last executing test programs: 11.983339007s ago: executing program 1 (id=858): syz_open_dev$sg(&(0x7f0000000040), 0x5, 0x20000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$getregset(0x4205, r2, 0x1, &(0x7f0000000080)={0x0}) r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000040)={0xc, {"a2e3ad214fc752f91b3e090987f70e06d038e7ff7fc6e5539b3264078b089b0e083839090890e0878f0f1ac6e7049b334c959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31310d3b5d0936cd3b78070daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5003a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d780231c9c99a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f068bb87af8b90fd8f08876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd7072f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d27df2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb84bed4b281769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2c1cde360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e51074b41bc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) r4 = syz_clone(0x5020000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4810}, 0x4) ptrace(0x10, r4) ptrace$getregset(0x4205, r4, 0x200, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70}) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fsmount(r3, 0x1, 0x0) open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x8840, 0x0) read$FUSE(r6, &(0x7f0000002600)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001080)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000100)="ad73364256", 0x5) r9 = accept4(r8, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r9, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000010200)=@newqdisc={0x24, 0x24, 0x200, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x3, 0xc}, {0x0, 0xe}, {0xf, 0x8}}}, 0x24}}, 0x20008000) recvmmsg(r9, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000001680)=""/4096, 0x1000}], 0x1}, 0x24}], 0x1, 0x40000000, 0x0) sendmsg$can_j1939(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x50}, 0x1) fcntl$setownex(r5, 0xf, &(0x7f0000000280)={0x2, r7}) 8.855220807s ago: executing program 1 (id=871): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c36919790"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f0000000440)={0x2}) 5.475336852s ago: executing program 2 (id=888): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x8, 0xdd, 0x0, 0x6, 0x1, 0x7f, 0x4}}, {0x4}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x8040}, 0x4000010) 5.474555832s ago: executing program 1 (id=890): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}) 5.260032935s ago: executing program 2 (id=892): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) dup(r0) r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x8008af26, &(0x7f0000000680)={0x22f}) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010002000000000000000700000a4c000000090a010200000000000000000100000008000340000400a408000a40000000000900020073797a32000000000900010073798e30000000000800044000000001080005400000002c"], 0x74}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r6, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) gettid() bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c0000000bbbbbbbbbbbb08004500001c000000000001907800000000e0000001110090780a000000"], 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) setsockopt$MRT6_FLUSH(0xffffffffffffffff, 0x29, 0xd1, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000000)=r8, 0x4) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x14, 0x1, 0x1, 0x201, 0x0, 0x0, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0xc044) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) 4.812089353s ago: executing program 3 (id=894): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x82000) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x2, 0x400000000000003, 0x0, 0x2, 0x2}, 0x10}}, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000040)=""/180) r1 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r1, 0xc0105500, &(0x7f0000000000)={0x1, 0xd, 0x306, 0x1ff, 0x0, 0x5, 0x0}) 4.462038078s ago: executing program 1 (id=896): socket$nl_generic(0x10, 0x3, 0x10) r0 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000000)={0xa0000001}) syz_io_uring_setup(0x74db, &(0x7f0000000200)={0x0, 0xd052, 0x20, 0x3, 0xa9}, &(0x7f00000000c0), &(0x7f0000000140)) epoll_wait(r4, &(0x7f0000000340)=[{}], 0x1, 0x1000) sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x8084) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) epoll_pwait(r4, &(0x7f0000000040)=[{}], 0x1, 0xff, 0x0, 0x0) 4.458080118s ago: executing program 3 (id=897): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) fsync(r0) 4.150860114s ago: executing program 3 (id=900): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x2) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mknod$loop(&(0x7f0000000240)='./file0\x00', 0x8, 0x1) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x4000000, @ipv4={'\x00', '\xff\xff', @remote}, 0x401}, 0x1c) ioctl$int_in(r4, 0x5452, &(0x7f0000000c00)=0xf6c) sendmmsg$inet6(r4, 0x0, 0x0, 0x20008001) sendmmsg$inet6(r3, &(0x7f0000001800)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x1, @local, 0x1}, 0x1c, &(0x7f0000001780)=[{&(0x7f0000000040)="a4e819c9", 0x4}], 0x1}}], 0x1, 0x0) shutdown(r3, 0x1) setsockopt(r3, 0x84, 0x83, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000300)=ANY=[@ANYRESHEX=r1, @ANYRES8=0x0, @ANYRES32=r2, @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x24040000}, 0x2000800) getdents(r2, 0x0, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r3, 0x29, 0x45, &(0x7f00000000c0)={'TPROXY\x00'}, &(0x7f0000000140)=0x1e) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x4780, 0x4) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x68}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000640)="68a0b32fafd3b845da570480e0465913a86dde57923b10e6", 0x18) 4.081415735s ago: executing program 0 (id=901): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x601) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r3 = dup(r2) mmap(&(0x7f0000c24000/0x4000)=nil, 0x4000, 0x1000004, 0x13, r3, 0x2000) write$binfmt_aout(r3, 0x0, 0xffffffdb) syz_open_dev$sndctrl(&(0x7f0000000040), 0x84, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) mkdirat(0xffffffffffffff9c, 0x0, 0x0) faccessat2(0xffffffffffffff9c, 0x0, 0x0, 0x200) write$binfmt_aout(r1, 0x0, 0xffffffdb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 3.675566381s ago: executing program 0 (id=902): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c80)={0x1, 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="911031000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r0, 0xffffffffffffffff, 0x8, 0x0, @void}, 0x10) 3.492644944s ago: executing program 0 (id=903): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket(0x2b, 0x1, 0x1) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x5) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x1000) open(0x0, 0x143142, 0xa2) accept4$packet(r2, 0x0, 0x0, 0x80000) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) 2.852891344s ago: executing program 4 (id=906): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x208) r1 = accept4(r0, 0x0, 0x0, 0x80000) setsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={0x0, 0x6370}, 0x8) 2.598648738s ago: executing program 4 (id=907): munlockall() madvise(&(0x7f00005bc000/0x2000)=nil, 0x2000, 0x66) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r0, &(0x7f0000001240)=""/102400, 0xffffff8c, 0x200000) 2.447608191s ago: executing program 0 (id=908): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r0, &(0x7f0000001140)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001c40)="0349ee47070c03607b", 0x9}], 0x1}}], 0x1, 0xc010) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f00000061c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/139, 0x8b}], 0x1}, 0xfe}], 0x1, 0x141, 0x0) 2.219956614s ago: executing program 2 (id=909): syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$kvm(0xffffff9c, &(0x7f0000000100), 0x100, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x202, 0x1, 0x1000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x0, 0x5000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="e5ffffff020000006600000023000000160000000000000095000000000000"], &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$inet6(0x10, 0x80000, 0x3) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0x40086602, 0x0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r3, &(0x7f0000000040)='T', 0x1, 0x8910, &(0x7f0000000280)={0xa, 0xfffc, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c) 2.157794005s ago: executing program 0 (id=910): add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="5b0927e4", 0x4, 0xfffffffffffffffe) request_key(&(0x7f0000001640)='user\x00', &(0x7f0000001680)={'syz', 0x0}, &(0x7f00000016c0)='+)::\x00', 0x0) 1.939573639s ago: executing program 1 (id=911): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x503, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2010}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x20, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x1c, 0x5, 0x0, 0x1, [{0xa, 0x4, @local}, {0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x8010}, 0x0) 1.939202799s ago: executing program 0 (id=912): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000840) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(0xffffffffffffffff, 0x80dc5521, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad44b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)="3a10bd003aba0c702633", 0xa}], 0x1, &(0x7f0000000740)=ANY=[@ANYBLOB="300000000000000017e2ffff010000001800000045f43a7ce45002bdb85e47ab3e39597e422ffab456dd963a00000000180000000000000017010000040000000602000000400000180000000000000017010000030000000100000000000079240809000000ac87448793609bd8299d6dfc465829b711ce28eb"], 0x60}], 0x1, 0x8001) recvmmsg(r3, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000001c0)=""/156, 0x9c}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) syz_open_procfs(0xffffffffffffffff, &(0x7f00000003c0)='net/nfsfs\x00') prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r4) execveat(r4, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x1000) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x0, &(0x7f0000000380)) 1.829617491s ago: executing program 1 (id=913): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x24004044) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x40, 0x0, 0x0) landlock_create_ruleset(&(0x7f0000000040)={0x600, 0x3, 0x1}, 0x18, 0x0) 1.578409195s ago: executing program 3 (id=914): r0 = openat$vicodec1(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0cc5640, &(0x7f00000001c0)={0x5, @raw_data="7ad8152f1fef1c6988651e4cf3f544c358c9e0ee3c25f1f30107d215b88ec2720cd661fe1025e4f3c4829f6f7ff3eeb3239cacd836bcda95a858454712ba19e12093b17dca484a935450b0fc759272b9f7753e4e4f47cd5fd4368d978e77998e76a010efbfd9fe5423853eb7680034a552198a0d5a17987649f3cbcb17fa307aa131a44289a10685c0abd816b4604db85bfc7b020828f4a275eebb3300d04682708e546a4391d85f3a4f0ba7a1fd992f0b388b2802bf7aacb2209367ad25cf2620fa4fbf3f0a905f"}) 1.335570479s ago: executing program 3 (id=915): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) 1.173069361s ago: executing program 4 (id=916): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_NET_GET(r1, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040004) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r2, &(0x7f0000000600)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[], 0x14}}, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), r0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r2, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000b00)={0x1c, r3, 0x8, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x841}, 0x4) 992.152064ms ago: executing program 2 (id=917): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x8) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000180)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dc58c", 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, @local, {[], {{0xfffe, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0xfffd}}}}}}}, 0x0) 683.659849ms ago: executing program 4 (id=918): ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r0 = syz_open_dev$sg(&(0x7f0000000480), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000)) 448.047193ms ago: executing program 4 (id=919): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r1 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) move_mount(r1, 0x0, r0, 0x0, 0x46) 367.900104ms ago: executing program 2 (id=920): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0xfd, 0x67b}]}, 0x8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r1, &(0x7f00000039c0)=[{{&(0x7f0000000800)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r1, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0) 175.620307ms ago: executing program 3 (id=921): unshare(0x20000400) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) 131.317008ms ago: executing program 4 (id=922): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x6, 0x101000) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2) r2 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\xff\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\x912\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebD(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1re\xe86\xcd}\a\a\xf4\t\x11F\xc3\xd4\xdb\xeb\xc48\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf', 0x3) ftruncate(r2, 0xffff) fcntl$addseals(r2, 0x409, 0x7) r3 = ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000140)={r2, 0x0, 0x0, 0x4000}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r3, 0x0) ioctl$VIDIOC_OVERLAY(r0, 0xc0405627, &(0x7f0000000140)=0xb4e6) 0s ago: executing program 2 (id=923): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setparam(r0, &(0x7f0000000040)=0xfff) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r3 = openat$cgroup_type(0xffffffffffffffff, &(0x7f00000001c0), 0x2, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000001e40)='syz0\x00', 0x1ff) r4 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x2c40, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) flock(r4, 0xe1ee4e2f06703565) flock(r5, 0x2) write$cgroup_type(r3, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) bpf$PROG_LOAD(0x5, 0x0, 0x0) kernel console output (not intermixed with test programs): tadv0: Interface activated: batadv_slave_1 [ 85.738861][ T4312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.747930][ T4312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.759813][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 85.768250][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 85.777557][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 85.787086][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 85.798012][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 85.808654][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.819528][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.830043][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.842200][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.852546][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.863357][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.873455][ T4253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.884175][ T4253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.895967][ T4253] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.907102][ T4254] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.917725][ T4254] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.926941][ T4254] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.935854][ T4254] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.955415][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.965777][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 85.975780][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 85.983990][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.999896][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.013936][ T4253] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.023350][ T4253] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.032444][ T4253] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.041460][ T4253] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.212505][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.226240][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.268935][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.285516][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.310532][ T4265] Bluetooth: hci1: command 0x0419 tx timeout [ 86.316612][ T4265] Bluetooth: hci0: command 0x0419 tx timeout [ 86.326689][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.347272][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 86.380596][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.390494][ T4265] Bluetooth: hci2: command 0x0419 tx timeout [ 86.413192][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 86.432874][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.470969][ T4265] Bluetooth: hci4: command 0x0419 tx timeout [ 86.477095][ T4265] Bluetooth: hci3: command 0x0419 tx timeout [ 86.514271][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.525100][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.538463][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.611343][ T4325] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.628041][ T4325] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.653734][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 86.666182][ T4345] loop2: detected capacity change from 0 to 64 [ 86.682930][ T4345] ======================================================= [ 86.682930][ T4345] WARNING: The mand mount option has been deprecated and [ 86.682930][ T4345] and is ignored by this kernel. Remove the mand [ 86.682930][ T4345] option from the mount to silence this warning. [ 86.682930][ T4345] ======================================================= [ 86.725215][ T4325] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.735942][ T127] cfg80211: failed to load regulatory.db [ 86.759728][ T4325] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.790058][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.886149][ T4347] loop4: detected capacity change from 0 to 1024 [ 86.942714][ T4347] EXT4-fs: Ignoring removed orlov option [ 86.979383][ T4347] ext4: Unknown parameter 'fowner<00000000000000000000' [ 87.047519][ T4350] syz.2.3: attempt to access beyond end of device [ 87.047519][ T4350] loop2: rw=2049, sector=160, nr_sectors = 1 limit=64 [ 87.089742][ T4350] Buffer I/O error on dev loop2, logical block 160, lost async page write [ 87.099525][ T2912] kworker/u4:5: attempt to access beyond end of device [ 87.099525][ T2912] loop2: rw=1, sector=161, nr_sectors = 1 limit=64 [ 87.200181][ T4351] loop3: detected capacity change from 0 to 512 [ 87.242428][ T4351] EXT4-fs: mb_optimize_scan should be set to 0 or 1. [ 87.276662][ T4345] syz.2.3: attempt to access beyond end of device [ 87.276662][ T4345] loop2: rw=2049, sector=163, nr_sectors = 1 limit=64 [ 87.521150][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.543177][ T4351] loop3: detected capacity change from 0 to 2048 [ 87.609336][ T4351] UDF-fs: bad mount option "volume=00000000000000000008" or missing value [ 87.670734][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 87.680403][ T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!! [ 87.690284][ T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!! [ 87.698563][ T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!! [ 87.706840][ T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!! [ 87.715098][ T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!! [ 87.723315][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 87.731526][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 87.740266][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 87.837811][ T75] kworker/u4:4: attempt to access beyond end of device [ 87.837811][ T75] loop2: rw=2049, sector=171, nr_sectors = 9 limit=64 [ 88.006197][ T4360] No such timeout policy "syz1" [ 88.020768][ T4360] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 88.047203][ T4360] CIFS mount error: No usable UNC path provided in device string! [ 88.047203][ T4360] [ 88.057739][ T4360] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 88.768828][ T4364] Zero length message leads to an empty skb [ 90.394917][ T4372] loop4: detected capacity change from 0 to 32768 [ 91.083274][ T4372] JBD2: Ignoring recovery information on journal [ 91.389240][ T4372] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 91.567974][ T4364] loop0: detected capacity change from 0 to 4096 [ 92.447626][ T4387] process 'syz.2.12' launched './file0' with NULL argv: empty string added [ 92.490756][ T4384] loop2: detected capacity change from 0 to 512 [ 92.532536][ T4384] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 92.672736][ T4254] ocfs2: Unmounting device (7,4) on (node local) [ 92.970341][ T4244] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 94.037802][ T4407] loop1: detected capacity change from 0 to 4096 [ 94.056405][ T4244] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 62464, setting to 1024 [ 94.092468][ T4244] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 94.120652][ T4244] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 94.199842][ T4407] NILFS (loop1): The specified checkpoint is not a snapshot (checkpoint number=1) [ 94.207065][ T4244] usb 4-1: New USB device found, idVendor=0325, idProduct=0000, bcdDevice= 0.00 [ 94.245498][ T4244] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.285576][ T4391] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 94.515452][ T4244] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0325 pid 0x0000 [ 94.570302][ T4294] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 94.579162][ T4244] usb 4-1: USB disconnect, device number 2 [ 94.633142][ T4244] usblp0: removed [ 94.730327][ T4294] usb 3-1: device descriptor read/64, error -71 [ 94.773959][ T4421] syz.4.13 uses obsolete (PF_INET,SOCK_PACKET) [ 95.250431][ T4294] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 95.270577][ T22] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 95.430433][ T4294] usb 3-1: device descriptor read/64, error -71 [ 95.470471][ T22] usb 2-1: Using ep0 maxpacket: 32 [ 95.485603][ T22] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 95.563316][ T22] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 95.584825][ T4294] usb usb3-port1: attempt power cycle [ 95.688052][ T22] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 95.765256][ T22] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=3 [ 95.817226][ T22] usb 2-1: Manufacturer: syz [ 95.847192][ T22] usb 2-1: SerialNumber: syz [ 96.010658][ T4294] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 96.074924][ T4294] usb 3-1: device descriptor read/8, error -71 [ 96.400370][ T4294] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 96.516432][ T4294] usb 3-1: device descriptor read/8, error -71 [ 96.721503][ T4294] usb usb3-port1: unable to enumerate USB device [ 96.969037][ T4429] loop3: detected capacity change from 0 to 32768 [ 97.107828][ T4429] JBD2: Ignoring recovery information on journal [ 97.158913][ T4417] loop1: detected capacity change from 0 to 2048 [ 97.407531][ T4429] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 97.859534][ T4417] EXT4-fs warning (device loop1): ext4_multi_mount_protect:404: Unable to create kmmpd thread for loop1. [ 98.526764][ T4440] netlink: 16 bytes leftover after parsing attributes in process `syz.4.25'. [ 98.632036][ T22] usb 2-1: Audio class v2/v3 interfaces need an interface association [ 98.642636][ T4253] ocfs2: Unmounting device (7,3) on (node local) [ 98.802730][ T22] snd-usb-audio: probe of 2-1:1.0 failed with error -22 [ 98.849943][ T4443] loop2: detected capacity change from 0 to 512 [ 98.880364][ T2182] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 98.881274][ T4443] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 98.950871][ T22] usb 2-1: USB disconnect, device number 2 [ 99.700337][ T2182] usb 5-1: Using ep0 maxpacket: 32 [ 99.994598][ T4449] loop1: detected capacity change from 0 to 32768 [ 100.522612][ T4449] JBD2: Ignoring recovery information on journal [ 100.688181][ T4399] udevd[4399]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 100.915607][ T4449] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 100.921173][ T2182] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 101.618437][ T2182] usb 5-1: config 0 has no interface number 0 [ 102.531570][ T4457] loop3: detected capacity change from 0 to 32768 [ 102.601441][ T4457] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 102.630739][ T4457] JBD2: Ignoring recovery information on journal [ 102.782276][ T4460] Bluetooth: MGMT ver 1.22 [ 102.909164][ T4457] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 103.420316][ T2182] usb 5-1: string descriptor 0 read error: -71 [ 103.426634][ T2182] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 103.442839][ T2182] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.452815][ T2182] usb 5-1: config 0 descriptor?? [ 103.459781][ T2182] usb 5-1: can't set config #0, error -71 [ 103.480427][ T2182] usb 5-1: USB disconnect, device number 2 [ 103.627967][ T4258] ocfs2: Unmounting device (7,1) on (node local) [ 103.748556][ T4253] ocfs2: Unmounting device (7,3) on (node local) [ 103.891721][ T4477] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 104.188187][ T4482] loop1: detected capacity change from 0 to 4096 [ 104.262990][ T4482] NILFS (loop1): The specified checkpoint is not a snapshot (checkpoint number=1) [ 104.494503][ T4487] netlink: 'syz.4.34': attribute type 1 has an invalid length. [ 105.677478][ T4489] loop0: detected capacity change from 0 to 32768 [ 105.769788][ T4489] JBD2: Ignoring recovery information on journal [ 105.929062][ T4489] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 106.743942][ T4264] ocfs2: Unmounting device (7,0) on (node local) [ 108.013507][ T4505] loop2: detected capacity change from 0 to 64 [ 108.038882][ T4500] loop4: detected capacity change from 0 to 32768 [ 108.118291][ T4500] JBD2: Ignoring recovery information on journal [ 108.287561][ T4500] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 109.021934][ T4254] ocfs2: Unmounting device (7,4) on (node local) [ 109.781873][ T4521] loop4: detected capacity change from 0 to 2048 [ 109.829062][ T4526] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 110.788836][ T4528] loop3: detected capacity change from 0 to 1024 [ 111.158030][ T4528] hfsplus: unable to parse mount options [ 111.269482][ T4513] loop0: detected capacity change from 0 to 32768 [ 111.482777][ T4513] XFS (loop0): Mounting V5 Filesystem [ 111.668326][ T4513] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 111.705470][ T4513] XFS (loop0): Starting recovery (logdev: internal) [ 111.776649][ T4513] XFS (loop0): Ending recovery (logdev: internal) [ 111.858015][ T4555] loop4: detected capacity change from 0 to 4096 [ 111.892238][ T4264] XFS (loop0): Unmounting Filesystem [ 111.945384][ T4555] NILFS (loop4): The specified checkpoint is not a snapshot (checkpoint number=1) [ 111.975158][ T4557] loop3: detected capacity change from 0 to 128 [ 112.071100][ T4354] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 112.091512][ T4557] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 112.111585][ T4557] device batadv_slave_0 entered promiscuous mode [ 113.904896][ T4570] loop0: detected capacity change from 0 to 32768 [ 113.975599][ T4570] JBD2: Ignoring recovery information on journal [ 114.206489][ T4570] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 114.963042][ T4264] ocfs2: Unmounting device (7,0) on (node local) [ 115.156922][ T4592] loop4: detected capacity change from 0 to 512 [ 115.194463][ T4592] journal_path: Lookup failure for './file1' [ 115.228463][ T4592] EXT4-fs: error: could not find journal device path [ 115.658982][ T4606] loop0: detected capacity change from 0 to 64 [ 115.789179][ T4609] loop2: detected capacity change from 0 to 2048 [ 115.843370][ T4609] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 116.911562][ T4609] netlink: 24 bytes leftover after parsing attributes in process `syz.2.60'. [ 117.472896][ T4610] loop3: detected capacity change from 0 to 32768 [ 117.553767][ T4610] XFS (loop3): Mounting V5 Filesystem [ 117.614890][ T4630] loop1: detected capacity change from 0 to 256 [ 117.637169][ T4623] loop2: detected capacity change from 0 to 4096 [ 117.673714][ T4610] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 117.741422][ T4623] NILFS (loop2): The specified checkpoint is not a snapshot (checkpoint number=1) [ 117.814817][ T4610] XFS (loop3): Starting recovery (logdev: internal) [ 117.879330][ T4610] XFS (loop3): Ending recovery (logdev: internal) [ 118.117581][ T4634] netlink: 8 bytes leftover after parsing attributes in process `syz.1.65'. [ 119.308329][ T4643] loop1: detected capacity change from 0 to 512 [ 119.331392][ T4619] loop0: detected capacity change from 0 to 32768 [ 119.528203][ T4253] XFS (loop3): Unmounting Filesystem [ 120.463961][ T4647] loop2: detected capacity change from 0 to 32768 [ 120.934562][ T4647] JBD2: Ignoring recovery information on journal [ 121.220827][ T4643] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2195: inode #15: comm syz.1.68: corrupted in-inode xattr [ 121.329110][ T4647] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 121.406322][ T4619] [ 121.406322][ T4619] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 121.406322][ T4619] [ 121.557581][ T4643] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.68: couldn't read orphan inode 15 (err -117) [ 121.776563][ T4643] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 122.376430][ T4255] ocfs2: Unmounting device (7,2) on (node local) [ 122.388112][ T4264] [ 122.388112][ T4264] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 122.388112][ T4264] [ 122.440534][ T4264] [ 122.440534][ T4264] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 122.440534][ T4264] [ 122.573734][ T4657] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2195: inode #15: comm syz.1.68: corrupted in-inode xattr [ 122.774885][ T4659] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2195: inode #15: comm syz.1.68: corrupted in-inode xattr [ 123.834938][ T4662] loop0: detected capacity change from 0 to 32768 [ 124.212020][ T4662] JBD2: Ignoring recovery information on journal [ 124.231653][ T4651] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 124.560732][ T4662] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 125.304020][ T4258] EXT4-fs (loop1): unmounting filesystem. [ 125.353757][ T4264] ocfs2: Unmounting device (7,0) on (node local) [ 125.750761][ T4266] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 125.950819][ T4266] usb 5-1: Using ep0 maxpacket: 32 [ 125.975737][ T4266] usb 5-1: config 0 has no interfaces? [ 126.036653][ T4266] usb 5-1: New USB device found, idVendor=0856, idProduct=bc00, bcdDevice=b2.7f [ 126.092996][ T4683] ubi0: attaching mtd0 [ 126.099291][ T4266] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.100006][ T4683] ubi0: scanning is finished [ 126.107994][ T4266] usb 5-1: Product: syz [ 126.112074][ T4683] ubi0: empty MTD device detected [ 126.155739][ T4683] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 126.163314][ T4683] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 126.165576][ T4266] usb 5-1: Manufacturer: syz [ 126.171131][ T4683] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 126.171154][ T4683] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 126.171172][ T4683] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 126.171195][ T4683] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 126.171212][ T4683] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4260662912 [ 126.171232][ T4683] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 126.197344][ T4266] usb 5-1: SerialNumber: syz [ 126.247890][ T4686] ubi0: background thread "ubi_bgt0d" started, PID 4686 [ 126.263130][ T4266] usb 5-1: config 0 descriptor?? [ 126.535300][ T4336] usb 5-1: USB disconnect, device number 3 [ 126.994340][ T4680] loop1: detected capacity change from 0 to 32768 [ 127.125217][ T4680] XFS (loop1): Mounting V5 Filesystem [ 127.145070][ T4710] loop0: detected capacity change from 0 to 256 [ 127.214735][ T4680] XFS (loop1): Ending clean mount [ 127.238333][ T4680] XFS (loop1): Quotacheck needed: Please wait. [ 127.276246][ T4710] FAT-fs (loop0): Directory bread(block 64) failed [ 127.290313][ T4335] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 127.326031][ T4710] FAT-fs (loop0): Directory bread(block 65) failed [ 127.355620][ T4710] FAT-fs (loop0): Directory bread(block 66) failed [ 127.370893][ T4680] XFS (loop1): Quotacheck: Done. [ 127.385875][ T4710] FAT-fs (loop0): Directory bread(block 67) failed [ 127.416344][ T27] audit: type=1800 audit(1749571820.147:2): pid=4680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.74" name="file2" dev="loop1" ino=9287 