 156.393306][ T61] [ 156.430177][ T61] EXT4-fs (loop3): Total free blocks count 0 [ 156.527634][ T61] EXT4-fs (loop3): Free/Dirty block details [ 156.552147][ T61] EXT4-fs (loop3): free_blocks=68451041280 [ 156.568242][ T61] EXT4-fs (loop3): dirty_blocks=16 [ 156.581356][ T61] EXT4-fs (loop3): Block reservation details [ 156.598720][ T61] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 156.690964][ T5850] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.785572][ T7074] loop1: detected capacity change from 0 to 512 [ 156.794683][ T7074] EXT4-fs: Ignoring removed i_version option [ 156.803007][ T7074] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 156.829849][ T7074] EXT4-fs (loop1): 1 truncate cleaned up [ 156.836810][ T7074] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 157.486780][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.861604][ T7093] loop3: detected capacity change from 0 to 1024 [ 157.881481][ T7095] loop4: detected capacity change from 0 to 256 [ 157.916223][ T7093] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.950267][ T7095] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 158.428687][ T6162] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 158.489725][ T6162] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 12 with error 28 [ 158.547189][ T6162] EXT4-fs (loop3): This should not happen!! Data will be lost [ 158.547189][ T6162] [ 158.595521][ T6162] EXT4-fs (loop3): Total free blocks count 0 [ 158.608998][ T6162] EXT4-fs (loop3): Free/Dirty block details [ 158.617073][ T6162] EXT4-fs (loop3): free_blocks=68451041280 [ 158.648673][ T6162] EXT4-fs (loop3): dirty_blocks=16 [ 158.666962][ T6162] EXT4-fs (loop3): Block reservation details [ 158.682316][ T6162] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 158.705801][ T5850] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.381954][ T7120] loop2: detected capacity change from 0 to 1024 [ 159.437558][ T7120] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 159.450996][ T7120] EXT4-fs (loop2): group descriptors corrupted! [ 159.526835][ T7120] loop2: detected capacity change from 0 to 512 [ 159.536539][ T7120] EXT4-fs (loop2): blocks per group (255) and clusters per group (8192) inconsistent [ 159.548125][ T7117] loop4: detected capacity change from 0 to 32768 [ 159.577927][ T7117] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.332 (7117) [ 159.601124][ T7117] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 159.611916][ T7117] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 159.621263][ T7117] BTRFS info (device loop4): using free-space-tree [ 159.739724][ T7117] BTRFS info (device loop4): rebuilding free space tree [ 159.818150][ T29] audit: type=1800 audit(1730487206.112:10): pid=7117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.332" name="bus" dev="loop4" ino=263 res=0 errno=0 [ 159.838408][ C0] vkms_vblank_simulate: vblank timer overrun [ 160.415033][ T5842] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 160.484048][ T7158] loop2: detected capacity change from 0 to 1024 [ 160.491065][ T7158] ext4: Invalid uid '0x00000000ffffffff' [ 161.760972][ T7170] loop4: detected capacity change from 0 to 1024 [ 162.286732][ T7184] loop2: detected capacity change from 0 to 2048 [ 162.995046][ T7184] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 163.006041][ T7184] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 163.013861][ T7184] UDF-fs: Scanning with blocksize 512 failed [ 163.056298][ T7184] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 163.198365][ T7194] netlink: 'syz.2.349': attribute type 4 has an invalid length. [ 163.548243][ T7204] loop0: detected capacity change from 0 to 1024 [ 163.579514][ T7204] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 163.620022][ T7204] EXT4-fs (loop0): group descriptors corrupted! [ 163.694563][ T7206] loop1: detected capacity change from 0 to 512 [ 163.783540][ T7206] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 164.374687][ T7206] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 164.512616][ T7206] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e800e118, mo2=0003] [ 164.537319][ T7206] System zones: 0-1, 15-15, 18-18, 34-34 [ 164.586663][ T7206] EXT4-fs (loop1): orphan cleanup on readonly fs [ 164.623191][ T7206] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=0 [ 164.642249][ T7206] EXT4-fs warning (device loop1): ext4_enable_quotas:7105: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 164.672898][ T7206] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 164.718150][ T7206] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.360: bg 0: block 40: padding at end of block bitmap is not set [ 164.740315][ T7206] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 164.773452][ T7226] loop2: detected capacity change from 0 to 1024 [ 164.780495][ T7226] ext4: Invalid uid '0x00000000ffffffff' [ 164.967996][ T7206] EXT4-fs (loop1): 1 truncate cleaned up [ 164.991573][ T7206] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 166.267745][ T29] audit: type=1326 audit(1730487212.462:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7242 comm="syz.3.373" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd8c6b7e719 code=0x0 [ 166.866842][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.210534][ T7261] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.380'. [ 167.224594][ T7259] loop3: detected capacity change from 0 to 1024 [ 167.327732][ T7259] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.289006][ T7266] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 168.700902][ T7280] loop4: detected capacity change from 0 to 512 [ 168.747210][ T7280] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 169.231376][ T7280] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 169.262237][ T7280] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e800e118, mo2=0003] [ 169.270309][ T7280] System zones: 0-1, 15-15, 18-18, 34-34 [ 169.312388][ T7280] EXT4-fs (loop4): orphan cleanup on readonly fs [ 169.318847][ T7280] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 169.328599][ T7280] EXT4-fs warning (device loop4): ext4_enable_quotas:7105: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 169.346775][ T7280] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 169.355052][ T7280] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.386: bg 0: block 40: padding at end of block bitmap is not set [ 169.372437][ T7280] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 169.382866][ T12] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 5 with error 28 [ 169.382947][ T7280] EXT4-fs (loop4): 1 truncate cleaned up [ 169.440300][ T12] EXT4-fs (loop3): This should not happen!! Data will be lost [ 169.440300][ T12] [ 169.443296][ T7288] loop0: detected capacity change from 0 to 1024 [ 169.457214][ T7288] ext4: Invalid uid '0x00000000ffffffff' [ 169.478934][ T12] EXT4-fs (loop3): Total free blocks count 0 [ 169.487960][ T12] EXT4-fs (loop3): Free/Dirty block details [ 169.504374][ T12] EXT4-fs (loop3): free_blocks=68451041280 [ 169.510211][ T12] EXT4-fs (loop3): dirty_blocks=16 [ 169.548962][ T7280] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 169.602078][ T12] EXT4-fs (loop3): Block reservation details [ 169.628497][ T12] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 169.667716][ T5850] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.421043][ T7295] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.391'. [ 171.047825][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.225396][ T7321] loop2: detected capacity change from 0 to 1024 [ 171.329739][ T7321] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 171.571467][ T7335] netlink: 12 bytes leftover after parsing attributes in process `syz.3.404'. [ 171.607142][ T7335] netlink: 'syz.3.404': attribute type 25 has an invalid length. [ 171.709437][ T7335] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 171.718388][ T7335] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 171.727253][ T7335] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 171.736046][ T7335] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.583843][ T6709] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 172.682320][ T6709] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 12 with error 28 [ 172.742169][ T6709] EXT4-fs (loop2): This should not happen!! Data will be lost [ 172.742169][ T6709] [ 172.770006][ T6709] EXT4-fs (loop2): Total free blocks count 0 [ 172.799248][ T6709] EXT4-fs (loop2): Free/Dirty block details [ 172.823795][ T6709] EXT4-fs (loop2): free_blocks=68451041280 [ 172.848579][ T6709] EXT4-fs (loop2): dirty_blocks=16 [ 172.855688][ T6709] EXT4-fs (loop2): Block reservation details [ 172.861975][ T6709] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 172.886650][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.049075][ T7361] loop1: detected capacity change from 0 to 2048 [ 173.103756][ T7361] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 173.200402][ T7361] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none. [ 173.323541][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.446535][ T7377] loop1: detected capacity change from 0 to 8 [ 173.558625][ T7353] loop4: detected capacity