last executing test programs: 1m1.582077063s ago: executing program 0 (id=666): syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r0 = shmget(0x0, 0x1000, 0x302, &(0x7f0000ffe000/0x1000)=nil) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, 0x0, 0x0) shmctl$SHM_UNLOCK(r0, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x13, 0x0, &(0x7f0000000840)) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e21, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20, @empty}, 0x10) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) shmget$private(0x0, 0x1000, 0x80, &(0x7f0000ffd000/0x1000)=nil) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f00000005c0)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000080)={@host}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7aa, &(0x7f0000000040)={{@host}, @host, 0x1, 0x475, 0x0, 0xfffffffffffffffc, 0xf}) 58.77766706s ago: executing program 0 (id=674): epoll_create(0x8) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001300)={0x2c, &(0x7f0000001000)={0x0, 0x0, 0x4, "da3c8d23"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 53.274752256s ago: executing program 0 (id=687): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mknod$loop(0x0, 0x0, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x2, 0x1, 0xc8}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 52.075265367s ago: executing program 0 (id=689): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0) kcmp(r0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0) memfd_create(&(0x7f0000000ac0)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01) quotactl$Q_SETQUOTA(0xffffffff80000801, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x9d}) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) chown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 36.484168155s ago: executing program 2 (id=736): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6) 33.368232828s ago: executing program 2 (id=742): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) r3 = fcntl$getown(r2, 0x9) ptrace$setsig(0x4203, r3, 0xb, &(0x7f0000000140)={0x33, 0xfff, 0x800}) r4 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r4, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000040)='batadv_slave_0\x00', 0x10) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000280)='wlan1\x00', 0x10) setsockopt$inet_opts(r4, 0x0, 0x4, 0x0, 0x0) 10.205558947s ago: executing program 3 (id=785): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x3, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setitimer(0x2, 0x0, 0x0) setitimer(0x2, 0x0, &(0x7f0000000980)) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f) 9.34163688s ago: executing program 3 (id=787): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b00000000001b000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000006ffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x1) r4 = socket$inet(0x2, 0x2, 0x1) bind$inet(r4, &(0x7f0000002680)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r4, 0x0, 0xa, &(0x7f0000000300)=0x5, 0x4) sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000140)}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000071122000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 8.913421157s ago: executing program 4 (id=788): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1a, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2600, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70200001400894fb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e0000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000680)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c}) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, 0x0) renameat2(r5, &(0x7f0000000380)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r6, &(0x7f0000000040)='./file1\x00', 0x2) 8.347106174s ago: executing program 3 (id=789): sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8040) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2f, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x4e23, 0x10001, @private0}}}, 0x108) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat$null(0xffffff9c, &(0x7f0000000000), 0x2400, 0x0) syz_mount_image$fuse(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x1020, &(0x7f0000000700)=ANY=[], 0x1, 0x0, &(0x7f00000003c0)="909fc902188434112e644014389e35b60e27caaac2d19849de637c3a636548b3db8a3ef4b4050ed86456df0da7e1b3b90d511cee4db5eb573beca1c5754eff964c998c2e68b1c90ab302052d9907be69046e0250d62fd903056b4f333f95440958bc9cc2b457b8003091b9eb0470aa2d67067ee08faf93b497ae219ccb2828581d4a571afacf1c4b98a3ce0a444982e32f6a9cf6e0f5d7df0c713984c83bda063cd5380836c977d0da4ef52a00037270105bdd1cfd86368b69f38865c5d0c87d279ebe8aa51a631f0b864ecd3facbed206972b344f704df7257508a701aa8cdc48deed1b6a8179138534bcff8569fa32d520918b4284cc890a3e070d1a") r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@security={'security\x00', 0x64, 0x4, 0x318, 0x100000c, 0x0, 0x1c0, 0xc0, 0xffffffff, 0xffffffff, 0x280, 0x280, 0x280, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @rand_addr, 0x0, 0x0, 'veth0_vlan\x00', 'syzkaller1\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@inet=@socket1={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@ip={@remote, @multicast2, 0x0, 0x0, 'pim6reg0\x00', 'lo\x00'}, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@unspec=@connmark={{0x30}}]}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "a2f3"}}]}, @common=@inet=@TCPMSS={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x378) 7.344772939s ago: executing program 1 (id=790): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000107000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000002c0), r5) sendmsg$IEEE802154_LLSEC_LIST_DEV(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r6, 0x701}, 0x14}}, 0x0) 7.080945871s ago: executing program 3 (id=791): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./bus\x00', 0x40) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) open$dir(&(0x7f0000000440)='./file0\x00', 0x40, 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) 6.896245087s ago: executing program 4 (id=792): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="4804", @ANYRES16=r2, @ANYBLOB="01e5ff000000000004003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000240), 0x3af4701e) sendfile(r5, r3, 0x0, 0x10000a007) 6.217820064s ago: executing program 1 (id=793): openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r3 = openat$cgroup_devices(r2, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r3, &(0x7f00000000c0)={'c', ' *:* ', 'rwm\x00'}, 0xa) write$cgroup_devices(r3, &(0x7f00000003c0)={'c', ' *:* ', 'rw\x00'}, 0x9) 6.001770773s ago: executing program 1 (id=794): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x18, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) 5.687000559s ago: executing program 1 (id=795): sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8040) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2f, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x4e23, 0x10001, @private0}}}, 0x108) 5.217247389s ago: executing program 4 (id=796): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a010800000000000000000200000009000200"], 0x68}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$PPPOEIOCSFWD(0xffffffffffffffff, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}}) syz_io_uring_setup(0xd2, 0x0, 0x0, &(0x7f0000000080)) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000640)={0x20, 0x17, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0) 4.057451307s ago: executing program 3 (id=797): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00') pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[], 0x178) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x10, 0xffffffffffffffff, 0x0) r5 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_mreqsrc(r5, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f00000000c0)=0xc) sendmmsg$inet(r4, &(0x7f0000000840)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)='W', 0x1}], 0x1}}], 0x1, 0x0) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SCSI_IOCTL_STOP_UNIT(r6, 0x6) 3.924703028s ago: executing program 4 (id=798): unshare(0xa010680) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_setup(0x0, 0x0) io_pgetevents(0x0, 0x5, 0x0, 0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000040'], 0x2a, 0xfffffffffffffffc) r5 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f0000000040), &(0x7f0000000000), &(0x7f00000002c0)='s', 0x1, 0xfffffffffffffffe) keyctl$read(0xb, r5, &(0x7f0000000240)=""/112, 0x349b7f55) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4008af21, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x47509a7154303a47}) openat$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', 0x2, 0x18) 2.881438806s ago: executing program 3 (id=799): sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8040) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2f, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x4e23, 0x10001, @private0}}}, 0x108) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat$null(0xffffff9c, &(0x7f0000000000), 0x2400, 0x0) syz_mount_image$fuse(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x1020, &(0x7f0000000700)=ANY=[], 0x1, 0x0, &(0x7f00000003c0)="909fc902188434112e644014389e35b60e27caaac2d19849de637c3a636548b3db8a3ef4b4050ed86456df0da7e1b3b90d511cee4db5eb573beca1c5754eff964c998c2e68b1c90ab302052d9907be69046e0250d62fd903056b4f333f95440958bc9cc2b457b8003091b9eb0470aa2d67067ee08faf93b497ae219ccb2828581d4a571afacf1c4b98a3ce0a444982e32f6a9cf6e0f5d7df0c713984c83bda063cd5380836c977d0da4ef52a00037270105bdd1cfd86368b69f38865c5d0c87d279ebe8aa51a631f0b864ecd3facbed206972b344f704df7257508a701aa8cdc48deed1b6a8179138534bcff8569fa32d520918b4284cc890a3e070d1a") r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@security={'security\x00', 0x64, 0x4, 0x318, 0x100000c, 0x0, 0x1c0, 0xc0, 0xffffffff, 0xffffffff, 0x280, 0x280, 0x280, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @rand_addr, 0x0, 0x0, 'veth0_vlan\x00', 'syzkaller1\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@inet=@socket1={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@ip={@remote, @multicast2, 0x0, 0x0, 'pim6reg0\x00', 'lo\x00'}, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@unspec=@connmark={{0x30}}]}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "a2f3"}}]}, @common=@inet=@TCPMSS={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x378) 2.477003991s ago: executing program 4 (id=800): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0], 0x0, 0x2, r5}) ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000500)={0x0, 0x1, &(0x7f0000000180)=[r5], &(0x7f00000000c0)=[0x2], &(0x7f0000000440)=[r6], &(0x7f00000002c0)=[0x2e8]}) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r7 = open(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) fcntl$notify(r7, 0x402, 0x15) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4010bc08, &(0x7f0000000080)={0x0, 0x1, 0x0, 0x3d}) r8 = syz_open_dev$usbfs(&(0x7f0000000280), 0x77, 0x101a01) ioctl$USBDEVFS_FREE_STREAMS(r8, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="0200230318000aff6000000002000020d3"]) ioctl$USBDEVFS_REAPURBNDELAY(r8, 0x4008550d, &(0x7f0000001440)) r9 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPOEIOCSFWD(r9, 0x4008b100, &(0x7f0000000380)) 1.18608107s ago: executing program 4 (id=801): epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x80000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x40) syz_emit_ethernet(0x2a, &(0x7f00000002c0)={@random="591a1d9a2bdb", @local, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @empty}}}}}, 0x0) 1.124591085s ago: executing program 1 (id=802): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000400)={[{@grpquota}, {@delalloc}, {@init_itable_val={'init_itable', 0x3d, 0xf}}, {@debug}, {@jqfmt_vfsold}, {}, {@nomblk_io_submit}, {@nouid32}]}, 0x1, 0x5f5, &(0x7f0000000bc0)="$eJzs3c9vVNUeAPDvnU5LS3mvhby893iLRxNjIFFaWsAQ4wK2hjT4I27cWGlBpEBDa7RoQklwY2LcGGPiyoX4XyiRLStduXDjypAQNSxNGHOn95b+uNPfndtwP59k6LnnzO05l+m358zpOXcCqKyB9J9axMGImEoi+pK5hbJ6ZIUD88979OdH59NHEo3Ga78nkWR5+fOT7GtvdnJ3RPz4QxIHOlbWOz174/LY5OTE9ex4aObK1ND07I2jl66MXZy4OHF15IWRUydPnDw1fGxT13WzIO/s7Xff7/tk9M1vvvorGf72l9EkTsfL2RMXX8d2GYiB5v9JsrKo99R2V1aSjuznZPFLnNRLbBAbkr9+nRHxn+iLjnjy4vXFx6+U2jhgRzWSiAZQUUmr+K+3uSFAm+XjgPy9/fL3wbVSRiVAOzw8Mz8BsDL+6/Nzg9HdnBvY+yiJxdM6SURsbmZuqX0Rcf/e6O0L90Zvxw7NwwHF5m5FxH+L4j9pxn9/dEd/M/5rS+I/HRecy76m+a9usv7lU8XiH9pnPv67V43/aBH/by2K/7c3Wf/Ak+Q7PUviv2ezlwQAAAAAAACVdfdMRDxf9Pf/2sL6nyhY/9MbEae3of6BZccr//5fe7AN1QAFHp6JeKlw/W8tX/3b35Gl/tFcD9CZXLg0OXEsIv4ZEUeic096PLxKHUc/PfBlq7KBbP1f/kjrv5+tBcza8aC+Z+k542MzY1u9biDi4a2I/xWu/00W+v+koP9Pfx9MrbOOA8/eOdeqbO34B3ZK4+uIw4X9/5O7ViSr359jqDkeGMpHBSv9/8PPvmtV/2bj3y0mYOvS/n/v6vHfnyy+X8/0xus4PltvtCrb7Pi/K3m9ecuZrizvg7GZmevDEV3J2Y40d0n+yMbbDE+jPB7yeEnj/8gzq8//FY3/eyJibtn3Tv5Yuqc49+/Hvb+2ao/xP5Qnjf/xDfX/G0+M3On/vlX96+v/TzT7+iNZjvk/mPdFHqZdS/MLwrFeVNTu9gIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA06AWEfsiqQ0upGu1wcGI3oj4V+ytTV6bnnnuwrX3ro6nZc3P/6/ln/TbN3+c5J//37/oeGTZ8fGI2B8Rn3f0NI8Hz1+bHC/74gEAAAAAAAAAAAAAAAAAAGCX6G2x/z/1W0fZrQN2XL3sBgClKYj/n8poB9B++n+oLvEP1SX+obrEP1SX+IfqWnf8Nx43mna2OUAb6f+husQ/AAAAAAA8VfYfuvtzEhFzL/Y0H6murKyz1JYBO61WdgOA0rjFD1SXpT9QXd7jA8ka5d0tT1rrzNVMnd/CyQAAAAAAAAAAAABQOYcP2v8PVWX/P1SX/f9QXfn+/0MltwNoP+/xgVhjJ3/h/v81zwIAAAAAAAAAAAAAttP07I3LY5OTE9cl3tgdzWhnotFo3Ex/CrbyffKV4bvgctZMPG7M26Eq8qXwu+BKixL5Xr/1nVXO7yMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGClvwMAAP//4ygs8Q==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01) quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000480)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x2, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x9d}) capset(&(0x7f0000000080)={0x20071026}, 0x0) chown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 0s ago: executing program 1 (id=803): r0 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, 0x0, 0x0) kernel console output (not intermixed with test programs): e to avoid problems! [ 220.158522][ T5186] syz.0.372: attempt to access beyond end of device [ 220.158522][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 220.212650][ T5064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.217468][ T5186] syz.0.372: attempt to access beyond end of device [ 220.217468][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 220.248065][ T5064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.281137][ T5064] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.307015][ T1086] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 220.332468][ T1086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 220.395540][ T5186] syz.0.372: attempt to access beyond end of device [ 220.395540][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 220.436967][ T5278] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.449127][ T5186] syz.0.372: attempt to access beyond end of device [ 220.449127][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 220.484520][ T5368] loop3: detected capacity change from 0 to 1764 [ 220.531700][ T5064] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.549339][ T5064] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.573555][ T5064] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.598578][ T5186] syz.0.372: attempt to access beyond end of device [ 220.598578][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 220.628434][ T5064] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.662004][ T5186] syz.0.372: attempt to access beyond end of device [ 220.662004][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 220.857384][ T5368] netlink: 16 bytes leftover after parsing attributes in process `syz.3.410'. [ 220.908612][ T5368] netlink: 8 bytes leftover after parsing attributes in process `syz.3.410'. [ 221.587904][ T3637] Bluetooth: hci4: command tx timeout [ 221.858270][ T3696] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.866337][ T3696] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.708684][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 222.863922][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.908371][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.930330][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 223.019591][ T5278] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 223.062135][ T5278] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 223.137265][ T5278] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 223.360547][ T5278] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 223.658432][ T3637] Bluetooth: hci4: command tx timeout [ 224.032672][ T5278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 224.093565][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 224.122937][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 224.145236][ T5278] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.172735][ T3737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 224.279987][ T3737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.328969][ T3737] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.336112][ T3737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.446584][ T3737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.501710][ T5410] kvm: emulating exchange as write [ 224.725536][ T5278] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 224.877834][ T5278] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.930624][ T5186] bio_check_eod: 2952 callbacks suppressed [ 224.930639][ T5186] syz.0.372: attempt to access beyond end of device [ 224.930639][ T5186] loop0: rw=524288, sector=69712, nr_sectors = 8 limit=40427 [ 224.951058][ T5186] syz.0.372: attempt to access beyond end of device [ 224.951058][ T5186] loop0: rw=524288, sector=69720, nr_sectors = 8 limit=40427 [ 224.957906][ T5424] loop4: detected capacity change from 0 to 1764 [ 224.966067][ T5186] syz.0.372: attempt to access beyond end of device [ 224.966067][ T5186] loop0: rw=0, sector=69632, nr_sectors = 8 limit=40427 [ 224.985268][ T5186] syz.0.372: attempt to access beyond end of device [ 224.985268][ T5186] loop0: rw=0, sector=69640, nr_sectors = 8 limit=40427 [ 224.999932][ T5186] syz.0.372: attempt to access beyond end of device [ 224.999932][ T5186] loop0: rw=0, sector=69648, nr_sectors = 8 limit=40427 [ 225.013699][ T5186] syz.0.372: attempt to access beyond end of device [ 225.013699][ T5186] loop0: rw=0, sector=69656, nr_sectors = 8 limit=40427 [ 225.028650][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.029836][ T5186] syz.0.372: attempt to access beyond end of device [ 225.029836][ T5186] loop0: rw=0, sector=69664, nr_sectors = 8 limit=40427 [ 225.041889][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.056239][ T5186] syz.0.372: attempt to access beyond end of device [ 225.056239][ T5186] loop0: rw=0, sector=69672, nr_sectors = 8 limit=40427 [ 225.091158][ T5186] syz.0.372: attempt to access beyond end of device [ 225.091158][ T5186] loop0: rw=0, sector=69680, nr_sectors = 8 limit=40427 [ 225.108448][ T3930] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 225.129177][ T3696] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.136459][ T3696] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.140852][ T5186] syz.0.372: attempt to access beyond end of device [ 225.140852][ T5186] loop0: rw=0, sector=69688, nr_sectors = 8 limit=40427 [ 225.210888][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.255672][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 225.283689][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.342485][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.877942][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.890031][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 233.838631][ T5186] bio_check_eod: 190 callbacks suppressed [ 233.838651][ T5186] syz.0.372: attempt to access beyond end of device [ 233.838651][ T5186] loop0: rw=0, sector=69680, nr_sectors = 8 limit=40427 [ 233.918357][ T5186] syz.0.372: attempt to access beyond end of device [ 233.918357][ T5186] loop0: rw=0, sector=69688, nr_sectors = 8 limit=40427 [ 233.948165][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 234.001524][ T5186] syz.0.372: attempt to access beyond end of device [ 234.001524][ T5186] loop0: rw=0, sector=69696, nr_sectors = 8 limit=40427 [ 234.033800][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 234.077067][ T5186] syz.0.372: attempt to access beyond end of device [ 234.077067][ T5186] loop0: rw=0, sector=69704, nr_sectors = 8 limit=40427 [ 234.090811][ T5186] syz.0.372: attempt to access beyond end of device [ 234.090811][ T5186] loop0: rw=0, sector=69712, nr_sectors = 8 limit=40427 [ 234.104705][ T5186] syz.0.372: attempt to access beyond end of device [ 234.104705][ T5186] loop0: rw=0, sector=69720, nr_sectors = 8 limit=40427 [ 234.120147][ T5186] syz.0.372: attempt to access beyond end of device [ 234.120147][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 234.134426][ T5186] syz.0.372: attempt to access beyond end of device [ 234.134426][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 234.152146][ T5186] syz.0.372: attempt to access beyond end of device [ 234.152146][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 234.243884][ T5186] syz.0.372: attempt to access beyond end of device [ 234.243884][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 234.291223][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 234.311485][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 234.329662][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 234.377181][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 234.448458][ T5424] netlink: 16 bytes leftover after parsing attributes in process `syz.4.419'. [ 234.457361][ T5424] netlink: 8 bytes leftover after parsing attributes in process `syz.4.419'. [ 234.474813][ T5424] IPv6: sit1: Disabled Multicast RS [ 235.944013][ T5470] netlink: 'syz.1.428': attribute type 11 has an invalid length. [ 235.951935][ T5470] netlink: 9348 bytes leftover after parsing attributes in process `syz.1.428'. [ 236.572112][ T3654] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 236.582754][ T3654] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 236.590804][ T3640] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 236.601847][ T3654] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 236.609654][ T3654] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 236.616865][ T3654] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 237.395314][ T5278] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 237.439502][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 237.456938][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 237.672220][ T3769] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.858372][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 237.921756][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 238.064011][ T3769] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.134103][ T5471] chnl_net:caif_netlink_parms(): no params data found [ 238.152311][ T5278] device veth0_vlan entered promiscuous mode [ 238.169201][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 238.178134][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 238.213337][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 238.222061][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 238.256009][ T3769] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.339251][ T5278] device veth1_vlan entered promiscuous mode [ 238.768473][ T3654] Bluetooth: hci6: command tx timeout [ 238.888287][ T5186] bio_check_eod: 3596 callbacks suppressed [ 238.888330][ T5186] syz.0.372: attempt to access beyond end of device [ 238.888330][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 238.916622][ T5186] syz.0.372: attempt to access beyond end of device [ 238.916622][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 239.048344][ T5186] syz.0.372: attempt to access beyond end of device [ 239.048344][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 239.146590][ T5186] syz.0.372: attempt to access beyond end of device [ 239.146590][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 239.171852][ T5186] syz.0.372: attempt to access beyond end of device [ 239.171852][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 239.276873][ T5186] syz.0.372: attempt to access beyond end of device [ 239.276873][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 239.284081][ T3769] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.300382][ T5186] syz.0.372: attempt to access beyond end of device [ 239.300382][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 239.455459][ T5501] Cannot find add_set index 0 as target [ 239.973976][ T5186] syz.0.372: attempt to access beyond end of device [ 239.973976][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 240.054895][ T5186] syz.0.372: attempt to access beyond end of device [ 240.054895][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 240.076762][ T5186] syz.0.372: attempt to access beyond end of device [ 240.076762][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 240.312310][ T5278] device veth0_macvtap entered promiscuous mode [ 240.339046][ T5278] device veth1_macvtap entered promiscuous mode [ 240.376036][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 240.387375][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 240.545501][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 240.785782][ T3637] Bluetooth: hci6: command tx timeout [ 240.815098][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 240.830272][ T5471] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.837602][ T5471] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.846178][ T5471] device bridge_slave_0 entered promiscuous mode [ 241.105778][ T5471] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.203036][ T5471] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.559140][ T5471] device bridge_slave_1 entered promiscuous mode [ 241.640047][ T5278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.660765][ T5278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.670838][ T5278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.681556][ T5278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.715831][ T5278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.740003][ T5278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.760366][ T5278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.785746][ T5518] syz.2.440 uses obsolete (PF_INET,SOCK_PACKET) [ 241.801164][ T5278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.841560][ T5278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.884544][ T5278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.905318][ T5278] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.027616][ T4520] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 242.041708][ T4520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 242.122878][ T5278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.152880][ T5278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.192968][ T5278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.226252][ T5278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.276929][ T5278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.338884][ T5278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.381371][ T5278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.391927][ T5278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.402501][ T5278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.413063][ T5278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.424498][ T5278] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.723235][ T4520] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 242.823252][ T4520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 243.077310][ T3637] Bluetooth: hci6: command tx timeout [ 243.122076][ T5471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 243.173025][ T5471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 243.235235][ T5278] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.248373][ T5278] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.360574][ T5536] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 243.368137][ T5536] vhci_hcd: invalid port number 10 [ 243.373357][ T5536] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 243.506380][ T5278] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.635123][ T5278] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.898474][ T5186] bio_check_eod: 2361 callbacks suppressed [ 243.910994][ T5186] syz.0.372: attempt to access beyond end of device [ 243.910994][ T5186] loop0: rw=0, sector=69688, nr_sectors = 8 limit=40427 [ 244.040209][ T5186] syz.0.372: attempt to access beyond end of device [ 244.040209][ T5186] loop0: rw=0, sector=69696, nr_sectors = 8 limit=40427 [ 244.054364][ T5186] syz.0.372: attempt to access beyond end of device [ 244.054364][ T5186] loop0: rw=0, sector=69704, nr_sectors = 8 limit=40427 [ 244.072301][ T5186] syz.0.372: attempt to access beyond end of device [ 244.072301][ T5186] loop0: rw=0, sector=69712, nr_sectors = 8 limit=40427 [ 244.098322][ T5186] syz.0.372: attempt to access beyond end of device [ 244.098322][ T5186] loop0: rw=0, sector=69720, nr_sectors = 8 limit=40427 [ 244.131220][ T5186] syz.0.372: attempt to access beyond end of device [ 244.131220][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 244.203638][ T5186] syz.0.372: attempt to access beyond end of device [ 244.203638][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 244.227164][ T5471] team0: Port device team_slave_0 added [ 244.235122][ T5186] syz.0.372: attempt to access beyond end of device [ 244.235122][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 244.249908][ T5186] syz.0.372: attempt to access beyond end of device [ 244.249908][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 244.286976][ T5471] team0: Port device team_slave_1 added [ 244.297686][ T5186] syz.0.372: attempt to access beyond end of device [ 244.297686][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 244.485854][ T5471] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 244.574419][ T5471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 244.618302][ T3654] Bluetooth: hci3: command 0x0406 tx timeout [ 244.634662][ T5471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 245.099171][ T3654] Bluetooth: hci6: command tx timeout [ 245.218938][ T5471] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 245.254379][ T5471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 245.408434][ T5471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 245.505441][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.548310][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.716300][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 245.926253][ T3696] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.940787][ T5471] device hsr_slave_0 entered promiscuous mode [ 246.071816][ T5471] device hsr_slave_1 entered promiscuous mode [ 246.105383][ T3696] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.192149][ T5471] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 246.420069][ T5471] Cannot create hsr debugfs directory [ 246.736774][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 247.325239][ T5571] netlink: 16 bytes leftover after parsing attributes in process `syz.0.394'. [ 247.373603][ T5571] netlink: 8 bytes leftover after parsing attributes in process `syz.0.394'. [ 247.453982][ T5571] IPv6: sit1: Disabled Multicast RS [ 248.142139][ T5565] loop3: detected capacity change from 0 to 32768 [ 248.926520][ T5186] bio_check_eod: 4079 callbacks suppressed [ 248.944791][ T5186] syz.0.372: attempt to access beyond end of device [ 248.944791][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 249.338530][ T5186] syz.0.372: attempt to access beyond end of device [ 249.338530][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 249.357019][ T5186] syz.0.372: attempt to access beyond end of device [ 249.357019][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 249.388514][ T5186] syz.0.372: attempt to access beyond end of device [ 249.388514][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 249.451214][ T5186] syz.0.372: attempt to access beyond end of device [ 249.451214][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 249.517920][ T5186] syz.0.372: attempt to access beyond end of device [ 249.517920][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 249.751767][ T5186] syz.0.372: attempt to access beyond end of device [ 249.751767][ T5186] loop0: rw=524288, sector=69712, nr_sectors = 8 limit=40427 [ 249.766038][ T5186] syz.0.372: attempt to access beyond end of device [ 249.766038][ T5186] loop0: rw=524288, sector=69720, nr_sectors = 8 limit=40427 [ 249.958905][ T5186] syz.0.372: attempt to access beyond end of device [ 249.958905][ T5186] loop0: rw=0, sector=69632, nr_sectors = 8 limit=40427 [ 249.975568][ T3769] device hsr_slave_0 left promiscuous mode [ 250.108569][ T3769] device hsr_slave_1 left promiscuous mode [ 250.147252][ T5186] syz.0.372: attempt to access beyond end of device [ 250.147252][ T5186] loop0: rw=0, sector=69640, nr_sectors = 8 limit=40427 [ 250.229433][ T3769] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 250.294033][ T3769] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 250.349108][ T3769] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 250.397280][ T3769] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 250.428202][ T3769] device bridge_slave_1 left promiscuous mode [ 250.434598][ T3769] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.490806][ T3769] device bridge_slave_0 left promiscuous mode [ 250.497075][ T3769] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.729213][ T3769] device veth1_macvtap left promiscuous mode [ 250.735315][ T3769] device veth0_macvtap left promiscuous mode [ 250.768433][ T3769] device veth1_vlan left promiscuous mode [ 250.809380][ T3769] device veth0_vlan left promiscuous mode [ 253.935859][ T5186] bio_check_eod: 2386 callbacks suppressed [ 253.935878][ T5186] syz.0.372: attempt to access beyond end of device [ 253.935878][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 254.154000][ T3769] team0 (unregistering): Port device team_slave_1 removed [ 254.235706][ T5186] syz.0.372: attempt to access beyond end of device [ 254.235706][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 254.270513][ T5186] syz.0.372: attempt to access beyond end of device [ 254.270513][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 254.302926][ T3769] team0 (unregistering): Port device team_slave_0 removed [ 254.324391][ T5186] syz.0.372: attempt to access beyond end of device [ 254.324391][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 254.347357][ T5186] syz.0.372: attempt to access beyond end of device [ 254.347357][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 254.370492][ T5186] syz.0.372: attempt to access beyond end of device [ 254.370492][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 254.393250][ T5186] syz.0.372: attempt to access beyond end of device [ 254.393250][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 254.408452][ T3769] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 254.420549][ T5186] syz.0.372: attempt to access beyond end of device [ 254.420549][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 254.453651][ T5186] syz.0.372: attempt to access beyond end of device [ 254.453651][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 254.476227][ T5186] syz.0.372: attempt to access beyond end of device [ 254.476227][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 254.539307][ T3769] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 255.489938][ T5657] process 'syz.1.472' launched './file0' with NULL argv: empty string added [ 255.990495][ T1261] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.996887][ T1261] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.010544][ T5656] slcan: can't register candev [ 256.016009][ T5656] Falling back ldisc for ptm0. [ 257.072554][ T5665] loop3: detected capacity change from 0 to 1764 [ 257.155431][ T5530] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 258.209647][ T3769] bond0 (unregistering): Released all slaves [ 258.378927][ T5665] netlink: 16 bytes leftover after parsing attributes in process `syz.3.474'. [ 258.387841][ T5665] netlink: 8 bytes leftover after parsing attributes in process `syz.3.474'. [ 258.636366][ T5471] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 259.133543][ T5471] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 259.135936][ T5186] bio_check_eod: 6518 callbacks suppressed [ 259.135961][ T5186] syz.0.372: attempt to access beyond end of device [ 259.135961][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 260.464904][ T5186] syz.0.372: attempt to access beyond end of device [ 260.464904][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 260.496935][ T5471] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 260.543409][ T5687] loop3: detected capacity change from 0 to 128 [ 260.550049][ T5186] syz.0.372: attempt to access beyond end of device [ 260.550049][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 260.666321][ T5186] syz.0.372: attempt to access beyond end of device [ 260.666321][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 260.683675][ T5186] syz.0.372: attempt to access beyond end of device [ 260.683675][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 260.706899][ T5471] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 260.716802][ T26] audit: type=1800 audit(1728621617.717:24): pid=5688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.480" name="bus" dev="loop3" ino=1048627 res=0 errno=0 [ 260.762043][ T5186] syz.0.372: attempt to access beyond end of device [ 260.762043][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 261.590961][ T5186] syz.0.372: attempt to access beyond end of device [ 261.590961][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 261.726813][ T5186] syz.0.372: attempt to access beyond end of device [ 261.726813][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 261.750449][ T5186] syz.0.372: attempt to access beyond end of device [ 261.750449][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 262.022872][ T5186] syz.0.372: attempt to access beyond end of device [ 262.022872][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 262.050682][ T5471] 8021q: adding VLAN 0 to HW filter on device bond0 [ 262.084506][ T5471] 8021q: adding VLAN 0 to HW filter on device team0 [ 262.104540][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 262.119998][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 262.137884][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 262.195906][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 262.236919][ T3696] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.244100][ T3696] bridge0: port 1(bridge_slave_0) entered forwarding state [ 262.281350][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 262.313782][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 262.357460][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 262.399693][ T3696] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.406917][ T3696] bridge0: port 2(bridge_slave_1) entered forwarding state [ 262.455892][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 262.482390][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 262.521688][ T5502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 262.762353][ T5502] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 262.833601][ T5502] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 262.847192][ T5502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 262.870571][ T5502] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 263.919006][ T5471] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 263.930132][ T5471] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 264.128457][ T5502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 264.264518][ T5502] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 264.422881][ T5502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 264.433188][ T5186] bio_check_eod: 638 callbacks suppressed [ 264.433203][ T5186] syz.0.372: attempt to access beyond end of device [ 264.433203][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 264.495977][ T5502] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 264.537794][ T5502] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 264.660626][ T5186] syz.0.372: attempt to access beyond end of device [ 264.660626][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 264.718439][ T5186] syz.0.372: attempt to access beyond end of device [ 264.718439][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 264.827743][ T5186] syz.0.372: attempt to access beyond end of device [ 264.827743][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 264.888601][ T5186] syz.0.372: attempt to access beyond end of device [ 264.888601][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 264.960106][ T5739] loop1: detected capacity change from 0 to 1764 [ 264.978630][ T5186] syz.0.372: attempt to access beyond end of device [ 264.978630][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 265.575813][ T5186] syz.0.372: attempt to access beyond end of device [ 265.575813][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 265.733651][ T5186] syz.0.372: attempt to access beyond end of device [ 265.733651][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 265.996794][ T5186] syz.0.372: attempt to access beyond end of device [ 265.996794][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 266.032131][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 266.062620][ T3696] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 266.097364][ T5471] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 266.129125][ T5186] syz.0.372: attempt to access beyond end of device [ 266.129125][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 270.271914][ T5186] bio_check_eod: 1910 callbacks suppressed [ 270.271933][ T5186] syz.0.372: attempt to access beyond end of device [ 270.271933][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 270.323636][ T5186] syz.0.372: attempt to access beyond end of device [ 270.323636][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 270.425867][ T5186] syz.0.372: attempt to access beyond end of device [ 270.425867][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 270.446750][ T5186] syz.0.372: attempt to access beyond end of device [ 270.446750][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 270.470328][ T5186] syz.0.372: attempt to access beyond end of device [ 270.470328][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 270.554411][ T5186] syz.0.372: attempt to access beyond end of device [ 270.554411][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 271.349954][ T5186] syz.0.372: attempt to access beyond end of device [ 271.349954][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 271.379002][ T5806] loop2: detected capacity change from 0 to 1764 [ 271.469722][ T5530] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 271.478391][ T5186] syz.0.372: attempt to access beyond end of device [ 271.478391][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 271.510552][ T5806] netlink: 16 bytes leftover after parsing attributes in process `syz.2.501'. [ 271.534061][ T5806] netlink: 8 bytes leftover after parsing attributes in process `syz.2.501'. [ 271.546355][ T5186] syz.0.372: attempt to access beyond end of device [ 271.546355][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 271.601290][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 271.653369][ T5186] syz.0.372: attempt to access beyond end of device [ 271.653369][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 271.703361][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 271.711820][ T14] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 272.021309][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 272.059181][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 272.116652][ T5471] device veth0_vlan entered promiscuous mode [ 272.156610][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 272.271153][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 272.327560][ T5471] device veth1_vlan entered promiscuous mode [ 272.421463][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 272.428458][ T14] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 272.441712][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 272.451721][ T14] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 272.480094][ T14] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 272.491742][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 272.537191][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 272.569661][ T5471] device veth0_macvtap entered promiscuous mode [ 272.588486][ T3681] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 272.593298][ T5471] device veth1_macvtap entered promiscuous mode [ 272.620508][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 272.642885][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 272.687341][ T5471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.725416][ T5471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.756422][ T5471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.774084][ T5471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.812772][ T5471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.847133][ T5471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.887253][ T5471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.898458][ T14] usb 1-1: string descriptor 0 read error: -71 [ 272.904726][ T14] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 272.937060][ T5471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.947368][ T14] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.964847][ T3681] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 272.969153][ T5471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 273.017757][ T14] usb 1-1: can't set config #1, error -71 [ 273.026771][ T3681] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 273.035813][ T14] usb 1-1: USB disconnect, device number 6 [ 273.060882][ T3681] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 273.063874][ T5471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 273.102346][ T3681] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 273.126282][ T5471] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 273.204302][ T5471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 273.278550][ T5471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 273.338389][ T5471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 273.359823][ T5471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 273.442768][ T5838] xt_CT: You must specify a L4 protocol and not use inversions on it [ 273.460365][ T3681] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 273.492594][ T3681] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 273.582221][ T3681] usb 3-1: Manufacturer: syz [ 273.704401][ T3681] usb 3-1: config 0 descriptor?? [ 273.905450][ T5471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 274.048386][ T5471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 274.114169][ T5471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 274.137604][ T5471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 274.154768][ T5471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 274.165785][ T5471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 274.196219][ T5471] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 274.286877][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 274.324341][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 274.470098][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 274.579759][ T3681] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 274.696913][ T3769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 274.730816][ T3681] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 274.979121][ T3681] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 275.040455][ T5471] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.050201][ T5471] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.059739][ T5471] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.068546][ T5471] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.091937][ T3681] usb 3-1: USB disconnect, device number 3 [ 275.331759][ T3737] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.376137][ T5186] bio_check_eod: 1970 callbacks suppressed [ 275.376155][ T5186] syz.0.372: attempt to access beyond end of device [ 275.376155][ T5186] loop0: rw=0, sector=69632, nr_sectors = 8 limit=40427 [ 275.388560][ T3737] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.414526][ T5186] syz.0.372: attempt to access beyond end of device [ 275.414526][ T5186] loop0: rw=0, sector=69640, nr_sectors = 8 limit=40427 [ 275.429940][ T5186] syz.0.372: attempt to access beyond end of device [ 275.429940][ T5186] loop0: rw=0, sector=69648, nr_sectors = 8 limit=40427 [ 275.446578][ T3737] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 275.455669][ T5186] syz.0.372: attempt to access beyond end of device [ 275.455669][ T5186] loop0: rw=0, sector=69656, nr_sectors = 8 limit=40427 [ 275.466195][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.477120][ T5186] syz.0.372: attempt to access beyond end of device [ 275.477120][ T5186] loop0: rw=0, sector=69664, nr_sectors = 8 limit=40427 [ 275.755908][ T5186] syz.0.372: attempt to access beyond end of device [ 275.755908][ T5186] loop0: rw=0, sector=69672, nr_sectors = 8 limit=40427 [ 275.927259][ T5186] syz.0.372: attempt to access beyond end of device [ 275.927259][ T5186] loop0: rw=0, sector=69680, nr_sectors = 8 limit=40427 [ 276.096655][ T5186] syz.0.372: attempt to access beyond end of device [ 276.096655][ T5186] loop0: rw=0, sector=69688, nr_sectors = 8 limit=40427 [ 276.141570][ T5186] syz.0.372: attempt to access beyond end of device [ 276.141570][ T5186] loop0: rw=0, sector=69696, nr_sectors = 8 limit=40427 [ 276.197706][ T5186] syz.0.372: attempt to access beyond end of device [ 276.197706][ T5186] loop0: rw=0, sector=69704, nr_sectors = 8 limit=40427 [ 276.255395][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.306389][ T1086] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 279.625061][ T5870] bridge0: port 3(team0) entered blocking state [ 279.641517][ T5870] bridge0: port 3(team0) entered disabled state [ 279.652189][ T5888] loop4: detected capacity change from 0 to 128 [ 279.697941][ T5870] device team0 entered promiscuous mode [ 279.717023][ T5870] device team_slave_0 entered promiscuous mode [ 279.745229][ T5870] device team_slave_1 entered promiscuous mode [ 279.774503][ T5888] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 279.798315][ T3681] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 279.808702][ T5888] ext4 filesystem being mounted at /2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 279.851641][ T5895] loop3: detected capacity change from 0 to 128 [ 280.578451][ T26] audit: type=1800 audit(1728621637.557:25): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.516" name="bus" dev="loop3" ino=1048631 res=0 errno=0 [ 280.759061][ T5186] bio_check_eod: 914 callbacks suppressed [ 280.759082][ T5186] syz.0.372: attempt to access beyond end of device [ 280.759082][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 280.789279][ T5186] syz.0.372: attempt to access beyond end of device [ 280.789279][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 280.803877][ T5186] syz.0.372: attempt to access beyond end of device [ 280.803877][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 280.818045][ T5186] syz.0.372: attempt to access beyond end of device [ 280.818045][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 280.832580][ T5186] syz.0.372: attempt to access beyond end of device [ 280.832580][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 280.847775][ T5186] syz.0.372: attempt to access beyond end of device [ 280.847775][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 280.863101][ T3681] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 280.877664][ T5471] EXT4-fs (loop4): unmounting filesystem. [ 280.909491][ T3681] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 280.922867][ T5870] bridge0: port 3(team0) entered blocking state [ 280.930185][ T5870] bridge0: port 3(team0) entered forwarding state [ 280.940230][ T3681] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 280.949573][ T5186] syz.0.372: attempt to access beyond end of device [ 280.949573][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 