res=0 errno=0 [ 127.421713][ T4680] XFS (loop1): User initiated shutdown received. [ 127.447272][ T4710] FAT-fs (loop0): Directory bread(block 68) failed [ 127.478427][ T4680] XFS (loop1): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:495). Shutting down filesystem. [ 127.478616][ T4710] FAT-fs (loop0): Directory bread(block 69) failed [ 127.504624][ T4335] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 127.534106][ T4335] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 127.540794][ T4710] FAT-fs (loop0): Directory bread(block 70) failed [ 127.554255][ T4710] FAT-fs (loop0): Directory bread(block 71) failed [ 127.568951][ T4710] FAT-fs (loop0): Directory bread(block 72) failed [ 127.572715][ T4335] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 127.578532][ T4710] FAT-fs (loop0): Directory bread(block 73) failed [ 127.595428][ T4680] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 127.659315][ T4335] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 127.689205][ T4335] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.706343][ T4335] usb 3-1: Product: syz [ 127.720114][ T4335] usb 3-1: Manufacturer: syz [ 127.730359][ T4335] usb 3-1: SerialNumber: syz [ 127.749733][ T4258] XFS (loop1): Unmounting Filesystem [ 127.793468][ T4335] hub 3-1:1.0: bad descriptor, ignoring hub [ 127.806081][ T4335] hub: probe of 3-1:1.0 failed with error -5 [ 127.817069][ T4721] loop4: detected capacity change from 0 to 512 [ 127.860222][ T4721] EXT4-fs: Ignoring removed mblk_io_submit option [ 127.885961][ T4721] EXT4-fs: Ignoring removed i_version option [ 127.926938][ T4721] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 127.948144][ T4721] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 127.952959][ T4724] syz.0.79: attempt to access beyond end of device [ 127.952959][ T4724] loop0: rw=2051, sector=1224, nr_sectors = 128 limit=256 [ 127.977054][ T4721] EXT4-fs (loop4): orphan cleanup on readonly fs [ 128.018293][ T4721] Quota error (device loop4): v2_read_file_info: Free block number 1 out of range (1, 6). [ 128.031201][ T4721] EXT4-fs warning (device loop4): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 128.031925][ T4335] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 128.083454][ T4721] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 128.094588][ T4721] EXT4-fs error (device loop4): mb_free_blocks:1815: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 128.114549][ T4452] usb 4-1: new low-speed USB device number 3 using dummy_hcd [ 128.124310][ T4721] EXT4-fs (loop4): 1 truncate cleaned up [ 128.130021][ T4721] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 128.350048][ T4452] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 128.396954][ T4452] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 128.467536][ T4452] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 30050, setting to 8 [ 128.556479][ T4720] ALSA: mixer_oss: invalid OSS volume '{' [ 128.664955][ T4452] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 128.771790][ T4703] usb 3-1: reset high-speed USB device number 6 using dummy_hcd [ 128.789702][ T4452] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.028112][ T4723] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 129.186097][ T4452] hub 4-1:1.0: bad descriptor, ignoring hub [ 129.298538][ T4452] hub: probe of 4-1:1.0 failed with error -5 [ 129.470478][ T4452] cdc_wdm 4-1:1.0: skipping garbage [ 129.558525][ T4452] cdc_wdm 4-1:1.0: skipping garbage [ 129.646832][ T4452] cdc_wdm 4-1:1.0: cdc-wdm1: USB WDM device [ 129.688318][ T4732] loop1: detected capacity change from 0 to 32768 [ 129.762328][ T4732] JBD2: Ignoring recovery information on journal [ 129.818111][ T4452] cdc_wdm 4-1:1.0: Unknown control protocol [ 129.934814][ T4732] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 130.108662][ T4254] EXT4-fs (loop4): unmounting filesystem. [ 130.118172][ T127] usb 3-1: USB disconnect, device number 6 [ 130.131356][ T4452] usb 4-1: USB disconnect, device number 3 [ 130.233265][ T127] usblp0: removed [ 130.509145][ T4258] ocfs2: Unmounting device (7,1) on (node local) [ 130.795261][ T4753] devpts: called with bogus options [ 130.830561][ T127] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 131.030312][ T127] usb 3-1: Using ep0 maxpacket: 32 [ 131.046068][ T127] usb 3-1: config 0 has no interfaces? [ 131.067398][ T127] usb 3-1: New USB device found, idVendor=0856, idProduct=bc00, bcdDevice=b2.7f [ 131.120029][ T127] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.140332][ T127] usb 3-1: Product: syz [ 131.144557][ T127] usb 3-1: Manufacturer: syz [ 131.149193][ T127] usb 3-1: SerialNumber: syz [ 131.180978][ T127] usb 3-1: config 0 descriptor?? [ 132.287491][ T4779] netlink: 8 bytes leftover after parsing attributes in process `syz.0.96'. [ 132.440498][ T4777] ubi: mtd0 is already attached to ubi0 [ 132.794162][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.800985][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.981357][ T4790] loop4: detected capacity change from 0 to 128 [ 132.988680][ T4790] EXT4-fs: Ignoring removed nobh option [ 133.034127][ T4790] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 133.049794][ T4790] ext4 filesystem being mounted at /19/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 133.066746][ T4796] FAULT_INJECTION: forcing a failure. [ 133.066746][ T4796] name failslab, interval 1, probability 0, space 0, times 1 [ 133.080541][ T4796] CPU: 1 PID: 4796 Comm: syz.1.100 Not tainted 6.1.141-syzkaller #0 [ 133.088579][ T4796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 133.098672][ T4796] Call Trace: [ 133.101966][ T4796] [ 133.104907][ T4796] dump_stack_lvl+0x168/0x22e [ 133.109713][ T4796] ? show_regs_print_info+0x12/0x12 [ 133.114943][ T4796] ? load_image+0x3b0/0x3b0 [ 133.119485][ T4796] ? __might_sleep+0xd0/0xd0 [ 133.124300][ T4796] ? __lock_acquire+0x7c50/0x7c50 [ 133.129365][ T4796] should_fail_ex+0x399/0x4d0 [ 133.134083][ T4796] should_failslab+0x5/0x20 [ 133.138617][ T4796] slab_pre_alloc_hook+0x59/0x310 [ 133.143883][ T4796] ? slab_post_alloc_hook+0x67/0x480 [ 133.149200][ T4796] kmem_cache_alloc_bulk+0x42/0x4e0 [ 133.154422][ T4796] ? kmem_cache_alloc+0x151/0x2f0 [ 133.159473][ T4796] ? mas_alloc_nodes+0x2ec/0x890 [ 133.164436][ T4796] mas_alloc_nodes+0x449/0x890 [ 133.169220][ T4796] mas_preallocate+0x11e/0x340 [ 133.174010][ T4796] mmap_region+0xec3/0x1d30 [ 133.178574][ T4796] ? file_mmap_ok+0x170/0x170 [ 133.183301][ T4796] ? cap_mmap_addr+0x165/0x2e0 [ 133.188111][ T4796] do_mmap+0x894/0xf30 [ 133.192227][ T4796] ? mlock_future_check+0x100/0x100 [ 133.197484][ T4796] ? ima_file_mmap+0x8e/0x150 [ 133.202185][ T4796] ? ima_file_free+0x3e0/0x3e0 [ 133.206973][ T4796] vm_mmap_pgoff+0x1b2/0x2b0 [ 133.211604][ T4796] ? account_locked_vm+0xe0/0xe0 [ 133.216560][ T4796] ? ksys_mmap_pgoff+0xe6/0x6f0 [ 133.221432][ T4796] ? lockdep_hardirqs_on+0x94/0x140 [ 133.226649][ T4796] do_syscall_64+0x4c/0xa0 [ 133.231088][ T4796] ? clear_bhb_loop+0x60/0xb0 [ 133.235783][ T4796] ? clear_bhb_loop+0x60/0xb0 [ 133.240480][ T4796] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 133.246402][ T4796] RIP: 0033:0x7f6a8bb8e963 [ 133.250843][ T4796] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7 [ 133.270488][ T4796] RSP: 002b:00007f6a8c9b0e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 133.278949][ T4796] RAX: ffffffffffffffda RBX: 000000000000023e RCX: 00007f6a8bb8e963 [ 133.286940][ T4796] RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000 [ 133.295101][ T4796] RBP: 00002000000002c2 R08: 00000000ffffffff R09: 0000000000000000 [ 133.303088][ T4796] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000004 [ 133.311077][ T4796] R13: 00007f6a8c9b0ef0 R14: 00007f6a8c9b0eb0 R15: 0000200000000040 [ 133.319107][ T4796] [ 133.366572][ T4796] loop1: detected capacity change from 0 to 256 [ 133.508355][ T127] usb 3-1: USB disconnect, device number 7 [ 133.766798][ T4796] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 133.800822][ T4807] loop3: detected capacity change from 0 to 128 [ 133.871196][ T4807] EXT4-fs: Ignoring removed nobh option [ 134.054304][ T4254] EXT4-fs (loop4): unmounting filesystem. [ 134.088266][ T4807] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 134.125041][ T4807] ext4 filesystem being mounted at /18/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 134.274822][ T4816] loop4: detected capacity change from 0 to 128 [ 134.304584][ T4336] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 134.321246][ T4816] EXT4-fs: Ignoring removed nobh option [ 134.368230][ T4816] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 134.394876][ T4816] ext4 filesystem being mounted at /20/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 134.449653][ T4253] EXT4-fs (loop3): unmounting filesystem. [ 134.500523][ T4336] usb 3-1: device descriptor read/64, error -71 [ 134.770402][ T4336] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 134.950291][ T4336] usb 3-1: device descriptor read/64, error -71 [ 135.070585][ T4336] usb usb3-port1: attempt power cycle [ 135.103304][ T4819] loop1: detected capacity change from 0 to 32768 [ 135.161872][ T4819] XFS (loop1): Mounting V5 Filesystem [ 135.205772][ T4819] XFS (loop1): empty log check failed [ 135.237513][ T4819] XFS (loop1): log mount/recovery failed: error -5 [ 135.314870][ T4819] XFS (loop1): log mount failed [ 135.480307][ T4336] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 135.531102][ T4336] usb 3-1: device descriptor read/8, error -71 [ 135.673413][ T4816] overlayfs: unrecognized mount option "+ w7f2fs" or missing value [ 135.800494][ T4336] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 135.840999][ T4336] usb 3-1: device descriptor read/8, error -71 [ 135.960816][ T4336] usb usb3-port1: unable to enumerate USB device [ 136.247637][ T4254] EXT4-fs (loop4): unmounting filesystem. [ 137.206018][ T4848] loop1: detected capacity change from 0 to 32768 [ 137.278927][ T4848] JBD2: Ignoring recovery information on journal [ 137.514457][ T4848] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 138.106132][ T4258] ocfs2: Unmounting device (7,1) on (node local) [ 138.118156][ T4858] netlink: 411 bytes leftover after parsing attributes in process `syz.4.114'. [ 138.162157][ T4857] loop3: detected capacity change from 0 to 4096 [ 138.417589][ T4857] EXT4-fs (loop3): Test dummy encryption mode enabled [ 138.461603][ T3625] udevd[3625]: worker [4398] terminated by signal 33 (Unknown signal 33) [ 138.483621][ T4857] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 138.502474][ T3625] udevd[3625]: worker [4398] failed while handling '/devices/virtual/block/loop3' [ 138.685253][ T27] audit: type=1400 audit(1749571831.417:3): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=3A0C7E142D901405 pid=4856 comm="syz.3.116" [ 139.110663][ T4253] EXT4-fs (loop3): unmounting filesystem. [ 139.722334][ T3625] udevd[3625]: worker [4399] terminated by signal 33 (Unknown signal 33) [ 139.777169][ T3625] udevd[3625]: worker [4399] failed while handling '/devices/virtual/block/loop1' [ 140.328132][ T4914] netlink: 12 bytes leftover after parsing attributes in process `syz.0.126'. [ 140.380106][ T4914] netlink: 68 bytes leftover after parsing attributes in process `syz.0.126'. [ 140.433489][ T4336] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 140.620344][ T4336] usb 4-1: Using ep0 maxpacket: 16 [ 140.629549][ T4336] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 140.914389][ T4336] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 140.950145][ T4923] loop2: detected capacity change from 0 to 64 [ 140.978658][ T4336] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.030335][ T4336] usb 4-1: Product: syz [ 141.048723][ T4336] usb 4-1: Manufacturer: syz [ 141.068954][ T4336] usb 4-1: SerialNumber: syz [ 141.077380][ T4927] loop4: detected capacity change from 0 to 16 [ 141.129773][ T4336] usb 4-1: config 0 descriptor?? [ 141.142886][ T4927] erofs: (device loop4): mounted with root inode @ nid 36. [ 141.156815][ T4336] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 141.187637][ T4336] usb 4-1: Detected FT232R [ 142.213717][ T4937] loop4: detected capacity change from 0 to 22 [ 142.224047][ T4937] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 142.270554][ T4937] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 142.822655][ T4952] netlink: 8 bytes leftover after parsing attributes in process `syz.0.139'. [ 143.285418][ T4336] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 143.315626][ T4336] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 143.345234][ T4336] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 143.372281][ T4336] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 143.411036][ T4963] loop4: detected capacity change from 0 to 16 [ 143.430516][ T4336] usb 4-1: USB disconnect, device number 4 [ 143.451567][ T4963] erofs: (device loop4): mounted with root inode @ nid 36. [ 143.506609][ T4336] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 143.709749][ T4336] ftdi_sio 4-1:0.0: device disconnected [ 143.841972][ T4975] erofs: (device loop4): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 143.855047][ T4975] erofs: (device loop4): z_erofs_readahead: readahead error at page 1 @ nid 89 [ 143.864258][ T4975] erofs: (device loop4): z_erofs_readahead: readahead error at page 0 @ nid 89 [ 143.874802][ T4975] syz.4.141: attempt to access beyond end of device [ 143.874802][ T4975] loop4: rw=524288, sector=524296, nr_sectors = 8 limit=16 [ 143.907973][ T4975] erofs: (device loop4): z_erofs_read_folio: failed to read, err [-117] [ 143.937434][ T27] audit: type=1800 audit(1749571836.647:4): pid=4975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.141" name="file2" dev="loop4" ino=89 res=0 errno=0 [ 144.560737][ T4982] loop1: detected capacity change from 0 to 256 [ 145.661985][ T4987] loop2: detected capacity change from 0 to 32768 [ 145.735212][ T4987] JBD2: Ignoring recovery information on journal [ 145.887999][ T4991] loop1: detected capacity change from 0 to 512 [ 145.908463][ T4987] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 146.094815][ T4991] ext3: Unknown parameter 'smackfsroot' [ 146.588280][ T4255] ocfs2: Unmounting device (7,2) on (node local) [ 146.782114][ T4265] Bluetooth: hci3: Malformed Event: 0x02 [ 146.915184][ T26] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 147.130365][ T26] usb 4-1: Using ep0 maxpacket: 32 [ 147.161310][ T26] usb 4-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 147.199366][ T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.262924][ T26] usb 4-1: Product: syz [ 147.291271][ T5012] netlink: 428 bytes leftover after parsing attributes in process `syz.2.154'. [ 147.292742][ T26] usb 4-1: Manufacturer: syz [ 147.324435][ T5012] netlink: 32 bytes leftover after parsing attributes in process `syz.2.154'. [ 147.335615][ T26] usb 4-1: SerialNumber: syz [ 147.381162][ T26] usb 4-1: config 0 descriptor?? [ 147.408911][ T26] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 147.553477][ T5015] loop2: detected capacity change from 0 to 512 [ 148.218880][ T5025] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 148.232808][ T5022] loop2: detected capacity change from 0 to 64 [ 148.249793][ T5023] overlayfs: failed to clone upperpath [ 148.392727][ T5028] Cannot find map_set index 0 as target [ 149.090462][ T26] gspca_topro: reg_w err -110 [ 149.130329][ T26] gspca_topro: Sensor soi763a [ 149.275219][ T26] usb 4-1: USB disconnect, device number 5 [ 149.295143][ T5025] loop1: detected capacity change from 0 to 4096 [ 149.579944][ T5003] loop3: detected capacity change from 0 to 1024 [ 149.692438][ T5003] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 150.010634][ T5039] tipc: Invalid UDP bearer configuration [ 150.010677][ T5039] tipc: Enabling of bearer rejected, failed to enable media [ 150.066340][ T5040] tipc: Invalid UDP bearer configuration [ 150.066370][ T5040] tipc: Enabling of bearer rejected, failed to enable media [ 150.249627][ T5003] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 150.614444][ T5052] loop1: detected capacity change from 0 to 64 [ 150.717548][ T5054] netlink: 4 bytes leftover after parsing attributes in process `syz.0.167'. [ 150.758379][ T5057] loop2: detected capacity change from 0 to 256 [ 150.804873][ T5057] FAT-fs (loop2): Unrecognized mount option "shor name=lower" or missing value [ 151.122864][ T5062] capability: warning: `syz.1.169' uses 32-bit capabilities (legacy support in use) [ 151.164320][ T5059] netlink: 