change from 0 to 32768 [ 173.568971][ T7353] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.411 (7353) [ 173.591542][ T7353] BTRFS info (device loop4): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 173.608394][ T7353] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 174.341532][ T7353] BTRFS info (device loop4): using free-space-tree [ 175.276579][ T29] audit: type=1800 audit(1730487221.562:12): pid=7353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.411" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 175.546527][ T5842] BTRFS info (device loop4): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 176.414670][ T29] audit: type=1326 audit(1730487222.712:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7418 comm="syz.1.429" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff4fed7e719 code=0x0 [ 176.563201][ T7435] loop0: detected capacity change from 0 to 8 [ 178.945704][ T7522] loop3: detected capacity change from 0 to 256 [ 178.989783][ T7522] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xadbf5ead, utbl_chksum : 0xe619d30d) [ 182.040976][ T29] audit: type=1326 audit(1730487228.332:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7532 comm="syz.4.471" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc2b137e719 code=0x0 [ 184.682643][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 184.771721][ T7587] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.490'. [ 184.884779][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 184.900003][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 184.942456][ T9] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 184.986363][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 185.008445][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.060478][ T9] usb 2-1: Product: syz [ 185.974100][ T9] usb 2-1: Manufacturer: syz [ 185.978858][ T9] usb 2-1: SerialNumber: syz [ 186.422504][ T5848] Bluetooth: hci3: command 0x0406 tx timeout [ 186.429074][ T5848] Bluetooth: hci2: command 0x0406 tx timeout [ 186.461403][ T5852] Bluetooth: hci1: command 0x0406 tx timeout [ 186.481819][ T9] usb 2-1: selecting invalid altsetting 1 [ 187.081180][ T7615] CIFS: VFS: Malformed UNC in devname [ 187.256858][ T9] cdc_ncm 2-1:1.0: SET_NTB_FORMAT failed [ 187.283237][ T9] usb 2-1: selecting invalid altsetting 1 [ 187.289020][ T9] cdc_ncm 2-1:1.0: bind() failure [ 187.301754][ T9] usb 2-1: USB disconnect, device number 4 [ 187.810843][ T7621] netdevsim netdevsim3: Direct firmware load for Wob/~Â failed with error -2 [ 187.842103][ T7621] netdevsim netdevsim3: Falling back to sysfs fallback for: Wob/~Â [ 188.178083][ T7610] loop2: detected capacity change from 0 to 32768 [ 188.206393][ T7610] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.498 (7610) [ 188.383504][ T7610] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 188.402415][ T7610] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 188.450288][ T7610] BTRFS info (device loop2): using free-space-tree [ 191.550470][ T5841] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 193.982110][ T836] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 194.478780][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.489781][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.617779][ T836] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.629045][ T836] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 194.638917][ T836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.664008][ T836] usb 5-1: config 0 descriptor?? [ 194.674729][ T836] pwc: Askey VC010 type 2 USB webcam detected. [ 194.752718][ T7725] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 194.894381][ T836] pwc: send_video_command error -71 [ 194.899635][ T836] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 194.908507][ T836] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 194.923306][ T836] usb 5-1: USB disconnect, device number 3 [ 198.659472][ T7772] loop1: detected capacity change from 0 to 512 [ 198.703265][ T7772] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 198.830478][ T7779] netlink: 12 bytes leftover after parsing attributes in process `syz.2.551'. [ 198.860467][ T7772] EXT4-fs (loop1): 1 truncate cleaned up [ 198.904244][ T7772] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 198.942167][ T7770] loop3: detected capacity change from 0 to 2048 [ 199.131566][ T7770] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 199.182214][ T25] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 199.248158][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.411876][ T25] usb 5-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 199.427915][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.437347][ T25] usb 5-1: Product: syz [ 199.441780][ T25] usb 5-1: Manufacturer: syz [ 199.447066][ T25] usb 5-1: SerialNumber: syz [ 199.455112][ T25] usb 5-1: config 0 descriptor?? [ 199.464860][ T7791] loop1: detected capacity change from 0 to 8 [ 199.689153][ T25] usb 5-1: f81604_read: reg: 105 failed: -EPROTO [ 199.700906][ T25] f81604 5-1:0.0: Setting termination of CH#0 failed: -EPROTO [ 199.727921][ T25] f81604 5-1:0.0: probe with driver f81604 failed with error -71 [ 199.746550][ T25] usb 5-1: USB disconnect, device number 5 [ 200.035199][ T5850] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.367901][ T7803] veth0: mtu greater than device maximum [ 200.600650][ T7807] loop2: detected capacity change from 0 to 1024 [ 202.101755][ T7819] loop3: detected capacity change from 0 to 32768 [ 202.121046][ T7819] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.563 (7819) [ 202.178765][ T7819] BTRFS info (device loop3): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 202.190230][ T7819] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 202.199327][ T7819] BTRFS info (device loop3): using free-space-tree [ 202.442745][ T29] audit: type=1800 audit(1730487248.742:15): pid=7819 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.563" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 202.805441][ T5850] BTRFS info (device loop3): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 204.972234][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 205.132133][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 205.180059][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 205.201791][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 205.222432][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 205.235220][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 205.249447][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 205.333416][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.772265][ T9] usb 5-1: GET_CAPABILITIES returned 0 [ 205.785922][ T9] usbtmc 5-1:16.0: can't read capabilities [ 205.956010][ T7915] loop1: detected capacity change from 0 to 512 [ 205.963222][ T7915] EXT4-fs: Ignoring removed i_version option [ 205.980441][ T7915] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 206.006035][ T9] usb 5-1: USB disconnect, device number 6 [ 206.027840][ T7915] EXT4-fs (loop1): 1 truncate cleaned up [ 206.054282][ T7915] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.117075][ T7920] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 206.567057][ T5854] Bluetooth: hci2: command 0x0406 tx timeout [ 206.588069][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.206672][ T7954] loop2: detected capacity change from 0 to 512 [ 208.265876][ T7954] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 208.299878][ T7954] EXT4-fs (loop2): 1 truncate cleaned up [ 208.313413][ T7954] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 208.538759][ T7938] loop4: detected capacity change from 0 to 32768 [ 208.588633][ T7938] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.599 (7938) [ 208.652283][ T7938] BTRFS info (device loop4): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 208.685757][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.699394][ T7938] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 208.757893][ T7938] BTRFS info (device loop4): using free-space-tree [ 208.944981][ T7975] netlink: 4 bytes leftover after parsing attributes in process `syz.2.607'. [ 209.142598][ T29] audit: type=1800 audit(1730487255.432:16): pid=7938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.599" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 209.381665][ T5842] BTRFS info (device loop4): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 209.590209][ T8007] loop3: detected capacity change from 0 to 512 [ 209.604935][ T8007] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 209.683467][ T8007] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 209.691499][ T8007] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e800e118, mo2=0003] [ 209.700497][ T8007] System zones: 0-1, 15-15, 18-18, 34-34 [ 209.706634][ T8007] EXT4-fs (loop3): orphan cleanup on readonly fs [ 209.713144][ T8007] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 209.722732][ T8007] EXT4-fs warning (device loop3): ext4_enable_quotas:7105: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 209.743836][ T8007] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 209.754500][ T8007] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.619: bg 0: block 40: padding at end of block bitmap is not set [ 209.839678][ T8007] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 210.148582][ T8007] EXT4-fs (loop3): 1 truncate cleaned up [ 210.290084][ T8007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 210.582270][ T5934] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 210.765696][ T5934] usb 5-1: Using ep0 maxpacket: 32 [ 210.815375][ T5934] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 210.849344][ T5934] usb 5-1: config 0 has no interface number 0 [ 210.897528][ T5934] usb 5-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 210.936232][ T8027] netlink: 320 bytes leftover after parsing attributes in process `syz.1.626'. [ 210.945329][ T8027] netlink: 40 bytes leftover after parsing attributes in process `syz.1.626'. [ 210.959661][ T5934] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 210.975409][ T5934] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.992326][ T5934] usb 5-1: Product: syz [ 210.996699][ T5934] usb 5-1: Manufacturer: syz [ 211.001309][ T5934] usb 5-1: SerialNumber: syz [ 211.017670][ T5934] usb 5-1: config 0 descriptor?? [ 211.047725][ T8023] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 211.088491][ T5934] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 211.116452][ T5934] em28xx 5-1:0.132: Video interface 132 found: bulk [ 211.838277][ T5934] em28xx 5-1:0.132: unknown em28xx chip ID (0) [ 211.904015][ T8029] loop2: detected capacity change from 0 to 32768 [ 211.949276][ T8029] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.625 (8029) [ 212.068884][ T8029] BTRFS info (device loop2): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 212.079940][ T8029] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 212.089439][ T8029] BTRFS info (device loop2): using free-space-tree [ 212.238471][ T8056] Cannot find del_set index 0 as target [ 212.320715][ T29] audit: type=1800 audit(1730487258.602:17): pid=8029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.625" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 212.387867][ T5934] em28xx 5-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5) [ 212.432138][ T5934] em28xx 5-1:0.132: board has no eeprom [ 212.446685][ T8040] loop0: detected capacity change from 0 to 32768 [ 212.458398][ T5850] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.479003][ T8040] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.629 (8040) [ 212.498812][ T5841] BTRFS info (device loop2): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 212.524885][ T5934] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 212.533163][ T5934] em28xx 5-1:0.132: analog set to bulk mode. [ 212.541387][ T9] em28xx 5-1:0.132: Registering V4L2 extension [ 212.601732][ T8040] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 212.652229][ T8040] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 212.657520][ T5934] usb 5-1: USB disconnect, device number 7 [ 212.660890][ T8040] BTRFS info (device loop0): using free-space-tree [ 212.703975][ T5934] em28xx 5-1:0.132: Disconnecting em28xx [ 213.027953][ T9] em28xx 5-1:0.132: Config register raw data: 0xffffffed [ 213.055458][ T9] em28xx 5-1:0.132: AC97 chip type couldn't be determined [ 213.112278][ T9] em28xx 5-1:0.132: No AC97 audio processor [ 213.414577][ T8040] BTRFS info (device loop0): rebuilding free space tree [ 213.820290][ T9] usb 5-1: Decoder not found [ 213.826609][ T9] em28xx 5-1:0.132: failed to create media graph [ 213.833090][ T9] em28xx 5-1:0.132: V4L2 device video103 deregistered [ 213.864705][ T29] audit: type=1800 audit(1730487260.142:18): pid=8040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.629" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 214.043332][ T8105] netlink: 11562 bytes leftover after parsing attributes in process `syz.4.639'. [ 214.090736][ T9] em28xx 5-1:0.132: Remote control support is not available for this card. [ 214.111457][ T5934] em28xx 5-1:0.132: Closing input extension [ 214.151063][ T5934] em28xx 5-1:0.132: Freeing device [ 214.176628][ T8108] loop2: detected capacity change from 0 to 512 [ 214.260544][ T8108] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 214.304395][ T5844] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 214.424534][ T8108] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 214.474380][ T8108] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e800e118, mo2=0003] [ 214.483141][ T8108] System zones: 0-1, 15-15, 18-18, 34-34 [ 214.489580][ T8108] EXT4-fs (loop2): orphan cleanup on readonly fs [ 214.501526][ T8108] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 214.511421][ T8108] EXT4-fs warning (device loop2): ext4_enable_quotas:7105: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 214.639790][ T8108] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 214.906724][ T8108] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.642: bg 0: block 40: padding at end of block bitmap is not set [ 215.156333][ T8108] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 215.264417][ T8108] EXT4-fs (loop2): 1 truncate cleaned up [ 215.271104][ T8108] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 215.861979][ T8139] loop1: detected capacity change from 0 to 256 [ 215.970912][ T8139] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 215.971433][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 215.998906][ T8144] netlink: 20 bytes leftover after parsing attributes in process `syz.3.652'. [ 216.038122][ T8146] netlink: 11562 bytes leftover after parsing attributes in process `syz.0.654'. [ 216.292132][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 216.303333][ T9] usb 5-1: config 0 has an invalid interface number: 35 but max is 0 [ 216.312774][ T9] usb 5-1: config 0 has no interface number 0 [ 216.347565][ T9] usb 5-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 216.347638][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.347703][ T9] usb 5-1: Product: syz [ 216.347764][ T9] usb 5-1: Manufacturer: syz [ 216.347824][ T9] usb 5-1: SerialNumber: syz [ 216.904772][ T9] usb 5-1: config 0 descriptor?? [ 216.946734][ T9] radio-si470x 5-1:0.35: could not find interrupt in endpoint [ 216.955217][ T9] radio-si470x 5-1:0.35: probe with driver radio-si470x failed with error -5 [ 216.984321][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.097975][ T8157] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 217.158355][ T9] radio-raremono 5-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 217.235361][ T8163] loop1: detected capacity change from 0 to 256 [ 217.267434][ T8163] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xadbf5ead, utbl_chksum : 0xe619d30d) [ 217.365606][ T9] radio-raremono 5-1:0.35: V4L2 device registered as radio48 [ 217.636738][ T9] usb 5-1: USB disconnect, device number 8 [ 217.655226][ T9] radio-raremono 5-1:0.35: Thanko's Raremono disconnected [ 217.738704][ T8172] netlink: 'syz.2.664': attribute type 10 has an invalid length. [ 217.750190][ T8172] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.758388][ T8172] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.793263][ T8172] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.800365][ T8172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.808401][ T8172] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.815514][ T8172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.857293][ T8172] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 217.867255][ T8173] netlink: 4 bytes leftover after parsing attributes in process `syz.2.664'. [ 217.883066][ T8173] bridge_slave_1: left allmulticast mode [ 217.906232][ T8173] bridge_slave_1: left promiscuous mode [ 217.913931][ T8173] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.938262][ T8173] bridge_slave_0: left allmulticast mode [ 217.944962][ T8173] bridge_slave_0: left promiscuous mode [ 217.955209][ T8173] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.991738][ T8173] bond0: (slave bridge0): Releasing backup interface [ 218.551563][ T8182] xt_CT: No such helper "pptp" [ 218.789444][ T8172] syz.2.664 (8172) used greatest stack depth: 17520 bytes left [ 218.945526][ T8195] loop2: detected capacity change from 0 to 1024 [ 219.371593][ T8213] fuse: Bad value for 'group_id' [ 219.393315][ T8213] fuse: Bad value for 'group_id' [ 219.516107][ T8219] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 219.572176][ T5937] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 219.772218][ T5937] usb 1-1: Using ep0 maxpacket: 16 [ 219.783091][ T5937] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 219.792389][ T5937] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.800920][ T5937] usb 1-1: Product: syz [ 219.814588][ T5937] usb 1-1: Manufacturer: syz [ 219.823694][ T5937] usb 1-1: SerialNumber: syz [ 219.872743][ T5937] r8152-cfgselector 1-1: Unknown version 0x0000 [ 219.879057][ T5937] r8152-cfgselector 1-1: config 0 descriptor?? [ 220.317693][ T5934] r8152-cfgselector 1-1: USB disconnect, device number 4 [ 221.872485][ T5854] Bluetooth: min 0 < 6 [ 221.937332][ T8262] fuse: Bad value for 'group_id' [ 221.942523][ T8262] fuse: Bad value for 'group_id' [ 221.961169][ T8246] loop2: detected capacity change from 0 to 2048 [ 222.012923][ T8246] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 222.139838][ T8246] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none. [ 222.223697][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.320582][ T8275] loop3: detected capacity change from 0 to 256 [ 222.400575][ T8275] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 223.966189][ T5854] Bluetooth: hci3: command 0x0406 tx timeout [ 224.007803][ T8278] loop2: detected capacity change from 0 to 32768 [ 224.052293][ T8278] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.708 (8278) [ 224.124121][ T8278] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 224.155568][ T8278] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 224.182583][ T8278] BTRFS info (device loop2): using free-space-tree [ 225.863932][ T25] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 225.874539][ T8278] BTRFS error (device loop2): open_ctree failed [ 226.122199][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 226.142661][ T25] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 226.153851][ T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 226.180846][ T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 226.394805][ T25] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 226.408446][ T25] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 226.417673][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.953537][ T25] usb 2-1: GET_CAPABILITIES returned 0 [ 227.061213][ T25] usbtmc 2-1:16.0: can't read capabilities [ 227.148792][ T25] usb 2-1: USB disconnect, device number 5 [ 227.475739][ T8383] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 228.030364][ T8385] loop4: detected capacity change from 0 to 1024 [ 228.051709][ T8385] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 228.097893][ T8385] EXT4-fs (loop4): group descriptors corrupted! [ 228.104440][ T5937] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 228.375073][ T5937] usb 1-1: Using ep0 maxpacket: 8 [ 228.414737][ T5937] usb 1-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11 [ 228.427529][ T5937] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.542515][ T5937] usb 1-1: Product: syz [ 228.555197][ T5937] usb 1-1: Manufacturer: syz [ 228.792656][ T5937] usb 1-1: SerialNumber: syz [ 228.823351][ T5937] usb 1-1: config 0 descriptor?? [ 228.851545][ T5937] gspca_main: vc032x-2.14.0 probing 046d:0896 [ 229.151262][ T8404] loop2: detected capacity change from 0 to 512 [ 229.191102][ T8404] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 229.277607][ T8404] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 229.389386][ T8404] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e800e118, mo2=0003] [ 229.475988][ T8404] System zones: 0-1, 15-15, 18-18, 34-34 [ 229.517278][ T8411] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 229.546819][ T8404] EXT4-fs (loop2): orphan cleanup on readonly fs [ 229.686089][ T8404] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 229.774114][ T8404] EXT4-fs warning (device loop2): ext4_enable_quotas:7105: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 229.829375][ T8404] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 229.872631][ T8404] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.751: bg 0: block 40: padding at end of block bitmap is not set [ 229.894811][ T8404] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 229.913583][ T5937] gspca_vc032x: reg_r err -71 [ 229.919004][ T5937] vc032x 1-1:0.0: probe with driver vc032x failed with error -71 [ 229.935593][ T8404] EXT4-fs (loop2): 1 truncate cleaned up [ 229.951812][ T5937] usb 1-1: USB disconnect, device number 5 [ 229.958848][ T8404] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 230.190867][ T8417] loop1: detected capacity change from 0 to 16 [ 230.291311][ T8417] erofs: (device loop1): mounted with root inode @ nid 36. [ 230.576481][ T8429] loop0: detected capacity change from 0 to 1024 [ 230.625074][ T8429] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 230.666622][ T8429] EXT4-fs (loop0): group descriptors corrupted! [ 230.730150][ T8429] loop0: detected capacity change from 0 to 512 [ 230.739159][ T8429] EXT4-fs (loop0): blocks per group (255) and clusters per group (8192) inconsistent [ 231.636169][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.718496][ T8442] loop0: detected capacity change from 0 to 256 [ 231.829434][ T8442] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 232.674131][ T5937] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 232.721307][ T5937] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 233.058560][ T8465] loop3: detected capacity change from 0 to 1024 [ 233.074512][ T8465] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 233.091308][ T8465] EXT4-fs (loop3): group descriptors corrupted! [ 233.102142][ T25] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 233.134732][ T8465] loop3: detected capacity change from 0 to 512 [ 233.142577][ T8465] EXT4-fs (loop3): blocks per group (255) and clusters per group (8192) inconsistent [ 233.262382][ T25] usb 3-1: device descriptor read/64, error -71 [ 233.660078][ T25] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 233.822779][ T25] usb 3-1: device descriptor read/64, error -71 [ 233.959876][ T25] usb usb3-port1: attempt power cycle [ 234.363378][ T25] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 234.383863][ T25] usb 3-1: device descriptor read/8, error -71 [ 234.418639][ T8456] loop1: detected capacity change from 0 to 32768 [ 234.469982][ T8456] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.771 (8456) [ 234.537181][ T8456] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 234.572555][ T8456] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 234.581446][ T8456] BTRFS info (device loop1): using free-space-tree [ 234.657436][ T25] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 234.702809][ T25] usb 3-1: device descriptor read/8, error -71 [ 234.714425][ T8456] BTRFS info (device loop1): rebuilding free space tree [ 234.832247][ T29] audit: type=1800 audit(1730487281.072:19): pid=8456 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.771" name="bus" dev="loop1" ino=263 res=0 errno=0 [ 234.927665][ T25] usb usb3-port1: unable to enumerate USB device [ 234.961076][ T5857] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 236.234800][ T5937] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 236.246038][ T8514] loop2: detected capacity change from 0 to 256 [ 236.265830][ T5937] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 236.276983][ T8514] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xadbf5ead, utbl_chksum : 0xe619d30d) [ 236.282781][ T8512] fuse: Bad value for 'fd' [ 238.279443][ T8544] loop3: detected capacity change from 0 to 2048 [ 238.290689][ T8544] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 238.301625][ T8544] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 238.309408][ T8544] UDF-fs: Scanning with blocksize 512 failed [ 238.323629][ T8544] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 238.518416][ T8552] netlink: 'syz.3.796': attribute type 4 has an invalid length. [ 238.616413][ T8548] kvm: kvm [8547]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800 [ 238.637631][ T8548] kvm: kvm [8547]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x800 [ 238.667826][ T8548] kvm: kvm [8547]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800 [ 238.689993][ T8548] kvm: kvm [8547]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x800 [ 238.710572][ T8548] kvm: kvm [8547]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800 [ 238.727099][ T8548] kvm: kvm [8547]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x800 [ 238.761717][ T8548] kvm: kvm [8547]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800 [ 238.781761][ T8548] kvm: kvm [8547]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x800 [ 238.843261][ T8548] kvm: kvm [8547]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800 [ 238.865993][ T8554] netlink: 'syz.2.799': attribute type 33 has an invalid length. [ 238.890757][ T8548] kvm: kvm [8547]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x800 [ 238.901764][ T8554] netlink: 152 bytes leftover after parsing attributes in process `syz.2.799'. [ 238.903242][ T836] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 238.927131][ T836] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 240.315591][ T8579] loop0: detected capacity change from 0 to 1024 [ 240.806119][ T8584] netlink: 12 bytes leftover after parsing attributes in process `syz.2.809'. [ 240.807005][ T8584] netlink: 'syz.2.809': attribute type 25 has an invalid length. [ 241.089076][ T8584] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 241.089151][ T8584] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 241.089183][ T8584] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 241.089212][ T8584] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 241.744390][ T8594] netlink: 'syz.1.811': attribute type 33 has an invalid length. [ 241.744407][ T8594] netlink: 152 bytes leftover after parsing attributes in process `syz.1.811'. [ 242.766689][ T25] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 242.932174][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 242.934231][ T25] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 242.934258][ T25] usb 2-1: config 0 has no interface number 0 [ 242.934277][ T25] usb 2-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 242.936960][ T25] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 242.936979][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.936990][ T25] usb 2-1: Product: syz [ 242.936999][ T25] usb 2-1: Manufacturer: syz [ 242.937008][ T25] usb 2-1: SerialNumber: syz [ 242.944517][ T25] usb 2-1: config 0 descriptor?? [ 242.945319][ T8596] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 242.947199][ T25] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 242.947221][ T25] em28xx 2-1:0.132: Video interface 132 found: bulk [ 243.202073][ T836] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 243.332155][ T836] usb 1-1: device descriptor read/64, error -71 [ 243.358401][ T25] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 243.572109][ T836] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 243.712279][ T836] usb 1-1: device descriptor read/64, error -71 [ 243.769286][ T25] em28xx 2-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5) [ 243.835793][ T25] em28xx 2-1:0.132: board has no eeprom [ 243.846074][ T836] usb usb1-port1: attempt power cycle [ 243.912114][ T25] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 243.929045][ T25] em28xx 2-1:0.132: analog set to bulk mode. [ 243.937297][ T47] em28xx 2-1:0.132: Registering V4L2 extension [ 243.988370][ T25] usb 2-1: USB disconnect, device number 6 [ 244.013046][ T25] em28xx 2-1:0.132: Disconnecting em28xx [ 244.353735][ T47] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 244.361334][ T47] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 244.368935][ T47] em28xx 2-1:0.132: No AC97 audio processor [ 244.377948][ T5847] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 244.394205][ T47] usb 2-1: Decoder not found [ 244.398843][ T47] em28xx 2-1:0.132: failed to create media graph [ 244.408607][ T47] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 244.525163][ T836] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 244.561322][ T836] usb 1-1: device descriptor read/8, error -71 [ 244.602460][ T47] em28xx 2-1:0.132: Remote control support is not available for this card. [ 244.692164][ T5847] usb 5-1: Using ep0 maxpacket: 16 [ 244.729455][ T5847] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 244.878797][ T25] em28xx 2-1:0.132: Closing input extension [ 244.891616][ T5847] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.008714][ T836] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 245.036597][ T25] em28xx 2-1:0.132: Freeing device [ 245.049398][ T5847] usb 5-1: Product: syz [ 245.064258][ T836] usb 1-1: device descriptor read/8, error -71 [ 245.072482][ T5847] usb 5-1: Manufacturer: syz [ 245.115223][ T5847] usb 5-1: SerialNumber: syz [ 245.205805][ T8629] netlink: 'syz.1.824': attribute type 2 has an invalid length. [ 245.382142][ T5937] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 245.443866][ T836] usb usb1-port1: unable to enumerate USB device [ 245.451910][ T5847] r8152-cfgselector 5-1: Unknown version 0x0000 [ 245.458267][ T5847] r8152-cfgselector 5-1: config 0 descriptor?? [ 245.617463][ T8634] loop2: detected capacity change from 0 to 1024 [ 245.683538][ C1] raw-gadget.0 gadget.4: ignoring, device is not running [ 245.691210][ C1] raw-gadget.0 gadget.4: ignoring, device is not running [ 245.767152][ T5847] r8152-cfgselector 5-1: Unknown version 0x0000 [ 245.822911][ T5847] r8152-cfgselector 5-1: bad CDC descriptors [ 246.274894][ T5847] r8152-cfgselector 5-1: USB disconnect, device number 9 [ 246.376152][ T5937] usb 4-1: Using ep0 maxpacket: 16 [ 246.385559][ T5937] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 246.397191][ T5937] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 246.410319][ T5937] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 246.420846][ T5937] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.429440][ T5937] usb 4-1: Product: syz [ 246.433794][ T5937] usb 4-1: Manufacturer: syz [ 246.438407][ T5937] usb 4-1: SerialNumber: syz [ 246.478602][ T5937] usb 4-1: config 0 descriptor?? [ 246.488783][ T5937] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 246.528150][ T5937] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 246.569857][ T8645] loop0: detected capacity change from 0 to 1024 [ 246.615295][ T8645] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 246.694878][ T8650] netlink: 8 bytes leftover after parsing attributes in process `syz.2.831'. [ 246.716651][ T5897] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 246.796695][ T8655] loop2: detected capacity change from 0 to 256 [ 246.816827][ T8655] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 247.066320][ T5897] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 247.077499][ T5897] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 247.090592][ T5897] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 247.101716][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.110864][ T5897] usb 2-1: Product: syz [ 247.123704][ T5897] usb 2-1: Manufacturer: syz [ 247.128521][ T5897] usb 2-1: SerialNumber: syz [ 247.791832][ T8648] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 247.881012][ T5937] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 247.891314][ T5937] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 248.376611][ T5897] cdc_ncm 2-1:1.0: bind() failure [ 248.404948][ T5897] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 248.430415][ T5897] cdc_ncm 2-1:1.1: bind() failure [ 248.473853][ T5897] usb 2-1: USB disconnect, device number 7 [ 248.522314][ T5937] em28xx 4-1:0.0: AC97 command still being executed: not handled properly! [ 248.548790][ T8672] loop1: detected capacity change from 0 to 256 [ 248.562676][ T5937] em28xx 4-1:0.0: Unknown AC97 audio processor detected! [ 248.620541][ T8672] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xadbf5ead, utbl_chksum : 0xe619d30d) [ 248.822116][ T5937] em28xx 4-1:0.0: AC97 command still being executed: not handled properly! [ 248.846775][ T5937] em28xx 4-1:0.0: couldn't setup AC97 register 2 [ 249.163378][ T6709] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 12 with error 28 [ 249.269431][ T6709] EXT4-fs (loop0): This should not happen!! Data will be lost [ 249.269431][ T6709] [ 249.390023][ T6709] EXT4-fs (loop0): Total free blocks count 0 [ 249.407638][ T6709] EXT4-fs (loop0): Free/Dirty block details [ 249.424259][ T6709] EXT4-fs (loop0): free_blocks=68451041280 [ 249.440301][ T6709] EXT4-fs (loop0): dirty_blocks=16 [ 249.455900][ T6709] EXT4-fs (loop0): Block reservation details [ 249.476183][ T6709] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 249.501824][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.572167][ T5937] em28xx 4-1:0.0: couldn't setup AC97 register 4 [ 249.581443][ T5937] em28xx 4-1:0.0: couldn't setup AC97 register 6 [ 249.590480][ T5937] em28xx 4-1:0.0: couldn't setup AC97 register 54 [ 249.599057][ T5937] em28xx 4-1:0.0: couldn't setup AC97 register 56 [ 249.811880][ T8681] loop1: detected capacity change from 0 to 1024 [ 249.902248][ T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 250.045463][ T9] usb 1-1: device descriptor read/64, error -71 [ 250.160081][ T5937] em28xx 4-1:0.0: couldn't setup AC97 register 20 [ 250.172117][ T5937] em28xx 4-1:0.0: couldn't setup AC97 register 16 [ 250.180188][ T5937] em28xx 4-1:0.0: couldn't setup AC97 register 12 [ 250.201139][ T5937] em28xx 4-1:0.0: couldn't setup AC97 register 14 [ 250.216894][ T5937] em28xx 4-1:0.0: couldn't setup AC97 register 18 [ 250.228181][ T5937] em28xx 4-1:0.0: couldn't setup AC97 register 22 [ 250.235414][ T5937] em28xx 4-1:0.0: couldn't setup AC97 register 24 [ 250.250046][ T5937] em28xx 4-1:0.0: Binding audio extension [ 250.262019][ T5937] em28xx 4-1:0.0: em28xx-audio.c: Copyright (C) 2006 Markus Rechberger [ 250.270293][ T5937] em28xx 4-1:0.0: em28xx-audio.c: Copyright (C) 2007-2016 Mauro Carvalho Chehab [ 250.287742][ T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 250.300307][ T875] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 250.330314][ T5937] em28xx 4-1:0.0: alt 0 doesn't exist on interface 7 [ 250.350286][ T5937] usb 4-1: USB disconnect, device number 5 [ 250.357136][ T5937] em28xx 4-1:0.0: Disconnecting em28xx [ 250.362901][ T5937] em28xx 4-1:0.0: Closing audio extension [ 250.445127][ T5937] em28xx 4-1:0.0: Freeing device [ 250.460381][ T9] usb 1-1: device descriptor read/64, error -71 [ 250.483461][ T875] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 250.507272][ T875] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 250.536294][ T875] usb 3-1: config 0 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 250.567839][ T875] usb 3-1: config 0 interface 0 has no altsetting 0 [ 250.574827][ T875] usb 3-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00 [ 250.584008][ T875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.598505][ T875] usb 3-1: config 0 descriptor?? [ 250.604349][ T9] usb usb1-port1: attempt power cycle [ 251.357175][ T875] cherry 0003:046A:0027.0004: unexpected long global item [ 251.365467][ T875] cherry 0003:046A:0027.0004: probe with