281.000480][ T5186] syz.0.372: attempt to access beyond end of device [ 281.000480][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 281.000655][ T5890] sch_tbf: burst 3 is lower than device lo mtu (65550) ! [ 281.023091][ T5186] syz.0.372: attempt to access beyond end of device [ 281.023091][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 281.091825][ T5186] syz.0.372: attempt to access beyond end of device [ 281.091825][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 281.228819][ T3681] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 281.246520][ T3681] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.255132][ T3681] usb 2-1: Product: syz [ 282.087150][ T3681] usb 2-1: Manufacturer: syz [ 282.093127][ T3681] usb 2-1: SerialNumber: syz [ 282.182086][ T3681] usb 2-1: can't set config #1, error -71 [ 282.204952][ T3681] usb 2-1: USB disconnect, device number 3 [ 284.804212][ T5926] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.122084][ T5926] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.322204][ T5926] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.360592][ T5938] loop2: detected capacity change from 0 to 128 [ 285.387804][ T5938] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 285.396861][ T5938] ext4 filesystem being mounted at /106/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 285.771154][ T5186] bio_check_eod: 2986 callbacks suppressed [ 285.771257][ T5186] syz.0.372: attempt to access beyond end of device [ 285.771257][ T5186] loop0: rw=0, sector=69696, nr_sectors = 8 limit=40427 [ 286.297455][ T3642] EXT4-fs (loop2): unmounting filesystem. [ 286.342938][ T5926] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.435730][ T5186] syz.0.372: attempt to access beyond end of device [ 286.435730][ T5186] loop0: rw=0, sector=69704, nr_sectors = 8 limit=40427 [ 286.520258][ T5186] syz.0.372: attempt to access beyond end of device [ 286.520258][ T5186] loop0: rw=0, sector=69712, nr_sectors = 8 limit=40427 [ 286.558922][ T5948] VFS: could not find a valid V7 on nullb0. [ 286.606652][ T26] audit: type=1800 audit(1728621643.587:26): pid=5948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.530" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 287.065651][ T5186] syz.0.372: attempt to access beyond end of device [ 287.065651][ T5186] loop0: rw=0, sector=69720, nr_sectors = 8 limit=40427 [ 287.140946][ T5186] syz.0.372: attempt to access beyond end of device [ 287.140946][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 287.190237][ T5186] syz.0.372: attempt to access beyond end of device [ 287.190237][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 287.246576][ T5186] syz.0.372: attempt to access beyond end of device [ 287.246576][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 287.401851][ T3654] Bluetooth: hci2: unexpected event for opcode 0x2041 [ 287.871211][ T5186] syz.0.372: attempt to access beyond end of device [ 287.871211][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 288.004415][ T5926] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.020794][ T5186] syz.0.372: attempt to access beyond end of device [ 288.020794][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 288.091996][ T5926] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.127247][ T5956] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 288.149830][ T5186] syz.0.372: attempt to access beyond end of device [ 288.149830][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 288.185820][ T5926] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.291457][ T5926] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.383580][ T5961] netlink: 4 bytes leftover after parsing attributes in process `syz.3.535'. [ 288.414432][ T5961] netlink: 12 bytes leftover after parsing attributes in process `syz.3.535'. [ 288.652237][ T5966] loop1: detected capacity change from 0 to 128 [ 290.768493][ T26] audit: type=1800 audit(1728621647.757:27): pid=5974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.537" name="bus" dev="loop1" ino=1048632 res=0 errno=0 [ 290.868408][ T5186] bio_check_eod: 501 callbacks suppressed [ 290.868429][ T5186] syz.0.372: attempt to access beyond end of device [ 290.868429][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 290.901152][ T5186] syz.0.372: attempt to access beyond end of device [ 290.901152][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 291.207050][ T5186] syz.0.372: attempt to access beyond end of device [ 291.207050][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 291.409254][ T5997] mkiss: ax0: crc mode is auto. [ 291.634254][ T5998] Cannot find add_set index 0 as target [ 291.656792][ T3654] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 291.671529][ T3654] Bluetooth: hci2: Injecting HCI hardware error event [ 292.411816][ T3637] Bluetooth: hci2: hardware error 0x00 [ 292.488928][ T5186] syz.0.372: attempt to access beyond end of device [ 292.488928][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 292.787698][ T5186] syz.0.372: attempt to access beyond end of device [ 292.787698][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 292.908314][ T5186] syz.0.372: attempt to access beyond end of device [ 292.908314][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 292.987087][ T5186] syz.0.372: attempt to access beyond end of device [ 292.987087][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 293.006282][ T5186] syz.0.372: attempt to access beyond end of device [ 293.006282][ T5186] loop0: rw=524288, sector=69712, nr_sectors = 8 limit=40427 [ 293.057512][ T5186] syz.0.372: attempt to access beyond end of device [ 293.057512][ T5186] loop0: rw=524288, sector=69720, nr_sectors = 8 limit=40427 [ 293.138952][ T5186] syz.0.372: attempt to access beyond end of device [ 293.138952][ T5186] loop0: rw=0, sector=69632, nr_sectors = 8 limit=40427 [ 293.621216][ T6020] loop4: detected capacity change from 0 to 128 [ 294.659949][ T3637] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 295.934444][ T6039] VFS: could not find a valid V7 on nullb0. [ 296.570569][ T5186] bio_check_eod: 1454 callbacks suppressed [ 296.570589][ T5186] syz.0.372: attempt to access beyond end of device [ 296.570589][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 296.628428][ T5186] syz.0.372: attempt to access beyond end of device [ 296.628428][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 296.691911][ T5186] syz.0.372: attempt to access beyond end of device [ 296.691911][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 297.058583][ T5186] syz.0.372: attempt to access beyond end of device [ 297.058583][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 297.096581][ T5186] syz.0.372: attempt to access beyond end of device [ 297.096581][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 297.272494][ T5186] syz.0.372: attempt to access beyond end of device [ 297.272494][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 297.364219][ T5186] syz.0.372: attempt to access beyond end of device [ 297.364219][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 297.481180][ T5186] syz.0.372: attempt to access beyond end of device [ 297.481180][ T5186] loop0: rw=524288, sector=69712, nr_sectors = 8 limit=40427 [ 297.558498][ T5186] syz.0.372: attempt to access beyond end of device [ 297.558498][ T5186] loop0: rw=524288, sector=69720, nr_sectors = 8 limit=40427 [ 297.629982][ T5186] syz.0.372: attempt to access beyond end of device [ 297.629982][ T5186] loop0: rw=0, sector=69632, nr_sectors = 8 limit=40427 [ 297.698867][ T6051] loop3: detected capacity change from 0 to 1024 [ 297.741731][ T6051] EXT4-fs: Ignoring removed nomblk_io_submit option [ 297.777128][ T6051] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 297.836464][ T6051] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e814e01c, mo2=0003] [ 297.853282][ T6051] System zones: 0-1, 3-36 [ 297.895150][ T6051] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 298.214225][ T6058] netlink: 236 bytes leftover after parsing attributes in process `syz.0.562'. [ 298.605197][ T3639] EXT4-fs (loop3): unmounting filesystem. [ 298.767665][ T6062] loop4: detected capacity change from 0 to 128 [ 300.988598][ T6083] VFS: could not find a valid V7 on nullb0. [ 302.889310][ T5186] bio_check_eod: 1043 callbacks suppressed [ 302.889331][ T5186] syz.0.372: attempt to access beyond end of device [ 302.889331][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 302.909775][ T5186] syz.0.372: attempt to access beyond end of device [ 302.909775][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 302.965418][ T5186] syz.0.372: attempt to access beyond end of device [ 302.965418][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 302.983102][ T5186] syz.0.372: attempt to access beyond end of device [ 302.983102][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 302.998438][ T5186] syz.0.372: attempt to access beyond end of device [ 302.998438][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 303.034251][ T5186] syz.0.372: attempt to access beyond end of device [ 303.034251][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 303.086035][ T5186] syz.0.372: attempt to access beyond end of device [ 303.086035][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 303.168803][ T5186] syz.0.372: attempt to access beyond end of device [ 303.168803][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 303.318928][ T5186] syz.0.372: attempt to access beyond end of device [ 303.318928][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 303.391375][ T6100] loop2: detected capacity change from 0 to 128 [ 303.836063][ T5186] syz.0.372: attempt to access beyond end of device [ 303.836063][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 304.248768][ T26] audit: type=1800 audit(1728621661.217:28): pid=6107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.572" name="bus" dev="loop2" ino=1048635 res=0 errno=0 [ 304.566372][ T6110] loop2: detected capacity change from 0 to 128 [ 304.601923][ T6111] netlink: 'syz.1.576': attribute type 10 has an invalid length. [ 304.743636][ T6111] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.753287][ T6111] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.799412][ T6110] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 304.820977][ T6110] ext4 filesystem being mounted at /119/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 304.855190][ T6111] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.863490][ T6111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.872544][ T6111] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.879734][ T6111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.526263][ T6111] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 305.679933][ T6116] netlink: 4 bytes leftover after parsing attributes in process `syz.1.576'. [ 305.728599][ T6116] device bridge_slave_1 left promiscuous mode [ 305.747244][ T6116] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.770370][ T6116] device bridge_slave_0 left promiscuous mode [ 305.797051][ T6116] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.894691][ T6126] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 305.902424][ T6126] vhci_hcd: invalid port number 10 [ 305.907614][ T6126] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 306.305549][ T3642] EXT4-fs (loop2): unmounting filesystem. [ 306.660022][ T6116] bond0: (slave bridge0): Releasing backup interface [ 306.684285][ T6128] loop2: detected capacity change from 0 to 128 [ 307.011058][ T6132] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 307.018661][ T6132] vhci_hcd: invalid port number 10 [ 307.023856][ T6132] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 307.903956][ T5186] bio_check_eod: 1628 callbacks suppressed [ 307.904015][ T5186] syz.0.372: attempt to access beyond end of device [ 307.904015][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 308.172988][ T5186] syz.0.372: attempt to access beyond end of device [ 308.172988][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 308.284918][ T5186] syz.0.372: attempt to access beyond end of device [ 308.284918][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 308.350445][ T5186] syz.0.372: attempt to access beyond end of device [ 308.350445][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 308.468924][ T5186] syz.0.372: attempt to access beyond end of device [ 308.468924][ T5186] loop0: rw=524288, sector=69712, nr_sectors = 8 limit=40427 [ 308.599940][ T6142] netlink: 8 bytes leftover after parsing attributes in process `syz.1.584'. [ 308.640715][ T5186] syz.0.372: attempt to access beyond end of device [ 308.640715][ T5186] loop0: rw=524288, sector=69720, nr_sectors = 8 limit=40427 [ 308.641735][ T6142] netlink: 24 bytes leftover after parsing attributes in process `syz.1.584'. [ 308.839629][ T5186] syz.0.372: attempt to access beyond end of device [ 308.839629][ T5186] loop0: rw=0, sector=69632, nr_sectors = 8 limit=40427 [ 309.409319][ T6147] ptrace attach of "./syz-executor exec"[6148] was attempted by "./syz-executor exec"[6147] [ 310.163435][ T5186] syz.0.372: attempt to access beyond end of device [ 310.163435][ T5186] loop0: rw=0, sector=69640, nr_sectors = 8 limit=40427 [ 310.843392][ T5186] syz.0.372: attempt to access beyond end of device [ 310.843392][ T5186] loop0: rw=0, sector=69648, nr_sectors = 8 limit=40427 [ 310.843865][ T6157] loop1: detected capacity change from 0 to 128 [ 310.884870][ T5186] syz.0.372: attempt to access beyond end of device [ 310.884870][ T5186] loop0: rw=0, sector=69656, nr_sectors = 8 limit=40427 [ 311.171232][ T26] audit: type=1800 audit(1728621668.167:29): pid=6161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.588" name="bus" dev="loop1" ino=1048637 res=0 errno=0 [ 311.412097][ T6166] binder: 6162:6166 ioctl c0306201 0 returned -14 [ 311.509788][ T6169] loop1: detected capacity change from 0 to 128 [ 312.447384][ T26] audit: type=1800 audit(1728621668.867:30): pid=6176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.593" name="bus" dev="loop1" ino=1048638 res=0 errno=0 [ 313.674770][ T5186] bio_check_eod: 373 callbacks suppressed [ 313.674786][ T5186] syz.0.372: attempt to access beyond end of device [ 313.674786][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 313.845573][ T5186] syz.0.372: attempt to access beyond end of device [ 313.845573][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 313.999488][ T5186] syz.0.372: attempt to access beyond end of device [ 313.999488][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 314.028361][ T7] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 314.044394][ T5186] syz.0.372: attempt to access beyond end of device [ 314.044394][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 314.072961][ T5186] syz.0.372: attempt to access beyond end of device [ 314.072961][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 314.249859][ T5186] syz.0.372: attempt to access beyond end of device [ 314.249859][ T5186] loop0: rw=524288, sector=69712, nr_sectors = 8 limit=40427 [ 314.298439][ T7] usb 5-1: Using ep0 maxpacket: 16 [ 315.178701][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 315.198624][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 315.222788][ T7] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 315.242613][ T5186] syz.0.372: attempt to access beyond end of device [ 315.242613][ T5186] loop0: rw=524288, sector=69720, nr_sectors = 8 limit=40427 [ 315.282193][ T5186] syz.0.372: attempt to access beyond end of device [ 315.282193][ T5186] loop0: rw=0, sector=69632, nr_sectors = 8 limit=40427 [ 315.301818][ T7] usb 5-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 315.325433][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.357010][ T5186] syz.0.372: attempt to access beyond end of device [ 315.357010][ T5186] loop0: rw=0, sector=69640, nr_sectors = 8 limit=40427 [ 315.376821][ T5186] syz.0.372: attempt to access beyond end of device [ 315.376821][ T5186] loop0: rw=0, sector=69648, nr_sectors = 8 limit=40427 [ 315.436897][ T7] usb 5-1: config 0 descriptor?? [ 316.231670][ T7] uclogic 0003:5543:0064.0002: item fetching failed at offset 10/11 [ 316.244165][ T7] uclogic 0003:5543:0064.0002: parse failed [ 316.250424][ T7] uclogic: probe of 0003:5543:0064.0002 failed with error -22 [ 316.260077][ T7] usb 5-1: USB disconnect, device number 5 [ 316.698109][ T6213] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.603'. [ 316.738782][ T6213] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.603'. [ 316.759754][ T6213] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.603'. [ 316.792922][ T6213] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.603'. [ 316.825508][ T6213] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.603'. [ 316.864266][ T6213] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.603'. [ 316.895116][ T6213] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.603'. [ 316.926409][ T6213] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.603'. [ 316.984250][ T6213] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.603'. [ 317.041606][ T6213] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.603'. [ 317.044675][ T1261] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.057089][ T1261] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.694678][ T5186] bio_check_eod: 3058 callbacks suppressed [ 318.694746][ T5186] syz.0.372: attempt to access beyond end of device [ 318.694746][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 318.805423][ T5186] syz.0.372: attempt to access beyond end of device [ 318.805423][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 