last executing test programs: 13.892388043s ago: executing program 3 (id=3351): r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000000c80)={&(0x7f0000000980)=@id, 0x10, 0x0}, 0x0) connect$tipc(r0, &(0x7f00000000c0)=@name, 0x10) 13.566087099s ago: executing program 3 (id=3353): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x6e, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x5, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @mcast1, @loopback, [], "1e520b4c951ee12e"}}}}}}}, 0x0) 13.231304461s ago: executing program 3 (id=3354): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x3, 0x0, @mcast2, 0x44}, 0x5d) sendmmsg$inet6(r0, &(0x7f0000000f40)=[{{0x0, 0xcb000004, 0x0}}], 0x28000, 0x0) 11.821437176s ago: executing program 3 (id=3363): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x19}, @void, @arp=@ether_ipv4={0x1, 0x800, 0x6, 0x4, 0xa, @broadcast, @multicast2, @remote, @broadcast}}, 0x20) 9.785772824s ago: executing program 3 (id=3381): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) fchown(r0, 0x0, 0xee00) fchmod(r0, 0x24) 9.388115231s ago: executing program 3 (id=3385): r0 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x1, 0xd59f80, 0x19ef, 0x7, 0x19ef, 0x3, 0x6, 0x27ff, 0x2800, 0x2, 0xbb6, 0x0, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}}) 6.756460237s ago: executing program 2 (id=3407): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read(r0, &(0x7f0000000040)=""/148, 0xffffff96) 6.588385513s ago: executing program 1 (id=3409): r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x4, r1}) 6.36646503s ago: executing program 2 (id=3411): r0 = socket$inet(0x2, 0x4000000805, 0x0) listen(r0, 0x7) sendmmsg(r0, &(0x7f0000000e40)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="10000014"], 0x10}}], 0x2, 0x0) 6.176516902s ago: executing program 1 (id=3414): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000001900)={@fallback=r0, r0, 0x2f, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYBLOB='/'], 0x20) 5.926452328s ago: executing program 2 (id=3416): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0x17a, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6000ed6a01442c00fe800000000000000000bc6df3", @ANYRES32=0x41424344], 0x0) 5.832498439s ago: executing program 4 (id=3417): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x0, 0x3, 0xd59f80, 0x62de, 0x1, 0x8000001, 0x3, 0x2, 0x7ffffffd, 0x6, 0x2, 0x6b972440, 0x1, 0x10, {0x401}, 0xce, 0x9}}) 5.676574095s ago: executing program 1 (id=3419): arch_prctl$ARCH_SHSTK_LOCK(0x5003, 0x3) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') lseek(r0, 0x9, 0x0) 5.316542891s ago: executing program 4 (id=3421): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) mmap$xdp(&(0x7f0000700000/0x3000)=nil, 0x3000, 0x2000000, 0x11, r0, 0x180000000) 5.169083656s ago: executing program 1 (id=3422): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000406d0494c200000000000109022400010000f1ee09040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x8, {[@local=@item_012={0x2, 0x2, 0x0, "71c5"}, @global=@item_012={0x2, 0x1, 0x3, "1198"}, @global=@item_012={0x0, 0x1, 0x9}, @global=@item_012={0x0, 0x1, 0x2}]}}, 0x0}, 0x0) 4.917440401s ago: executing program 2 (id=3425): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001040)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f757036303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a10900000027802c0014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22abe587946d691d1d50afcc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f583e945bd160000000000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d6462189b229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000400000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b4783d66661a92f1748e0ec648bb6bd71993e5bfe99681779d54150cfedd1b374eb89dd94e648bfa9363a749"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff0b076859268cb89e14f00800", 0x0, 0xfffffffd, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.859245658s ago: executing program 4 (id=3426): io_setup(0x800, &(0x7f0000000040)=0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) io_destroy(r0) 4.739017204s ago: executing program 5 (id=3427): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000002040), 0x143002, 0x0) read$FUSE(r0, &(0x7f00000040c0)={0x2020}, 0x2020) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x4) 4.335154429s ago: executing program 5 (id=3429): r0 = socket$inet6(0xa, 0x3, 0x7) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0xfffff9e3, 0x5}) sendmmsg$alg(r0, &(0x7f0000001840)=[{0x20000000, 0xff00, 0x0, 0x0, &(0x7f0000000040)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x1, 0x0) 3.875823392s ago: executing program 5 (id=3431): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, 0x3, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x28}}, 0x0) 3.564865286s ago: executing program 2 (id=3433): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000b00)={@local, @broadcast, @void, {@ipv4={0x800, @dccp={{0x6, 0x4, 0x2, 0x2, 0x28, 0x65, 0x0, 0x5, 0x21, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}, @private=0xa010100, {[@generic={0x7, 0x2}]}}, {{0x4e20, 0x4e23, 0x4, 0x1, 0x3, 0x0, 0x0, 0x5, 0x6, 's&}', 0x1, "c07b04"}}}}}}, 0x0) 3.476417029s ago: executing program 5 (id=3434): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x5c, 0x12, 0x14ec054651e97b97, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0xd, 0x1, "000800825f302b8b0a"}]}, 0x5c}}, 0x0) 3.386295062s ago: executing program 4 (id=3435): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}}, 0x0) recvmmsg(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000024c0)=""/4105, 0x1009}, {&(0x7f00000003c0)=""/143, 0x8f}, {&(0x7f0000001900)=""/110, 0x6e}, {&(0x7f00000023c0)=""/235, 0xeb}], 0x4}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) 3.136367112s ago: executing program 2 (id=3437): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCNEWUNIT(r0, 0x4004743b, 0x0) 3.109499685s ago: executing program 5 (id=3438): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$full(0xffffff9c, &(0x7f0000000280), 0x200000, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x4) 3.042734247s ago: executing program 4 (id=3439): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)={0x2c, 0x0, 0x2, 0x0, 0x0, 0x0, {}, [@CTA_EXPECT_MASTER={0xc, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}, @CTA_EXPECT_MASK={0xc, 0x3, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}]}, 0x2c}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000007"], 0x24d8}], 0x1}, 0x0) 2.835520271s ago: executing program 1 (id=3440): r0 = syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0x2, &(0x7f0000000280)=ANY=[], 0x81, 0x14f7, &(0x7f0000001580)="$eJzs3AuUzlXbMPB97b3/jGnS3SSHYV/7+nOnwTZJkkNCDkmSJElOCUmTJAmJIaekIQk5TpLDEJLDNCaN8/mQc9LkkSZJQnIK+1t6e1/P8/W8T+/7Pc/3Wuud67fWXrOv2fd13XvPNWvu//9ea+4feo6q16J+7WZEJP4p8G9fUoQQMUKIYUKIG4QQgRCiUnyl+CvrBRSk/HNPwv61Hk2/1jtg1xL3P2/j/udt3P+8jfuft3H/8zbuf97G/c/buP+M5WXb5xS7kUfeHfz+f17Gr///i+SWn/zNxvI39/pvpHD/8zbuf97G/c/buP95G/c/b+P+/+9X6x+scf/zNu4/Y3nZtX7/mce1Hdf6948xxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWN5wzl+lhRD/Pr/W+2KMMcYYY4wxxti/js9/rXfAGGOMMcYYY4yx//9ASKGEFoHIJ/KLGFFAxIrrRJy4XhQUN4iIuFHEi5tEIXGzKCyKiKKimEgQxUUJYQQKK0iEoqQoJaLiFlFa3CoSRRlRVpQTTpQXSeI2UUHcLiqKO0QlcaeoLO4SVURVUU1UF3eLGuIeUVPUErXFvaKOqCvqifriPtFA3C8aigdEI/GgaCweEk3Ew6KpeEQ0E4+K5uIx0UI8LlqKJ0Qr0Vq0EW1Fu/+n/FdEX/Gq6Cf6ixQxQAwUr4lBYrAYIoaKYeJ1MVy8IUaIN0WqGClGibfEaPG2GCPeEWPFODFevCsmiIlikpgspoipIk28J6aJ98V08YGYIWaKWWK2SBdzxFzxoZgn5osF4iOxUHwsFonFYolYKjLEJyJTLBNZ4lOxXHwmssUKsVKsEqvFGrFWrBPrxQaxUWwSm8UWsVVsE9vF52KH2Cl2id1ij9gr9okvxH7xpTggvhI54uv/Zv7Z/yu/FwgQIEGCBg35IB/EQAzEQizEQRwUhIIQgQjEQzwUgkJQGApDUSgKCZAAJaAEICAQEJSEkhCFKJSG0pAIiVAWyoIDB0mQBBXgdqgIFaESVILKUBmqQFWoCtWhOtSAGlATakJtqA11oA7Ug3pwH9wH90NDaAiNoBE0hsbQBJpAU2gKzaAZNIfm0AJaQEtoCa2gFbSBNtAO2kF7aA8doAN0gk7QGTpDF+gCyZAMXaErdINu0B26Qw/oAT2hJ/SC3tAbXoFX4FV4FfpDHTkABsJAGASDYAgMhaHwOgyHN+ANeBNSYSSMgrfgLXgbxsAZGAvjYDyMhxpyIkyCyUByKqRBGkyDaTAdpsMMmAkzYTakwxyYC3NhHsyH+fARLISP4WNYDIthKWRABmTCMsiCLFgOZyEbVsBKWAWrYQ2shnWwHtbBRtgEG2ELbIFtsA0+h89hJ+yE3bAb9sJe+AK+gC/hS0iFHMiBg3AQDsEhOAyHIRdy4QgcgaNwFI7BMTgOx+EEnIRTcBJOw2k4A2fhHJyDC3ABLsJLCd8131tmQ6qQV2ipZT6ZT8bIGBkrY2WcjJMFZUEZkREZL+NlIVlIFpaFZVFZVCbIBFlClpAoUZIMZUlZUkZlVJaWpWWiTJRlZVnppJNJMklWkBVkRVlRVpJ3ysryLllFVpUdXXVZXdaQnVxNWUvWlrVlHVlX1pP1ZX3ZQDaQDWVD2Ug2ko1lY9lEPiybygEwBB6VVzrTQo6ElnIUtJKtZRvZVr4NT8r2cgx0kB1lJ/m0HAdjoYts75Llc7KrnATd5AtyMrwoe8ip0FO+LHvJ3rKPfEX2lR1cP9lfzoABcqCcDYPkYDlEDpXzoK680rF68k2ZKkfKUfItuRTelmPkO3KsHCfHy3flBDlRTpKT5RQ5VabJ9+Q0+b6cLj+QM+RMOUvOlulyjpwrP5Tz5Hy5QH4kF8qP5SK5WC6RS2WG/ERmymUyS34ql8vPZLZcIVfKVXK1XCPXynVyvdwgN8pNcrPcIrfKbXK7/FzukDvlLrlb7pF75T75hdwvv5QH5FcyR34tD8q/yEPyG3lYfitz5XfyiPxeHpU/yGPyR3lc/iRPyJPylPxZnpa/yDPyrDwnz8sL8ld5UV6Sl6WXQoGSSimtApVP5VcxqoCKVdepOHW9KqhuUBF1o4pXN6lC6mZVWBVRRVUxlaCKqxLKKFRWkQpVSVVKRdUtqrS6VSWqMqqsKqecKq+S1G2qgrpdVVR3qErqTlVZ3aWqqKqqmqqu7lY11D2qpqqlaqt7VR1VV9VT9dV9qoG6XzVUD6hG6kHVWD2kmqiHVVP1iGqmHlXN1WOqhXpctVRPqFaqtWqj2qp26knVXj2lOqiOqpN6WnVWz6gu6lmVrJ5TXdXzqpt6QXVXL6oe6iXVU72seqneqo+6pC4rr/qp/ipFDVAD1WtqkBqshqihaph6XQ1Xb6gR6k2VqkaqUeotNVq9rcaod9RYNU6NV++qCWqimqQmqylqqkpT76lp6n01XX2gZqiZapaardLVHDXk90oL/gv57/+d/BG/Pfs2tV19rnaonWqX2q32qL1qn9qn9qv96oA6oHJUjjqoDqpD6pA6rA6rXJWrjqgj6qg6qo6pY+q4Oq5OqJPqvPpZnVa/qDPqrDqrzqsL6oK6+PvPQGjQUiutdaDz6fw6RhfQsfo6Haev1wX1DTqib9Tx+iZdSN+sC+siuqguphN0cV1CG43aatKhLqlL6ai+RZfWt+pEXUaX1eW00+V1kr7tn87/s/210+10e91ed9AddCfdSXfWnXUX3UUn62TdVXfV3XQ33V131z10D91T99S9dC/dR/fRfXVf3U/30yk6RQ/Ur+lBerAeoofqYfp1PVwP1yP0CJ2qU/UoPUqP1qP1GD1Gj9Vj9Xg9Xk/QE/QkPUlP0VN0mk7T0/Q0PV1P1zP0DD1Lz9LpOl3P1XP1PD1PL9AL9EK9UC/Si/QSvURn6AydqTN1ls7Sy/Vyna1X6BV6lV6l1+g1ep1epzfoDXqT3qS36C06W2/X2/UOvUPv0rv0Hr1H79P79H69Xx/QB3SOztEH9UF9SB/Sh/Vhnatz9RF9RB/VR/UxfUwf18f1CX1Cn9Kn9Gl9Wp/RZ/Q5fU5f0Bf0RX1RX9aXr1z2BTKQgQ50kC/IF8QEMUFsEBvEBXFBwaBgEAkiQXwQHxQKbg4KB0WCokGxICEoHpQITICBDSgIg5JBqSAa3BKUDm4NEoMyQdmgXOCC8kFScFtQIbg9qBjcEVQK7gwqB3cFVYKqQbWgenB3UCO4J6gZ1ApqB/cGdYK6Qb2gfnBf0CC4P2gYPBA0Ch4MGgcPBU2Ch4OmwSNBs+DRoHnwWNAieDxoGTwRtApaB22CtkG7f2l9788Uecr1M/1NihlgBprXzCAz2AwxQ80w87oZbt4wI8ybJtWMNKPMW2a0eduMMe+YsWacGW/eNRPMRDPJTDZTzFSTZt4z08z7Zrr5wMwwM80sM9ukmzlmrvnQzDPzzQLzkVloPjaLzGKzxCw1GeYTk2mWmSzzqVluPjPZZoVZaVaZ1WaNWWvWmfVmg9loNpnNZovZaraZ7eZzs8PsNLvMbrPH7DX7zBdmv/nSHDBfmRzztTlo/mIOmW/MYfOtyTXfmSPme3PU/GCOmR/NcfOTOWFOmlPmZ3Pa/GLOmLPmnDlvLphfzUVzyVw2/srF/ZWXd9SoMR/mwxiMwViMxTiMw4JYECMYwXiMx0JYCAtjYSyKRTEBE7AElsArCAlLYkmMYhRLY2lMxEQsi2XRocMkTMIKWAErYkWshJWwMlbGKlgFq2E1vBvvxnvwHqyFtfBevBfrYl2sj/WxATbAhtgQG2EjbIyNsQk2wabYFJthM2yOzbEFtsCW2BJbYStsg22wHbbD9tgeO2AH7ISdsDN2xi7YBZMxGbtiV+yG3bA7dsce2AN7Yk/shb2wD/bBvtgX+2E/TMEUHIgDcRAOwiE4BIfhMByOw3EEjsBUTMVROApH42gcg2NwLI7D8fguTsCJOAkn4xScimmYhtNwGk7H6TgDZ+AsnIXpmI5zcS7Ow3m4ABfgQlyIi3ARLsElmIEZmImZmIVZuByXYzZm40pciatxNa7Ftbge1+NG3IibcTNuxa24HbfjDtyBu3AX7sE9uA/34X7cjwfwAOZgDh7Eg3gID+FhPIy5mItH8AgexaN4DI/hcTyOJ/AEnsJTeBpP4xk8g+fwHF7AX/EiXsLL6DHGShFrr7Nx9npb0N5gY2wB+9dxUVvMJtjitoQ1trAt8jcxWmsTbRlb1pazzpa3Sfa2P8RVbFVbzVa3d9sa9h5b8w9xA3u/bWgfsI3sg7a+ve9v4sb2IdvEPm6b2idsM9vaNrdtbQv7uG1pn7CtbGvbxra1ne0ztot91ibb52xX+/wf4ky7zK63G+xGu8nut1/ac/a8PWp/sBfsr7af7W+H2dftcPuGHWHftKl25B/i8fZdO8FOtJPsZDvFTv1DPMvOtul2jp1rP7Tz7Pw/xBn2E7vQZtlFdrFdYpf+Fl/ZU5b91C63n9lsu8KutKvsarvGrrXr/mOvq+wWu9Vus/vsF3aH3Wl32d12j937W3zlHAfsVzbHfm2P2O/tIfuNPWyP2Vz73W/xlfMdsz/a4/Yne8KetKfsz/a0/cWesWd/O/+Vs/9sL9nL1ltBQJIUaQooH+WnGCpAsXQdxdH1VJBuoAjdSPF0ExWim6kwFaGiVIwSqDiVIENIlohCKkmlKEq3UGm6lRKpDJWlcuSoPCXRbVSBbqeKdAdVojupMt1FVagqVaPqdDfVoHuoJtWi2nQv1aG6VI/q033UgO6nhvQANaIHqTE9RE3oYWpKj1AzepSa02PUgh6nlvQEtaLW1IbaUjt6ktrTU9SBOlInepo60zPUhZ6lZHqOutLz1I1eoO70IvWgl6gnvUy9qDf1oVeoL71K/ag/pdAAGkiv0SAaTENoKA2j12k4vUEj6E1KpZE0it6i0fQ2jaF3aCyNo/H0Lk2giTSJJtMUmkpp9B5No/dpOn1AM2gmzaLZlE5zaC59SPNoPi2gj2ghfUyLaDEtoaWUQZ9QJi2jLPqUltNnlE0raCWtotW0htbSOlpPG2gjbaLNtIW20jbaTp/TDtpJu2g37aG9tI++oP30JR2gryiHvqaD9Bc6RN/QYfqWcuk7OkLf01H6gY7Rj3ScfqITdJJO0c90mn6hM3SWztF5ukC/0kW6RJfJkwghlKEKdRiE+cL8YUxYIIwNrwvjwuvDguENYSS8MYwPbwoLhTeHhcMiYdGwWJgQFg9LhCbE0IYUhmHJsFQYDW8JS4e3holhmbBsWC50YfkwKbwtrBDeHlYM7wgrhXeGlcO7wiph1fDxB6uHd4c1wnvCmmGtsHZ4b1gnrBvWC+uH94UNwvvDhuEDYaPwwbBi+FDYJHw4bBo+EjYLHw2bh4+FLcLHw5bhE2GrsHXYJmwbtgufDNuHT4Udwo5hp/DpsHP4TNglfDZMDp8Lu4bP/+l6SjggHBi+Fr4Wev+AWhJdGs2IfhLNjC6LZkU/jS6PfhbNjq6Iroyuiq6Oromuja6Lro9uiG6Mbopujm6Jbo1ui3pfP79w4KRTTrvA5XP5XYwr4GLddS7OXe8KuhtcxN3o4t1NrpC72RV2RVxRV8wluOKuhDMOnXXkQlfSlXJRd4sr7W51ia6MK+vKOefKuyTX1rVz7Vx795Tr4Dq6Tu5p97R7xj3jnnXPuudcV/e86+ZecN3di66He8m95F52vVxv18e94vq6V10/19+luBQ30A10g9wgN8QNccPcMDfcDXcj3AiX6lLdKDfKjXaj3Rg3xo11Y914N95NcBPcJDfJTXFTXJpLc9PcNDfdTXcz3Aw3y81y6S7dzXVz3Tw3zy1wC9zCxIVukVvklrglLsNluEyX6bJcllvulrtsl+1WupVutVvt1rq1br1b7za6jW6z2+y2uq1uu9vudrgdbpfb5fa4PW6f2+f2u/3ugDvgclyOO+gOukPukDvsvnW57jt3xH3vjrof3DH3ozvufnIn3El3yv3sTrtf3Bl31p1z590F96u76C65y867tMh7kWmR9yPTIx9EZkRmRmZFZkfSI3MicyMfRuZF5kcWRD6KLIx8HFkUWRxZElkayYh8EsmMLItkRT6NLI98FsmOrIisjKyKrI6siXhffEfoS/pSPupv8aX9rT7Rl/FlfTnvfHmf5G/zFfztvqK/w1fyd/rK/i5fxVf11fwTvpVv7dv4tr6df9K390/5Dr6j7+Sf9p39M76Lf9Yn++d8V/+87+Zf8N39i76Hf8n39C/7Xr637+Nf8X39q76f7+9T/AA/0L/mB/nBfogf6of51/1w/4Yf4d/0qX6kH+Xf8qP9236Mf8eP9eP8eP+un+An+kl+sp/ip/o0/56f5t/30/0Hfoaf6Wf52T7dz/Fz/Yd+np/vF/iP/EL/sV/kF/slfqnP8J/4TL/MZ/lP/XL/mc/2K/xKv8qv9mv8Wr/Or/cb/Ea/yW/2W/xWv81v95/7HX6n3+V3+z1+r9/nv/D7/Zf+gP/K5/iv/UH/F3/If+MP+299rv/OH/Hf+6P+B3/M/+iP+5/8CX/Sn/I/+9P+F3/Gn/Xn/Hl/wf/qL/pL/jL/zxpjjDHG2H/J1sL/eH3A3/me/H1cMVAIcf3OYrl/va6EEJt/rztYJnSOCCGe69/z0X8fdeqkpKT8/thsJYJSi4UQkav5+cTVeIXoJJ4RyaKjqPB39zdY9r5Af1I/eqcQsX+VEyOuxlfr3/6f1H/y6fGZlcNz8f+g/mIhEktdzSkgrsZX61f8T+oXaf8n+y/wTZoQHf4qJ05cja/WTxJPiedF8t88kjHGGGOMMcYY+zeDZbXuf3b/fOX+PEFfzckvrsZ/dn/OGGOMMcYYY4yxa+/F3n2efTI5uWN3nvCEJzz5j8m1/svEGGOMMcYY+1e7etF/rXfCGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4zlXf8THyd2rc/IGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMXWv/JwAA//8SuD0U") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) sendfile(r0, r1, 0x0, 0x6) 2.754726421s ago: executing program 5 (id=3441): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r1, 0x1, 0x0, 0x0, {{}, {}, {0x7, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) 2.0650486s ago: executing program 4 (id=3444): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8946, &(0x7f0000000900)={'veth0_vlan\x00', @random='\x00\x00\x00 \x00'}) 1.655334665s ago: executing program 1 (id=3448): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)={0x44, r1, 0x1, 0x0, 0x0, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x6}}]}, 0x44}}, 0x0) 997.978168ms ago: executing program 0 (id=3451): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000004c0)={@cgroup=r0, 0x2b, 0x0, 0x0, &(0x7f00000003c0)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) 862.449098ms ago: executing program 0 (id=3452): syz_mount_image$hfs(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x200000, &(0x7f00000002c0)={[{@part={'part', 0x3d, 0x2}}, {}, {@iocharset={'iocharset', 0x3d, 'cp775'}}, {@dir_umask={'dir_umask', 0x3d, 0x1ff}}, {@codepage={'codepage', 0x3d, 'iso8859-9'}}, {@file_umask={'file_umask', 0x3d, 0x9}}, {@part={'part', 0x3d, 0x2}}, {@creator={'creator', 0x3d, "8c10b081"}}]}, 0x4, 0x363, &(0x7f0000000a00)="$eJzs3U9r1EwcB/DvJPv3aemTp+1DxZtVwVPZ1oMigiK9+QY8SLG2KZTGCm0FFcXqwZOIN0Hw6M2z6FvQi/gG9NRD8aSXUqSR+WWyyW4n2d3+SVv6/UC3aTKT+c1M/sys7gZEdGxdm/z+7vya/lFlAC6AS4ADoAaUAPyPkdq9xZX5lcCfzduRKzn0j0KUU21LM7Po27LqfJLD8PRfJfSn19H+CMMw/NEx1a9CYqGDo6JzfxsHqJqzU7bXCo9sR1a7SFAtJpRDJNXDagMb9h4nIqLjxNz/HXOX6Dfjd8cBzppx+FG6/8fSM4iWu90G8Ojf4uM5NOT+fx8D0uN6HqB0+0iLqGS+J1M43YZOPEu07ct6TIRJc1cQHVktHaAss8qWEZnE4tTn5gN/bFV28AxXjFSyYXmdRVwRkRVtJfo1apmb5sire74+qUNZ16GcEf9QzyV+Wsdre3FTXyqdY1Kf1Vc1pTy8wSwGzMpSqHTjSHYPqJvVcZvOB34je49SS09q2WipZXL2/SeFnIx74OP7pJb1rHatwdWx2Oi9qPbxu4kAeJXRCrJ6sPWiYHpnPLt2kmvImmui+femNddwe676XDnwx2buBrlvpewZ6/hevVQ31Ch+4gMmm/2vu9rVl/qMM7P9LFeSMmqFRm59SpIyox9byMF2p6czk7D5J4z0lMvDC9zGRQwsP3i4MB0E/lJhC/pqYd0UnyoFx5O1EB2I5nDUa/TvVBrU9EIZwJ4VuhWGoXVTyd5ivS1U4lCzYi5LVS+8bVZZLrPmrZTdlY7VqA1Tm65mJ04um1J3o8dCJfuTZi59t+gl+++odN3v1jQqiXCpsr8HZFzUdBCcaHaci2pXZ0p9B4Vef7wwHezoakRHzPLzU+aag5Gb65cPOhwqnh53qWj+l5qvNOSqo1+8nNlIx1FHao/jGTOgQXn9J5ltKPP+fc6cqy97BtcXLwT+RN6c6/Q54ExqpS7NQVzi0/bdeiZOHMZ/lazawqrn5VCT+IZbqfE/EREREREREREREREREREREREREREdCcl/+vd2+XGCLfM5JPsnMRJrx/CLN4iIiIiIiIiIiIiIiIiIiIiIiIiIiIiIdif1/F/AlSfGVPb8+b/xF3t3+/xft4vn/6qOj/gkog7+BgAA//8YCmF2") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f00000001c0)=""/202, 0xff4) 675.833422ms ago: executing program 0 (id=3453): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-avx2\x00'}, 0x24) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 499.694912ms ago: executing program 0 (id=3454): futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x3, 0x800001, 0x0, &(0x7f0000000000), 0x0) 225.029862ms ago: executing program 0 (id=3455): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000040)="09000000010000", 0x7) 0s ago: executing program 0 (id=3456): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x18, 0x52, 0x1, 0x0, 0x0, {0x1c}, [@nested={0x4, 0x6}]}, 0x18}}, 0x0) kernel console output (not intermixed with test programs): : unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 282.055266][T11665] netlink: 191416 bytes leftover after parsing attributes in process `syz.1.2366'. [ 282.434181][T11681] IPv6: Can't replace route, no match found [ 282.912399][T11691] loop3: detected capacity change from 0 to 32768 [ 283.516185][T11693] loop1: detected capacity change from 0 to 32768 [ 283.537438][T11693] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2378 (11693) [ 283.583854][T11687] loop2: detected capacity change from 0 to 40427 [ 283.597118][T11693] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 283.607578][T11706] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2384'. [ 283.612260][T11708] syz.5.2385 uses obsolete (PF_INET,SOCK_PACKET) [ 283.618605][T11687] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 283.650340][T11693] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 283.655135][T11687] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 283.684632][T11693] BTRFS info (device loop1): using free-space-tree [ 283.815807][T11687] F2FS-fs (loop2): invalid crc value [ 284.050754][T11717] loop4: detected capacity change from 0 to 32768 [ 284.088814][T11717] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2388 (11717) [ 284.109522][T11687] F2FS-fs (loop2): Found nat_bits in checkpoint [ 284.144140][T11717] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 284.190597][T11717] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 284.199090][T11723] loop3: detected capacity change from 0 to 32768 [ 284.217577][T11723] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2390 (11723) [ 284.237395][T11723] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 284.253341][T11723] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm [ 284.262135][T11723] BTRFS info (device loop3): using free-space-tree [ 284.263057][T11717] BTRFS info (device loop4): using free-space-tree [ 284.294769][T11687] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 284.301835][T11687] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 284.351713][ T7276] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 284.596410][T11723] BTRFS info (device loop3): rebuilding free space tree [ 284.939264][ T5227] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 284.965284][ T7459] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 285.241397][T11804] loop2: detected capacity change from 0 to 1024 [ 285.317803][T11806] loop1: detected capacity change from 0 to 1024 [ 285.474966][T11806] hfsplus: request for non-existent node 32 in B*Tree [ 285.475034][T11806] hfsplus: request for non-existent node 32 in B*Tree [ 285.569404][T11806] hfsplus: request for non-existent node 33 in B*Tree [ 285.569428][T11806] hfsplus: request for non-existent node 33 in B*Tree [ 285.692080][ T7324] hfsplus: b-tree write err: -5, ino 4 [ 285.740622][T11820] loop4: detected capacity change from 0 to 256 [ 285.932678][T11829] loop4: detected capacity change from 0 to 256 [ 286.134296][T11818] loop3: detected capacity change from 0 to 32768 [ 286.202364][T11829] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 286.287119][T11818] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 286.355561][ T7324] (kworker/u8:8,7324,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2 [ 286.385704][ T29] audit: type=1800 audit(1728845584.229:94): pid=11818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2414" name="file1" dev="loop3" ino=17058 res=0 errno=0 [ 286.409396][T11849] (syz.3.2414,11849,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2 [ 286.427711][T11848] Bluetooth: MGMT ver 1.23 [ 286.428549][T11849] (syz.3.2414,11849,1):ocfs2_prepare_dir_for_insert:4277 ERROR: status = -2 [ 286.490987][T11849] (syz.3.2414,11849,1):__ocfs2_prepare_orphan_dir:2179 ERROR: status = -2 [ 286.558765][T11849] (syz.3.2414,11849,1):ocfs2_prepare_orphan_dir:2223 ERROR: status = -2 [ 286.612871][T11849] (syz.3.2414,11849,1):ocfs2_prepare_orphan_dir:2239 ERROR: status = -2 [ 286.638312][T11849] (syz.3.2414,11849,0):ocfs2_unlink:963 ERROR: status = -2 [ 286.853361][ T5227] ocfs2: Unmounting device (7,3) on (node local) [ 287.011412][T11874] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2441'. [ 287.053482][T11874] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 287.302081][T11884] loop1: detected capacity change from 0 to 256 [ 287.324783][T11884] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 287.327043][T11862] loop4: detected capacity change from 0 to 32768 [ 287.372958][ T5230] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 287.397027][ T29] audit: type=1800 audit(1728845585.239:95): pid=11884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2445" name="file1" dev="loop1" ino=1048808 res=0 errno=0 [ 287.423403][T11862] XFS (loop4): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 287.543815][ T5230] usb 3-1: Using ep0 maxpacket: 8 [ 287.553049][T11862] XFS (loop4): Ending clean mount [ 287.563685][ T5230] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 287.585459][ T5230] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 287.595453][ T5230] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 287.608474][ T5230] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 287.617941][ T5230] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.627673][T11862] XFS (loop4): Quotacheck needed: Please wait. [ 287.639842][ T5230] usb 3-1: config 0 descriptor?? [ 287.679451][T11862] XFS (loop4): Quotacheck: Done. [ 287.792380][ T7459] XFS (loop4): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 288.093671][ T5230] sony 0003:054C:0268.004D: item fetching failed at offset 6/70 [ 288.111478][ T5230] sony 0003:054C:0268.004D: parse failed [ 288.117440][ T5230] sony 0003:054C:0268.004D: probe with driver sony failed with error -22 [ 288.198994][T11918] loop4: detected capacity change from 0 to 1024 [ 288.222885][T11918] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 288.284074][T11918] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 288.339072][ T931] usb 3-1: USB disconnect, device number 25 [ 288.371102][T11918] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2793: inode #2: comm syz.4.2454: corrupted in-inode xattr: bad e_name length [ 288.451989][T11915] loop1: detected capacity change from 0 to 32768 [ 288.467818][T11925] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #2: comm syz.4.2454: corrupted in-inode xattr: bad e_name length [ 288.539526][T11915] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 288.566401][ T7459] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.842098][T11949] loop3: detected capacity change from 0 to 256 [ 288.849839][T11949] exfat: Deprecated parameter 'namecase' [ 288.892109][T11952] program syz.4.2472 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 288.997055][ T7276] ocfs2: Unmounting device (7,1) on (node local) [ 289.020775][T11949] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d) [ 289.123817][T11944] loop5: detected capacity change from 0 to 32768 [ 289.223129][T11944] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 289.319931][T11944] (syz.5.2467,11944,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0 [ 289.360164][T11944] (syz.5.2467,11944,0):ocfs2_prepare_dir_for_insert:4277 ERROR: status = -2 [ 289.389504][T11944] (syz.5.2467,11944,0):ocfs2_link:760 ERROR: status = -2 [ 289.403049][T11944] (syz.5.2467,11944,0):ocfs2_link:838 ERROR: status = -2 [ 289.486101][ T931] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 289.510457][T11970] loop4: detected capacity change from 0 to 256 [ 289.517109][ T5222] ocfs2: Unmounting device (7,5) on (node local) [ 289.523065][T11970] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 289.567881][T11970] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 289.600145][T11970] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe622a5da, utbl_chksum : 0xe619d30d) [ 289.646293][ T931] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 289.654845][ T931] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 289.656735][T11976] loop1: detected capacity change from 0 to 164 [ 289.677562][ T931] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 289.718365][ T931] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 289.755318][ T931] usb 1-1: config 0 interface 0 has no altsetting 0 [ 289.771140][T11976] Unable to read rock-ridge attributes [ 289.776191][ T931] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 289.806702][ T931] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 289.807970][T11976] Unable to read rock-ridge attributes [ 289.834402][ T931] usb 1-1: Product: syz [ 289.846196][ T931] usb 1-1: Manufacturer: syz [ 289.864964][ T931] usb 1-1: SerialNumber: syz [ 289.877906][ T931] usb 1-1: config 0 descriptor?? [ 289.898620][ T931] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 289.929063][ T931] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 290.177655][ T5289] usb 1-1: USB disconnect, device number 28 [ 290.198181][ T5289] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 290.310644][T11974] loop2: detected capacity change from 0 to 32768 [ 290.356708][T11996] pim6reg: entered allmulticast mode [ 290.366380][T11996] pim6reg: left allmulticast mode [ 290.402658][T11974] JBD2: Ignoring recovery information on journal [ 290.497873][T11974] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 290.545073][ T5287] IPVS: starting estimator thread 0... [ 290.654553][T12006] IPVS: using max 16 ests per chain, 38400 per kthread [ 290.676630][ T5223] ocfs2: Unmounting device (7,2) on (node local) [ 290.992166][ T5230] IPVS: starting estimator thread 0... [ 291.101029][T12016] IPVS: using max 16 ests per chain, 38400 per kthread [ 291.429759][T12008] loop4: detected capacity change from 0 to 32768 [ 291.439221][T12008] XFS: attr2 mount option is deprecated. [ 291.454015][T12008] XFS: ikeep mount option is deprecated. [ 291.470563][T12034] loop3: detected capacity change from 0 to 1024 [ 291.470581][T12008] XFS: noikeep mount option is deprecated. [ 291.473639][T12030] loop2: detected capacity change from 0 to 4096 [ 291.487134][T12036] sock: sock_set_timeout: `syz.0.2509' (pid 12036) tries to set negative timeout [ 291.493503][T12030] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 291.510216][T12030] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096) [ 291.528343][T12008] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 291.543011][ T5287] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 291.556671][T12034] hfsplus: bad catalog entry type [ 291.573754][T12042] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 291.655773][T12008] XFS (loop4): Ending clean mount [ 291.661405][ T35] hfsplus: b-tree write err: -5, ino 4 [ 291.707651][ T5287] usb 2-1: Using ep0 maxpacket: 16 [ 291.720120][ T5287] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 291.739915][T12008] XFS (loop4): Quotacheck needed: Please wait. [ 291.789702][ T5287] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 291.806308][ T5287] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 291.829985][ T5287] usb 2-1: New USB device found, idVendor=056a, idProduct=2a22, bcdDevice=32.49 [ 291.848011][ T5287] usb 2-1: New USB device strings: Mfr=132, Product=0, SerialNumber=0 [ 291.857107][ T5287] usb 2-1: Manufacturer: syz [ 291.873238][T12055] tipc: Started in network mode [ 291.873741][ T5287] usb 2-1: config 0 descriptor?? [ 291.890133][T12055] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 291.896795][T12008] XFS (loop4): Quotacheck: Done. [ 291.910021][T12055] tipc: Enabled bearer , priority 25 [ 291.987115][ T7459] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 292.364619][ T5287] wacom 0003:056A:2A22.004E: unknown main item tag 0x0 [ 292.381682][ T5287] wacom 0003:056A:2A22.004E: unknown main item tag 0x0 [ 292.402150][ T5287] wacom 0003:056A:2A22.004E: Unknown device_type for 'syz'. Ignoring. [ 292.432286][T12062] loop3: detected capacity change from 0 to 40427 [ 292.443809][T12062] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1fffff [ 292.454411][T12062] F2FS-fs (loop3): Image doesn't support compression [ 292.454469][T12062] F2FS-fs (loop3): Image doesn't support compression [ 292.454496][T12062] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x2 [ 292.457230][T12062] F2FS-fs (loop3): invalid crc value [ 292.500357][T12062] F2FS-fs (loop3): Found nat_bits in checkpoint [ 292.572223][T12062] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 292.599120][T12062] syz.3.2519: attempt to access beyond end of device [ 292.599120][T12062] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 292.608281][ T5287] usb 2-1: USB disconnect, device number 22 [ 292.949655][T12083] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2525'. [ 292.963303][T12083] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2525'. [ 292.972300][T12083] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2525'. [ 292.981945][T12083] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2525'. [ 293.026119][ T5230] tipc: Node number set to 11578026 [ 293.052629][T12085] loop3: detected capacity change from 0 to 1764 [ 293.082572][T12085] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 293.145561][ T5287] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 293.213158][T12087] loop5: detected capacity change from 0 to 4096 [ 293.235190][T12087] ntfs3(loop5): Different NTFS sector size (2048) and media sector size (512). [ 293.339585][T12087] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 293.417188][ T5287] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 293.428852][ T5287] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.477759][ T5287] usb 3-1: config 0 descriptor?? [ 293.509201][ T5287] cp210x 3-1:0.0: cp210x converter detected [ 293.613205][ T931] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 293.800733][ T931] usb 1-1: Using ep0 maxpacket: 8 [ 293.855446][ T931] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 293.875728][ T931] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 293.908905][ T931] usb 1-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00 [ 293.931767][ T931] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.955943][ T931] usb 1-1: config 0 descriptor?? [ 294.039206][T12114] loop1: detected capacity change from 0 to 8 [ 294.079317][T12089] loop3: detected capacity change from 0 to 32768 [ 294.124805][ T5287] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 294.135832][ T5287] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 294.146902][T12089] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 294.203017][ T5287] usb 3-1: cp210x converter now attached to ttyUSB0 [ 294.214976][ T5287] usb 3-1: USB disconnect, device number 26 [ 294.247772][ T5287] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 294.263363][ T5287] cp210x 3-1:0.0: device disconnected [ 294.433286][ T5227] ocfs2: Unmounting device (7,3) on (node local) [ 294.551072][T12128] netlink: 'syz.1.2547': attribute type 29 has an invalid length. [ 294.579454][T12128] netlink: 'syz.1.2547': attribute type 29 has an invalid length. [ 294.582948][ T931] greenasia 0003:0E8F:0012.004F: hidraw0: USB HID v0.00 Device [HID 0e8f:0012] on usb-dummy_hcd.0-1/input0 [ 294.632766][ T931] greenasia 0003:0E8F:0012.004F: no inputs found [ 294.712090][T12111] loop4: detected capacity change from 0 to 32768 [ 294.733476][T12111] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2516 (12111) [ 294.740573][T12130] loop5: detected capacity change from 0 to 4096 [ 294.800331][ T5287] usb 1-1: USB disconnect, device number 29 [ 294.800938][T12111] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 294.872941][T12111] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 294.901996][T12111] BTRFS info (device loop4): using free-space-tree [ 294.923410][T12138] loop1: detected capacity change from 0 to 2048 [ 294.963316][ T931] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 294.973055][T12138] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 295.039136][T12156] loop2: detected capacity change from 0 to 256 [ 295.047552][T12138] syz.1.2551: attempt to access beyond end of device [ 295.047552][T12138] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 295.073343][T12154] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 295.113023][ T931] usb 4-1: Using ep0 maxpacket: 16 [ 295.124461][ T931] usb 4-1: New USB device found, idVendor=046d, idProduct=ca04, bcdDevice= 0.00 [ 295.135322][ T931] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.148786][ T931] usb 4-1: config 0 descriptor?? [ 295.191998][T12156] FAT-fs (loop2): Directory bread(block 64) failed [ 295.198667][T12156] FAT-fs (loop2): Directory bread(block 65) failed [ 295.211766][T12156] FAT-fs (loop2): Directory bread(block 66) failed [ 295.219463][T12156] FAT-fs (loop2): Directory bread(block 67) failed [ 295.232878][T12156] FAT-fs (loop2): Directory bread(block 68) failed [ 295.241539][T12156] FAT-fs (loop2): Directory bread(block 69) failed [ 295.248547][T12156] FAT-fs (loop2): Directory bread(block 70) failed [ 295.263510][T12156] FAT-fs (loop2): Directory bread(block 71) failed [ 295.270150][T12156] FAT-fs (loop2): Directory bread(block 72) failed [ 295.282407][T12156] FAT-fs (loop2): Directory bread(block 73) failed [ 295.373279][ T7459] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 295.601559][ T931] logitech 0003:046D:CA04.0050: hidraw0: USB HID v0.00 Device [HID 046d:ca04] on usb-dummy_hcd.3-1/input0 [ 295.676908][ T931] logitech 0003:046D:CA04.0050: no inputs found [ 295.791528][ T931] usb 4-1: USB disconnect, device number 17 [ 295.838383][T12188] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2566'. [ 295.976073][T12196] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2568'. [ 296.065602][T12199] loop2: detected capacity change from 0 to 256 [ 296.867764][T12206] loop5: detected capacity change from 0 to 32768 [ 297.034920][T12253] loop4: detected capacity change from 0 to 64 [ 297.062334][T12206] XFS (loop5): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 297.088168][T12259] loop2: detected capacity change from 0 to 128 [ 297.137383][T12259] EXT4-fs (loop2): VFS: Found ext4 filesystem with unknown checksum algorithm. [ 297.247138][T12265] loop1: detected capacity change from 0 to 2048 [ 297.286990][T12206] XFS (loop5): Ending clean mount [ 297.318640][T12270] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 297.403553][ T5222] XFS (loop5): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 297.562973][T12242] loop3: detected capacity change from 0 to 32768 [ 297.570744][T12242] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2587 (12242) [ 297.676335][T12242] BTRFS info (device loop3): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 297.686727][T12242] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 297.700841][T12242] BTRFS info (device loop3): using free-space-tree [ 298.045235][T12315] loop5: detected capacity change from 0 to 1024 [ 298.069063][ T29] audit: type=1800 audit(1728845595.909:96): pid=12242 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2587" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 298.182953][ T931] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 298.241810][ T5227] BTRFS info (device loop3): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 298.366166][ T931] usb 2-1: Using ep0 maxpacket: 16 [ 298.397774][ T5289] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 298.399801][ T931] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 298.427130][ T931] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 298.449440][ T931] usb 2-1: Product: syz [ 298.462891][ T931] usb 2-1: Manufacturer: syz [ 298.467515][ T931] usb 2-1: SerialNumber: syz [ 298.504644][ T931] usb 2-1: config 0 descriptor?? [ 298.524370][ T931] visor 2-1:0.0: Sony Clie 3.5 converter detected [ 298.562850][ T5289] usb 3-1: Using ep0 maxpacket: 16 [ 298.576651][ T5289] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 298.597946][ T5289] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 298.626082][ T5289] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 298.670024][ T5289] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 298.686999][T12338] openvswitch: netlink: Actions may not be safe on all matching packets [ 298.698531][ T5289] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.805399][ T5289] usb 3-1: config 0 descriptor?? [ 298.923635][ T931] usb 2-1: clie_3_5_startup: get interface number failed: -71 [ 298.942500][ T931] visor 2-1:0.0: probe with driver visor failed with error -71 [ 298.973145][ T931] usb 2-1: USB disconnect, device number 23 [ 299.251245][ T5289] microsoft 0003:045E:07DA.0051: unknown main item tag 0x0 [ 299.269638][ T5289] microsoft 0003:045E:07DA.0051: ignoring exceeding usage max [ 299.330163][ T5289] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0051/input/input39 [ 299.459853][ T5289] microsoft 0003:045E:07DA.0051: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 299.504460][ T5289] usb 3-1: USB disconnect, device number 27 [ 299.581173][T12380] loop1: detected capacity change from 0 to 256 [ 299.596831][T12380] exfat: Deprecated parameter 'utf8' [ 299.629315][T12380] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 299.742898][ T25] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 299.903837][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 299.914377][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 299.947161][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 299.965475][T12371] loop5: detected capacity change from 0 to 32768 [ 299.984493][ T25] usb 1-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 299.986121][T12371] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 299.993980][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.013047][T12371] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 300.026586][ T25] usb 1-1: config 0 descriptor?? [ 300.121048][T12371] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 300.169872][ T5238] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 300.177540][ T5238] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 300.270568][T12384] loop1: detected capacity change from 0 to 32768 [ 300.280040][T12393] program syz.2.2650 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 300.325074][ T5238] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 147ms [ 300.332666][ T5238] gfs2: fsid=syz:syz.0: jid=0: Done [ 300.343140][T12371] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 300.358092][T12384] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 300.373994][T12400] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 300.396359][T12371] gfs2: fsid=syz:syz.0: gfs2_check_dirent: gfs2_dirent too small (not first in block) [ 300.407296][T12371] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 12 2341, function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 589 [ 300.423287][T12371] gfs2: fsid=syz:syz.0: G: s:SH n:2/925 f:aqob t:SH d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 300.432443][T12371] gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:12371 [syz.5.2641] iterate_dir+0x573/0x800 [ 300.450097][T12371] gfs2: fsid=syz:syz.0: I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0 [ 300.464465][T12371] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 300.477621][T12371] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 300.483167][ C1] sd 0:0:1:0: [sda] tag#7105 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 300.489070][T12371] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 300.496819][ C1] sd 0:0:1:0: [sda] tag#7105 CDB: Read(6) 08 00 00 00 00 00 [ 300.513300][ T25] belkin 0003:1020:0006.0052: unknown main item tag 0xd [ 300.513831][ T5287] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 300.528490][ T25] belkin 0003:1020:0006.0052: hidraw0: USB HID v0.00 Device [HID 1020:0006] on usb-dummy_hcd.0-1/input0 [ 300.584036][T12371] gfs2: fsid=syz:syz.0: File system