driver cherry failed with error -22 [ 251.449509][ T8705] loop3: detected capacity change from 0 to 1024 [ 251.489051][ T8707] loop4: detected capacity change from 0 to 256 [ 251.507202][ T8707] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xadbf5ead, utbl_chksum : 0xe619d30d) [ 251.559463][ T8705] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 251.661403][ T5937] usb 3-1: USB disconnect, device number 7 [ 251.692097][ T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 251.727661][ T9] usb 1-1: device descriptor read/8, error -71 [ 252.542753][ T11] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 252.558271][ T11] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 12 with error 28 [ 252.576711][ T11] EXT4-fs (loop3): This should not happen!! Data will be lost [ 252.576711][ T11] [ 252.586895][ T11] EXT4-fs (loop3): Total free blocks count 0 [ 252.593716][ T11] EXT4-fs (loop3): Free/Dirty block details [ 252.599638][ T11] EXT4-fs (loop3): free_blocks=68451041280 [ 252.654055][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 252.684797][ T9] usb 1-1: device descriptor read/8, error -71 [ 252.707937][ T11] EXT4-fs (loop3): dirty_blocks=16 [ 252.713213][ T11] EXT4-fs (loop3): Block reservation details [ 252.719212][ T11] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 252.842478][ T9] usb usb1-port1: unable to enumerate USB device [ 252.945511][ T5850] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.737065][ T29] audit: type=1326 audit(1730487301.032:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8749 comm="syz.3.863" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd8c6b7e719 code=0x0 [ 255.571406][ T8755] loop0: detected capacity change from 0 to 256 [ 255.601955][ T8755] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xadbf5ead, utbl_chksum : 0xe619d30d) [ 256.549125][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.556405][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.846101][ T875] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 257.024743][ T875] usb 3-1: unable to get BOS descriptor or descriptor too short [ 257.063738][ T875] usb 3-1: no configurations [ 257.094175][ T875] usb 3-1: can't read configurations, error -22 [ 257.232163][ T875] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 257.405548][ T875] usb 3-1: unable to get BOS descriptor or descriptor too short [ 257.430024][ T875] usb 3-1: no configurations [ 257.446944][ T875] usb 3-1: can't read configurations, error -22 [ 257.487768][ T875] usb usb3-port1: attempt power cycle [ 257.564025][ T8784] loop0: detected capacity change from 0 to 16 [ 257.667837][ T8784] erofs: (device loop0): mounted with root inode @ nid 36. [ 257.718823][ T8788] loop1: detected capacity change from 0 to 256 [ 257.765608][ T8788] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xadbf5ead, utbl_chksum : 0xe619d30d) [ 257.782210][ T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 257.852644][ T875] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 257.880056][ T875] usb 3-1: unable to get BOS descriptor or descriptor too short [ 257.890344][ T875] usb 3-1: no configurations [ 257.901029][ T875] usb 3-1: can't read configurations, error -22 [ 257.962099][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 257.970574][ T9] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 258.002123][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.010113][ T9] usb 5-1: Product: syz [ 258.665610][ T875] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 258.673322][ T9] usb 5-1: Manufacturer: syz [ 258.678130][ T9] usb 5-1: SerialNumber: syz [ 258.690331][ T9] usb 5-1: config 0 descriptor?? [ 258.713197][ T875] usb 3-1: unable to get BOS descriptor or descriptor too short [ 258.720934][ T875] usb 3-1: no configurations [ 258.726497][ T875] usb 3-1: can't read configurations, error -22 [ 258.733471][ T875] usb usb3-port1: unable to enumerate USB device [ 258.905760][ T9] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 259.919309][ T8819] loop0: detected capacity change from 0 to 32768 [ 259.954435][ T8819] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.888 (8819) [ 259.986798][ T8819] BTRFS info (device loop0): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 260.152999][ T8819] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 260.186630][ T8819] BTRFS info (device loop0): using free-space-tree [ 260.686320][ T29] audit: type=1800 audit(1730487306.982:21): pid=8819 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.888" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 260.779072][ T8843] netlink: 'syz.3.890': attribute type 33 has an invalid length. [ 260.824094][ T8843] netlink: 152 bytes leftover after parsing attributes in process `syz.3.890'. [ 260.893333][ T5844] BTRFS info (device loop0): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 261.037547][ T8849] loop3: detected capacity change from 0 to 256 [ 261.080569][ T8849] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xadbf5ead, utbl_chksum : 0xe619d30d) [ 261.497203][ T9] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 261.521941][ T9] usb 5-1: USB disconnect, device number 10 [ 262.791362][ T8890] loop0: detected capacity change from 0 to 256 [ 262.807199][ T8890] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xadbf5ead, utbl_chksum : 0xe619d30d) [ 263.220921][ T8898] netlink: 'syz.3.910': attribute type 10 has an invalid length. [ 263.288929][ T8898] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.296512][ T8898] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.351682][ T8898] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.358937][ T8898] bridge0: port 2(bridge_slave_1) entered forwarding state [ 263.366426][ T8898] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.373654][ T8898] bridge0: port 1(bridge_slave_0) entered forwarding state [ 263.392135][ T8898] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 263.401375][ T8900] netlink: 4 bytes leftover after parsing attributes in process `syz.3.910'. [ 263.410386][ T8900] bridge_slave_1: left allmulticast mode [ 263.423255][ T8900] bridge_slave_1: left promiscuous mode [ 263.438306][ T8900] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.448962][ T8900] bridge_slave_0: left allmulticast mode [ 263.459153][ T8900] bridge_slave_0: left promiscuous mode [ 263.469008][ T8900] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.527346][ T8900] bond0: (slave bridge0): Releasing backup interface [ 264.472487][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 264.622080][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 264.631704][ T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 264.641356][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.650881][ T9] usb 2-1: Product: syz [ 264.655390][ T9] usb 2-1: Manufacturer: syz [ 264.660004][ T9] usb 2-1: SerialNumber: syz [ 264.666200][ T9] usb 2-1: config 0 descriptor?? [ 264.692096][ T5897] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 264.858320][ T5897] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 264.868818][ T5897] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 264.883452][ T5897] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 264.897784][ T5897] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.900221][ T9] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 264.907928][ T5897] usb 5-1: Product: syz [ 264.924586][ T5897] usb 5-1: Manufacturer: syz [ 264.929417][ T5897] usb 5-1: SerialNumber: syz [ 264.931956][ T8938] loop2: detected capacity change from 0 to 1024 [ 266.599360][ T8943] loop2: detected capacity change from 0 to 256 [ 266.623847][ T8943] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xadbf5ead, utbl_chksum : 0xe619d30d) [ 266.725552][ T9] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 266.761917][ T9] usb 2-1: USB disconnect, device number 8 [ 267.510265][ T875] usb 5-1: USB disconnect, device number 11 [ 267.527467][ T836] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 267.922143][ T875] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 268.078726][ T8968] loop0: detected capacity change from 0 to 1024 [ 268.085508][ T875] usb 5-1: Using ep0 maxpacket: 16 [ 268.094714][ T875] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 268.119838][ T875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 268.140179][ T875] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 268.149834][ T875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.161305][ T875] usb 5-1: Product: syz [ 268.167299][ T875] usb 5-1: Manufacturer: syz [ 268.172433][ T5897] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 268.172551][ T875] usb 5-1: SerialNumber: syz [ 268.192079][ T836] usb 2-1: Using ep0 maxpacket: 32 [ 268.193156][ T875] usb 5-1: config 0 descriptor?? [ 268.204116][ T836] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 268.207557][ T875] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 268.222667][ T875] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 268.224143][ T836] usb 2-1: config 0 has no interface number 0 [ 268.239764][ T836] usb 2-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 268.259649][ T836] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 268.275878][ T836] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.283997][ T836] usb 2-1: Product: syz [ 268.288184][ T836] usb 2-1: Manufacturer: syz [ 268.292922][ T836] usb 2-1: SerialNumber: syz [ 268.300700][ T836] usb 2-1: config 0 descriptor?? [ 268.306433][ T8953] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 268.317335][ T836] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 268.327200][ T836] em28xx 2-1:0.132: Video interface 132 found: bulk [ 268.367375][ T5897] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 268.378470][ T5897] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 268.388395][ T5897] usb 4-1: config 0 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 268.402735][ T5897] usb 4-1: config 0 interface 0 has no altsetting 0 [ 268.409762][ T5897] usb 4-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00 [ 268.418952][ T5897] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.463224][ T5897] usb 4-1: config 0 descriptor?? [ 268.735658][ T836] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 268.878258][ T875] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 268.892476][ T5897] usbhid 4-1:0.0: can't add hid device: -71 [ 268.901049][ T5897] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 268.911322][ T875] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 268.919910][ T5897] usb 4-1: USB disconnect, device number 6 [ 269.349420][ T836] em28xx 2-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5) [ 269.360488][ T836] em28xx 2-1:0.132: failed to read eeprom (err=-5) [ 269.380847][ T836] em28xx 2-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 269.442099][ T836] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 269.466511][ T836] em28xx 2-1:0.132: analog set to bulk mode. [ 269.484705][ T5897] em28xx 2-1:0.132: Registering V4L2 extension [ 269.509160][ T836] usb 2-1: USB disconnect, device number 9 [ 269.530502][ T875] em28xx 5-1:0.0: Unknown AC97 audio processor detected! [ 269.534833][ T836] em28xx 2-1:0.132: Disconnecting em28xx [ 269.554647][ T875] em28xx 5-1:0.0: couldn't setup AC97 register 2 [ 269.584956][ T875] em28xx 5-1:0.0: couldn't setup AC97 register 4 [ 269.600208][ T875] em28xx 5-1:0.0: couldn't setup AC97 register 6 [ 269.649824][ T8985] loop2: detected capacity change from 0 to 256 [ 269.657148][ T5897] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 269.666018][ T5897] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 269.674347][ T5897] em28xx 2-1:0.132: No AC97 audio processor [ 269.689641][ T8985] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xadbf5ead, utbl_chksum : 0xe619d30d) [ 269.703537][ T5897] usb 2-1: Decoder not found [ 269.708160][ T5897] em28xx 2-1:0.132: failed to create media graph [ 269.899333][ T5897] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 269.911078][ T5897] em28xx 2-1:0.132: Remote control support is not available for this card. [ 269.919817][ T836] em28xx 2-1:0.132: Closing input extension [ 269.942439][ T836] em28xx 2-1:0.132: Freeing device [ 270.006868][ T8990] fuse: Bad value for 'fd' [ 270.027720][ T875] em28xx 5-1:0.0: couldn't setup AC97 register 54 [ 270.046262][ T875] em28xx 5-1:0.0: couldn't setup AC97 register 56 [ 270.087367][ T875] usb 5-1: USB disconnect, device number 12 [ 270.445414][ T836] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 270.614341][ T836] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 270.631571][ T836] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 270.659050][ T836] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 270.676235][ T836] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 270.687229][ T836] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.695306][ T836] usb 2-1: Product: syz [ 270.699551][ T836] usb 2-1: Manufacturer: syz [ 270.704229][ T836] usb 2-1: SerialNumber: syz [ 271.278560][ T836] cdc_ncm 2-1:1.0: skipping garbage [ 271.283873][ T836] cdc_ncm 2-1:1.0: NCM or ECM functional descriptors missing [ 271.291289][ T836] cdc_ncm 2-1:1.0: bind() failure [ 271.417247][ T9006] loop2: detected capacity change from 0 to 1024 [ 272.463532][ T836] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 272.482026][ T836] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 272.849323][ T9029] ================================================================== [ 272.857425][ T9029] BUG: KASAN: slab-out-of-bounds in skb_copy_and_csum_bits+0x433/0x9c0 [ 272.865686][ T9029] Write of size 1240 at addr ffff88802715bcd0 by task syz.3.957/9029 [ 272.873741][ T9029] [ 272.876073][ T9029] CPU: 0 UID: 0 PID: 9029 Comm: syz.3.957 Not tainted 6.12.0-rc5-next-20241101-syzkaller #0 [ 272.886141][ T9029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 272.896195][ T9029] Call Trace: [ 272.899477][ T9029] [ 272.902410][ T9029] dump_stack_lvl+0x241/0x360 [ 272.907090][ T9029] ? __pfx_dump_stack_lvl+0x10/0x10 [ 272.912283][ T9029] ? __pfx__printk+0x10/0x10 [ 272.916872][ T9029] ? _printk+0xd5/0x120 [ 272.921028][ T9029] ? __virt_addr_valid+0x183/0x530 [ 272.926137][ T9029] ? __virt_addr_valid+0x183/0x530 [ 272.931256][ T9029] print_report+0x169/0x550 [ 272.935763][ T9029] ? __virt_addr_valid+0x183/0x530 [ 272.940878][ T9029] ? __virt_addr_valid+0x183/0x530 [ 272.945993][ T9029] ? __virt_addr_valid+0x45f/0x530 [ 272.951109][ T9029] ? __phys_addr+0xba/0x170 [ 272.955610][ T9029] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 272.961156][ T9029] kasan_report+0x143/0x180 [ 272.965655][ T9029] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 272.971197][ T9029] kasan_check_range+0x282/0x290 [ 272.976129][ T9029] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 272.981665][ T9029] __asan_memcpy+0x40/0x70 [ 272.986102][ T9029] skb_copy_and_csum_bits+0x433/0x9c0 [ 272.991472][ T9029] __ip6_append_data+0x3075/0x4380 [ 272.996588][ T9029] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 273.002138][ T9029] ? __pfx___ip6_append_data+0x10/0x10 [ 273.007597][ T9029] ? ip6_setup_cork+0x9f7/0x1080 [ 273.012532][ T9029] ip6_append_data+0x264/0x3a0 [ 273.017295][ T9029] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 273.022837][ T9029] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 273.028377][ T9029] udpv6_sendmsg+0xbb8/0x32b0 [ 273.033057][ T9029] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 273.038601][ T9029] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 273.043713][ T9029] ? __pfx___might_resched+0x10/0x10 [ 273.049027][ T9029] ? aa_sk_perm+0x96d/0xab0 [ 273.053535][ T9029] ? sock_rps_record_flow+0x1a/0x400 [ 273.058817][ T9029] ? inet_send_prepare+0x21/0x260 [ 273.063844][ T9029] ? inet_send_prepare+0x5a/0x260 [ 273.068865][ T9029] __sock_sendmsg+0xef/0x270 [ 273.073449][ T9029] sock_sendmsg+0x134/0x200 [ 273.077944][ T9029] ? __pfx_sock_sendmsg+0x10/0x10 [ 273.082966][ T9029] ? iov_iter_bvec+0x4e/0x180 [ 273.087639][ T9029] splice_to_socket+0xa10/0x10b0 [ 273.092584][ T9029] ? __pfx_splice_to_socket+0x10/0x10 [ 273.097960][ T9029] ? shmem_file_splice_read+0xd33/0xeb0 [ 273.103504][ T9029] ? __pfx_shmem_file_splice_read+0x10/0x10 [ 273.109390][ T9029] ? __pfx_splice_to_socket+0x10/0x10 [ 273.114761][ T9029] direct_splice_actor+0x11b/0x220 [ 273.119865][ T9029] splice_direct_to_actor+0x586/0xc80 [ 273.125234][ T9029] ? __pfx_direct_splice_actor+0x10/0x10 [ 273.130859][ T9029] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 273.136744][ T9029] ? __fget_files+0x2a/0x410 [ 273.141326][ T9029] ? __pfx_lock_release+0x10/0x10 [ 273.146344][ T9029] do_splice_direct+0x289/0x3e0 [ 273.151186][ T9029] ? __pfx_do_splice_direct+0x10/0x10 [ 273.156551][ T9029] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 273.162441][ T9029] ? bpf_lsm_file_permission+0x9/0x10 [ 273.167811][ T9029] ? security_file_permission+0x74/0x280 [ 273.173438][ T9029] ? rw_verify_area+0x1c3/0x6f0 [ 273.178371][ T9029] do_sendfile+0x561/0xe10 [ 273.182786][ T9029] ? __pfx_do_sendfile+0x10/0x10 [ 273.187720][ T9029] __se_sys_sendfile64+0x17c/0x1e0 [ 273.192828][ T9029] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 273.198456][ T9029] ? do_syscall_64+0x100/0x230 [ 273.203212][ T9029] ? do_syscall_64+0xb6/0x230 [ 273.207879][ T9029] do_syscall_64+0xf3/0x230 [ 273.212374][ T9029] ? clear_bhb_loop+0x35/0x90 [ 273.217042][ T9029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.222932][ T9029] RIP: 0033:0x7fd8c6b7e719 [ 273.227347][ T9029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.246946][ T9029] RSP: 002b:00007fd8c79b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 273.255375][ T9029] RAX: ffffffffffffffda RBX: 00007fd8c6d35f80 RCX: 00007fd8c6b7e719 [ 273.263350][ T9029] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 273.271320][ T9029] RBP: 00007fd8c6bf132e R08: 0000000000000000 R09: 0000000000000000 [ 273.279289][ T9029] R10: 0180000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 273.287262][ T9029] R13: 0000000000000000 R14: 00007fd8c6d35f80 R15: 00007ffc2d918838 [ 273.295238][ T9029] [ 273.298248][ T9029] [ 273.300566][ T9029] Allocated by task 9029: [ 273.304890][ T9029] kasan_save_track+0x3f/0x80 [ 273.309569][ T9029] __kasan_slab_alloc+0x66/0x80 [ 273.314410][ T9029] kmem_cache_alloc_node_noprof+0x1d9/0x380 [ 273.320307][ T9029] kmalloc_reserve+0xa8/0x2a0 [ 273.324986][ T9029] __alloc_skb+0x1f3/0x440 [ 273.329396][ T9029] __ip6_append_data+0x2e49/0x4380 [ 273.334500][ T9029] ip6_append_data+0x264/0x3a0 [ 273.339256][ T9029] udpv6_sendmsg+0xbb8/0x32b0 [ 273.343926][ T9029] __sock_sendmsg+0xef/0x270 [ 273.348512][ T9029] sock_sendmsg+0x134/0x200 [ 273.353015][ T9029] splice_to_socket+0xa10/0x10b0 [ 273.357954][ T9029] direct_splice_actor+0x11b/0x220 [ 273.363060][ T9029] splice_direct_to_actor+0x586/0xc80 [ 273.368425][ T9029] do_splice_direct+0x289/0x3e0 [ 273.373267][ T9029] do_sendfile+0x561/0xe10 [ 273.377681][ T9029] __se_sys_sendfile64+0x17c/0x1e0 [ 273.382787][ T9029] do_syscall_64+0xf3/0x230 [ 273.387288][ T9029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.393182][ T9029] [ 273.395494][ T9029] The buggy address belongs to the object at ffff88802715bc00 [ 273.395494][ T9029] which belongs to the cache skbuff_small_head of size 640 [ 273.410062][ T9029] The buggy address is located 208 bytes inside of [ 273.410062][ T9029] allocated 640-byte region [ffff88802715bc00, ffff88802715be80) [ 273.424194][ T9029] [ 273.426509][ T9029] The buggy address belongs to the physical page: [ 273.432914][ T9029] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27158 [ 273.441679][ T9029] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 273.450184][ T9029] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 273.458173][ T9029] page_type: f5(slab) [ 273.462149][ T9029] raw: 00fff00000000040 ffff888141ef3a00 0000000000000000 dead000000000001 [ 273.470729][ T9029] raw: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 273.479302][ T9029] head: 00fff00000000040 ffff888141ef3a00 0000000000000000 dead000000000001 [ 273.488134][ T9029] head: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 273.496795][ T9029] head: 00fff00000000002 ffffea00009c5601 ffffffffffffffff 0000000000000000 [ 273.505474][ T9029] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 273.514136][ T9029] page dumped because: kasan: bad access detected [ 273.520544][ T9029] page_owner tracks the page as allocated [ 273.526250][ T9029] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5220, tgid 5220 (udevadm), ts 18402467551, free_ts 18400085574 [ 273.547170][ T9029] post_alloc_hook+0x1f3/0x230 [ 273.551933][ T9029] get_page_from_freelist+0x3725/0x3870 [ 273.557484][ T9029] __alloc_pages_noprof+0x292/0x710 [ 273.562679][ T9029] alloc_pages_mpol_noprof+0x3e8/0x680 [ 273.568133][ T9029] alloc_slab_page+0x6a/0x140 [ 273.572808][ T9029] allocate_slab+0x5a/0x2f0 [ 273.577306][ T9029] ___slab_alloc+0xcd1/0x14b0 [ 273.581981][ T9029] __slab_alloc+0x58/0xa0 [ 273.586306][ T9029] kmem_cache_alloc_node_noprof+0x269/0x380 [ 273.592191][ T9029] kmalloc_reserve+0xa8/0x2a0 [ 273.596862][ T9029] __alloc_skb+0x1f3/0x440 [ 273.601270][ T9029] alloc_uevent_skb+0x74/0x230 [ 273.606025][ T9029] kobject_uevent_net_broadcast+0x2fd/0x580 [ 273.611916][ T9029] kobject_uevent_env+0x57d/0x8e0 [ 273.616932][ T9029] kobject_synth_uevent+0x4ef/0xae0 [ 273.622132][ T9029] uevent_store+0x4b/0x70 [ 273.626458][ T9029] page last free pid 5221 tgid 5221 stack trace: [ 273.632771][ T9029] free_unref_page+0xcfb/0xf20 [ 273.637528][ T9029] __put_partials+0xeb/0x130 [ 273.642110][ T9029] put_cpu_partial+0x17c/0x250 [ 273.646865][ T9029] __slab_free+0x2ea/0x3d0 [ 273.651275][ T9029] qlist_free_all+0x9a/0x140 [ 273.655861][ T9029] kasan_quarantine_reduce+0x14f/0x170 [ 273.661315][ T9029] __kasan_slab_alloc+0x23/0x80 [ 273.666160][ T9029] __kmalloc_noprof+0x236/0x4c0 [ 273.671006][ T9029] tomoyo_realpath_from_path+0xcf/0x5e0 [ 273.676541][ T9029] tomoyo_check_open_permission+0x258/0x4f0 [ 273.682435][ T9029] security_file_open+0xac/0x250 [ 273.687366][ T9029] do_dentry_open+0x328/0x1b70 [ 273.692120][ T9029] vfs_open+0x3e/0x330 [ 273.696183][ T9029] path_openat+0x2c84/0x3590 [ 273.700768][ T9029] do_filp_open+0x235/0x490 [ 273.705268][ T9029] do_sys_openat2+0x13e/0x1d0 [ 273.709944][ T9029] [ 273.712259][ T9029] Memory state around the buggy address: [ 273.717873][ T9029] ffff88802715bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 273.725922][ T9029] ffff88802715be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 273.734026][ T9029] >ffff88802715be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 273.742080][ T9029] ^ [ 273.746136][ T9029] ffff88802715bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 273.754189][ T9029] ffff88802715bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 273.762245][ T9029] ================================================================== [ 273.771656][ T9029] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 273.778901][ T9029] CPU: 0 UID: 0 PID: 9029 Comm: syz.3.957 Not tainted 6.12.0-rc5-next-20241101-syzkaller #0 [ 273.788972][ T9029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 273.799031][ T9029] Call Trace: [ 273.802316][ T9029] [ 273.805254][ T9029] dump_stack_lvl+0x241/0x360 [ 273.809945][ T9029] ? __pfx_dump_stack_lvl+0x10/0x10 [ 273.815147][ T9029] ? __pfx__printk+0x10/0x10 [ 273.819751][ T9029] ? vscnprintf+0x5d/0x90 [ 273.824090][ T9029] panic+0x349/0x880 [ 273.828003][ T9029] ? check_panic_on_warn+0x21/0xb0 [ 273.833134][ T9029] ? __pfx_panic+0x10/0x10 [ 273.837570][ T9029] ? mark_lock+0x9a/0x360 [ 273.841918][ T9029] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 273.847830][ T9029] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 273.853736][ T9029] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 273.860077][ T9029] ? print_report+0x502/0x550 [ 273.864774][ T9029] check_panic_on_warn+0x86/0xb0 [ 273.869722][ T9029] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 273.875276][ T9029] end_report+0x77/0x160 [ 273.879530][ T9029] kasan_report+0x154/0x180 [ 273.884043][ T9029] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 273.889599][ T9029] kasan_check_range+0x282/0x290 [ 273.894543][ T9029] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 273.900100][ T9029] __asan_memcpy+0x40/0x70 [ 273.904542][ T9029] skb_copy_and_csum_bits+0x433/0x9c0 [ 273.909949][ T9029] __ip6_append_data+0x3075/0x4380 [ 273.915087][ T9029] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 273.920647][ T9029] ? __pfx___ip6_append_data+0x10/0x10 [ 273.926128][ T9029] ? ip6_setup_cork+0x9f7/0x1080 [ 273.931085][ T9029] ip6_append_data+0x264/0x3a0 [ 273.935866][ T9029] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 273.941428][ T9029] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 273.946986][ T9029] udpv6_sendmsg+0xbb8/0x32b0 [ 273.951713][ T9029] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 273.957282][ T9029] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 273.962411][ T9029] ? __pfx___might_resched+0x10/0x10 [ 273.967730][ T9029] ? aa_sk_perm+0x96d/0xab0 [ 273.972259][ T9029] ? sock_rps_record_flow+0x1a/0x400 [ 273.977559][ T9029] ? inet_send_prepare+0x21/0x260 [ 273.982597][ T9029] ? inet_send_prepare+0x5a/0x260 [ 273.987645][ T9029] __sock_sendmsg+0xef/0x270 [ 273.992250][ T9029] sock_sendmsg+0x134/0x200 [ 273.996763][ T9029] ? __pfx_sock_sendmsg+0x10/0x10 [ 274.001804][ T9029] ? iov_iter_bvec+0x4e/0x180 [ 274.006497][ T9029] splice_to_socket+0xa10/0x10b0 [ 274.011472][ T9029] ? __pfx_splice_to_socket+0x10/0x10 [ 274.016883][ T9029] ? shmem_file_splice_read+0xd33/0xeb0 [ 274.022451][ T9029] ? __pfx_shmem_file_splice_read+0x10/0x10 [ 274.028358][ T9029] ? __pfx_splice_to_socket+0x10/0x10 [ 274.033751][ T9029] direct_splice_actor+0x11b/0x220 [ 274.038881][ T9029] splice_direct_to_actor+0x586/0xc80 [ 274.044277][ T9029] ? __pfx_direct_splice_actor+0x10/0x10 [ 274.049925][ T9029] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 274.055830][ T9029] ? __fget_files+0x2a/0x410 [ 274.060436][ T9029] ? __pfx_lock_release+0x10/0x10 [ 274.065478][ T9029] do_splice_direct+0x289/0x3e0 [ 274.070345][ T9029] ? __pfx_do_splice_direct+0x10/0x10 [ 274.075733][ T9029] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 274.081650][ T9029] ? bpf_lsm_file_permission+0x9/0x10 [ 274.087042][ T9029] ? security_file_permission+0x74/0x280 [ 274.092693][ T9029] ? rw_verify_area+0x1c3/0x6f0 [ 274.097566][ T9029] do_sendfile+0x561/0xe10 [ 274.102007][ T9029] ? __pfx_do_sendfile+0x10/0x10 [ 274.106972][ T9029] __se_sys_sendfile64+0x17c/0x1e0 [ 274.112102][ T9029] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 274.117755][ T9029] ? do_syscall_64+0x100/0x230 [ 274.122539][ T9029] ? do_syscall_64+0xb6/0x230 [ 274.127232][ T9029] do_syscall_64+0xf3/0x230 [ 274.131747][ T9029] ? clear_bhb_loop+0x35/0x90 [ 274.136441][ T9029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.142356][ T9029] RIP: 0033:0x7fd8c6b7e719 [ 274.146794][ T9029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.166417][ T9029] RSP: 002b:00007fd8c79b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 274.174853][ T9029] RAX: ffffffffffffffda RBX: 00007fd8c6d35f80 RCX: 00007fd8c6b7e719 [ 274.182832][ T9029] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 274.190797][ T9029] RBP: 00007fd8c6bf132e R08: 0000000000000000 R09: 0000000000000000 [ 274.198760][ T9029] R10: 0180000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 274.206733][ T9029] R13: 0000000000000000 R14: 00007fd8c6d35f80 R15: 00007ffc2d918838 [ 274.214702][ T9029] [ 274.217948][ T9029] Kernel Offset: disabled [ 274.222260][ T9029] Rebooting in 86400 seconds..