318.962324][ T5186] syz.0.372: attempt to access beyond end of device [ 318.962324][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 319.032437][ T5186] syz.0.372: attempt to access beyond end of device [ 319.032437][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 319.098537][ T5186] syz.0.372: attempt to access beyond end of device [ 319.098537][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 319.166800][ T5186] syz.0.372: attempt to access beyond end of device [ 319.166800][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 319.201588][ T5186] syz.0.372: attempt to access beyond end of device [ 319.201588][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 319.239879][ T6244] binder: 6236:6244 ioctl c0306201 0 returned -14 [ 319.408209][ T5186] syz.0.372: attempt to access beyond end of device [ 319.408209][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 319.485004][ T5186] syz.0.372: attempt to access beyond end of device [ 319.485004][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 319.611083][ T6254] loop4: detected capacity change from 0 to 128 [ 319.670151][ T5186] syz.0.372: attempt to access beyond end of device [ 319.670151][ T5186] loop0: rw=524288, sector=69712, nr_sectors = 8 limit=40427 [ 320.028378][ T6261] VFS: could not find a valid V7 on nullb0. [ 320.569849][ T26] audit: type=1800 audit(1728621677.557:31): pid=6263 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.617" name="bus" dev="loop4" ino=1048639 res=0 errno=0 [ 323.418730][ T6299] __nla_validate_parse: 123 callbacks suppressed [ 323.418748][ T6299] netlink: 4 bytes leftover after parsing attributes in process `syz.2.628'. [ 324.074028][ T6302] VFS: could not find a valid V7 on nullb0. [ 324.453342][ T5186] bio_check_eod: 1093 callbacks suppressed [ 324.453362][ T5186] syz.0.372: attempt to access beyond end of device [ 324.453362][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 324.497085][ T5186] syz.0.372: attempt to access beyond end of device [ 324.497085][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 324.541849][ T5186] syz.0.372: attempt to access beyond end of device [ 324.541849][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 324.568778][ T5186] syz.0.372: attempt to access beyond end of device [ 324.568778][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 324.589755][ T5186] syz.0.372: attempt to access beyond end of device [ 324.589755][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 324.610814][ T5186] syz.0.372: attempt to access beyond end of device [ 324.610814][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 324.631948][ T5186] syz.0.372: attempt to access beyond end of device [ 324.631948][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 324.688416][ T5186] syz.0.372: attempt to access beyond end of device [ 324.688416][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 324.718800][ T5186] syz.0.372: attempt to access beyond end of device [ 324.718800][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 324.781320][ T5186] syz.0.372: attempt to access beyond end of device [ 324.781320][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 324.821482][ T6307] loop4: detected capacity change from 0 to 128 [ 325.418521][ T26] audit: type=1800 audit(1728621682.407:32): pid=6320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.632" name="bus" dev="loop4" ino=1048640 res=0 errno=0 [ 325.583822][ T6321] netlink: 8 bytes leftover after parsing attributes in process `syz.1.633'. [ 329.581737][ T5186] bio_check_eod: 998 callbacks suppressed [ 329.581910][ T5186] syz.0.372: attempt to access beyond end of device [ 329.581910][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 329.792819][ T5186] syz.0.372: attempt to access beyond end of device [ 329.792819][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 329.888411][ T5186] syz.0.372: attempt to access beyond end of device [ 329.888411][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 329.908457][ T3717] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 329.946305][ T5186] syz.0.372: attempt to access beyond end of device [ 329.946305][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 330.204132][ T5186] syz.0.372: attempt to access beyond end of device [ 330.204132][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 330.238739][ T5186] syz.0.372: attempt to access beyond end of device [ 330.238739][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 330.312022][ T5186] syz.0.372: attempt to access beyond end of device [ 330.312022][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 330.374911][ T5186] syz.0.372: attempt to access beyond end of device [ 330.374911][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 330.389539][ T3717] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 330.391917][ T5186] syz.0.372: attempt to access beyond end of device [ 330.391917][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 330.422944][ T3717] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 330.588704][ T3717] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 330.637644][ T3717] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 330.637702][ T5186] syz.0.372: attempt to access beyond end of device [ 330.637702][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 330.658739][ T3717] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 330.719756][ T3717] usb 5-1: config 0 interface 0 has no altsetting 0 [ 330.852754][ T6367] loop1: detected capacity change from 0 to 128 [ 330.898523][ T3717] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 330.912107][ T3717] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 330.935713][ T3717] usb 5-1: Product: syz [ 330.957545][ T3717] usb 5-1: Manufacturer: syz [ 330.966923][ T3717] usb 5-1: SerialNumber: syz [ 331.024423][ T3717] usb 5-1: config 0 descriptor?? [ 331.058648][ T6347] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 331.099816][ T3717] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 331.661249][ T26] audit: type=1800 audit(1728621688.657:33): pid=6380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.650" name="bus" dev="loop1" ino=1048641 res=0 errno=0 [ 331.723259][ T3717] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 332.116123][ T3717] usb 5-1: USB disconnect, device number 6 [ 332.131675][ T3717] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 333.537765][ T6394] loop4: detected capacity change from 0 to 1764 [ 333.707438][ T5530] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 333.735861][ T6394] netlink: 16 bytes leftover after parsing attributes in process `syz.4.658'. [ 333.838200][ T6394] netlink: 8 bytes leftover after parsing attributes in process `syz.4.658'. [ 333.941195][ T6394] IPv6: sit1: Disabled Multicast RS [ 334.442175][ T6407] loop2: detected capacity change from 0 to 1764 [ 334.622809][ T5186] bio_check_eod: 2822 callbacks suppressed [ 334.622829][ T5186] syz.0.372: attempt to access beyond end of device [ 334.622829][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 334.644261][ T5530] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 334.676832][ T6407] netlink: 16 bytes leftover after parsing attributes in process `syz.2.662'. [ 334.685920][ T5186] syz.0.372: attempt to access beyond end of device [ 334.685920][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 334.747220][ T6407] netlink: 8 bytes leftover after parsing attributes in process `syz.2.662'. [ 334.767028][ T5186] syz.0.372: attempt to access beyond end of device [ 334.767028][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 334.878710][ T5186] syz.0.372: attempt to access beyond end of device [ 334.878710][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 334.952563][ T6416] loop3: detected capacity change from 0 to 128 [ 334.967483][ T5186] syz.0.372: attempt to access beyond end of device [ 334.967483][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 334.991459][ T5186] syz.0.372: attempt to access beyond end of device [ 334.991459][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 334.996282][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 335.059855][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 335.077637][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 335.090822][ T5186] syz.0.372: attempt to access beyond end of device [ 335.090822][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 335.145696][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 335.166314][ T5186] syz.0.372: attempt to access beyond end of device [ 335.166314][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 335.200695][ T5186] syz.0.372: attempt to access beyond end of device [ 335.200695][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 335.211369][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 335.215847][ T5186] syz.0.372: attempt to access beyond end of device [ 335.215847][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 335.257494][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 335.275274][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 335.285382][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 335.597753][ T26] audit: type=1800 audit(1728621692.577:34): pid=6424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.664" name="bus" dev="loop3" ino=1048642 res=0 errno=0 [ 335.956195][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 335.981295][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 335.988758][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 335.996197][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.003670][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.013550][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.040324][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.047816][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.094495][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.125496][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.145013][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.168470][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.196235][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.210304][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.217775][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.252541][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.272587][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.300428][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.307864][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.335655][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.362621][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.382702][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.410531][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.417978][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.431987][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.443551][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.455262][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.458323][ T3681] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 336.464865][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.488362][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.495837][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.545735][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.553461][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.567728][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.575470][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.589773][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.597314][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.611598][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.631996][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.644722][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.655637][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.666407][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.677315][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.691689][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.701442][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.720706][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.736211][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.753472][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.774822][ T14] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 336.832671][ T14] hid-generic 0001:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz1 [ 336.988664][ T3681] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 337.366745][ T6444] can0: slcan on ptm0. [ 338.283735][ T3681] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 338.295200][ T3681] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 338.306765][ T3681] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 338.343484][ T3681] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 338.407778][ T3681] usb 4-1: config 0 interface 0 has no altsetting 0 [ 338.479663][ T6441] can0 (unregistered): slcan off ptm0. [ 338.648545][ T3681] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 338.667966][ T3681] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 338.698407][ T3681] usb 4-1: Product: syz [ 338.702623][ T3681] usb 4-1: Manufacturer: syz [ 338.707245][ T3681] usb 4-1: SerialNumber: syz [ 338.800188][ T3681] usb 4-1: config 0 descriptor?? [ 338.888800][ T6435] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 339.100357][ T3681] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 339.122672][ T3681] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 339.411087][ T3720] usb 4-1: USB disconnect, device number 5 [ 339.422482][ T3720] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 339.636320][ T5186] bio_check_eod: 3692 callbacks suppressed [ 339.636340][ T5186] syz.0.372: attempt to access beyond end of device [ 339.636340][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 339.678905][ T5186] syz.0.372: attempt to access beyond end of device [ 339.678905][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 339.728442][ T3681] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 339.729388][ T6468] loop4: detected capacity change from 0 to 128 [ 339.742948][ T5186] syz.0.372: attempt to access beyond end of device [ 339.742948][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 339.823446][ T5186] syz.0.372: attempt to access beyond end of device [ 339.823446][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 339.877410][ T6471] netlink: 4 bytes leftover after parsing attributes in process `syz.2.679'. [ 339.964368][ T5186] syz.0.372: attempt to access beyond end of device [ 339.964368][ T5186] loop0: rw=524288, sector=69712, nr_sectors = 8 limit=40427 [ 340.028392][ T3681] usb 1-1: Using ep0 maxpacket: 32 [ 340.028464][ T5186] syz.0.372: attempt to access beyond end of device [ 340.028464][ T5186] loop0: rw=524288, sector=69720, nr_sectors = 8 limit=40427 [ 340.178581][ T26] audit: type=1800 audit(1728621697.107:35): pid=6480 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.678" name="bus" dev="loop4" ino=1048643 res=0 errno=0 [ 340.199194][ C0] vkms_vblank_simulate: vblank timer overrun [ 340.301116][ T3654] Bluetooth: hci4: command 0x0406 tx timeout [ 340.734990][ T5186] syz.0.372: attempt to access beyond end of device [ 340.734990][ T5186] loop0: rw=0, sector=69632, nr_sectors = 8 limit=40427 [ 340.749689][ T5186] syz.0.372: attempt to access beyond end of device [ 340.749689][ T5186] loop0: rw=0, sector=69640, nr_sectors = 8 limit=40427 [ 340.763797][ T5186] syz.0.372: attempt to access beyond end of device [ 340.763797][ T5186] loop0: rw=0, sector=69648, nr_sectors = 8 limit=40427 [ 340.949529][ T5186] syz.0.372: attempt to access beyond end of device [ 340.949529][ T5186] loop0: rw=0, sector=69656, nr_sectors = 8 limit=40427 [ 341.688836][ T3681] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 342.054024][ T3681] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 342.068527][ T3681] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 342.078324][ T3681] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.095351][ T3681] usb 1-1: config 0 descriptor?? [ 342.158325][ T6494] 9pnet_fd: p9_fd_create_unix (6494): address too long: ./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 343.949775][ T3681] usb 1-1: can't set config #0, error -71 [ 344.159300][ T3681] usb 1-1: USB disconnect, device number 7 [ 344.668579][ T5186] bio_check_eod: 680 callbacks suppressed [ 344.668599][ T5186] syz.0.372: attempt to access beyond end of device [ 344.668599][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 344.776343][ T5186] syz.0.372: attempt to access beyond end of device [ 344.776343][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 344.875564][ T5186] syz.0.372: attempt to access beyond end of device [ 344.875564][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 344.961819][ T5186] syz.0.372: attempt to access beyond end of device [ 344.961819][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 345.298643][ T5186] syz.0.372: attempt to access beyond end of device [ 345.298643][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 345.433828][ T5186] syz.0.372: attempt to access beyond end of device [ 345.433828][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 345.578418][ T5186] syz.0.372: attempt to access beyond end of device [ 345.578418][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 345.594260][ T5186] syz.0.372: attempt to access beyond end of device [ 345.594260][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 345.757704][ T5186] syz.0.372: attempt to access