last executing test programs: 5.697786803s ago: executing program 2 (id=2798): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) fchown(r0, 0x0, r1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xe, &(0x7f0000002180)={0x1, &(0x7f0000002140)=[{0x7f, 0x1, 0x3, 0x7}]}) r2 = dup(r0) lsetxattr$security_evm(0x0, 0x0, &(0x7f0000003400)=@ng={0x4, 0xd}, 0x2, 0x2) finit_module(r2, &(0x7f0000003600)='\x00', 0x1) 5.603599228s ago: executing program 2 (id=2801): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x0, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast2, @in6=@private2, 0x0, 0x0, 0x4e21, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd, 0x0, 0x401, 0x100000000000}, {}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7, 0xfffffffe}}, 0xe8) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) 4.796438952s ago: executing program 2 (id=2815): syz_open_dev$usbmon(&(0x7f0000000040), 0x3, 0x4000) 4.735685205s ago: executing program 2 (id=2816): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000002100)=@setlink={0x28, 0x13, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, 0x1020, 0x20409}, [@IFLA_TARGET_NETNSID={0x8, 0x2e, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x24004000}, 0x8884) 4.735476185s ago: executing program 2 (id=2818): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x48) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0xffffffff}, 0x1c) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="12000000050000000800000008"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r4, &(0x7f0000000240), &(0x7f00000000c0)=@udp6=r3}, 0x20) sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) read$eventfd(r3, &(0x7f0000000040), 0x8) 3.68821212s ago: executing program 0 (id=2830): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000480)="a6e2976b5c43", 0x6, 0x840, 0x0, 0x0) sendto$inet6(r0, &(0x7f00000002c0)="e8", 0xfffffffffffffd79, 0x2000c850, 0x0, 0x4d) 3.615683514s ago: executing program 0 (id=2832): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) read$FUSE(r0, &(0x7f0000001580)={0x2020}, 0x2020) 3.615069484s ago: executing program 0 (id=2834): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000)) 3.540691557s ago: executing program 0 (id=2838): syz_usb_connect(0x5, 0x6b, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000385352608f20446b76e8e01020301090259000104e9000909049300000e0100ff0a2401020005028a01020924"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0}) 3.279510058s ago: executing program 2 (id=2843): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0x5420, 0x0) 1.894481168s ago: executing program 4 (id=2864): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000002c0)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)='o', 0x1}], 0x1}}], 0x1, 0x2400c040) 1.823523981s ago: executing program 4 (id=2866): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = syz_open_procfs(0x0, &(0x7f0000000cc0)='net/netlink\x00') read$FUSE(r2, &(0x7f00000027c0)={0x2020}, 0x2038) lseek(r2, 0x5, 0x1) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x12, 0x5, &(0x7f0000000040)=@framed={{0x45, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x18}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) 1.485223196s ago: executing program 1 (id=2872): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0) 1.063556014s ago: executing program 1 (id=2873): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {0x4, 0x8001}, {}, {0x1, 0xf}}, [@filter_kind_options=@f_u32={{0x8}, {0x2}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2006c805}, 0x20040054) 911.3117ms ago: executing program 1 (id=2874): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x28, r1, 0x1, 0x0, 0x1, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x41}]}]}, 0x28}}, 0x0) 831.375204ms ago: executing program 4 (id=2875): syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x28}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8837f2", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x88ff, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}}}}}}}, 0x0) 771.600057ms ago: executing program 4 (id=2876): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x48) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0xffffffff}, 0x1c) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="12000000050000000800000008"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r2, &(0x7f0000000240), &(0x7f00000000c0)=@udp6=r1}, 0x20) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) read$eventfd(r1, &(0x7f0000000040), 0x8) 711.217459ms ago: executing program 4 (id=2877): syz_usb_connect(0x0, 0x5a, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800010000000009046900000e010000084101d0"], 0x0) 686.00168ms ago: executing program 1 (id=2878): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0xffffff1f, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0x821, 0x5}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @remote}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8041}, 0x0) 634.794703ms ago: executing program 3 (id=2879): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000040)="c7"}) 633.464993ms ago: executing program 1 (id=2880): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x9}, 0x18) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x810, &(0x7f0000000000)={[{@errors_remount}, {@grpquota}]}, 0x8, 0x4fe, &(0x7f0000000a40)="$eJzs3c9vG1kdAPDvTOImm3U3XdgDIGDLslDQqs6P7kYrONC9gNBqJcSKE4duSNwoil1HcVKa0ENy5I5EJU7wJ3DjgNQTB27c4MalHJAqqEANUg9GM54mJoljs03iJv58pPHMe+P4+57t957nJc4LYGhdjYjtiLgUEZ9ExGSRnxRb3Gxv2f2ePrm/sPvk/kISrdbH/0jy81ledPxM5tXiMccj4offi/hJcjhuc3NrZb5Wq64V6an1+upUc3Pr+nJa5MzOzcxNv3/jvdkTq+ub9d8+/u7yhz/6/e++9OhP29/8WVas8s8v5+c663GS2lUvRbkjbzQiPjyNYAMyWrx/OH+y1vaZiHgrb/+TMZK/mv05olkDAOdAqzUZrcnONABw0WXX/+VI0koxF1CONK1U2nN4b8REWms019+ZbGzcWYx8DutKlNLby7XqdDFXeCVKSZaeyY/307MH0jci4vWI+MXYK3m6stCoLQ7ygw8ADLFXD4z//x5rj/8AwAU3PugCAABnzvgPAMPH+A8Aw+f/GP/7/3YgAPBSc/0PAMPH+A8Aw6fn+L9zNuUAAM7EDz76KNtau8X/v168u7nx7fLd64vV5kqlvrFQWWisrVaWGo2lWrWy0Gr1erxao7E68+5esrm5dave2Lizfmu5Pr9UvVUtnXJ9AIDeXn/z4V+SiNj+1iv5Fh1rORir4WJLB10AYGBGBl0AYGB8nweGVx/X+KYB4ILrtZZn1z8RemDxVzivrn3e/D8MK/P/MLw+3fz/d068HMDZM/8Pw6vVSqz5DwBDxhw/8EK//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAhVc63JK3ka4FvZ7dppRJxOSKuRCm5vVyrTkfEaxHx57HSWJaeGXShAYAXlP49Kdb/ujb5dvng2UvJf8byfUT89Fcf//Le/Pr62kyW/8+9/PUHRf7spUFUAADodPNwVnucLvYdF/JPn9xfeL6dZREff9BeXDSLu1ts7TOjMZrvx6MUERP/Sop0W/Z5ZeQE4m/vRMTn9ut/ryNCOZ8Daa98ejB+FvvyKcTff/4Pxk//J36an8v2pfy5+OwJlAWGzcMP2v1k0fayJla0vzSu5vuj2/943kO9uOf93+6h/i/d6/9GDsVP8jZ/dS99fEkev/uH7x/KbE22z+1EfGH0qPjJXvykS//7dp91/OsXv/xWt3OtX0dci6Pjt9XzbnZqvb461dzcur5cn1+qLlXvzM7OzcxNv3/jvdmpfI66ffvHAw//rFjm/rWuz81OxESX+OM96v+1Puv/m2ef/Pgrx8T/xlePfv3fOCZ+NiZ+vc/48xM3uy7fncVf7FL/Xq//O33Gf/S3rcU+7woAnIHm5tbKfK1WXetxkH3W7HUfB+fzILYjXoJi9DpIi7fsy1KeC35wTKeRnlHnBJyq/UY/6JIAAAAAAAAAAAAAAADdNDe3VsbidL9ONOg6AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9NwAA//8tM9Id") r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x40086602, &(0x7f0000000080)={@id={0x2, 0x0, @d}}) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x40086602, &(0x7f0000000080)={@desc={0x84c00, 0x0, @desc2}}) 575.651485ms ago: executing program 3 (id=2881): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000300)='./file0/file0\x00', 0x2008002, &(0x7f0000000100)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1000}}, {@nodiscard}, {@dax_always}]}, 0x1, 0x558, &(0x7f0000000680)="$eJzs3c9vI1cdAPDvTH52d9vsQg9QAbtAYUGrtTfedlX10nIBoaoSouKAOGxD4o3C2nGIndKESKR/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACbZA4GM14kriJw5rEsdn485Fm58ebme979s6852dnXgBj60ZE7ETEdES8GRFzxfakmOLVzpTt92h3e3Fvd3sxiXb7jb8leXq2LbqOyVwuzjkbEV/9UsQ3k+Nxm5tbDxdqtep6sV5u1dfKzc2t2yv1heXqcnW1Urk3f+/OS3dfrAysrNfrP3v/iyuvfe2Xv/j4e7/Z+fx3s2xdKdK6yzFInaJPHcTJTEbEa+cRbAQmivn0iPPB6aQR8aGI+FR+/c/FRP6/EwC4yNrtuWjPda8DABddmveBJWkpItK0aASUOn14z8altNZotm49aGysLnX6yq7GVPpgpVa9c23md9/Od55KsvX5PC1Pz9crR9bvRsS1iPjBzFP5emmxUVsaTZMHAMbe5e76PyL+OZOmpVJfh/b4Vg8AeGLMjjoDAMDQqf8BYPyo/wFg/PRR/xdf9u+ce14AgOHw+R8Axo/6HwDGj/ofAMbKV15/PZvae8Xzr5fe2tx42Hjr9lK1+bBU31gsLTbW10rLjcZy/sye+uPOV2s01uZfiI23y61qs1Vubm7drzc2Vlv38+d6369ODaVUAMB/c+36u79NImLn5afyKbrGclBXw8WWDnAv4MkycZaDNRDgiWa0LxhffVXheSPh1+eeF2A0ej7Me7bn4gf96H8I4ndG8H/l5kf77/83xjNcLHr2YXydrv//lYHnAxi+U/f//2Gw+QCGr91Ojo75P32QBABcSGf4CV/7e4NqhAAj9bjBvAfy/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcMFci4luRpKV8LPA0+zctlSKejoirMZU8WKlV70TEM3E9IqZmsvX5UWcaADij9C9JMf7XzbnnrxxNnU7+NZPPI+I7P37jh28vtFrr89n2vx9sn9kfPqxyeNwZxhUEAPr3p352yuvvSjHv+iD/aHd7cX86xzwe8/4XDgYfXdzb3c6nTspktNvtdsRs3pa49I8kJotjZiPiuYiYGED8nXci4iO9yp/kfSNXi5FPu+NHEfvpocZPPxA/zdM68+zl+/AA8gLj5t3s/vNqr+svjRv5vPf1P5vfoc4uv//NRuzf+/a64k8WkSZ6xM+u+Rv9xnjhV18+trE910l7J+K5yV7xk4P4yQnxn+8z/u8/9onvv3JCWvsnETejd/zuWOVWfa3c3Ny6vVJfWK4uV1crlXvz9+68dPfFSjnvoy7v91Qf99eXbz1zUt6y8l86IX7nnb98pPzTB8d+ps/y//Tfb37jk4erM0fjf+7Tvd//Z/N579c/qxM/22f8hUs/P3H47iz+0gnlf9z7f6vP+O/9eWupz10BgCFobm49XKjVqutnWsg+hQ7iPMcWsiz2t/N+c/FsQf8Y+cLhy5JEEoMuV9YY62fnqfN6Vc99YfKgrTjYM389O+OQi5MOvBSnWYirxcKjYQUd3T0JGI7Di37UOQEAAAAAAAAAAAAAAE4yjL9hGnUZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+EwAA//8GP8IF") 552.847176ms ago: executing program 3 (id=2882): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0xcb}, 0x2d, 0xfffffffffffffff9) r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$unlink(0x9, r0, r0) 537.997347ms ago: executing program 3 (id=2883): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {0x4, 0x8001}, {}, {0x1, 0xf}}, [@filter_kind_options=@f_u32={{0x8}, {0x2}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2006c805}, 0x20040054) 499.830718ms ago: executing program 1 (id=2884): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = syz_open_procfs(0x0, &(0x7f0000000cc0)='net/netlink\x00') read$FUSE(r3, &(0x7f00000027c0)={0x2020}, 0x2038) lseek(r3, 0x5, 0x1) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x12, 0x5, &(0x7f0000000040)=@framed={{0x45, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x18}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) 228.29822ms ago: executing program 3 (id=2885): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x8, 0x4, 0x4, 0x5e, 0x0, 0xffffffffffffffff, 0x6}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f0800", 0x0, 0xe8a2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 135.656894ms ago: executing program 0 (id=2886): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x48) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0xffffffff}, 0x1c) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="12000000050000000800000008"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r2, &(0x7f0000000240), &(0x7f00000000c0)=@udp6=r1}, 0x20) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) read$eventfd(r1, &(0x7f0000000040), 0x8) 112.495555ms ago: executing program 4 (id=2887): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$packet(0x11, 0xa, 0x300) socket$kcm(0x2, 0xa, 0x73) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x18, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r2}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 28.333909ms ago: executing program 3 (id=2888): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1e, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000007c0)={[{@nodioread_nolock}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x3}}]}, 0x1, 0x46f, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==") 0s ago: executing program 0 (id=2889): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) lseek(0xffffffffffffffff, 0x0, 0x4) timer_settime(r1, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) splice(r6, 0x0, r5, 0x0, 0x100000000001, 0x0) fcntl$setstatus(r4, 0x4, 0x2c00) kernel console output (not intermixed with test programs): 665753][ T4500] virt_wifi0 speed is unknown, defaulting to 1000 [ 38.701408][ T4507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 38.702827][ T4507] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 38.793648][ T22] usb 1-1: Using ep0 maxpacket: 16 [ 39.085803][ T22] usb 1-1: config 0 has no interfaces? [ 39.088908][ T22] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 39.090518][ T22] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 39.091885][ T22] usb 1-1: Product: syz [ 39.092554][ T22] usb 1-1: Manufacturer: syz [ 39.093408][ T22] usb 1-1: SerialNumber: syz [ 39.096451][ T22] r8152-cfgselector 1-1: config 0 descriptor?? [ 39.531867][ T4488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 39.584805][ T4488] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 39.720078][ T4524] netlink: 8 bytes leftover after parsing attributes in process `syz.3.22'. [ 39.935178][ T22] r8152-cfgselector 1-1: Unknown version 0x0000 [ 40.523943][ T4541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 40.529655][ T4541] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 40.813638][ T4337] Bluetooth: hci3: command 0x0419 tx timeout [ 40.813657][ T4331] Bluetooth: hci1: command 0x0419 tx timeout [ 40.816105][ T4338] Bluetooth: hci2: command 0x0419 tx timeout [ 40.816441][ T4337] Bluetooth: hci0: command 0x0419 tx timeout [ 40.817035][ T4338] Bluetooth: hci4: command 0x0419 tx timeout [ 41.189166][ T22] r8152-cfgselector 1-1: USB disconnect, device number 2 [ 42.807879][ T4594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 42.810048][ T4594] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 43.366064][ T4610] netlink: 8 bytes leftover after parsing attributes in process `syz.4.48'. [ 43.368478][ T4610] Zero length message leads to an empty skb [ 44.345097][ T78] block nbd2: Attempted send on invalid socket [ 44.346232][ T78] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 44.349037][ T4631] hpfs: hpfs_map_sector(): read error [ 45.100714][ T27] audit: type=1326 audit(45.090:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.2.64" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa455b9e8 code=0x7ffc0000 [ 45.105620][ T27] audit: type=1326 audit(45.090:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.2.64" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa455b9e8 code=0x7ffc0000 [ 45.109696][ T27] audit: type=1326 audit(45.100:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.2.64" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa455b9e8 code=0x7ffc0000 [ 45.113288][ T27] audit: type=1326 audit(45.100:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.2.64" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa455b9e8 code=0x7ffc0000 [ 45.116743][ T27] audit: type=1326 audit(45.100:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.2.64" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa455b9e8 code=0x7ffc0000 [ 45.120267][ T27] audit: type=1326 audit(45.100:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.2.64" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa455b9e8 code=0x7ffc0000 [ 45.124176][ T27] audit: type=1326 audit(45.100:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.2.64" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa455b9e8 code=0x7ffc0000 [ 45.128315][ T27] audit: type=1326 audit(45.100:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.2.64" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa455b9e8 code=0x7ffc0000 [ 45.131984][ T27] audit: type=1326 audit(45.100:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.2.64" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa455b9e8 code=0x7ffc0000 [ 45.135505][ T27] audit: type=1326 audit(45.100:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.2.64" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa455b9e8 code=0x7ffc0000 [ 46.448858][ T4681] loop0: detected capacity change from 0 to 1024 [ 46.454150][ T4681] ext4: Unknown parameter 'subj_role' [ 47.269116][ T4687] binder: 4685:4687 tried to acquire reference to desc 0, got 1 instead [ 47.277577][ T4687] binder: 4685:4687 ioctl c0306201 0 returned -14 [ 47.300148][ T4687] binder: 4685:4687 got reply transaction with no transaction stack [ 47.301562][ T4687] binder: 4685:4687 transaction reply to 0:0 failed 6/29201/-71, size 0-0 line 2946 [ 47.349038][ T1516] binder: undelivered TRANSACTION_ERROR: 29201 [ 47.350376][ T1516] binder: send failed reply for transaction 5 to 4685:4687 [ 47.351613][ T1516] binder: undelivered TRANSACTION_COMPLETE [ 47.352479][ T1516] binder: undelivered TRANSACTION_ERROR: 29189 [ 48.267281][ T4718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.271882][ T4718] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.277428][ T4718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.283355][ T4718] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.872276][ T4727] binder: 4726:4727 tried to acquire reference to desc 0, got 1 instead [ 48.874910][ T4727] binder: 4726:4727 ioctl c0306201 0 returned -14 [ 48.876144][ T4727] binder: 4726:4727 