last executing test programs: 3m32.089510388s ago: executing program 3 (id=152): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0xe, &(0x7f0000000240)=ANY=[@ANYBLOB="180200"/15, @ANYRES32=r3, @ANYBLOB="00000000000000008500000012000000180100002020642500000000001e20207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a00", @ANYRES32, @ANYBLOB="00000000000000001c"], 0x44}}, 0x0) sendmsg$rds(r5, &(0x7f0000002100)={&(0x7f0000000100)={0x2, 0x4e20, @empty}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000e00)=""/4096, 0x1000}, {&(0x7f0000000300)=""/202, 0xca}], 0x2, &(0x7f0000001e40)=[@zcopy_cookie={0x18, 0x114, 0xc, 0x6}, @cswp={0x58, 0x114, 0x7, {{0x226, 0x2}, &(0x7f00000004c0)=0x4, &(0x7f0000000500)=0x8, 0x0, 0x4, 0x6, 0x2, 0x4, 0x7}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000540)=""/82, 0x52}, &(0x7f00000005c0), 0x20}}, @fadd={0x58, 0x114, 0x6, {{0x9, 0xd}, &(0x7f0000000600)=0x9, &(0x7f0000000640)=0x1e8fc000000000, 0x190, 0xffffffff00000001, 0x5, 0x40, 0x21, 0x9}}, @cswp={0x58, 0x114, 0x7, {{0xee, 0x6}, &(0x7f0000000680)=0xfffffffffffffe01, &(0x7f00000006c0)=0x80000001, 0x3, 0x3, 0x7, 0x1, 0x7d, 0x8}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000700)=""/231, 0xe7}, &(0x7f0000000800), 0xa}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000840)=""/120, 0x78}, &(0x7f00000008c0), 0x6}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000900)=""/7, 0x7}, &(0x7f0000000940), 0x4}}, @mask_fadd={0x58, 0x114, 0x8, {{0xc, 0x3}, &(0x7f0000000980)=0x5015, &(0x7f00000009c0)=0x4, 0x5, 0x8, 0xfffffffffffffff9, 0x1, 0x0, 0x7}}, @cswp={0x58, 0x114, 0x7, {{0x3128, 0x8000}, &(0x7f0000000a00)=0xfffffffffffff60f, &(0x7f0000001e00)=0x3, 0xa82, 0x7, 0x1, 0xff, 0x5, 0x7}}], 0x290}, 0x8000) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a01568a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4f8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c956fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce706295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f3"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40, @void, @value}, 0x94) syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'], 0x1, 0x12d, &(0x7f0000000340)="$eJzs2r9Kw1AUBvCjCEIfwamQgHXIf62DuyA4+QSG9t704o23JIK0U/EFFIfrI7i6iW4+QmafQN/AKZI2sTZ316Hfb7kfOZeTZDnTcTKVBjx3iPZm92cfm5lKu/3ocMADHtPCCRF1q1CU5YNLhvOfelHOXOOC9VqfvUSfvnAhWWj2AAAAAAAAAAAAAAAAAAAAAABYE9ZnHTojrR65kCz4Vc0n04tYSpblzROb6h0d4lodVfejlX69LyJ7vr8j9PFNVfdX6nbTaXek1Ub7fd5VOvbyydQRaZywhF2GYdT3933/IPTmvbx2R/uu/iYqyuexuU9kPy33id59c5+IOotja0fo2+t29+X/IyAgIDShPT9ouB1Zb9X8cAdKDv9wfhgTDeCffAcAAP//NHw5bA==") r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mknodat$null(r6, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x103) syz_emit_ethernet(0x1c6, &(0x7f0000000dc0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd69922ff50190210000000000000000000000fffffffffffffe8000000000000000000000000000aa0000000064"], 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000200)="9e36d448b388dd965f7a3312779a", 0x0, 0xe00, 0xe8030000, 0x0, 0x0, 0x0, 0x0}, 0x50) 3m30.272552468s ago: executing program 3 (id=154): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x4001, 0x3, 0x480, 0x2e8, 0x4c00, 0x148, 0x2e8, 0x148, 0x3e8, 0x240, 0x240, 0x3e8, 0x240, 0x3, 0x0, {[{{@ip={@rand_addr, @remote, 0x0, 0x0, 'vxcan1\x00', 'lo\x00', {}, {}, 0x1}, 0x0, 0x2c8, 0x2e8, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "91db", 0x2}}, @common=@unspec=@bpf1={{0x230}, @fd}]}, @unspec=@NOTRACK={0x20}}, {{@ip={@broadcast, @empty, 0x0, 0x0, 'batadv_slave_1\x00', 'vlan1\x00'}, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@unspec=@connmark={{0x30}}]}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) (fail_nth: 5) 3m29.96425008s ago: executing program 3 (id=160): syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000001140)='./file0\x00', 0x98, &(0x7f0000000280), 0x1, 0x10ef, &(0x7f00000022c0)="$eJzs2DGLE0EYBuB3dg/kqshcvx5oYSHHHfEPXKGQxsLaLljZmUrJz/HnyFX2R3pTBOyVTQwJEhDJYuB4Hlh252Vmvp1yvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvLPlekosmqdusSVKSrrubLJJ02/zx17ZJydv3k9mrj+PXs8209FmT0q9aj+vN01rHdVxv6suL22d19unzh3avZEmX+9V8ev5mOehR+trtoDsCAADAw/DzaKMT1wcAAAD+ZrBGAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA6vajSVKSrrubLJJ0p/0tAAAA4EglTd6NDuWbNsDOi3wblZRHu+RH6edc58uB9QAAAMC/KXv38ec5z5O9/DJnubrajH+/srxN2iTXf+xzv5pP18/lfFr+5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAGCqAAAA//9TGNII") socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x4) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4e21, 0x4, @loopback}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000240)}], 0x1}}], 0x1, 0x0) shutdown(r3, 0x2) r4 = openat$damon_kdamond_pid(0xffffffffffffff9c, 0x0, 0x600200, 0x1c1) setsockopt$netlink_NETLINK_NO_ENOBUFS(r4, 0x10e, 0x5, &(0x7f00000001c0)=0xffff7b7d, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040), &(0x7f0000000040)=ANY=[], 0x1001, 0x0) 3m27.282603724s ago: executing program 3 (id=165): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0xe, &(0x7f0000000240)=ANY=[@ANYBLOB="180200"/15, @ANYRES32=r3, @ANYBLOB="00000000000000008500000012000000180100002020642500000000001e20207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a00", @ANYRES32, @ANYBLOB="00000000000000001c"], 0x44}}, 0x0) sendmsg$rds(r5, &(0x7f0000002100)={&(0x7f0000000100)={0x2, 0x4e20, @empty}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000e00)=""/4096, 0x1000}, {&(0x7f0000000300)=""/202, 0xca}], 0x2, &(0x7f0000001e40)=[@zcopy_cookie={0x18, 0x114, 0xc, 0x6}, @cswp={0x58, 0x114, 0x7, {{0x226, 0x2}, &(0x7f00000004c0)=0x4, &(0x7f0000000500)=0x8, 0x0, 0x4, 0x6, 0x2, 0x4, 0x7}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000540)=""/82, 0x52}, &(0x7f00000005c0), 0x20}}, @fadd={0x58, 0x114, 0x6, {{0x9, 0xd}, &(0x7f0000000600)=0x9, &(0x7f0000000640)=0x1e8fc000000000, 0x190, 0xffffffff00000001, 0x5, 0x40, 0x21, 0x9}}, @cswp={0x58, 0x114, 0x7, {{0xee, 0x6}, &(0x7f0000000680)=0xfffffffffffffe01, &(0x7f00000006c0)=0x80000001, 0x3, 0x3, 0x7, 0x1, 0x7d, 0x8}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000700)=""/231, 0xe7}, &(0x7f0000000800), 0xa}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000840)=""/120, 0x78}, &(0x7f00000008c0), 0x6}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000900)=""/7, 0x7}, &(0x7f0000000940), 0x4}}, @mask_fadd={0x58, 0x114, 0x8, {{0xc, 0x3}, &(0x7f0000000980)=0x5015, &(0x7f00000009c0)=0x4, 0x5, 0x8, 0xfffffffffffffff9, 0x1, 0x0, 0x7}}, @cswp={0x58, 0x114, 0x7, {{0x3128, 0x8000}, &(0x7f0000000a00)=0xfffffffffffff60f, &(0x7f0000001e00)=0x3, 0xa82, 0x7, 0x1, 0xff, 0x5, 0x7}}], 0x290}, 0x8000) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a01568a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4f8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c956fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce706295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f3"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40, @void, @value}, 0x94) syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'], 0x1, 0x12d, &(0x7f0000000340)="$eJzs2r9Kw1AUBvCjCEIfwamQgHXIf62DuyA4+QSG9t704o23JIK0U/EFFIfrI7i6iW4+QmafQN/AKZI2sTZ316Hfb7kfOZeTZDnTcTKVBjx3iPZm92cfm5lKu/3ocMADHtPCCRF1q1CU5YNLhvOfelHOXOOC9VqfvUSfvnAhWWj2AAAAAAAAAAAAAAAAAAAAAABYE9ZnHTojrR65kCz4Vc0n04tYSpblzROb6h0d4lodVfejlX69LyJ7vr8j9PFNVfdX6nbTaXek1Ub7fd5VOvbyydQRaZywhF2GYdT3933/IPTmvbx2R/uu/iYqyuexuU9kPy33id59c5+IOotja0fo2+t29+X/IyAgIDShPT9ouB1Zb9X8cAdKDv9wfhgTDeCffAcAAP//NHw5bA==") r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mknodat$null(r6, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x103) syz_emit_ethernet(0x1c6, &(0x7f0000000dc0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd69922ff50190210000000000000000000000fffffffffffffe8000000000000000000000000000aa0000000064"], 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000200)="9e36d448b388dd965f7a3312779a", 0x0, 0xe00, 0xe8030000, 0x0, 0x0, 0x0, 0x0}, 0x50) 3m25.139824955s ago: executing program 3 (id=168): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x4001, 0x3, 0x480, 0x2e8, 0x4c00, 0x148, 0x2e8, 0x148, 0x3e8, 0x240, 0x240, 0x3e8, 0x240, 0x3, 0x0, {[{{@ip={@rand_addr, @remote, 0x0, 0x0, 'vxcan1\x00', 'lo\x00', {}, {}, 0x1}, 0x0, 0x2c8, 0x2e8, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "91db", 0x2}}, @common=@unspec=@bpf1={{0x230}, @fd}]}, @unspec=@NOTRACK={0x20}}, {{@ip={@broadcast, @empty, 0x0, 0x0, 'batadv_slave_1\x00', 'vlan1\x00'}, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@unspec=@connmark={{0x30}}]}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 3m24.890772817s ago: executing program 3 (id=170): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000bc0)=@raw={'raw\x00', 0x3c1, 0x8000000, 0x2a8, 0x1140, 0x1170, 0x1170, 0x1140, 0x1170, 0x1230, 0x1398, 0x1398, 0x1230, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @private=0xa010101}, @remote, [], [0x0, 0x7fffff80, 0x0, 0xff], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x7b}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "c52c608092e453155dea87972dfa7ace2a9fec043e0ea3f70b6eee527b5a"}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x308) 3m8.066349847s ago: executing program 32 (id=170): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000bc0)=@raw={'raw\x00', 0x3c1, 0x8000000, 0x2a8, 0x1140, 0x1170, 0x1170, 0x1140, 0x1170, 0x1230, 0x1398, 0x1398, 0x1230, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @private=0xa010101}, @remote, [], [0x0, 0x7fffff80, 0x0, 0xff], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x7b}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "c52c608092e453155dea87972dfa7ace2a9fec043e0ea3f70b6eee527b5a"}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x308) 3.608878981s ago: executing program 5 (id=1390): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r2, 0x0) sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000200)=[{&(0x7f0000001880)=""/4082, 0xff2}, {&(0x7f0000002880)=""/4084, 0xff4}], 0x2, 0x21}}], 0x48}, 0x0) 3.563429501s ago: executing program 5 (id=1392): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0x0) r0 = landlock_create_ruleset(&(0x7f0000000140)={0x2871, 0x1}, 0x18, 0x0) unshare(0x2c020400) unshare(0x22020000) landlock_restrict_self(r0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 3.376997492s ago: executing program 5 (id=1395): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bridge_slave_1\x00', 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) 3.164831073s ago: executing program 5 (id=1397): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) ioctl$FBIOPUTCMAP(r0, 0x4605, &(0x7f0000000480)={0x8, 0x3, &(0x7f0000000380)=[0x8, 0xfff7, 0x2], &(0x7f00000003c0), &(0x7f0000000400), 0x0}) 3.094955723s ago: executing program 5 (id=1399): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x0, ')'}]}}, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\r'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="200119"], 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000800)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x20, 0x1, 0x6, "6112a7a9893e"}, 0x0}) 2.410451737s ago: executing program 5 (id=1406): syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000d1d7a440041601801f440102030109021200"], 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x1, 0x2}]}) r1 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000040)=0x1f, 0x4) listen(0xffffffffffffffff, 0x6) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045520, &(0x7f0000000040)=0xfffffffe) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x3c, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x33, 0xfffe, @loopback, @loopback}, "3785bf9e57ed3f5d"}}}}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = io_uring_setup(0x2c4d, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r3, 0xd, &(0x7f0000000040)={0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x20) setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$sock_inet6_SIOCDIFADDR(r2, 0x8936, &(0x7f0000000140)={@mcast1, 0x2b}) r4 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r4, 0x0, 0x484, &(0x7f0000000000)=""/108, &(0x7f0000000080)=0x18) 1.416938062s ago: executing program 0 (id=1417): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000000c0), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) r1 = syz_open_dev$media(&(0x7f00000001c0), 0x1, 0x0) ioctl$MEDIA_IOC_G_TOPOLOGY(r1, 0xc0487c04, &(0x7f0000000280)={0x0, 0x8, 0x0, &(0x7f0000001d40), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x0, 0x0}) 1.415094752s ago: executing program 0 (id=1418): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x4001, 0x3, 0x2b0, 0x138, 0x0, 0x148, 0x0, 0x148, 0x218, 0x240, 0x240, 0x218, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00'}, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@unspec=@connlabel={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1, 'ip6erspan0\x00'}}}, {{@ip={@local, @loopback, 0x0, 0x0, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000000b00)=[{{&(0x7f0000000040)={0x2, 0x4e24, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000c00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}}}}], 0x20}}], 0x1, 0x0) 1.321937312s ago: executing program 0 (id=1419): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000240)={'team_slave_1\x00', &(0x7f0000000880)=@ethtool_gstrings={0x1b, 0x6}}) 1.283766963s ago: executing program 0 (id=1420): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f00000000c0)=0x1, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c) syz_emit_ethernet(0x6a, &(0x7f0000000180)=ANY=[], 0x0) 1.127475014s ago: executing program 0 (id=1422): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @dev={0xac, 0x14, 0x14, 0x2a}, @local}, 0xc) close(0x3) 992.727495ms ago: executing program 0 (id=1425): syz_usb_disconnect(0xffffffffffffffff) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) 833.936286ms ago: executing program 1 (id=1430): mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x9, 0xc3072, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000180)={0x87, @multicast2, 0x4e24, 0x4, 'lc\x00', 0x20, 0xd, 0x46}, 0x2c) 732.993676ms ago: executing program 1 (id=1431): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f0000001fc0)=ANY=[@ANYBLOB="42000000030000000000000000000000000000000000000021"], 0x42) 696.611466ms ago: executing program 1 (id=1433): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@ipv6_newaddr={0x34, 0x14, 0x1, 0x0, 0x0, {0xa, 0x0, 0xa1, 0x0, r2}, [@IFA_FLAGS={0x8, 0x8, 0x402}, @IFA_LOCAL={0x14, 0x2, @local}]}, 0x34}}, 0x10) 658.885497ms ago: executing program 4 (id=1434): r0 = syz_open_dev$cec(&(0x7f0000002340), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000280)={"b9b0e0a8", 0x8, 0x40, 0xa, 0x8, 0x5, "d935980171e6c78c38d946e61a5067", "4e71026d", "ae4a9cb7", '\x00', ['\x00', "df072599bd133e7cc18f8a47", "833f88ad42a54c0ff827f8e1", "d68a03524f67f184a1797f69"]}) 604.844746ms ago: executing program 1 (id=1435): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000000)=0x7f, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4) sendto$packet(r0, &(0x7f00000000c0)="3f030e0033e6120306001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe94f, 0x0, &(0x7f0000000540)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 604.665736ms ago: executing program 2 (id=1436): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x0) r2 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0x8, 0x10100, 0x0, 0x200000}, &(0x7f0000000480), &(0x7f0000000000)=0x0) syz_io_uring_setup(0xa94, &(0x7f0000000280)={0x0, 0x95b0, 0x2, 0x0, 0x205}, &(0x7f0000000340)=0x0, &(0x7f00000005c0)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r2, 0x48e9, 0x0, 0x0, 0x0, 0x0) 561.484917ms ago: executing program 4 (id=1437): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0xd}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40040c0}, 0x0) 507.096067ms ago: executing program 1 (id=1438): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x4c, 0x0, &(0x7f0000001800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x18, &(0x7f00000009c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x3, 0x19}, @ptr={0x70742a85, 0x0, &(0x7f0000000600)=""/216, 0xd8, 0x2}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x18}}, &(0x7f0000000280)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 424.962918ms ago: executing program 2 (id=1439): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x1c, 0x3d, 0x107, 0x70bd2b, 0x0, {0x4, 0x7c}, [@typed={0x4}, @nested={0x4, 0x1}]}, 0x1c}}, 0xc000) 404.652427ms ago: executing program 4 (id=1440): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) io_setup(0x8, &(0x7f0000004200)=0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r2, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) 384.469138ms ago: executing program 1 (id=1441): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0) socket$tipc(0x1e, 0x2, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_SIOCETHTOOL(r2, 0x8946, 0x0) r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_DEV_SETUP(r3, 0x405c5503, 