beyond end of device [ 345.757704][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 345.784234][ T5186] syz.0.372: attempt to access beyond end of device [ 345.784234][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 345.887809][ T6526] program syz.4.691 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 345.899672][ T6526] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 349.700929][ T5186] bio_check_eod: 566 callbacks suppressed [ 349.700950][ T5186] syz.0.372: attempt to access beyond end of device [ 349.700950][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 349.923298][ T6559] loop4: detected capacity change from 0 to 128 [ 349.963209][ T5186] syz.0.372: attempt to access beyond end of device [ 349.963209][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 350.034615][ T5186] syz.0.372: attempt to access beyond end of device [ 350.034615][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 350.153352][ T5186] syz.0.372: attempt to access beyond end of device [ 350.153352][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 350.159329][ T6550] netlink: 12 bytes leftover after parsing attributes in process `syz.0.698'. [ 350.168349][ T5186] syz.0.372: attempt to access beyond end of device [ 350.168349][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 350.502727][ T5186] syz.0.372: attempt to access beyond end of device [ 350.502727][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 350.608406][ T5186] syz.0.372: attempt to access beyond end of device [ 350.608406][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 350.664992][ T5186] syz.0.372: attempt to access beyond end of device [ 350.664992][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 350.868587][ T26] audit: type=1800 audit(1728621707.697:36): pid=6568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.701" name="bus" dev="loop4" ino=1048644 res=0 errno=0 [ 351.103582][ T5186] syz.0.372: attempt to access beyond end of device [ 351.103582][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 351.117698][ T5186] syz.0.372: attempt to access beyond end of device [ 351.117698][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 351.400362][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.171415][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.178917][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.186446][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.194170][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.201733][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.210731][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.219036][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.226459][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.234043][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.241503][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.249086][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.256598][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.298732][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.306219][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.348410][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.384767][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.392875][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.438397][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.466148][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.491489][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.518380][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.546432][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.577956][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.597299][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.608360][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.627013][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.648728][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.670984][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.688519][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.696241][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.711713][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.720517][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.728026][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.735820][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.743387][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.751161][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.758689][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.766342][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.773870][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.781577][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.789098][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.796738][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.804307][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.812095][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.819630][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.828471][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.835967][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.843701][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.851259][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.861926][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.869533][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.877357][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.884922][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.892676][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.900219][ T3717] hid-generic 0001:0000:0000.0004: unknown main item tag 0x0 [ 352.911517][ T3717] hid-generic 0001:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz1 [ 353.396548][ T6597] netlink: 236 bytes leftover after parsing attributes in process `syz.1.710'. [ 355.068618][ T5186] bio_check_eod: 1178 callbacks suppressed [ 355.068639][ T5186] syz.0.372: attempt to access beyond end of device [ 355.068639][ T5186] loop0: rw=0, sector=69632, nr_sectors = 8 limit=40427 [ 355.152248][ T6613] loop4: detected capacity change from 0 to 128 [ 355.417975][ T26] audit: type=1800 audit(1728621712.407:37): pid=6613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.714" name="bus" dev="loop4" ino=1048645 res=0 errno=0 [ 355.696693][ T5186] syz.0.372: attempt to access beyond end of device [ 355.696693][ T5186] loop0: rw=0, sector=69640, nr_sectors = 8 limit=40427 [ 355.836874][ T6627] loop3: detected capacity change from 0 to 1024 [ 355.847194][ T6627] EXT4-fs: Ignoring removed nomblk_io_submit option [ 355.869523][ T5186] syz.0.372: attempt to access beyond end of device [ 355.869523][ T5186] loop0: rw=0, sector=69648, nr_sectors = 8 limit=40427 [ 355.910121][ T5186] syz.0.372: attempt to access beyond end of device [ 355.910121][ T5186] loop0: rw=0, sector=69656, nr_sectors = 8 limit=40427 [ 355.932078][ T5186] syz.0.372: attempt to access beyond end of device [ 355.932078][ T5186] loop0: rw=0, sector=69664, nr_sectors = 8 limit=40427 [ 355.947453][ T6627] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 355.974349][ T6627] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e814e01c, mo2=0003] [ 355.993125][ T6627] System zones: 0-1, 3-36 [ 356.167061][ T5186] syz.0.372: attempt to access beyond end of device [ 356.167061][ T5186] loop0: rw=0, sector=69672, nr_sectors = 8 limit=40427 [ 356.208021][ T6627] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 356.942702][ T5186] syz.0.372: attempt to access beyond end of device [ 356.942702][ T5186] loop0: rw=0, sector=69680, nr_sectors = 8 limit=40427 [ 356.956648][ T5186] syz.0.372: attempt to access beyond end of device [ 356.956648][ T5186] loop0: rw=0, sector=69688, nr_sectors = 8 limit=40427 [ 356.971088][ T5186] syz.0.372: attempt to access beyond end of device [ 356.971088][ T5186] loop0: rw=0, sector=69696, nr_sectors = 8 limit=40427 [ 356.984743][ T5186] syz.0.372: attempt to access beyond end of device [ 356.984743][ T5186] loop0: rw=0, sector=69704, nr_sectors = 8 limit=40427 [ 356.989011][ T3639] EXT4-fs (loop3): unmounting filesystem. [ 357.440115][ T6647] program syz.1.724 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 357.449783][ T6647] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 358.131311][ T152] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 359.048423][ T152] usb 5-1: Using ep0 maxpacket: 8 [ 359.188440][ T14] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 359.218744][ T152] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 359.234008][ T152] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 359.244536][ T152] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 359.259836][ T152] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 359.277965][ T152] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 359.290843][ T152] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.458679][ T14] usb 4-1: Using ep0 maxpacket: 8 [ 359.550666][ T152] usb 5-1: GET_CAPABILITIES returned 0 [ 359.556282][ T152] usbtmc 5-1:16.0: can't read capabilities [ 359.578939][ T14] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 359.591574][ T14] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 359.624801][ T14] usb 4-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 359.718652][ T6669] loop2: detected capacity change from 0 to 1024 [ 359.728501][ T14] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 359.738049][ T14] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 359.762590][ T6669] EXT4-fs: Ignoring removed nomblk_io_submit option [ 359.771886][ T14] usb 4-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 359.795402][ T152] usb 5-1: USB disconnect, device number 7 [ 359.805206][ T6669] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 359.850233][ T6669] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e814e01c, mo2=0003] [ 359.858727][ T6669] System zones: 0-1, 3-36 [ 359.868691][ T14] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 359.878498][ T14] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 359.881201][ T6669] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 359.890861][ T14] usb 4-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 360.058366][ T3637] Bluetooth: hci6: command 0x0406 tx timeout [ 360.078576][ T5186] bio_check_eod: 3554 callbacks suppressed [ 360.078589][ T5186] syz.0.372: attempt to access beyond end of device [ 360.078589][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 360.099560][ T5186] syz.0.372: attempt to access beyond end of device [ 360.099560][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 360.113669][ T5186] syz.0.372: attempt to access beyond end of device [ 360.113669][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 360.217130][ T5186] syz.0.372: attempt to access beyond end of device [ 360.217130][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 360.242154][ T5186] syz.0.372: attempt to access beyond end of device [ 360.242154][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 360.256531][ T14] usb 4-1: string descriptor 0 read error: -22 [ 360.262977][ T5186] syz.0.372: attempt to access beyond end of device [ 360.262977][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 360.268354][ T14] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 360.351182][ T14] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.505913][ T14] adutux 4-1:168.0: interrupt endpoints not found [ 360.532203][ T5186] syz.0.372: attempt to access beyond end of device [ 360.532203][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 360.733458][ T14] usb 4-1: USB disconnect, device number 6 [ 360.819169][ T5186] syz.0.372: attempt to access beyond end of device [ 360.819169][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 360.931160][ T3642] EXT4-fs (loop2): unmounting filesystem. [ 362.348088][ T6686] program syz.2.736 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 362.368376][ T5186] syz.0.372: attempt to access beyond end of device [ 362.368376][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 362.473570][ T6686] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 362.657307][ T5186] syz.0.372: attempt to access beyond end of device [ 362.657307][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 363.024860][ T6697] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 363.032503][ T6697] vhci_hcd: invalid port number 10 [ 363.037738][ T6697] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 365.019087][ T6712] netlink: 32 bytes leftover after parsing attributes in process `syz.4.745'. [ 365.133423][ T5186] bio_check_eod: 158 callbacks suppressed [ 365.133444][ T5186] syz.0.372: attempt to access beyond end of device [ 365.133444][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 365.418525][ T5186] syz.0.372: attempt to access beyond end of device [ 365.418525][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 365.501251][ T3720] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 365.520078][ T3637] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 365.530129][ T3637] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 365.540207][ T3637] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 365.549891][ T3637] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 366.137376][ T3637] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 366.145905][ T3637] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 366.248916][ T5186] syz.0.372: attempt to access beyond end of device [ 366.248916][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 366.737483][ T5186] syz.0.372: attempt to access beyond end of device [ 366.737483][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 366.838655][ T5186] syz.0.372: attempt to access beyond end of device [ 366.838655][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 366.884945][ T5186] syz.0.372: attempt to access beyond end of device [ 366.884945][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 366.899689][ T3720] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 366.914224][ T3720] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 366.918447][ T5186] syz.0.372: attempt to access beyond end of device [ 366.918447][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 366.924299][ T3720] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 366.961692][ T3720] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.001146][ T3720] usb 4-1: config 0 descriptor?? [ 367.030239][ T6716] chnl_net:caif_netlink_parms(): no params data found [ 367.116772][ T5186] syz.0.372: attempt to access beyond end of device [ 367.116772][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 367.160670][ T5186] syz.0.372: attempt to access beyond end of device [ 367.160670][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 367.192303][ T5186] syz.0.372: attempt to access beyond end of device [ 367.192303][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 368.095520][ T3720] usbhid 4-1:0.0: can't add hid device: -71 [ 368.119948][ T3720] usbhid: probe of 4-1:0.0 failed with error -71 [ 368.129312][ T3720] usb 4-1: USB disconnect, device number 7 [ 368.208689][ T6716] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.219138][ T3637] Bluetooth: hci0: command tx timeout [ 368.234951][ T6716] bridge0: port 1(bridge_slave_0) entered disabled state [ 368.252545][ T6716] device bridge_slave_0 entered promiscuous mode [ 368.302533][ T6716] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.391548][ T6747] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 368.399140][ T6747] vhci_hcd: invalid port number 10 [ 368.404328][ T6747] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 369.155218][ T6716] bridge0: port 2(bridge_slave_1) entered disabled state [ 369.164216][ T6716] device bridge_slave_1 entered promiscuous mode [ 369.351436][ T6749] Cannot find add_set index 0 as target [ 369.740474][ T6716] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 370.318926][ T3637] Bluetooth: hci0: command tx timeout [ 370.440773][ T6716] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 370.450644][ T5186] bio_check_eod: 230 callbacks suppressed [ 370.450656][ T5186] syz.0.372: attempt to access beyond end of device [ 370.450656][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 370.489219][ T5186] syz.0.372: attempt to access beyond end of device [ 370.489219][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 370.565743][ T5186] syz.0.372: attempt to access beyond end of device [ 370.565743][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 370.668481][ T5186] syz.0.372: attempt to access beyond end of device [ 370.668481][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 370.683356][ T5186] syz.0.372: attempt to access beyond end of device [ 370.683356][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 370.698666][ T5186] syz.0.372: attempt to access beyond end of device [ 370.698666][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 370.744740][ T6761] netlink: 32 bytes leftover after parsing attributes in process `syz.4.755'. [ 370.768737][ T5186] syz.0.372: attempt to access beyond end of device [ 370.768737][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 371.009432][ T6716] team0: Port device team_slave_0 added [ 371.042654][ T5186] syz.0.372: attempt to access beyond end of device [ 371.042654][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 371.723579][ T5186] syz.0.372: attempt to access beyond end of device [ 371.723579][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 371.777135][ T5186] syz.0.372: attempt to access beyond end of device [ 371.777135][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 