withdrawn [ 300.590859][T12371] CPU: 0 UID: 0 PID: 12371 Comm: syz.5.2641 Not tainted 6.12.0-rc2-syzkaller-00320-gba01565ced22 #0 [ 300.601644][T12371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 300.611698][T12371] Call Trace: [ 300.614984][T12371] [ 300.617924][T12371] dump_stack_lvl+0x241/0x360 [ 300.622611][T12371] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.627822][T12371] ? __pfx__printk+0x10/0x10 [ 300.632449][T12371] ? kobject_uevent_env+0x54d/0x8e0 [ 300.637678][T12371] ? preempt_schedule_thunk+0x1a/0x30 [ 300.643083][T12371] gfs2_withdraw+0xefa/0x1460 [ 300.647820][T12371] ? __pfx_gfs2_withdraw+0x10/0x10 [ 300.652954][T12371] ? gfs2_dirent_scan+0x27c/0x670 [ 300.658017][T12371] ? __pfx__printk+0x10/0x10 [ 300.662650][T12371] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.668312][T12371] ? gfs2_consist_inode_i+0xf5/0x110 [ 300.673615][T12371] gfs2_dirent_scan+0x52b/0x670 [ 300.678480][T12371] ? gfs2_dir_read+0x73e/0x1af0 [ 300.683342][T12371] ? __pfx_gfs2_dirent_gather+0x10/0x10 [ 300.688904][T12371] gfs2_dir_read+0x82f/0x1af0 [ 300.693602][T12371] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.699242][T12371] ? inode_dio_wait+0x19f/0x240 [ 300.704116][T12371] ? __pfx_inode_dio_wait+0x10/0x10 [ 300.709334][T12371] ? __pfx_gfs2_dir_read+0x10/0x10 [ 300.714456][T12371] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.720099][T12371] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.725738][T12371] ? gfs2_glock_nq+0x136d/0x1aa0 [ 300.730692][T12371] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.736337][T12371] ? inode_go_held+0xea/0x200 [ 300.741030][T12371] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.746671][T12371] ? gfs2_glock_wait+0x21a/0x2b0 [ 300.751623][T12371] gfs2_readdir+0x14b/0x1b0 [ 300.756139][T12371] ? __pfx_gfs2_readdir+0x10/0x10 [ 300.761175][T12371] ? iterate_dir+0x573/0x800 [ 300.765783][T12371] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.771449][T12371] ? common_file_perm+0x1a6/0x210 [ 300.776497][T12371] iterate_dir+0x573/0x800 [ 300.780935][T12371] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.786583][T12371] __se_sys_getdents+0x1ef/0x4d0 [ 300.791537][T12371] ? __pfx___se_sys_getdents+0x10/0x10 [ 300.797001][T12371] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 300.803010][T12371] ? __pfx_filldir+0x10/0x10 [ 300.807617][T12371] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 300.813966][T12371] ? do_syscall_64+0x100/0x230 [ 300.818742][T12371] ? do_syscall_64+0xb6/0x230 [ 300.823429][T12371] do_syscall_64+0xf3/0x230 [ 300.827947][T12371] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.833863][T12371] RIP: 0033:0x7f8a8cf7dff9 [ 300.838286][T12371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 300.857901][T12371] RSP: 002b:00007f8a8c9ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 300.866331][T12371] RAX: ffffffffffffffda RBX: 00007f8a8d135f80 RCX: 00007f8a8cf7dff9 [ 300.874312][T12371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 300.882322][T12371] RBP: 00007f8a8cff0296 R08: 0000000000000000 R09: 0000000000000000 [ 300.890409][T12371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 300.898496][T12371] R13: 0000000000000000 R14: 00007f8a8d135f80 R15: 00007fffaf684708 [ 300.906492][T12371] [ 300.911600][T12384] XFS (loop1): Ending clean mount [ 300.951318][T12384] XFS (loop1): Quotacheck needed: Please wait. [ 300.959796][ T931] usb 1-1: USB disconnect, device number 30 [ 301.002961][ T5287] usb 4-1: Using ep0 maxpacket: 8 [ 301.004482][T12384] XFS (loop1): Quotacheck: Done. [ 301.027303][ T5287] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 301.045765][ T5287] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 301.055944][ T5287] usb 4-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 301.065139][ T5287] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.076811][ T5287] usb 4-1: config 0 descriptor?? [ 301.176114][ T7276] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 301.522585][ T5287] logitech 0003:046D:C20E.0053: rdesc size test failed for formula gp [ 301.549343][ T5287] logitech 0003:046D:C20E.0053: unbalanced delimiter at end of report description [ 301.550825][T12414] loop2: detected capacity change from 0 to 128 [ 301.585785][ T5287] logitech 0003:046D:C20E.0053: parse failed [ 301.599725][ T5287] logitech 0003:046D:C20E.0053: probe with driver logitech failed with error -22 [ 301.627593][T12414] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 301.649512][T12414] ext4 filesystem being mounted at /458/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 301.719063][ T5223] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 301.762434][ T5287] usb 4-1: USB disconnect, device number 18 [ 302.102888][T12438] netlink: 'syz.1.2667': attribute type 10 has an invalid length. [ 302.151433][T12438] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.162010][T12438] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.256737][T12438] bridge0: port 2(bridge_slave_1) entered blocking state [ 302.263972][T12438] bridge0: port 2(bridge_slave_1) entered forwarding state [ 302.273045][T12438] bridge0: port 1(bridge_slave_0) entered blocking state [ 302.280176][T12438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 302.335999][T12438] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 302.363843][T12441] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2667'. [ 302.417784][T12441] bridge_slave_1: left allmulticast mode [ 302.443345][T12441] bridge_slave_1: left promiscuous mode [ 302.460523][T12441] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.491480][T12441] bridge_slave_0: left allmulticast mode [ 302.509436][T12441] bridge_slave_0: left promiscuous mode [ 302.535243][T12441] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.612978][T12428] loop2: detected capacity change from 0 to 40427 [ 302.627479][T12441] bond0: (slave bridge0): Releasing backup interface [ 302.680735][T12428] F2FS-fs (loop2): Found nat_bits in checkpoint [ 302.815619][T12463] netlink: 6 bytes leftover after parsing attributes in process `syz.5.2677'. [ 302.878884][T12428] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 303.144116][ T5223] syz-executor: attempt to access beyond end of device [ 303.144116][ T5223] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 303.158503][ T5223] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 303.662919][ T5230] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 303.711671][T12486] loop1: detected capacity change from 0 to 32768 [ 303.892538][T12486] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 303.938939][T12493] loop5: detected capacity change from 0 to 40427 [ 303.962877][ T5230] usb 4-1: Using ep0 maxpacket: 16 [ 303.978956][ T5230] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 304.002808][ T5230] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 304.020051][T12493] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x7 [ 304.042749][T12493] F2FS-fs (loop5): invalid crc value [ 304.060226][T12493] F2FS-fs (loop5): Found nat_bits in checkpoint [ 304.091125][ T5230] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 304.121476][ T5230] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.139687][ T5230] usb 4-1: config 0 descriptor?? [ 304.215582][T12493] F2FS-fs (loop5): Start checkpoint disabled! [ 304.235680][T12493] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 304.253562][T12486] XFS (loop1): Ending clean mount [ 304.276056][T12493] F2FS-fs (loop5): Checkpoint should be enabled. [ 304.348307][ T7276] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 304.564230][ T5230] hid-multitouch 0003:1FD2:6007.0054: unknown main item tag 0x0 [ 304.572028][ T5230] hid-multitouch 0003:1FD2:6007.0054: unknown main item tag 0x0 [ 304.588149][ T62] kworker/u8:4: attempt to access beyond end of device [ 304.588149][ T62] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 304.612795][ T5230] hid-multitouch 0003:1FD2:6007.0054: unknown main item tag 0x0 [ 304.620576][ T5230] hid-multitouch 0003:1FD2:6007.0054: unknown main item tag 0x0 [ 304.645619][ T62] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 304.662878][ T5230] hid-multitouch 0003:1FD2:6007.0054: unknown main item tag 0x0 [ 304.687523][ T62] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 304.704779][ T5230] hid-multitouch 0003:1FD2:6007.0054: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0 [ 304.941339][ T5287] usb 4-1: USB disconnect, device number 19 [ 305.119437][T12527] loop1: detected capacity change from 0 to 32768 [ 305.346136][T12523] loop2: detected capacity change from 0 to 32768 [ 305.365180][T12523] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2703 (12523) [ 305.386942][T12527] JBD2: Ignoring recovery information on journal [ 305.444986][T12523] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 305.455617][T12523] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 305.490913][T12523] BTRFS info (device loop2): using free-space-tree [ 305.605439][T12527] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 305.911400][ T7276] ocfs2: Unmounting device (7,1) on (node local) [ 306.149793][ T5223] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 306.217240][T12579] loop5: detected capacity change from 0 to 64 [ 306.536693][T12567] loop3: detected capacity change from 0 to 32768 [ 306.587564][T12590] loop1: detected capacity change from 0 to 1024 [ 306.672227][T12567] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 307.346787][T12567] XFS (loop3): Ending clean mount [ 307.602666][T12620] loop2: detected capacity change from 0 to 32768 [ 307.618960][T12620] JBD2: Ignoring recovery information on journal [ 307.710856][ T5227] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 307.751420][T12620] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 307.960141][T12645] loop5: detected capacity change from 0 to 2048 [ 307.999942][ T5223] ocfs2: Unmounting device (7,2) on (node local) [ 308.100846][T12645] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 308.350773][T12664] netlink: 'syz.3.2741': attribute type 1 has an invalid length. [ 308.358824][T12664] netlink: 157116 bytes leftover after parsing attributes in process `syz.3.2741'. [ 308.430513][ T5222] UDF-fs: error (device loop5): udf_read_inode: (ino 1317) failed !bh [ 308.440984][ T5222] UDF-fs: error (device loop5): udf_read_inode: (ino 1317) failed !bh [ 308.490740][T12666] loop3: detected capacity change from 0 to 1024 [ 308.518886][T12670] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 308.555230][T12666] hfsplus: request for non-existent node 3 in B*Tree [ 308.581782][T12666] hfsplus: request for non-existent node 3 in B*Tree [ 308.638972][ T29] audit: type=1800 audit(1728845606.479:97): pid=12666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2754" name="bus" dev="loop3" ino=2 res=0 errno=0 [ 308.707308][T12678] loop4: detected capacity change from 0 to 64 [ 309.441535][ T11] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.502505][ T5236] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 309.547260][ T5236] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 309.581034][ T5236] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 309.607794][ T5236] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 309.623482][ T5236] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 309.638303][ T5236] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 309.774332][ T11] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.028345][ T11] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.152858][ T5289] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 310.276341][ T11] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.304112][T12743] loop2: detected capacity change from 0 to 4096 [ 310.312878][ T5289] usb 1-1: Using ep0 maxpacket: 16 [ 310.333165][ T5289] usb 1-1: config 0 has an invalid interface number: 32 but max is 0 [ 310.341273][ T5289] usb 1-1: config 0 has no interface number 0 [ 310.363203][T12743] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512). [ 310.393521][ T5289] usb 1-1: config 0 interface 32 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 310.448781][ T5289] usb 1-1: config 0 interface 32 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 310.494282][ T5289] usb 1-1: New USB device found, idVendor=5543, idProduct=0081, bcdDevice= 0.00 [ 310.512874][ T5289] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.523971][ T5289] usb 1-1: config 0 descriptor?? [ 310.675050][T12743] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 310.750625][T12709] chnl_net:caif_netlink_parms(): no params data found [ 310.779115][T12736] loop1: detected capacity change from 0 to 32768 [ 310.787615][ T11] bridge_slave_1: left allmulticast mode [ 310.821356][ T11] bridge_slave_1: left promiscuous mode [ 310.823801][T12736] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2783 (12736) [ 310.827350][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.880391][T12736] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 310.894222][ T11] bridge_slave_0: left allmulticast mode [ 310.907953][ T11] bridge_slave_0: left promiscuous mode [ 310.918302][T12736] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 310.923471][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.940516][ T5289] uclogic 0003:5543:0081.0055: interface is invalid, ignoring [ 310.960475][T12736] BTRFS info (device loop1): using free-space-tree [ 311.040098][T12730] loop4: detected capacity change from 0 to 40427 [ 311.062309][T12772] program syz.2.2794 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 311.067466][T12730] F2FS-fs (loop4): Wrong NAT boundary, start(2560) end(462336) blocks(1024) [ 311.101099][T12730] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 311.141571][ T5289] usb 1-1: USB disconnect, device number 31 [ 311.216790][T12730] F2FS-fs (loop4): Found nat_bits in checkpoint [ 311.217679][ T7276] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 311.435144][T12730] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 311.442306][T12730] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 311.552954][ T29] audit: type=1800 audit(1728845609.399:98): pid=12730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2780" name="bus" dev="loop4" ino=10 res=0 errno=0 [ 311.645050][ T7459] syz-executor: attempt to access beyond end of device [ 311.645050][ T7459] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 311.659180][ T7459] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 311.694479][ T5236] Bluetooth: hci0: command tx timeout [ 311.955662][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 311.977106][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 311.992433][ T11] bond0 (unregistering): Released all slaves [ 312.089227][ T11] Êü: left promiscuous mode [ 312.399935][T12789] loop1: detected capacity change from 0 to 32768 [ 312.457733][T12789] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 312.540600][ T11] IPVS: stopping master sync thread 6591 ... [ 312.583976][ T9] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 312.741488][ T7276] ocfs2: Unmounting device (7,1) on (node local) [ 312.871809][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 312.882508][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 312.926826][ T9] usb 3-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 312.960467][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.970108][T12814] loop1: detected capacity change from 0 to 2048 [ 312.980260][T12709] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.990149][T12812] loop4: detected capacity change from 0 to 4096 [ 312.993961][T12709] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.998763][ T9] usb 3-1: config 0 descriptor?? [ 313.010608][T12709] bridge_slave_0: entered allmulticast mode [ 313.021993][T12709] bridge_slave_0: entered promiscuous mode [ 313.030910][T12812] ntfs3(loop4): ino=3, Correct links count -> 2. [ 313.038986][T12814] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 313.114719][T12709] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.122056][T12709] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.153364][T12709] bridge_slave_1: entered allmulticast mode [ 313.166355][T12812] ntfs3(loop4): failed to convert "0080" to maccyrillic [ 313.183776][T12709] bridge_slave_1: entered promiscuous mode [ 313.195318][T12812] ntfs3(loop4): failed to convert name for inode 1e. [ 313.428779][ T9] Bluetooth: Can't get state to change to load configuration err [ 313.450008][ T9] Bluetooth: Loading sysconfig file failed [ 313.471881][T12709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 313.502813][ T9] ath3k 3-1:0.0: probe with driver ath3k failed with error -16 [ 313.547799][T12709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 313.573858][ T9] usb 3-1: USB disconnect, device number 28 [ 313.677301][ T11] hsr_slave_0: left promiscuous mode [ 313.714974][ T11] hsr_slave_1: left promiscuous mode [ 313.727598][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 313.749094][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 313.768555][T12831] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2817'. [ 313.784426][ T5236] Bluetooth: hci0: command tx timeout [ 313.784448][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 313.807202][T12816] loop3: detected capacity change from 0 to 32768 [ 313.815808][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 313.828270][T12816] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2810 (12816) [ 313.856766][ T11] veth1_macvtap: left promiscuous mode [ 313.862531][ T11] veth0_macvtap: left promiscuous mode [ 313.868812][ T11] veth1_vlan: left promiscuous mode [ 313.878711][ T11] veth0_vlan: left promiscuous mode [ 313.892219][T12816] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 313.924399][T12816] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 313.959440][T12816] BTRFS info (device loop3): using free-space-tree [ 314.275519][T12816] BTRFS info (device loop3): checking UUID tree [ 314.373149][ T9] usb 3-1: new full-speed USB device number 29 using dummy_hcd [ 314.420605][ T5227] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 314.433052][ T5288] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 314.537718][ T9] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 314.552882][ T9] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 314.582985][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 314.610658][ T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 314.623756][ T5288] usb 1-1: Using ep0 maxpacket: 16 [ 314.633005][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.654517][ T9] usb 3-1: Product: syz [ 314.658702][ T9] usb 3-1: Manufacturer: syz [ 314.670212][ T5288] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 314.672860][ T9] usb 3-1: SerialNumber: syz [ 314.689504][ T5288] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 314.718866][ T5288] usb 1-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00 [ 314.748123][ T5288] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.777712][ T5288] usb 1-1: config 0 descriptor?? [ 314.881948][ T11] team0 (unregistering): Port device team_slave_1 removed [ 314.937600][ T11] team0 (unregistering): Port device team_slave_0 removed [ 315.146195][ T9] usb 3-1: 0:2 : does not exist [ 315.222489][ T5288] smartjoyplus 0003:6666:8804.0056: hidraw0: USB HID v0.00 Device [HID 6666:8804] on usb-dummy_hcd.0-1/input0 [ 315.234640][ T5288] smartjoyplus 0003:6666:8804.0056: no output reports found [ 315.358949][ T9] usb 3-1: USB disconnect, device number 29 [ 315.414571][ T931] usb 1-1: USB disconnect, device number 32 [ 315.481459][T12709] team0: Port device team_slave_0 added [ 315.500615][T12862] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2826'. [ 315.512868][T12862] tipc: Invalid UDP bearer configuration [ 315.512912][T12862] tipc: Enabling of bearer rejected, failed to enable media [ 315.543981][T12709] team0: Port device team_slave_1 added [ 315.649292][T12709] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 315.669612][T12709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 315.676761][T12873] loop3: detected capacity change from 0 to 128 [ 315.713343][T12873] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 315.719495][T12709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 315.757244][T12709] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 315.767258][ T29] audit: type=1800 audit(1728845613.599:99): pid=12873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2830" name="file2" dev="loop3" ino=95 res=0 errno=0 [ 315.798296][T12709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 315.853044][T12709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 315.853507][ T5236] Bluetooth: hci0: command tx timeout [ 316.043340][T12709] hsr_slave_0: entered promiscuous mode [ 316.059571][T12875] loop1: detected capacity change from 0 to 4096 [ 316.066565][T12709] hsr_slave_1: entered promiscuous mode [ 316.206241][T12875] ntfs3(loop1): ino=5, "/" directory corrupted [ 316.253091][ T931] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 316.437179][ T931] usb 1-1: Using ep0 maxpacket: 16 [ 316.454568][ T931] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 316.468544][ T931] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 316.478695][ T931] usb 1-1: New USB device found, idVendor=11ff, idProduct=3331, bcdDevice= 0.00 [ 316.508542][ T931] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.521543][T12896] loop4: detected capacity change from 0 to 256 [ 316.538070][ T931] usb 1-1: config 0 descriptor?? [ 316.656999][ T1263] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.663526][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.860433][T12908] nbd: must specify a size in bytes for the device [ 316.980848][ T931] gembird 0003:11FF:3331.0057: unknown main item tag 0xd [ 316.988172][ T931] gembird 0003:11FF:3331.0057: unexpected long global item [ 316.999692][ T931] gembird 0003:11FF:3331.0057: probe with driver gembird failed with error -22 [ 317.106887][T12709] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 317.129047][T12709] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 317.180171][T12709] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 317.198595][ T5287] usb 1-1: USB disconnect, device number 33 [ 317.276643][T12709] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 317.348477][T12900] loop3: detected capacity change from 0 to 32768 [ 317.401998][T12918] loop1: detected capacity change from 0 to 4096 [ 317.410446][T12900] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2842 (12900) [ 317.469883][T12900] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 317.471726][T12709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 317.487358][T12919] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 317.512926][T12900] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm [ 317.543346][T12900] BTRFS info (device loop3): using free-space-tree [ 317.568356][T12709] 8021q: adding VLAN 0 to HW filter on device team0 [ 317.612174][ T7324] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.619347][ T7324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.672309][ T7324] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.679507][ T7324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.778652][T12914] loop4: detected capacity change from 0 to 32768 [ 317.843179][T12914] XFS (loop4): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 317.916331][ T5227] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 317.933103][ T5236] Bluetooth: hci0: command tx timeout [ 317.939563][T12914] XFS (loop4): Ending clean mount [ 317.941066][T12949] program syz.1.2856 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 317.983817][ T5288] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 318.048174][ T7459] XFS (loop4): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 318.168708][ T5288] usb 3-1: Using ep0 maxpacket: 16 [ 318.208206][ T5288] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 318.222042][T12709] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 318.235376][ T5288] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 318.252937][ T5288] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x2 has invalid wMaxPacketSize 0 [ 318.258007][T12960] loop1: detected capacity change from 0 to 4096 [ 318.270271][ T5288] usb 3-1: config 0 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 318.323229][ T5288] usb 3-1: config 0 interface 0 has no altsetting 0 [ 318.329918][ T5288] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 318.352853][ T5288] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.483369][ T5288] usb 3-1: config 0 descriptor?? [ 318.493575][T12963] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 318.844652][T12709] veth0_vlan: entered promiscuous mode [ 318.857866][T12709] veth1_vlan: entered promiscuous mode [ 318.893428][T12709] veth0_macvtap: entered promiscuous mode [ 318.948202][T12709] veth1_macvtap: entered promiscuous mode [ 318.983444][ T5288] input: HID 0458:5010 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5010.0058/input/input40 [ 319.011712][T12709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 319.046830][T12709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.084502][T12709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 319.122983][T12709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.162831][T12709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 319.163029][ T5288] kye 0003:0458:5010.0058: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.2-1/input0 [ 319.212074][T12709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.237471][T12709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 319.269522][ T5230] usb 3-1: USB disconnect, device number 30 [ 319.270698][T12709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.338433][T12709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 319.390561][T12709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.407803][T12973] loop4: detected capacity change from 0 to 32768 [ 319.459623][T12973] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 319.491250][T12709] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 319.539506][T12709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.573017][T12709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.593662][T12709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.648493][T12709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.689622][T12709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.692459][T12969] loop3: detected capacity change from 0 to 32768 [ 319.721285][T12709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.731337][T12709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.741920][T12709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.751886][T12709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 319.762394][T12709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 319.773958][T12709] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 319.786681][T12709] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.795441][T12709] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.804635][T12709] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.814341][T12709] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.815606][T12973] XFS (loop4): Ending clean mount [ 319.842393][T12991] loop1: detected capacity change from 0 to 1024 [ 319.917910][T12969] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 319.934249][T12973] XFS (loop4): Quotacheck needed: Please wait. [ 320.007191][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 320.027625][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 320.149186][ T7856] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 320.168789][ T7856] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 320.190424][T12973] XFS (loop4): Quotacheck: Done. [ 320.218649][ T5227] ocfs2: Unmounting device (7,3) on (node local) [ 320.389262][ T7459] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 320.702204][T13022] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 320.825660][T13024] loop3: detected capacity change from 0 to 64 [ 321.174834][T13046] loop5: detected capacity change from 0 to 512 [ 321.262565][T13046] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 321.327234][ T5289] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 321.363062][ T5289] hid-generic 0000:0000:0000.0059: hidraw0: HID v0.00 Device [syz1] on syz0 [ 321.392495][T13046] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 321.484356][T13046] EXT4-fs warning (device loop5): verify_group_input:156: Last group not full [ 321.594986][T12709] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 321.748631][T13074] loop1: detected capacity change from 0 to 512 [ 321.797597][T13074] EXT4-fs error (device loop1): __ext4_iget:4952: inode #15: block 1803188595: comm syz.1.2903: invalid block [ 321.813259][T13074] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.2903: couldn't read orphan inode 15 (err -117) [ 321.837482][T13074] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 322.078368][T13088] loop4: detected capacity change from 0 to 256 [ 322.136404][ T29] audit: type=1326 audit(1728845619.979:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13084 comm="syz.4.2907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9046b7dff9 code=0x7ffc0000 [ 322.169959][T13088] exfat: Bad value for 'uid' [ 322.196497][T13088] exfat: Bad value for 'uid' [ 322.283993][ T7276] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 322.306368][ T29] audit: type=1326 audit(1728845619.979:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13084 comm="syz.4.2907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9046b7dff9 code=0x7ffc0000 [ 322.417019][ T5236] Bluetooth: hci0: command tx timeout [ 322.452784][ T29] audit: type=1326 audit(1728845620.099:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13084 comm="syz.4.2907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7f9046b7dff9 code=0x7ffc0000 [ 322.533427][ T29] audit: type=1326 audit(1728845620.099:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13084 comm="syz.4.2907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9046b7dff9 code=0x7ffc0000 [ 322.563202][ T29] audit: type=1326 audit(1728845620.099:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13084 comm="syz.4.2907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9046b7dff9 code=0x7ffc0000 [ 322.763098][T13067] loop3: detected capacity change from 0 to 32768 [ 322.827111][T13101] netlink: 216 bytes leftover after parsing attributes in process `syz.4.2912'. [ 322.964003][T13067] XFS (loop3): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 323.041057][T13113] loop4: detected capacity change from 0 to 512 [ 323.049834][T13113] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 323.211016][T13113] EXT4-fs error (device loop4): ext4_orphan_get:1414: comm syz.4.2917: bad orphan inode 131083 [ 323.228512][T13113] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 323.263459][T13067] XFS (loop3): Ending clean mount [ 323.277670][T13067] XFS (loop3): Quotacheck needed: Please wait. [ 323.335865][T13090] loop2: detected capacity change from 0 to 32768 [ 323.398077][T13067] XFS (loop3): Quotacheck: Done. [ 323.521392][ T7459] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 323.546681][ T5227] XFS (loop3): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 323.590885][T13136] loop5: detected capacity change from 0 to 64 [ 324.623502][T13152] loop1: detected capacity change from 0 to 32768 [ 324.662003][T13152] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 324.841729][T13196] loop5: detected capacity change from 0 to 512 [ 324.850348][T13196] EXT4-fs (loop5): Test dummy encryption mode enabled [ 324.857413][T13196] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 324.871404][T13152] XFS (loop1): Ending clean mount [ 324.880468][T13152] XFS (loop1): Quotacheck needed: Please wait. [ 324.887967][T13196] EXT4-fs (loop5): 1 truncate cleaned up [ 324.895027][T13196] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 325.001119][T13206] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 325.124246][T13196] EXT4-fs error (device loop5): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.5.2952: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=16, rec_len=0, size=1024 fake=0 [ 325.150292][T13196] EXT4-fs (loop5): Remounting filesystem read-only [ 325.169306][T13152] XFS (loop1): Quotacheck: Done. [ 325.215379][T12709] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 325.235369][ T29] audit: type=1800 audit(1728845623.079:105): pid=13152 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2935" name="bus" dev="loop1" ino=9291 res=0 errno=0 [ 325.394137][ T7276] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 325.696820][T13233] loop2: detected capacity change from 0 to 16 [ 325.724021][T13233] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 326.054019][T13251] hugetlbfs: Bad value for 'uid' [ 326.054052][T13251] hugetlbfs: Bad value for 'uid' [ 326.440439][T13278] netlink: 'syz.4.2989': attribute type 6 has an invalid length. [ 326.700043][T13294] loop1: detected capacity change from 0 to 16 [ 326.716117][T13295] loop3: detected capacity change from 0 to 64 [ 326.749759][T13294] erofs: (device loop1): mounted with root inode @ nid 36. [ 326.774214][T13295] hfs: get root inode failed [ 326.809506][T13294] erofs: (device loop1): erofs_readdir: invalid de[0].nameoff 0 @ nid 36 [ 327.179098][T13316] loop5: detected capacity change from 0 to 128 [ 327.316535][T13298] loop2: detected capacity change from 0 to 40427 [ 327.339651][T13320] loop1: detected capacity change from 0 to 128 [ 327.350041][T13298] F2FS-fs (loop2): Small segment_count (9 < 1 * 24) [ 327.361481][T13298] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 327.387129][T13298] F2FS-fs (loop2): Found nat_bits in checkpoint [ 327.461273][T13298] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 327.475049][T13298] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 327.578375][ T5223] syz-executor: attempt to access beyond end of device [ 327.578375][ T5223] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 327.626214][ T5223] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 328.072798][ T29] audit: type=1326 audit(1728845625.899:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13347 comm="syz.0.3023" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f65f477dff9 code=0x0 [ 328.078616][T13352] loop3: detected capacity change from 0 to 64 [ 328.165550][ T29] audit: type=1800 audit(1728845625.999:107): pid=13352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3024" name="file1" dev="loop3" ino=18 res=0 errno=0 [ 328.272234][T13349] loop5: detected capacity change from 0 to 4096 [ 328.319159][T13354] netlink: 'syz.0.3025': attribute type 30 has an invalid length. [ 329.008028][T13380] loop5: detected capacity change from 0 to 256 [ 329.030850][T13380] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 329.145361][T13387] loop3: detected capacity change from 0 to 256 [ 329.223662][ T5289] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 329.238933][T13387] FAT-fs (loop3): Directory bread(block 64) failed [ 329.252875][T13387] FAT-fs (loop3): Directory bread(block 65) failed [ 329.269745][T13387] FAT-fs (loop3): Directory bread(block 66) failed [ 329.280196][T13387] FAT-fs (loop3): Directory bread(block 67) failed [ 329.293743][T13387] FAT-fs (loop3): Directory bread(block 68) failed [ 329.310919][T13387] FAT-fs (loop3): Directory bread(block 69) failed [ 329.320861][T13387] FAT-fs (loop3): Directory bread(block 70) failed [ 329.333578][T13387] FAT-fs (loop3): Directory bread(block 71) failed [ 329.355847][T13387] FAT-fs (loop3): Directory bread(block 72) failed [ 329.373066][T13387] FAT-fs (loop3): Directory bread(block 73) failed [ 329.396843][T13391] loop5: detected capacity change from 0 to 256 [ 329.413563][T13391] exfat: Deprecated parameter 'utf8' [ 329.418939][T13391] exfat: Deprecated parameter 'utf8' [ 329.453767][ T5289] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 329.480458][T13391] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 329.482777][ T5289] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 329.502411][ T5289] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 329.511528][ T5289] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.521809][ T5289] usb 3-1: config 0 descriptor?? [ 329.815254][T13393] loop3: detected capacity change from 0 to 2048 [ 329.859541][T13393] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 329.870372][T13338] warn_alloc: 3 callbacks suppressed [ 329.870394][T13338] syz.1.3017: vmalloc error: size 3874816, failed to allocated page array size 7568, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 329.956432][ T5289] sony 0003:054C:0268.005A: hiddev0,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.2-1/input0 [ 329.972799][T13338] CPU: 1 UID: 0 PID: 13338 Comm: syz.1.3017 Not tainted 6.12.0-rc2-syzkaller-00320-gba01565ced22 #0 [ 329.983591][T13338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 329.993659][T13338] Call Trace: [ 329.996955][T13338] [ 329.999903][T13338] dump_stack_lvl+0x241/0x360 [ 330.004612][T13338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 330.009834][T13338] ? __pfx__printk+0x10/0x10 [ 330.014469][T13338] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 330.020908][T13338] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.026558][T13338] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 330.033092][T13338] warn_alloc+0x278/0x410 [ 330.037452][T13338] ? __pfx_warn_alloc+0x10/0x10 [ 330.042333][T13338] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 330.048511][T13338] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.054156][T13338] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.059796][T13338] ? __get_vm_area_node+0x23d/0x270 [ 330.065105][T13338] __vmalloc_node_range_noprof+0x691/0x13f0 [ 330.071029][T13338] ? __kmalloc_cache_node_noprof+0x1d3/0x300 [ 330.077028][T13338] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 330.083362][T13338] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 330.089524][T13338] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.095161][T13338] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.100797][T13338] ? __get_vm_area_node+0x23d/0x270 [ 330.106016][T13338] __vmalloc_node_range_noprof+0x59c/0x13f0 [ 330.111919][T13338] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 330.118084][T13338] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 330.123837][T13338] ? rcu_is_watching+0x15/0xb0 [ 330.128611][T13338] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 330.135036][T13338] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.140679][T13338] ? rcu_is_watching+0x15/0xb0 [ 330.145455][T13338] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.151098][T13338] ? __kmalloc_node_noprof+0x247/0x440 [ 330.156575][T13338] ? __kvmalloc_node_noprof+0x72/0x190 [ 330.162049][T13338] __kvmalloc_node_noprof+0x142/0x190 [ 330.167436][T13338] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 330.173605][T13338] __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 330.179858][T13338] ? tpg_update_mv_step+0x361/0x4f0 [ 330.185084][T13338] vivid_update_format_cap+0x133c/0x2090 [ 330.190741][T13338] ? __pfx_vivid_update_format_cap+0x10/0x10 [ 330.196995][T13338] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.202643][T13338] vivid_vid_cap_s_dv_timings+0x535/0x1230 [ 330.208575][T13338] __video_do_ioctl+0xc25/0xdd0 [ 330.213493][T13338] ? __pfx___video_do_ioctl+0x10/0x10 [ 330.218891][T13338] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.224533][T13338] ? __might_fault+0xc6/0x120 [ 330.229253][T13338] video_usercopy+0x89d/0x1180 [ 330.234060][T13338] ? __pfx___video_do_ioctl+0x10/0x10 [ 330.239452][T13338] ? __pfx_video_usercopy+0x10/0x10 [ 330.244680][T13338] ? __fget_files+0x29/0x470 [ 330.249290][T13338] ? __fget_files+0x3f3/0x470 [ 330.253995][T13338] v4l2_ioctl+0x18b/0x1e0 [ 330.258356][T13338] ? __pfx_v4l2_ioctl+0x10/0x10 [ 330.263240][T13338] __se_sys_ioctl+0xfb/0x170 [ 330.267876][T13338] do_syscall_64+0xf3/0x230 [ 330.272397][T13338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.278319][T13338] RIP: 0033:0x7f518577dff9 [ 330.282743][T13338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.302370][T13338] RSP: 002b:00007f51864c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 330.310797][T13338] RAX: ffffffffffffffda RBX: 00007f5185935f80 RCX: 00007f518577dff9 [ 330.318773][T13338] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000003 [ 330.326748][T13338] RBP: 00007f51857f0296 R08: 0000000000000000 R09: 0000000000000000 [ 330.334723][T13338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 