0x0) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x12) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r4 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) keyctl$read(0x2, r4, &(0x7f00000000c0)=""/4096, 0x1000) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)=0x3, 0x4) r5 = syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000100)) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') read$eventfd(r6, &(0x7f0000000080), 0x51) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000007100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPR={0x10, 0x7, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0x4}}}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc4}}, 0x8000) 338.273028ms ago: executing program 2 (id=1442): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$RDMA_USER_CM_CMD_CONNECT(r0, &(0x7f0000000380)={0x6, 0x16c, 0xfa00, {{0x80, 0xb57a, "bf1acc1607e158ac24443aa8dad071974f39e19cad7ec31778e2a08b911b30951e33fc5e7d871b6a90cfd985dc9e75f14165eeddc860f4af6a3d4f88e1db93f611c39fabdf8ccfb94cf7bc9689af8bd6d05a19ce4edd8f6178e7e9faee19812184879f09b28e96ba01c7837b3fb2666fadcfb134b84b6788c7fdef3323e9c643bcb7a3ea36717b178a7fe4c90c12abb2e30c17d3ef82f397a6eb4ce7752bab1ef1d82d91ddcab2ac212b6673be7b981320939836a814ff9882c5d3bb5d1a0432da7148ec3d28ef45832e9c73691a44cd5b08ae7f6e3b892f18b4c143d126ecf82275193cbda35881e58d02282192bcedb84a9acd5b3a7e49702c1ec22f454a22", 0x80, 0xa, 0x7, 0xa, 0x2, 0x7, 0x1, 0x1}}}, 0x120) 224.932529ms ago: executing program 2 (id=1443): r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socket$key(0xf, 0x3, 0x2) read$FUSE(r0, &(0x7f0000001f80)={0x2020}, 0x2020) 204.565729ms ago: executing program 4 (id=1444): r0 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f0000000180)=ANY=[@ANYRESOCT], 0x1) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000200)={0x0, @local, @local}, &(0x7f0000000140)=0xc) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f00000010c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x12, r1}) 155.190529ms ago: executing program 2 (id=1445): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x5, 0x6, 0x0, 0x7fff}]}, 0x10) 40.549879ms ago: executing program 4 (id=1446): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002, 0x800, @empty}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x2200c001, &(0x7f0000000240)={0xa, 0x2, 0x2000000, @empty, 0x7}, 0x1c) sendto$inet6(r0, &(0x7f0000000080)="44f9", 0x2, 0x40005, 0x0, 0x0) shutdown(r0, 0x2) 34.96629ms ago: executing program 2 (id=1447): socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$rds(0x15, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_udp(0xa, 0x2, 0x0) socket$packet(0x11, 0x4000000000002, 0x300) syz_open_procfs(0x0, &(0x7f00000001c0)='net/rt_acct\x00') socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) accept4(r1, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="93630100200501001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES8=r2], 0x4c}}, 0x0) 0s ago: executing program 4 (id=1448): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000300000000030003000000580001"], 0x6c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) kernel console output (not intermixed with test programs): becomes ready [ 155.784640][ T4491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 155.786564][ T4491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 155.791654][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 155.883289][ T4491] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 155.885190][ T4491] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 155.890155][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 156.376888][ T5584] netlink: 36 bytes leftover after parsing attributes in process `syz.5.199'. [ 156.401941][ T5584] loop5: detected capacity change from 0 to 22 [ 156.407951][ T5584] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 156.531789][ T5584] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 156.581397][ T5584] dccp_invalid_packet: P.CsCov 6 exceeds packet length 400 [ 157.250427][ T5590] loop2: detected capacity change from 0 to 4096 [ 157.257519][ T5590] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 157.459884][ T5595] loop5: detected capacity change from 0 to 22 [ 157.465474][ T5595] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 157.508249][ T5595] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 159.067892][ T5529] XFS (loop0): User initiated shutdown received. [ 159.069764][ T5529] XFS (loop0): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x124/0x15c (fs/xfs/xfs_fsops.c:486). Shutting down filesystem. [ 159.098070][ T5529] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 159.220933][ T5597] loop1: detected capacity change from 0 to 8192 [ 159.266455][ T5609] loop2: detected capacity change from 0 to 256 [ 159.268505][ T5609] FAT-fs (loop2): Unrecognized mount option "uni_xlqte=1" or missing value [ 159.278666][ T5597] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 159.281966][ T5597] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 159.284106][ T5597] REISERFS (device loop1): using ordered data mode [ 159.285380][ T5597] reiserfs: using flush barriers [ 159.297764][ T5597] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 159.301097][ T5597] REISERFS (device loop1): checking transaction log (loop1) [ 159.527519][ T4293] XFS (loop0): Unmounting Filesystem [ 159.757228][ T5617] loop2: detected capacity change from 0 to 256 [ 160.415979][ T5597] REISERFS (device loop1): Using tea hash to sort names [ 160.417797][ T5597] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 160.515824][ T5622] loop2: detected capacity change from 0 to 256 [ 160.526474][ T5622] exFAT-fs (loop2): failed to load alloc-bitmap [ 160.527952][ T5622] exFAT-fs (loop2): failed to recognize exfat type [ 160.576493][ T4389] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 160.689805][ T5628] Bluetooth: MGMT ver 1.22 [ 161.014023][ T5604] loop5: detected capacity change from 0 to 32768 [ 161.076467][ T5604] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.257 (5604) [ 161.096311][ T5604] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 161.098386][ T5604] BTRFS info (device loop5): using sha256 (sha256-ce) checksum algorithm [ 161.100177][ T5604] BTRFS info (device loop5): using free space tree [ 161.342951][ T5604] BTRFS error (device loop5): open_ctree failed [ 161.449314][ T5665] netlink: 36 bytes leftover after parsing attributes in process `syz.2.264'. [ 161.472755][ T5665] loop2: detected capacity change from 0 to 22 [ 161.478162][ T5665] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 161.552428][ T5665] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 161.599145][ T5665] dccp_invalid_packet: P.CsCov 6 exceeds packet length 400 [ 162.288341][ T5677] netlink: 12 bytes leftover after parsing attributes in process `syz.2.267'. [ 162.319311][ T5677] netlink: 1 bytes leftover after parsing attributes in process `syz.2.267'. [ 163.158835][ T5686] loop2: detected capacity change from 0 to 512 [ 163.216596][ T5686] EXT2-fs (loop2): warning: mounting ext3 filesystem as ext2 [ 163.280332][ T5688] loop5: detected capacity change from 0 to 256 [ 163.320110][ T5688] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 163.353716][ T5633] loop1: detected capacity change from 0 to 32768 [ 163.355821][ T5633] xfs: Unknown parameter 'uid<00000000000000000000' [ 164.447270][ T5700] netlink: 36 bytes leftover after parsing attributes in process `syz.2.273'. [ 164.615582][ T5700] loop2: detected capacity change from 0 to 22 [ 164.617388][ T5700] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 164.633834][ T4299] Bluetooth: hci0: command 0x0406 tx timeout [ 165.111186][ T5700] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 165.395050][ T4309] Bluetooth: hci3: command 0x0406 tx timeout [ 165.396471][ T4309] Bluetooth: hci2: command 0x0406 tx timeout [ 165.480928][ T5695] loop4: detected capacity change from 0 to 8192 [ 165.572257][ T5695] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 165.575085][ T5695] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 165.576941][ T5695] REISERFS (device loop4): using ordered data mode [ 165.578280][ T5695] reiserfs: using flush barriers [ 165.593174][ T5695] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 165.596748][ T5695] REISERFS (device loop4): checking transaction log (loop4) [ 165.849557][ T5695] REISERFS (device loop4): Using tea hash to sort names [ 165.934106][ T5719] netlink: 36 bytes leftover after parsing attributes in process `syz.2.274'. [ 165.965627][ T5719] loop2: detected capacity change from 0 to 22 [ 165.971353][ T5719] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 166.615859][ T5719] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 166.641620][ T5695] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 166.666580][ T5722] netlink: 12 bytes leftover after parsing attributes in process `syz.1.276'. [ 166.714736][ T5724] loop5: detected capacity change from 0 to 512 [ 166.748361][ T5724] EXT2-fs (loop5): warning: feature flags set on rev 0 fs, running e2fsck is recommended [ 166.765321][ T5724] EXT2-fs (loop5): 0.5b, 95/08/09, bs=4096, gc=1, bpg=32768, ipg=32, mo=8001c] [ 166.996438][ T5733] loop5: detected capacity change from 0 to 1024 [ 167.039668][ T5728] loop2: detected capacity change from 0 to 8192 [ 167.045344][ T5728] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 167.048245][ T5728] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 167.050213][ T5728] REISERFS (device loop2): using ordered data mode [ 167.071381][ T5728] reiserfs: using flush barriers [ 167.079759][ T5728] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 167.119999][ T5733] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 167.138617][ T5728] REISERFS (device loop2): checking transaction log (loop2) [ 167.972375][ T5745] loop4: detected capacity change from 0 to 8192 [ 168.002678][ T5292] EXT4-fs (loop5): unmounting filesystem. [ 168.012096][ T5745] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 168.014868][ T5745] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 168.016767][ T5745] REISERFS (device loop4): using ordered data mode [ 168.018106][ T5745] reiserfs: using flush barriers [ 168.075107][ T5745] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 168.078814][ T5745] REISERFS (device loop4): checking transaction log (loop4) [ 168.109135][ T5728] REISERFS (device loop2): Using tea hash to sort names [ 168.110870][ T5728] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 169.262462][ T5757] loop5: detected capacity change from 0 to 8192 [ 169.265543][ T5745] REISERFS (device loop4): Using tea hash to sort names [ 169.267283][ T5745] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 169.442522][ T5757] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 169.445367][ T5757] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 169.447408][ T5757] REISERFS (device loop5): using ordered data mode [ 169.448769][ T5757] reiserfs: using flush barriers [ 169.478132][ T5757] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 169.544054][ T5776] loop0: detected capacity change from 0 to 22 [ 169.546854][ T5776] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 170.350377][ T5776] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 170.899030][ T5757] REISERFS (device loop5): checking transaction log (loop5) [ 171.086766][ T5780] loop1: detected capacity change from 0 to 256 [ 171.093322][ T5782] loop2: detected capacity change from 0 to 256 [ 171.095015][ T5782] exfat: Deprecated parameter 'namecase' [ 171.119965][ T5782] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 171.128552][ T5757] REISERFS (device loop5): Using tea hash to sort names [ 171.130453][ T5757] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 171.144106][ T5780] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 171.457773][ T5787] loop4: detected capacity change from 0 to 8192 [ 172.285126][ T5787] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 172.287772][ T5787] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 172.290224][ T5787] REISERFS (device loop4): using ordered data mode [ 172.298570][ T5787] reiserfs: using flush barriers [ 172.321645][ T5787] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 172.325267][ T5787] REISERFS (device loop4): checking transaction log (loop4) [ 172.371854][ T5799] Cannot find add_set index 1 as target [ 172.447325][ T5787] REISERFS (device loop4): Using tea hash to sort names [ 172.449045][ T5787] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 172.504552][ T5804] loop0: detected capacity change from 0 to 256 [ 172.506424][ T5804] FAT-fs (loop0): Unrecognized mount option "uni_xlqte=1" or missing value [ 173.437329][ T5813] loop0: detected capacity change from 0 to 256 [ 174.269665][ T5825] loop4: detected capacity change from 0 to 1024 [ 174.317142][ T5825] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 174.479148][ T5835] loop5: detected capacity change from 0 to 256 [ 174.491799][ T5835] FAT-fs (loop5): Unrecognized mount option "uni_xlqte=1" or missing value [ 174.515271][ T5827] loop1: detected capacity change from 0 to 32768 [ 174.528193][ T5827] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.297 (5827) [ 174.533041][ T5827] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 174.535318][ T5827] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 174.537276][ T5827] BTRFS info (device loop1): using free space tree [ 175.202285][ T4302] EXT4-fs (loop4): unmounting filesystem. [ 175.490775][ T5862] loop0: detected capacity change from 0 to 22 [ 175.496945][ T5862] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 175.687046][ T5862] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 176.110282][ T4324] BTRFS warning (device loop1): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xb1552e1a level 0 [ 176.115351][ T5827] BTRFS warning (device loop1): couldn't read tree root [ 176.240898][ T5827] BTRFS error (device loop1): open_ctree failed [ 176.267479][ T5864] loop4: detected capacity change from 0 to 8192 [ 176.306008][ T5870] FAULT_INJECTION: forcing a failure. [ 176.306008][ T5870] name failslab, interval 1, probability 0, space 0, times 0 [ 176.308766][ T5870] CPU: 0 PID: 5870 Comm: syz.0.304 Not tainted 6.1.119-syzkaller #0 [ 176.310452][ T5870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 176.312509][ T5870] Call trace: [ 176.313216][ T5870] dump_backtrace+0x1c8/0x1f4 [ 176.314245][ T5870] show_stack+0x2c/0x3c [ 176.315137][ T5870] dump_stack_lvl+0x108/0x170 [ 176.316176][ T5870] dump_stack+0x1c/0x58 [ 176.317087][ T5870] should_fail_ex+0x3c0/0x51c [ 176.318128][ T5870] __should_failslab+0xc8/0x128 [ 176.319159][ T5870] should_failslab+0x10/0x28 [ 176.320103][ T5870] __kmem_cache_alloc_node+0x80/0x388 [ 176.321208][ T5870] __kmalloc_node+0xcc/0x1d0 [ 176.322228][ T5870] kvmalloc_node+0x84/0x1e4 [ 176.323142][ T5870] xt_alloc_entry_offsets+0x58/0x68 [ 176.324262][ T5870] translate_table+0x130/0x1ac8 [ 176.325333][ T5870] do_ip6t_set_ctl+0xb34/0x110c [ 176.326267][ T5870] nf_setsockopt+0x270/0x290 [ 176.327243][ T5870] ipv6_setsockopt+0x168/0x1a4 [ 176.328298][ T5870] udpv6_setsockopt+0xa8/0xc0 [ 176.329402][ T5870] sock_common_setsockopt+0xb0/0xcc [ 176.330618][ T5870] __sys_setsockopt+0x3a8/0x70c [ 176.331655][ T5870] __arm64_sys_setsockopt+0xb8/0xd4 [ 176.332793][ T5870] invoke_syscall+0x98/0x2bc [ 176.333795][ T5870] el0_svc_common+0x138/0x258 [ 176.334696][ T5870] do_el0_svc+0x58/0x13c [ 176.335577][ T5870] el0_svc+0x58/0x168 [ 176.336534][ T5870] el0t_64_sync_handler+0x84/0xf0 [ 176.337662][ T5870] el0t_64_sync+0x18c/0x190 [ 176.353037][ T5864] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 176.355916][ T5864] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 176.357876][ T5864] REISERFS (device loop4): using ordered data mode [ 176.385779][ T5864] reiserfs: using flush barriers [ 176.420983][ T5864] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 176.449935][ T5864] REISERFS (device loop4): checking transaction log (loop4) [ 176.459821][ T27] audit: type=1326 audit(176.440:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5826 comm="syz.1.297" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8214d528 code=0x0 [ 177.011396][ T5827] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 177.013080][ T5827] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 177.014861][ T5827] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 177.016453][ T5827] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 177.017776][ T5827] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 177.019011][ T5827] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 177.020434][ T5827] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 177.071438][ T5827] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 177.085053][ T5827] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 177.094609][ T5827] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 177.104732][ T5827] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 177.106091][ T5827] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 177.145172][ T5827] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 177.146515][ T5827] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 177.147849][ T5827] Bluetooth: hci5: Suspend notifier action (1) failed: -4 [ 177.166252][ T5864] REISERFS (device loop4): Using tea hash to sort names [ 177.167943][ T5864] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 177.308488][ T5889] loop0: detected capacity change from 0 to 256 [ 177.373878][ T5889] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 177.420363][ T5894] loop1: detected capacity change from 0 to 256 [ 177.423094][ T5894] FAT-fs (loop1): Unrecognized mount option "uni_xlqte=1" or missing value [ 178.000446][ T5887] loop2: detected capacity change from 0 to 8192 [ 178.307386][ T5904] loop1: detected capacity change from 0 to 256 [ 178.377143][ T5887] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 178.531462][ T4309] Bluetooth: hci0: command 0x0c1a tx timeout [ 178.579833][ T5887] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 178.846903][ T5887] REISERFS (device loop2): using ordered data mode [ 178.848412][ T5887] reiserfs: using flush barriers [ 178.891234][ T5887] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 178.894884][ T5887] REISERFS (device loop2): checking transaction log (loop2) [ 178.999135][ T5906] process 'syz.1.310' launched '/dev/fd/-1/./file1' with NULL argv: empty string added [ 179.130622][ T5887] REISERFS (device loop2): Using tea hash to sort names [ 179.132276][ T4309] Bluetooth: hci5: command 0x0c1a tx timeout [ 179.132361][ T4309] Bluetooth: hci4: command 0x0c1a tx timeout [ 179.132397][ T4309] Bluetooth: hci3: command 0x0c1a tx timeout [ 179.132432][ T4309] Bluetooth: hci2: command 0x0c1a tx timeout [ 179.156868][ T5887] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 179.190255][ T5913] loop4: detected capacity change from 0 to 256 [ 179.288319][ T5913] exfat: Deprecated parameter 'namecase' [ 179.332700][ T5913] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 179.345206][ T5911] loop1: detected capacity change from 0 to 512 [ 180.272055][ T5911] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.311: iget: bad i_size value: -67835469387268086 [ 180.275502][ T5911] EXT4-fs (loop1): Remounting filesystem read-only [ 180.276838][ T5911] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.311: couldn't read orphan inode 15 (err -117) [ 180.300100][ T5911] EXT4-fs (loop1): Remounting filesystem read-only [ 180.311290][ T5911] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 180.429140][ T5911] EXT4-fs error (device loop1): ext4_add_entry:2486: inode #2: comm syz.1.311: Directory hole found for htree leaf block 0 [ 180.462805][ T5911] EXT4-fs (loop1): Remounting filesystem read-only [ 180.581380][ T4299] Bluetooth: hci0: command 0x0406 tx timeout [ 180.661537][ T4301] EXT4-fs (loop1): unmounting filesystem. [ 181.068079][ T5942] loop5: detected capacity change from 0 to 22 [ 181.073739][ T5942] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 181.212341][ T4309] Bluetooth: hci2: command 0x0406 tx timeout [ 181.212933][ T4299] Bluetooth: hci3: command 0x0406 tx timeout [ 181.215731][ T4299] Bluetooth: hci4: command 0x0406 tx timeout [ 181.217273][ T4309] Bluetooth: hci5: command 0x0406 tx timeout [ 181.225972][ T5942] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 181.764810][ T5930] loop0: detected capacity change from 0 to 8192 [ 181.797114][ T5930] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 181.799926][ T5930] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 181.802368][ T5930] REISERFS (device loop0): using ordered data mode [ 181.803716][ T5930] reiserfs: using flush barriers [ 181.812614][ T5930] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 181.815916][ T5930] REISERFS (device loop0): checking transaction log (loop0) [ 183.263261][ T5930] REISERFS (device loop0): Using tea hash to sort names [ 183.264992][ T5930] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 183.373691][ T5962] loop5: detected capacity change from 0 to 8192 [ 183.395235][ T5962] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 183.399933][ T5962] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 183.467185][ T5962] REISERFS (device loop5): using ordered data mode [ 183.468578][ T5962] reiserfs: using flush barriers [ 183.487662][ T5962] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 183.495447][ T5962] REISERFS (device loop5): checking transaction log (loop5) [ 184.581853][ T5962] REISERFS (device loop5): Using tea hash to sort names [ 184.583589][ T5962] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 184.660681][ T5979] loop0: detected capacity change from 0 to 256 [ 184.756244][ T5976] loop2: detected capacity change from 0 to 8192 [ 184.794626][ T5979] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 184.808685][ T5976] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 184.811678][ T5976] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 184.813642][ T5976] REISERFS (device loop2): using ordered data mode [ 184.815116][ T5976] reiserfs: using flush barriers [ 184.879423][ T5982] netlink: 36 bytes leftover after parsing attributes in process `syz.4.322'. [ 186.333976][ T5976] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 186.529476][ T5982] loop4: detected capacity change from 0 to 22 [ 186.536175][ T5982] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 186.544877][ T5982] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 186.717982][ T5977] dccp_invalid_packet: P.CsCov 6 exceeds packet length 400 [ 186.741954][ T5976] REISERFS (device loop2): checking transaction log (loop2) [ 187.411712][ T2058] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.413086][ T2058] ieee802154 phy1 wpan1: encryption failed: -22 [ 187.531873][ T5976] REISERFS (device loop2): Using tea hash to sort names [ 187.533777][ T5976] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 187.824654][ T6001] loop1: detected capacity change from 0 to 22 [ 187.830557][ T6001] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 187.885650][ T6001] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 188.460631][ T5998] loop4: detected capacity change from 0 to 256 [ 188.485477][ T5998] exfat: Deprecated parameter 'namecase' [ 188.564388][ T5998] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 189.578909][ T6019] loop5: detected capacity change from 0 to 1024 [ 189.638709][ T6019] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 190.548814][ T5292] EXT4-fs (loop5): unmounting filesystem. [ 190.688896][ T6044] dccp_close: ABORT with 41 bytes unread [ 191.006901][ T6050] loop5: detected capacity change from 0 to 4096 [ 191.070925][ T6058] loop0: detected capacity change from 0 to 2048 [ 191.184019][ T6018] loop2: detected capacity change from 0 to 8192 [ 191.198398][ T6055] loop1: detected capacity change from 0 to 8192 [ 191.206351][ T6058] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 191.294627][ T6069] netlink: 36 bytes leftover after parsing attributes in process `syz.4.338'. [ 191.319197][ T6069] loop4: detected capacity change from 0 to 22 [ 191.325040][ T6069] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 191.384681][ T6069] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 191.407272][ T6069] dccp_invalid_packet: P.CsCov 6 exceeds packet length 400 [ 191.568761][ T6055] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 191.926237][ T6055] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 191.928259][ T6055] REISERFS (device loop1): using ordered data mode [ 191.929636][ T6055] reiserfs: using flush barriers [ 191.952493][ T6018] loop2: AHDI p1 p3 p4 [ 191.953653][ T6018] loop2: p1 start 458752 is beyond EOD, truncated [ 191.955025][ T6018] loop2: p3 start 33587200 is beyond EOD, truncated [ 191.971452][ T6055] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 191.995546][ T6055] REISERFS (device loop1): checking transaction log (loop1) [ 192.077698][ T3911] loop2: AHDI p1 p3 p4 [ 192.078863][ T3911] loop2: p1 start 458752 is beyond EOD, truncated [ 192.080278][ T3911] loop2: p3 start 33587200 is beyond EOD, truncated [ 192.148684][ T6055] REISERFS (device loop1): Using tea hash to sort names [ 192.150602][ T6055] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 192.336549][ T4293] EXT4-fs (loop0): unmounting filesystem. [ 192.813559][ T6078] loop0: detected capacity change from 0 to 256 [ 192.898755][ T6078] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 193.784158][ T6087] loop4: detected capacity change from 0 to 128 [ 193.799986][ T6087] UDF-fs: bad mount option "" or missing value [ 193.962131][ T6071] netlink: 'syz.4.340': attribute type 29 has an invalid length. [ 193.964020][ T6071] netlink: 'syz.4.340': attribute type 29 has an invalid length. [ 194.201730][ T6102] loop0: detected capacity change from 0 to 8192 [ 194.214841][ T6107] loop4: detected capacity change from 0 to 1024 [ 194.276172][ T6107] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 195.223985][ T4302] EXT4-fs (loop4): unmounting filesystem. [ 195.730371][ T6136] tipc: Started in network mode [ 195.733487][ T6141] loop1: detected capacity change from 0 to 2048 [ 195.740042][ T6136] tipc: Node identity ac1414aa, cluster identity 4711 [ 195.744362][ T6136] tipc: Enabled bearer , priority 10 [ 195.781608][ T6135] loop4: detected capacity change from 0 to 8192 [ 195.804222][ T6141] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 195.807733][ T6135] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 195.833417][ T6135] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 195.835315][ T6135] REISERFS (device loop4): using ordered data mode [ 195.836762][ T6135] reiserfs: using flush barriers [ 195.871259][ T6135] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 195.874751][ T6135] REISERFS (device loop4): checking transaction log (loop4) [ 196.115246][ T6155] loop2: detected capacity change from 0 to 128 [ 196.169056][ T6155] netlink: 8 bytes leftover after parsing attributes in process `syz.2.357'. [ 196.175505][ T6135] REISERFS (device loop4): Using tea hash to sort names [ 196.177309][ T6135] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 196.212764][ T6155] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 196.304704][ T6163] FAULT_INJECTION: forcing a failure. [ 196.304704][ T6163] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 196.307551][ T6163] CPU: 0 PID: 6163 Comm: syz.0.358 Not tainted 6.1.119-syzkaller #0 [ 196.309122][ T6163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 196.311118][ T6163] Call trace: [ 196.311785][ T6163] dump_backtrace+0x1c8/0x1f4 [ 196.312719][ T6163] show_stack+0x2c/0x3c [ 196.313602][ T6163] dump_stack_lvl+0x108/0x170 [ 196.314557][ T6163] dump_stack+0x1c/0x58 [ 196.315446][ T6163] should_fail_ex+0x3c0/0x51c [ 196.316501][ T6163] should_fail+0x14/0x24 [ 196.317442][ T6163] should_fail_usercopy+0x20/0x30 [ 196.318471][ T6163] put_user_ifreq+0x88/0x1a4 [ 196.319472][ T6163] sock_do_ioctl+0x274/0x2dc [ 196.320464][ T6163] sock_ioctl+0x4ec/0x858 [ 196.321342][ T6163] __arm64_sys_ioctl+0x14c/0x1c8 [ 196.322353][ T6163] invoke_syscall+0x98/0x2bc [ 196.323354][ T6163] el0_svc_common+0x138/0x258 [ 196.324414][ T6163] do_el0_svc+0x58/0x13c [ 196.325378][ T6163] el0_svc+0x58/0x168 [ 196.326201][ T6163] el0t_64_sync_handler+0x84/0xf0 [ 196.327321][ T6163] el0t_64_sync+0x18c/0x190 [ 196.883632][ T6174] loop5: detected capacity change from 0 to 1024 [ 196.915521][ T6176] loop0: detected capacity change from 0 to 256 [ 196.923138][ T6176] exfat: Deprecated parameter 'namecase' [ 196.953150][ T6176] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 196.977717][ T4501] tipc: Node number set to 2886997162 [ 196.997365][ T6174] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 197.026581][ T6155] netlink: 8 bytes leftover after parsing attributes in process `syz.2.357'. [ 197.105267][ T6165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 197.883308][ T6187] loop4: detected capacity change from 0 to 256 [ 198.046047][ T6194] tmpfs: Bad value for 'mpol' [ 198.791454][ T6196] loop2: detected capacity change from 0 to 22 [ 198.797896][ T6196] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 198.805174][ T6196] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 198.938266][ T5292] EXT4-fs (loop5): unmounting filesystem. [ 199.351647][ T6210] netlink: 'syz.2.369': attribute type 28 has an invalid length. [ 199.419336][ T6210] loop2: detected capacity change from 0 to 2048 [ 199.452270][ T6210] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 199.493670][ T6201] loop5: detected capacity change from 0 to 8192 [ 199.553717][ T6209] UDF-fs: warning (device loop2): udf_truncate_tail_extent: Too long extent after EOF in inode 1346: i_size: 192 lbcount: 4096 extent 6+4096 [ 199.575759][ T6201] loop5: AHDI p1 p3 p4 [ 199.576826][ T6201] loop5: p1 start 458752 is beyond EOD, truncated [ 199.578322][ T6201] loop5: p3 start 33587200 is beyond EOD, truncated [ 202.537751][ T6239] loop0: detected capacity change from 0 to 8192 [ 202.538348][ T6241] loop1: detected capacity change from 0 to 256 [ 202.580956][ T6241] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 202.592600][ T6239] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 202.595383][ T6239] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 202.597417][ T6239] REISERFS (device loop0): using ordered data mode [ 202.598753][ T6239] reiserfs: using flush barriers [ 202.600771][ T6243] loop2: detected capacity change from 0 to 4096 [ 202.640901][ T6239] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 202.651798][ T6239] REISERFS (device loop0): checking transaction log (loop0) [ 202.872082][ T6243] ALSA: mixer_oss: invalid OSS volume 'PHONòŸN' [ 202.922719][ T6254] loop4: detected capacity change from 0 to 256 [ 202.957418][ T6239] REISERFS (device loop0): Using tea hash to sort names [ 202.959199][ T6239] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 203.831860][ T4389] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 204.560219][ T6265] loop1: detected capacity change from 0 to 256 [ 204.655392][ T6250] loop5: detected capacity change from 0 to 32768 [ 204.777354][ T6265] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 206.839672][ T6284] loop2: detected capacity change from 0 to 512 [ 207.195937][ T6288] loop0: detected capacity change from 0 to 256 [ 207.197884][ T6288] exfat: Deprecated parameter 'namecase' [ 207.234616][ T6292] loop1: detected capacity change from 0 to 164 [ 207.248622][ T6288] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 207.513971][ T6294] loop2: detected capacity change from 0 to 8192 [ 207.527282][ T6298] loop1: detected capacity change from 0 to 4096 [ 207.532250][ T6298] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 207.534469][ T6294] loop2: AHDI p1 p3 p4 [ 207.535484][ T6294] loop2: p1 start 458752 is beyond EOD, truncated [ 207.538307][ T6294] loop2: p3 start 33587200 is beyond EOD, truncated [ 208.461831][ T6305] loop4: detected capacity change from 0 to 256 [ 208.494876][ T6305] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 208.554228][ T6298] ntfs3: loop1: ino=5, "/" directory corrupted [ 208.636946][ T6307] loop5: detected capacity change from 0 to 1024 [ 208.750522][ T6307] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 208.759952][ T4301] ntfs3: loop1: ntfs_sync_fs r=1a failed, -22. [ 208.932947][ T4301] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 209.829036][ T5292] EXT4-fs (loop5): unmounting filesystem. [ 209.897733][ T4301] ntfs3: loop1: ntfs_evict_inode r=1a failed, -22. [ 210.216588][ T6318] loop5: detected capacity change from 0 to 256 [ 210.218669][ T6318] FAT-fs (loop5): Unrecognized mount option "uni_xlqte=1" or missing value [ 210.253280][ T4389] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 211.210867][ T6320] loop1: detected capacity change from 0 to 8192 [ 211.316445][ T6320] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 211.319190][ T6320] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 211.321051][ T6320] REISERFS (device loop1): using ordered data mode [ 211.345497][ T6320] reiserfs: using flush barriers [ 211.347236][ T6320] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 211.376008][ T6320] REISERFS (device loop1): checking transaction log (loop1) [ 211.411110][ T6329] loop0: detected capacity change from 0 to 256 [ 211.479755][ T6329] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 211.496783][ T6331] Injecting memory failure for pfn 0x1ae213 at process virtual address 0x20ffb000 [ 211.539207][ T6331] Memory failure: 0x1ae213: recovery action for reserved kernel page: Ignored [ 211.713142][ T27] audit: type=1326 audit(211.700:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6334 comm="syz.5.401" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa0f4d528 code=0x7ffc0000 [ 211.726526][ T27] audit: type=1326 