8 bytes leftover after parsing attributes in process `syz.2.164'. [ 151.202121][ T5062] netlink: 'syz.1.169': attribute type 2 has an invalid length. [ 152.516174][ T5058] loop4: detected capacity change from 0 to 32768 [ 152.841471][ T4253] EXT4-fs (loop3): unmounting filesystem. [ 152.867678][ T5075] 9pnet_fd: Insufficient options for proto=fd [ 152.966093][ T4354] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by udevd (4354) [ 153.279897][ T5087] netlink: 24 bytes leftover after parsing attributes in process `syz.0.175'. [ 155.201833][ T5096] loop4: detected capacity change from 0 to 32768 [ 157.022739][ T5096] JBD2: Ignoring recovery information on journal [ 157.161910][ T5096] JBD2: recovery failed [ 157.166399][ T5096] (syz.4.178,5096,0):ocfs2_journal_load:1134 ERROR: Failed to load journal! [ 158.256436][ T5105] loop2: detected capacity change from 0 to 32768 [ 158.659409][ T5105] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 158.736739][ T5105] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 158.911262][ T5096] (syz.4.178,5096,0):ocfs2_check_volume:2433 ERROR: ocfs2 journal load failed! -5 [ 158.921835][ T5096] (syz.4.178,5096,0):ocfs2_check_volume:2489 ERROR: status = -5 [ 158.929586][ T5096] (syz.4.178,5096,0):ocfs2_mount_volume:1821 ERROR: status = -5 [ 159.138253][ T5112] xt_hashlimit: max too large, truncated to 1048576 [ 159.149338][ T4255] ocfs2: Unmounting device (7,2) on (node local) [ 159.203698][ T5096] (syz.4.178,5096,0):ocfs2_fill_super:1176 ERROR: status = -5 [ 160.342498][ T5129] vivid-000: ================= START STATUS ================= [ 160.522422][ T5129] vivid-000: Test Pattern: 75% Colorbar [ 160.610389][ T5129] vivid-000: Fill Percentage of Frame: 100 [ 160.618125][ T5129] vivid-000: Horizontal Movement: No Movement [ 160.638960][ T5129] vivid-000: Vertical Movement: No Movement [ 160.690836][ T5129] vivid-000: OSD Text Mode: All [ 160.709820][ T5129] vivid-000: Show Border: false [ 160.750079][ T5129] vivid-000: Show Square: false [ 160.761002][ T5129] vivid-000: Sensor Flipped Horizontally: false [ 160.767520][ T5129] vivid-000: Sensor Flipped Vertically: false [ 160.787141][ T5129] vivid-000: Insert SAV Code in Image: false [ 160.797555][ T5129] vivid-000: Insert EAV Code in Image: false [ 160.808301][ T5129] vivid-000: Insert Video Guard Band: false [ 160.819547][ T5129] vivid-000: Reduced Framerate: false [ 160.828960][ T5129] vivid-000: Enable Capture Cropping: true [ 160.838992][ T5129] vivid-000: Enable Capture Composing: true [ 160.850453][ T5129] vivid-000: Enable Capture Scaler: true [ 160.860495][ T5129] vivid-000: Timestamp Source: End of Frame [ 160.869421][ T5129] vivid-000: Colorspace: Rec. 709 [ 160.878302][ T5129] vivid-000: Transfer Function: Default [ 160.890814][ T5129] vivid-000: Y'CbCr Encoding: Default [ 160.900807][ T5129] vivid-000: HSV Encoding: Hue 0-179 [ 160.909699][ T5129] vivid-000: Quantization: Default [ 160.919668][ T5129] vivid-000: Apply Alpha To Red Only: false [ 160.939926][ T5129] vivid-000: Standard Aspect Ratio: 4x3 [ 161.018452][ T5129] vivid-000: DV Timings Signal Mode: Current DV Timings [ 161.036871][ T5129] vivid-000: DV Timings: 640x480p59 inactive [ 161.046603][ T5129] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 161.050897][ T5112] loop1: detected capacity change from 0 to 32768 [ 161.210721][ T5129] vivid-000: Maximum EDID Blocks: 2 [ 161.228910][ T5129] vivid-000: Limited RGB Range (16-235): true [ 161.249965][ T5144] loop2: detected capacity change from 0 to 512 [ 161.335330][ T5144] EXT4-fs: Ignoring removed nomblk_io_submit option [ 161.963212][ T5129] vivid-000: Rx RGB Quantization Range: Automatic [ 161.969680][ T5129] vivid-000: Power Present: 0x00000001 [ 161.991481][ T5144] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 162.027693][ T5129] tpg source WxH: 1280x720 (Y'CbCr) [ 162.039762][ T5112] XFS (loop1): Mounting V5 Filesystem [ 162.071317][ T5144] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 162.085313][ T5129] tpg field: 1 [ 162.088713][ T5129] tpg crop: 1280x720@0x0 [ 162.099785][ T5129] tpg compose: 1280x720@0x0 [ 162.107564][ T5129] tpg colorspace: 3 [ 162.115345][ T5112] XFS (loop1): AIL initialisation failed: error -12 [ 162.133675][ T5129] tpg transfer function: 0/0 [ 162.146185][ T5144] EXT4-fs (loop2): 1 truncate cleaned up [ 162.152331][ T5144] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 162.162444][ T5129] tpg Y'CbCr encoding: 0/0 [ 162.171442][ T5129] tpg quantization: 0/0 [ 162.188404][ T5129] tpg RGB range: 0/1 [ 162.197172][ T5112] XFS (loop1): log mount failed [ 162.212722][ T5129] vivid-000: ================== END STATUS ================== [ 162.453912][ T4255] EXT4-fs (loop2): unmounting filesystem. [ 163.601864][ T5176] loop3: detected capacity change from 0 to 1024 [ 163.641130][ T5176] EXT4-fs: Ignoring removed i_version option [ 163.758767][ T5176] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:477: comm syz.3.203: Invalid block bitmap block 0 in block_group 0 [ 163.763447][ T27] audit: type=1326 audit(1749571856.487:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.2.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22e98e929 code=0x7ffc0000 [ 163.820670][ T27] audit: type=1326 audit(1749571856.557:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.2.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22e98e929 code=0x7ffc0000 [ 163.843306][ T5176] Quota error (device loop3): write_blk: dquota write failed [ 163.852400][ T27] audit: type=1326 audit(1749571856.587:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.2.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc22e98d290 code=0x7ffc0000 [ 163.874827][ T5176] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 163.885330][ T5176] EXT4-fs error (device loop3): ext4_acquire_dquot:6814: comm syz.3.203: Failed to acquire dquot type 0 [ 163.896937][ T27] audit: type=1326 audit(1749571856.587:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.2.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc22e98d290 code=0x7ffc0000 [ 163.931447][ T5176] EXT4-fs error (device loop3): ext4_free_blocks:6210: comm syz.3.203: Freeing blocks not in datazone - block = 0, count = 4096 [ 163.985416][ T5176] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.203: Invalid inode bitmap blk 0 in block_group 0 [ 164.003528][ T27] audit: type=1326 audit(1749571856.587:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.2.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22e98e929 code=0x7ffc0000 [ 164.038179][ T4450] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-8 [ 164.051997][ T5176] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem [ 164.067401][ T5185] netlink: 2 bytes leftover after parsing attributes in process `syz.2.207'. [ 164.080543][ T4450] EXT4-fs error (device loop3): ext4_release_dquot:6850: comm kworker/u4:16: Failed to release dquot type 0 [ 164.081496][ T27] audit: type=1326 audit(1749571856.587:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.2.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7fc22e98e929 code=0x7ffc0000 [ 164.120552][ T5176] EXT4-fs (loop3): 1 orphan inode deleted [ 164.126378][ T5176] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 164.220469][ T27] audit: type=1326 audit(1749571856.587:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.2.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22e98e929 code=0x7ffc0000 [ 164.287014][ T4253] EXT4-fs (loop3): unmounting filesystem. [ 164.491836][ T5192] loop1: detected capacity change from 0 to 4096 [ 164.508161][ T5192] EXT4-fs: Ignoring removed mblk_io_submit option [ 164.537672][ T5192] EXT4-fs (loop1): Test dummy encryption mode enabled [ 164.569672][ T5192] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 165.656252][ T5208] device gtp0 entered promiscuous mode [ 165.670861][ T4258] EXT4-fs (loop1): unmounting filesystem. [ 165.724763][ T5207] netlink: 'syz.0.214': attribute type 4 has an invalid length. [ 165.987677][ T5218] loop3: detected capacity change from 0 to 64 [ 166.167959][ T5190] loop2: detected capacity change from 0 to 32768 [ 167.052140][ T5190] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 167.091752][ T5190] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 167.129936][ T5190] BTRFS info (device loop2): force clearing of disk cache [ 167.180009][ T5190] BTRFS info (device loop2): metadata ratio 0 [ 167.200335][ T5190] BTRFS info (device loop2): enabling ssd optimizations [ 167.225531][ T5190] BTRFS info (device loop2): using spread ssd allocation scheme [ 167.260861][ T5190] BTRFS info (device loop2): using free space tree [ 167.546207][ T5190] BTRFS error (device loop2): open_ctree failed: -12 [ 167.776937][ T4354] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by udevd (4354) [ 167.994648][ T5269] loop4: detected capacity change from 0 to 64 [ 168.719316][ T5265] loop3: detected capacity change from 0 to 8192 [ 168.803178][ T5275] loop4: detected capacity change from 0 to 256 [ 168.859654][ T5275] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 168.883065][ T5265] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 168.916122][ T5265] FAT-fs (loop3): Filesystem has been set read-only [ 168.951541][ T5277] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 169.476262][ T5285] loop4: detected capacity change from 0 to 64 [ 169.986476][ T5295] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 169.996181][ T5295] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 170.614791][ T5298] loop3: detected capacity change from 0 to 128 [ 170.936821][ T4294] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 171.036567][ T5307] loop4: detected capacity change from 0 to 1024 [ 171.047439][ T5287] loop1: detected capacity change from 0 to 32768 [ 171.066493][ T5307] EXT4-fs (loop4): Test dummy encryption mode enabled [ 171.146923][ T5307] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 171.156382][ T4294] usb 3-1: Using ep0 maxpacket: 32 [ 171.170622][ T4294] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 171.237705][ T4294] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 171.323481][ T4294] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 171.382627][ T4294] usb 3-1: Product: syz [ 171.386858][ T4294] usb 3-1: Manufacturer: syz [ 171.406923][ T4294] usb 3-1: SerialNumber: syz [ 171.429256][ T4294] usb 3-1: config 0 descriptor?? [ 171.438440][ T5312] netlink: 136 bytes leftover after parsing attributes in process `syz.1.243'. [ 171.447727][ T5299] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 171.464630][ T4294] hub 3-1:0.0: bad descriptor, ignoring hub [ 171.477852][ T4294] hub: probe of 3-1:0.0 failed with error -5 [ 171.806518][ T4294] usb 3-1: USB disconnect, device number 12 [ 171.898786][ T5307] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 171.952332][ T5315] loop1: detected capacity change from 0 to 32768 [ 171.962293][ T5315] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.244 (5315) [ 171.977277][ T4379] kworker/u4:11: attempt to access beyond end of device [ 171.977277][ T4379] loop3: rw=1, sector=865, nr_sectors = 8 limit=128 [ 172.003999][ T5315] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 172.014294][ T5315] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 172.015325][ T5307] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 172.023028][ T5315] BTRFS info (device loop1): setting nodatacow, compression disabled [ 172.023184][ T5315] BTRFS info (device loop1): turning on sync discard [ 172.045562][ T5315] BTRFS info (device loop1): setting datacow [ 172.051675][ T5315] BTRFS info (device loop1): doing ref verification [ 172.058320][ T5315] BTRFS info (device loop1): turning off barriers [ 172.064911][ T5315] BTRFS info (device loop1): enabling ssd optimizations [ 172.071986][ T5315] BTRFS info (device loop1): using spread ssd allocation scheme [ 172.079749][ T5315] BTRFS info (device loop1): setting datasum [ 172.085890][ T5315] BTRFS info (device loop1): turning on barriers [ 172.092364][ T5315] BTRFS info (device loop1): not using ssd optimizations [ 172.099433][ T5315] BTRFS info (device loop1): not using spread ssd allocation scheme [ 172.107560][ T5315] BTRFS info (device loop1): using free space tree [ 172.203412][ T4254] EXT4-fs (loop4): unmounting filesystem. [ 172.622573][ T4258] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 172.757233][ T5345] loop3: detected capacity change from 0 to 2048 [ 172.880317][ T5345] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 173.383771][ T5337] loop4: detected capacity change from 0 to 32768 [ 173.436319][ T5355] netlink: 16 bytes leftover after parsing attributes in process `syz.3.253'. [ 173.490033][ T5337] XFS (loop4): Mounting V5 Filesystem [ 174.170727][ T5337] XFS (loop4): Ending clean mount [ 174.250599][ T5337] XFS (loop4): Quotacheck needed: Please wait. [ 174.466471][ T5337] XFS (loop4): Quotacheck: Done. [ 174.886407][ T5343] loop2: detected capacity change from 0 to 32768 [ 174.996783][ T5384] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 175.006032][ T5384] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 175.268497][ T5343] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.248 (5343) [ 175.576767][ T5343] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 175.630684][ T5343] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 175.650493][ T5343] BTRFS info (device loop2): setting nodatacow, compression disabled [ 175.658750][ T5343] BTRFS info (device loop2): enabling auto defrag [ 175.684805][ T4254] XFS (loop4): Unmounting Filesystem [ 175.709134][ T5343] BTRFS info (device loop2): max_inline at 0 [ 175.726567][ T5343] BTRFS info (device loop2): using free space tree [ 175.881391][ T5343] BTRFS error (device loop2): open_ctree failed: -12 [ 176.024934][ T4725] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by udevd (4725) [ 176.724116][ T5417] loop3: detected capacity change from 0 to 128 [ 176.865948][ T5378] loop1: detected capacity change from 0 to 32768 [ 177.003764][ T5378] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 scanned by syz.1.256 (5378) [ 177.775298][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 177.775315][ T27] audit: type=1326 audit(1749571870.507:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5423 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 177.842204][ T75] kworker/u4:4: attempt to access beyond end of device [ 177.842204][ T75] loop3: rw=1, sector=145, nr_sectors = 896 limit=128 [ 177.903304][ T27] audit: type=1326 audit(1749571870.537:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5423 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 177.925933][ T27] audit: type=1326 audit(1749571870.537:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5423 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 177.959526][ T27] audit: type=1326 audit(1749571870.537:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5423 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 178.034797][ T27] audit: type=1326 audit(1749571870.537:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5423 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 178.169182][ T27] audit: type=1326 audit(1749571870.537:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5423 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 178.809475][ T27] audit: type=1326 audit(1749571870.537:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5423 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 179.046349][ T5440] loop4: detected capacity change from 0 to 2048 [ 179.093520][ T27] audit: type=1326 audit(1749571870.567:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5423 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 179.177095][ T5440] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 180.280200][ C0] sched: RT throttling activated [ 180.281117][ T5440] UDF-fs: warning (device loop4): udf_fill_super: No partition found (2) [ 180.819000][ T27] audit: type=1326 audit(1749571870.567:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5423 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=192 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 180.992264][ T27] audit: type=1326 audit(1749571870.567:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5423 comm="syz.0.