330.342705][T13338] R13: 0000000000000000 R14: 00007f5185935f80 R15: 00007ffc478cb268 [ 330.350701][T13338] [ 330.353878][ C1] vkms_vblank_simulate: vblank timer overrun [ 330.372799][ T5289] sony 0003:054C:0268.005A: failed to claim input [ 330.422089][ T5289] usb 3-1: USB disconnect, device number 31 [ 330.433995][T13338] Mem-Info: [ 330.442834][T13338] active_anon:6918 inactive_anon:1 isolated_anon:0 [ 330.442834][T13338] active_file:1761 inactive_file:38704 isolated_file:0 [ 330.442834][T13338] unevictable:768 dirty:283 writeback:0 [ 330.442834][T13338] slab_reclaimable:9751 slab_unreclaimable:99743 [ 330.442834][T13338] mapped:24827 shmem:4300 pagetables:766 [ 330.442834][T13338] sec_pagetables:0 bounce:0 [ 330.442834][T13338] kernel_misc_reclaimable:0 [ 330.442834][T13338] free:1284691 free_pcp:1685 free_cma:0 [ 330.522815][T13338] Node 0 active_anon:26972kB inactive_anon:4kB active_file:7044kB inactive_file:154740kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:99308kB dirty:1132kB writeback:0kB shmem:14964kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10452kB pagetables:3264kB sec_pagetables:0kB all_unreclaimable? no [ 330.555368][T13338] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 330.593672][T13338] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 330.621038][T13338] lowmem_reserve[]: 0 2465 2466 0 0 [ 330.626414][T13338] Node 0 DMA32 free:1190644kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:25736kB inactive_anon:4kB active_file:7044kB inactive_file:153916kB unevictable:1536kB writepending:1132kB present:3129332kB managed:2552500kB mlocked:0kB bounce:0kB free_pcp:9664kB local_pcp:8344kB free_cma:0kB [ 330.657321][T13338] lowmem_reserve[]: 0 0 0 0 0 [ 330.662111][T13338] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 330.690087][T13338] lowmem_reserve[]: 0 0 0 0 0 [ 330.695754][T13338] Node 1 Normal free:3931900kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 330.724649][T13338] lowmem_reserve[]: 0 0 0 0 0 [ 330.729441][T13338] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 330.743477][T13338] Node 0 DMA32: 1*4kB (E) 99*8kB (UME) 54*16kB (UME) 130*32kB (UME) 139*64kB (UME) 79*128kB (UME) 42*256kB (UME) 23*512kB (ME) 9*1024kB (ME) 8*2048kB (ME) 273*4096kB (UM) = 1191164kB [ 330.762343][T13338] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 330.775079][T13338] Node 1 Normal: 149*4kB (UM) 39*8kB (UME) 33*16kB (UME) 159*32kB (UME) 98*64kB (UME) 34*128kB (UE) 10*256kB (UM) 9*512kB (UME) 2*1024kB (UM) 3*2048kB (U) 952*4096kB (M) = 3931900kB [ 330.794507][T13338] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 330.804377][T13338] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 330.814036][T13338] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 330.823769][T13338] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 330.833176][T13338] 43875 total pagecache pages [ 330.837938][T13338] 1 pages in swap cache [ 330.842174][T13338] Free swap = 124584kB [ 330.846521][T13338] Total swap = 124996kB [ 330.850773][T13338] 2097051 pages RAM [ 330.854782][T13338] 0 pages HighMem/MovableOnly [ 330.859551][T13338] 427076 pages reserved [ 330.863877][T13338] 0 pages cma reserved [ 330.929236][T13408] loop5: detected capacity change from 0 to 2048 [ 330.964211][T13408] NILFS (loop5): invalid segment: Checksum error in segment payload [ 330.972369][T13408] NILFS (loop5): trying rollback from an earlier position [ 330.997280][T13408] NILFS (loop5): recovery complete [ 331.035171][T13410] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 331.506045][T13417] loop3: detected capacity change from 0 to 2048 [ 331.667174][ T5227] UDF-fs: warning (device loop3): udf_evict_inode: Inode 1367 (mode 120777) has inode size 14 different from extent length 512. Filesystem need not be standards compliant. [ 331.936103][T13427] loop2: detected capacity change from 0 to 256 [ 331.973928][T13427] exfat: Deprecated parameter 'namecase' [ 332.020477][T13427] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a97a7bd, utbl_chksum : 0xe619d30d) [ 332.308052][T13437] loop3: detected capacity change from 0 to 128 [ 332.358041][T13437] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 332.411992][T13437] ext4 filesystem being mounted at /499/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 332.557813][T13443] loop2: detected capacity change from 0 to 1024 [ 332.615717][T13443] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 332.627040][ T5227] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 332.647247][T13443] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 332.693849][T13443] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 332.713159][T13445] netlink: 'syz.0.3066': attribute type 1 has an invalid length. [ 332.731049][T13443] EXT4-fs error (device loop2): ext4_get_journal_inode:5762: inode #5: comm syz.2.3065: unexpected bad inode w/o EXT4_IGET_BAD [ 332.754367][T13445] netlink: 9344 bytes leftover after parsing attributes in process `syz.0.3066'. [ 332.770747][T13443] EXT4-fs (loop2): no journal found [ 332.776444][T13445] netlink: 'syz.0.3066': attribute type 1 has an invalid length. [ 332.791272][T13443] EXT4-fs (loop2): can't get journal size [ 332.808794][T13443] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 332.949368][ T5223] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 333.528639][T13461] vim2m vim2m.0: vidioc_s_fmt queue busy [ 333.573842][T13463] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3072'. [ 334.696720][T13500] loop3: detected capacity change from 0 to 1024 [ 334.910419][ T7324] hfsplus: b-tree write err: -5, ino 4 [ 335.147484][T13529] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3106'. [ 335.620683][T13537] loop4: detected capacity change from 0 to 40427 [ 335.637724][T13537] F2FS-fs (loop4): Wrong segment_count / block_count (41 > 16384) [ 335.645618][T13537] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 335.692896][T13537] F2FS-fs (loop4): heap/no_heap options were deprecated [ 335.807744][T13537] F2FS-fs (loop4): invalid crc value [ 335.849609][T13561] binder: 13560:13561 ioctl c00c620f 20000340 returned -22 [ 335.884384][T13537] F2FS-fs (loop4): Found nat_bits in checkpoint [ 336.015091][T13569] netlink: 'syz.5.3120': attribute type 1 has an invalid length. [ 336.044222][T13569] netlink: 9388 bytes leftover after parsing attributes in process `syz.5.3120'. [ 336.084807][T13572] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3124'. [ 336.399994][T13584] loop3: detected capacity change from 0 to 8 [ 336.543415][T13537] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 336.555615][T13537] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 336.646215][T13584] SQUASHFS error: xz decompression failed, data probably corrupt [ 336.708717][T13584] SQUASHFS error: Failed to read block 0xa8: -5 [ 336.777179][T13584] SQUASHFS error: xz decompression failed, data probably corrupt [ 336.837915][T13584] SQUASHFS error: Failed to read block 0xa8: -5 [ 336.850924][ T29] audit: type=1800 audit(1728845634.689:108): pid=13584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3129" name="file0" dev="loop3" ino=3 res=0 errno=0 [ 336.930118][T13599] openvswitch: netlink: Actions may not be safe on all matching packets [ 337.255696][T13610] loop2: detected capacity change from 0 to 128 [ 337.379950][T13619] FAT-fs (loop2): FAT read failed (blocknr 234) [ 337.513288][ T5230] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 337.658792][T13627] loop5: detected capacity change from 0 to 256 [ 337.665111][ T5230] usb 4-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00 [ 337.665148][ T5230] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.667134][ T5230] usb 4-1: config 0 descriptor?? [ 338.016080][T13633] loop5: detected capacity change from 0 to 4096 [ 338.131320][ T5230] hid-u2fzero 0003:10C4:8ACF.005B: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.3-1/input0 [ 338.168747][ T5230] hid-u2fzero 0003:10C4:8ACF.005B: U2F Zero LED initialised [ 338.188265][ T5230] hid-u2fzero 0003:10C4:8ACF.005B: U2F Zero RNG initialised [ 338.342080][ T5230] usb 4-1: USB disconnect, device number 20 [ 338.719373][T13667] loop1: detected capacity change from 0 to 512 [ 338.748790][T13667] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 338.819833][T13667] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 338.844830][T13667] ext4 filesystem being mounted at /390/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 338.927846][T13680] loop5: detected capacity change from 0 to 1024 [ 338.948668][ T7276] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 338.995601][ T5288] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 339.006194][T13680] hfsplus: xattr searching failed [ 339.165755][ T5288] usb 1-1: Using ep0 maxpacket: 8 [ 339.177333][ T5288] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 339.189466][ T5288] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 339.202837][ T5288] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 339.232863][ T5288] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 30 [ 339.258298][ T5288] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 339.279628][ T5288] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.307120][ T5288] usb 1-1: config 0 descriptor?? [ 339.313126][T13669] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 339.366533][T13700] loop3: detected capacity change from 0 to 512 [ 339.420937][T13700] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 339.446362][T13700] ext4 filesystem being mounted at /519/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 339.521334][ T5227] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 339.566207][ T5236] Bluetooth: hci6: Opcode 0x0c03 failed: -71 [ 339.576539][ T5288] usb 1-1: USB disconnect, device number 34 [ 339.780334][T13719] loop5: detected capacity change from 0 to 256 [ 339.820991][T13719] exFAT-fs (loop5): failed to load upcase table (idx : 0x00017f3e, chksum : 0x4fb01312, utbl_chksum : 0xe619d30d) [ 339.962905][ T5289] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 340.141513][T13728] loop2: detected capacity change from 0 to 2048 [ 340.148382][ T5289] usb 2-1: Using ep0 maxpacket: 16 [ 340.163687][T13711] loop3: detected capacity change from 0 to 32768 [ 340.163691][ T5289] usb 2-1: config 0 interface 0 has no altsetting 0 [ 340.163730][ T5289] usb 2-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 340.194426][ T5289] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.205482][ T5289] usb 2-1: config 0 descriptor?? [ 340.221272][T13728] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 340.224285][T13711] XFS (loop3): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 340.233819][T13728] ext4 filesystem being mounted at /541/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 340.328865][ T5223] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 340.339641][T13711] XFS (loop3): Ending clean mount [ 340.347768][T13711] XFS (loop3): Quotacheck needed: Please wait. [ 340.493354][T13711] XFS (loop3): Quotacheck: Done. [ 340.559885][T13749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3200'. [ 340.577445][T13749] openvswitch: netlink: Actions may not be safe on all matching packets [ 340.592350][ T5227] XFS (loop3): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 340.637927][ T5289] input: HID 0458:5013 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5013.005C/input/input41 [ 340.848218][ T5289] input: HID 0458:5013 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5013.005C/input/input42 [ 340.870950][ T5289] kye 0003:0458:5013.005C: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0458:5013] on usb-dummy_hcd.1-1/input0 [ 340.892190][ T5289] usb 2-1: USB disconnect, device number 24 [ 341.596201][T13791] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3220'. [ 341.742836][ T5289] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 341.835270][T13779] loop3: detected capacity change from 0 to 32768 [ 341.852064][T13779] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3213 (13779) [ 341.906005][T13779] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 341.926620][ T5289] usb 3-1: Using ep0 maxpacket: 16 [ 341.932843][T13779] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm [ 341.943153][ T5289] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 341.951565][T13779] BTRFS info (device loop3): using free-space-tree [ 341.960751][ T5289] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 341.991309][ T5289] usb 3-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00 [ 342.017916][ T5289] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.039257][T13813] loop4: detected capacity change from 0 to 256 [ 342.049252][ T5289] usb 3-1: config 0 descriptor?? [ 342.100667][T13813] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xe95cf635, utbl_chksum : 0xe619d30d) [ 342.130944][T13779] BTRFS info (device loop3): rebuilding free space tree [ 342.269566][T13829] tmpfs: Bad value for 'mpol' [ 342.334726][ T5227] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 342.396850][T13833] loop1: detected capacity change from 0 to 256 [ 342.420562][T13833] exfat: Deprecated parameter 'utf8' [ 342.482201][T13833] exfat: Deprecated parameter 'utf8' [ 342.514645][T13833] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 342.593692][ T5289] smartjoyplus 0003:6666:8804.005D: hidraw0: USB HID v0.00 Device [HID 6666:8804] on usb-dummy_hcd.2-1/input0 [ 342.605704][ T5289] smartjoyplus 0003:6666:8804.005D: no output reports found [ 342.721668][ T9] usb 3-1: USB disconnect, device number 32 [ 342.928801][T13841] loop4: detected capacity change from 0 to 32768 [ 342.942870][T13841] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.3237 (13841) [ 342.978899][T13841] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 343.003236][T13841] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 343.011891][T13841] BTRFS info (device loop4): using free-space-tree [ 343.222023][T13841] BTRFS info (device loop4): rebuilding free space tree [ 343.242914][ T5289] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 343.272481][T13877] loop5: detected capacity change from 0 to 512 [ 343.280562][T13877] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 343.314646][T13877] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 343.352509][ T5230] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 343.378900][ T7459] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 343.388392][T13877] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 343.391127][T13882] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3248'. [ 343.409358][T13882] openvswitch: netlink: VXLAN extension message has 13 unknown bytes. [ 343.439776][ T5289] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 343.463917][ T5289] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 343.478187][ T5289] usb 2-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 343.513012][ T5289] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.538968][ T5230] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 343.560002][ T5289] usb 2-1: config 0 descriptor?? [ 343.577243][ T5230] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 343.588545][ T5230] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 343.610239][ T5230] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.624329][T12709] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 343.634303][ T5230] usb 4-1: config 0 descriptor?? [ 343.641905][ T5230] hub 4-1:0.0: USB hub found [ 343.846948][ T5230] hub 4-1:0.0: 1 port detected [ 344.049871][ T5289] sony 0003:054C:0268.005E: hiddev0,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.1-1/input0 [ 344.102992][ T5289] sony 0003:054C:0268.005E: failed to claim input [ 344.170105][T13901] loop5: detected capacity change from 0 to 512 [ 344.185611][T13901] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found [ 344.202655][T13901] UDF-fs: Scanning with blocksize 512 failed [ 344.210985][T13901] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found [ 344.237861][T13901] UDF-fs: Scanning with blocksize 1024 failed [ 344.260330][ T25] usb 2-1: USB disconnect, device number 25 [ 344.273348][T13901] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found [ 344.284358][ T5230] usb 4-1: USB disconnect, device number 21 [ 344.303530][T13901] UDF-fs: Scanning with blocksize 2048 failed [ 344.320093][T13901] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 344.346176][T13901] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 344.918679][T13932] netlink: 'syz.2.3273': attribute type 1 has an invalid length. [ 344.926648][T13932] netlink: 130160 bytes leftover after parsing attributes in process `syz.2.3273'. [ 345.047823][T13939] loop3: detected capacity change from 0 to 1024 [ 345.102825][T13939] hfsplus: walked past end of dir [ 345.322188][T13950] netlink: 'syz.2.3281': attribute type 1 has an invalid length. [ 345.337965][T13950] netlink: 9092 bytes leftover after parsing attributes in process `syz.2.3281'. [ 345.361030][T13950] netlink: 'syz.2.3281': attribute type 1 has an invalid length. [ 345.378110][T13950] netlink: 'syz.2.3281': attribute type 2 has an invalid length. [ 345.565458][T13953] loop5: detected capacity change from 0 to 2048 [ 345.603191][T13953] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 345.658894][T13953] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 345.875791][T13960] loop1: detected capacity change from 0 to 1024 [ 346.255917][T13978] IPVS: Error connecting to the multicast addr [ 346.423787][T13983] Zero length message leads to an empty skb [ 346.504559][T13956] loop2: detected capacity change from 0 to 32768 [ 346.511890][T13956] XFS: ikeep mount option is deprecated. [ 346.529866][T13956] XFS: noikeep mount option is deprecated. [ 346.595756][T13956] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 346.666415][T13956] XFS (loop2): Ending clean mount [ 346.680067][T13956] XFS (loop2): Quotacheck needed: Please wait. [ 346.733194][T13956] XFS (loop2): Quotacheck: Done. [ 346.834307][ T5223] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 348.163006][ T25] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 348.210154][T14036] tipc: Started in network mode [ 348.238267][T14036] tipc: Node identity ff00000000000000400000000000002d, cluster identity 4711 [ 348.295461][T14036] tipc: Enabling of bearer rejected, failed to enable media [ 348.342956][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 348.349334][T14041] loop4: detected capacity change from 0 to 512 [ 348.375270][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 348.414526][T14041] EXT4-fs (loop4): Test dummy encryption mode enabled [ 348.421349][T14041] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 348.459300][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 348.523956][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 348.633018][ T25] usb 4-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00 [ 348.675195][T14041] EXT4-fs (loop4): 1 truncate cleaned up [ 348.681971][T14041] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 348.705694][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.762370][ T25] usb 4-1: config 0 descriptor?? [ 348.839009][T14041] EXT4-fs error (device loop4): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.4.3319: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=16, rec_len=0, size=1024 fake=0 [ 348.859010][ C1] vkms_vblank_simulate: vblank timer overrun [ 349.102372][T14041] EXT4-fs (loop4): Remounting filesystem read-only [ 349.240979][ T25] ortek 0003:1223:3F07.005F: report_id 0 is invalid [ 349.294323][ T25] ortek 0003:1223:3F07.005F: item 0 1 1 8 parsing failed [ 349.354379][ T25] ortek 0003:1223:3F07.005F: probe with driver ortek failed with error -22 [ 349.426920][ T7459] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 349.501502][ T25] usb 4-1: USB disconnect, device number 22 [ 349.596560][T14022] loop2: detected capacity change from 0 to 32768 [ 349.666109][T14022] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 349.767983][T14060] loop1: detected capacity change from 0 to 2048 [ 349.828265][T14060] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 349.920557][T14022] XFS (loop2): Ending clean mount [ 349.957504][T14022] XFS (loop2): Quotacheck needed: Please wait. [ 350.136253][T14022] XFS (loop2): Quotacheck: Done. [ 350.380449][T14071] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3329'. [ 