372.388533][ T3637] Bluetooth: hci0: command tx timeout [ 372.619670][ T6716] team0: Port device team_slave_1 added [ 373.917642][ T6716] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 373.936549][ T6716] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 373.962478][ C0] vkms_vblank_simulate: vblank timer overrun [ 374.098315][ T6716] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 374.227643][ T6716] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 374.285594][ T6716] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 374.362345][ T6716] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 374.437896][ T6716] device hsr_slave_0 entered promiscuous mode [ 374.463049][ T3654] Bluetooth: hci0: command tx timeout [ 374.548513][ T3637] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 374.569813][ T3637] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 374.577999][ T3637] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 374.590009][ T3637] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 374.629582][ T3637] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 374.637819][ T3637] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 374.664442][ T6716] device hsr_slave_1 entered promiscuous mode [ 375.619745][ T5186] bio_check_eod: 1574 callbacks suppressed [ 375.619766][ T5186] syz.0.372: attempt to access beyond end of device [ 375.619766][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 375.649059][ T5186] syz.0.372: attempt to access beyond end of device [ 375.649059][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 375.735535][ T5186] syz.0.372: attempt to access beyond end of device [ 375.735535][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 375.740681][ T6716] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.882822][ T6716] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.894182][ T5186] syz.0.372: attempt to access beyond end of device [ 375.894182][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 375.929899][ T5186] syz.0.372: attempt to access beyond end of device [ 375.929899][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 375.944993][ T5186] syz.0.372: attempt to access beyond end of device [ 375.944993][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 375.965109][ T6716] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.975283][ T5186] syz.0.372: attempt to access beyond end of device [ 375.975283][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 375.991998][ T5186] syz.0.372: attempt to access beyond end of device [ 375.991998][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 376.006371][ T5186] syz.0.372: attempt to access beyond end of device [ 376.006371][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 376.030549][ T5186] syz.0.372: attempt to access beyond end of device [ 376.030549][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 376.086346][ T6786] chnl_net:caif_netlink_parms(): no params data found [ 376.139520][ T6716] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.168371][ T3685] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 376.438536][ T3685] usb 5-1: Using ep0 maxpacket: 32 [ 376.557261][ T6786] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.578897][ T6786] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.588594][ T3685] usb 5-1: config 0 has too many interfaces: 65, using maximum allowed: 32 [ 376.597292][ T3685] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 65 [ 376.642825][ T6786] device bridge_slave_0 entered promiscuous mode [ 376.698602][ T3640] Bluetooth: hci7: command tx timeout [ 376.778750][ T3685] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 376.803827][ T3685] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.818306][ T3685] usb 5-1: Product: syz [ 376.822510][ T3685] usb 5-1: Manufacturer: syz [ 376.827124][ T3685] usb 5-1: SerialNumber: syz [ 376.857970][ T3685] usb 5-1: config 0 descriptor?? [ 376.900826][ T3685] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 377.004084][ T6786] bridge0: port 2(bridge_slave_1) entered blocking state [ 377.017967][ T6786] bridge0: port 2(bridge_slave_1) entered disabled state [ 377.038088][ T6786] device bridge_slave_1 entered promiscuous mode [ 377.149774][ T1086] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.318437][ T3685] gspca_stk1135: reg_w 0x0 err -71 [ 377.325410][ T3685] gspca_stk1135: serial bus timeout: status=0x00 [ 377.368367][ T3685] gspca_stk1135: Sensor write failed [ 377.373714][ T3685] gspca_stk1135: serial bus timeout: status=0x00 [ 377.398290][ T3685] gspca_stk1135: Sensor write failed [ 377.403637][ T3685] gspca_stk1135: serial bus timeout: status=0x00 [ 377.438289][ T3685] gspca_stk1135: Sensor read failed [ 377.443553][ T3685] gspca_stk1135: serial bus timeout: status=0x00 [ 377.468299][ T3685] gspca_stk1135: Sensor read failed [ 377.473545][ T3685] gspca_stk1135: Detected sensor type unknown (0x0) [ 377.508311][ T3685] gspca_stk1135: serial bus timeout: status=0x00 [ 377.514688][ T3685] gspca_stk1135: Sensor read failed [ 377.527148][ T3685] gspca_stk1135: serial bus timeout: status=0x00 [ 377.534458][ T3685] gspca_stk1135: Sensor read failed [ 377.540442][ T3685] gspca_stk1135: serial bus timeout: status=0x00 [ 377.546789][ T3685] gspca_stk1135: Sensor write failed [ 377.552448][ T3685] gspca_stk1135: serial bus timeout: status=0x00 [ 377.558991][ T3685] gspca_stk1135: Sensor write failed [ 377.564415][ T3685] stk1135: probe of 5-1:0.0 failed with error -71 [ 377.583640][ T3685] usb 5-1: USB disconnect, device number 8 [ 378.593083][ T1261] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.599476][ T1261] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.778407][ T3640] Bluetooth: hci7: command tx timeout [ 379.300998][ T6716] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 380.972860][ T3640] Bluetooth: hci7: command tx timeout [ 381.123786][ T5186] bio_check_eod: 2174 callbacks suppressed [ 381.123803][ T5186] syz.0.372: attempt to access beyond end of device [ 381.123803][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 381.131560][ T1086] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.158574][ T5186] syz.0.372: attempt to access beyond end of device [ 381.158574][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 381.312486][ T5186] syz.0.372: attempt to access beyond end of device [ 381.312486][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 381.357352][ T5186] syz.0.372: attempt to access beyond end of device [ 381.357352][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 381.374045][ T6786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 381.388065][ T5186] syz.0.372: attempt to access beyond end of device [ 381.388065][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 381.489009][ T5186] syz.0.372: attempt to access beyond end of device [ 381.489009][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 381.512655][ T5186] syz.0.372: attempt to access beyond end of device [ 381.512655][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 381.532134][ T5186] syz.0.372: attempt to access beyond end of device [ 381.532134][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 381.533346][ T6716] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 381.546905][ T5186] syz.0.372: attempt to access beyond end of device [ 381.546905][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 381.570648][ T5186] syz.0.372: attempt to access beyond end of device [ 381.570648][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 381.870796][ T6716] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 381.900391][ T6716] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 382.010037][ T6786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 382.234573][ T6840] loop4: detected capacity change from 0 to 8 [ 382.720034][ T1086] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.745370][ T6786] team0: Port device team_slave_0 added [ 383.028769][ T3640] Bluetooth: hci7: command tx timeout [ 383.084475][ T6786] team0: Port device team_slave_1 added [ 383.448998][ T1086] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.645443][ T6786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 383.678381][ T6786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 384.015963][ T6786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 384.222057][ T6786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 384.231938][ T6786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 384.311152][ T6786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 386.006526][ T6786] device hsr_slave_0 entered promiscuous mode [ 386.029090][ T6786] device hsr_slave_1 entered promiscuous mode [ 386.080405][ T6786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 386.098298][ T6786] Cannot create hsr debugfs directory [ 386.145645][ T5186] bio_check_eod: 3710 callbacks suppressed [ 386.145664][ T5186] syz.0.372: attempt to access beyond end of device [ 386.145664][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 386.211186][ T6864] loop1: detected capacity change from 0 to 128 [ 386.235503][ T5186] syz.0.372: attempt to access beyond end of device [ 386.235503][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 386.277452][ T5186] syz.0.372: attempt to access beyond end of device [ 386.277452][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 386.408793][ T5186] syz.0.372: attempt to access beyond end of device [ 386.408793][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 386.452652][ T5186] syz.0.372: attempt to access beyond end of device [ 386.452652][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 386.527171][ T5186] syz.0.372: attempt to access beyond end of device [ 386.527171][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 386.633400][ T5186] syz.0.372: attempt to access beyond end of device [ 386.633400][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 386.702994][ T5186] syz.0.372: attempt to access beyond end of device [ 386.702994][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 386.737847][ T5186] syz.0.372: attempt to access beyond end of device [ 386.737847][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 386.778895][ T5186] syz.0.372: attempt to access beyond end of device [ 386.778895][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 387.101465][ T6716] 8021q: adding VLAN 0 to HW filter on device bond0 [ 387.247392][ T6872] loop4: detected capacity change from 0 to 512 [ 387.258850][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 387.280713][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 387.310029][ T6872] ext3: Unknown parameter '.' [ 387.385059][ T6716] 8021q: adding VLAN 0 to HW filter on device team0 [ 387.851390][ T3803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 387.866741][ T6872] loop4: detected capacity change from 0 to 128 [ 387.878748][ T3803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 387.919389][ T6872] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 387.925831][ T3803] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.937287][ T3803] bridge0: port 1(bridge_slave_0) entered forwarding state [ 388.022855][ T3803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 388.057576][ T3803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 388.088924][ T3803] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.096057][ T3803] bridge0: port 2(bridge_slave_1) entered forwarding state [ 388.126048][ T3803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 388.219875][ T3803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 388.748487][ T26] audit: type=1800 audit(1728621745.677:38): pid=6884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.783" name="bus" dev="loop1" ino=1048646 res=0 errno=0 [ 388.989154][ T3803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 389.071868][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 389.151645][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 389.261031][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 389.469074][ T6896] Cannot find add_set index 0 as target [ 389.551393][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 390.550960][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 390.659753][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 391.086862][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 391.160177][ T5186] bio_check_eod: 2174 callbacks suppressed [ 391.160196][ T5186] syz.0.372: attempt to access beyond end of device [ 391.160196][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 391.165389][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 391.166450][ T5186] syz.0.372: attempt to access beyond end of device [ 391.166450][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 391.189716][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 391.315127][ T5186] syz.0.372: attempt to access beyond end of device [ 391.315127][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 391.331715][ T6716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 391.378385][ T5186] syz.0.372: attempt to access beyond end of device [ 391.378385][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 391.477770][ T5186] syz.0.372: attempt to access beyond end of device [ 391.477770][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 391.527970][ T5186] syz.0.372: attempt to access beyond end of device [ 391.527970][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 391.610046][ T5186] syz.0.372: attempt to access beyond end of device [ 391.610046][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 391.674507][ T5186] syz.0.372: attempt to access beyond end of device [ 391.674507][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 391.748468][ T5186] syz.0.372: attempt to access beyond end of device [ 391.748468][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 391.784022][ T5186] syz.0.372: attempt to access beyond end of device [ 391.784022][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 392.276062][ T6930] netlink: 32 bytes leftover after parsing attributes in process `syz.4.796'. [ 392.411310][ T6786] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 392.481261][ T6786] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 392.749677][ T6786] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 392.777124][ T3737] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 392.808140][ T3737] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 392.860725][ T6786] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 392.897836][ T6716] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 392.929350][ T1086] device hsr_slave_0 left promiscuous mode [ 392.951255][ T1086] device hsr_slave_1 left promiscuous mode [ 392.972997][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 392.995415][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 393.020272][ T1086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 393.048145][ T1086] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 393.079022][ T1086] device team0 left promiscuous mode [ 393.116946][ T1086] device team_slave_0 left promiscuous mode [ 393.137410][ T1086] device team_slave_1 left promiscuous mode [ 393.173613][ T1086] bridge0: port 3(team0) entered disabled state [ 393.231870][ T1086] device bridge_slave_1 left promiscuous mode [ 393.238170][ T1086] bridge0: port 2(bridge_slave_1) entered disabled state [ 393.280202][ T1086] device bridge_slave_0 left promiscuous mode [ 393.306873][ T1086] bridge0: port 1(bridge_slave_0) entered disabled state [ 393.671659][ T1086] device veth1_macvtap left promiscuous mode [ 393.692556][ T1086] device veth0_macvtap left promiscuous mode [ 393.807213][ T1086] device veth1_vlan left promiscuous mode [ 394.032812][ T1086] device veth0_vlan left promiscuous mode [ 395.056583][ T6960] Cannot find add_set index 0 as target [ 395.772231][ T6964] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 395.779613][ T6964] vhci_hcd: invalid port number 10 [ 395.784737][ T6964] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 396.170372][ T5186] bio_check_eod: 2798 callbacks suppressed [ 396.170388][ T5186] syz.0.372: attempt to access beyond end of device [ 396.170388][ T5186] loop0: rw=524288, sector=69632, nr_sectors = 8 limit=40427 [ 396.211945][ T5186] syz.0.372: attempt to access beyond end of device [ 396.211945][ T5186] loop0: rw=524288, sector=69640, nr_sectors = 8 limit=40427 [ 396.253524][ T5186] syz.0.372: attempt to access beyond end of device [ 396.253524][ T5186] loop0: rw=524288, sector=69648, nr_sectors = 8 limit=40427 [ 396.266730][ T6969] loop1: detected capacity change from 0 to 1024 [ 396.268972][ T5186] syz.0.372: attempt to access beyond end of device [ 396.268972][ T5186] loop0: rw=524288, sector=69656, nr_sectors = 8 limit=40427 [ 396.290871][ T5186] syz.0.372: attempt to access beyond end of device [ 396.290871][ T5186] loop0: rw=524288, sector=69664, nr_sectors = 8 limit=40427 [ 396.291346][ T6969] EXT4-fs: Ignoring removed nomblk_io_submit option [ 396.308071][ T5186] syz.0.372: attempt to access beyond end of device [ 396.308071][ T5186] loop0: rw=524288, sector=69672, nr_sectors = 8 limit=40427 [ 396.326222][ T5186] syz.0.372: attempt to access beyond end of device [ 396.326222][ T5186] loop0: rw=524288, sector=69680, nr_sectors = 8 limit=40427 [ 396.358025][ T5186] syz.0.372: attempt to access beyond end of device [ 396.358025][ T5186] loop0: rw=524288, sector=69688, nr_sectors = 8 limit=40427 [ 396.364552][ T6969] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 396.379777][ T5186] syz.0.372: attempt to access beyond end of device [ 396.379777][ T5186] loop0: rw=524288, sector=69696, nr_sectors = 8 limit=40427 [ 396.385223][ T6969] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e814e01c, mo2=0003] [ 396.402147][ T5186] syz.0.372: attempt to access beyond end of device [ 396.402147][ T5186] loop0: rw=524288, sector=69704, nr_sectors = 8 limit=40427 [ 396.428430][ T6969] System zones: 0-1, 3-36 [ 396.436107][ T6969] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 397.314479][ T3641] EXT4-fs (loop1): unmounting filesystem. [ 397.660370][ T27] INFO: task kworker/u4:4:56 blocked for more than 143 seconds. [ 397.668059][ T27] Not tainted 6.1.112-syzkaller #0 [ 397.706975][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 397.732120][ T27] task:kworker/u4:4 state:D stack:22720 pid:56 ppid:2 flags:0x00004000 [ 397.761613][ T27] Workqueue: writeback wb_workfn (flush-7:0) [ 397.780040][ T27] Call Trace: [ 397.783990][ T27] [ 397.787012][ T27] __schedule+0x143f/0x4570 [ 397.801160][ T27] ? release_firmware_map_entry+0x186/0x186 [ 397.807174][ T27] ? blk_check_plugged+0x250/0x250 [ 397.818126][ T27] ? _raw_spin_lock_irq+0xdb/0x110 [ 397.826851][ T27] ? wq_worker_sleeping+0x5f/0x270 [ 397.837747][ T27] schedule+0xbf/0x180 [ 397.845285][ T27] rwsem_down_write_slowpath+0xea1/0x14b0 [ 397.856732][ T27] ? rwsem_down_write_slowpath+0x9e3/0x14b0 [ 397.867606][ T27] ? down_write_killable_nested+0x90/0x90 [ 397.883863][ T27] ? read_lock_is_recursive+0x10/0x10 [ 397.892221][ T27] ? rwsem_write_trylock+0x166/0x210 [ 397.897642][ T27] ? clear_nonspinnable+0x60/0x60 [ 397.917917][ T27] ? from_kgid+0x1a3/0x730 [ 397.922844][ T27] f2fs_balance_fs+0x4fb/0x6c0 [ 397.927729][ T27] ? f2fs_commit_atomic_write+0x14f0/0x14f0 [ 397.942557][ T27] ? folio_unlock+0x122/0x2f0 [ 397.947402][ T27] f2fs_write_inode+0x4c3/0x540 [ 397.955994][ T27] __writeback_single_inode+0x67d/0x11e0 [ 397.967527][ T27] writeback_sb_inodes+0xc2b/0x1b20 [ 397.977538][ T27] ? do_raw_spin_lock+0x14a/0x370 [ 398.008205][ T27] ? queue_io+0x630/0x630 [ 398.012701][ T27] ? __writeback_inodes_wb+0x400/0x400 [ 398.018196][ T27] __writeback_inodes_wb+0x114/0x400 [ 398.031624][ T27] wb_writeback+0x4b1/0xe10 [ 398.036180][ T27] ? percpu_ref_tryget+0x260/0x260 [ 398.048345][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 398.054385][ T27] ? _find_next_bit+0x11b/0x120 [ 398.067770][ T27] wb_workfn+0xbec/0x1020 [ 398.072438][ T27] ? inode_wait_for_writeback+0x280/0x280 [ 398.088349][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 398.096233][ T27] ? print_irqtrace_events+0x210/0x210 [ 398.109452][ T27] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 398.116812][ T27] ? do_raw_spin_unlock+0x137/0x8a0 [ 398.127862][ T27] ? process_one_work+0x7a9/0x11d0 [ 398.136797][ T27] process_one_work+0x8a9/0x11d0 [ 398.147584][ T27] ? worker_detach_from_pool+0x260/0x260 [ 398.157083][ T27] ? _raw_spin_lock_irqsave+0x120/0x120 [ 398.169323][ T27] ? kthread_data+0x4e/0xc0 [ 398.176403][ T27] ? wq_worker_running+0x97/0x190 [ 398.195824][ T27] worker_thread+0xa47/0x1200 [ 398.202898][ T27] ? _raw_spin_unlock+0x40/0x40 [ 398.208155][ T27] ? release_firmware_map_entry+0x186/0x186 [ 398.221769][ T27] ? _raw_spin_unlock+0x40/0x40 [ 398.232246][ T27] kthread+0x28d/0x320 [ 398.236736][ T27] ? worker_clr_flags+0x190/0x190 [ 398.246441][ T27] ? kthread_blkcg+0xd0/0xd0 [ 398.255709][ T27] ret_from_fork+0x1f/0x30 [ 398.264689][ T27] [ 398.267972][ T27] [ 398.267972][ T27] Showing all locks held in the system: [ 398.284743][ T27] 3 locks held by kworker/0:0/7: [ 398.291357][ T27] #0: ffff88814b48b138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.304708][ T27] #1: ffffc900000c7d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.317210][ T27] #2: ffffffff8e4fa7e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x16b0 [ 398.326856][ T27] 1 lock held by rcu_tasks_kthre/12: [ 398.332547][ T27] #0: ffffffff8d32b1d0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 [ 398.343217][ T27] 1 lock held by rcu_tasks_trace/13: [ 398.348787][ T27] #0: ffffffff8d32b9d0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 [ 398.360016][ T27] 1 lock held by khungtaskd/27: [ 398.365128][ T27] #0: ffffffff8d32b000 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 [ 398.375329][ T27] 4 locks held by kworker/u4:4/56: [ 398.389033][ T27] #0: ffff8881422a2138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.401630][ T27] #1: ffffc90001577d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.415137][ T27] #2: ffff88801de820e0 (&type->s_umount_key#56){++++}-{3:3}, at: trylock_super+0x1b/0xf0 [ 398.425313][ T27] #3: ffff88807a871140 (&sbi->gc_lock){+.+.}-{3:3}, at: f2fs_balance_fs+0x4fb/0x6c0 [ 398.435149][ T27] 5 locks held by kworker/u4:5/1086: [ 398.440726][ T27] #0: ffff888017e1e938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.451450][ T27] #1: ffffc90004a37d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.461771][ T27] #2: ffffffff8e4ee490 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60 [ 398.471605][ T27] #3: ffffffff8e4fa7e8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe5/0x9d0 [ 398.485524][ T27] #4: ffffffff8d3305f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4f0/0x930 [ 398.506297][ T27] 2 locks held by getty/3392: [ 398.511726][ T27] #0: ffff88814b5b6098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 398.529524][ T27] #1: ffffc900031262f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a7/0x1db0 [ 398.540069][ T27] 2 locks held by kworker/1:3/3627: [ 398.545351][ T27] #0: ffff888017c72138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.556185][ T27] #1: ffffc90003bffd20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.567845][ T27] 3 locks held by kworker/0:3/3683: [ 398.573272][ T27] #0: ffff888017c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.583912][ T27] #1: ffffc9000443fd20 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.595392][ T27] #2: ffffffff8e4fa7e8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 [ 398.606075][ T27] 3 locks held by kworker/1:6/3684: [ 398.612588][ T27] #0: ffff88814b48b138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.623834][ T27] #1: ffffc9000444fd20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.636326][ T27] #2: ffffffff8e4fa7e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x16b0 [ 398.647293][ T27] 3 locks held by kworker/u4:14/3945: [ 398.652825][ T27] #0: ffff888017c79138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.664152][ T27] #1: ffffc90005237d20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 398.674795][ T27] #2: ffffffff8e4fa7e8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 [ 398.683962][ T27] 5 locks held by syz.0.372/5186: [ 398.689250][ T27] 1 lock held by syz-executor/6716: [ 398.694623][ T27] #0: ffffffff8e4fa7e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 [ 398.705190][ T27] 3 locks held by syz-executor/6786: [ 398.710663][ T27] #0: ffffffff8e559870 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 398.719174][ T27] #1: ffffffff8e559728 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x125/0xf70 [ 398.736299][ T27] #2: ffffffff8e4fa7e8 (rtnl_mutex){+.+.}-{3:3}, at: wg_set_device+0xfe/0x2140 [ 398.745843][ T27] 1 lock held by syz.3.799/6959: [ 398.751325][ T27] #0: ffffffff8e4fa7e8 (rtnl_mutex){+.+.}-{3:3}, at: do_ipv6_setsockopt+0x38d/0x43e0 [ 398.761393][ T27] 1 lock held by syz.4.801/6966: [ 398.766411][ T27] #0: ffffffff8e4fa7e8 (rtnl_mutex){+.+.}-{3:3}, at: bpf_xdp_link_attach+0xdb/0x460 [ 398.776557][ T27] 2 locks held by syz.1.804/6979: [ 398.781921][ T27] #0: ffffffff8e559870 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 398.790536][ T27] #1: ffffffff8e559728 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x125/0xf70 [ 398.820018][ T27] [ 398.822469][ T27] ============================================= [ 398.822469][ T27] [ 398.845307][ T27] NMI backtrace for cpu 1 [ 398.849689][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.1.112-syzkaller #0 [ 398.857583][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 398.867631][ T27] Call Trace: [ 398.870901][ T27] [ 398.873825][ T27] dump_stack_lvl+0x1e3/0x2cb [ 398.878512][ T27] ? nf_tcp_handle_invalid+0x642/0x642 [ 398.883968][ T27] ? panic+0x764/0x764 [ 398.888023][ T27] ? vprintk_emit+0x622/0x740 [ 398.892695][ T27] ? printk_sprint+0x490/0x490 [ 398.897452][ T27] ? nmi_cpu_backtrace+0x252/0x560 [ 398.902556][ T27] nmi_cpu_backtrace+0x4e1/0x560 [ 398.907491][ T27] ? nmi_trigger_cpumask_backtrace+0x3f0/0x3f0 [ 398.913637][ T27] ? _printk+0xd1/0x111 [ 398.917786][ T27] ? panic+0x764/0x764 [ 398.921846][ T27] ? __wake_up_klogd+0xcc/0x100 [ 398.926690][ T27] ? panic+0x764/0x764 [ 398.930754][ T27] ? nmi_trigger_cpumask_backtrace+0xe0/0x3f0 [ 398.936813][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 398.942876][ T27] nmi_trigger_cpumask_backtrace+0x1ae/0x3f0 [ 398.948852][ T27] watchdog+0xf88/0xfd0 [ 398.953006][ T27] ? watchdog+0x1f8/0xfd0 [ 398.957331][ T27] kthread+0x28d/0x320 [ 398.961391][ T27] ? hungtask_pm_notify+0x50/0x50 [ 398.966408][ T27] ? kthread_blkcg+0xd0/0xd0 [ 398.970990][ T27] ret_from_fork+0x1f/0x30 [ 398.975418][ T27] [ 398.978488][ C1] vkms_vblank_simulate: vblank timer overrun [ 398.986125][ T27] Sending NMI from CPU 1 to CPUs 0: [ 398.991954][ C0] NMI backtrace for cpu 0 [ 398.991966][ C0] CPU: 0 PID: 5186 Comm: syz.0.372 Not tainted 6.1.112-syzkaller #0 [ 398.991981][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 398.992000][ C0] RIP: 0010:unwind_next_frame+0x471/0x2220 [ 398.992023][ C0] Code: 48 8b 6c 24 10 48 01 c5 48 89 2d 0a 78 d7 0e 48 bf 00 00 00 00 00 fc ff df 0f 85 d7 00 00 00 e9 ad 00 00 00 4d 89 f4 4d 89 f7 <48> 89 e8 4c 29 f8 48 89 c1 48 c1 f9 02 48 c1 e8 3f 48 01 c8 48 83 [ 398.992036][ C0] RSP: 0018:ffffc9000359e180 EFLAGS: 00000293 [ 398.992050][ C0] RAX: ffffffff8eb19990 RBX: ffffffff8eb19994 RCX: ffffffff8eb19998 [ 398.992060][ C0] RDX: ffffffff8f21e224 RSI: ffffffff81f60cc1 RDI: dffffc0000000000 [ 398.992071][ C0] RBP: ffffffff8eb199ac R08: 000000000000000d R09: ffffc9000359e350 [ 398.992081][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffff8eb19994 [ 398.992092][ C0] R13: ffffffff81f60cc0 R14: ffffffff8eb1997c R15: ffffffff8eb19998 [ 398.992102][ C0] FS: 00007f0ce600d6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 398.992115][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 398.992125][ C0] CR2: 00007f51196e6f98 CR3: 0000000061e12000 CR4: 00000000003506f0 [ 398.992138][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 398.992147][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 398.992156][ C0] Call Trace: [ 398.992160][ C0] [ 398.992165][ C0] ? nmi_cpu_backtrace+0x3de/0x560 [ 398.992181][ C0] ? read_lock_is_recursive+0x10/0x10 [ 398.992203][ C0] ? nmi_trigger_cpumask_backtrace+0x3f0/0x3f0 [ 398.992218][ C0] ? nmi_handle+0x25/0x440 [ 398.992246][ C0] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 398.992267][ C0] ? nmi_handle+0x12e/0x440 [ 398.992288][ C0] ? nmi_handle+0x25/0x440 [ 398.992308][ C0] ? unwind_next_frame+0x471/0x2220 [ 398.992323][ C0] ? default_do_nmi+0x62/0x150 [ 398.992338][ C0] ? exc_nmi+0xa8/0x100 [ 398.992352][ C0] ? end_repeat_nmi+0x16/0x31 [ 398.992373][ C0] ? __se_sys_ioctl+0x80/0x160 [ 398.992389][ C0] ? __se_sys_ioctl+0x81/0x160 [ 398.992402][ C0] ? unwind_next_frame+0x471/0x2220 [ 398.992418][ C0] ? unwind_next_frame+0x471/0x2220 [ 398.992434][ C0] ? unwind_next_frame+0x471/0x2220 [ 398.992450][ C0] [ 398.992454][ C0] [ 398.992464][ C0] ? __se_sys_ioctl+0x81/0x160 [ 398.992478][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 398.992497][ C0] arch_stack_walk+0x10d/0x140 [ 398.992516][ C0] ? __se_sys_ioctl+0x81/0x160 [ 398.992531][ C0] stack_trace_save+0x113/0x1c0 [ 398.992551][ C0] ? stack_trace_snprint+0xe0/0xe0 [ 398.992576][ C0] kasan_set_track+0x4b/0x70 [ 398.992596][ C0] ? kasan_set_track+0x4b/0x70 [ 398.992614][ C0] ? __kasan_slab_alloc+0x65/0x70 [ 398.992626][ C0] ? slab_post_alloc_hook+0x52/0x3a0 [ 398.992643][ C0] ? kmem_cache_alloc+0x10c/0x2d0 [ 398.992658][ C0] ? mempool_alloc+0x190/0x580 [ 398.992677][ C0] ? bio_alloc_bioset+0x404/0x11b0 [ 398.992695][ C0] ? f2fs_grab_read_bio+0x283/0x6a0 [ 398.992710][ C0] ? f2fs_submit_page_read+0xb0/0x580 [ 398.992725][ C0] ? f2fs_get_read_data_page+0x58b/0x8c0 [ 398.992740][ C0] ? f2fs_get_lock_data_page+0x4e/0xe0 [ 398.992756][ C0] ? do_garbage_collect+0x390c/0x81f0 [ 398.992769][ C0] ? f2fs_gc+0x1169/0x32a0 [ 398.992781][ C0] ? f2fs_balance_fs+0x506/0x6c0 [ 398.992800][ C0] ? f2fs_map_blocks+0x3172/0x3ab0 [ 398.992815][ C0] ? expand_inode_data+0x56d/0xaf0 [ 398.992829][ C0] ? f2fs_fallocate+0x44a/0x9f0 [ 398.992841][ C0] ? vfs_fallocate+0x547/0x6b0 [ 398.992859][ C0] ? do_vfs_ioctl+0x222c/0x2a90 [ 398.992871][ C0] ? __se_sys_ioctl+0x81/0x160 [ 398.992902][ C0] __kasan_slab_alloc+0x65/0x70 [ 398.992916][ C0] slab_post_alloc_hook+0x52/0x3a0 [ 398.992937][ C0] kmem_cache_alloc+0x10c/0x2d0 [ 398.992953][ C0] ? mempool_alloc+0x190/0x580 [ 398.992968][ C0] ? mempool_free+0x360/0x360 [ 398.992983][ C0] mempool_alloc+0x190/0x580 [ 398.992997][ C0] ? pagecache_get_page+0x120/0x250 [ 398.993022][ C0] ? mempool_resize+0x850/0x850 [ 398.993039][ C0] ? f2fs_get_dnode_of_data+0x1764/0x1e80 [ 398.993063][ C0] bio_alloc_bioset+0x404/0x11b0 [ 398.993081][ C0] ? f2fs_get_next_page_offset+0x6c0/0x6c0 [ 398.993099][ C0] ? __lock_acquire+0x125b/0x1f80 [ 398.993120][ C0] f2fs_grab_read_bio+0x283/0x6a0 [ 398.993142][ C0] f2fs_submit_page_read+0xb0/0x580 [ 398.993160][ C0] f2fs_get_read_data_page+0x58b/0x8c0 [ 398.993179][ C0] ? f2fs_get_block+0x1b0/0x1b0 [ 398.993199][ C0] ? f2fs_get_node_info+0x1b7/0x12c0 [ 398.993221][ C0] f2fs_get_lock_data_page+0x4e/0xe0 [ 398.993238][ C0] do_garbage_collect+0x390c/0x81f0 [ 398.993287][ C0] ? f2fs_gc+0x32a0/0x32a0 [ 398.993299][ C0] ? get_victim_by_default+0x6893/0x6ff0 [ 398.993320][ C0] ? mark_lock+0x9a/0x340 [ 398.993348][ C0] ? f2fs_gc+0xef4/0x32a0 [ 398.993362][ C0] ? __lock_acquire+0x1f80/0x1f80 [ 398.993389][ C0] ? up_write+0x19d/0x580 [ 398.993406][ C0] ? get_ckpt_valid_blocks+0x2f0/0x2f0 [ 398.993423][ C0] ? __up_read+0x690/0x690 [ 398.993444][ C0] f2fs_gc+0x1169/0x32a0 [ 398.993475][ C0] ? f2fs_start_bidx_of_node+0x370/0x370 [ 398.993499][ C0] ? rwsem_write_trylock+0x166/0x210 [ 398.993526][ C0] f2fs_balance_fs+0x506/0x6c0 [ 398.993547][ C0] ? f2fs_commit_atomic_write+0x14f0/0x14f0 [ 398.993569][ C0] ? __up_read+0x2b9/0x690 [ 398.993588][ C0] ? folio_unlock+0x122/0x2f0 [ 398.993613][ C0] f2fs_map_blocks+0x3172/0x3ab0 [ 398.993647][ C0] ? f2fs_do_map_lock+0x70/0x70 [ 398.993681][ C0] expand_inode_data+0x56d/0xaf0 [ 398.993705][ C0] ? f2fs_insert_range+0x3c0/0x3c0 [ 398.993719][ C0] ? file_modified_flags+0x3e1/0x480 [ 398.993746][ C0] ? rcu_read_lock_any_held+0xb3/0x160 [ 398.993767][ C0] f2fs_fallocate+0x44a/0x9f0 [ 398.993784][ C0] vfs_fallocate+0x547/0x6b0 [ 398.993805][ C0] do_vfs_ioctl+0x222c/0x2a90 [ 398.993822][ C0] ? __x64_compat_sys_ioctl+0x80/0x80 [ 398.993836][ C0] ? __lock_acquire+0x1f80/0x1f80 [ 398.993854][ C0] ? lockdep_hardirqs_on+0x94/0x130 [ 398.993874][ C0] ? __kmem_cache_free+0x25c/0x3c0 [ 398.993893][ C0] ? tomoyo_path_number_perm+0x68a/0x7f0 [ 398.993911][ C0] ? tomoyo_path_number_perm+0x1f2/0x7f0 [ 398.993975][ C0] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 398.994011][ C0] ? __fget_files+0x28/0x4a0 [ 398.994036][ C0] ? __fget_files+0x28/0x4a0 [ 398.994050][ C0] ? __fget_files+0x435/0x4a0 [ 398.994064][ C0] ? __fget_files+0x28/0x4a0 [ 398.994081][ C0] ? bpf_lsm_file_ioctl+0x5/0x10 [ 398.994098][ C0] ? security_file_ioctl+0x7d/0xa0 [ 398.994116][ C0] __se_sys_ioctl+0x81/0x160 [ 398.994132][ C0] do_syscall_64+0x3b/0xb0 [ 398.994146][ C0] ? clear_bhb_loop+0x45/0xa0 [ 398.994168][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 398.994188][ C0] RIP: 0033:0x7f0ce517dff9 [ 398.994214][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.994227][ C0] RSP: 002b:00007f0ce600d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 398.994251][ C0] RAX: ffffffffffffffda RBX: 00007f0ce5336058 RCX: 00007f0ce517dff9 [ 398.994262][ C0] RDX: 00000000200004c0 RSI: 0000000040305828 RDI: 0000000000000004 [ 398.994272][ C0] RBP: 00007f0ce51f0296 R08: 0000000000000000 R09: 0000000000000000 [ 398.994281][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 398.994291][ C0] R13: 0000000000000001 R14: 00007f0ce5336058 R15: 00007fff84698128 [ 398.994309][ C0] [ 399.245991][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 399.246007][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 6.1.112-syzkaller #0 [ 399.246026][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 399.246035][ T27] Call Trace: [ 399.246041][ T27] [ 399.246048][ T27] dump_stack_lvl+0x1e3/0x2cb [ 399.246080][ T27] ? nf_tcp_handle_invalid+0x642/0x642 [ 399.246103][ T27] ? panic+0x764/0x764 [ 399.246120][ T27] ? llist_add_batch+0x160/0x1d0 [ 399.246147][ T27] ? vscnprintf+0x59/0x80 [ 399.246168][ T27] panic+0x318/0x764 [ 399.246188][ T27] ? nmi_trigger_cpumask_backtrace+0x2bf/0x3f0 [ 399.246205][ T27] ? memcpy_page_flushcache+0xfc/0xfc [ 399.246227][ T27] ? nmi_trigger_cpumask_backtrace+0x2bf/0x3f0 [ 399.246243][ T27] ? nmi_trigger_cpumask_backtrace+0x338/0x3f0 [ 399.246262][ T27] ? nmi_trigger_cpumask_backtrace+0x33d/0x3f0 [ 399.246281][ T27] watchdog+0xfc7/0xfd0 [ 399.246307][ T27] ? watchdog+0x1f8/0xfd0 [ 399.246331][ T27] kthread+0x28d/0x320 [ 399.246346][ T27] ? hungtask_pm_notify+0x50/0x50 [ 399.246365][ T27] ? kthread_blkcg+0xd0/0xd0 [ 399.246382][ T27] ret_from_fork+0x1f/0x30 [ 399.246414][ T27] [ 399.246810][ C1] vkms_vblank_simulate: vblank timer overrun [ 399.246971][ T27] Kernel Offset: disabled [ 399.852063][ T27] Rebooting in 86400 seconds..