audit(211.700:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6334 comm="syz.5.401" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=277 compat=0 ip=0xffffa0f4d528 code=0x7ffc0000 [ 211.789004][ T27] audit: type=1326 audit(211.760:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6334 comm="syz.5.401" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa0f4d528 code=0x7ffc0000 [ 212.178374][ T27] audit: type=1326 audit(211.760:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6334 comm="syz.5.401" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=220 compat=0 ip=0xffffa0f4d528 code=0x7ffc0000 [ 212.326718][ T6320] REISERFS (device loop1): Using tea hash to sort names [ 212.328502][ T6320] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 212.336811][ T27] audit: type=1326 audit(212.310:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6334 comm="syz.5.401" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa0f4d528 code=0x7ffc0000 [ 212.377317][ T27] audit: type=1326 audit(212.310:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6334 comm="syz.5.401" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa0f4d528 code=0x7ffc0000 [ 212.419057][ T27] audit: type=1326 audit(212.320:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6343 comm="syz.5.401" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=115 compat=0 ip=0xffffa0f78618 code=0x7ffc0000 [ 212.450333][ T27] audit: type=1326 audit(212.380:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6334 comm="syz.5.401" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=200 compat=0 ip=0xffffa0f4d528 code=0x7ffc0000 [ 212.471297][ T27] audit: type=1326 audit(212.380:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6334 comm="syz.5.401" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa0f4d528 code=0x7ffc0000 [ 212.475826][ T27] audit: type=1326 audit(212.380:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6334 comm="syz.5.401" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa0f4d528 code=0x7ffc0000 [ 213.387929][ T6346] loop4: detected capacity change from 0 to 4096 [ 213.511633][ T6346] ntfs: volume version 3.1. [ 213.513156][ T6356] loop5: detected capacity change from 0 to 64 [ 213.649769][ T6344] loop2: detected capacity change from 0 to 32768 [ 213.706915][ T6358] xt_TCPMSS: Only works on TCP SYN packets [ 213.988527][ T6358] loop1: detected capacity change from 0 to 4096 [ 214.045144][ T6358] ntfs: volume version 3.1. [ 214.078804][ T6352] loop0: detected capacity change from 0 to 32768 [ 214.135887][ T6352] XFS (loop0): Mounting V5 Filesystem [ 214.226546][ T6354] loop5: detected capacity change from 0 to 40427 [ 214.301666][ T6354] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x3ffff [ 214.303544][ T6354] F2FS-fs (loop5): Unrecognized mount option "alloc_mèuode=default" or missing value [ 214.401488][ T6354] loop5: detected capacity change from 0 to 512 [ 214.403898][ T6354] EXT4-fs (loop5): Test dummy encryption mode enabled [ 214.407473][ T6352] XFS (loop0): Ending clean mount [ 214.408653][ T6354] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 214.798240][ T6354] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 214.810323][ T6354] EXT4-fs (loop5): 1 truncate cleaned up [ 214.817238][ T6354] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 214.835517][ T6346] netlink: 8 bytes leftover after parsing attributes in process `syz.4.404'. [ 214.858612][ T6346] netlink: 8 bytes leftover after parsing attributes in process `syz.4.404'. [ 214.868379][ T6354] fscrypt: AES-256-XTS using implementation "xts-aes-ce" [ 214.936094][ T6378] loop1: detected capacity change from 0 to 256 [ 214.956948][ T6378] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 215.055417][ T6380] loop4: detected capacity change from 0 to 256 [ 215.057353][ T6380] FAT-fs (loop4): Unrecognized mount option "uni_xlqte=1" or missing value [ 215.368443][ T4293] XFS (loop0): Unmounting Filesystem [ 215.391348][ T4505] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 215.712661][ T6386] loop2: detected capacity change from 0 to 22 [ 215.718886][ T6386] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 215.811026][ T6386] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 216.402332][ T5292] EXT4-fs (loop5): unmounting filesystem. [ 216.478165][ T6388] loop2: detected capacity change from 0 to 256 [ 216.519649][ T6388] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 216.622957][ T6391] netlink: 144 bytes leftover after parsing attributes in process `syz.5.413'. [ 217.274202][ T6397] loop4: detected capacity change from 0 to 256 [ 217.304035][ T6391] loop5: detected capacity change from 0 to 32768 [ 217.312119][ T6391] XFS: ikeep mount option is deprecated. [ 217.313412][ T6391] XFS: attr2 mount option is deprecated. [ 217.399433][ T6391] XFS (loop5): Mounting V5 Filesystem [ 217.503871][ T6391] XFS (loop5): Ending clean mount [ 217.507866][ T6391] XFS (loop5): Quotacheck needed: Please wait. [ 217.571593][ T6391] XFS (loop5): Quotacheck: Done. [ 217.696308][ T5292] XFS (loop5): Unmounting Filesystem [ 217.790303][ T6413] loop0: detected capacity change from 0 to 8192 [ 217.852047][ T6413] loop0: AHDI p1 p3 p4 [ 217.853377][ T6413] loop0: p1 start 458752 is beyond EOD, truncated [ 217.854713][ T6413] loop0: p3 start 33587200 is beyond EOD, truncated [ 218.310542][ T6428] FAULT_INJECTION: forcing a failure. [ 218.310542][ T6428] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 218.313512][ T6428] CPU: 1 PID: 6428 Comm: syz.1.421 Not tainted 6.1.119-syzkaller #0 [ 218.315121][ T6428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 218.317137][ T6428] Call trace: [ 218.317850][ T6428] dump_backtrace+0x1c8/0x1f4 [ 218.318841][ T6428] show_stack+0x2c/0x3c [ 218.319673][ T6428] dump_stack_lvl+0x108/0x170 [ 218.320659][ T6428] dump_stack+0x1c/0x58 [ 218.321526][ T6428] should_fail_ex+0x3c0/0x51c [ 218.322524][ T6428] should_fail+0x14/0x24 [ 218.323410][ T6428] should_fail_usercopy+0x20/0x30 [ 218.324556][ T6428] memdup_user+0xa4/0x210 [ 218.325469][ T6428] strndup_user+0x78/0xe0 [ 218.326359][ T6428] __arm64_sys_add_key+0x1e8/0x550 [ 218.327423][ T6428] invoke_syscall+0x98/0x2bc [ 218.328320][ T6428] el0_svc_common+0x138/0x258 [ 218.329250][ T6428] do_el0_svc+0x58/0x13c [ 218.330194][ T6428] el0_svc+0x58/0x168 [ 218.330966][ T6428] el0t_64_sync_handler+0x84/0xf0 [ 218.332038][ T6428] el0t_64_sync+0x18c/0x190 [ 218.335011][ T6428] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long [ 219.697246][ T6427] loop5: detected capacity change from 0 to 4096 [ 220.344958][ T6427] __ntfs_error: 36 callbacks suppressed [ 220.344973][ T6427] ntfs: (device loop5): parse_options(): NLS character set cp86 not found. Using previous one cp1255. [ 220.363585][ T6427] ntfs: (device loop5): check_mft_mirror(): $MFT and $MFTMirr (record 2) do not match. Run ntfsfix or chkdsk. [ 220.366276][ T6427] ntfs: (device loop5): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 220.411586][ T6427] ntfs: volume version 3.1. [ 220.419657][ T6427] ntfs: (device loop5): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 220.428746][ T6427] ntfs: (device loop5): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 220.432979][ T6427] ntfs: (device loop5): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 220.471985][ T6447] loop0: detected capacity change from 0 to 256 [ 220.502388][ T6447] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 220.537449][ T6427] ntfs: (device loop5): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 220.540277][ T6427] ntfs: (device loop5): ntfs_lookup(): ntfs_lookup_ino_by_name() failed with error code 5. [ 220.746453][ T6451] autofs4:pid:6451:autofs_fill_super: called with bogus options [ 220.747053][ T6446] loop4: detected capacity change from 0 to 8192 [ 220.843242][ T6446] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 220.851334][ T6446] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 220.871846][ T6446] REISERFS (device loop4): using ordered data mode [ 220.873431][ T6446] reiserfs: using flush barriers [ 220.889936][ T6446] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 220.912575][ T6446] REISERFS (device loop4): checking transaction log (loop4) [ 221.256906][ T6446] REISERFS (device loop4): Using tea hash to sort names [ 221.260893][ T6446] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 221.518249][ T6427] netlink: 8 bytes leftover after parsing attributes in process `syz.5.422'. [ 221.520200][ T6427] netlink: 8 bytes leftover after parsing attributes in process `syz.5.422'. [ 221.544534][ T6427] ntfs: (device loop5): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 221.548847][ T6427] ntfs: (device loop5): ntfs_lookup(): ntfs_lookup_ino_by_name() failed with error code 5. [ 221.633443][ T6465] loop2: detected capacity change from 0 to 22 [ 221.636467][ T6465] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 221.851405][ T6465] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 223.055250][ T6465] dccp_invalid_packet: P.CsCov 6 exceeds packet length 400 [ 223.964051][ T6470] loop2: detected capacity change from 0 to 8192 [ 224.017469][ T6470] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 224.020280][ T6470] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 224.034333][ T6470] REISERFS (device loop2): using ordered data mode [ 224.035808][ T6470] reiserfs: using flush barriers [ 224.045713][ T6470] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 224.052545][ T6470] REISERFS (device loop2): checking transaction log (loop2) [ 224.080825][ T6474] loop5: detected capacity change from 0 to 32768 [ 224.093183][ T6474] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 224.095449][ T6474] BTRFS info (device loop5): using crc32c (crc32c-generic) checksum algorithm [ 224.097238][ T6474] BTRFS info (device loop5): setting nodatacow, compression disabled [ 224.098861][ T6474] BTRFS info (device loop5): max_inline at 0 [ 224.100023][ T6474] BTRFS error (device loop5): support for check_integrity* not compiled in! [ 224.105856][ T6474] BTRFS error (device loop5): open_ctree failed [ 224.673389][ T6483] loop4: detected capacity change from 0 to 128 [ 224.701640][ T6483] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 224.745515][ T6483] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 224.970099][ T6483] netlink: 'syz.4.432': attribute type 29 has an invalid length. [ 224.976371][ T6483] netlink: 'syz.4.432': attribute type 29 has an invalid length. [ 225.007814][ T6483] netlink: 'syz.4.432': attribute type 29 has an invalid length. [ 225.076369][ T6473] loop1: detected capacity change from 0 to 8192 [ 225.220861][ T6470] REISERFS (device loop2): Using tea hash to sort names [ 225.243343][ T6470] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 225.294225][ T6487] loop4: detected capacity change from 0 to 256 [ 225.324385][ T6473] loop1: AHDI p1 p3 p4 [ 225.325872][ T6473] loop1: p1 start 458752 is beyond EOD, truncated [ 225.333312][ T6487] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 225.338842][ T6473] loop1: p3 start 33587200 is beyond EOD, truncated [ 225.343452][ T6468] loop0: detected capacity change from 0 to 40427 [ 225.354945][ T6468] F2FS-fs (loop0): invalid crc value [ 226.391236][ T6468] F2FS-fs (loop0): Found nat_bits in checkpoint [ 226.451401][ T3911] loop1: AHDI p1 p3 p4 [ 226.452580][ T3911] loop1: p1 start 458752 is beyond EOD, truncated [ 226.464303][ T3911] loop1: p3 start 33587200 is beyond EOD, truncated [ 226.497460][ T6468] F2FS-fs (loop0): Cannot turn on quotas: -2 on 1 [ 226.607027][ T6468] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 226.788532][ T6498] loop5: detected capacity change from 0 to 8192 [ 226.855967][ T6503] autofs4:pid:6503:autofs_fill_super: called with bogus options [ 226.868613][ T4293] syz-executor: attempt to access beyond end of device [ 226.868613][ T4293] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 226.874630][ T6498] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 226.877474][ T6498] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 226.879399][ T6498] REISERFS (device loop5): using ordered data mode [ 226.880756][ T6498] reiserfs: using flush barriers [ 226.900450][ T6498] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 226.927954][ T6498] REISERFS (device loop5): checking transaction log (loop5) [ 226.938658][ T6507] loop2: detected capacity change from 0 to 256 [ 226.960119][ T6507] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 227.336742][ T6498] REISERFS (device loop5): Using tea hash to sort names [ 227.340525][ T6498] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 227.821596][ T6517] loop4: detected capacity change from 0 to 22 [ 227.824727][ T6517] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 228.625125][ T6517] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 228.720640][ T6517] dccp_invalid_packet: P.CsCov 6 exceeds packet length 400 [ 229.610039][ T6525] loop0: detected capacity change from 0 to 22 [ 229.612096][ T6525] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 229.614605][ T6525] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 229.619696][ T6525] dccp_invalid_packet: P.CsCov 6 exceeds packet length 400 [ 230.108980][ T6522] loop5: detected capacity change from 0 to 32768 [ 230.146532][ T6522] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz.5.446 (6522) [ 230.177468][ T6522] BTRFS info (device loop5): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 230.179669][ T6522] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 230.211662][ T6522] BTRFS info (device loop5): force zlib compression, level 3 [ 230.213320][ T6522] BTRFS info (device loop5): force clearing of disk cache [ 230.214633][ T6522] BTRFS info (device loop5): setting nodatasum [ 230.215840][ T6522] BTRFS info (device loop5): use zlib compression, level 3 [ 230.217366][ T6522] BTRFS info (device loop5): allowing degraded mounts [ 230.218817][ T6522] BTRFS info (device loop5): enabling disk space caching [ 230.220204][ T6522] BTRFS info (device loop5): disk space caching is enabled [ 230.514221][ T6522] BTRFS info (device loop5): enabling ssd optimizations [ 230.518100][ T6522] BTRFS info (device loop5): rebuilding free space tree [ 230.591919][ T6522] BTRFS info (device loop5): disabling free space tree [ 230.593496][ T6522] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 230.595674][ T6522] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 230.668806][ T6522] BTRFS info (device loop5): balance: start -f -sprofiles=0x8000000000000000,devid=0,limit=5,limit=5..0,stripes=6..1025 [ 230.672203][ T6522] BTRFS info (device loop5): balance: ended with status: 0 [ 230.949371][ T6557] loop0: detected capacity change from 0 to 256 [ 230.980927][ T6557] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 231.017364][ T6559] autofs4:pid:6559:autofs_fill_super: called with bogus options [ 231.475316][ T6568] loop2: detected capacity change from 0 to 8192 [ 231.486801][ T6568] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 231.489731][ T6568] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 231.505650][ T6568] REISERFS (device loop2): using ordered data mode [ 231.507243][ T6568] reiserfs: using flush barriers [ 231.523441][ T6568] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 231.547466][ T6568] REISERFS (device loop2): checking transaction log (loop2) [ 231.760962][ T5292] BTRFS info (device loop5): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 232.160847][ T6568] REISERFS (device loop2): Using tea hash to sort names [ 232.191455][ T6568] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 232.835367][ T6586] loop5: detected capacity change from 0 to 128 [ 233.196468][ T6586] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 233.206430][ T6586] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 233.286323][ T6586] netlink: 'syz.5.460': attribute type 29 has an invalid length. [ 233.288500][ T6586] netlink: 'syz.5.460': attribute type 29 has an invalid length. [ 233.291862][ T6586] netlink: 'syz.5.460': attribute type 29 has an invalid length. [ 233.680526][ T6591] loop5: detected capacity change from 0 to 1024 [ 234.040725][ T6591] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 234.111993][ T6598] loop4: detected capacity change from 0 to 22 [ 234.117799][ T6598] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 234.143482][ T6598] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 234.192858][ T6598] dccp_invalid_packet: P.CsCov 6 exceeds packet length 400 [ 235.398890][ T5292] EXT4-fs (loop5): unmounting filesystem. [ 235.526830][ T6608] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 235.538830][ T6608] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.941526][ T6602] loop4: detected capacity change from 0 to 40427 [ 235.954924][ T6602] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 235.956689][ T6602] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 236.083889][ T6602] F2FS-fs (loop4): Found nat_bits in checkpoint [ 236.178313][ T6608] loop5: detected