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 181.599338][ T5468] netlink: 12 bytes leftover after parsing attributes in process `syz.3.277'. [ 182.308601][ T5490] loop4: detected capacity change from 0 to 1024 [ 183.768176][ T5471] loop1: detected capacity change from 0 to 32768 [ 183.778079][ T5498] loop3: detected capacity change from 0 to 2048 [ 183.873112][ T5498] Alternate GPT is invalid, using primary GPT. [ 183.908162][ T5498] loop3: p1 p2 p3 [ 183.949659][ T5471] XFS (loop1): Mounting V5 Filesystem [ 184.147784][ T5471] XFS (loop1): Ending clean mount [ 184.191799][ T5471] XFS (loop1): Quotacheck needed: Please wait. [ 184.280790][ T5471] XFS (loop1): Quotacheck: Done. [ 184.382395][ T4725] udevd[4725]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 184.418603][ T27] kauditd_printk_skb: 26 callbacks suppressed [ 184.418619][ T27] audit: type=1804 audit(1749571877.147:51): pid=5471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.279" name="/newroot/52/file0/bus" dev="loop1" ino=9291 res=1 errno=0 [ 184.478570][ T4354] udevd[4354]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 184.492888][ T4960] udevd[4960]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 184.598569][ T27] audit: type=1804 audit(1749571877.207:52): pid=5471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.279" name="/newroot/52/file0/bus" dev="loop1" ino=9291 res=1 errno=0 [ 184.658302][ T4258] XFS (loop1): Unmounting Filesystem [ 185.077128][ T5521] 9pnet: Could not find request transport: 0xffffffffffffffff [ 186.292591][ T5515] loop4: detected capacity change from 0 to 32768 [ 186.524682][ T5541] atomic_op ffff888030396198 conn xmit_atomic 0000000000000000 [ 187.614603][ T5543] loop2: detected capacity change from 0 to 64 [ 187.799440][ T5515] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.291 (5515) [ 188.181956][ T5540] loop3: detected capacity change from 0 to 64 [ 188.320301][ T5515] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 188.369994][ T5515] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 188.401805][ T5515] BTRFS info (device loop4): setting nodatacow, compression disabled [ 188.462631][ T5515] BTRFS info (device loop4): turning on sync discard [ 188.528809][ T5515] BTRFS info (device loop4): setting datacow [ 188.570995][ T5515] BTRFS info (device loop4): doing ref verification [ 188.600305][ T5515] BTRFS info (device loop4): turning off barriers [ 188.624740][ T5515] BTRFS info (device loop4): enabling ssd optimizations [ 188.634814][ T5552] loop3: detected capacity change from 0 to 16 [ 188.667145][ T5515] BTRFS info (device loop4): using spread ssd allocation scheme [ 188.675143][ T5515] BTRFS info (device loop4): setting datasum [ 188.682072][ T5515] BTRFS info (device loop4): turning on barriers [ 188.688627][ T5515] BTRFS info (device loop4): not using ssd optimizations [ 188.696155][ T5515] BTRFS info (device loop4): not using spread ssd allocation scheme [ 188.704462][ T5515] BTRFS info (device loop4): using free space tree [ 188.725490][ T5552] erofs: (device loop3): mounted with root inode @ nid 36. [ 189.415549][ T5515] BTRFS error (device loop4): open_ctree failed: -12 [ 190.077992][ T4354] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by udevd (4354) [ 190.234256][ T5574] loop2: detected capacity change from 0 to 4096 [ 190.264631][ T5574] ntfs3: Unknown parameter 'windows_names' [ 190.299372][ T5581] netlink: 96 bytes leftover after parsing attributes in process `syz.1.308'. [ 190.541307][ T5587] netlink: 20 bytes leftover after parsing attributes in process `syz.3.311'. [ 190.855816][ T5594] tipc: Started in network mode [ 190.883291][ T5594] tipc: Node identity 4, cluster identity 4711 [ 190.893083][ T5594] tipc: Node number set to 4 [ 190.960403][ T4336] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 191.160296][ T4336] usb 3-1: Using ep0 maxpacket: 32 [ 191.176291][ T4336] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 191.234712][ T4336] usb 3-1: config 0 has no interface number 0 [ 191.288201][ T4336] usb 3-1: config 0 interface 184 has no altsetting 0 [ 191.405302][ T4336] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 191.426938][ T4336] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.450927][ T4336] usb 3-1: Product: syz [ 191.455335][ T4336] usb 3-1: Manufacturer: syz [ 191.477545][ T4336] usb 3-1: SerialNumber: syz [ 191.493043][ T4336] usb 3-1: config 0 descriptor?? [ 191.507150][ T4336] smsc75xx v1.0.0 [ 191.514923][ T4336] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 191.532557][ T5570] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 191.551051][ T4336] smsc75xx: probe of 3-1:0.184 failed with error -22 [ 191.720501][ T5570] usb 2-1: Using ep0 maxpacket: 32 [ 191.732415][ T5570] usb 2-1: unable to get BOS descriptor or descriptor too short [ 191.781623][ T5570] usb 2-1: config 5 has an invalid interface number: 74 but max is 0 [ 191.815189][ T5570] usb 2-1: config 5 has no interface number 0 [ 191.855469][ T5570] usb 2-1: config 5 interface 74 altsetting 3 has an invalid endpoint with address 0x80, skipping [ 191.914916][ T5570] usb 2-1: config 5 interface 74 altsetting 3 has an invalid endpoint descriptor of length 5, skipping [ 191.967064][ T5570] usb 2-1: config 5 interface 74 altsetting 3 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 192.056061][ T5570] usb 2-1: config 5 interface 74 has no altsetting 0 [ 192.107070][ T5570] usb 2-1: New USB device found, idVendor=0403, idProduct=fc0f, bcdDevice=9a.bf [ 192.186068][ T5570] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.227943][ T5570] usb 2-1: Product: syz [ 192.248797][ T5570] usb 2-1: Manufacturer: syz [ 192.278380][ T5570] usb 2-1: SerialNumber: syz [ 192.533268][ T5570] ftdi_sio 2-1:5.74: FTDI USB Serial Device converter detected [ 192.555357][ T5570] ftdi_sio ttyUSB0: unknown device type: 0x9abf [ 192.600068][ T5570] usb 2-1: USB disconnect, device number 3 [ 192.654202][ T5570] ftdi_sio 2-1:5.74: device disconnected [ 192.714238][ T5625] netlink: 4 bytes leftover after parsing attributes in process `syz.3.326'. [ 193.572828][ T5635] usb usb1: usbfs: process 5635 (syz.4.330) did not claim interface 0 before use [ 194.234647][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.501455][ T5570] usb 3-1: USB disconnect, device number 13 [ 194.575175][ T4336] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 194.772277][ T4336] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 194.812537][ T4336] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 194.865954][ T4336] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 194.891264][ T4336] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.932871][ T5646] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 195.151421][ T5675] netlink: 4 bytes leftover after parsing attributes in process `syz.0.345'. [ 195.168760][ T4336] usb 4-1: USB disconnect, device number 6 [ 195.460406][ T4294] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 195.654519][ T4294] usb 3-1: Using ep0 maxpacket: 32 [ 195.779211][ T5694] capability: warning: `syz.2.346' uses deprecated v2 capabilities in a way that may be insecure [ 195.878339][ T4294] usb 3-1: unable to get BOS descriptor or descriptor too short [ 195.896765][ T4294] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 195.915971][ T4294] usb 3-1: can't read configurations, error -71 [ 196.848958][ T5718] netlink: 4 bytes leftover after parsing attributes in process `syz.4.361'. [ 197.529886][ T5738] ALSA: mixer_oss: invalid OSS volume '' [ 197.556325][ T5738] ALSA: mixer_oss: invalid OSS volume '' [ 197.577676][ T5738] ALSA: mixer_oss: invalid OSS volume '' [ 197.587243][ T5738] ALSA: mixer_oss: invalid OSS volume '' [ 198.262417][ T5750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.374'. [ 198.271894][ T5750] netlink: 24 bytes leftover after parsing attributes in process `syz.0.374'. [ 198.286034][ T5752] sg_write: data in/out 142/98 bytes for SCSI command 0x5-- guessing data in; [ 198.286034][ T5752] program syz.2.375 not setting count and/or reply_len properly [ 198.340084][ T5753] netlink: 24 bytes leftover after parsing attributes in process `syz.0.374'. [ 198.487014][ T27] audit: type=1326 audit(1749571891.217:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5757 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ce8d8e929 code=0x7ffc0000 [ 198.532395][ T27] audit: type=1326 audit(1749571891.217:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5757 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ce8d8e929 code=0x7ffc0000 [ 198.589075][ T27] audit: type=1326 audit(1749571891.227:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5757 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f5ce8d8e929 code=0x7ffc0000 [ 198.612245][ T27] audit: type=1326 audit(1749571891.227:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5757 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ce8d8e929 code=0x7ffc0000 [ 198.634343][ C1] vkms_vblank_simulate: vblank timer overrun [ 198.657417][ T27] audit: type=1326 audit(1749571891.227:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5757 comm="syz.4.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ce8d8e929 code=0x7ffc0000 [ 198.800423][ T4430] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 198.872574][ T5765] netlink: 48 bytes leftover after parsing attributes in process `syz.4.380'. [ 198.960422][ T4430] usb 2-1: device descriptor read/64, error -71 [ 198.982393][ T5770] netlink: 4 bytes leftover after parsing attributes in process `syz.2.382'. [ 199.233065][ T4430] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 199.419355][ T4430] usb 2-1: device descriptor read/64, error -71 [ 199.501292][ T5785] netlink: 4 bytes leftover after parsing attributes in process `syz.3.387'. [ 199.550576][ T4430] usb usb2-port1: attempt power cycle [ 199.974797][ T4430] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 200.035715][ T4430] usb 2-1: device descriptor read/8, error -71 [ 200.314693][ T4430] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 200.364037][ T4430] usb 2-1: device descriptor read/8, error -71 [ 200.494744][ T4430] usb usb2-port1: unable to enumerate USB device [ 200.845656][ T4336] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 201.042084][ T4336] usb 5-1: config 0 has no interfaces? [ 201.055581][ T4336] usb 5-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=ec.5c [ 201.120332][ T4336] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.157385][ T4336] usb 5-1: Product: syz [ 201.170703][ T4336] usb 5-1: Manufacturer: syz [ 201.189605][ T4336] usb 5-1: SerialNumber: syz [ 201.217747][ T4336] usb 5-1: config 0 descriptor?? [ 201.269392][ T5821] netlink: 12 bytes leftover after parsing attributes in process `syz.1.402'. [ 201.430760][ T4256] Bluetooth: hci0: command 0x0406 tx timeout [ 201.437351][ T4265] Bluetooth: hci4: command 0x0406 tx timeout [ 201.444435][ T48] Bluetooth: hci1: command 0x0406 tx timeout [ 201.450587][ T4259] Bluetooth: hci3: command 0x0406 tx timeout [ 201.456629][ T4262] Bluetooth: hci2: command 0x0406 tx timeout [ 201.470118][ T5262] usb 5-1: USB disconnect, device number 4 [ 201.707301][ T27] audit: type=1326 audit(1749571894.437:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5828 comm="syz.1.405" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a8bb8e929 code=0x0 [ 201.744337][ T5814] sctp: [Deprecated]: syz.0.397 (pid 5814) Use of int in maxseg socket option. [ 201.744337][ T5814] Use struct sctp_assoc_value instead [ 201.970313][ T5832] netlink: 12 bytes leftover after parsing attributes in process `syz.3.404'. [ 202.009589][ T5832] netlink: 20 bytes leftover after parsing attributes in process `syz.3.404'. [ 202.168178][ T5836] mmap: syz.0.397 (5836) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 202.580396][ T5262] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 202.809317][ T5262] usb 5-1: config 0 has no interfaces? [ 202.819458][ T5262] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 202.880919][ T5262] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.888998][ T5262] usb 5-1: Product: syz [ 202.939698][ T5262] usb 5-1: Manufacturer: syz [ 202.960207][ T5262] usb 5-1: SerialNumber: syz [ 202.992101][ T5262] usb 5-1: config 0 descriptor?? [ 203.490296][ T26] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 203.701832][ T26] usb 3-1: config 0 has no interfaces? [ 203.720314][ T5262] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 203.728593][ T26] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 203.768611][ T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.808513][ T26] usb 3-1: Product: syz [ 203.824468][ T26] usb 3-1: Manufacturer: syz [ 203.849848][ T26] usb 3-1: SerialNumber: syz [ 203.885828][ T26] usb 3-1: config 0 descriptor?? [ 203.982134][ T5262] usb 2-1: config 0 has no interfaces? [ 204.018502][ T5262] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 204.053167][ T5262] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.112618][ T5262] usb 2-1: Product: syz [ 204.127342][ T5262] usb 2-1: Manufacturer: syz [ 204.148135][ T5851] device netdevsim0 entered promiscuous mode [ 204.157584][ T5262] usb 2-1: SerialNumber: syz [ 204.178142][ T5851] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 204.209793][ T5262] usb 2-1: config 0 descriptor?? [ 204.651578][ T27] audit: type=1326 audit(1749571897.387:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5852 comm="syz.1.411" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a8bb8e929 code=0x0 [ 204.750391][ T5570] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 204.855474][ T5262] usb 2-1: USB disconnect, device number 8 [ 204.960633][ T5570] usb 4-1: Using ep0 maxpacket: 32 [ 204.969096][ T5570] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 205.008896][ T5570] usb 4-1: config 0 has no interfaces? [ 205.035571][ T5570] usb 4-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b [ 205.066378][ T5570] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.104941][ T5570] usb 4-1: Product: syz [ 205.137387][ T5570] usb 4-1: Manufacturer: syz [ 205.176134][ T5570] usb 4-1: SerialNumber: syz [ 205.218467][ T5570] usb 4-1: config 0 descriptor?? [ 205.489349][ T5570] usb 4-1: USB disconnect, device number 7 [ 206.149972][ T5262] usb 5-1: USB disconnect, device number 5 [ 206.480918][ T27] audit: type=1326 audit(1749571899.217:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5876 comm="syz.0.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 206.582673][ T27] audit: type=1326 audit(1749571899.237:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5876 comm="syz.0.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 206.719272][ T27] audit: type=1326 audit(1749571899.237:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5876 comm="syz.0.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=303 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 206.823895][ T27] audit: type=1326 audit(1749571899.237:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5876 comm="syz.0.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 206.919169][ T27] audit: type=1326 audit(1749571899.237:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5876 comm="syz.0.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 207.010581][ T4336] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 207.036451][ T27] audit: type=1326 audit(1749571899.237:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5876 comm="syz.0.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 207.137964][ T5570] usb 3-1: USB disconnect, device number 16 [ 207.184307][ T27] audit: type=1326 audit(1749571899.237:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5876 comm="syz.0.