350.502502][ T5223] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 350.822261][ T5288] hid-generic 0000:0000:0000.0060: unknown main item tag 0x0 [ 350.929377][ T5288] hid-generic 0000:0000:0000.0060: unknown main item tag 0x0 [ 351.019037][ T5288] hid-generic 0000:0000:0000.0060: hidraw0: HID v0.00 Device [syz0] on syz1 [ 351.169651][T14085] loop5: detected capacity change from 0 to 1024 [ 351.239820][T14085] hfsplus: unable to parse mount options [ 352.825199][T14114] loop1: detected capacity change from 0 to 64 [ 352.952901][ T29] audit: type=1800 audit(1728845650.789:109): pid=14114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3348" name="file1" dev="loop1" ino=18 res=0 errno=0 [ 353.029149][T14116] loop2: detected capacity change from 0 to 256 [ 353.124076][T14116] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 353.485512][T14085] loop5: detected capacity change from 0 to 32768 [ 353.529967][T14085] tmpfs: Unknown parameter 'wsync' [ 353.872711][ C0] sched: DL replenish lagged too much [ 353.984596][T14131] loop1: detected capacity change from 0 to 8 [ 354.165115][T14133] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3356'. [ 354.301997][T14131] SQUASHFS error: xz decompression failed, data probably corrupt [ 354.396853][T14131] SQUASHFS error: Failed to read block 0xa8: -5 [ 354.516811][T14131] SQUASHFS error: xz decompression failed, data probably corrupt [ 354.592925][T14131] SQUASHFS error: Failed to read block 0xa8: -5 [ 354.645433][ T29] audit: type=1800 audit(1728845652.489:110): pid=14131 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3355" name="file0" dev="loop1" ino=3 res=0 errno=0 [ 355.865867][T14158] loop2: detected capacity change from 0 to 512 [ 355.909035][T14158] EXT4-fs: Ignoring removed orlov option [ 355.957116][T14158] EXT4-fs error (device loop2): ext4_orphan_get:1388: inode #15: comm syz.2.3368: casefold flag without casefold feature [ 356.008852][T14158] EXT4-fs (loop2): Remounting filesystem read-only [ 356.050468][T14158] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 356.244468][ T5223] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 356.343384][T14168] loop1: detected capacity change from 0 to 64 [ 356.449298][T14171] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3374'. [ 357.152433][T14184] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 358.159914][T14203] loop5: detected capacity change from 0 to 512 [ 358.271538][T14203] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 358.332030][T14203] EXT4-fs (loop5): orphan cleanup on readonly fs [ 358.393001][T14203] EXT4-fs warning (device loop5): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 358.495162][T14210] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3390'. [ 358.523860][T14203] EXT4-fs (loop5): Cannot turn on quotas: error -22 [ 358.602861][T14203] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3388: bg 0: block 40: padding at end of block bitmap is not set [ 358.763822][T14203] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 358.834121][T14203] EXT4-fs (loop5): 1 truncate cleaned up [ 358.840809][T14203] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 359.044815][T14217] netlink: 'syz.4.3392': attribute type 1 has an invalid length. [ 359.052606][T14217] netlink: 9344 bytes leftover after parsing attributes in process `syz.4.3392'. [ 359.175912][T14217] netlink: 'syz.4.3392': attribute type 1 has an invalid length. [ 359.227137][T12709] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 359.650240][T14230] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 359.705360][T14228] loop4: detected capacity change from 0 to 16 [ 360.224921][T14240] loop4: detected capacity change from 0 to 16 [ 360.297989][T14240] erofs: (device loop4): mounted with root inode @ nid 36. [ 360.439281][T14240] erofs: (device loop4): erofs_readdir: invalid de[0].nameoff 0 @ nid 36 [ 362.292851][ T5288] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 362.364606][ T29] audit: type=1326 audit(1728845660.199:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.4.3426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9046b7dff9 code=0x7ffc0000 [ 362.494102][ T5288] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 362.524633][ T29] audit: type=1326 audit(1728845660.199:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.4.3426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9046b7dff9 code=0x7ffc0000 [ 362.547070][ C1] vkms_vblank_simulate: vblank timer overrun [ 362.567160][ T5288] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.634135][ T5288] usb 2-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 362.694020][ T5288] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.753018][ T29] audit: type=1326 audit(1728845660.249:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.4.3426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f9046b7dff9 code=0x7ffc0000 [ 362.775423][ C1] vkms_vblank_simulate: vblank timer overrun [ 362.812271][ T5288] usb 2-1: config 0 descriptor?? [ 363.293462][ T5288] logitech 0003:046D:C294.0061: hidraw0: USB HID v0.00 Device [HID 046d:c294] on usb-dummy_hcd.1-1/input0 [ 363.366404][ T5288] logitech 0003:046D:C294.0061: no inputs found [ 363.489396][ T5288] usb 2-1: USB disconnect, device number 26 [ 363.958876][T14304] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3436'. [ 364.039123][T14304] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3436'. [ 364.194940][T14310] netlink: 'syz.4.3439': attribute type 1 has an invalid length. [ 364.255946][T14310] netlink: 9388 bytes leftover after parsing attributes in process `syz.4.3439'. [ 364.350911][T14199] warn_alloc: 3 callbacks suppressed [ 364.350933][T14199] syz.3.3385: vmalloc error: size 3485696, failed to allocated page array size 6808, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null) [ 364.371292][T14312] loop1: detected capacity change from 0 to 256 [ 364.433704][T14199] ,cpuset=/,mems_allowed=0-1 [ 364.438485][T14199] CPU: 1 UID: 0 PID: 14199 Comm: syz.3.3385 Not tainted 6.12.0-rc2-syzkaller-00320-gba01565ced22 #0 [ 364.449363][T14199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 364.459439][T14199] Call Trace: [ 364.462735][T14199] [ 364.465681][T14199] dump_stack_lvl+0x241/0x360 [ 364.470394][T14199] ? __pfx_dump_stack_lvl+0x10/0x10 [ 364.475621][T14199] ? __pfx__printk+0x10/0x10 [ 364.480259][T14199] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 364.486707][T14199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 364.492371][T14199] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 364.498908][T14199] warn_alloc+0x278/0x410 [ 364.503274][T14199] ? __pfx_warn_alloc+0x10/0x10 [ 364.508163][T14199] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 364.514347][T14199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 364.520008][T14199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 364.525670][T14199] ? __get_vm_area_node+0x23d/0x270 [ 364.530917][T14199] __vmalloc_node_range_noprof+0x691/0x13f0 [ 364.536866][T14199] ? __kmalloc_cache_node_noprof+0x1d3/0x300 [ 364.542888][T14199] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 364.549242][T14199] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 364.555443][T14199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 364.561109][T14199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 364.566769][T14199] ? __get_vm_area_node+0x23d/0x270 [ 364.572015][T14199] __vmalloc_node_range_noprof+0x59c/0x13f0 [ 364.577935][T14199] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 364.584207][T14199] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 364.589984][T14199] ? rcu_is_watching+0x15/0xb0 [ 364.594780][T14199] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 364.601138][T14199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 364.606797][T14199] ? rcu_is_watching+0x15/0xb0 [ 364.611590][T14199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 364.617249][T14199] ? __kmalloc_node_noprof+0x247/0x440 [ 364.622748][T14199] ? __kvmalloc_node_noprof+0x72/0x190 [ 364.628246][T14199] __kvmalloc_node_noprof+0x142/0x190 [ 364.633653][T14199] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 364.640014][T14199] __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 364.646025][T14199] ? tpg_update_mv_step+0x361/0x4f0 [ 364.651266][T14199] vivid_update_format_cap+0x133c/0x2090 [ 364.661170][T14199] ? __pfx_vivid_update_format_cap+0x10/0x10 [ 364.667204][T14199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 364.672911][T14199] vivid_vid_cap_s_dv_timings+0x535/0x1230 [ 364.678775][T14199] __video_do_ioctl+0xc25/0xdd0 [ 364.683683][T14199] ? __pfx___video_do_ioctl+0x10/0x10 [ 364.689105][T14199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 364.694810][T14199] ? __might_fault+0xc6/0x120 [ 364.699523][T14199] video_usercopy+0x89d/0x1180 [ 364.704346][T14199] ? __pfx___video_do_ioctl+0x10/0x10 [ 364.709798][T14199] ? __pfx_video_usercopy+0x10/0x10 [ 364.715089][T14199] ? __fget_files+0x29/0x470 [ 364.719720][T14199] ? __fget_files+0x3f3/0x470 [ 364.724434][T14199] v4l2_ioctl+0x18b/0x1e0 [ 364.728806][T14199] ? __pfx_v4l2_ioctl+0x10/0x10 [ 364.733721][T14199] __se_sys_ioctl+0xfb/0x170 [ 364.738463][T14199] do_syscall_64+0xf3/0x230 [ 364.743015][T14199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.748962][T14199] RIP: 0033:0x7f5606f7dff9 [ 364.753401][T14199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.773036][T14199] RSP: 002b:00007f56069ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 364.781494][T14199] RAX: ffffffffffffffda RBX: 00007f5607135f80 RCX: 00007f5606f7dff9 [ 364.789487][T14199] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000003 [ 364.797484][T14199] RBP: 00007f5606ff0296 R08: 0000000000000000 R09: 0000000000000000 [ 364.805566][T14199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 364.813559][T14199] R13: 0000000000000000 R14: 00007f5607135f80 R15: 00007ffedca8e608 [ 364.821572][T14199] [ 364.965432][T14312] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 365.305433][ T5288] kernel write not supported for file /snd/seq (pid: 5288 comm: kworker/1:4) [ 365.506859][T14199] Mem-Info: [ 365.519037][T14199] active_anon:4108 inactive_anon:1 isolated_anon:0 [ 365.519037][T14199] active_file:1761 inactive_file:38736 isolated_file:0 [ 365.519037][T14199] unevictable:768 dirty:437 writeback:0 [ 365.519037][T14199] slab_reclaimable:9451 slab_unreclaimable:103961 [ 365.519037][T14199] mapped:24851 shmem:1269 pagetables:823 [ 365.519037][T14199] sec_pagetables:0 bounce:0 [ 365.519037][T14199] kernel_misc_reclaimable:0 [ 365.519037][T14199] free:1290359 free_pcp:840 free_cma:0 [ 365.658795][T14199] Node 0 active_anon:15932kB inactive_anon:4kB active_file:7044kB inactive_file:154868kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:99404kB dirty:1748kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10560kB pagetables:3292kB sec_pagetables:0kB all_unreclaimable? no [ 365.721284][T14331] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3449'. [ 365.747018][T14199] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 365.847750][T14199] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 365.931335][T14199] lowmem_reserve[]: 0 2465 2466 0 0 [ 365.950353][T14199] Node 0 DMA32 free:1216272kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:15696kB inactive_anon:4kB active_file:7044kB inactive_file:154044kB unevictable:1536kB writepending:1748kB present:3129332kB managed:2552500kB mlocked:0kB bounce:0kB free_pcp:2432kB local_pcp:424kB free_cma:0kB [ 366.041569][T14199] lowmem_reserve[]: 0 0 0 0 0 [ 366.060785][T14199] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 366.150548][T14199] lowmem_reserve[]: 0 0 0 0 0 [ 366.165709][T14199] Node 1 Normal free:3931964kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 366.261312][T14199] lowmem_reserve[]: 0 0 0 0 0 [ 366.280524][T14199] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 366.331087][T14199] Node 0 DMA32: 1258*4kB (UME) 651*8kB (UME) 504*16kB (UME) 357*32kB (UME) 139*64kB (UME) 84*128kB (ME) 45*256kB (UME) 23*512kB (ME) 55*1024kB (UME) 14*2048kB (UME) 259*4096kB (UM) = 1218528kB [ 366.383964][T14199] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 366.426997][T14199] Node 1 Normal: 149*4kB (UM) 39*8kB (UME) 33*16kB (UME) 157*32kB (UME) 96*64kB (UME) 32*128kB (UE) 10*256kB (UM) 10*512kB (UME) 2*1024kB (UM) 3*2048kB (U) 952*4096kB (M) = 3931964kB [ 366.480869][T14199] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 366.522654][T14199] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 366.543627][T14199] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 366.572235][T14199] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 366.592422][T14199] 41629 total pagecache pages [ 366.597440][T14199] 1 pages in swap cache [ 366.601746][T14199] Free swap = 124584kB [ 366.616429][T14199] Total swap = 124996kB [ 366.620786][T14199] 2097051 pages RAM [ 366.628519][T14199] 0 pages HighMem/MovableOnly [ 366.638094][T14199] 427076 pages reserved [ 366.642271][T14199] 0 pages cma reserved [ 366.907057][T14346] Bluetooth: MGMT ver 1.23 [ 368.983815][ T5242] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 369.003831][ T5242] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 369.012282][ T5242] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 369.022890][ T5242] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 369.030608][ T5242] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 369.039131][ T5242] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 371.133006][ T5242] Bluetooth: hci6: command tx timeout [ 373.212922][ T5242] Bluetooth: hci6: command tx timeout [ 374.387881][ T5236] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 374.398510][ T5236] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 374.407130][ T5236] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 374.423028][ T5236] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 374.434558][ T5236] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 374.441977][ T5236] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 374.902239][ T5242] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 374.920966][ T5242] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 374.930673][ T5242] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 374.943861][ T5242] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 374.956376][ T5242] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 374.972940][ T5242] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 375.292916][ T5242] Bluetooth: hci6: command tx timeout [ 375.397807][ T5236] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 375.413306][ T5236] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 375.424171][ T5236] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 375.432094][ T5236] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 375.453347][ T5236] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 375.464680][ T5236] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 375.925316][ T5236] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 375.937353][ T5236] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 375.948728][ T5236] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 375.956830][ T5236] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 375.965835][ T5236] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 375.973201][ T5236] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 376.492890][ T5236] Bluetooth: hci4: command tx timeout [ 377.053690][ T5236] Bluetooth: hci7: command tx timeout [ 377.373009][ T5236] Bluetooth: hci6: command tx timeout [ 377.542950][ T5236] Bluetooth: hci8: command tx timeout [ 377.883128][ T5242] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 377.902532][ T5242] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 377.915084][ T5242] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 377.930129][ T5242] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 377.939898][ T5242] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 377.949449][ T5242] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 378.013708][ T5242] Bluetooth: hci9: command tx timeout [ 378.106939][ T1263] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.114780][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.580450][ T5242] Bluetooth: hci4: command tx timeout [ 379.132852][ T5242] Bluetooth: hci7: command tx timeout [ 379.613623][ T5242] Bluetooth: hci8: command tx timeout [ 380.013350][ T5242] Bluetooth: hci10: command tx timeout [ 380.092975][ T5242] Bluetooth: hci9: command tx timeout [ 380.656177][ T5242] Bluetooth: hci4: command tx timeout [ 381.212916][ T5242] Bluetooth: hci7: command tx timeout [ 381.696172][ T5242] Bluetooth: hci8: command tx timeout [ 382.092969][ T5242] Bluetooth: hci10: command tx timeout [ 382.173839][ T5242] Bluetooth: hci9: command tx timeout [ 382.732897][ T5242] Bluetooth: hci4: command tx timeout [ 383.309553][ T5242] Bluetooth: hci7: command tx timeout [ 383.772996][ T5242] Bluetooth: hci8: command tx timeout [ 384.172903][ T5242] Bluetooth: hci10: command tx timeout [ 384.252918][ T5242] Bluetooth: hci9: command tx timeout [ 386.252867][ T5242] Bluetooth: hci10: command tx timeout [ 430.602580][ T5236] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 430.620778][ T5236] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 430.630919][ T5236] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 430.639421][ T5236] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 430.647561][ T5236] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 430.663388][ T5236] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 432.741265][ T5236] Bluetooth: hci11: command tx timeout [ 434.821360][ T5236] Bluetooth: hci11: command tx timeout [ 435.065179][ T5242] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 435.092989][ T5242] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 435.102551][ T5242] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 435.111345][ T5242] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 435.120578][ T5242] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 435.128338][ T5242] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 435.494764][ T5236] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 435.511571][ T5236] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 435.519643][ T5236] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 435.528921][ T5236] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 435.543460][ T5236] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 435.550822][ T5236] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 435.973595][ T5242] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 435.991613][ T5242] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 435.999738][ T5242] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 436.008172][ T5242] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 436.016201][ T5242] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 436.023676][ T5242] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 436.409733][ T5236] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 436.421879][ T5236] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 436.430911][ T5236] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 436.439347][ T5236] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 436.449859][ T5236] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 436.457413][ T5236] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 436.893038][ T5236] Bluetooth: hci11: command tx timeout [ 437.212911][ T5236] Bluetooth: hci12: command tx timeout [ 437.613070][ T5236] Bluetooth: hci13: command tx timeout [ 437.925940][ T5242] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 437.944205][ T5242] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 437.952393][ T5242] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 437.960901][ T5242] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 437.970770][ T5242] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 437.978539][ T5242] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 438.092925][ T5236] Bluetooth: hci14: command tx timeout [ 438.493759][ T5236] Bluetooth: hci15: command tx timeout [ 438.973118][ T5236] Bluetooth: hci11: command tx timeout [ 439.292904][ T5236] Bluetooth: hci12: command tx timeout [ 439.537212][ T1263] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.543761][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.693002][ T5236] Bluetooth: hci13: command tx timeout [ 440.021042][ T5236] Bluetooth: hci16: command tx timeout [ 440.172900][ T5236] Bluetooth: hci14: command tx timeout [ 440.572751][ T5236] Bluetooth: hci15: command tx timeout [ 441.372881][ T5236] Bluetooth: hci12: command tx timeout [ 441.773045][ T5236] Bluetooth: hci13: command tx timeout [ 442.092930][ T5242] Bluetooth: hci16: command tx timeout [ 442.252822][ T5236] Bluetooth: hci14: command tx timeout [ 442.652857][ T5236] Bluetooth: hci15: command tx timeout [ 443.452811][ T5236] Bluetooth: hci12: command tx timeout [ 443.853119][ T5236] Bluetooth: hci13: command tx timeout [ 444.172955][ T5236] Bluetooth: hci16: command tx timeout [ 444.334111][ T5236] Bluetooth: hci14: command tx timeout [ 444.743004][ T5236] Bluetooth: hci15: command tx timeout [ 446.252769][ T5236] Bluetooth: hci16: command tx timeout [ 451.858368][ T5242] Bluetooth: hci0: command 0x0405 tx timeout [ 489.574457][ T5242] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 489.584829][ T5242] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 489.596256][ T5242] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 489.604683][ T5242] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 489.613114][ T5242] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 489.620499][ T5242] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 491.693126][ T5242] Bluetooth: hci17: command tx timeout [ 492.819600][ T5242] Bluetooth: hci6: command 0x0406 tx timeout [ 493.773050][ T5236] Bluetooth: hci17: command tx timeout [ 495.874943][ T5236] Bluetooth: hci17: command tx timeout [ 496.093158][T14402] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 496.102984][T14402] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 496.111298][T14402] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 496.119423][T14402] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 496.127452][T14402] Bluetooth: hci18: unexpected cc 0x0c25 length: 249 > 3 [ 496.136706][T14402] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 496.181629][T14399] Bluetooth: hci19: unexpected cc 0x0c03 length: 249 > 1 [ 496.191268][T14399] Bluetooth: hci19: unexpected cc 0x1003 length: 249 > 9 [ 496.202682][T14399] Bluetooth: hci19: unexpected cc 0x1001 length: 249 > 9 [ 496.213939][T14399] Bluetooth: hci19: unexpected cc 0x0c23 length: 249 > 4 [ 496.228827][T14399] Bluetooth: hci19: unexpected cc 0x0c25 length: 249 > 3 [ 496.238579][T14399] Bluetooth: hci19: unexpected cc 0x0c38 length: 249 > 2 [ 497.141572][T14402] Bluetooth: hci20: unexpected cc 0x0c03 length: 249 > 1 [ 497.158553][T14402] Bluetooth: hci20: unexpected cc 0x1003 length: 249 > 9 [ 497.171180][T14402] Bluetooth: hci20: unexpected cc 0x1001 length: 249 > 9 [ 497.179973][T14402] Bluetooth: hci20: unexpected cc 0x0c23 length: 249 > 4 [ 497.188107][T14402] Bluetooth: hci20: unexpected cc 0x0c25 length: 249 > 3 [ 497.195922][T14402] Bluetooth: hci20: unexpected cc 0x0c38 length: 249 > 2 [ 497.266959][T14402] Bluetooth: hci21: unexpected cc 0x0c03 length: 249 > 1 [ 497.277640][T14402] Bluetooth: hci21: unexpected cc 0x1003 length: 249 > 9 [ 497.287254][T14402] Bluetooth: hci21: unexpected cc 0x1001 length: 249 > 9 [ 497.296213][T14402] Bluetooth: hci21: unexpected cc 0x0c23 length: 249 > 4 [ 497.312861][T14402] Bluetooth: hci21: unexpected cc 0x0c25 length: 249 > 3 [ 497.320947][T14402] Bluetooth: hci21: unexpected cc 0x0c38 length: 249 > 2 [ 497.937897][T14399] Bluetooth: hci4: command 0x0406 tx timeout [ 497.944247][T14402] Bluetooth: hci7: command 0x0406 tx timeout [ 497.950283][T14402] Bluetooth: hci8: command 0x0406 tx timeout [ 497.956931][T14399] Bluetooth: hci17: command tx timeout [ 498.045412][T14397] Bluetooth: hci22: unexpected cc 0x0c03 length: 249 > 1 [ 498.060960][T14397] Bluetooth: hci22: unexpected cc 0x1003 length: 249 > 9 [ 498.069587][T14397] Bluetooth: hci22: unexpected cc 0x1001 length: 249 > 9 [ 498.080911][T14397] Bluetooth: hci22: unexpected cc 0x0c23 length: 249 > 4 [ 498.089204][T14397] Bluetooth: hci22: unexpected cc 0x0c25 length: 249 > 3 [ 498.101956][T14397] Bluetooth: hci22: unexpected cc 0x0c38 length: 249 > 2 [ 498.172824][T14402] Bluetooth: hci18: command tx timeout [ 498.332901][T14402] Bluetooth: hci19: command tx timeout [ 499.301193][T14402] Bluetooth: hci20: command tx timeout [ 499.373077][T14402] Bluetooth: hci21: command tx timeout [ 500.173034][T14402] Bluetooth: hci22: command tx timeout [ 500.252924][T14402] Bluetooth: hci18: command tx timeout [ 500.412789][T14402] Bluetooth: hci19: command tx timeout [ 501.003053][ T1263] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.009405][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.373051][T14402] Bluetooth: hci20: command tx timeout [ 501.459507][T14402] Bluetooth: hci21: command tx timeout [ 502.253058][ T5236] Bluetooth: hci22: command tx timeout [ 502.332951][T14402] Bluetooth: hci18: command tx timeout [ 502.492735][T14402] Bluetooth: hci19: command tx timeout [ 503.072702][T14402] Bluetooth: hci9: command 0x0406 tx timeout [ 503.078865][T14402] Bluetooth: hci10: command 0x0406 tx timeout [ 503.461101][ T5242] Bluetooth: hci20: command tx timeout [ 503.532864][ T5242] Bluetooth: hci21: command tx timeout [ 504.332982][T14397] Bluetooth: hci22: command tx timeout [ 504.412872][T14397] Bluetooth: hci18: command tx timeout [ 504.572737][T14397] Bluetooth: hci19: command tx timeout [ 505.533002][T14397] Bluetooth: hci20: command tx timeout [ 505.616318][T14397] Bluetooth: hci21: command tx timeout [ 506.423144][T14397] Bluetooth: hci22: command tx timeout [ 511.212935][ T30] INFO: task syz.2.3437:14305 blocked for more than 143 seconds. [ 511.220890][ T30] Not tainted 6.12.0-rc2-syzkaller-00320-gba01565ced22 #0 [ 511.252810][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 511.261603][ T30] task:syz.2.3437 state:D stack:23808 pid:14305 tgid:14305 ppid:5223 flags:0x00004004 [ 511.359600][ T30] Call Trace: [ 511.363196][ T30] [ 511.366171][ T30] __schedule+0x1895/0x4b30 [ 511.370741][ T30] ? __pfx___schedule+0x10/0x10 [ 511.492727][ T30] ? __pfx_lock_release+0x10/0x10 [ 511.497862][ T30] ? schedule+0x90/0x320 [ 511.502163][ T30] schedule+0x14b/0x320 [ 511.592148][ T30] schedule_timeout+0xb0/0x310 [ 511.604895][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 511.611059][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 511.658936][ T30] ? wait_for_completion+0x2fe/0x620 [ 511.675529][ T30] ? wait_for_completion+0x2fe/0x620 [ 511.680863][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 511.692768][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 511.698435][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 511.715486][ T30] ? wait_for_completion+0x2fe/0x620 [ 511.720820][ T30] wait_for_completion+0x355/0x620 [ 511.729713][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 511.740038][ T30] ? __pfx_wait_for_completion+0x10/0x10 [ 511.749497][ T30] ? __flush_work+0xe7/0xc50 [ 511.758346][ T30] __flush_work+0xa37/0xc50 [ 511.767869][ T30] ? __flush_work+0xe7/0xc50 [ 511.772494][ T30] ? __pfx___flush_work+0x10/0x10 [ 511.792936][ T30] ? __pfx_wq_barrier_func+0x10/0x10 [ 511.798283][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 511.813158][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 511.818321][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 511.831584][ T30] unregister_netdevice_many_notify+0x87b/0x1da0 [ 511.841648][ T30] ? __mutex_trylock_common+0x183/0x2e0 [ 511.853017][ T30] ? __pfx___might_resched+0x10/0x10 [ 511.858350][ T30] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 511.875233][ T30] ? __pfx___mutex_trylock_common+0x10/0x10 [ 511.881187][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 511.892758][ T30] ? rcu_is_watching+0x15/0xb0 [ 511.897559][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 511.910598][ T30] ? trace_contention_end+0x3c/0x120 [ 511.917591][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 511.931216][ T30] ? __mutex_lock+0x2ef/0xd70 [ 511.936346][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 511.942023][ T30] ? __asan_memset+0x23/0x50 [ 511.962708][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 511.968398][ T30] unregister_netdevice_queue+0x303/0x370 [ 511.981510][ T30] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 511.989569][ T30] ppp_release+0xed/0x1f0 [ 512.000809][ T30] ? __pfx_ppp_release+0x10/0x10 [ 512.006127][ T30] __fput+0x241/0x880 [ 512.010171][ T30] task_work_run+0x251/0x310 [ 512.022807][ T30] ? __pfx_task_work_run+0x10/0x10 [ 512.027969][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 512.041421][ T30] syscall_exit_to_user_mode+0x168/0x370 [ 512.047434][ T30] do_syscall_64+0x100/0x230 [ 512.052059][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.062762][ T30] RIP: 0033:0x7fc49617dff9 [ 512.067206][ T30] RSP: 002b:00007ffcec5901a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 512.082470][ T30] RAX: 0000000000000000 RBX: 0000000000058e16 RCX: 00007fc49617dff9 [ 512.091283][ T30] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 512.109104][ T30] RBP: 00007fc496337a80 R08: 0000000000000001 R09: 00007ffcec59049f [ 512.118340][ T30] R10: 00007fc496000000 R11: 0000000000000246 R12: 0000000000058ed0 [ 512.132702][ T30] R13: 00007ffcec5902b0 R14: 0000000000000032 R15: ffffffffffffffff [ 512.140722][ T30] [ 512.151677][ T30] INFO: task syz.5.3441:14316 blocked for more than 144 seconds. [ 512.159698][ T30] Not tainted 6.12.0-rc2-syzkaller-00320-gba01565ced22 #0 [ 512.182918][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 512.191606][ T30] task:syz.5.3441 state:D stack:25984 pid:14316 tgid:14313 ppid:12709 flags:0x00000004 [ 512.210348][ T30] Call Trace: [ 512.214000][ T30] [ 512.216966][ T30] __schedule+0x1895/0x4b30 [ 512.225237][ T30] ? __pfx___schedule+0x10/0x10 [ 512.230149][ T30] ? __pfx_lock_release+0x10/0x10 [ 512.242334][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 512.249268][ T30] ? schedule+0x90/0x320 [ 512.262872][ T30] schedule+0x14b/0x320 [ 512.267084][ T30] schedule_preempt_disabled+0x13/0x30 [ 512.272581][ T30] __mutex_lock+0x6a7/0xd70 [ 512.286181][ T30] ? __mutex_lock+0x52a/0xd70 [ 512.290896][ T30] ? tipc_nl_compat_doit+0x21e/0x610 [ 512.302652][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 512.307720][ T30] ? __pfx___alloc_skb+0x10/0x10 [ 512.320486][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 512.327763][ T30] ? tipc_nl_compat_doit+0x160/0x610 [ 512.341482][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 512.348769][ T30] ? __kmalloc_noprof+0x21a/0x400 [ 512.360764][ T30] tipc_nl_compat_doit+0x21e/0x610 [ 512.366236][ T30] ? __pfx_aa_get_newest_label+0x10/0x10 [ 512.371910][ T30] ? __pfx_tipc_nl_compat_doit+0x10/0x10 [ 512.382660][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 512.388330][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 512.402329][ T30] ? security_capable+0x7e/0x2d0 [ 512.407602][ T30] tipc_nl_compat_recv+0xe25/0x14c0 [ 512.419970][ T30] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 512.427833][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 512.440698][ T30] ? genl_rcv_msg+0x121/0xec0 [ 512.446652][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 512.462757][ T30] ? __pfx_tipc_nl_node_reset_link_stats+0x10/0x10 [ 512.469300][ T30] ? __pfx_tipc_nl_compat_link_reset_stats+0x10/0x10 [ 512.482119][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 512.487474][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 512.500827][ T30] ? genl_get_cmd+0x71c/0xbe0 [ 512.508709][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 512.521663][ T30] genl_rcv_msg+0xb16/0xec0 [ 512.526537][ T30] ? mark_lock+0x9a/0x360 [ 512.532233][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 512.547626][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 512.556320][ T30] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 512.562012][ T30] ? __pfx___might_resched+0x10/0x10 [ 512.574380][ T30] netlink_rcv_skb+0x1e5/0x430 [ 512.579200][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 512.591466][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 512.597081][ T30] ? __netlink_deliver_tap+0x77e/0x7c0 [ 512.602588][ T30] genl_rcv+0x28/0x40 [ 512.613872][ T30] netlink_unicast+0x7f8/0x990 [ 512.618696][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 512.631339][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 512.639970][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 512.658802][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 512.666146][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 512.671820][ T30] ? __check_object_size+0x48e/0x900 [ 512.684209][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 512.689024][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 512.700439][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 512.706501][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 512.711478][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 512.722653][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 512.727971][ T30] __sock_sendmsg+0x223/0x270 [ 512.744456][ T30] ____sys_sendmsg+0x52a/0x7e0 [ 512.749283][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 512.762659][ T30] __sys_sendmsg+0x292/0x380 [ 512.767294][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 512.772434][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 512.782776][ T30] ? call_rcu+0x731/0xa70 [ 512.787180][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 512.801020][ T30] ? do_syscall_64+0x100/0x230 [ 512.806296][ T30] ? do_syscall_64+0xb6/0x230 [ 512.811016][ T30] do_syscall_64+0xf3/0x230 [ 512.831662][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.839294][ T30] RIP: 0033:0x7fd36ad7dff9 [ 512.852506][ T30] RSP: 002b:00007fd36bc30038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 512.862516][ T30] RAX: ffffffffffffffda RBX: 00007fd36af35f80 RCX: 00007fd36ad7dff9 [ 512.878257][ T30] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 512.887891][ T30] RBP: 00007fd36adf0296 R08: 0000000000000000 R09: 0000000000000000 [ 512.901660][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 512.912806][ T30] R13: 0000000000000000 R14: 00007fd36af35f80 R15: 00007ffe516d6d28 [ 512.920829][ T30] [ 512.929935][ T30] INFO: task syz.4.3444:14320 blocked for more than 145 seconds. [ 512.940420][ T30] Not tainted 6.12.0-rc2-syzkaller-00320-gba01565ced22 #0 [ 512.952957][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 512.970437][ T30] task:syz.4.3444 state:D stack:27392 pid:14320 tgid:14317 ppid:7459 flags:0x00000004 [ 512.991403][ T30] Call Trace: [ 512.995040][ T30] [ 512.997998][ T30] __schedule+0x1895/0x4b30 [ 513.002563][ T30] ? __pfx___schedule+0x10/0x10 [ 513.014684][ T30] ? __pfx_lock_release+0x10/0x10 [ 513.019751][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 513.034209][ T30] ? schedule+0x90/0x320 [ 513.038498][ T30] schedule+0x14b/0x320 [ 513.051008][ T30] schedule_preempt_disabled+0x13/0x30 [ 513.058953][ T30] __mutex_lock+0x6a7/0xd70 [ 513.071530][ T30] ? __mutex_lock+0x52a/0xd70 [ 513.076583][ T30] ? dev_ethtool+0x21e/0x1bc0 [ 513.081300][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 513.094209][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.099967][ T30] ? __kasan_kmalloc+0x98/0xb0 [ 513.111318][ T30] ? dev_ethtool+0x145/0x1bc0 [ 513.116341][ T30] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 513.121936][ T30] dev_ethtool+0x21e/0x1bc0 [ 513.133837][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.139520][ T30] ? dev_load+0x21/0x1f0 [ 513.152700][ T30] ? __pfx_dev_ethtool+0x10/0x10 [ 513.157947][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.172899][ T30] ? kfree+0x1a0/0x440 [ 513.177015][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.189827][ T30] ? dev_load+0x21/0x1f0 [ 513.195848][ T30] dev_ioctl+0x785/0x1340 [ 513.200224][ T30] sock_do_ioctl+0x240/0x460 [ 513.212902][ T30] ? __pfx_sock_do_ioctl+0x10/0x10 [ 513.218162][ T30] sock_ioctl+0x626/0x8e0 [ 513.222536][ T30] ? __pfx_sock_ioctl+0x10/0x10 [ 513.237599][ T30] ? __fget_files+0x29/0x470 [ 513.242254][ T30] ? __fget_files+0x3f3/0x470 [ 513.249772][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.261265][ T30] ? __pfx_sock_ioctl+0x10/0x10 [ 513.268651][ T30] __se_sys_ioctl+0xfb/0x170 [ 513.280383][ T30] do_syscall_64+0xf3/0x230 [ 513.286407][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.292435][ T30] RIP: 0033:0x7f9046b7dff9 [ 513.302785][ T30] RSP: 002b:00007f90478e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 513.311451][ T30] RAX: ffffffffffffffda RBX: 00007f9046d35f80 RCX: 00007f9046b7dff9 [ 513.327099][ T30] RDX: 0000000020000900 RSI: 0000000000008946 RDI: 0000000000000004 [ 513.338893][ T30] RBP: 00007f9046bf0296 R08: 0000000000000000 R09: 0000000000000000 [ 513.353012][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 513.361019][ T30] R13: 0000000000000000 R14: 00007f9046d35f80 R15: 00007fffe52d2b78 [ 513.375729][ T30] [ 513.379766][ T30] INFO: task syz.1.3448:14330 blocked for more than 145 seconds. [ 513.392926][ T30] Not tainted 6.12.0-rc2-syzkaller-00320-gba01565ced22 #0 [ 513.400576][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 513.415643][ T30] task:syz.1.3448 state:D stack:27392 pid:14330 tgid:14328 ppid:7276 flags:0x00000004 [ 513.429619][ T30] Call Trace: [ 513.436999][ T30] [ 513.439958][ T30] __schedule+0x1895/0x4b30 [ 513.451037][ T30] ? __pfx___schedule+0x10/0x10 [ 513.459569][ T30] ? __pfx_lock_release+0x10/0x10 [ 513.468309][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 513.478341][ T30] ? schedule+0x90/0x320 [ 513.486353][ T30] schedule+0x14b/0x320 [ 513.490553][ T30] schedule_preempt_disabled+0x13/0x30 [ 513.499829][ T30] __mutex_lock+0x6a7/0xd70 [ 513.509275][ T30] ? __mutex_lock+0x52a/0xd70 [ 513.517522][ T30] ? genl_rcv_msg+0x121/0xec0 [ 513.522241][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 513.530942][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.540155][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 513.549412][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.559964][ T30] ? __local_bh_enable_ip+0x168/0x200 [ 513.569841][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.580322][ T30] ? radix_tree_lookup+0x238/0x290 [ 513.589115][ T30] genl_rcv_msg+0x121/0xec0 [ 513.598347][ T30] ? mark_lock+0x9a/0x360 [ 513.605199][ T30] ? __lock_acquire+0x1384/0x2050 [ 513.610276][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 513.620167][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.630407][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 513.640122][ T30] ? __pfx___might_resched+0x10/0x10 [ 513.647986][ T30] netlink_rcv_skb+0x1e5/0x430 [ 513.659258][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 513.666996][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 513.672345][ T30] ? __netlink_deliver_tap+0x77e/0x7c0 [ 513.682666][ T30] genl_rcv+0x28/0x40 [ 513.686684][ T30] netlink_unicast+0x7f8/0x990 [ 513.691495][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 513.706324][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.711999][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.720466][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.730856][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.739061][ T30] ? __check_object_size+0x48e/0x900 [ 513.750453][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 513.758038][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 513.769721][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.779716][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 513.791506][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.798645][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 513.811089][ T30] __sock_sendmsg+0x223/0x270 [ 513.817235][ T30] __sys_sendto+0x39b/0x4f0 [ 513.821772][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 513.832675][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 513.838341][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 513.850802][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 513.873194][ T30] ? exc_page_fault+0x590/0x8c0 [ 513.878115][ T30] __x64_sys_sendto+0xde/0x100 [ 513.893002][ T30] do_syscall_64+0xf3/0x230 [ 513.897553][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.910166][ T30] RIP: 0033:0x7f518577fe8c [ 513.914904][ T30] RSP: 