capacity change from 0 to 32768 [ 236.286697][ T6602] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 236.288351][ T6602] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 236.308050][ T6611] loop0: detected capacity change from 0 to 32768 [ 236.321341][ T6611] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.468 (6611) [ 236.474454][ T6611] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 236.479046][ T6611] BTRFS info (device loop0): using sha256 (sha256-ce) checksum algorithm [ 236.481111][ T6611] BTRFS info (device loop0): using free space tree [ 236.497422][ T6608] XFS (loop5): Mounting V5 Filesystem [ 237.071266][ T6608] XFS (loop5): Ending clean mount [ 237.201365][ T6608] XFS (loop5): Metadata CRC error detected at xfs_rmapbt_read_verify+0x50/0x108, xfs_rmapbt block 0x14 [ 237.204269][ T6608] XFS (loop5): Unmount and run xfs_repair [ 237.205452][ T6608] XFS (loop5): First 128 bytes of corrupted metadata buffer: [ 237.207248][ T6611] BTRFS info (device loop0): enabling ssd optimizations [ 237.271345][ T6608] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 237.273428][ T6608] 00000010: 00 a7 50 00 00 00 00 14 00 00 00 01 00 00 00 80 ..P............. [ 237.275325][ T6608] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 237.277175][ T6608] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 237.279179][ T6608] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 237.280963][ T6608] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 237.296248][ T6608] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 237.299744][ T6608] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 237.305429][ T6608] XFS (loop5): metadata I/O error in "xfs_btree_read_buf_block+0x1f4/0x2f8" at daddr 0x14 len 4 error 74 [ 237.316397][ T6608] XFS (loop5): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x1b20/0x24c0 (fs/xfs/libxfs/xfs_defer.c:573). Shutting down filesystem. [ 237.328401][ T6643] loop2: detected capacity change from 0 to 8192 [ 237.330205][ T6608] XFS (loop5): Please unmount the filesystem and rectify the problem(s) [ 237.566868][ T6654] capability: warning: `syz.2.473' uses deprecated v2 capabilities in a way that may be insecure [ 237.584058][ T4306] Bluetooth: Wrong link type (-22) [ 237.825463][ T6668] loop1: detected capacity change from 0 to 1024 [ 237.865833][ T6668] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 238.058724][ T6675] loop4: detected capacity change from 0 to 22 [ 238.064701][ T6675] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 238.925580][ T5292] XFS (loop5): Unmounting Filesystem [ 238.954583][ T6675] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 238.989038][ T6675] dccp_invalid_packet: P.CsCov 6 exceeds packet length 400 [ 239.223131][ T4301] EXT4-fs (loop1): unmounting filesystem. [ 239.451652][ T6683] loop4: detected capacity change from 0 to 256 [ 239.453832][ T6683] FAT-fs (loop4): Unrecognized mount option "uni_xlqte=1" or missing value [ 240.936537][ T6689] loop4: detected capacity change from 0 to 256 [ 241.570377][ T6694] loop4: detected capacity change from 0 to 8192 [ 241.612747][ T6694] loop4: AHDI p1 p3 p4 [ 241.613865][ T6694] loop4: p1 start 458752 is beyond EOD, truncated [ 241.615296][ T6694] loop4: p3 start 33587200 is beyond EOD, truncated [ 241.620269][ T3911] loop4: AHDI p1 p3 p4 [ 241.621796][ T3911] loop4: p1 start 458752 is beyond EOD, truncated [ 241.623254][ T3911] loop4: p3 start 33587200 is beyond EOD, truncated [ 241.769632][ T6698] FAULT_INJECTION: forcing a failure. [ 241.769632][ T6698] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 241.784998][ T6698] CPU: 1 PID: 6698 Comm: syz.5.479 Not tainted 6.1.119-syzkaller #0 [ 241.786732][ T6698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 241.788867][ T6698] Call trace: [ 241.789562][ T6698] dump_backtrace+0x1c8/0x1f4 [ 241.790658][ T6698] show_stack+0x2c/0x3c [ 241.791684][ T6698] dump_stack_lvl+0x108/0x170 [ 241.792626][ T6698] dump_stack+0x1c/0x58 [ 241.793425][ T6698] should_fail_ex+0x3c0/0x51c [ 241.794402][ T6698] should_fail+0x14/0x24 [ 241.795252][ T6698] should_fail_usercopy+0x20/0x30 [ 241.796262][ T6698] iovec_from_user+0xcc/0x5e0 [ 241.797343][ T6698] __import_iovec+0x84/0x448 [ 241.798379][ T6698] import_iovec+0x88/0xa4 [ 241.799350][ T6698] copy_msghdr_from_user+0x3f4/0x59c [ 241.800502][ T6698] __sys_sendmsg+0x200/0x33c [ 241.801499][ T6698] __arm64_sys_sendmsg+0x80/0x94 [ 241.802530][ T6698] invoke_syscall+0x98/0x2bc [ 241.803466][ T6698] el0_svc_common+0x138/0x258 [ 241.804523][ T6698] do_el0_svc+0x58/0x13c [ 241.805496][ T6698] el0_svc+0x58/0x168 [ 241.806394][ T6698] el0t_64_sync_handler+0x84/0xf0 [ 241.807563][ T6698] el0t_64_sync+0x18c/0x190 [ 241.857567][ T6696] loop1: detected capacity change from 0 to 8192 [ 242.046151][ T6704] loop1: detected capacity change from 0 to 256 [ 242.055231][ T6704] exfat: Deprecated parameter 'namecase' [ 242.079515][ T6704] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 242.133747][ T6707] netlink: 8 bytes leftover after parsing attributes in process `syz.5.487'. [ 242.136183][ T6707] netlink: 4 bytes leftover after parsing attributes in process `syz.5.487'. [ 242.329619][ T6710] loop2: detected capacity change from 0 to 256 [ 242.347501][ T6710] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 242.359283][ T6712] loop5: detected capacity change from 0 to 256 [ 242.373971][ T6712] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 242.412329][ T4293] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 244.710328][ T6726] loop5: detected capacity change from 0 to 256 [ 244.733103][ T6726] FAT-fs (loop5): Unrecognized mount option "uni_xlqte=1" or missing value [ 244.768159][ T4389] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 244.885702][ T6730] loop0: detected capacity change from 0 to 256 [ 244.956773][ T6730] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 245.149909][ T6734] loop5: detected capacity change from 0 to 256 [ 245.794695][ T6731] loop2: detected capacity change from 0 to 4096 [ 245.796533][ T6731] ntfs3: Unknown parameter '' [ 245.909654][ T6715] libceph: connect (1)[c::]:6789 error -101 [ 245.911980][ T6715] libceph: mon0 (1)[c::]:6789 connect error [ 246.354271][ T6744] loop1: detected capacity change from 0 to 8192 [ 246.511497][ T6715] libceph: connect (1)[c::]:6789 error -101 [ 246.513083][ T6715] libceph: mon0 (1)[c::]:6789 connect error [ 246.763324][ T6737] ceph: No mds server is up or the cluster is laggy [ 246.785409][ T4347] libceph: connect (1)[c::]:6789 error -101 [ 246.786860][ T4347] libceph: mon0 (1)[c::]:6789 connect error [ 246.856708][ T6760] loop2: detected capacity change from 0 to 256 [ 246.910608][ T6760] exfat: Deprecated parameter 'namecase' [ 246.933677][ T6760] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 247.122603][ T6764] loop4: detected capacity change from 0 to 256 [ 247.135286][ T6754] loop1: detected capacity change from 0 to 32768 [ 247.148554][ T6754] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.497 (6754) [ 247.161980][ T6754] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 247.164235][ T6754] BTRFS info (device loop1): using sha256 (sha256-ce) checksum algorithm [ 247.164642][ T6764] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 247.166102][ T6754] BTRFS info (device loop1): turning off barriers [ 247.182704][ T6754] BTRFS info (device loop1): force clearing of disk cache [ 247.184580][ T6754] BTRFS info (device loop1): doing ref verification [ 247.185981][ T6754] BTRFS info (device loop1): using free space tree [ 247.233859][ T6767] netlink: 12 bytes leftover after parsing attributes in process `syz.5.504'. [ 247.719132][ T6754] BTRFS info (device loop1): enabling ssd optimizations [ 247.727598][ T6754] BTRFS info (device loop1): rebuilding free space tree [ 247.904774][ T6754] BTRFS info (device loop1): checking UUID tree [ 247.909410][ T6790] loop0: detected capacity change from 0 to 1024 [ 248.096963][ T6790] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 248.212154][ T6799] netlink: 'syz.1.497': attribute type 2 has an invalid length. [ 249.042826][ T2058] ieee802154 phy0 wpan0: encryption failed: -22 [ 249.044305][ T2058] ieee802154 phy1 wpan1: encryption failed: -22 [ 249.301801][ T6808] loop2: detected capacity change from 0 to 256 [ 249.546626][ T4301] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 249.599180][ T4389] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 249.891766][ T4293] EXT4-fs (loop0): unmounting filesystem. [ 249.966613][ T6819] FAULT_INJECTION: forcing a failure. [ 249.966613][ T6819] name failslab, interval 1, probability 0, space 0, times 0 [ 249.977913][ T6819] CPU: 1 PID: 6819 Comm: syz.1.509 Not tainted 6.1.119-syzkaller #0 [ 249.979698][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 249.981756][ T6819] Call trace: [ 249.982469][ T6819] dump_backtrace+0x1c8/0x1f4 [ 249.983446][ T6819] show_stack+0x2c/0x3c [ 249.984333][ T6819] dump_stack_lvl+0x108/0x170 [ 249.985324][ T6819] dump_stack+0x1c/0x58 [ 249.986254][ T6819] should_fail_ex+0x3c0/0x51c [ 249.987254][ T6819] __should_failslab+0xc8/0x128 [ 249.988347][ T6819] should_failslab+0x10/0x28 [ 249.989348][ T6819] kmem_cache_alloc+0x8c/0x37c [ 249.990327][ T6819] vm_area_alloc+0x2c/0xe0 [ 249.991240][ T6819] mmap_region+0x1118/0x2208 [ 249.992238][ T6819] do_mmap+0x9ac/0x110c [ 249.993089][ T6819] vm_mmap_pgoff+0x1a4/0x2b4 [ 249.994058][ T6819] ksys_mmap_pgoff+0xd0/0x5b0 [ 249.995050][ T6819] __arm64_sys_mmap+0xf8/0x110 [ 249.996060][ T6819] invoke_syscall+0x98/0x2bc [ 249.996993][ T6819] el0_svc_common+0x138/0x258 [ 249.998110][ T6819] do_el0_svc+0x58/0x13c [ 249.999098][ T6819] el0_svc+0x58/0x168 [ 250.000062][ T6819] el0t_64_sync_handler+0x84/0xf0 [ 250.001180][ T6819] el0t_64_sync+0x18c/0x190 [ 250.152679][ T6826] netlink: 428 bytes leftover after parsing attributes in process `syz.4.516'. [ 250.154652][ T6826] netlink: 32 bytes leftover after parsing attributes in process `syz.4.516'. [ 250.326354][ T6830] 8021q: adding VLAN 0 to HW filter on device bond1 [ 250.364641][ T6833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 250.366702][ T6833] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 250.414244][ T6804] loop5: detected capacity change from 0 to 40427 [ 250.428055][ T6813] loop2: detected capacity change from 0 to 32768 [ 250.436354][ T6804] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x16481 [ 250.441226][ T6813] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop2 scanned by syz.2.511 (6813) [ 250.445543][ T6813] BTRFS info (device loop2): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 250.447960][ T6813] BTRFS info (device loop2): using sha256 (sha256-ce) checksum algorithm [ 250.455293][ T6804] F2FS-fs (loop5): invalid crc value [ 250.468236][ T6813] BTRFS info (device loop2): disabling tree log [ 250.469591][ T6813] BTRFS info (device loop2): enabling tree log [ 250.470897][ T6813] BTRFS info (device loop2): using free space tree [ 250.479289][ T6804] F2FS-fs (loop5): Found nat_bits in checkpoint [ 250.530382][ T6804] F2FS-fs (loop5): Start checkpoint disabled! [ 250.558920][ T6804] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 250.684457][ T6813] BTRFS info (device loop2): enabling ssd optimizations [ 250.687993][ T6813] BTRFS info (device loop2): checking UUID tree [ 250.921554][ T4300] BTRFS info (device loop2): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 251.042280][ T4572] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 251.293563][ T4572] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 251.297242][ T4572] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 251.303571][ T4572] usb 1-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 251.305706][ T4572] usb 1-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 251.309826][ T4572] usb 1-1: Product: syz [ 251.311942][ T4572] usb 1-1: Manufacturer: syz [ 251.312950][ T4572] usb 1-1: SerialNumber: syz [ 251.332792][ T4572] usb 1-1: config 0 descriptor?? [ 251.438253][ T6889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 251.440305][ T6889] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 251.558274][ T4572] usb 1-1: USB disconnect, device number 2 [ 252.332615][ T6923] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 252.335528][ T6923] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 252.810364][ T6937] mmap: syz.4.557 (6937) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 252.917818][ T6937] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 252.924906][ T6937] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 252.995285][ T6941] binder: 6940:6941 tried to acquire reference to desc 0, got 1 instead [ 252.998691][ T6941] binder: 6940:6941 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 253.001957][ T6941] binder: 6941 RLIMIT_NICE not set [ 253.003248][ T6941] binder: 6941 RLIMIT_NICE not set [ 253.004576][ T6941] binder: send failed reply for transaction 5 to 6940:6941 [ 253.006341][ T6941] binder: 6940:6941 ioctl c0306201 20000140 returned -14 [ 253.008390][ T4345] binder: undelivered TRANSACTION_COMPLETE [ 253.009916][ T4345] binder: undelivered TRANSACTION_ERROR: 29201 [ 253.112887][ T6919] device syzkaller1 entered promiscuous mode [ 253.117734][ T6930] IPv6: sit1: Disabled Multicast RS [ 253.384274][ T6958] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 253.391705][ T6958] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 254.051318][ T6982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 254.061598][ T6982] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 254.254270][ T6995] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 254.256226][ T6995] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 254.520427][ T7003] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 254.529253][ T7005] netlink: 'syz.0.586': attribute type 10 has an invalid length. [ 254.530530][ T7003] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 254.581284][ T7005] team0: Port device netdevsim0 added [ 254.747889][ T4306] Bluetooth: hci0: unexpected event 0x06 length: 4 > 3 [ 254.848896][ T27] audit: type=1326 audit(254.830:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 254.859964][ T27] audit: type=1326 audit(254.840:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=138 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 254.871670][ T27] audit: type=1326 audit(254.850:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 255.421225][ T7] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 255.462043][ T7032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.466583][ T7032] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 255.601314][ T7] usb 1-1: Using ep0 maxpacket: 32 [ 255.605060][ T7] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 255.607429][ T7] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 255.610996][ T7] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 255.614462][ T7] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 255.619637][ T7] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 17984, setting to 1024 [ 255.624483][ T7] usb 1-1: config 1 interface 1 has no altsetting 0 [ 255.630188][ T7] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 255.633648][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.639682][ T7] usb 1-1: Product: syz [ 255.640621][ T7] usb 1-1: Manufacturer: syz [ 255.646516][ T7] usb 1-1: SerialNumber: syz [ 255.889026][ T7] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor [ 255.890967][ T7] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor [ 255.977403][ T7] usb 1-1: USB disconnect, device number 3 [ 256.001240][ T4299] Bluetooth: hci4: command 0x0406 tx timeout [ 256.036623][ T7050] netlink: 'syz.2.606': attribute type 29 has an invalid length. [ 256.038702][ T7050] netlink: 'syz.2.606': attribute type 29 has an invalid length. [ 256.052691][ T7050] netlink: 'syz.2.606': attribute type 29 has an invalid length. [ 256.067693][ T7050] netlink: 'syz.2.606': attribute type 29 has an invalid length. [ 256.298560][ T7069] netlink: 4 bytes leftover after parsing attributes in process `syz.4.615'. [ 256.328048][ T4306] Bluetooth: hci4: unexpected event for opcode 0x1003 [ 256.337318][ T4506] udevd[4506]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 256.711669][ T7] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 256.811314][ T4306] Bluetooth: hci0: command 0x2016 tx timeout [ 256.893858][ T7] usb 1-1: config 0 has an invalid interface number: 120 but max is 0 [ 256.895607][ T7] usb 1-1: config 0 has no interface number 0 [ 256.896988][ T7] usb 1-1: config 0 interface 120 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 256.899353][ T7] usb 1-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 256.906255][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.913669][ T7] usb 1-1: config 0 descriptor?? [ 256.917230][ T7080] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 257.135483][ T4572] usb 1-1: USB disconnect, device number 4 [ 257.569556][ T7112] tipc: Enabling of bearer rejected, failed