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db8e929 code=0x7ffc0000 [ 207.213105][ T4336] usb 4-1: unable to get BOS descriptor or descriptor too short [ 207.234523][ T4336] usb 4-1: not running at top speed; connect to a high speed hub [ 207.304765][ T4336] usb 4-1: config 1 interface 0 altsetting 4 endpoint 0x82 has invalid maxpacket 1023, setting to 64 [ 207.438153][ T5891] netlink: 'syz.4.422': attribute type 3 has an invalid length. [ 207.438933][ T4336] usb 4-1: config 1 interface 0 has no altsetting 0 [ 207.453073][ T5891] netlink: 7 bytes leftover after parsing attributes in process `syz.4.422'. [ 207.628019][ T4336] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 207.667858][ T4336] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.779532][ T4336] usb 4-1: Product: syz [ 207.824729][ T4336] usb 4-1: Manufacturer: syz [ 207.862194][ T4336] usb 4-1: SerialNumber: syz [ 208.007358][ T5881] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 208.137088][ T5899] ptrace attach of "./syz-executor exec"[4264] was attempted by "./syz-executor exec"[5899] [ 208.805911][ T5881] netlink: 36 bytes leftover after parsing attributes in process `syz.3.418'. [ 208.902716][ T5915] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.947385][ T5915] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.977684][ T5915] netlink: 36 bytes leftover after parsing attributes in process `syz.3.418'. [ 209.338859][ T5881] netlink: 36 bytes leftover after parsing attributes in process `syz.3.418'. [ 209.554570][ T5915] netlink: 36 bytes leftover after parsing attributes in process `syz.3.418'. [ 210.244212][ T5881] netlink: 36 bytes leftover after parsing attributes in process `syz.3.418'. [ 210.884109][ T5915] netlink: 36 bytes leftover after parsing attributes in process `syz.3.418'. [ 210.935464][ T4336] usb 4-1: bad CDC descriptors [ 210.965424][ T4336] usb 4-1: USB disconnect, device number 8 [ 212.258658][ T5972] netlink: 12 bytes leftover after parsing attributes in process `syz.2.446'. [ 212.435722][ T5977] input: syz0 as /devices/virtual/input/input7 [ 212.987703][ T5982] netlink: 4 bytes leftover after parsing attributes in process `syz.1.444'. [ 212.997619][ T5982] device bridge_slave_1 left promiscuous mode [ 213.016303][ T5982] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.045323][ T5982] device bridge_slave_0 left promiscuous mode [ 213.052032][ T5982] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.496484][ T5988] netlink: 28 bytes leftover after parsing attributes in process `syz.4.449'. [ 213.509515][ T5988] netlink: 28 bytes leftover after parsing attributes in process `syz.4.449'. [ 213.533632][ T5988] device dummy0 entered promiscuous mode [ 213.547908][ T5988] device team0 entered promiscuous mode [ 213.558014][ T5988] device team_slave_0 entered promiscuous mode [ 213.579416][ T5988] device team_slave_1 entered promiscuous mode [ 213.610426][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 214.020465][ T6008] netlink: 12 bytes leftover after parsing attributes in process `syz.4.456'. [ 214.059036][ T6008] device vlan2 entered promiscuous mode [ 214.690393][ T5262] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 214.820764][ T4294] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 214.901971][ T5262] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 214.944832][ T5262] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 215.009470][ T5262] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 215.011646][ T4294] usb 3-1: Using ep0 maxpacket: 16 [ 215.043814][ T4294] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 215.075811][ T4294] usb 3-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.00 [ 215.085866][ T5262] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 215.099045][ T4294] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.123656][ T4294] usb 3-1: config 0 descriptor?? [ 215.148830][ T5262] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 215.169543][ T5262] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 215.169723][ T4294] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input8 [ 215.178242][ T5262] usb 4-1: Manufacturer: syz [ 215.224505][ T5262] usb 4-1: config 0 descriptor?? [ 215.377401][ T3610] bcm5974 3-1:0.0: could not read from device [ 215.398258][ T4294] usb 3-1: USB disconnect, device number 17 [ 215.414595][ T3610] bcm5974 3-1:0.0: could not read from device [ 215.663490][ T5262] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 215.686681][ T5262] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 215.759902][ T5262] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 217.628431][ T6052] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 218.166975][ T5256] usb 4-1: USB disconnect, device number 9 [ 218.460343][ T4430] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 218.673650][ T4430] usb 5-1: config 1 interface 0 altsetting 2 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 218.725328][ T4430] usb 5-1: config 1 interface 0 has no altsetting 0 [ 218.806976][ T4430] usb 5-1: New USB device found, idVendor=0b05, idProduct=1854, bcdDevice= 0.40 [ 218.858067][ T4430] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.930640][ T4430] usb 5-1: Product: ఖ夏ᆪꃥ嶺꺹䈛본嚽벊賎⡎浳풑溪ቸ⚽Ꟗ嶭덈귙逦㬅듓刁鰵弨ನ瘒直蜺㜴˂랆␉ഘ㔬䫂萮䩍槏۝䵑 [ 219.074011][ T4430] usb 5-1: Manufacturer:   [ 219.104318][ T4430] usb 5-1: SerialNumber: syz [ 219.325962][ T5256] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 219.404994][ T6083] netlink: 16 bytes leftover after parsing attributes in process `syz.1.484'. [ 219.520525][ T5256] usb 4-1: Using ep0 maxpacket: 32 [ 219.532299][ T5256] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 219.605790][ T5256] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 219.669557][ T5256] usb 4-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00 [ 219.732283][ T5256] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.807037][ T5256] usb 4-1: config 0 descriptor?? [ 220.232268][ T5256] hid-generic 0003:0C70:F0B6.0002: item fetching failed at offset 0/3 [ 220.258022][ T5256] hid-generic: probe of 0003:0C70:F0B6.0002 failed with error -22 [ 220.668208][ T5256] usb 4-1: USB disconnect, device number 10 [ 220.826614][ T4430] usbhid 5-1:1.0: can't add hid device: -71 [ 220.836876][ T4430] usbhid: probe of 5-1:1.0 failed with error -71 [ 220.873380][ T4430] usb 5-1: USB disconnect, device number 6 [ 221.086752][ T6104] delete_channel: no stack [ 221.626312][ T6107] netlink: 44 bytes leftover after parsing attributes in process `syz.4.491'. [ 221.656434][ T6107] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.664475][ T6107] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.210426][ T5260] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 222.410282][ T5260] usb 5-1: Using ep0 maxpacket: 8 [ 222.419476][ T5260] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 222.513599][ T5260] usb 5-1: config 179 has no interface number 0 [ 222.560365][ T5260] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 222.586095][ T5260] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 222.670587][ T5260] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 222.719368][ T5260] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 222.736951][ T5260] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 222.762187][ T5260] usb 5-1: config 179 interface 65 has no altsetting 0 [ 222.783079][ T5260] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 222.839822][ T5260] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.998501][ T5260] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input9 [ 223.129664][ T6111] input: syz1 as /devices/virtual/input/input10 [ 224.060370][ T5260] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 224.250372][ T5260] usb 2-1: Using ep0 maxpacket: 16 [ 224.275463][ T5260] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xD7, skipping [ 224.321469][ T5260] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 224.363532][ T5260] usb 2-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 224.380998][ T5260] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.431557][ T5260] usb 2-1: Product: syz [ 224.446214][ T5260] usb 2-1: Manufacturer: syz [ 224.474665][ T5260] usb 2-1: SerialNumber: syz [ 224.510317][ T4336] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 224.552446][ T5260] usb 2-1: config 0 descriptor?? [ 224.587843][ T5260] appledisplay 2-1:0.0: Could not find int-in endpoint [ 224.607484][ T5260] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 224.727602][ T4336] usb 4-1: config 0 has no interfaces? [ 224.766902][ T4336] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 224.777039][ T4336] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.793421][ T4336] usb 4-1: Product: syz [ 224.797749][ T4336] usb 4-1: Manufacturer: syz [ 224.803162][ T4336] usb 4-1: SerialNumber: syz [ 224.826680][ T4336] usb 4-1: config 0 descriptor?? [ 225.245072][ T6150] program syz.3.503 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 225.332255][ T6141] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 225.353570][ T6141] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 225.374471][ T6141] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 225.385559][ T6141] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 225.402255][ T6141] device geneve2 entered promiscuous mode [ 225.454353][ T6141] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 225.473464][ T6141] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 225.497450][ T6141] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 225.508943][ T6141] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 225.989798][ T4336] usb 5-1: USB disconnect, device number 7 [ 225.995900][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 226.047244][ T4336] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 226.776550][ T5570] usb 2-1: USB disconnect, device number 9 [ 228.140923][ T4336] usb 4-1: USB disconnect, device number 11 [ 228.721158][ T6193] delete_channel: no stack [ 228.962316][ T6201] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 229.812360][ T6226] netlink: 40 bytes leftover after parsing attributes in process `syz.3.533'. [ 230.095381][ T6233] bridge0: port 3(vlan2) entered blocking state [ 230.124660][ T6233] bridge0: port 3(vlan2) entered disabled state [ 230.145070][ T6233] device vlan2 entered promiscuous mode [ 230.153697][ T6233] device bond0 entered promiscuous mode [ 230.165147][ T6233] device bond_slave_0 entered promiscuous mode [ 230.179970][ T6233] device bond_slave_1 entered promiscuous mode [ 230.204236][ T6233] bridge0: port 3(vlan2) entered blocking state [ 230.210799][ T6233] bridge0: port 3(vlan2) entered forwarding state [ 230.236082][ T6235] netlink: 24 bytes leftover after parsing attributes in process `syz.1.539'. [ 230.690290][ T5570] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 230.884717][ T5570] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 230.898817][ T5570] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.915902][ T5570] usb 3-1: Product: syz [ 230.920668][ T4430] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 230.944061][ T5570] usb 3-1: Manufacturer: syz [ 230.963080][ T5570] usb 3-1: SerialNumber: syz [ 231.009579][ T5570] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 231.132742][ T4430] usb 2-1: config 0 has no interfaces? [ 231.165053][ T4430] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 231.179325][ T5570] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 231.209224][ T4430] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.236070][ T4430] usb 2-1: Product: syz [ 231.245258][ T4430] usb 2-1: Manufacturer: syz [ 231.262401][ T4430] usb 2-1: SerialNumber: syz [ 231.290975][ T4430] usb 2-1: config 0 descriptor?? [ 231.389277][ T6241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 231.466603][ T6241] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 231.569618][ T5260] usb 3-1: USB disconnect, device number 18 [ 232.310287][ T5570] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 232.340093][ T5570] ath9k_htc: Failed to initialize the device [ 232.377756][ T5260] usb 3-1: ath9k_htc: USB layer deinitialized [ 232.456773][ T6275] tipc: MTU too low for tipc bearer [ 233.088775][ T6286] netlink: 16 bytes leftover after parsing attributes in process `syz.2.552'. [ 233.967055][ T6304] netlink: 164 bytes leftover after parsing attributes in process `syz.4.561'. [ 234.770802][ T6317] fuse: Unknown parameter 'user_id00000000000000000000' [ 235.425243][ T5570] usb 2-1: USB disconnect, device number 10 [ 235.730976][ T27] audit: type=1326 audit(1749571928.467:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f724a72ab19 code=0x7ffc0000 [ 235.832669][ T27] audit: type=1326 audit(1749571928.467:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f724a78e929 code=0x7ffc0000 [ 235.916052][ T27] audit: type=1326 audit(1749571928.467:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f724a78e929 code=0x7ffc0000 [ 235.978984][ T27] audit: type=1326 audit(1749571928.487:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f724a72ab19 code=0x7ffc0000 [ 236.070261][ T27] audit: type=1326 audit(1749571928.487:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f724a72ab19 code=0x7ffc0000 [ 236.145570][ T27] audit: type=1326 audit(1749571928.487:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f724a78e929 code=0x7ffc0000 [ 236.168094][ T26] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 236.218833][ T27] audit: type=1326 audit(1749571928.487:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f724a72ab19 code=0x7ffc0000 [ 236.360405][ T26] usb 2-1: Using ep0 maxpacket: 32 [ 236.371417][ T27] audit: type=1326 audit(1749571928.487:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f724a72ab19 code=0x7ffc0000 [ 236.410574][ T26] usb 2-1: config 0 has an invalid interface number: 37 but max is 1 [ 236.476274][ T26] usb 2-1: config 0 has no interface number 1 [ 236.534830][ T26] usb 2-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=20.a3 [ 236.580317][ T27] audit: type=1326 audit(1749571928.487:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f724a78e929 code=0x7ffc0000 [ 236.610232][ T26] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.650355][ T26] usb 2-1: Product: syz [ 236.685023][ T26] usb 2-1: Manufacturer: syz [ 236.707464][ T26] usb 2-1: SerialNumber: syz [ 236.710822][ T27] audit: type=1326 audit(1749571928.487:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.3.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f724a78e929 code=0x7ffc0000 [ 236.761207][ T26] usb 2-1: config 0 descriptor?? [ 236.797133][ T6341] netlink: 12 bytes leftover after parsing attributes in process `syz.0.572'. [ 236.878970][ T6341] 8021q: VLANs not supported on vcan0 [ 236.981361][ T26] usb 2-1: USB disconnect, device number 11 [ 237.405442][ T6356] netlink: 'syz.4.579': attribute type 1 has an invalid length. [ 237.452420][ T6356] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 237.468173][ T6356] 8021q: adding VLAN 0 to HW filter on device bond1 [ 237.468266][ T46] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 237.503176][ T4379] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 237.536995][ T6356] netlink: 28 bytes leftover after parsing attributes in process `syz.4.579'. [ 237.805350][ T6356] bond1 (unregistering): (slave ip6gretap1): Removing an active aggregator [ 237.817992][ T6356] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 237.843595][ T6356] bond1 (unregistering): Released all slaves [ 238.887709][ T6390] input: syz1 as /devices/virtual/input/input11 [ 239.734451][ T6404] loop4: detected capacity change from 0 to 128 [ 239.791388][ T6404] EXT4-fs: Ignoring removed nobh option [ 239.812855][ T6404] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 239.853642][ T4354] udevd[4354]: incorrect ext4 checksum on /dev/loop4 [ 239.937476][ T6404] loop4: detected capacity change from 0 to 256 [ 240.004887][ T6404] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 240.124707][ T6414] loop3: detected capacity change from 0 to 512 [ 240.168467][ T6414] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 240.217538][ T6414] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a80ce01c, mo2=0002] [ 240.241181][ T6414] System zones: 1-12 [ 240.246426][ T6414] EXT4-fs (loop3): orphan cleanup on readonly fs [ 240.299854][ T6414] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.599: invalid indirect mapped block 12 (level 1) [ 240.324844][ T6414] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.599: invalid indirect mapped block 2 (level 2) [ 240.360595][ T6414] EXT4-fs (loop3): 1 truncate cleaned up [ 240.366566][ T6414] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 240.494269][ T4253] EXT4-fs (loop3): unmounting filesystem. [ 241.753231][ T6423] loop3: detected capacity change from 0 to 32768 [ 243.602906][ T6423] JBD2: Ignoring recovery information on journal [ 243.684958][ T6429] overlayfs: missing 'workdir' [ 243.989997][ T6423] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 244.630325][ T5260] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 244.816127][ T4253] ocfs2: Unmounting device (7,3) on (node local) [ 244.856780][ T5260] usb 5-1: config 0 has no interfaces? [ 244.865517][ T5260] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 244.916290][ T5260] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 244.970398][ T5260] usb 5-1: Product: syz [ 244.974654][ T5260] usb 5-1: Manufacturer: syz [ 244.979244][ T5260] usb 5-1: SerialNumber: syz [ 245.028009][ T5260] usb 5-1: config 0 descriptor?? [ 245.280296][ T26] usb 2-1: new low-speed USB device number 12 using dummy_hcd [ 245.307556][ T5260] usb 5-1: USB disconnect, device number 8 [ 245.474399][ T26] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 