got reply transaction with no transaction stack [ 48.879987][ T4727] binder: 4726:4727 transaction reply to 0:0 failed 12/29201/-71, size 0-0 line 2946 [ 48.950627][ T7] binder: release 4726:4727 transaction 11 out, still active [ 48.952049][ T7] binder: undelivered TRANSACTION_COMPLETE [ 48.953168][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 48.954118][ T7] binder: send failed reply for transaction 11, target dead [ 49.457017][ T4740] loop0: detected capacity change from 0 to 1024 [ 49.460012][ T4740] ext4: Unknown parameter 'subj_role' [ 51.345647][ T4769] binder: 4768:4769 tried to acquire reference to desc 0, got 1 instead [ 51.351279][ T4769] binder: 4768:4769 got reply transaction with no transaction stack [ 52.265553][ T51] block nbd1: Attempted send on invalid socket [ 52.266607][ T51] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 52.270404][ T4783] hpfs: hpfs_map_sector(): read error [ 52.287265][ T4786] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 52.296460][ T4786] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 52.337931][ T4791] device syzkaller0 entered promiscuous mode [ 52.417341][ T4799] binder: 4798:4799 tried to acquire reference to desc 0, got 1 instead [ 52.419877][ T4799] binder: 4798:4799 got reply transaction with no transaction stack [ 52.421107][ T4799] binder_debug: 5 callbacks suppressed [ 52.421112][ T4799] binder: 4798:4799 transaction reply to 0:0 failed 24/29201/-71, size 0-0 line 2946 [ 52.431113][ T4369] binder: release 4798:4799 transaction 23 out, still active [ 52.432303][ T4369] binder: undelivered TRANSACTION_COMPLETE [ 52.433275][ T4369] binder: undelivered TRANSACTION_ERROR: 29201 [ 52.434293][ T4369] binder: send failed reply for transaction 23, target dead [ 53.240740][ T4817] usb usb8: usbfs: process 4817 (syz.3.118) did not claim interface 0 before use [ 53.363558][ T51] block nbd0: Attempted send on invalid socket [ 53.364574][ T51] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 53.366112][ T4825] hpfs: hpfs_map_sector(): read error [ 53.751762][ T4836] binder: 4835:4836 tried to acquire reference to desc 0, got 1 instead [ 53.756548][ T4836] binder: 4835:4836 got reply transaction with no transaction stack [ 53.759376][ T4836] binder: 4835:4836 transaction reply to 0:0 failed 30/29201/-71, size 0-0 line 2946 [ 53.768400][ T1516] binder: release 4835:4836 transaction 29 out, still active [ 53.769658][ T1516] binder: undelivered TRANSACTION_COMPLETE [ 53.770760][ T1516] binder: undelivered TRANSACTION_ERROR: 29201 [ 53.771901][ T1516] binder: send failed reply for transaction 29, target dead [ 53.788185][ T4838] device syzkaller0 entered promiscuous mode [ 54.847289][ T51] block nbd1: Attempted send on invalid socket [ 54.849392][ T51] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 54.851997][ T4860] hpfs: hpfs_map_sector(): read error [ 55.264903][ T4869] binder: BINDER_SET_CONTEXT_MGR already set [ 55.266736][ T4869] binder: 4868:4869 ioctl 4018620d 20004a80 returned -16 [ 55.300643][ T4869] binder: tried to use weak ref as strong ref [ 55.304122][ T4869] binder: 4868:4869 Acquire 1 refcount change on invalid ref 0 ret -22 [ 55.310718][ T4869] binder: 4868:4869 got transaction to invalid handle, 1 [ 55.314274][ T4869] binder: 4868:4869 got reply transaction with no transaction stack [ 55.854721][ T4889] syz.0.142 uses obsolete (PF_INET,SOCK_PACKET) [ 56.517145][ T4908] binder: 4907:4908 tried to acquire reference to desc 0, got 1 instead [ 56.810770][ T4908] binder: 4907:4908 got reply transaction with no transaction stack [ 56.859405][ T4914] device syzkaller0 entered promiscuous mode [ 59.066872][ T4963] binder: 4962:4963 tried to acquire reference to desc 0, got 1 instead [ 59.075892][ T4963] binder: 4962:4963 got reply transaction with no transaction stack [ 59.080428][ T4963] binder_debug: 10 callbacks suppressed [ 59.080442][ T4963] binder: 4962:4963 transaction reply to 0:0 failed 46/29201/-71, size 0-0 line 2946 [ 59.119692][ T7] binder: release 4962:4963 transaction 45 out, still active [ 59.120981][ T7] binder: undelivered TRANSACTION_COMPLETE [ 59.123153][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 59.124336][ T7] binder: send failed reply for transaction 45, target dead [ 59.209133][ T4966] device syzkaller0 entered promiscuous mode [ 59.216543][ T4969] netlink: 4 bytes leftover after parsing attributes in process `syz.0.167'. [ 59.280288][ T4969] netlink: 4 bytes leftover after parsing attributes in process `syz.0.167'. [ 60.541271][ T4999] binder: 4998:4999 tried to acquire reference to desc 0, got 1 instead [ 60.543714][ T4999] binder: 4998:4999 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 60.545792][ T4999] binder: 4999 RLIMIT_NICE not set [ 60.546733][ T4999] binder: 4998:4999 got reply transaction with no transaction stack [ 60.548091][ T4999] binder: 4998:4999 transaction reply to 0:0 failed 52/29201/-71, size 0-0 line 2946 [ 60.557204][ T4369] binder: release 4998:4999 transaction 51 out, still active [ 60.560709][ T4369] binder: undelivered TRANSACTION_COMPLETE [ 60.563318][ T4369] binder: undelivered TRANSACTION_ERROR: 29201 [ 60.564432][ T4369] binder: send failed reply for transaction 51, target dead [ 60.576853][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 60.576865][ T27] audit: type=1326 audit(60.560:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5000 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 60.581666][ T27] audit: type=1326 audit(60.560:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5000 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 60.584974][ T27] audit: type=1326 audit(60.570:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5000 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=210 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 60.588318][ T27] audit: type=1326 audit(60.570:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5000 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 60.592181][ T27] audit: type=1326 audit(60.570:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5000 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 60.682374][ T5012] netlink: 48 bytes leftover after parsing attributes in process `syz.1.182'. [ 60.937907][ T1516] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 61.287715][ T1516] usb 1-1: Using ep0 maxpacket: 32 [ 61.290872][ T1516] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.292660][ T1516] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.294170][ T1516] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 61.295648][ T1516] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.303808][ T5023] ALSA: mixer_oss: invalid OSS volume '' [ 61.309801][ T1516] usb 1-1: config 0 descriptor?? [ 61.330110][ T1516] hub 1-1:0.0: USB hub found [ 61.522219][ T1516] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 61.531242][ T1516] usbhid 1-1:0.0: can't add hid device: -71 [ 61.532655][ T1516] usbhid: probe of 1-1:0.0 failed with error -71 [ 61.600524][ T1516] usb 1-1: USB disconnect, device number 3 [ 61.640789][ T5029] binder: 5028:5029 tried to acquire reference to desc 0, got 1 instead [ 61.648473][ T5029] binder: 5028:5029 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 61.650595][ T5029] binder: 5029 RLIMIT_NICE not set [ 61.651539][ T5029] binder: 5028:5029 got reply transaction with no transaction stack [ 61.732085][ T5035] netlink: 'syz.1.190': attribute type 12 has an invalid length. [ 61.733505][ T5035] netlink: 'syz.1.190': attribute type 29 has an invalid length. [ 61.734884][ T5035] netlink: 148 bytes leftover after parsing attributes in process `syz.1.190'. [ 61.736660][ T5035] netlink: 'syz.1.190': attribute type 12 has an invalid length. [ 61.741423][ T5035] netlink: 'syz.1.190': attribute type 29 has an invalid length. [ 61.742722][ T5035] netlink: 148 bytes leftover after parsing attributes in process `syz.1.190'. [ 63.372869][ T5075] ALSA: mixer_oss: invalid OSS volume '' [ 63.374557][ T5079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 63.376019][ T5079] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 63.966327][ T5084] netlink: 8 bytes leftover after parsing attributes in process `syz.3.206'. [ 64.062178][ T5086] device syzkaller1 entered promiscuous mode [ 64.422908][ T5100] binder_user_error: 4 callbacks suppressed [ 64.422920][ T5100] binder: 5099:5100 tried to acquire reference to desc 0, got 1 instead [ 64.427081][ T5100] binder: 5099:5100 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 64.429926][ T5100] binder: 5100 RLIMIT_NICE not set [ 64.430856][ T5100] binder: 5099:5100 got reply transaction with no transaction stack [ 64.432053][ T5100] binder_debug: 10 callbacks suppressed [ 64.432066][ T5100] binder: 5099:5100 transaction reply to 0:0 failed 70/29201/-71, size 0-0 line 2946 [ 64.440536][ T4369] binder: release 5099:5100 transaction 69 out, still active [ 64.442356][ T4369] binder: undelivered TRANSACTION_COMPLETE [ 64.443547][ T4369] binder: undelivered TRANSACTION_ERROR: 29201 [ 64.444508][ T4369] binder: send failed reply for transaction 69, target dead [ 64.489081][ T2063] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.492563][ T2063] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.501291][ T24] cfg80211: failed to load regulatory.db [ 65.460974][ T5114] ALSA: mixer_oss: invalid OSS volume '' [ 66.312180][ T5139] binder: 5138:5139 tried to acquire reference to desc 0, got 1 instead [ 66.317347][ T5139] binder: 5138:5139 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 66.327728][ T5139] binder: 5139 RLIMIT_NICE not set [ 66.329213][ T5139] binder: 5138:5139 got reply transaction with no transaction stack [ 66.330482][ T5139] binder: 5138:5139 transaction reply to 0:0 failed 76/29201/-71, size 0-0 line 2946 [ 66.359609][ T112] binder: release 5138:5139 transaction 75 out, still active [ 66.360819][ T112] binder: undelivered TRANSACTION_COMPLETE [ 66.361823][ T112] binder: undelivered TRANSACTION_ERROR: 29201 [ 66.362766][ T112] binder: send failed reply for transaction 75, target dead [ 66.677685][ T112] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 67.177674][ T112] usb 1-1: Using ep0 maxpacket: 32 [ 67.179975][ T112] usb 1-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 67.181358][ T112] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.184815][ T112] usb 1-1: config 0 descriptor?? [ 67.199310][ T112] usb 1-1: selecting invalid altsetting 3 [ 67.200298][ T112] comedi comedi1: could not set alternate setting 3 in high speed [ 67.201448][ T112] usbduxsigma 1-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 67.204400][ T112] usbduxsigma: probe of 1-1:0.0 failed with error -22 [ 67.392240][ T24] usb 1-1: USB disconnect, device number 4 [ 68.137726][ T5160] ALSA: mixer_oss: invalid OSS volume '' [ 68.355823][ T5181] binder: 5179:5181 tried to acquire reference to desc 0, got 1 instead [ 68.370033][ T5181] binder: 5179:5181 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 68.927922][ T5196] loop4: detected capacity change from 0 to 1024 [ 68.929946][ T5196] ext4: Unknown parameter 'subj_role' [ 70.488452][ T4481] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 71.354837][ T5225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.356550][ T5225] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.546113][ T5241] ALSA: mixer_oss: invalid OSS volume 'f_total_size:' [ 71.547372][ T5241] ALSA: mixer_oss: invalid OSS volume 'No' [ 72.124236][ T5221] ALSA: mixer_oss: invalid OSS volume '' [ 72.414949][ T5258] loop0: detected capacity change from 0 to 1024 [ 72.418492][ T5258] ext4: Unknown parameter 'subj_role' [ 73.408394][ T4481] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 73.526940][ T5269] device syzkaller0 entered promiscuous mode [ 74.445993][ T78] block nbd3: Attempted send on invalid socket [ 74.447231][ T78] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 74.448992][ T5290] hpfs: hpfs_map_sector(): read error [ 74.729054][ T24] hid-generic 0005:16C2:5505.0001: unknown main item tag 0x0 [ 74.730420][ T24] hid-generic 0005:16C2:5505.0001: item fetching failed at offset 4/6 [ 74.733089][ T24] hid-generic: probe of 0005:16C2:5505.0001 failed with error -22 [ 77.140635][ T5311] loop1: detected capacity change from 0 to 1024 [ 77.142207][ T5311] ext4: Unknown parameter 'subj_role' [ 78.053311][ T4481] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 78.130757][ T5333] ALSA: mixer_oss: invalid OSS volume 'f_total_size:' [ 78.131968][ T5333] ALSA: mixer_oss: invalid OSS volume 'No' [ 78.162384][ T5338] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 78.163771][ T5338] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 78.985852][ T5357] capability: warning: `syz.2.285' uses 32-bit capabilities (legacy support in use) [ 79.092752][ T5369] ALSA: mixer_oss: invalid OSS volume 'f_total_size:' [ 79.093964][ T5369] ALSA: mixer_oss: invalid OSS volume 'No' [ 79.122004][ T4338] Bluetooth: hci3: unexpected subevent 0x03 length: 5 < 9 [ 79.518005][ T5373] binder_user_error: 2 callbacks suppressed [ 79.518020][ T5373] binder: 5367:5373 got transaction to invalid handle, 1 [ 79.520106][ T5373] binder_debug: 5 callbacks suppressed [ 79.520114][ T5373] binder: 5373:5367 cannot find target node [ 79.521782][ T5373] binder: 5367:5373 transaction call to 0:0 failed 83/29201/-22, size 0-0 line 3045 [ 81.005901][ T5406] ALSA: mixer_oss: invalid OSS volume 'f_total_size:' [ 81.007809][ T5406] ALSA: mixer_oss: invalid OSS volume 'No' [ 81.232700][ T5412] binder: 5408:5412 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 81.234782][ T5412] binder: 5412 RLIMIT_NICE not set [ 82.277820][ T22] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 82.532892][ T22] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 82.534391][ T22] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 82.535999][ T22] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 82.540948][ T22] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 82.543003][ T22] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 82.546562][ T22] usb 1-1: Product: syz [ 82.546932][ T5461] loop2: detected capacity change from 0 to 7 [ 82.547244][ T22] usb 1-1: Manufacturer: syz [ 82.552403][ T4481] Dev loop2: unable to read RDB block 7 [ 82.553339][ T4481] loop2: unable to read partition table [ 82.554307][ T4481] loop2: partition table beyond EOD, truncated [ 82.557301][ T5461] Dev loop2: unable to read RDB block 7 [ 82.558608][ T5461] loop2: unable to read partition table [ 82.559726][ T5461] loop2: partition table beyond EOD, truncated [ 82.561076][ T5461] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 83.056484][ T24] usb 1-1: USB disconnect, device number 5 [ 84.211976][ T5544] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 84.213486][ T5544] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 85.146502][ T5579] netlink: 24 bytes leftover after parsing attributes in process `syz.4.337'. [ 85.333778][ T5594] netlink: 4 bytes leftover after parsing attributes in process `syz.3.341'. [ 85.335359][ T5594] device bridge_slave_1 left promiscuous mode [ 85.337030][ T5594] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.566149][ T5598] loop2: detected capacity change from 0 to 1024 [ 85.570483][ T5598] ext4: Unknown parameter 'subj_role' [ 86.476095][ T5594] device bridge_slave_0 left promiscuous mode [ 86.482537][ T5594] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.532517][ T4481] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 86.548305][ T5606] capability: warning: `syz.1.345' uses deprecated v2 capabilities in a way that may be insecure [ 87.381688][ T5632] input: syz0 as /devices/virtual/input/input2 [ 87.676710][ T5635] binder: 5634:5635 tried to acquire reference to desc 0, got 1 instead [ 87.698650][ T5635] binder: 5634:5635 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 87.700874][ T5635] binder: 5635 RLIMIT_NICE not set [ 87.702520][ T5635] binder: 5634:5635 got reply transaction with no transaction stack [ 87.703883][ T5635] binder: 5634:5635 transaction reply to 0:0 failed 89/29201/-71, size 0-0 line 2946 [ 88.363430][ T5649] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 88.522866][ T4435] binder: release 5634:5635 transaction 88 out, still active [ 88.524085][ T4435] binder: undelivered TRANSACTION_COMPLETE [ 88.525467][ T4435] binder: undelivered TRANSACTION_ERROR: 29201 [ 88.526512][ T4435] binder: send failed reply for transaction 88, target dead [ 88.736601][ T5662] loop3: detected capacity change from 0 to 1024 [ 88.738822][ T5662] ext4: Unknown parameter 'subj_role' [ 89.725591][ T4481] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 89.741209][ T5666] tipc: Started in network mode [ 89.742311][ T5666] tipc: Node identity 