to enable media [ 257.717188][ T7117] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 257.726357][ T7117] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 257.856796][ T7126] netlink: 'syz.5.639': attribute type 11 has an invalid length. [ 257.858851][ T7126] netlink: 20 bytes leftover after parsing attributes in process `syz.5.639'. [ 258.220149][ T7144] tipc: Can't bind to reserved service type 1 [ 258.230446][ T7146] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 258.264827][ T7146] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 258.881384][ T4299] Bluetooth: hci0: command 0x0406 tx timeout [ 258.957968][ T7180] netlink: 8 bytes leftover after parsing attributes in process `syz.4.662'. [ 258.959834][ T7180] netlink: 'syz.4.662': attribute type 19 has an invalid length. [ 258.962421][ T7180] netlink: 12 bytes leftover after parsing attributes in process `syz.4.662'. [ 259.067058][ T7186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 259.085121][ T7186] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 259.330414][ T7192] xt_CT: No such helper "snmp" [ 259.381307][ T4345] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 259.561298][ T4345] usb 1-1: Using ep0 maxpacket: 8 [ 259.566126][ T4345] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 259.568102][ T4345] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.569737][ T4345] usb 1-1: Product: syz [ 259.570659][ T4345] usb 1-1: Manufacturer: syz [ 259.572088][ T4345] usb 1-1: SerialNumber: syz [ 259.576795][ T4345] usb 1-1: config 0 descriptor?? [ 259.780929][ T4345] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 260.150152][ T7225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 260.153783][ T7225] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 260.793355][ T4345] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -71 [ 260.797469][ T4345] usb 1-1: USB disconnect, device number 5 [ 261.100332][ T7246] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.106261][ T7246] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 261.591397][ T7266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.593343][ T7266] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 262.250412][ T7308] loop9: detected capacity change from 0 to 7 [ 262.258574][ T7308] Dev loop9: unable to read RDB block 7 [ 262.260578][ T7308] loop9: unable to read partition table [ 262.263212][ T7308] loop9: partition table beyond EOD, truncated [ 262.264564][ T7308] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 262.308570][ T7311] nvme_fabrics: missing parameter 'transport=%s' [ 262.310314][ T7311] nvme_fabrics: missing parameter 'nqn=%s' [ 262.524918][ T7330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 262.527099][ T7330] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 262.980106][ T7343] Cannot find set identified by id 0 to match [ 262.993298][ T7347] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 262.997649][ T7347] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.341872][ T5659] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 263.523171][ T5659] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 263.525562][ T5659] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 263.527727][ T5659] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 263.530382][ T5659] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.544834][ T5659] usb 1-1: config 0 descriptor?? [ 263.562570][ T7366] could not allocate digest TFM handle sha1-ssse3 [ 264.765742][ T5659] uclogic 0003:256C:006D.0001: v1 frame probing failed: -71 [ 264.767873][ T5659] uclogic 0003:256C:006D.0001: failed probing parameters: -71 [ 264.769441][ T5659] uclogic: probe of 0003:256C:006D.0001 failed with error -71 [ 264.780635][ T5659] usb 1-1: USB disconnect, device number 6 [ 264.909845][ T7419] device team_slave_0 entered promiscuous mode [ 264.911530][ T7419] device team_slave_1 entered promiscuous mode [ 264.916531][ T7419] team0: Device macsec1 is already an upper device of the team interface [ 264.928065][ T7419] device team_slave_0 left promiscuous mode [ 264.929326][ T7419] device team_slave_1 left promiscuous mode [ 265.505911][ T7436] binder: 7435:7436 tried to acquire reference to desc 0, got 1 instead [ 265.507792][ T7436] binder: tried to use weak ref as strong ref [ 265.509454][ T7436] binder: 7435:7436 got transaction to invalid handle, 1 [ 265.530957][ T7436] binder: 7436:7435 cannot find target node [ 265.554863][ T7436] binder: 7435:7436 transaction call to 0:0 failed 10/29201/-22, size 0-97 line 3054 [ 265.557017][ T7436] binder: 7435:7436 ioctl c0306201 20000480 returned -14 [ 265.565039][ T5659] binder: undelivered TRANSACTION_ERROR: 29201 [ 265.665704][ T7434] xt_CT: No such helper "snmp" [ 265.990874][ T4306] Bluetooth: hci0: unexpected event for opcode 0x1004 [ 266.669774][ T7491] netlink: 44 bytes leftover after parsing attributes in process `syz.1.787'. [ 267.174666][ T7507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 267.180015][ T7507] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 267.317741][ T7513] netlink: 4 bytes leftover after parsing attributes in process `syz.0.796'. [ 267.613204][ T7529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 267.616015][ T7529] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 267.689267][ T7531] netlink: 36 bytes leftover after parsing attributes in process `syz.5.804'. [ 268.235758][ T7554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 268.243192][ T7554] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 268.375297][ T7560] ALSA: seq fatal error: cannot create timer (-22) [ 268.462099][ T7566] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 268.474610][ T7566] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 268.716355][ T4455] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 268.830544][ T7571] netlink: 20 bytes leftover after parsing attributes in process `syz.4.821'. [ 268.836870][ T7571] netlink: 20 bytes leftover after parsing attributes in process `syz.4.821'. [ 268.891356][ T4455] usb 1-1: Using ep0 maxpacket: 32 [ 268.894663][ T4455] usb 1-1: unable to get BOS descriptor or descriptor too short [ 268.897457][ T4455] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 256, setting to 64 [ 268.904906][ T4455] usb 1-1: New USB device found, idVendor=0123, idProduct=0001, bcdDevice=4a.fe [ 268.912899][ T4455] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.913316][ T7573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 268.918145][ T7573] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 268.919739][ T4455] usb 1-1: Product: syz [ 268.920754][ T4455] usb 1-1: Manufacturer: syz [ 268.926360][ T4455] usb 1-1: SerialNumber: syz [ 268.935383][ T4455] usb 1-1: config 0 descriptor?? [ 269.100947][ T7575] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 269.110070][ T7575] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 269.144720][ T4455] usbtouchscreen: probe of 1-1:0.0 failed with error -71 [ 269.154916][ T4455] usb 1-1: USB disconnect, device number 7 [ 269.510663][ T7581] binder: 7579:7581 tried to acquire reference to desc 0, got 1 instead [ 269.568813][ T24] binder: release 7579:7585 transaction 15 out, still active [ 269.570922][ T24] binder: undelivered TRANSACTION_COMPLETE [ 269.633260][ T24] binder: send failed reply for transaction 15, target dead [ 270.043204][ T7610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 270.045204][ T7610] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 270.717181][ T7599] team0 (unregistering): Port device team_slave_0 removed [ 270.737459][ T7599] team0 (unregistering): Port device team_slave_1 removed [ 271.043846][ T7645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 271.047270][ T7645] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 271.101310][ T4455] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 271.288709][ T4455] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 271.290541][ T4455] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 271.292901][ T4455] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 271.294723][ T4455] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 271.297006][ T4455] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 271.307101][ T4455] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 271.309139][ T4455] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 271.311039][ T4455] usb 1-1: Product: syz [ 271.313052][ T4455] usb 1-1: Manufacturer: syz [ 271.317831][ T4455] cdc_wdm 1-1:1.0: skipping garbage [ 271.318952][ T4455] cdc_wdm 1-1:1.0: skipping garbage [ 271.337497][ T4455] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 271.338807][ T4455] cdc_wdm 1-1:1.0: Unknown control protocol [ 271.405585][ T7650] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 271.407559][ T7650] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 271.486920][ T7652] netlink: 376 bytes leftover after parsing attributes in process `syz.4.852'. [ 271.524571][ T4455] usb 1-1: USB disconnect, device number 8 [ 271.565817][ T7654] netlink: 12 bytes leftover after parsing attributes in process `syz.4.853'. [ 271.595116][ T7656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 271.598255][ T7656] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 271.867759][ T7671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 271.869819][ T7671] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 271.952918][ T7675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 271.954977][ T7675] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 272.071460][ T7679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 272.073619][ T7679] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 272.311262][ T4455] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 272.500439][ T4455] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 272.502658][ T4455] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 272.505003][ T4455] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 272.508096][ T4455] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 272.513302][ T4455] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 272.519604][ T4455] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 272.525176][ T4455] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 272.528123][ T4455] usb 1-1: Product: syz [ 272.528978][ T4455] usb 1-1: Manufacturer: syz [ 272.548284][ T4455] cdc_wdm 1-1:1.0: skipping garbage [ 272.550700][ T4455] cdc_wdm 1-1:1.0: skipping garbage [ 272.558787][ T4455] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 272.566210][ T4455] cdc_wdm 1-1:1.0: Unknown control protocol [ 272.753367][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 272.754711][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 272.756663][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 272.758140][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 272.759329][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 272.760788][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 272.762920][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 272.764172][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 272.765468][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 272.766864][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 272.768186][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 272.769509][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 272.770801][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 272.772761][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 272.774066][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 272.780387][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 272.781639][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 272.784600][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 272.785875][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 272.797085][ T4455] usb 1-1: USB disconnect, device number 9 [ 273.062812][ T7707] binder: 7706:7707 ioctl 80284504 20000380 returned -22 [ 273.080347][ T7707] binder: 7706:7707 tried to acquire reference to desc 0, got 1 instead [ 273.279145][ T7715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 273.287439][ T7715] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 273.312312][ T7697] syz.1.871 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 273.611113][ T4306] Bluetooth: hci3: unexpected event for opcode 0x0401 [ 273.856474][ T4345] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 273.989196][ T7745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 273.994766][ T7745] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 274.053704][ T4345] usb 1-1: config 0 interface 0 has no altsetting 0 [ 274.055241][ T4345] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 274.057156][ T4345] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.062339][ T4345] usb 1-1: config 0 descriptor?? [ 274.511675][ T7765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 274.514859][ T7765] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 275.079821][ T4345] video4linux radio2: keene_cmd_set failed (-71) [ 275.081794][ T4345] radio-keene 1-1:0.0: V4L2 device registered as radio2 [ 275.084743][ T4345] usb 1-1: USB disconnect, device number 10 [ 275.569651][ T7795] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 275.677068][ T7797] device vlan3 entered promiscuous mode [ 275.685382][ T7801] device veth0 entered promiscuous mode [ 275.687588][ T7801] device macvlan2 entered promiscuous mode [ 275.747055][ T7805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 275.749059][ T7805] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 275.876304][ T7813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 275.879671][ T7813] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.843217][ T7842] netlink: 12 bytes leftover after parsing attributes in process `syz.1.933'. [ 276.905006][ T7847] rtc-efi rtc-efi.0: write status is 3 [ 276.940720][ T7840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 276.957402][ T7840] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 277.098281][ T7857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 277.100435][ T7857] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 277.327961][ T7866] input: syz0 as /devices/virtual/input/input5 [ 277.910321][ T7895] input: syz0 as /devices/virtual/input/input6 [ 278.067540][ T7907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.082319][ T7907] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.283177][ T7924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.285212][ T7924] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.329598][ T7927] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.335403][ T7927] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.697546][ T7947] xt_hashlimit: size too large, truncated to 1048576 [ 278.699179][ T7947] xt_hashlimit: max too large, truncated to 1048576 [ 278.758409][ T7952] binder: BINDER_SET_CONTEXT_MGR already set [ 278.760004][ T7952] binder: 7946:7952 ioctl 4018620d 20000280 returned -16 [ 278.866328][ T7957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.870341][ T7957] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.978238][ T7963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.981042][ T7963] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.030123][ T7963] device team_slave_0 entered promiscuous mode [ 279.031580][ T7963] device team_slave_1 entered promiscuous mode [ 279.033360][ T7963] device macsec1 entered promiscuous mode [ 279.034559][ T7963] device team0 entered promiscuous mode [ 279.037224][ T7963] team0: Device macsec1 is already an upper device of the team interface [ 279.039884][ T7963] device team0 left promiscuous mode [ 279.042288][ T7963] device team_slave_0 left promiscuous mode [ 279.043598][ T7963] device team_slave_1 left promiscuous mode [ 279.478246][ T27] audit: type=1326 audit(279.460:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7974 comm="syz.5.992" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffffa0f4d528 code=0x0 [ 279.777311][ T7987] netlink: 104 bytes leftover after parsing attributes in process `syz.4.997'. [ 280.260114][ T8010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 280.267485][ T8010] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 280.621289][ T24] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 280.806903][ T24] usb 1-1: unable to get BOS descriptor or descriptor too short [ 280.813117][ T24] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 280.814720][ T24] usb 1-1: can't read configurations, error -71 [ 280.987218][ T27] audit: type=1326 audit(280.970:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8022 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 280.993521][ T27] audit: type=1326 audit(280.970:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8022 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 280.998021][ T27] audit: type=1326 audit(280.970:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8022 