002b:00007f51864c6ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 513.931895][ T30] RAX: ffffffffffffffda RBX: 00007f51864c6fc0 RCX: 00007f518577fe8c [ 513.940224][ T30] RDX: 0000000000000020 RSI: 00007f51864c7010 RDI: 0000000000000004 [ 513.952646][ T30] RBP: 0000000000000000 R08: 00007f51864c6f14 R09: 000000000000000c [ 513.960646][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 513.977503][ T30] R13: 00007f51864c6f68 R14: 00007f51864c7010 R15: 0000000000000000 [ 513.989545][ T30] [ 513.997372][ T30] INFO: task syz.0.3456:14348 blocked for more than 146 seconds. [ 514.007405][ T30] Not tainted 6.12.0-rc2-syzkaller-00320-gba01565ced22 #0 [ 514.022832][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 514.031524][ T30] task:syz.0.3456 state:D stack:27136 pid:14348 tgid:14347 ppid:5224 flags:0x00000004 [ 514.049701][ T30] Call Trace: [ 514.053273][ T30] [ 514.056234][ T30] __schedule+0x1895/0x4b30 [ 514.060801][ T30] ? __pfx___schedule+0x10/0x10 [ 514.074354][ T30] ? __pfx_lock_release+0x10/0x10 [ 514.079433][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 514.089780][ T30] ? schedule+0x90/0x320 [ 514.102649][ T30] schedule+0x14b/0x320 [ 514.106865][ T30] schedule_preempt_disabled+0x13/0x30 [ 514.112361][ T30] __mutex_lock+0x6a7/0xd70 [ 514.123968][ T30] ? __mutex_lock+0x52a/0xd70 [ 514.128687][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 514.140071][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 514.146672][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 514.151652][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 514.164513][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 514.171337][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.181952][ T30] ? ref_tracker_free+0x643/0x7e0 [ 514.190472][ T30] netlink_rcv_skb+0x1e5/0x430 [ 514.199928][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 514.209325][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 514.219414][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 514.227223][ T30] netlink_unicast+0x7f8/0x990 [ 514.232041][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 514.242163][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.250350][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.262777][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.268453][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.283375][ T30] ? __check_object_size+0x48e/0x900 [ 514.288712][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 514.301310][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 514.306978][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.320026][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 514.326388][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.332061][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 514.343187][ T30] __sock_sendmsg+0x223/0x270 [ 514.347919][ T30] ____sys_sendmsg+0x52a/0x7e0 [ 514.359716][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 514.365334][ T30] __sys_sendmsg+0x292/0x380 [ 514.369961][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 514.382790][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 514.389172][ T30] ? do_syscall_64+0x100/0x230 [ 514.402896][ T30] ? do_syscall_64+0xb6/0x230 [ 514.407702][ T30] do_syscall_64+0xf3/0x230 [ 514.412235][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.423262][ T30] RIP: 0033:0x7f65f477dff9 [ 514.427711][ T30] RSP: 002b:00007f65f5527038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 514.444556][ T30] RAX: ffffffffffffffda RBX: 00007f65f4935f80 RCX: 00007f65f477dff9 [ 514.452570][ T30] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 514.460951][ T30] RBP: 00007f65f47f0296 R08: 0000000000000000 R09: 0000000000000000 [ 514.477781][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 514.489522][ T30] R13: 0000000000000000 R14: 00007f65f4935f80 R15: 00007ffce6db90e8 [ 514.503644][ T30] [ 514.506779][ T30] [ 514.506779][ T30] Showing all locks held in the system: [ 514.521578][ T30] 1 lock held by khungtaskd/30: [ 514.526791][ T30] #0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 514.542694][ T30] 2 locks held by getty/4976: [ 514.547393][ T30] #0: ffff88814b8610a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 514.564993][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 514.582734][ T30] 3 locks held by kworker/1:3/5230: [ 514.587961][ T30] #0: ffff88801ac78948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 514.607089][ T30] #1: ffffc900048bfd00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 514.622024][ T30] #2: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 514.637910][ T30] 3 locks held by kworker/1:4/5288: [ 514.645828][ T30] #0: ffff88801ac79948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 514.663034][ T30] #1: ffffc900048afd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 514.683343][ T30] #2: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 [ 514.698881][ T30] 7 locks held by kworker/0:8/5308: [ 514.706495][ T30] 3 locks held by kworker/u8:9/7856: [ 514.711802][ T30] #0: ffff88802e5f5948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 514.730522][ T30] #1: ffffc90004f97d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 514.753928][ T30] #2: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 514.770611][ T30] 1 lock held by syz.3.3385/14199: [ 514.776018][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 514.795825][ T30] 2 locks held by syz.2.3437/14305: [ 514.801052][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: ppp_release+0x87/0x1f0 [ 514.816891][ T30] #1: ffffffff8e7d1dd0 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x5ea/0x1da0 [ 514.832773][ T30] 3 locks held by syz.5.3441/14316: [ 514.838035][ T30] #0: ffffffff8fd37ef0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 514.857383][ T30] #1: ffffffff8fd37da8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 514.874373][ T30] #2: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: tipc_nl_compat_doit+0x21e/0x610 [ 514.891270][ T30] 1 lock held by syz.4.3444/14320: [ 514.912573][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: dev_ethtool+0x21e/0x1bc0 [ 514.921694][ T30] 2 locks held by syz.1.3448/14330: [ 514.935792][ T30] #0: ffffffff8fd37ef0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 514.948096][ T30] #1: ffffffff8fd37da8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 514.962132][ T30] 1 lock held by syz.0.3456/14348: [ 514.970850][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 514.986899][ T30] 1 lock held by syz-executor/14350: [ 514.992205][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.008044][ T30] 1 lock held by syz-executor/14353: [ 515.016950][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.032302][ T30] 1 lock held by syz-executor/14356: [ 515.039033][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.053405][ T30] 1 lock held by syz-executor/14359: [ 515.058712][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.079286][ T30] 1 lock held by syz-executor/14362: [ 515.087188][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.102812][ T30] 1 lock held by syz-executor/14365: [ 515.111676][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.128786][ T30] 1 lock held by syz-executor/14368: [ 515.137507][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.152664][ T30] 1 lock held by syz-executor/14371: [ 515.158448][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.174691][ T30] 1 lock held by syz-executor/14374: [ 515.180277][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.197499][ T30] 1 lock held by syz-executor/14377: [ 515.207091][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.221585][ T30] 1 lock held by syz-executor/14380: [ 515.230705][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.244556][ T30] 1 lock held by syz-executor/14383: [ 515.249870][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.266566][ T30] 1 lock held by syz-executor/14393: [ 515.271893][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.284322][ T30] 1 lock held by syz-executor/14400: [ 515.289632][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.310503][ T30] 1 lock held by syz-executor/14401: [ 515.321074][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.334388][ T30] 1 lock held by syz-executor/14407: [ 515.339697][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.352648][ T30] 1 lock held by syz-executor/14409: [ 515.357953][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.374783][ T30] 1 lock held by syz-executor/14412: [ 515.380093][ T30] #0: ffffffff8fcd2188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 515.398320][ T30] [ 515.400671][ T30] ============================================= [ 515.400671][ T30] [ 515.417782][ T30] NMI backtrace for cpu 1 [ 515.422135][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller-00320-gba01565ced22 #0 [ 515.432655][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 515.442902][ T30] Call Trace: [ 515.446201][ T30] [ 515.449162][ T30] dump_stack_lvl+0x241/0x360 [ 515.453872][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 515.459444][ T30] ? __pfx__printk+0x10/0x10 [ 515.464092][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 515.469074][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 515.474567][ T30] ? _printk+0xd5/0x120 [ 515.478763][ T30] ? __pfx__printk+0x10/0x10 [ 515.483387][ T30] ? __wake_up_klogd+0xcc/0x110 [ 515.488272][ T30] ? __pfx__printk+0x10/0x10 [ 515.492898][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 515.498554][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 515.503615][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 515.509629][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 515.515727][ T30] watchdog+0xff4/0x1040 [ 515.520005][ T30] ? watchdog+0x1ea/0x1040 [ 515.524547][ T30] ? __pfx_watchdog+0x10/0x10 [ 515.529250][ T30] kthread+0x2f2/0x390 [ 515.533347][ T30] ? __pfx_watchdog+0x10/0x10 [ 515.538059][ T30] ? __pfx_kthread+0x10/0x10 [ 515.542849][ T30] ret_from_fork+0x4d/0x80 [ 515.547298][ T30] ? __pfx_kthread+0x10/0x10 [ 515.551909][ T30] ret_from_fork_asm+0x1a/0x30 [ 515.556719][ T30] [ 515.560557][ T30] Sending NMI from CPU 1 to CPUs 0: [ 515.566258][ C0] NMI backtrace for cpu 0 [ 515.566273][ C0] CPU: 0 UID: 0 PID: 5308 Comm: kworker/0:8 Not tainted 6.12.0-rc2-syzkaller-00320-gba01565ced22 #0 [ 515.566300][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 515.566315][ C0] Workqueue: events nsim_dev_trap_report_work [ 515.566347][ C0] RIP: 0010:kasan_check_range+0x86/0x290 [ 515.566385][ C0] Code: 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd 41 80 3b 00 <0f> 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00 00 45 89 dc [ 515.566404][ C0] RSP: 0018:ffffc90000006b60 EFLAGS: 00000246 [ 515.566424][ C0] RAX: ffffc90000007301 RBX: 1ffff92000000d9a RCX: ffffffff8141732b [ 515.566442][ C0] RDX: 0000000000000001 RSI: 0000000000000010 RDI: ffffc90000006cd0 [ 515.566458][ C0] RBP: fffffffffffffffe R08: ffffc90000006cdf R09: 1ffff92000000d9b [ 515.566476][ C0] R10: dffffc0000000000 R11: fffff52000000d9a R12: ffffc90000008000 [ 515.566494][ C0] R13: ffffc90000006c80 R14: dffffc0000000001 R15: fffff52000000d9c [ 515.566514][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 515.566534][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 515.566551][ C0] CR2: 000055556eb4a808 CR3: 000000000e734000 CR4: 0000000000350ef0 [ 515.566569][ C0] Call Trace: [ 515.566578][ C0] [ 515.566587][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 515.566617][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 515.566655][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 515.566683][ C0] ? nmi_handle+0x2a/0x5a0 [ 515.566718][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 515.566750][ C0] ? nmi_handle+0x151/0x5a0 [ 515.566774][ C0] ? nmi_handle+0x2a/0x5a0 [ 515.566800][ C0] ? kasan_check_range+0x86/0x290 [ 515.566828][ C0] ? default_do_nmi+0x63/0x160 [ 515.566858][ C0] ? exc_nmi+0x123/0x1f0 [ 515.566886][ C0] ? end_repeat_nmi+0xf/0x53 [ 515.566914][ C0] ? unwind_next_frame+0xcfb/0x22d0 [ 515.566938][ C0] ? kasan_check_range+0x86/0x290 [ 515.566967][ C0] ? kasan_check_range+0x86/0x290 [ 515.566996][ C0] ? kasan_check_range+0x86/0x290 [ 515.567025][ C0] [ 515.567033][ C0] [ 515.567043][ C0] __asan_memset+0x23/0x50 [ 515.567078][ C0] ? nft_do_chain+0x4af/0x1da0 [ 515.567113][ C0] unwind_next_frame+0xcfb/0x22d0 [ 515.567141][ C0] ? nft_synproxy_do_eval+0x362/0xa60 [ 515.567179][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 515.567210][ C0] arch_stack_walk+0x11c/0x150 [ 515.567239][ C0] ? nft_do_chain+0x4af/0x1da0 [ 515.567277][ C0] stack_trace_save+0x118/0x1d0 [ 515.567307][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 515.567337][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 515.567378][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 515.567416][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 515.567454][ C0] kasan_save_track+0x3f/0x80 [ 515.567477][ C0] ? kasan_save_track+0x3f/0x80 [ 515.567499][ C0] ? kasan_save_free_info+0x40/0x50 [ 515.567531][ C0] ? __kasan_slab_free+0x59/0x70 [ 515.567555][ C0] ? kfree+0x1a0/0x440 [ 515.567583][ C0] ? skb_release_data+0x6a0/0x8a0 [ 515.567608][ C0] ? consume_skb+0x9f/0xf0 [ 515.567628][ C0] ? nft_synproxy_eval_v4+0x3d2/0x610 [ 515.567662][ C0] ? nft_synproxy_do_eval+0x362/0xa60 [ 515.567726][ C0] kasan_save_free_info+0x40/0x50 [ 515.567759][ C0] __kasan_slab_free+0x59/0x70 [ 515.567782][ C0] ? skb_release_data+0x6a0/0x8a0 [ 515.567807][ C0] kfree+0x1a0/0x440 [ 515.567835][ C0] ? skb_release_data+0x6a0/0x8a0 [ 515.567863][ C0] skb_release_data+0x6a0/0x8a0 [ 515.567895][ C0] consume_skb+0x9f/0xf0 [ 515.567917][ C0] nft_synproxy_eval_v4+0x3d2/0x610 [ 515.567956][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 515.567993][ C0] ? nf_ip_checksum+0x13a/0x500 [ 515.568032][ C0] nft_synproxy_do_eval+0x362/0xa60 [ 515.568071][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 515.568104][ C0] ? validate_chain+0x11e/0x5920 [ 515.568129][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 515.568162][ C0] ? __pfx_validate_chain+0x10/0x10 [ 515.568191][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 515.568220][ C0] nft_do_chain+0x4af/0x1da0 [ 515.568265][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 515.568298][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 515.568335][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 515.568378][ C0] ? __pfx_nf_nat_inet_fn+0x10/0x10 [ 515.568406][ C0] nft_do_chain_inet+0x418/0x6b0 [ 515.568443][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 515.568477][ C0] ? ipt_do_table+0x312/0x1860 [ 515.568523][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 515.568557][ C0] nf_hook_slow+0xc5/0x220 [ 515.568588][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 515.568616][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 515.568644][ C0] NF_HOOK+0x29e/0x450 [ 515.568668][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 515.568696][ C0] ? NF_HOOK+0x9a/0x450 [ 515.568721][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 515.568748][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 515.568779][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 515.568804][ C0] ? ip_rcv_finish+0x406/0x560 [ 515.568832][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 515.568858][ C0] NF_HOOK+0x3a6/0x450 [ 515.568882][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 515.568907][ C0] ? __lock_acquire+0x1384/0x2050 [ 515.568943][ C0] ? NF_HOOK+0x9a/0x450 [ 515.568968][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 515.568992][ C0] ? ip_rcv_core+0x801/0xd10 [ 515.569020][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 515.569052][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 515.569078][ C0] __netif_receive_skb+0x2bf/0x650 [ 515.569110][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 515.569146][ C0] ? __pfx___netif_receive_skb+0x10/0x10 [ 515.569173][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 515.569209][ C0] ? __pfx_lock_release+0x10/0x10 [ 515.569244][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 515.569287][ C0] process_backlog+0x662/0x15b0 [ 515.569321][ C0] ? process_backlog+0x33b/0x15b0 [ 515.569358][ C0] ? __pfx_process_backlog+0x10/0x10 [ 515.569393][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 515.569430][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 515.569469][ C0] __napi_poll+0xcd/0x490 [ 515.569500][ C0] net_rx_action+0x89b/0x1240 [ 515.569544][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 515.569576][ C0] ? __pfx_tmigr_handle_remote+0x10/0x10 [ 515.569632][ C0] handle_softirqs+0x2c7/0x980 [ 515.569667][ C0] ? do_softirq+0x11b/0x1e0 [ 515.569699][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 515.569733][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 515.569761][ C0] do_softirq+0x11b/0x1e0 [ 515.569790][ C0] [ 515.569798][ C0] [ 515.569807][ C0] ? __pfx_do_softirq+0x10/0x10 [ 515.569837][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 515.569873][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 515.569900][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 515.569925][ C0] ? rcu_is_watching+0x15/0xb0 [ 515.569953][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 515.569985][ C0] ? nsim_dev_trap_report_work+0x75d/0xaa0 [ 515.570012][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 515.570044][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 515.570075][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 515.570100][ C0] ? nsim_dev_trap_report_work+0x6a7/0xaa0 [ 515.570130][ C0] nsim_dev_trap_report_work+0x75d/0xaa0 [ 515.570168][ C0] ? process_scheduled_works+0x976/0x1850 [ 515.570201][ C0] process_scheduled_works+0xa65/0x1850 [ 515.570252][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 515.570291][ C0] ? assign_work+0x364/0x3d0 [ 515.570325][ C0] worker_thread+0x870/0xd30 [ 515.570365][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 515.570392][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 515.570417][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 515.570453][ C0] ? __kthread_parkme+0x169/0x1d0 [ 515.570490][ C0] ? __pfx_worker_thread+0x10/0x10 [ 515.570523][ C0] kthread+0x2f2/0x390 [ 515.570545][ C0] ? __pfx_worker_thread+0x10/0x10 [ 515.570578][ C0] ? __pfx_kthread+0x10/0x10 [ 515.570601][ C0] ret_from_fork+0x4d/0x80 [ 515.570635][ C0] ? __pfx_kthread+0x10/0x10 [ 515.570658][ C0] ret_from_fork_asm+0x1a/0x30 [ 515.570701][ C0] [ 516.409311][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 516.416207][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller-00320-gba01565ced22 #0 [ 516.426727][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 516.436799][ T30] Call Trace: [ 516.440090][ T30] [ 516.443039][ T30] dump_stack_lvl+0x241/0x360 [ 516.447917][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 516.453143][ T30] ? __pfx__printk+0x10/0x10 [ 516.457764][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 516.463784][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 516.469437][ T30] ? vscnprintf+0x5d/0x90 [ 516.473793][ T30] panic+0x349/0x880 [ 516.477725][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 516.483382][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 516.489565][ T30] ? __pfx_panic+0x10/0x10 [ 516.494012][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 516.499409][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 516.505060][ T30] ? __irq_work_queue_local+0x137/0x410 [ 516.510638][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 516.516294][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 516.521689][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 516.527866][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 516.534049][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 516.539705][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 516.545890][ T30] watchdog+0x1033/0x1040 [ 516.550341][ T30] ? watchdog+0x1ea/0x1040 [ 516.554793][ T30] ? __pfx_watchdog+0x10/0x10 [ 516.559504][ T30] kthread+0x2f2/0x390 [ 516.563593][ T30] ? __pfx_watchdog+0x10/0x10 [ 516.568299][ T30] ? __pfx_kthread+0x10/0x10 [ 516.572910][ T30] ret_from_fork+0x4d/0x80 [ 516.577358][ T30] ? __pfx_kthread+0x10/0x10 [ 516.581967][ T30] ret_from_fork_asm+0x1a/0x30 [ 516.586777][ T30] [ 516.589919][ T30] Kernel Offset: disabled [ 516.594240][ T30] Rebooting in 86400 seconds..