000000003a0000000000000000000001, cluster identity 4711 [ 89.755941][ T5666] tipc: Enabling of bearer rejected, failed to enable media [ 90.933578][ T5700] Bluetooth: MGMT ver 1.22 [ 91.034566][ T5708] tipc: Enabling of bearer rejected, failed to enable media [ 91.036439][ T5708] device syzkaller0 entered promiscuous mode [ 91.077781][ T4390] usb 1-1: new low-speed USB device number 6 using dummy_hcd [ 91.131255][ T5712] overlayfs: overlapping lowerdir path [ 92.281373][ T5730] loop4: detected capacity change from 0 to 1024 [ 92.284818][ T5730] ext4: Unknown parameter 'subj_role' [ 93.037720][ T27] audit: type=1326 audit(91.900:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5720 comm="syz.3.385" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 93.040993][ T27] audit: type=1326 audit(91.900:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5720 comm="syz.3.385" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 93.052526][ T27] audit: type=1326 audit(91.910:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5720 comm="syz.3.385" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=91 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 93.137633][ C0] sched: RT throttling activated [ 93.142897][ T27] audit: type=1326 audit(91.910:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5720 comm="syz.3.385" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 93.143871][ T4390] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 93.147784][ T4390] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 93.148263][ T27] audit: type=1326 audit(91.910:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5720 comm="syz.3.385" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 93.149130][ T4390] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 93.157934][ T4390] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 93.159516][ T4390] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 93.160986][ T4390] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 93.162932][ T27] audit: type=1326 audit(91.910:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5720 comm="syz.3.385" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffa7b59dd4 code=0x7ffc0000 [ 93.165962][ T27] audit: type=1326 audit(91.910:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5720 comm="syz.3.385" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=268 compat=0 ip=0xffffa7b5d54c code=0x7ffc0000 [ 93.317611][ T4390] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 93.345216][ T4390] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 93.347948][ T4390] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 93.350054][ T27] audit: type=1326 audit(91.910:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5720 comm="syz.3.385" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 93.663129][ T4481] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 93.671659][ T4390] usb 1-1: string descriptor 0 read error: -22 [ 93.672731][ T4390] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 93.673343][ T27] audit: type=1326 audit(91.910:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5720 comm="syz.3.385" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=268 compat=0 ip=0xffffa7b5d54c code=0x7ffc0000 [ 93.674100][ T4390] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.704350][ T27] audit: type=1326 audit(91.910:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5720 comm="syz.3.385" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffffa7b5a30c code=0x7ffc0000 [ 93.712284][ T4390] adutux 1-1:168.0: interrupt endpoints not found [ 93.744039][ T4390] usb 1-1: USB disconnect, device number 6 [ 95.432784][ T5842] netlink: 4 bytes leftover after parsing attributes in process `syz.0.400'. [ 95.440450][ T5842] netlink: 12 bytes leftover after parsing attributes in process `syz.0.400'. [ 95.686571][ T5873] binder: 5872:5873 tried to acquire reference to desc 0, got 1 instead [ 95.689737][ T5873] binder: 5872:5873 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 95.691757][ T5873] binder: 5873 RLIMIT_NICE not set [ 95.692719][ T5873] binder: 5872:5873 got reply transaction with no transaction stack [ 95.693893][ T5873] binder: 5872:5873 transaction reply to 0:0 failed 95/29201/-71, size 0-0 line 2946 [ 96.225438][ T5895] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 96.517187][ T1516] binder: undelivered TRANSACTION_ERROR: 29201 [ 96.518307][ T1516] binder: send failed reply for transaction 94 to 5872:5873 [ 96.519451][ T1516] binder: undelivered TRANSACTION_COMPLETE [ 96.520369][ T1516] binder: undelivered TRANSACTION_ERROR: 29189 [ 96.541410][ T5901] device syzkaller0 entered promiscuous mode [ 96.618417][ T5903] netlink: 60 bytes leftover after parsing attributes in process `syz.0.417'. [ 97.488468][ T5923] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 97.527556][ T5927] binder: 5924:5927 tried to acquire reference to desc 0, got 1 instead [ 97.538912][ T5927] binder: 5924:5927 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 97.540954][ T5927] binder: 5927 RLIMIT_NICE not set [ 97.541847][ T5927] binder: 5924:5927 got reply transaction with no transaction stack [ 97.543055][ T5927] binder: 5924:5927 transaction reply to 0:0 failed 101/29201/-71, size 0-0 line 2946 [ 98.367977][ T5663] binder: release 5924:5927 transaction 100 out, still active [ 98.369314][ T5663] binder: undelivered TRANSACTION_COMPLETE [ 98.370743][ T5663] binder: undelivered TRANSACTION_ERROR: 29201 [ 98.371949][ T5663] binder: send failed reply for transaction 100, target dead [ 98.562646][ T5955] fuse: Bad value for 'fd' [ 98.884843][ T5961] device syzkaller0 entered promiscuous mode [ 99.746273][ T5979] binder: 5977:5979 tried to acquire reference to desc 0, got 1 instead [ 99.762313][ T5979] binder: 5977:5979 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 99.935964][ T5972] syz.4.444 (5972): drop_caches: 2 [ 100.276953][ T5996] fuse: Bad value for 'fd' [ 100.616563][ T6005] loop2: detected capacity change from 0 to 512 [ 100.641547][ T6005] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.457: inode has both inline data and extents flags [ 100.644557][ T6005] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.457: couldn't read orphan inode 15 (err -117) [ 100.647588][ T6005] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 101.050389][ T4330] EXT4-fs (loop2): unmounting filesystem. [ 101.178258][ T6027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 101.180215][ T6027] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.362180][ T6051] loop2: detected capacity change from 0 to 16 [ 102.390156][ T6051] erofs: (device loop2): mounted with root inode @ nid 36. [ 102.429314][ T6051] syz.2.472: attempt to access beyond end of device [ 102.429314][ T6051] loop2: rw=524288, sector=296, nr_sectors = 32 limit=16 [ 102.431633][ T6051] syz.2.472: attempt to access beyond end of device [ 102.431633][ T6051] loop2: rw=524288, sector=304, nr_sectors = 32 limit=16 [ 103.322958][ T6091] loop4: detected capacity change from 0 to 1024 [ 103.325706][ T6091] ext4: Unknown parameter 'subj_role' [ 104.171869][ T4315] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 104.291747][ T6094] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 104.512232][ T6117] loop4: detected capacity change from 0 to 164 [ 104.520265][ T6117] ISOFS: Unable to identify CD-ROM format. [ 105.256419][ T6130] process 'syz.3.496' launched './file0' with NULL argv: empty string added [ 105.292226][ T6132] loop3: detected capacity change from 0 to 2048 [ 105.319981][ T6134] loop1: detected capacity change from 0 to 4096 [ 105.323800][ T6134] EXT4-fs (loop1): Test dummy encryption mode enabled [ 105.326849][ T6132] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 105.335952][ T6134] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 105.337359][ T6134] System zones: 0-5 [ 105.342411][ T6134] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 105.354713][ T6134] fs-verity: sha512 using implementation "sha512-ce" [ 105.384039][ T4322] EXT4-fs (loop1): unmounting filesystem. [ 105.409751][ T6138] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 105.412493][ T6138] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 704 with error 28 [ 105.414494][ T6138] EXT4-fs (loop3): This should not happen!! Data will be lost [ 105.414494][ T6138] [ 105.415930][ T6138] EXT4-fs (loop3): Total free blocks count 0 [ 105.416760][ T6138] EXT4-fs (loop3): Free/Dirty block details [ 105.417736][ T6138] EXT4-fs (loop3): free_blocks=2415919504 [ 105.418668][ T6138] EXT4-fs (loop3): dirty_blocks=720 [ 105.419449][ T6138] EXT4-fs (loop3): Block reservation details [ 105.420366][ T6138] EXT4-fs (loop3): i_reserved_data_blocks=45 [ 106.143083][ T4473] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 704 with max blocks 2048 with error 28 [ 116.142944][ T6119] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.144217][ T6119] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.494847][ T6119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.509593][ T6119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 116.784577][ T6119] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.785996][ T6119] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.787319][ T6119] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.788923][ T6119] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.019398][ T6140] netlink: 8 bytes leftover after parsing attributes in process `syz.1.500'. [ 117.020845][ T6140] bridge: RTM_NEWNEIGH with invalid ether address [ 117.871242][ T6192] loop1: detected capacity change from 0 to 1024 [ 117.872770][ T6192] EXT4-fs: Ignoring removed bh option [ 117.874920][ T6192] EXT4-fs: Ignoring removed nomblk_io_submit option [ 117.876073][ T6192] ext4: Unknown parameter 'fsname' [ 118.830537][ T6207] netlink: 20 bytes leftover after parsing attributes in process `syz.4.517'. [ 118.891898][ T6226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.893395][ T6226] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.015503][ T6235] loop1: detected capacity change from 0 to 2048 [ 120.244928][ T6235] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 121.117832][ T6263] fuse: Bad value for 'fd' [ 122.161654][ T6278] netlink: 12 bytes leftover after parsing attributes in process `syz.1.530'. [ 122.250933][ T6278] loop1: detected capacity change from 0 to 128 [ 122.587569][ T6291] netlink: 4 bytes leftover after parsing attributes in process `syz.3.542'. [ 122.791921][ T6302] fuse: Bad value for 'fd' [ 123.116027][ T6308] loop0: detected capacity change from 0 to 1764 [ 123.258139][ T6326] loop2: detected capacity change from 0 to 2048 [ 123.262513][ T6326] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 123.354786][ T51] block nbd1: Attempted send on invalid socket [ 123.356041][ T51] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 123.357727][ T6327] hpfs: hpfs_map_sector(): read error [ 123.583048][ T6334] device syzkaller0 entered promiscuous mode [ 124.070548][ T6355] loop0: detected capacity change from 0 to 2048 [ 124.102483][ T6355] UDF-fs: bad mount option "-A00000000000000000000" or missing value [ 124.173037][ T6368] loop1: detected capacity change from 0 to 8 [ 124.190441][ T6369] 9pnet: p9_errstr2errno: server reported unknown error @c00000000000000000000006 [ 124.213640][ T6368] SQUASHFS error: zlib decompression failed, data probably corrupt [ 124.224706][ T6368] SQUASHFS error: Failed to read block 0x633: -5 [ 124.230080][ T6368] SQUASHFS error: Unable to read metadata cache entry [631] [ 124.237559][ T6368] SQUASHFS error: Unable to read inode 0x127 [ 124.296635][ T6379] device syzkaller0 entered promiscuous mode [ 124.361308][ T6152] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 124.612656][ T51] block nbd4: Attempted send on invalid socket [ 124.613876][ T51] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 124.615451][ T6392] hpfs: hpfs_map_sector(): read error [ 124.757073][ T6395] virt_wifi0 speed is unknown, defaulting to 1000 [ 124.873621][ T6411] loop1: detected capacity change from 0 to 256 [ 125.299920][ T6428] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.302790][ T6428] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.392703][ T6437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.394433][ T6437] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.413756][ T6439] tc_dump_action: action bad kind [ 125.660141][ T6446] loop2: detected capacity change from 0 to 2048 [ 125.938101][ T2063] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.939136][ T2063] ieee802154 phy1 wpan1: encryption failed: -22 [ 125.942342][ T6446] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 126.600808][ T51] block nbd3: Attempted send on invalid socket [ 126.601871][ T51] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 126.603328][ T6458] hpfs: hpfs_map_sector(): read error [ 126.834267][ T6461] binder_user_error: 2 callbacks suppressed [ 126.834277][ T6461] binder: 6460 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 126.835364][ T6461] binder: 6460:6461 ioctl c018620c 20000180 returned -22 [ 126.851802][ T6464] netlink: 20 bytes leftover after parsing attributes in process `syz.1.614'. [ 126.853589][ T6464] netlink: 56 bytes leftover after parsing attributes in process `syz.1.614'. [ 127.035329][ T6486] virt_wifi0 speed is unknown, defaulting to 1000 [ 127.129582][ T6494] loop0: detected capacity change from 0 to 8 [ 127.133834][ T6494] SQUASHFS error: Unable to read inode 0x11f [ 127.147148][ T6496] netlink: 12 bytes leftover after parsing attributes in process `syz.2.628'. [ 127.262557][ T6509] 9pnet_fd: Insufficient options for proto=fd [ 127.342126][ T6514] usb usb5: usbfs: process 6514 (syz.2.636) did not claim interface 0 before use [ 127.402918][ T6516] xt_SECMARK: invalid mode: 2 [ 127.728653][ T6522] virt_wifi0 speed is unknown, defaulting to 1000 [ 127.733437][ T6524] loop2: detected capacity change from 0 to 2048 [ 127.738153][ T6524] EXT4-fs: Ignoring removed i_version option [ 127.743412][ T6524] EXT4-fs (loop2): unsupported descriptor size 0 [ 127.840378][ T6533] loop4: detected capacity change from 0 to 1764 [ 127.949324][ T6544] netlink: 72 bytes leftover after parsing attributes in process `syz.4.649'. [ 128.076002][ T78] block nbd2: Attempted send on invalid socket [ 128.088178][ T78] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 128.090566][ T6550] hpfs: hpfs_map_sector(): read error [ 128.490009][ T6557] loop1: detected capacity change from 0 to 1024 [ 128.876091][ T6582] loop4: detected capacity change from 0 to 1024 [ 128.881312][ T6582] EXT4-fs: Ignoring removed bh option [ 128.882473][ T6582] EXT4-fs: Ignoring removed nomblk_io_submit option [ 128.883602][ T6582] ext4: Unknown parameter 'fsname' [ 129.321843][ T27] kauditd_printk_skb: 17 callbacks suppressed [ 129.321853][ T27] audit: type=1326 audit(386.301:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6590 comm="syz.2.670" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa455b9e8 code=0x0 [ 129.335777][ T6593] binder: 6592:6593 tried to acquire reference to desc 0, got 1 instead [ 129.343370][ T6593] binder: 6592:6593 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 129.345414][ T6593] binder: 6593 RLIMIT_NICE not set [ 129.346235][ T6593] binder: 6593 RLIMIT_NICE not set [ 129.347275][ T6593] binder: 6593 RLIMIT_NICE not set [ 129.357479][ T4404] binder_debug: 5 callbacks suppressed [ 129.357490][ T4404] binder: undelivered TRANSACTION_COMPLETE [ 129.359909][ T4404] binder: undelivered transaction 114, process died. [ 129.361594][ T4404] binder: undelivered TRANSACTION_COMPLETE [ 129.422873][ T6601] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 129.424516][ T6601] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 129.493150][ T6608] loop2: detected capacity change from 0 to 512 [ 129.494562][ T6608] EXT4-fs: Ignoring removed i_version option [ 129.501895][ T6608] EXT4-fs: Ignoring removed bh option [ 129.546939][ T6608] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 129.596840][ T4330] EXT4-fs (loop2): unmounting filesystem. [ 129.643317][ T6617] loop3: detected capacity change from 0 to 512 [ 129.645006][ T6617] EXT4-fs: Ignoring removed i_version option [ 129.647182][ T6617] EXT4-fs: Ignoring removed bh option [ 129.673628][ T6621] binder: 6619:6621 tried to acquire reference to desc 0, got 1 instead [ 129.678571][ T6617] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 129.683391][ T6621] binder: 6619:6621 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 129.687880][ T6621] binder: 6621 RLIMIT_NICE not set [ 129.688760][ T6621] binder: 6621 RLIMIT_NICE not set [ 129.713047][ T4404] binder: undelivered TRANSACTION_COMPLETE [ 