245.497175][ T26] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 245.526729][ T26] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 30050, setting to 8 [ 245.553114][ T26] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 245.583578][ T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.616174][ T6448] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 245.637219][ T26] hub 2-1:1.0: bad descriptor, ignoring hub [ 245.651706][ T26] hub: probe of 2-1:1.0 failed with error -5 [ 245.712790][ T26] cdc_wdm 2-1:1.0: skipping garbage [ 245.728952][ T26] cdc_wdm 2-1:1.0: skipping garbage [ 245.745448][ T26] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 245.756464][ T26] cdc_wdm 2-1:1.0: Unknown control protocol [ 245.845373][ T6448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 245.870557][ T6448] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 246.044382][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 246.051273][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 246.058721][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 246.065370][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 246.077368][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 246.084017][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 246.280828][ T5262] usb 2-1: USB disconnect, device number 12 [ 247.012145][ T6470] netlink: 16 bytes leftover after parsing attributes in process `syz.1.615'. [ 247.445634][ T6471] loop1: detected capacity change from 0 to 8192 [ 247.547443][ T6471] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 247.880298][ T4430] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 249.222402][ T6478] loop3: detected capacity change from 0 to 512 [ 249.540659][ T6478] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 249.840330][ T4430] usb 2-1: Using ep0 maxpacket: 32 [ 249.887291][ T4430] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 249.895620][ T4430] usb 2-1: config 0 has no interface number 0 [ 249.904421][ T4430] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 249.913616][ T4430] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.921792][ T4430] usb 2-1: Product: syz [ 249.925984][ T4430] usb 2-1: Manufacturer: syz [ 249.930682][ T4430] usb 2-1: SerialNumber: syz [ 249.943292][ T4430] usb 2-1: config 0 descriptor?? [ 249.951615][ T4430] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 249.961879][ T4430] usb 2-1: selecting invalid altsetting 1 [ 249.968598][ T4430] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 249.984744][ T4430] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 249.995663][ T4430] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 250.004584][ T4430] usb 2-1: media controller created [ 250.027524][ T4430] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 250.254278][ T4430] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 250.310352][ T4430] zl10353_read_register: readreg error (reg=127, ret==-71) [ 250.346573][ T4430] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 250.649955][ T4430] usb 2-1: USB disconnect, device number 13 [ 252.182465][ T4430] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 252.373525][ T4430] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 252.413822][ T4430] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 252.510444][ T4430] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 252.532457][ T4430] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.549672][ T4430] usb 4-1: Product: syz [ 252.559040][ T4430] usb 4-1: Manufacturer: syz [ 252.568509][ T4430] usb 4-1: SerialNumber: syz [ 252.597560][ T4430] usb 4-1: config 0 descriptor?? [ 252.618069][ T4430] usb 4-1: ucan: probing device on interface #0 [ 252.639249][ T4430] usb 4-1: ucan: invalid EP count (0) [ 252.654466][ T4430] usb 4-1: ucan: probe failed; try to update the device firmware [ 252.816467][ T5406] usb 4-1: USB disconnect, device number 12 [ 252.913275][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802f808400: rx timeout, send abort [ 253.423167][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802f808400: abort rx timeout. Force session deactivation [ 254.080237][ T5260] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 254.302126][ T5260] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 254.340380][ T5260] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 254.387673][ T5260] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 254.449789][ T5260] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 254.500355][ T5260] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.549775][ T5260] usb 4-1: Product: syz [ 254.554415][ T5260] usb 4-1: Manufacturer: syz [ 254.559141][ T5260] usb 4-1: SerialNumber: syz [ 254.660912][ T5260] hub 4-1:1.0: bad descriptor, ignoring hub [ 254.697303][ T5260] hub: probe of 4-1:1.0 failed with error -5 [ 254.850205][ T5260] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 255.101491][ T6549] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.123994][ T6549] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 255.200605][ T4430] usb 4-1: USB disconnect, device number 13 [ 255.212980][ T4430] usblp0: removed [ 255.432862][ T6553] program syz.4.642 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 255.672921][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 257.501749][ T5262] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 257.700386][ T5262] usb 4-1: Using ep0 maxpacket: 32 [ 257.716575][ T5262] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 257.778136][ T5262] usb 4-1: config 0 has no interface number 0 [ 257.825766][ T5262] usb 4-1: config 0 interface 184 has no altsetting 0 [ 257.989925][ T5262] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 258.039205][ T5262] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.095322][ T5262] usb 4-1: Product: syz [ 258.099523][ T5262] usb 4-1: Manufacturer: syz [ 258.177409][ T5262] usb 4-1: SerialNumber: syz [ 258.217257][ T5262] usb 4-1: config 0 descriptor?? [ 258.289963][ T5262] smsc75xx v1.0.0 [ 258.333156][ T6629] netlink: 'syz.0.668': attribute type 1 has an invalid length. [ 258.350008][ T5262] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 258.464147][ T5262] smsc75xx: probe of 4-1:0.184 failed with error -22 [ 258.548496][ T6608] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 258.590620][ T6608] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 258.598467][ T6608] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 261.169645][ T6700] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 261.215429][ T6700] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 261.278720][ T6700] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 261.291780][ T6700] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 261.316978][ T6700] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 261.431234][ T26] usb 4-1: USB disconnect, device number 14 [ 262.609555][ T6738] program syz.2.701 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 262.928062][ T27] kauditd_printk_skb: 69 callbacks suppressed [ 262.928077][ T27] audit: type=1326 audit(1749571955.657:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6741 comm="syz.4.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ce8d2ab19 code=0x7ffc0000 [ 263.024666][ T27] audit: type=1326 audit(1749571955.687:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6741 comm="syz.4.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ce8d8e929 code=0x7ffc0000 [ 263.176845][ T27] audit: type=1326 audit(1749571955.687:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6741 comm="syz.4.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ce8d2ab19 code=0x7ffc0000 [ 263.344184][ T27] audit: type=1326 audit(1749571955.687:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6741 comm="syz.4.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ce8d2ab19 code=0x7ffc0000 [ 263.572394][ T27] audit: type=1326 audit(1749571955.687:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6741 comm="syz.4.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ce8d8e929 code=0x7ffc0000 [ 263.683799][ T27] audit: type=1326 audit(1749571955.697:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6741 comm="syz.4.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ce8d2ab19 code=0x7ffc0000 [ 263.817585][ T27] audit: type=1326 audit(1749571955.697:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6741 comm="syz.4.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ce8d8e929 code=0x7ffc0000 [ 263.988521][ T27] audit: type=1326 audit(1749571955.697:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6741 comm="syz.4.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ce8d2ab19 code=0x7ffc0000 [ 264.110439][ T27] audit: type=1326 audit(1749571955.697:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6741 comm="syz.4.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ce8d2ab19 code=0x7ffc0000 [ 264.255872][ T27] audit: type=1326 audit(1749571955.697:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6741 comm="syz.4.704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ce8d2ab19 code=0x7ffc0000 [ 265.596834][ T6780] netlink: 56 bytes leftover after parsing attributes in process `syz.2.715'. [ 265.977201][ T6778] team0: Port device bridge2 added [ 266.900250][ T4430] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 267.330324][ T5570] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 267.547779][ T5570] usb 2-1: config 0 has no interfaces? [ 267.554028][ T4430] usb 3-1: config 0 has no interfaces? [ 267.568413][ T5570] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 267.580315][ T4430] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 267.626108][ T5570] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.636236][ T4430] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.677878][ T5570] usb 2-1: Product: syz [ 267.688020][ T4430] usb 3-1: Product: syz [ 267.714469][ T5570] usb 2-1: Manufacturer: syz [ 267.722331][ T4430] usb 3-1: Manufacturer: syz [ 267.738256][ T5570] usb 2-1: SerialNumber: syz [ 267.746348][ T4430] usb 3-1: SerialNumber: syz [ 267.771230][ T5570] usb 2-1: config 0 descriptor?? [ 267.794319][ T4430] usb 3-1: config 0 descriptor?? [ 267.995880][ T6801] netlink: 'syz.1.720': attribute type 12 has an invalid length. [ 268.704454][ T6821] netlink: 8 bytes leftover after parsing attributes in process `syz.3.727'. [ 270.684516][ T4336] usb 3-1: USB disconnect, device number 19 [ 270.894940][ T5260] usb 2-1: USB disconnect, device number 14 [ 271.970402][ T6851] loop1: detected capacity change from 0 to 32768 [ 272.662206][ T6851] JBD2: Ignoring recovery information on journal [ 272.970898][ T6851] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 273.952300][ T4258] ocfs2: Unmounting device (7,1) on (node local) [ 274.460226][ T5262] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 274.700324][ T5262] usb 3-1: Using ep0 maxpacket: 16 [ 274.725687][ T5262] usb 3-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config [ 274.860481][ T5262] usb 3-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25 [ 274.869590][ T5262] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.064863][ T5262] usb 3-1: Product: syz [ 275.116955][ T5262] usb 3-1: Manufacturer: syz [ 275.167107][ T5262] usb 3-1: SerialNumber: syz [ 275.245718][ T5262] usb 3-1: config 0 descriptor?? [ 275.571554][ T6867] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 275.634850][ T6867] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 275.735414][ T6867] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 275.909647][ T6867] device bridge_slave_0 left promiscuous mode [ 275.951506][ T6867] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.171768][ T6867] device bridge_slave_1 left promiscuous mode [ 276.235385][ T6867] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.376389][ T6867] bond0: (slave bond_slave_0): Releasing backup interface [ 276.666618][ T6867] bond0: (slave bond_slave_1): Releasing backup interface [ 276.820401][ T5570] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 276.896450][ T6867] team0: Port device team_slave_0 removed [ 276.948849][ T6867] team0: Port device team_slave_1 removed [ 276.957447][ T6867] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 276.978468][ T6867] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 276.998021][ T6867] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 277.027636][ T27] kauditd_printk_skb: 1222 callbacks suppressed [ 277.027652][ T27] audit: type=1326 audit(1749571969.757:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.0.749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa23db8e929 code=0x7fc00000 [ 277.075385][ T6867] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 277.120546][ T5570] usb 4-1: unable to get BOS descriptor or descriptor too short [ 277.140090][ T5570] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 277.155559][ T5570] usb 4-1: can't read configurations, error -71 [ 277.216905][ T6911] loop4: detected capacity change from 0 to 512 [ 277.432505][ T6911] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2195: inode #15: comm syz.4.757: corrupted in-inode xattr [ 277.511815][ T6911] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.757: couldn't read orphan inode 15 (err -117) [ 277.545280][ T6911] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 277.808583][ T6921] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2195: inode #15: comm syz.4.757: corrupted in-inode xattr [ 277.832900][ T6921] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2195: inode #15: comm syz.4.757: corrupted in-inode xattr [ 278.208155][ T4254] EXT4-fs (loop4): unmounting filesystem. [ 278.280272][ T5570] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 278.480328][ T5570] usb 4-1: Using ep0 maxpacket: 16 [ 278.487492][ T5570] usb 4-1: config 0 has no interfaces? [ 278.541008][ T5570] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 278.590362][ T5570] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 278.669600][ T5570] usb 4-1: Manufacturer: syz [ 278.676353][ T5570] usb 4-1: config 0 descriptor?? [ 278.808111][ T5262] usb 3-1: USB disconnect, device number 20 [ 278.938670][ T6925] device lo entered promiscuous mode [ 278.960731][ T6925] device tunl0 entered promiscuous mode [ 278.987507][ T6925] device gre0 entered promiscuous mode [ 279.038055][ T6925] device gretap0 entered promiscuous mode [ 279.058216][ T6925] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 279.186396][ T6942] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 279.186752][ T5570] usb 4-1: USB disconnect, device number 16 [ 279.215812][ T6942] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 279.229732][ T6942] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 279.257463][ T6944] netlink: 'syz.2.766': attribute type 9 has an invalid length. [ 279.288722][ T6944] netlink: 'syz.2.766': attribute type 6 has an invalid length. [ 279.303028][ T6945] netlink: 180 bytes leftover after parsing attributes in process `syz.4.767'. [ 280.046442][ T6953] netlink: 4 bytes leftover after parsing attributes in process `syz.1.768'. [ 280.227338][ T6952] fuse: root generation should be zero [ 280.449556][ T6960] sock: sock_timestamping_bind_phc: sock not bind to device [ 281.094505][ T48] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 282.044603][ T27] audit: type=1326 audit(1749571974.777:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6973 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa23db2ab19 code=0x7ffc0000 [ 282.108083][ T27] audit: type=1326 audit(1749571974.777:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6973 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa23db2ab19 code=0x7ffc0000 [ 282.278709][ T27] audit: type=1326 audit(1749571974.777:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6973 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa23db2ab19 code=0x7ffc0000 [ 282.362092][ T27] audit: type=1326 audit(1749571974.777:1382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6973 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa23db2ab19 code=0x7ffc0000 [ 282.487198][ T27] audit: type=1326 audit(1749571974.777:1383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6973 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa23db2ab19 code=0x7ffc0000 [ 282.529996][ T27] audit: type=1326 audit(1749571974.777:1384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6973 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa23db2ab19 code=0x7ffc0000 [ 282.638321][ T27] audit: type=1326 audit(1749571974.777:1385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6973 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa23db2ab19 code=0x7ffc0000 [ 282.771449][ T27] audit: type=1326 audit(1749571974.777:1386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6973 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa23db2ab19 code=0x7ffc0000 [ 282.882373][ T27] audit: type=1326 audit(1749571974.777:1387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6973 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa23db2ab19 code=0x7ffc0000 [ 282.910533][ T5570] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 283.039530][ T27] audit: type=1326 audit(1749571974.777:1388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6973 comm="syz.0.