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 281.015393][ T27] audit: type=1326 audit(280.970:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8022 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=203 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 281.020010][ T27] audit: type=1326 audit(280.980:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8022 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 281.044985][ T27] audit: type=1326 audit(280.980:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8022 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=146 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 281.055141][ T27] audit: type=1326 audit(280.980:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8022 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 281.213612][ T8034] dccp_close: ABORT with 1 bytes unread [ 281.663015][ T8042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 281.664949][ T8042] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 281.700322][ T8062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 281.702539][ T8062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 281.742670][ T8067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 281.751447][ T8067] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 281.764138][ T8069] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 281.797641][ T8070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 281.799669][ T8070] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 282.296213][ T8076] binder: 8075:8076 tried to acquire reference to desc 0, got 1 instead [ 282.298566][ T8076] binder: 8075:8076 got transaction with invalid parent offset or type [ 282.300452][ T8076] binder: 8075:8076 transaction call to 8075:0 failed 26/29201/-22, size 96-24 line 3448 [ 282.319646][ T5659] binder: undelivered TRANSACTION_ERROR: 29201 [ 282.618764][ T8094] binder: 8092:8094 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 282.759648][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 282.920820][ T8109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 282.929327][ T8109] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 283.254913][ T8121] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 283.256939][ T8121] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 283.278593][ T8121] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 283.280767][ T8121] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 283.915683][ T8142] syz.2.1066 sent an empty control message without MSG_MORE. [ 284.267126][ T27] audit: type=1326 audit(284.250:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8156 comm="syz.0.1073" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb4d528 code=0x7ffc0000 [ 284.287042][ T27] audit: type=1326 audit(284.270:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8156 comm="syz.0.1073" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=199 compat=0 ip=0xffff8bb4d528 code=0x7ffc0000 [ 284.483100][ T8170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 284.489754][ T8170] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.089599][ T8192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 285.093810][ T8192] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.098874][ T8192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 285.104128][ T8192] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.178475][ T8197] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1092'. [ 285.278807][ T8201] IPv6: Can't replace route, no match found [ 285.334638][ T8203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 285.336613][ T8203] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.410196][ T8208] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 285.413728][ T8208] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.414412][ T8209] vivid-000: disconnect [ 285.418224][ T8209] vivid-000: reconnect [ 285.711558][ T8217] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 285.720682][ T8217] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.801293][ T7] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 285.981294][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 285.984027][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 285.987996][ T7] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 285.989935][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.002901][ T7] usb 1-1: Product: syz [ 286.004038][ T7] usb 1-1: Manufacturer: syz [ 286.005049][ T7] usb 1-1: SerialNumber: syz [ 286.013707][ T7] usb 1-1: config 0 descriptor?? [ 286.015564][ T4306] Bluetooth: hci3: unexpected event for opcode 0x2062 [ 286.024201][ T7] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 286.026366][ T7] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 286.088442][ T8236] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 286.092821][ T8236] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 286.406698][ T8248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 286.413797][ T8248] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 286.420953][ T8248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 286.427826][ T8248] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 286.434601][ T8248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 286.443937][ T8248] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 286.638170][ T7] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 287.001639][ T8268] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 287.003800][ T8268] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 287.128639][ T8270] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1123'. [ 287.186785][ T8272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 287.189049][ T8272] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 287.254251][ T7] em28xx 1-1:0.0: failed to get i2c transfer status from bridge register (error=-5) [ 287.256813][ T7] em28xx 1-1:0.0: board has no eeprom [ 287.341249][ T7] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 287.343009][ T7] em28xx 1-1:0.0: dvb set to bulk mode. [ 287.345387][ T4455] em28xx 1-1:0.0: Binding DVB extension [ 287.362658][ T7] usb 1-1: USB disconnect, device number 13 [ 287.367284][ T7] em28xx 1-1:0.0: Disconnecting em28xx [ 287.412690][ T4455] em28xx 1-1:0.0: Registering input extension [ 287.414699][ T7] em28xx 1-1:0.0: Closing input extension [ 287.467180][ T7] em28xx 1-1:0.0: Freeing device [ 287.548335][ T8286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 287.557122][ T8286] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 288.028286][ T8311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.030251][ T8311] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 288.119483][ T8313] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1142'. [ 288.654822][ T8327] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 288.907433][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.910281][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 288.910293][ T27] audit: type=1326 audit(288.890:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8338 comm="syz.2.1154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa234d528 code=0x7ffc0000 [ 288.921415][ T27] audit: type=1326 audit(288.910:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8338 comm="syz.2.1154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa234d528 code=0x7ffc0000 [ 288.925951][ T27] audit: type=1326 audit(288.910:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8338 comm="syz.2.1154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=65 compat=0 ip=0xffffa234d528 code=0x7ffc0000 [ 288.930533][ T27] audit: type=1326 audit(288.910:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8338 comm="syz.2.1154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa234d528 code=0x7ffc0000 [ 288.942672][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.944274][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.945811][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.947546][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.949108][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.950598][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.958156][ T27] audit: type=1326 audit(288.910:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8338 comm="syz.2.1154" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa234d528 code=0x7ffc0000 [ 288.962977][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.964601][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.966322][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.968247][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.969806][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.978386][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.979978][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.982141][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.983829][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.985416][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.987017][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 288.998947][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.000587][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.002578][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.004270][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.005883][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.007311][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.008804][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.012991][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.014656][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.016161][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.017619][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.019213][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.022513][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.032319][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.034092][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.035632][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.037173][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.038734][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.040295][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.047371][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.048926][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.062049][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.071436][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.073063][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.074714][ T6715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 289.083251][ T6715] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz0 [ 289.426878][ T8373] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 289.428678][ T8373] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 289.450140][ T8373] vhci_hcd vhci_hcd.0: Device attached [ 289.450701][ T8376] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 289.476727][ T8373] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 289.485754][ T8373] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 289.500206][ T8373] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 289.516998][ T8373] vhci_hcd vhci_hcd.0: pdev(1) rhport(5) sockfd(13) [ 289.518464][ T8373] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 289.520964][ T8373] vhci_hcd vhci_hcd.0: Device attached [ 289.543320][ T8377] vhci_hcd: connection closed [ 289.545421][ T8374] vhci_hcd: connection closed [ 289.549243][ T4397] vhci_hcd: stop threads [ 289.558235][ T4397] vhci_hcd: release socket [ 289.559361][ T4397] vhci_hcd: disconnect device [ 289.561478][ T6715] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 289.563338][ T4397] vhci_hcd: stop threads [ 289.564407][ T4397] vhci_hcd: release socket [ 289.565362][ T4397] vhci_hcd: disconnect device [ 289.763727][ T6715] usb 1-1: Using ep0 maxpacket: 8 [ 289.771949][ T6715] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 289.776361][ T6715] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice=74.98 [ 289.778718][ T6715] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.780444][ T6715] usb 1-1: Product: syz [ 289.784224][ T6715] usb 1-1: Manufacturer: syz [ 289.785180][ T6715] usb 1-1: SerialNumber: syz [ 289.790388][ T6715] usb 1-1: config 0 descriptor?? [ 289.794220][ T6715] pxrc 1-1:0.0: Could not find endpoint [ 289.999800][ T8367] netlink: 'syz.0.1165': attribute type 1 has an invalid length. [ 290.018112][ T5659] usb 1-1: USB disconnect, device number 14 [ 290.093728][ T4306] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 290.095890][ T4306] Bluetooth: hci3: Injecting HCI hardware error event [ 290.099318][ T4299] Bluetooth: hci3: hardware error 0x00 [ 290.127052][ T8403] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 290.129171][ T8403] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 290.286899][ T8413] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1183'. [ 290.899228][ T8450] syzkaller0: tun_chr_ioctl cmd 35111 [ 290.913404][ T6715] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 291.110266][ T6715] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 291.113197][ T6715] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 291.115419][ T6715] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 291.119517][ T6715] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.127119][ T8438] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 291.377168][ T4455] usb 1-1: USB disconnect, device number 15 [ 291.385339][ T8470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 291.392434][ T4506] udevd[4506]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 291.400562][ T8470] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 291.438539][ T8472] device veth0_to_batadv entered promiscuous mode [ 291.449138][ T8472] device veth0_to_batadv left promiscuous mode [ 291.524800][ T8477] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1211'. [ 291.628013][ T8481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 291.630062][ T8481] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 291.750017][ T8487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 291.759024][ T8487] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 291.886965][ T8491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 291.890387][ T8491] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.321331][ T4299] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 292.441344][ T4345] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 292.508415][ T8509] device syzkaller1 entered promiscuous mode [ 292.641300][ T4345] usb 1-1: Using ep0 maxpacket: 8 [ 292.644394][ T4345] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 292.648437][ T4345] usb 1-1: config 0 has no interface number 0 [ 292.649879][ T4345] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 292.655609][ T4345] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 292.660863][ T4345] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.669629][ T4345] usb 1-1: config 0 descriptor?? [ 292.691675][ T4345] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 292.811687][ T8513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.817913][ T8513] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 293.539342][ T8522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.544348][ T8522] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 294.008990][ T7] usb 1-1: USB disconnect, device number 16 [ 294.015231][ T7] iowarrior 1-1:0.1: I/O-Warror #0 now disconnected [ 294.377145][ T8557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 294.380403][ T8557] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 294.808700][ T8574] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 294.824383][ T8574] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 294.826676][ T8574] vhci_hcd: invalid port number 15 [ 294.828193][ T8574] vhci_hcd: invalid port number 15 [ 294.861272][ T4455] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 294.926605][ T8580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 294.929187][ T8580] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 295.046180][ T4455] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 295.048185][ T4455] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.057625][ T4455] usb 1-1: config 0 descriptor?? [ 295.061862][ T4455] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 295.265662][ T4455] usb 1-1: Detected FT232B [ 295.388250][ T8605] raw_sendmsg: syz.4.1266 forgot to set AF_INET. Fix it! [ 295.467586][ T4455] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 295.485313][ T4455] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 295.629710][ T8616] netlink: 'syz.4.1270': attribute type 11 has an invalid length. [ 295.677557][ T5659] usb 1-1: USB disconnect, device number 17 [ 295.754056][ T5659] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 295.756728][ T5659] ftdi_sio 1-1:0.0: device disconnected [ 295.832916][ T8631] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 295.835000][ T8631] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 295.989631][ T8641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 296.010145][ T8643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 296.013223][ T8643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 296.020025][ T8641] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 296.386535][ T8649] ALSA: mixer_oss: invalid OSS volume 'Ç' [ 296.591308][ T4345] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 296.700087][ T8665] vhci_hcd: default hub control req: ff03 v0010 i0005 l5 [ 296.751745][ T4345] usb 1-1: device descriptor read/64, error -71 [ 296.826748][ T8671] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1295'. [ 297.031400][ T4345] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 297.053214][ T8687] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 297.055237][ T8687] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 297.191732][ T4345] usb 1-1: device descriptor read/64, error -71 [ 297.311437][ T4345] usb usb1-port1: attempt power cycle [ 297.741272][ T4345] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 297.772052][ T4345] usb 1-1: device descriptor read/8, error -71 [ 298.051292][ T4345] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 298.081850][ T4345] usb 1-1: device descriptor read/8, error -71 [ 298.146856][ T8718] binder: 8717:8718 tried to acquire reference to desc 0, got 1 instead [ 298.158340][ T8718] binder: 8717:8718 got transaction with unaligned buffers size, 4348 [ 298.160121][ T8718] binder: 8717:8718 transaction call to 8717:0 failed 35/29201/-22, size 0-0 line 3295 [ 298.181969][ T24] binder: undelivered TRANSACTION_ERROR: 29201 [ 298.210345][ T4345] usb usb1-port1: unable to enumerate USB device [ 298.418576][ T8730] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 298.569435][ T8740] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 298.572713][ T8740] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 298.609536][ T4306] Bluetooth: hci2: unexpected event for opcode 0x1005 [ 298.961267][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 299.154936][ T8763] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1336'. [ 299.308499][ T8767] device syzkaller0 entered promiscuous mode [ 299.343099][ T27] audit: type=1326 audit(299.330:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8768 comm="syz.4.1339" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 299.349344][ T27] audit: type=1326 audit(299.330:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8768 comm="syz.4.1339" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 299.361240][ T27] audit: type=1326 audit(299.340:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8768 comm="syz.4.1339" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 299.377791][ T27] audit: type=1326 audit(299.340:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8768 comm="syz.4.1339" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 299.388251][ T27] audit: type=1326 audit(299.340:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8768 comm="syz.4.1339" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 299.398552][ T27] audit: type=1326 audit(299.340:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8768 comm="syz.4.1339" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=66 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 299.410047][ T27] audit: type=1326 audit(299.340:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8768 comm="syz.4.1339" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 299.420537][ T27] audit: type=1326 audit(299.340:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8768 comm="syz.4.1339" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd4d528 code=0x7ffc0000 [ 299.811400][ T24] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 299.924990][ T8782] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1345'. [ 299.994068][ T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 299.996479][ T24] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 300.000785][ T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 300.002467][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 300.008958][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.010721][ T24] usb 1-1: Product: syz [ 300.016809][ T24] usb 1-1: Manufacturer: syz [ 300.017809][ T24] usb 1-1: SerialNumber: syz [ 300.236106][ T8776] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 300.848141][ T8776] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 301.041250][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 301.052708][ T24] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 302.021334][ T8786] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1347'. [ 302.081281][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 303.121300][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 304.161294][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 305.201301][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 306.241265][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 307.291250][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 308.321402][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 309.361265][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 310.252692][ T2058] ieee802154 phy0 wpan0: encryption failed: -22 [ 310.254029][ T2058] ieee802154 phy1 wpan1: encryption failed: -22 [ 310.381323][ T24] cdc_ncm 1-1:1.0 eth4: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 310.401326][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 310.413033][ T24] usb 1-1: USB disconnect, device number 22 [ 310.414824][ T24] cdc_ncm 1-1:1.0 eth4: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP) [ 310.573201][ T8802] bridge0: port 3(gretap0) entered blocking state [ 310.579624][ T8802] bridge0: port 3(gretap0) entered disabled state [ 310.587528][ T8802] device gretap0 entered promiscuous mode [ 310.597736][ T8802] bridge0: port 3(gretap0) entered blocking state [ 310.599642][ T8802] bridge0: port 3(gretap0) entered forwarding state [ 310.613781][ T27] audit: type=1326 audit(310.600:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8803 comm="syz.0.1356" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb4d528 code=0x7ffc0000 [ 310.631437][ T27] audit: type=1326 audit(310.620:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8803 comm="syz.0.1356" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb4d528 code=0x7ffc0000 [ 310.651290][ T27] audit: type=1326 audit(310.630:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8803 comm="syz.0.1356" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=22 compat=0 ip=0xffff8bb4d528 code=0x7ffc0000 [ 310.655985][ T27] audit: type=1326 audit(310.630:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8803 comm="syz.0.1356" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bb4d528 code=0x7ffc0000 [ 311.305189][ T8834] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 311.313068][ T8834] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 311.324308][ T8834] vhci_hcd: invalid port number 15 [ 311.330580][ T8834] vhci_hcd: invalid port number 15 [ 311.353504][ T8838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 311.360342][ T8838] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 311.441246][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 311.462526][ T8844] input: syz1 as /devices/virtual/input/input9 [ 311.909812][ T4306] Bluetooth: hci0: Malformed Event: 0x02 [ 312.301283][ T24] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 312.481366][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 312.491285][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 312.496375][ T24] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 312.499038][ T24] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 312.509900][ T24] usb 1-1: New USB device found, idVendor=2040, idProduct=8400, bcdDevice=dc.5d [ 312.515245][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.520584][ T24] usb 1-1: Product: syz [ 312.521571][ T24] usb 1-1: Manufacturer: syz [ 312.525022][ T24] usb 1-1: SerialNumber: syz [ 312.599658][ T8882] loop2: detected capacity change from 0 to 7 [ 312.603664][ T8882] Dev loop2: unable to read RDB block 7 [ 312.605025][ T8882] loop2: unable to read partition table [ 312.606467][ T8882] loop2: partition table beyond EOD, truncated [ 312.607861][ T8882] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 312.958728][ T24] usb 1-1: USB disconnect, device number 23 [ 313.137043][ T8897] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1394'. [ 313.449102][ T8907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 313.475275][ T8907] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 313.521238][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 314.139603][ T8930] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.159403][ T8930] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.188546][ T27] audit: type=1326 audit(314.170:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8929 comm="syz.5.1406" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa0f4d528 code=0x0 [ 314.458881][ T8943] usb usb7: usbfs: process 8943 (syz.4.1411) did not claim interface 0 before use [ 314.527728][ T27] audit: type=1326 audit(314.510:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8944 comm="syz.4.1412" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fd4d528 code=0x0 [ 314.554628][ T8874] Set syz1 is full, maxelem 65536 reached [ 314.561280][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 314.756217][ T8953] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.759018][ T8953] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.771751][ T8955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.774832][ T8955] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.984095][ T8955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.986497][ T8955] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 315.307439][ T8967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 315.309658][ T8967] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 315.601242][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 315.678813][ T8985] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1429'. [ 315.961505][ T7] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 316.034663][ T9002] binder: 9001:9002 tried to acquire reference to desc 0, got 1 instead [ 316.042573][ T24] binder: release 9001:9002 transaction 40 out, still active [ 316.044141][ T24] binder: undelivered TRANSACTION_COMPLETE [ 316.076310][ T24] binder: send failed reply for transaction 40, target dead [ 316.141211][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 316.143851][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 316.146201][ T7] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 316.147989][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.156755][ T7] usb 1-1: config 0 descriptor?? [ 316.532142][ T9023] device vlan2 entered promiscuous mode [ 316.538348][ T9023] bond0: (slave vlan2): Opening slave failed [ 316.550088][ T9025] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1448'. [ 316.559464][ T9025] device gretap0 left promiscuous mode [ 316.563182][ T9025] bridge0: port 3(gretap0) entered disabled state [ 316.568200][ T7] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 316.569712][ T7] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 316.571463][ T7] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 316.572884][ T7] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 316.574386][ T7] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 316.577767][ T7] mcp2221 0003:04D8:00DD.0003: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 316.641282][ C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 316.652689][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 316.668423][ T9025] device bridge_slave_0 left promiscuous mode [ 316.675454][ T9025] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.694826][ T7] Unable to handle kernel paging request at virtual address dfff800000000000 [ 316.697859][ T7] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 316.705780][ T7] Mem abort info: [ 316.706662][ T7] ESR = 0x0000000096000006 [ 316.709983][ T7] EC = 0x25: DABT (current EL), IL = 32 bits [ 316.717126][ T7] SET = 0, FnV = 0 [ 316.718012][ T7] EA = 0, S1PTW = 0 [ 316.725833][ T7] FSC = 0x06: level 2 translation fault [ 316.729476][ T7] Data abort info: [ 316.730402][ T7] ISV = 0, ISS = 0x00000006 [ 316.733731][ T9025] device bridge_slave_1 left promiscuous mode [ 316.735691][ T9025] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.737667][ T7] CM = 0, WnR = 0 [ 316.738533][ T7] [dfff800000000000] address between user and kernel address ranges [ 316.748114][ T7] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP [ 316.749652][ T7] Modules linked in: [ 316.750495][ T7] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.1.119-syzkaller #0 [ 316.752042][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 316.754119][ T7] Workqueue: usb_hub_wq hub_event [ 316.755188][ T7] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 316.756921][ T7] pc : mcp_smbus_xfer+0x64/0xf4c [ 316.757895][ T7] lr : mcp_smbus_xfer+0x44/0xf4c [ 316.758986][ T7] sp : ffff80001d1b5ee0 [ 316.759870][ T7] x29: ffff80001d1b5ee0 x28: 0000000000000000 x27: dfff800000000000 [ 316.761501][ T7] x26: 1fffe0001ae70c36 x25: 0000000000000000 x24: 0000000000000000 [ 316.763127][ T7] x23: 0000000000000000 x22: 0000000000000018 x21: 0000000000000000 [ 316.764807][ T7] x20: 1ffff00002b3fe40 x19: 0000000000000000 x18: ffff80001d1b5ce0 [ 316.766446][ T7] x17: ffff800018b6a000 x16: ffff800012325074 x15: ffff80001864af80 [ 316.768126][ T7] x14: ffff0000c09a41f8 x13: dfff800000000000 x12: 0000000000100000 [ 316.769732][ T7] x11: 00000000000ae2bb x10: ffff80003258a000 x9 : ffff80000fa962b0 [ 316.771378][ T7] x8 : 0000000000000000 x7 : 1111111111111111 x6 : 0000000000000000 [ 316.772981][ T7] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 316.774648][ T7] x2 : 0000000000000000 x1 : 0000000000000018 x0 : ffff0000d7386088 [ 316.776431][ T7] Call trace: [ 316.777150][ T7] mcp_smbus_xfer+0x64/0xf4c [ 316.778344][ T7] __i2c_smbus_xfer+0x5b4/0x2dc8 [ 316.779434][ T7] i2c_smbus_xfer+0x210/0x31c [ 316.780438][ T7] i2c_default_probe+0x1c0/0x248 [ 316.781482][ T7] i2c_do_add_adapter+0x3c4/0x8d4 [ 316.782618][ T7] __process_new_adapter+0x28/0x3c [ 316.783737][ T7] bus_for_each_drv+0x158/0x1e0 [ 316.784858][ T7] i2c_register_adapter+0xde0/0x10e0 [ 316.786045][ T7] i2c_add_adapter+0x170/0x250 [ 316.787066][ T7] mcp2221_probe+0x240/0x56c [ 316.788048][ T7] hid_device_probe+0x238/0x328 [ 316.789101][ T7] really_probe+0x394/0xacc [ 316.789970][ T7] __driver_probe_device+0x194/0x3b4 [ 316.791131][ T7] driver_probe_device+0x78/0x330 [ 316.792307][ T7] __device_attach_driver+0x2a8/0x4f4 [ 316.793501][ T7] bus_for_each_drv+0x158/0x1e0 [ 316.794631][ T7] __device_attach+0x2f0/0x480 [ 316.795671][ T7] device_initial_probe+0x24/0x34 [ 316.796742][ T7] bus_probe_device+0xbc/0x1c8 [ 316.797794][ T7] device_add+0xae0/0xef4 [ 316.798751][ T7] hid_add_device+0x318/0x4a8 [ 316.799715][ T7] usbhid_probe+0x864/0xba4 [ 316.800658][ T7] usb_probe_interface+0x500/0x984 [ 316.801831][ T7] really_probe+0x394/0xacc [ 316.802809][ T7] __driver_probe_device+0x194/0x3b4 [ 316.803952][ T7] driver_probe_device+0x78/0x330 [ 316.805052][ T7] __device_attach_driver+0x2a8/0x4f4 [ 316.805974][ T7] bus_for_each_drv+0x158/0x1e0 [ 316.806935][ T7] __device_attach+0x2f0/0x480 [ 316.807936][ T7] device_initial_probe+0x24/0x34 [ 316.809063][ T7] bus_probe_device+0xbc/0x1c8 [ 316.810089][ T7] device_add+0xae0/0xef4 [ 316.810968][ T7] usb_set_configuration+0x15c0/0x1b40 [ 316.812173][ T7] usb_generic_driver_probe+0x8c/0x148 [ 316.813458][ T7] usb_probe_device+0x120/0x25c [ 316.814428][ T7] really_probe+0x394/0xacc [ 316.815388][ T7] __driver_probe_device+0x194/0x3b4 [ 316.816471][ T7] driver_probe_device+0x78/0x330 [ 316.817505][ T7] __device_attach_driver+0x2a8/0x4f4 [ 316.818602][ T7] bus_for_each_drv+0x158/0x1e0 [ 316.819557][ T7] __device_attach+0x2f0/0x480 [ 316.820526][ T7] device_initial_probe+0x24/0x34 [ 316.821552][ T7] bus_probe_device+0xbc/0x1c8 [ 316.822602][ T7] device_add+0xae0/0xef4 [ 316.823479][ T7] usb_new_device+0x908/0x1440 [ 316.824451][ T7] hub_event+0x243c/0x42e4 [ 316.825422][ T7] process_one_work+0x7ac/0x1404 [ 316.826412][ T7] worker_thread+0x8e4/0xfec [ 316.827408][ T7] kthread+0x250/0x2d8 [ 316.828290][ T7] ret_from_fork+0x10/0x20 [ 316.829300][ T7] Code: aa1303e0 963b788e f9400273 d343fe7c (387b6b88) [ 316.830695][ T7] ---[ end trace 0000000000000000 ]--- [ 317.436057][ T7] Kernel panic - not syncing: Oops: Fatal exception [ 317.437397][ T7] SMP: stopping secondary CPUs [ 317.438438][ T7] Kernel Offset: disabled [ 317.439336][ T7] CPU features: 0x080000,02070084,26017203 [ 317.440560][ T7] Memory Limit: none [ 318.012863][ T7] Rebooting in 86400 seconds..