129.714073][ T4404] binder: undelivered transaction 120, process died. [ 129.715224][ T4404] binder: undelivered TRANSACTION_COMPLETE [ 129.755603][ T4321] EXT4-fs (loop3): unmounting filesystem. [ 129.794349][ T6633] loop0: detected capacity change from 0 to 1024 [ 129.814917][ T6633] hfsplus: invalid extent max_key_len 6 [ 129.816246][ T6633] hfsplus: failed to load extents file [ 129.954643][ T6642] Invalid ELF header type: 25773 != 1 [ 129.962883][ T6642] loop3: detected capacity change from 0 to 128 [ 130.521430][ T4404] binder: undelivered TRANSACTION_COMPLETE [ 130.522521][ T4404] binder: undelivered transaction 126, process died. [ 130.523744][ T4404] binder: undelivered TRANSACTION_COMPLETE [ 130.572091][ T6655] loop2: detected capacity change from 0 to 1024 [ 130.586158][ T6655] EXT4-fs: Ignoring removed bh option [ 130.587297][ T6655] EXT4-fs: Ignoring removed nomblk_io_submit option [ 130.589585][ T6655] ext4: Unknown parameter 'fsname' [ 130.985704][ T6667] netlink: 'syz.3.699': attribute type 12 has an invalid length. [ 131.091400][ T6201] binder: undelivered TRANSACTION_COMPLETE [ 131.195208][ T6684] netlink: 'syz.1.704': attribute type 13 has an invalid length. [ 131.196585][ T6684] netlink: 'syz.1.704': attribute type 17 has an invalid length. [ 131.217593][ T6684] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 131.607944][ T6684] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 131.668734][ T6693] loop2: detected capacity change from 0 to 512 [ 131.675664][ T6693] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 131.745654][ T6696] loop2: detected capacity change from 0 to 512 [ 131.761351][ T6696] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 131.775668][ T6696] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.711: bg 0: block 473: padding at end of block bitmap is not set [ 131.778869][ T6696] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 131.781189][ T6696] EXT4-fs (loop2): 1 orphan inode deleted [ 131.782045][ T6696] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 131.799270][ T5553] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 131.800862][ T5553] EXT4-fs error (device loop2): ext4_release_dquot:6845: comm kworker/u4:25: Failed to release dquot type 1 [ 131.804273][ T4330] EXT4-fs (loop2): unmounting filesystem. [ 131.884500][ T6706] binder_user_error: 11 callbacks suppressed [ 131.884510][ T6706] binder: 6705:6706 tried to acquire reference to desc 0, got 1 instead [ 131.888371][ T6706] binder: 6705:6706 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 131.890395][ T6706] binder: 6706 RLIMIT_NICE not set [ 131.891209][ T6706] binder: 6706 RLIMIT_NICE not set [ 131.892211][ T6706] binder: 6706 RLIMIT_NICE not set [ 131.930755][ T6711] netlink: 'syz.4.716': attribute type 4 has an invalid length. [ 131.953577][ T6713] loop4: detected capacity change from 0 to 1024 [ 131.955193][ T6713] EXT4-fs: Ignoring removed bh option [ 131.956222][ T6713] EXT4-fs: Ignoring removed nomblk_io_submit option [ 131.957402][ T6713] ext4: Unknown parameter 'fsname' [ 132.506771][ T6730] loop0: detected capacity change from 0 to 1764 [ 132.577112][ T6735] binder: 6734:6735 tried to acquire reference to desc 0, got 1 instead [ 132.584277][ T6735] binder: 6734:6735 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 132.586495][ T6735] binder: 6735 RLIMIT_NICE not set [ 132.587229][ T6735] binder: 6735 RLIMIT_NICE not set [ 132.588805][ T6735] binder: 6735 RLIMIT_NICE not set [ 132.681308][ T6747] loop3: detected capacity change from 0 to 1164 [ 132.723247][ T6741] loop0: detected capacity change from 0 to 32768 [ 132.750028][ T6741] Dev loop0 Sun disklabel: Csum bad, label corrupted [ 132.751650][ T6741] loop0: unable to read partition table [ 132.752723][ T6741] loop_reread_partitions: partition scan of loop0 () failed (rc=-5) [ 132.753054][ T6749] virt_wifi0 speed is unknown, defaulting to 1000 [ 132.814035][ T6756] syz.0.735 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 132.960764][ T6774] loop4: detected capacity change from 0 to 512 [ 132.965351][ T6774] EXT4-fs (loop4): VFS: Can't find ext4 filesystem [ 132.986827][ T6778] loop0: detected capacity change from 0 to 1024 [ 132.988842][ T6778] EXT4-fs: Ignoring removed bh option [ 132.989981][ T6778] EXT4-fs: Ignoring removed nomblk_io_submit option [ 132.991054][ T6778] ext4: Unknown parameter 'fsname' [ 133.733431][ T6805] loop4: detected capacity change from 0 to 764 [ 133.751620][ T6805] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 133.761086][ T27] audit: type=1326 audit(390.741:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6807 comm="syz.3.759" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7b5b9e8 code=0x0 [ 134.468225][ T6819] loop4: detected capacity change from 0 to 1024 [ 134.470335][ T6819] EXT4-fs: Ignoring removed bh option [ 134.976882][ T6819] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 135.345683][ T6838] loop1: detected capacity change from 0 to 164 [ 135.495920][ T4334] EXT4-fs (loop4): unmounting filesystem. [ 135.522998][ T6849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.532138][ T6849] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.324253][ C1] Unknown status report in ack skb [ 136.373412][ T6892] loop3: detected capacity change from 0 to 128 [ 136.383629][ T6892] FAT-fs (loop3): bogus number of FAT sectors [ 136.384587][ T6892] FAT-fs (loop3): Can't find a valid FAT filesystem [ 137.679771][ T6923] loop3: detected capacity change from 0 to 8 [ 138.558958][ T6976] loop1: detected capacity change from 0 to 512 [ 138.592665][ T6976] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.814: couldn't read orphan inode 26 (err -116) [ 138.595001][ T6976] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 138.610332][ T4322] EXT4-fs (loop1): unmounting filesystem. [ 138.632847][ T6983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 138.850458][ T6989] netlink: 4 bytes leftover after parsing attributes in process `syz.2.819'. [ 139.036132][ T7003] fuse: Bad value for 'fd' [ 139.137192][ T7010] netlink: 8 bytes leftover after parsing attributes in process `syz.3.826'. [ 139.336687][ T7022] Invalid ELF header type: 25773 != 1 [ 139.665887][ T7035] loop4: detected capacity change from 0 to 164 [ 139.681224][ T7035] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 139.716310][ T7039] mmap: syz.4.839 (7039) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 140.212298][ T3900] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 140.312407][ T7076] fuse: Bad value for 'fd' [ 140.817772][ T3900] usb 1-1: Using ep0 maxpacket: 32 [ 140.820826][ T3900] usb 1-1: config 0 has an invalid interface number: 85 but max is 0 [ 140.822182][ T3900] usb 1-1: config 0 has no interface number 0 [ 140.823088][ T3900] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 140.824797][ T3900] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 140.826271][ T3900] usb 1-1: config 0 interface 85 has no altsetting 0 [ 140.829173][ T3900] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 140.830737][ T3900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.832038][ T3900] usb 1-1: Product: syz [ 140.833000][ T3900] usb 1-1: Manufacturer: syz [ 140.833824][ T3900] usb 1-1: SerialNumber: syz [ 141.156716][ T7090] Invalid ELF header type: 25773 != 1 [ 141.401357][ T3900] usb 1-1: config 0 descriptor?? [ 142.079967][ T3900] appletouch 1-1:0.85: Failed to request geyser raw mode [ 142.081229][ T3900] appletouch: probe of 1-1:0.85 failed with error -5 [ 142.084900][ T3900] usb 1-1: USB disconnect, device number 7 [ 142.199740][ T7141] loop1: detected capacity change from 0 to 256 [ 142.202566][ T7141] exFAT-fs (loop1): failed to read boot sector [ 142.203619][ T7141] exFAT-fs (loop1): failed to recognize exfat type [ 142.390595][ T7146] fuse: Bad value for 'fd' [ 143.216714][ T7197] netlink: 'syz.4.890': attribute type 1 has an invalid length. [ 143.628747][ T7230] fuse: Bad value for 'fd' [ 143.856229][ T7236] virt_wifi0 speed is unknown, defaulting to 1000 [ 144.456944][ T7259] virt_wifi0 speed is unknown, defaulting to 1000 [ 144.767692][ T27] audit: type=1326 audit(401.741:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7268 comm="syz.4.910" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bd5b9e8 code=0x0 [ 146.003017][ T7312] fuse: Bad value for 'fd' [ 147.788270][ T7340] netlink: 24 bytes leftover after parsing attributes in process `syz.4.925'. [ 148.867076][ T7353] loop4: detected capacity change from 0 to 1024 [ 148.987828][ T7355] fuse: Bad value for 'fd' [ 148.992199][ T7362] dns_resolver: Unsupported content type (6) [ 149.092610][ T27] audit: type=1326 audit(406.071:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7369 comm="syz.4.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 149.096178][ T27] audit: type=1326 audit(406.071:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7369 comm="syz.4.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 149.126944][ T27] audit: type=1326 audit(406.071:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7369 comm="syz.4.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 149.135562][ T27] audit: type=1326 audit(406.071:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7369 comm="syz.4.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 149.145258][ T27] audit: type=1326 audit(406.071:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7369 comm="syz.4.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 149.157083][ T27] audit: type=1326 audit(406.071:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7369 comm="syz.4.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 149.173308][ T27] audit: type=1326 audit(406.071:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7369 comm="syz.4.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 149.185275][ T27] audit: type=1326 audit(406.071:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7369 comm="syz.4.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 149.198527][ T27] audit: type=1326 audit(406.071:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7369 comm="syz.4.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bd5b9e8 code=0x7ffc0000 [ 151.082657][ T7412] fuse: Bad value for 'fd' [ 151.267705][ T4338] Bluetooth: hci4: command 0x0405 tx timeout [ 151.532926][ T7435] Invalid ELF header type: 25773 != 1 [ 151.535216][ T7435] loop4: detected capacity change from 0 to 128 [ 151.694695][ T78] block nbd0: Attempted send on invalid socket [ 151.695920][ T78] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 151.697325][ T7445] hpfs: hpfs_map_sector(): read error [ 152.382961][ T7455] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 152.953721][ T7480] loop1: detected capacity change from 0 to 512 [ 153.036846][ T7480] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.977: bg 0: block 488: padding at end of block bitmap is not set [ 153.048905][ T7480] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.977: inode #1: comm syz.1.977: iget: illegal inode # [ 153.056754][ T7480] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.977: error while reading EA inode 1 err=-117 [ 153.060927][ T7480] EXT4-fs (loop1): 1 orphan inode deleted [ 153.061956][ T7480] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 153.134636][ T7488] Invalid ELF header type: 25773 != 1 [ 153.376610][ T4322] EXT4-fs (loop1): unmounting filesystem. [ 154.839158][ T7552] Invalid ELF header type: 25773 != 1 [ 155.086818][ T7569] tipc: Enabling of bearer rejected, failed to enable media [ 155.733539][ T7602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 155.744749][ T7602] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 156.070419][ T7616] tipc: Started in network mode [ 156.071298][ T7616] tipc: Node identity 0af60cc9fa21, cluster identity 4711 [ 156.072418][ T7616] tipc: Enabled bearer , priority 0 [ 156.073984][ T7616] device syzkaller0 entered promiscuous mode [ 156.086771][ T7618] netlink: 292 bytes leftover after parsing attributes in process `syz.3.1035'. [ 156.129344][ T7622] tipc: Resetting bearer [ 156.134682][ T7615] tipc: Resetting bearer [ 156.169131][ T7615] tipc: Disabling bearer [ 156.172943][ T7623] virt_wifi0 speed is unknown, defaulting to 1000 [ 156.267290][ T7630] loop1: detected capacity change from 0 to 1024 [ 156.310387][ T7630] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #2: comm syz.1.1040: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 1, max 0(0), depth 0(0) [ 156.313872][ T7630] EXT4-fs (loop1): get root inode failed [ 156.314805][ T7630] EXT4-fs (loop1): mount failed [ 156.407693][ T7635] Invalid ELF header type: 25773 != 1 [ 156.687975][ T7640] loop0: detected capacity change from 0 to 1024 [ 156.700852][ T7640] EXT4-fs: inline encryption not supported [ 156.704051][ T7640] EXT4-fs: Ignoring removed nobh option [ 156.708372][ T7640] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 156.800500][ T7640] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 157.222215][ T7653] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '' [ 157.264927][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 157.670955][ T7664] fuse: Bad value for 'fd' [ 157.697315][ T7666] loop1: detected capacity change from 0 to 164 [ 158.157993][ T7676] loop3: detected capacity change from 0 to 1024 [ 158.172729][ T7676] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 158.184592][ T7676] EXT4-fs error (device loop3): ext4_search_dir:1549: inode #12: block 7: comm syz.3.1057: bad entry in directory: inode out of bounds - offset=0, inode=150994957, rec_len=16, size=56 fake=0 [ 158.263908][ T4321] EXT4-fs (loop3): unmounting filesystem. [ 158.477805][ T7691] Invalid ELF header type: 25773 != 1 [ 158.728495][ T4338] Bluetooth: hci2: command 0x0406 tx timeout [ 158.730772][ T4328] Bluetooth: hci0: command 0x0406 tx timeout [ 158.731864][ T4331] Bluetooth: hci1: command 0x0406 tx timeout [ 158.732871][ T4323] Bluetooth: hci3: command 0x0406 tx timeout [ 160.121013][ T7734] loop0: detected capacity change from 0 to 2048 [ 160.169758][ T7734] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 160.902682][ T7742] netlink: 'syz.2.1072': attribute type 1 has an invalid length. [ 161.047875][ T7747] fuse: Bad value for 'fd' [ 161.461724][ T7764] hub 2-0:1.0: USB hub found [ 161.463702][ T7764] hub 2-0:1.0: 8 ports detected [ 161.716470][ T7774] tipc: Started in network mode [ 161.717189][ T7774] tipc: Node identity 0abf3d48840c, cluster identity 4711 [ 161.718750][ T7774] tipc: Enabled bearer , priority 0 [ 161.720255][ T7774] device syzkaller0 entered promiscuous mode [ 161.800624][ T7776] tipc: Resetting bearer [ 161.806386][ T7772] tipc: Resetting bearer [ 161.923790][ T7772] tipc: Disabling bearer [ 163.090193][ T7830] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1095'. [ 163.149071][ T7833] fuse: Bad value for 'fd' [ 164.822277][ T7889] loop1: detected capacity change from 0 to 512 [ 164.825121][ T7889] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 164.827188][ T7889] EXT4-fs (loop1): group descriptors corrupted! [ 165.322355][ T7903] fuse: Bad value for 'fd' [ 165.490302][ T7861] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 166.041243][ T7918] device veth1_to_team entered promiscuous mode [ 166.104003][ T7924] loop1: detected capacity change from 0 to 16 [ 166.124881][ T6856] udevd[6856]: incorrect erofs checksum on /dev/loop1 [ 166.128463][ T7924] erofs: (device loop1): erofs_superblock_csum_verify: invalid checksum 0x6d812962, 0xe73df4ff expected [ 166.706784][ T7950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.716011][ T7950] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.794447][ T7955] loop3: detected capacity change from 0 to 512 [ 166.821753][ T7957] netlink: 'syz.2.1130': attribute type 13 has an invalid length. [ 169.580433][ T7998] futex_wake_op: syz.3.1139 tries to shift op by -1; fix this program [ 170.048392][ T8007] fuse: Bad value for 'fd' [ 170.210301][ T8018] loop1: detected capacity change from 0 to 1024 [ 170.222221][ T8018] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 170.223938][ T8018] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869) [ 170.228851][ T8018] EXT4-fs (loop1): barriers disabled [ 170.229672][ T8018] JBD2: no valid journal superblock found [ 170.232105][ T8018] EXT4-fs (loop1): error loading journal [ 171.656306][ T8071] loop4: detected capacity change from 0 to 16 [ 171.666597][ T8071] erofs: Unknown parameter '`cl' [ 171.674511][ T8073] loop1: detected capacity change from 0 to 1024 [ 171.686506][ T8071] loop4: detected capacity change from 0 to 2048 [ 171.690123][ T8073] EXT4-fs: Ignoring removed nobh option [ 171.691925][ T8073] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 171.693304][ T8071] UDF-fs: bad mount option "'!8٪m'a$Vx[٘k2ĶK%q [ 171.693304][ T8071] Bzjuoy9)wb] %-l ۡ'6`#}Cf]nK*6v" or missing value [ 171.716547][ T8073] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 171.760536][ T8078] loop4: detected capacity change from 0 to 1024 [ 171.804493][ T8078] __quota_error: 2 callbacks suppressed [ 171.804512][ T8078] Quota error (device loop4): do_check_range: Getting block 64 out of range 1-5 [ 171.807032][ T8078] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 171.809645][ T8078] EXT4-fs error (device loop4): ext4_acquire_dquot:6809: comm syz.4.1161: Failed to acquire dquot type 0 [ 171.814174][ T8078] EXT4-fs error (device loop4): mb_free_blocks:1810: group 0, inode 13: block 160:freeing already freed block (bit 10); block bitmap corrupt. [ 171.821252][ T8078] EXT4-fs (loop4): 1 truncate cleaned up [ 171.822437][ T8078] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 171.844557][ T4334] EXT4-fs (loop4): unmounting filesystem. [ 172.005811][ T8082] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3836: comm syz.1.1160: Allocating blocks 497-513 which overlap fs metadata [ 172.038255][ T8082] EXT4-fs (loop1): pa 000000002affe2fe: logic 256, phys. 385, len 8 [ 172.039558][ T8082] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1 [ 172.897071][ T4322] EXT4-fs (loop1): unmounting filesystem. [ 173.511593][ T8136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 173.514342][ T8136] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 173.894159][ T8143] xt_CT: No such helper "pptp" [ 174.006235][ T8153] loop0: detected capacity change from 0 to 764 [ 174.014516][ T8153] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 174.358010][ T8161] Invalid ELF header type: 25773 != 1 [ 174.362639][ T8163] Bluetooth: MGMT ver 1.22 [ 174.413202][ T8170] tipc: Enabled bearer , priority 0 [ 174.414907][ T8170] device syzkaller0 entered promiscuous mode [ 174.455587][ T8169] tipc: Resetting bearer [ 174.612886][ T8169] tipc: Disabling bearer [ 175.117176][ T8190] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 175.123284][ T8190] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 175.251575][ T8198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.254073][ T8198] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.416333][ T8203] tipc: Enabling of bearer rejected, failed to enable media [ 175.533373][ T8212] loop3: detected capacity change from 0 to 1024 [ 176.521040][ T8212] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 177.034729][ T8222] loop4: detected capacity change from 0 to 164 [ 177.059610][ T8222] isofs_fill_super: root inode is not a directory. Corrupted media? [ 177.280137][ T6856] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 177.347809][ T4321] EXT4-fs (loop3): unmounting filesystem. [ 178.125646][ T8243] tipc: Enabled bearer , priority 0 [ 178.131501][ T8243] device syzkaller0 entered promiscuous mode [ 178.194099][ T8242] tipc: Resetting bearer [ 178.309520][ T8242] tipc: Disabling bearer [ 178.423108][ T8284] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1224'. [ 179.022244][ T8286] hub 2-0:1.0: USB hub found [ 179.023271][ T8286] hub 2-0:1.0: 8 ports detected [ 179.625577][ T78] block nbd0: Attempted send on invalid socket [ 179.626648][ T78] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 179.628297][ T8300] hpfs: hpfs_map_sector(): read error [ 180.401167][ T8357] netlink: 'syz.3.1256': attribute type 30 has an invalid length. [ 180.744167][ T51] block nbd4: Attempted send on invalid socket [ 180.746918][ T51] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 180.748538][ T8366] hpfs: hpfs_map_sector(): read error [ 181.391253][ T8392] netlink: 'syz.2.1269': attribute type 30 has an invalid length. [ 181.418192][ T8396] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1270'. [ 181.420614][ T8397] loop4: detected capacity change from 0 to 512 [ 181.435977][ T8397] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 181.455785][ T4334] EXT4-fs (loop4): unmounting filesystem. [ 181.893561][ T8415] xt_CT: No such helper "pptp" [ 181.931137][ T8424] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1280'. [ 182.004782][ T27] audit: type=1326 audit(438.981:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8429 comm="syz.1.1283" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb55b9e8 code=0x0 [ 182.241975][ T8438] loop3: detected capacity change from 0 to 256 [ 182.305268][ T8440] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1287'. [ 182.530224][ T8445] loop4: detected capacity change from 0 to 2048 [ 182.583740][ T8445] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 182.632203][ T4334] EXT4-fs (loop4): unmounting filesystem. [ 182.712206][ T8465] loop3: detected capacity change from 0 to 1024 [ 182.872946][ T8468] virt_wifi0 speed is unknown, defaulting to 1000 [ 183.099827][ T8475] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1301'. [ 183.102205][ T8473] loop1: detected capacity change from 0 to 2048 [ 183.106418][ T8473] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 183.848262][ T51] block nbd4: Attempted send on invalid socket [ 183.849696][ T51] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 183.851424][ T8516] hpfs: hpfs_map_sector(): read error [ 184.196672][ T8527] IPv6: NLM_F_CREATE should be specified when creating new route [ 184.877031][ T8548] virt_wifi0 speed is unknown, defaulting to 1000 [ 185.322819][ T8564] loop0: detected capacity change from 0 to 2048 [ 185.346324][ T8564] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 187.024283][ T8620] loop0: detected capacity change from 0 to 1024 [ 187.025850][ T8620] EXT4-fs: Ignoring removed nobh option [ 187.057135][ T8620] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #11: comm syz.0.1344: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 187.064339][ T8620] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.1344: couldn't read orphan inode 11 (err -117) [ 187.079860][ T8620] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 187.104570][ T8620] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:477: comm syz.0.1344: Invalid block bitmap block 0 in block_group 0 [ 187.131928][ T8620] Quota error (device loop0): write_blk: dquota write failed [ 187.144300][ T8620] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 187.145930][ T8620] EXT4-fs error (device loop0): ext4_acquire_dquot:6809: comm syz.0.1344: Failed to acquire dquot type 0 [ 187.220849][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 187.381960][ T2063] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.384360][ T2063] ieee802154 phy1 wpan1: encryption failed: -22 [ 187.926491][ T8671] virt_wifi0 speed is unknown, defaulting to 1000 [ 188.192532][ T8695] loop4: detected capacity change from 0 to 8 [ 188.211954][ T8695] unable to read xattr id index table [ 188.302603][ T6856] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 188.346056][ T8710] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1374'. [ 188.347852][ T8710] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1374'. [ 189.220758][ T8738] loop1: detected capacity change from 0 to 764 [ 189.269551][ T8738] rock: directory entry would overflow storage [ 189.284977][ T8738] rock: sig=0x4654, size=5, remaining=4 [ 189.480926][ T8750] netlink: 324 bytes leftover after parsing attributes in process `syz.0.1382'. [ 189.482584][ T8750] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1382'. [ 189.715983][ T8757] virt_wifi0 speed is unknown, defaulting to 1000 [ 189.980699][ T51] block nbd1: Attempted send on invalid socket [ 189.981743][ T51] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 189.983314][ T8754] hpfs: hpfs_map_sector(): read error [ 190.598592][ T8779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.600929][ T8779] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.748790][ T8792] Invalid ELF header magic: != ELF [ 191.380994][ T8800] fuse: Bad value for 'fd' [ 191.397420][ T8803] loop0: detected capacity change from 0 to 256 [ 191.416719][ T8803] FAT-fs (loop0): Directory bread(block 64) failed [ 191.446550][ T8803] FAT-fs (loop0): Directory bread(block 65) failed [ 191.447748][ T8803] FAT-fs (loop0): Directory bread(block 66) failed [ 191.448799][ T8803] FAT-fs (loop0): Directory bread(block 67) failed [ 191.449803][ T8803] FAT-fs (loop0): Directory bread(block 68) failed [ 191.450884][ T8803] FAT-fs (loop0): Directory bread(block 69) failed [ 191.454931][ T8803] FAT-fs (loop0): Directory bread(block 70) failed [ 191.456044][ T8803] FAT-fs (loop0): Directory bread(block 71) failed [ 191.457175][ T8803] FAT-fs (loop0): Directory bread(block 72) failed [ 191.458562][ T8803] FAT-fs (loop0): Directory bread(block 73) failed [ 191.461682][ T8805] 9pnet_fd: Insufficient options for proto=fd [ 191.484841][ T8803] syz.0.1393: attempt to access beyond end of device [ 191.484841][ T8803] loop0: rw=2051, sector=1224, nr_sectors = 32 limit=256 [ 191.670214][ T8824] Invalid ELF header magic: != ELF [ 192.673628][ T8833] loop0: detected capacity change from 0 to 1024 [ 193.102394][ T8852] fuse: Bad value for 'fd' [ 194.781764][ T8902] loop0: detected capacity change from 0 to 128 [ 194.812188][ T8902] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 194.832102][ T8902] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-ce" [ 194.834161][ T8902] fscrypt: AES-256-XTS using implementation "xts-aes-ce" [ 194.846643][ T8902] fscrypt: loop0: 2 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 13 [ 194.860377][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 194.942943][ T8907] fuse: Bad value for 'fd' [ 196.076250][ T8935] loop3: detected capacity change from 0 to 8 [ 196.109775][ T8939] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.112142][ T8939] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.198230][ T51] block nbd0: Attempted send on invalid socket [ 196.199292][ T51] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 196.200876][ T8941] hpfs: hpfs_map_sector(): read error [ 197.076637][ T8944] kthread_run failed with err -4 [ 198.642414][ T8992] hub 2-0:1.0: USB hub found [ 198.644407][ T8992] hub 2-0:1.0: 8 ports detected [ 198.783944][ T9000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.785589][ T9000] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.815208][ T9004] loop4: detected capacity change from 0 to 164 [ 198.820798][ T9004] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 200.665099][ T9051] loop0: detected capacity change from 0 to 2048 [ 200.979628][ T9051] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 202.178839][ T9058] hub 2-0:1.0: USB hub found [ 202.180286][ T9058] hub 2-0:1.0: 8 ports detected [ 202.429600][ T9062] loop1: detected capacity change from 0 to 164 [ 202.444781][ T4473] kworker/u4:9: attempt to access beyond end of device [ 202.444781][ T4473] loop0: rw=1, sector=2048, nr_sectors = 1 limit=2048 [ 202.447196][ T4473] Buffer I/O error on dev loop0, logical block 2048, lost async page write [ 202.448573][ T4473] kworker/u4:9: attempt to access beyond end of device [ 202.448573][ T4473] loop0: rw=1, sector=2048, nr_sectors = 1 limit=2048 [ 202.450551][ T4473] Buffer I/O error on dev loop0, logical block 2048, lost async page write [ 202.454987][ T4473] kworker/u4:9: attempt to access beyond end of device [ 202.454987][ T4473] loop0: rw=1, sector=2048, nr_sectors = 1 limit=2048 [ 202.457063][ T4473] Buffer I/O error on dev loop0, logical block 2048, lost async page write [ 202.461593][ T9062] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 202.466023][ T4473] kworker/u4:9: attempt to access beyond end of device [ 202.466023][ T4473] loop0: rw=1, sector=2048, nr_sectors = 1 limit=2048 [ 202.474556][ T4473] Buffer I/O error on dev loop0, logical block 2048, lost async page write [ 202.548819][ T9068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 202.550342][ T9068] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 202.707066][ T51] block nbd4: Attempted send on invalid socket [ 202.709435][ T51] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 202.710995][ T9081] hpfs: hpfs_map_sector(): read error [ 202.828655][ T9083] binder: 9078:9083 ioctl c0306201 0 returned -14 [ 202.830527][ T9083] binder_user_error: 5 callbacks suppressed [ 202.830534][ T9083] binder: 9078:9083 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 203.267276][ T9089] binder: 9088:9089 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 203.270318][ T9089] binder: 9089 RLIMIT_NICE not set [ 203.966731][ T3900] hid-generic 0006:0800:0003.0002: hidraw0: VIRTUAL HID vf.6b Device [syz0] on syz0 [ 204.020593][ T9104] fido_id[9104]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 204.205900][ T9110] hub 2-0:1.0: USB hub found [ 204.207417][ T9110] hub 2-0:1.0: 8 ports detected [ 204.951068][ T9130] loop1: detected capacity change from 0 to 2048 [ 204.987075][ T9130] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 205.018026][ T4322] EXT4-fs (loop1): unmounting filesystem. [ 205.051937][ T9144] loop0: detected capacity change from 0 to 16 [ 205.053792][ T9144] erofs: Unknown parameter '`cl' [ 205.079419][ T6152] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 205.087575][ T9144] loop0: detected capacity change from 0 to 2048 [ 205.087926][ T6152] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 205.090473][ T9144] UDF-fs: bad mount option "'!8٪m'a$Vx[٘k2ĶK%q [ 205.090473][ T9144] Bzjuoy9)wb] %-l ۡ'6`#}Cf]nK*6v" or missing value [ 205.919826][ T9179] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1519'. [ 206.843329][ T9186] loop1: detected capacity change from 0 to 256 [ 206.850817][ T9186] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 206.892833][ T9187] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1523'. [ 206.930700][ T9192] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1526'. [ 207.113253][ T9215] netlink: 'syz.2.1536': attribute type 29 has an invalid length. [ 207.913457][ T9231] loop4: detected capacity change from 0 to 2048 [ 208.009075][ T9239] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1546'. [ 208.010913][ T9239] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1546'. [ 208.012493][ T9239] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1546'. [ 208.014151][ T9239] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1546'. [ 208.073073][ T9245] loop0: detected capacity change from 0 to 256 [ 209.341005][ T9308] loop4: detected capacity change from 0 to 1024 [ 209.344785][ T9308] EXT4-fs: Ignoring removed bh option [ 209.345881][ T9308] EXT4-fs: Ignoring removed nomblk_io_submit option [ 209.346973][ T9308] ext4: Unknown parameter 'fsname' [ 209.948837][ T9327] loop3: detected capacity change from 0 to 2048 [ 211.903220][ T9376] fuse: Bad value for 'fd' [ 212.690053][ T9401] loop0: detected capacity change from 0 to 1024 [ 212.699501][ T9401] EXT4-fs: Ignoring removed bh option [ 212.710731][ T9401] EXT4-fs: Ignoring removed nomblk_io_submit option [ 212.720182][ T9401] ext4: Unknown parameter 'fsname' [ 212.943323][ T9421] netlink: 'syz.4.1597': attribute type 12 has an invalid length. [ 213.060931][ T9426] loop1: detected capacity change from 0 to 1024 [ 213.134963][ T9426] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 213.151225][ T9426] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3836: comm syz.1.1599: Allocating blocks 385-513 which overlap fs metadata [ 213.158812][ T9426] EXT4-fs (loop1): pa 00000000e0589845: logic 16, phys. 129, len 24 [ 213.160125][ T9426] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 8 [ 213.195795][ T4322] EXT4-fs (loop1): unmounting filesystem. [ 213.300478][ T9443] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1603'. [ 213.655668][ T9442] fuse: Bad value for 'fd' [ 213.790655][ T9454] loop0: detected capacity change from 0 to 1024 [ 213.804645][ T9454] Quota error (device loop0): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 213.806908][ T9454] EXT4-fs warning (device loop0): ext4_enable_quotas:7061: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 213.812933][ T9454] EXT4-fs (loop0): mount failed [ 214.772157][ T9491] loop4: detected capacity change from 0 to 1024 [ 214.774089][ T9491] EXT4-fs: Ignoring removed orlov option [ 214.809084][ T9491] EXT4-fs (loop4): Test dummy encryption mode enabled [ 214.816666][ T9491] EXT4-fs (loop4): can't mount with journal_checksum, fs mounted w/o journal [ 214.892921][ T9503] loop4: detected capacity change from 0 to 1024 [ 214.896824][ T9504] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1615'. [ 214.921132][ T9503] EXT4-fs: Ignoring removed bh option [ 214.922031][ T9503] EXT4-fs: Ignoring removed nomblk_io_submit option [ 214.923006][ T9503] ext4: Unknown parameter 'fsname' [ 215.456548][ T9523] fuse: Bad value for 'fd' [ 216.061124][ T51] block nbd1: Attempted send on invalid socket [ 216.062376][ T51] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 216.063898][ T9549] hpfs: hpfs_map_sector(): read error [ 216.331721][ T9568] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1631'. [ 216.388855][ T9574] loop4: detected capacity change from 0 to 1024 [ 216.395546][ T9574] EXT4-fs: Ignoring removed bh option [ 216.399418][ T9574] EXT4-fs: Ignoring removed nomblk_io_submit option [ 216.727896][ T9574] ext4: Unknown parameter 'fsname' [ 217.321942][ T9587] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 217.325775][ T9587] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 217.547701][ T9596] fuse: Bad value for 'fd' [ 217.996787][ T9601] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1644'. [ 217.999100][ T9601] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1644'. [ 218.017146][ T9601] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1644'. [ 218.428063][ T9613] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1646'. [ 219.763424][ T9631] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.766779][ T9631] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.739982][ T9642] mmap: syz.2.1657 (9642): VmData 41684992 exceed data ulimit 33554432. Update limits or use boot option ignore_rlimit_data. [ 221.350441][ T9652] fuse: Bad value for 'max_read' [ 221.392249][ T27] audit: type=1326 audit(478.371:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9655 comm="syz.4.1663" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bd5b9e8 code=0x0 [ 231.653506][ T9712] hub 2-0:1.0: USB hub found [ 231.654571][ T9712] hub 2-0:1.0: 8 ports detected [ 232.828515][ T9742] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1690'. [ 233.822892][ T9743] hub 2-0:1.0: USB hub found [ 233.823940][ T9743] hub 2-0:1.0: 8 ports detected [ 233.887732][ T9751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 233.889223][ T9751] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 233.890615][ T9753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 233.900988][ T9753] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.019229][ T9792] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1707'. [ 235.562169][ T9801] hub 2-0:1.0: USB hub found [ 235.563449][ T9801] hub 2-0:1.0: 8 ports detected [ 235.819546][ T9817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 235.823868][ T9817] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.829188][ T9813] fuse: Bad value for 'fd' [ 236.600126][ T9842] loop3: detected capacity change from 0 to 512 [ 236.624819][ T9842] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=6 [ 236.626448][ T9842] EXT4-fs warning (device loop3): ext4_enable_quotas:7061: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 236.630796][ T9847] loop4: detected capacity change from 0 to 2048 [ 236.631616][ T9842] EXT4-fs (loop3): mount failed [ 236.697048][ T9847] loop4: unable to read partition table [ 236.700372][ T9847] loop4: partition table beyond EOD, truncated [ 236.703263][ T9847] loop_reread_partitions: partition scan of loop4 () failed (rc=-5) [ 236.782705][ T3938] loop4: unable to read partition table [ 236.786721][ T3938] loop4: partition table beyond EOD, truncated [ 237.262260][ T9879] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 237.263955][ T9879] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 238.155836][ T9903] loop1: detected capacity change from 0 to 512 [ 238.867183][ T9926] loop4: detected capacity change from 0 to 512 [ 238.899044][ T9926] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 238.900442][ T9926] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 238.901615][ T9926] System zones: 0-1, 15-15, 18-18, 34-34 [ 238.902867][ T9926] EXT4-fs (loop4): orphan cleanup on readonly fs [ 238.905020][ T9926] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 238.906574][ T9926] EXT4-fs warning (device loop4): ext4_enable_quotas:7061: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 238.910251][ T9926] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 238.911637][ T9926] EXT4-fs (loop4): 1 truncate cleaned up [ 238.912538][ T9926] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 238.924363][ T9926] fscrypt (loop4, inode 16): Error -61 getting encryption context [ 238.940895][ T4334] EXT4-fs (loop4): unmounting filesystem. [ 239.235194][ T9956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 239.236779][ T9956] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 240.070394][ T9985] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 240.072045][ T9985] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 240.289713][ T9989] Cannot find del_set index 4 as target [ 241.996887][T10035] fuse: Bad value for 'fd' [ 242.422908][T10048] loop3: detected capacity change from 0 to 128 [ 242.430578][T10050] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 242.432292][T10050] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 242.440595][ T9755] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 242.805446][T10063] virt_wifi0 speed is unknown, defaulting to 1000 [ 242.822174][T10063] netlink: 'syz.0.1822': attribute type 13 has an invalid length. [ 242.823577][T10063] netlink: 'syz.0.1822': attribute type 17 has an invalid length. [ 242.828813][T10063] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 243.135468][T10085] fuse: Bad value for 'fd' [ 243.271930][T10087] loop4: detected capacity change from 0 to 1024 [ 243.273544][T10087] EXT4-fs: Ignoring removed bh option [ 243.274498][T10087] EXT4-fs: Ignoring removed nomblk_io_submit option [ 243.275576][T10087] ext4: Unknown parameter 'fsname' [ 243.312456][ T9755] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 243.441658][T10094] loop0: detected capacity change from 0 to 8 [ 243.499600][T10098] loop0: detected capacity change from 0 to 128 [ 243.508056][T10098] EXT4-fs (loop0): Test dummy encryption mode enabled [ 243.514086][T10097] loop3: detected capacity change from 0 to 2048 [ 243.530820][T10098] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 243.546521][T10097] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 243.556607][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 243.573273][ T4321] EXT4-fs (loop3): unmounting filesystem. [ 244.036862][T10121] loop1: detected capacity change from 0 to 2048 [ 244.081971][T10121] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 244.861613][T10132] loop0: detected capacity change from 0 to 256 [ 244.906132][T10135] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1850'. [ 245.244663][T10147] fuse: Bad value for 'fd' [ 245.877120][T10154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 245.878837][T10154] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 245.936861][T10157] loop1: detected capacity change from 0 to 256 [ 245.990708][T10160] loop0: detected capacity change from 0 to 1024 [ 245.994029][T10160] EXT4-fs: Ignoring removed bh option [ 245.994932][T10160] EXT4-fs: Ignoring removed nomblk_io_submit option [ 245.995948][T10160] ext4: Unknown parameter 'fsname' [ 246.041228][ T9756] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 246.188649][T10179] loop1: detected capacity change from 0 to 2048 [ 246.192941][T10179] UDF-fs: bad mount option "fscontext=unconfi" or missing value [ 246.702794][T10185] fuse: Bad value for 'fd' [ 247.558716][T10215] loop4: detected capacity change from 0 to 1024 [ 247.560371][T10215] EXT4-fs: Ignoring removed bh option [ 247.561387][T10215] EXT4-fs: Ignoring removed nomblk_io_submit option [ 247.562638][T10215] ext4: Unknown parameter 'fsname' [ 247.639461][ T9756] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 248.457285][T10230] loop1: detected capacity change from 0 to 256 [ 248.482017][T10230] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x204dac4c, utbl_chksum : 0xe619d30d) [ 248.624954][T10236] fuse: Bad value for 'fd' [ 248.870850][ T2063] ieee802154 phy0 wpan0: encryption failed: -22 [ 248.871932][ T2063] ieee802154 phy1 wpan1: encryption failed: -22 [ 248.963777][T10254] loop1: detected capacity change from 0 to 1024 [ 248.966697][T10254] EXT4-fs: Ignoring removed bh option [ 248.968535][T10254] EXT4-fs: Ignoring removed nomblk_io_submit option [ 248.969715][T10254] ext4: Unknown parameter 'fsname' [ 251.176629][T10303] loop3: detected capacity change from 0 to 1024 [ 251.178404][T10303] EXT4-fs: Ignoring removed bh option [ 251.179391][T10303] EXT4-fs: Ignoring removed nomblk_io_submit option [ 251.180493][T10303] ext4: Unknown parameter 'fsname' [ 251.485227][T10307] fuse: Bad value for 'fd' [ 253.840226][T10349] loop4: detected capacity change from 0 to 256 [ 253.853045][T10349] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 254.333744][T10358] fuse: Bad value for 'fd' [ 254.378839][T10363] loop4: detected capacity change from 0 to 1024 [ 254.380476][T10363] EXT4-fs: Ignoring removed bh option [ 254.381411][T10363] EXT4-fs: Ignoring removed nomblk_io_submit option [ 254.382611][T10363] ext4: Unknown parameter 'fsname' [ 254.647698][ T9755] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 254.741973][T10368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 254.746699][T10368] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 256.230982][T10406] fuse: Bad value for 'fd' [ 256.542089][T10414] loop0: detected capacity change from 0 to 128 [ 256.564981][T10414] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 257.488770][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 257.640982][T10452] loop1: detected capacity change from 0 to 1024 [ 257.646416][T10452] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 257.800476][T10454] fuse: Bad value for 'fd' [ 258.286346][T10452] EXT4-fs (loop1): can't mount with journal_checksum, fs mounted w/o journal [ 258.345058][ T27] audit: type=1326 audit(515.322:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10463 comm="syz.4.1967" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffff8bd5b9e8 code=0x0 [ 259.467411][T10493] virt_wifi0 speed is unknown, defaulting to 1000 [ 260.582902][T10509] fuse: Bad value for 'fd' [ 260.616418][T10513] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1982'. [ 260.635290][T10513] loop1: detected capacity change from 0 to 128 [ 261.198766][T10529] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1989'. [ 261.351583][T10556] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1999'. [ 261.354176][T10556] netlink: 'syz.0.1999': attribute type 1 has an invalid length. [ 261.814200][T10577] virt_wifi0 speed is unknown, defaulting to 1000 [ 262.003071][T10591] loop4: detected capacity change from 0 to 8 [ 262.012167][T10591] unable to read id index table [ 262.031751][T10592] Invalid ELF header type: 25773 != 1 [ 262.089256][T10596] loop4: detected capacity change from 0 to 2048 [ 262.122844][T10596] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 263.244882][T10627] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2025'. [ 263.246252][T10627] tc_dump_action: action bad kind [ 263.784309][T10657] Invalid ELF header type: 25773 != 1 [ 266.280227][T10741] Invalid ELF header type: 25773 != 1 [ 267.463386][T10789] loop4: detected capacity change from 0 to 1024 [ 267.488147][T10792] loop0: detected capacity change from 0 to 1024 [ 268.637439][T10811] loop1: detected capacity change from 0 to 4096 [ 268.641298][T10811] EXT4-fs: Ignoring removed nomblk_io_submit option [ 268.651063][T10811] EXT4-fs (loop1): Test dummy encryption mode enabled [ 268.659599][T10811] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 268.661046][T10811] System zones: 0-5 [ 268.664561][T10811] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 268.800518][ T4322] EXT4-fs (loop1): unmounting filesystem. [ 270.840273][T10885] netlink: 'syz.2.2095': attribute type 49 has an invalid length. [ 271.023804][T10905] device syzkaller0 entered promiscuous mode [ 271.484958][T10913] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 272.337331][T10948] loop4: detected capacity change from 0 to 2048 [ 272.645120][T10952] loop3: detected capacity change from 0 to 1024 [ 272.663725][T10952] hfsplus: extend alloc file! (8192,8,110) [ 272.665367][T10952] hfsplus: b-tree write err: -5, ino 4 [ 273.416242][T10977] loop1: detected capacity change from 0 to 128 [ 273.438213][T10977] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 273.538094][ T4322] EXT4-fs (loop1): unmounting filesystem. [ 275.201054][T11042] netlink: 'syz.2.2140': attribute type 2 has an invalid length. [ 275.202499][T11042] netlink: 'syz.2.2140': attribute type 2 has an invalid length. [ 275.204606][T11042] netlink: 'syz.2.2140': attribute type 1 has an invalid length. [ 275.703763][T11062] Invalid ELF header type: 25773 != 1 [ 275.887565][T11072] loop4: detected capacity change from 0 to 128 [ 275.898356][T11072] FAT-fs (loop4): bogus number of FAT sectors [ 275.900556][T11072] FAT-fs (loop4): Can't find a valid FAT filesystem [ 275.937952][ T27] audit: type=1326 audit(532.922:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11073 comm="syz.0.2151" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a95b9e8 code=0x0 [ 276.077549][T11085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 276.079260][T11085] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.193004][T11086] loop4: detected capacity change from 0 to 1764 [ 277.703327][T11122] Invalid ELF header type: 25773 != 1 [ 277.769000][ T78] block nbd4: Attempted send on invalid socket [ 277.770453][ T78] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 277.772363][T11117] hpfs: hpfs_map_sector(): read error [ 279.056377][ T78] block nbd0: Attempted send on invalid socket [ 279.057468][ T78] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 279.058989][T11166] hpfs: hpfs_map_sector(): read error [ 279.114276][T11167] Invalid ELF header type: 25773 != 1 [ 280.316691][T11223] Invalid ELF header type: 25773 != 1 [ 280.350638][T11227] loop4: detected capacity change from 0 to 1024 [ 280.360226][T11227] hfsplus: umask requires a value [ 280.366394][T11227] hfsplus: unable to parse mount options [ 282.661074][T11282] Invalid ELF header type: 25773 != 1 [ 283.980780][T11310] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2244'. [ 283.983924][T11310] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2244'. [ 284.127731][T11320] sock: sock_timestamping_bind_phc: sock not bind to device [ 284.268785][T11329] loop3: detected capacity change from 0 to 256 [ 285.148418][T11343] Invalid ELF header type: 25773 != 1 [ 285.191176][T11354] loop1: detected capacity change from 0 to 2048 [ 285.238552][T11359] bridge1: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 286.349177][T11395] fuse: Bad value for 'fd' [ 286.481629][T11406] loop4: detected capacity change from 0 to 1024 [ 286.773601][T11409] loop0: detected capacity change from 0 to 164 [ 286.934655][T11405] Invalid ELF header type: 25773 != 1 [ 287.747677][ T5556] hfsplus: b-tree write err: -5, ino 4 [ 287.795464][T11432] nfs4: Bad value for 'source' [ 287.820694][T11436] ipt_CLUSTERIP: Please specify destination IP [ 287.895061][T11440] loop0: detected capacity change from 0 to 512 [ 289.117368][T11462] loop3: detected capacity change from 0 to 1024 [ 289.313006][T11466] Invalid ELF header type: 25773 != 1 [ 289.847659][T11440] EXT4-fs error (device loop0): ext4_quota_enable:7017: inode #4: comm syz.0.2283: iget: bad i_size value: 5910974510929920 [ 289.864551][T11440] EXT4-fs error (device loop0): ext4_quota_enable:7020: comm syz.0.2283: Bad quota inode: 4, type: 1 [ 290.018067][ T4946] hfsplus: b-tree write err: -5, ino 4 [ 290.058741][T11440] EXT4-fs warning (device loop0): ext4_enable_quotas:7061: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 290.178155][T11440] EXT4-fs (loop0): mount failed [ 291.072558][T11489] "syz.4.2302" (11489) uses obsolete ecb(arc4) skcipher [ 291.076191][T11489] syz.4.2302 sent an empty control message without MSG_MORE. [ 291.614189][T11510] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2310'. [ 291.654831][T11513] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2312'. [ 291.656497][T11513] device bridge_slave_1 left promiscuous mode [ 291.658961][T11513] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.782894][T11513] device bridge_slave_0 left promiscuous mode [ 291.785211][T11513] bridge0: port 1(bridge_slave_0) entered disabled state [ 292.170989][T11524] x_tables: ip_tables: TPROXY target: only valid in mangle table, not  [ 292.352242][T11530] Invalid ELF header type: 25773 != 1 [ 292.809007][ T4323] Bluetooth: hci4: link tx timeout [ 292.810665][ T4323] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 293.839765][ T4338] Bluetooth: hci4: link tx timeout [ 293.840734][ T4338] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 294.312470][T11598] virt_wifi0 speed is unknown, defaulting to 1000 [ 294.453480][T11604] fuse: Bad value for 'fd' [ 295.292857][ T4338] Bluetooth: hci4: command 0x0406 tx timeout [ 296.024277][T11643] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2357'. [ 296.190597][T11647] loop0: detected capacity change from 0 to 164 [ 296.225967][T11650] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 296.454488][T11655] virt_wifi0 speed is unknown, defaulting to 1000 [ 297.628849][T11668] fuse: Bad value for 'fd' [ 297.630239][T11665] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2364'. [ 297.631821][T11665] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 297.633280][T11665] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 297.842630][T11685] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2372'. [ 298.314053][T11703] loop1: detected capacity change from 0 to 128 [ 298.671338][T11717] fuse: Bad value for 'fd' [ 299.165204][ T27] audit: type=1326 audit(556.158:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11728 comm="syz.0.2389" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9a95b9e8 code=0x0 [ 299.328031][T11740] loop3: detected capacity change from 0 to 1024 [ 299.414027][ T4946] hfsplus: b-tree write err: -5, ino 8 [ 299.724685][T11764] hub 2-0:1.0: USB hub found [ 299.725851][T11764] hub 2-0:1.0: 8 ports detected [ 300.009446][T11768] fuse: Bad value for 'fd' [ 300.343870][T11778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 300.347914][T11778] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 300.387477][ T27] audit: type=1326 audit(557.368:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11781 comm="syz.2.2410" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa455b9e8 code=0x0 [ 301.118640][T11795] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 301.298641][T11806] 9pnet_fd: p9_fd_create_tcp (11806): problem connecting socket to 127.0.0.1 [ 301.301551][T11810] xt_CT: You must specify a L4 protocol and not use inversions on it [ 301.692891][T11827] 9pnet_fd: p9_fd_create_tcp (11827): problem connecting socket to 127.0.0.1 [ 302.480979][T11869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2443'. [ 303.004325][T11885] loop4: detected capacity change from 0 to 512 [ 303.026193][T11885] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.2450: Invalid inode bitmap blk 4 in block_group 0 [ 303.029006][T11885] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 303.065029][ T4334] EXT4-fs (loop4): unmounting filesystem. [ 303.118238][T11895] loop0: detected capacity change from 0 to 16 [ 303.126315][T11895] erofs: (device loop0): mounted with root inode @ nid 36. [ 303.212066][T11902] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2455'. [ 303.295044][T11908] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2459'. [ 303.782722][T11922] loop4: detected capacity change from 0 to 256 [ 303.800906][T11922] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 304.082774][T11932] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 304.123937][T11937] loop4: detected capacity change from 0 to 128 [ 304.223946][T11941] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2472'. [ 304.776425][T11972] loop0: detected capacity change from 0 to 256 [ 304.782049][T11972] exFAT-fs (loop0): bogus fat length [ 304.784114][T11972] exFAT-fs (loop0): failed to read boot sector [ 304.785010][T11972] exFAT-fs (loop0): failed to recognize exfat type [ 304.822538][T11975] device veth0 entered promiscuous mode [ 304.825167][T11975] device veth0 left promiscuous mode [ 304.838812][T11978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2488'. [ 304.906125][T11982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 304.913093][T11982] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 304.917956][T11984] loop0: detected capacity change from 0 to 512 [ 304.956367][T11984] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 304.987994][T11984] EXT4-fs error (device loop0): ext4_do_update_inode:5268: inode #2: comm syz.0.2491: corrupted inode contents [ 304.992220][T11984] EXT4-fs error (device loop0): ext4_dirty_inode:6133: inode #2: comm syz.0.2491: mark_inode_dirty error [ 304.994885][T11984] EXT4-fs error (device loop0): ext4_do_update_inode:5268: inode #2: comm syz.0.2491: corrupted inode contents [ 305.000338][T11984] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.2491: mark_inode_dirty error [ 305.027310][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 305.094397][T11992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 305.100005][T11992] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 305.310256][T11999] loop0: detected capacity change from 0 to 128 [ 305.312831][T11999] FAT-fs (loop0): Unrecognized mount option "18446744073709551615" or missing value [ 305.348073][ T9755] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 305.572992][T12016] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2503'. [ 305.631629][T12018] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2504'. [ 305.780283][T12032] hub 2-0:1.0: USB hub found [ 305.781150][T12032] hub 2-0:1.0: 8 ports detected [ 306.307126][T12053] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2516'. [ 306.501344][T12061] loop0: detected capacity change from 0 to 2048 [ 306.573666][T12061] UDF-fs: iocharset defrget not found [ 307.894970][T12129] loop1: detected capacity change from 0 to 128 [ 307.906625][T12129] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 307.953407][T12129] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 307.954990][T12129] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 307.961407][T12129] UDF-fs: Scanning with blocksize 512 failed [ 307.978591][T12137] loop3: detected capacity change from 0 to 256 [ 308.021012][T12129] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 308.022822][T12129] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 308.024266][T12129] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 308.025576][T12129] UDF-fs: Scanning with blocksize 1024 failed [ 308.027763][T12129] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 308.029554][T12129] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 308.031544][T12129] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 308.032727][T12129] UDF-fs: Scanning with blocksize 2048 failed [ 308.034919][T12129] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 308.039440][T12129] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 308.041085][T12129] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 308.042653][T12129] UDF-fs: Scanning with blocksize 4096 failed [ 308.043755][T12129] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1) [ 308.108491][T12142] hub 2-0:1.0: USB hub found [ 308.109459][T12142] hub 2-0:1.0: 8 ports detected [ 308.814608][T12147] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2553'. [ 308.890214][T12150] cgroup: No subsys list or none specified [ 309.443175][T12167] loop0: detected capacity change from 0 to 764 [ 309.457111][T12167] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet. [ 309.581147][T12177] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2567'. [ 310.239130][ T2063] ieee802154 phy0 wpan0: encryption failed: -22 [ 310.240745][ T2063] ieee802154 phy1 wpan1: encryption failed: -22 [ 310.496344][T12195] loop0: detected capacity change from 0 to 512 [ 310.509284][T12195] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 310.572477][T12195] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #2: comm syz.0.2572: missing EA_INODE flag [ 310.589863][T12195] EXT4-fs (loop0): Remounting filesystem read-only [ 310.592129][T12195] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.2572: error while reading EA inode 2 err=-117 [ 310.595591][T12195] EXT4-fs (loop0): Remounting filesystem read-only [ 310.596745][T12195] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2819: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 310.599700][T12195] EXT4-fs (loop0): 1 truncate cleaned up [ 310.604188][T12195] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 310.628439][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 310.691924][T12211] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 310.693495][T12211] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 311.871772][T12263] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2599'. [ 312.099228][T12287] loop0: detected capacity change from 0 to 512 [ 312.134403][T12287] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 312.140122][T12287] UDF-fs: Scanning with blocksize 512 failed [ 312.144642][T12287] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 312.152253][T12287] UDF-fs: Scanning with blocksize 1024 failed [ 312.157992][T12287] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 312.164953][T12287] UDF-fs: Scanning with blocksize 2048 failed [ 312.168666][T12287] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 312.171225][T12287] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 312.654503][T12315] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 312.666394][T12315] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 312.687427][T12318] loop4: detected capacity change from 0 to 512 [ 312.715419][T12318] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 312.754087][ T4334] EXT4-fs (loop4): unmounting filesystem. [ 313.539384][T12370] loop3: detected capacity change from 0 to 128 [ 313.627808][T12379] loop1: detected capacity change from 0 to 512 [ 313.629896][T12379] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 313.637776][T12379] EXT4-fs (loop1): 1 truncate cleaned up [ 313.638858][T12379] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 313.671962][ T4322] EXT4-fs (loop1): unmounting filesystem. [ 313.781470][T12394] loop1: detected capacity change from 0 to 2048 [ 313.785632][T12394] UDF-fs: bad mount option "fscontext=" or missing value [ 314.066711][ T9755] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 314.353487][T12421] loop4: detected capacity change from 0 to 1024 [ 314.369248][T12421] EXT4-fs (loop4): Invalid log cluster size: 32 [ 315.042416][T12445] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2657'. [ 315.216443][T12458] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 315.217881][T12458] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 317.044374][T12519] x_tables: duplicate underflow at hook 1 [ 317.115700][T12520] loop3: detected capacity change from 0 to 128 [ 317.551315][ T51] block nbd1: Attempted send on invalid socket [ 317.552973][ T51] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 317.555339][T12526] hpfs: hpfs_map_sector(): read error [ 319.216228][T12561] ip6t_rpfilter: unknown options [ 319.500107][T12581] virt_wifi0 speed is unknown, defaulting to 1000 [ 320.837299][T12609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 320.838822][T12609] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 322.148336][T12628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 322.157266][T12628] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 323.100827][T12675] loop3: detected capacity change from 0 to 256 [ 323.130155][T12677] cgroup: Need name or subsystem set [ 324.493594][T12705] loop4: detected capacity change from 0 to 512 [ 326.309511][T12757] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2743'. [ 326.464902][T12768] loop2: detected capacity change from 0 to 7 [ 326.466488][T12768] Dev loop2: unable to read RDB block 7 [ 326.468548][T12768] loop2: unable to read partition table [ 326.747042][T12768] loop2: partition table beyond EOD, truncated [ 326.748177][T12768] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 328.308666][T12813] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2757'. [ 328.900330][T12821] loop3: detected capacity change from 0 to 512 [ 328.954138][T12821] EXT4-fs (loop3): Test dummy encryption mode enabled [ 328.977603][T12821] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 329.021487][ T4321] EXT4-fs (loop3): unmounting filesystem. [ 330.121680][T12860] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2771'. [ 331.646464][T12904] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2782'. [ 331.840246][T12912] Invalid ELF header type: 25773 != 1 [ 332.833311][T12955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2794'. [ 333.753346][T12963] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2796'. [ 333.775366][T12967] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2797'. [ 333.944219][T12982] loop3: detected capacity change from 0 to 164 [ 334.420516][T13010] virt_wifi0 speed is unknown, defaulting to 1000 [ 334.532867][T13017] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2811'. [ 334.826697][T13034] loop1: detected capacity change from 0 to 1024 [ 335.078888][T13045] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2823'. [ 335.087242][T13049] ipt_REJECT: TCP_RESET invalid for non-tcp [ 335.924029][T13075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 335.925608][T13075] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 335.964723][T13077] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2837'. [ 336.010459][T13083] loop3: detected capacity change from 0 to 128 [ 336.018101][T13083] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 336.040163][T13083] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 336.154594][ T5553] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 336.202522][T13088] loop3: detected capacity change from 0 to 1024 [ 336.227753][T13088] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 336.236185][T13088] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 336.249321][T13088] JBD2: no valid journal superblock found [ 336.250175][T13088] EXT4-fs (loop3): error loading journal [ 336.360939][ T4338] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 336.364338][ T4338] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 336.366119][ T4338] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 336.368082][ T4338] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 336.369371][ T4338] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 336.370640][ T4338] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 336.398946][T13095] virt_wifi0 speed is unknown, defaulting to 1000 [ 336.446531][T13095] chnl_net:caif_netlink_parms(): no params data found [ 336.465922][T13095] bridge0: port 1(bridge_slave_0) entered blocking state [ 336.467121][T13095] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.468713][T13095] device bridge_slave_0 entered promiscuous mode [ 336.470800][T13095] bridge0: port 2(bridge_slave_1) entered blocking state [ 336.472065][T13095] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.473384][T13095] device bridge_slave_1 entered promiscuous mode [ 336.480763][T13095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 336.484279][T13095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 336.494159][T13095] team0: Port device team_slave_0 added [ 336.497455][T13095] team0: Port device team_slave_1 added [ 336.514276][T13095] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 336.515479][T13095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 336.519373][T13095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 336.522484][T13095] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 336.523553][T13095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 336.527610][T13095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 336.575592][T13095] device hsr_slave_0 entered promiscuous mode [ 336.621892][T13111] binder: BINDER_SET_CONTEXT_MGR already set [ 336.623130][T13111] binder: 13108:13111 ioctl 4018620d 20000040 returned -16 [ 336.624474][T13111] binder: tried to use weak ref as strong ref [ 336.625568][T13111] binder: 13108:13111 Acquire 1 refcount change on invalid ref 0 ret -22 [ 336.626929][T13111] binder: 13108:13111 got transaction to invalid handle, 1 [ 336.628060][T13111] binder_debug: 11 callbacks suppressed [ 336.628073][T13111] binder: 13111:13108 cannot find target node [ 336.629837][T13111] binder: 13108:13111 transaction call to 0:0 failed 154/29201/-22, size 0-0 line 3045 [ 336.632106][T13095] device hsr_slave_1 entered promiscuous mode [ 336.635104][T13111] binder: 13108:13111 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 336.637327][T13111] binder: 13111 RLIMIT_NICE not set [ 336.638138][T13111] binder: 13108:13111 ioctl c0306201 20000500 returned -11 [ 336.639596][T13111] binder: 13108:13111 BC_FREE_BUFFER u0000000020ffd000 no match [ 336.647439][T11622] binder: undelivered TRANSACTION_ERROR: 29201 [ 336.652826][T13095] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 336.654037][T13095] Cannot create hsr