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa23db2ab19 code=0x7ffc0000 [ 283.113545][ T6993] IPv6: Can't replace route, no match found [ 283.123052][ T5570] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 283.181096][ T5570] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 283.215882][ T5570] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 283.292193][ T5570] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 283.324827][ T5570] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.360834][ T5570] usb 4-1: Product: syz [ 283.369205][ T5570] usb 4-1: Manufacturer: syz [ 283.378706][ T5570] usb 4-1: SerialNumber: syz [ 283.402393][ T5570] hub 4-1:1.0: bad descriptor, ignoring hub [ 283.412186][ T5570] hub: probe of 4-1:1.0 failed with error -5 [ 283.608120][ T5570] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 17 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 284.252907][ T6985] usb 4-1: reset high-speed USB device number 17 using dummy_hcd [ 284.698800][ T5256] usb 4-1: USB disconnect, device number 17 [ 284.714365][ T5256] usblp0: removed [ 284.722984][ T7026] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 284.797765][ T7026] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 284.844654][ T7031] kernel read not supported for file / 72{W)s!Qfs2:"T+͟v|ղDvc֠6xc: (pid: 7031 comm: syz.4.798) [ 285.787996][ T7047] netlink: 12 bytes leftover after parsing attributes in process `syz.3.803'. [ 287.594365][ T7077] 8021q: VLANs not supported on caif0 [ 288.178088][ T7083] netlink: 44 bytes leftover after parsing attributes in process `syz.4.814'. [ 288.583776][ T7091] raw_sendmsg: syz.0.816 forgot to set AF_INET. Fix it! [ 289.023593][ T5262] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 289.230224][ T5262] usb 3-1: Using ep0 maxpacket: 8 [ 289.237130][ T5262] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 289.273459][ T5262] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 289.315035][ T5262] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.351603][ T5262] usb 3-1: config 0 descriptor?? [ 289.374502][ T5262] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 289.579407][ T5262] usb 3-1: USB disconnect, device number 21 [ 291.361225][ T7133] loop2: detected capacity change from 0 to 32768 [ 291.767050][ T7133] JBD2: Ignoring recovery information on journal [ 292.032898][ T7133] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 292.880711][ T4255] ocfs2: Unmounting device (7,2) on (node local) [ 293.224653][ T7147] netlink: 'syz.0.836': attribute type 4 has an invalid length. [ 293.264551][ T7147] netlink: 32 bytes leftover after parsing attributes in process `syz.0.836'. [ 293.860088][ T7150] team0: Port device bridge1 added [ 294.053567][ T26] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 294.166514][ T7176] netlink: 'syz.0.847': attribute type 12 has an invalid length. [ 294.174675][ T7176] netlink: 'syz.0.847': attribute type 29 has an invalid length. [ 294.183030][ T7176] netlink: 148 bytes leftover after parsing attributes in process `syz.0.847'. [ 294.242057][ T26] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 294.257437][ T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.296446][ T26] usb 2-1: config 0 descriptor?? [ 294.337532][ T27] kauditd_printk_skb: 152 callbacks suppressed [ 294.337552][ T27] audit: type=1326 audit(1749571987.067:1541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7152 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f724a78e929 code=0x7fc00000 [ 294.712381][ T26] elan 0003:04F3:0755.0003: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 294.835133][ T48] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 294.966852][ T5262] usb 2-1: USB disconnect, device number 15 [ 295.144145][ T7193] fido_id[7193]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 296.416708][ T7210] input: syz0 as /devices/virtual/input/input12 [ 296.520937][ T7210] netlink: 'syz.2.859': attribute type 10 has an invalid length. [ 296.628710][ T7210] netlink: 40 bytes leftover after parsing attributes in process `syz.2.859'. [ 296.658377][ T7224] vxcan1: tx drop: invalid da for name 0xfffffffffffffffc [ 296.681032][ T7210] device virt_wifi0 entered promiscuous mode [ 296.807617][ T7210] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 297.468456][ T7236] netlink: 'syz.0.864': attribute type 1 has an invalid length. [ 297.598019][ T7236] device bond1 entered promiscuous mode [ 297.610682][ T7236] 8021q: adding VLAN 0 to HW filter on device bond1 [ 297.847911][ T7240] 8021q: adding VLAN 0 to HW filter on device bond1 [ 297.857451][ T7240] bond1: (slave vxcan1): The slave device specified does not support setting the MAC address [ 297.872204][ T7240] bond1: (slave vxcan1): Setting fail_over_mac to active for active-backup mode [ 298.117590][ T7240] bond1: (slave vxcan1): making interface the new active one [ 298.128968][ T7240] device vxcan1 entered promiscuous mode [ 298.262369][ T7240] bond1: (slave vxcan1): Enslaving as an active interface with an up link [ 298.273160][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 298.499425][ T7255] trusted_key: encrypted_key: key user:syz not found [ 298.890265][ T5260] usb 3-1: new low-speed USB device number 22 using dummy_hcd [ 299.112958][ T5260] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 299.128475][ T5260] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 299.183074][ T5260] usb 3-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 299.214712][ T5260] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 299.220554][ T4430] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 299.255723][ T5260] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 299.296870][ T5260] usb 3-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 299.341378][ T5260] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 299.366352][ T5260] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 299.403458][ T5260] usb 3-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 299.424497][ T4430] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 299.451078][ T4430] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 299.467391][ T5260] usb 3-1: string descriptor 0 read error: -22 [ 299.475821][ T5260] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 299.509032][ T5260] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.524590][ T4430] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 299.558789][ T4430] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.571411][ T5260] adutux 3-1:168.0: interrupt endpoints not found [ 299.582718][ T4430] usb 2-1: config 0 descriptor?? [ 299.589535][ T7260] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 299.605375][ T4430] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 299.767046][ T4430] usb 3-1: USB disconnect, device number 22 [ 300.747395][ T7280] loop3: detected capacity change from 0 to 64 [ 300.866385][ T7285] SET target dimension over the limit! [ 301.914307][ T7295] device macvlan0 entered promiscuous mode [ 301.936278][ T7295] netlink: 'syz.3.883': attribute type 1 has an invalid length. [ 301.961018][ T7295] netlink: 'syz.3.883': attribute type 2 has an invalid length. [ 302.129274][ T7301] af_packet: tpacket_rcv: packet too big, clamped from 62 to 4294967286. macoff=82 [ 302.173849][ T26] usb 2-1: USB disconnect, device number 16 [ 302.445979][ T7310] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 302.751204][ T7317] netlink: 4 bytes leftover after parsing attributes in process `syz.2.892'. [ 303.468006][ T7337] netlink: 24 bytes leftover after parsing attributes in process `syz.0.899'. [ 307.682174][ T7400] page:ffffea00014d7600 refcount:4 mapcount:1 mapping:ffff88807b701658 index:0x0 pfn:0x535d8 [ 307.693367][ T7400] memcg:ffff88807bf74000 [ 307.697631][ T7400] aops:shmem_aops ino:478 [ 307.701974][ T7400] flags: 0xfff60000080015(locked|uptodate|lru|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 307.711797][ T7400] raw: 00fff60000080015 ffff88807bf72248 ffffea00014fe3c8 ffff88807b701658 [ 307.720402][ T7400] raw: 0000000000000000 0000000000000000 0000000400000000 ffff88807bf74000 [ 307.728991][ T7400] page dumped because: VM_BUG_ON_FOLIO(folio_mapped(folio)) [ 307.736340][ T7400] page_owner tracks the page as allocated [ 307.743056][ T7400] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 7401, tgid 7400 (syz.4.922), ts 307665283511, free_ts 307412039324 [ 307.760724][ T7400] post_alloc_hook+0x173/0x1a0 [ 307.765519][ T7400] get_page_from_freelist+0x1a26/0x1ac0 [ 307.771072][ T7400] __alloc_pages+0x1df/0x4e0 [ 307.775669][ T7400] __folio_alloc+0xe/0x30 [ 307.779998][ T7400] vma_alloc_folio+0x4a3/0x900 [ 307.784774][ T7400] shmem_alloc_and_acct_folio+0x42e/0xb60 [ 307.790506][ T7400] shmem_get_folio_gfp+0x1361/0x3400 [ 307.795808][ T7400] shmem_read_mapping_page_gfp+0x99/0x2b0 [ 307.801541][ T7400] udmabuf_create+0x981/0xf90 [ 307.806314][ T7400] udmabuf_ioctl+0x1d1/0x2c0 [ 307.810927][ T7400] __se_sys_ioctl+0xfa/0x170 [ 307.815542][ T7400] do_syscall_64+0x4c/0xa0 [ 307.819965][ T7400] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 307.825870][ T7400] page last free stack trace: [ 307.830542][ T7400] free_unref_page_prepare+0x8b4/0x9a0 [ 307.836014][ T7400] free_unref_page_list+0xbb/0x8e0 [ 307.841134][ T7400] release_pages+0x1f92/0x2200 [ 307.845909][ T7400] tlb_flush_mmu+0xff/0x210 [ 307.850447][ T7400] unmap_page_range+0x1f4a/0x2500 [ 307.855473][ T7400] unmap_vmas+0x22c/0x330 [ 307.859799][ T7400] exit_mmap+0x1cc/0x8e0 [ 307.864054][ T7400] __mmput+0x118/0x3c0 [ 307.868125][ T7400] exit_mm+0x1e6/0x2c0 [ 307.872203][ T7400] do_exit+0x8b9/0x2400 [ 307.876368][ T7400] do_group_exit+0x217/0x2d0 [ 307.880970][ T7400] get_signal+0x1272/0x1350 [ 307.885481][ T7400] arch_do_signal_or_restart+0xb0/0x1230 [ 307.891116][ T7400] exit_to_user_mode_loop+0x70/0x110 [ 307.896408][ T7400] exit_to_user_mode_prepare+0xb1/0x140 [ 307.901962][ T7400] syscall_exit_to_user_mode+0x16/0x40 [ 307.907533][ T7400] ------------[ cut here ]------------ [ 307.912986][ T7400] kernel BUG at mm/filemap.c:153! [ 307.918031][ T7400] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 307.924097][ T7400] CPU: 1 PID: 7400 Comm: syz.4.922 Not tainted 6.1.141-syzkaller #0 [ 307.932071][ T7400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 307.942125][ T7400] RIP: 0010:filemap_unaccount_folio+0x5cf/0xa80 [ 307.948381][ T7400] Code: 07 38 c1 0f 8c 19 fe ff ff 4c 89 e7 e8 4a 71 27 00 e9 0c fe ff ff e8 b0 f8 d5 ff 48 89 df 48 c7 c6 60 0d 75 8a e8 a1 e1 11 00 <0f> 0b e8 9a f8 d5 ff 48 89 df 48 c7 c6 c0 12 75 8a e8 8b e1 11 00 [ 307.968000][ T7400] RSP: 0018:ffffc90003d1f618 EFLAGS: 00010046 [ 307.974071][ T7400] RAX: d922b241ddb25c00 RBX: ffffea00014d7600 RCX: d922b241ddb25c00 [ 307.982051][ T7400] RDX: 0000000000000002 RSI: ffffffff8a6c1160 RDI: ffffffff8abf1360 [ 307.990036][ T7400] RBP: ffffc90003d1f778 R08: dffffc0000000000 R09: fffffbfff1bfd0b6 [ 307.998048][ T7400] R10: fffffbfff1bfd0b6 R11: 1ffffffff1bfd0b5 R12: dffffc0000000000 [ 308.006055][ T7400] R13: dffffc0000000000 R14: ffff88807b701658 R15: ffff88807b701660 [ 308.014054][ T7400] FS: 0000555594dfa500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 308.022989][ T7400] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 308.029584][ T7400] CR2: 0000200000000140 CR3: 000000002f3b4000 CR4: 00000000003506e0 [ 308.037577][ T7400] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 308.045552][ T7400] DR3: 0000000000008000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 308.053528][ T7400] Call Trace: [ 308.056807][ T7400] [ 308.059750][ T7400] __filemap_remove_folio+0xbb/0x860 [ 308.065059][ T7400] ? __rwlock_init+0x140/0x140 [ 308.069855][ T7400] ? __bpf_trace_file_check_and_advance_wb_err+0x30/0x30 [ 308.076890][ T7400] ? _raw_spin_lock_irq+0xab/0xe0 [ 308.081924][ T7400] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 308.087304][ T7400] filemap_remove_folio+0xed/0x2c0 [ 308.092429][ T7400] truncate_inode_folio+0x59/0x70 [ 308.097495][ T7400] shmem_undo_range+0x4d2/0x2050 [ 308.102449][ T7400] ? shmem_truncate_range+0xb0/0xb0 [ 308.107661][ T7400] ? do_raw_spin_lock+0x11d/0x280 [ 308.112691][ T7400] ? __rwlock_init+0x140/0x140 [ 308.117461][ T7400] shmem_evict_inode+0x248/0xa40 [ 308.122413][ T7400] ? _raw_spin_unlock+0x24/0x40 [ 308.127266][ T7400] ? inode_wait_for_writeback+0x1b0/0x200 [ 308.133034][ T7400] ? shmem_free_in_core_inode+0xb0/0xb0 [ 308.138591][ T7400] ? do_raw_spin_lock+0x11d/0x280 [ 308.143621][ T7400] ? bit_waitqueue+0x30/0x30 [ 308.148214][ T7400] ? do_raw_spin_unlock+0x11d/0x230 [ 308.153424][ T7400] ? shmem_free_in_core_inode+0xb0/0xb0 [ 308.158984][ T7400] evict+0x485/0x870 [ 308.162886][ T7400] ? __lock_acquire+0x7c50/0x7c50 [ 308.167933][ T7400] ? proc_nr_inodes+0x2f0/0x2f0 [ 308.172790][ T7400] ? do_raw_spin_unlock+0x11d/0x230 [ 308.177995][ T7400] ? _raw_spin_unlock+0x24/0x40 [ 308.182853][ T7400] ? iput+0x768/0x980 [ 308.186837][ T7400] __dentry_kill+0x431/0x650 [ 308.191428][ T7400] dentry_kill+0xb8/0x290 [ 308.195771][ T7400] ? dput+0x37/0x1d0 [ 308.199662][ T7400] dput+0xfa/0x1d0 [ 308.203383][ T7400] __fput+0x5e0/0x920 [ 308.207426][ T7400] task_work_run+0x1ca/0x250 [ 308.212017][ T7400] ? task_work_cancel+0x230/0x230 [ 308.217037][ T7400] ? __close_range+0x1c5/0x730 [ 308.221804][ T7400] ? exit_to_user_mode_loop+0x3b/0x110 [ 308.227288][ T7400] exit_to_user_mode_loop+0xe6/0x110 [ 308.232598][ T7400] exit_to_user_mode_prepare+0xb1/0x140 [ 308.238168][ T7400] syscall_exit_to_user_mode+0x16/0x40 [ 308.243636][ T7400] do_syscall_64+0x58/0xa0 [ 308.248060][ T7400] ? clear_bhb_loop+0x60/0xb0 [ 308.252746][ T7400] ? clear_bhb_loop+0x60/0xb0 [ 308.257452][ T7400] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 308.263366][ T7400] RIP: 0033:0x7f5ce8d8e929 [ 308.267787][ T7400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.287404][ T7400] RSP: 002b:00007ffd6fc8dd48 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 308.295995][ T7400] RAX: 0000000000000000 RBX: 000000000004b199 RCX: 00007f5ce8d8e929 [ 308.303967][ T7400] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 308.311933][ T7400] RBP: 00007f5ce8fb7ba0 R08: 0000000000000001 R09: 000000086fc8e03f [ 308.319901][ T7400] R10: 00007f5ce8a00000 R11: 0000000000000246 R12: 00007f5ce8fb5fac [ 308.327867][ T7400] R13: 00007f5ce8fb5fa0 R14: ffffffffffffffff R15: 00007ffd6fc8de60 [ 308.335860][ T7400] [ 308.338897][ T7400] Modules linked in: [ 308.342803][ T7400] ---[ end trace 0000000000000000 ]--- [ 308.348253][ T7400] RIP: 0010:filemap_unaccount_folio+0x5cf/0xa80 [ 308.354506][ T7400] Code: 07 38 c1 0f 8c 19 fe ff ff 4c 89 e7 e8 4a 71 27 00 e9 0c fe ff ff e8 b0 f8 d5 ff 48 89 df 48 c7 c6 60 0d 75 8a e8 a1 e1 11 00 <0f> 0b e8 9a f8 d5 ff 48 89 df 48 c7 c6 c0 12 75 8a e8 8b e1 11 00 [ 308.374114][ T7400] RSP: 0018:ffffc90003d1f618 EFLAGS: 00010046 [ 308.380198][ T7400] RAX: d922b241ddb25c00 RBX: ffffea00014d7600 RCX: d922b241ddb25c00 [ 308.388287][ T7400] RDX: 0000000000000002 RSI: ffffffff8a6c1160 RDI: ffffffff8abf1360 [ 308.396262][ T7400] RBP: ffffc90003d1f778 R08: dffffc0000000000 R09: fffffbfff1bfd0b6 [ 308.404233][ T7400] R10: fffffbfff1bfd0b6 R11: 1ffffffff1bfd0b5 R12: dffffc0000000000 [ 308.412229][ T7400] R13: dffffc0000000000 R14: ffff88807b701658 R15: ffff88807b701660 [ 308.420206][ T7400] FS: 0000555594dfa500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 308.429138][ T7400] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 308.435816][ T7400] CR2: 0000200000000140 CR3: 000000002f3b4000 CR4: 00000000003506e0 [ 308.443808][ T7400] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 308.451782][ T7400] DR3: 0000000000008000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 308.459782][ T7400] Kernel panic - not syncing: Fatal exception [ 308.466108][ T7400] Kernel Offset: disabled [ 308.470441][ T7400] Rebooting in 86400 seconds..