debugfs directory [ 336.658821][T13113] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2851'. [ 336.682815][T13115] binder: 13114:13115 tried to acquire reference to desc 0, got 1 instead [ 336.690204][T13115] binder: 13114:13115 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 336.705295][T13115] binder: 13115 RLIMIT_NICE not set [ 336.709714][ T7] binder: release 13114:13115 transaction 159 out, still active [ 336.710859][ T7] binder: undelivered TRANSACTION_COMPLETE [ 336.731684][ T7] binder: send failed reply for transaction 159, target dead [ 336.789845][T13121] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2855'. [ 336.791367][T13121] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2855'. [ 336.833456][T13124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 336.844405][T13124] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 336.963109][ T5109] tipc: Left network mode [ 337.356180][T13133] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2860'. [ 337.468170][ T27] audit: type=1326 audit(593.421:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.3.2861" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 337.471950][ T27] audit: type=1326 audit(593.421:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.3.2861" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 337.482710][ T27] audit: type=1326 audit(593.431:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.3.2861" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=85 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 337.490344][ T27] audit: type=1326 audit(593.431:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.3.2861" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 337.493793][ T27] audit: type=1326 audit(593.431:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.3.2861" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 337.497260][ T27] audit: type=1326 audit(593.431:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.3.2861" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=87 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 337.500325][T13135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2862'. [ 337.500595][ T27] audit: type=1326 audit(593.431:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.3.2861" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 337.505496][ T27] audit: type=1326 audit(593.431:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.3.2861" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa7b5b9e8 code=0x7ffc0000 [ 337.578255][T13140] netlink: 'syz.3.2863': attribute type 12 has an invalid length. [ 337.704325][T13095] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 337.808526][T13095] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 337.863238][T13095] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 337.869166][T13155] loop1: detected capacity change from 0 to 1024 [ 337.870644][T13155] EXT4-fs: inline encryption not supported [ 337.878830][T13155] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 337.906681][T13155] EXT4-fs error (device loop1): ext4_map_blocks:745: inode #3: block 1: comm syz.1.2870: lblock 1 mapped to illegal pblock 1 (length 1) [ 337.912582][T13155] EXT4-fs (loop1): Remounting filesystem read-only [ 337.915506][T13155] Quota error (device loop1): write_blk: dquota write failed [ 337.916737][T13155] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 337.918355][T13155] EXT4-fs error (device loop1): ext4_acquire_dquot:6809: comm syz.1.2870: Failed to acquire dquot type 0 [ 337.920038][T13155] EXT4-fs (loop1): Remounting filesystem read-only [ 337.921165][T13155] EXT4-fs error (device loop1): ext4_free_blocks:6205: comm syz.1.2870: Freeing blocks not in datazone - block = 0, count = 4096 [ 337.926394][T13155] EXT4-fs (loop1): Remounting filesystem read-only [ 337.927451][T13155] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.2870: Invalid inode bitmap blk 0 in block_group 0 [ 337.929425][T13155] EXT4-fs (loop1): Remounting filesystem read-only [ 337.930317][T13155] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 337.931583][T13155] EXT4-fs (loop1): Remounting filesystem read-only [ 337.932532][T13155] EXT4-fs (loop1): 1 orphan inode deleted [ 337.933350][T13155] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 337.936590][ T4456] EXT4-fs error (device loop1): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 337.940129][ T4456] EXT4-fs (loop1): Remounting filesystem read-only [ 337.941130][ T4456] EXT4-fs error (device loop1): ext4_release_dquot:6845: comm kworker/u4:8: Failed to release dquot type 0 [ 337.964831][ T4456] EXT4-fs (loop1): Remounting filesystem read-only [ 337.976053][T13095] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 338.011221][ T4322] EXT4-fs (loop1): unmounting filesystem. [ 338.366989][T13095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 338.372088][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 338.376091][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 338.382841][T13095] 8021q: adding VLAN 0 to HW filter on device team0 [ 338.464269][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 338.465951][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 338.470223][ T4456] bridge0: port 1(bridge_slave_0) entered blocking state [ 338.471391][ T4456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 338.473800][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 338.476151][T13172] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2873'. [ 338.478958][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 338.480579][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 338.482075][ T4456] bridge0: port 2(bridge_slave_1) entered blocking state [ 338.483132][ T4456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 338.496974][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 338.501532][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 338.506361][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 338.511835][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 338.516178][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 338.518868][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 338.520616][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 338.524059][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 338.525654][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 338.529652][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 338.531505][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 338.539737][T13095] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 338.548778][ T4338] Bluetooth: hci5: command 0x0409 tx timeout [ 338.766754][T13182] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 338.768392][T13182] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 338.840213][T13188] binder: 13187:13188 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 338.872236][T13190] loop1: detected capacity change from 0 to 512 [ 338.885159][T13192] loop3: detected capacity change from 0 to 512 [ 338.893607][T13190] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 338.902845][T13192] EXT4-fs (loop3): DAX unsupported by block device. [ 338.977766][ T4322] EXT4-fs (loop1): unmounting filesystem. [ 339.075175][T13095] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 339.077041][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 339.078278][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 339.083903][T13200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2883'. [ 339.099070][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 339.101183][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 339.155846][ T5109] device hsr_slave_0 left promiscuous mode [ 339.211260][ T5109] device hsr_slave_1 left promiscuous mode [ 339.357237][ T5109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 339.361959][ T5109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 339.364739][ T5109] device bridge_slave_1 left promiscuous mode [ 339.366871][ T5109] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.475409][ T5109] device bridge_slave_0 left promiscuous mode [ 339.477672][ T5109] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.479459][T13216] loop3: detected capacity change from 0 to 512 [ 339.497507][T13216] [ 339.497952][T13216] ====================================================== [ 339.499121][T13216] WARNING: possible circular locking dependency detected [ 339.500249][T13216] syzkaller #0 Not tainted [ 339.500889][T13216] ------------------------------------------------------ [ 339.501936][T13216] syz.3.2888/13216 is trying to acquire lock: [ 339.502861][T13216] ffff0000ed85cb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x188/0x284c [ 339.504395][T13216] [ 339.504395][T13216] but task is already holding lock: [ 339.505450][T13216] ffff0000e029bcf8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 339.506949][T13216] [ 339.506949][T13216] which lock already depends on the new lock. [ 339.506949][T13216] [ 339.508421][T13216] [ 339.508421][T13216] the existing dependency chain (in reverse order) is: [ 339.509737][T13216] [ 339.509737][T13216] -> #1 (&ei->xattr_sem){++++}-{3:3}: [ 339.510884][T13216] down_write+0x5c/0x88 [ 339.511579][T13216] ext4_destroy_inline_data+0x30/0x11c [ 339.512467][T13216] ext4_writepages+0x3f4/0x284c [ 339.513257][T13216] do_writepages+0x2c0/0x4fc [ 339.514012][T13216] filemap_fdatawrite_wbc+0x124/0x174 [ 339.514855][T13216] filemap_flush+0xbc/0x10c [ 339.515573][T13216] ext4_convert_inline_data+0x130/0x4e4 [ 339.516517][T13216] ext4_fallocate+0xf0/0x1b60 [ 339.517301][T13216] vfs_fallocate+0x4a4/0x5f4 [ 339.518069][T13216] ioctl_preallocate+0x204/0x2a0 [ 339.518859][T13216] do_vfs_ioctl+0x17f4/0x206c [ 339.519639][T13216] __arm64_sys_ioctl+0xe4/0x1c8 [ 339.520339][T13216] invoke_syscall+0x98/0x2bc [ 339.521132][T13216] el0_svc_common+0x138/0x258 [ 339.521945][T13216] do_el0_svc+0x58/0x13c [ 339.522662][T13216] el0_svc+0x58/0x138 [ 339.523361][T13216] el0t_64_sync_handler+0x84/0xf0 [ 339.524220][T13216] el0t_64_sync+0x18c/0x190 [ 339.524982][T13216] [ 339.524982][T13216] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 339.526252][T13216] __lock_acquire+0x293c/0x6544 [ 339.527060][T13216] lock_acquire+0x20c/0x644 [ 339.527769][T13216] percpu_down_read+0x70/0x2a8 [ 339.528678][T13216] ext4_writepages+0x188/0x284c [ 339.529530][T13216] do_writepages+0x2c0/0x4fc [ 339.530331][T13216] __writeback_single_inode+0x164/0x157c [ 339.531211][T13216] writeback_single_inode+0x1c0/0x720 [ 339.532043][T13216] write_inode_now+0x144/0x1b0 [ 339.532778][T13216] iput+0x5cc/0x7f4 [ 339.533388][T13216] ext4_xattr_block_set+0x17a4/0x2810 [ 339.534232][T13216] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 339.535167][T13216] __ext4_expand_extra_isize+0x298/0x358 [ 339.536010][T13216] __ext4_mark_inode_dirty+0x3e4/0x790 [ 339.536870][T13216] ext4_evict_inode+0xb58/0x1270 [ 339.537655][T13216] evict+0x3c8/0x810 [ 339.538317][T13216] iput+0x764/0x7f4 [ 339.538970][T13216] ext4_process_orphan+0x240/0x2b4 [ 339.539846][T13216] ext4_orphan_cleanup+0x908/0x104c [ 339.540647][T13216] ext4_fill_super+0x6440/0x68a8 [ 339.541453][T13216] get_tree_bdev+0x358/0x544 [ 339.542209][T13216] ext4_get_tree+0x28/0x38 [ 339.542972][T13216] vfs_get_tree+0x90/0x274 [ 339.543675][T13216] do_new_mount+0x228/0x810 [ 339.544483][T13216] path_mount+0x5b4/0xe78 [ 339.545193][T13216] __arm64_sys_mount+0x49c/0x584 [ 339.546011][T13216] invoke_syscall+0x98/0x2bc [ 339.546765][T13216] el0_svc_common+0x138/0x258 [ 339.547522][T13216] do_el0_svc+0x58/0x13c [ 339.548242][T13216] el0_svc+0x58/0x138 [ 339.548910][T13216] el0t_64_sync_handler+0x84/0xf0 [ 339.549761][T13216] el0t_64_sync+0x18c/0x190 [ 339.550511][T13216] [ 339.550511][T13216] other info that might help us debug this: [ 339.550511][T13216] [ 339.552014][T13216] Possible unsafe locking scenario: [ 339.552014][T13216] [ 339.553120][T13216] CPU0 CPU1 [ 339.553909][T13216] ---- ---- [ 339.554709][T13216] lock(&ei->xattr_sem); [ 339.555340][T13216] lock(&sbi->s_writepages_rwsem); [ 339.556461][T13216] lock(&ei->xattr_sem); [ 339.557493][T13216] lock(&sbi->s_writepages_rwsem); [ 339.558206][T13216] [ 339.558206][T13216] *** DEADLOCK *** [ 339.558206][T13216] [ 339.559357][T13216] 3 locks held by syz.3.2888/13216: [ 339.560115][T13216] #0: ffff0000ed85a0e0 (&type->s_umount_key#26/1){+.+.}-{3:3}, at: alloc_super+0x1a4/0x804 [ 339.561725][T13216] #1: ffff0000ed85a650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3dc/0x1270 [ 339.563159][T13216] #2: ffff0000e029bcf8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 339.564730][T13216] [ 339.564730][T13216] stack backtrace: [ 339.565625][T13216] CPU: 1 PID: 13216 Comm: syz.3.2888 Not tainted syzkaller #0 [ 339.566710][T13216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 339.568095][T13216] Call trace: [ 339.568586][T13216] dump_backtrace+0x1c8/0x1f4 [ 339.569295][T13216] show_stack+0x2c/0x3c [ 339.569849][T13216] __dump_stack+0x30/0x40 [ 339.570432][T13216] dump_stack_lvl+0xf8/0x160 [ 339.571114][T13216] dump_stack+0x1c/0x5c [ 339.571770][T13216] print_circular_bug+0x148/0x1b0 [ 339.572516][T13216] check_noncircular+0x240/0x2d4 [ 339.573192][T13216] __lock_acquire+0x293c/0x6544 [ 339.573904][T13216] lock_acquire+0x20c/0x644 [ 339.574554][T13216] percpu_down_read+0x70/0x2a8 [ 339.575294][T13216] ext4_writepages+0x188/0x284c [ 339.576007][T13216] do_writepages+0x2c0/0x4fc [ 339.576770][T13216] __writeback_single_inode+0x164/0x157c [ 339.577651][T13216] writeback_single_inode+0x1c0/0x720 [ 339.578519][T13216] write_inode_now+0x144/0x1b0 [ 339.579296][T13216] iput+0x5cc/0x7f4 [ 339.579899][T13216] ext4_xattr_block_set+0x17a4/0x2810 [ 339.580675][T13216] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 339.581592][T13216] __ext4_expand_extra_isize+0x298/0x358 [ 339.582459][T13216] __ext4_mark_inode_dirty+0x3e4/0x790 [ 339.583236][T13216] ext4_evict_inode+0xb58/0x1270 [ 339.583974][T13216] evict+0x3c8/0x810 [ 339.584519][T13216] iput+0x764/0x7f4 [ 339.585070][T13216] ext4_process_orphan+0x240/0x2b4 [ 339.585852][T13216] ext4_orphan_cleanup+0x908/0x104c [ 339.586617][T13216] ext4_fill_super+0x6440/0x68a8 [ 339.587459][T13216] get_tree_bdev+0x358/0x544 [ 339.588190][T13216] ext4_get_tree+0x28/0x38 [ 339.588918][T13216] vfs_get_tree+0x90/0x274 [ 339.589673][T13216] do_new_mount+0x228/0x810 [ 339.590380][T13216] path_mount+0x5b4/0xe78 [ 339.591115][T13216] __arm64_sys_mount+0x49c/0x584 [ 339.591919][T13216] invoke_syscall+0x98/0x2bc [ 339.592650][T13216] el0_svc_common+0x138/0x258 [ 339.593408][T13216] do_el0_svc+0x58/0x13c [ 339.594090][T13216] el0_svc+0x58/0x138 [ 339.594699][T13216] el0t_64_sync_handler+0x84/0xf0 [ 339.595501][T13216] el0t_64_sync+0x18c/0x190 [ 339.601232][T13216] ------------[ cut here ]------------ [ 339.602024][T13216] EA inode 11 i_nlink=2 [ 339.602105][T13216] WARNING: CPU: 1 PID: 13216 at fs/ext4/xattr.c:1022 ext4_xattr_inode_update_ref+0x42c/0x470 [ 339.604096][T13216] Modules linked in: [ 339.604652][T13216] CPU: 1 PID: 13216 Comm: syz.3.2888 Not tainted syzkaller #0 [ 339.605585][T13216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 339.606937][T13216] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 339.608048][T13216] pc : ext4_xattr_inode_update_ref+0x42c/0x470 [ 339.609066][T13216] lr : ext4_xattr_inode_update_ref+0x42c/0x470 [ 339.610048][T13216] sp : ffff800021496e00 [ 339.610723][T13216] x29: ffff800021496ea0 x28: 0000000000000000 x27: dfff800000000000 [ 339.612004][T13216] x26: 1fffe0001c03c458 x25: ffff700004292dc4 x24: 0000000000000000 [ 339.613301][T13216] x23: ffff800017a8a000 x22: ffff0000e01e2108 x21: 0000000000000002 [ 339.614596][T13216] x20: 0000000000000001 x19: ffff0000e01e20c8 x18: ffff800011abbcc0 [ 339.615895][T13216] x17: 0000000000000000 x16: ffff800008042d90 x15: 0000000000000002 [ 339.617254][T13216] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000080000 [ 339.618489][T13216] x11: 000000000007d48a x10: ffff800027d0b000 x9 : 05c2ada8c0bc4c00 [ 339.619672][T13216] x8 : 05c2ada8c0bc4c00 x7 : 0000000000000001 x6 : 0000000000000001 [ 339.620785][T13216] x5 : ffff800021496898 x4 : ffff8000151a4920 x3 : ffff80000852e538 [ 339.622042][T13216] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 339.623239][T13216] Call trace: [ 339.623741][T13216] ext4_xattr_inode_update_ref+0x42c/0x470 [ 339.624601][T13216] ext4_xattr_set_entry+0x918/0x15ac [ 339.625414][T13216] ext4_xattr_ibody_set+0x204/0x600 [ 339.626146][T13216] ext4_expand_extra_isize_ea+0xd00/0x15cc [ 339.626997][T13216] __ext4_expand_extra_isize+0x298/0x358 [ 339.627867][T13216] __ext4_mark_inode_dirty+0x3e4/0x790 [ 339.628682][T13216] ext4_evict_inode+0xb58/0x1270 [ 339.629399][T13216] evict+0x3c8/0x810 [ 339.629997][T13216] iput+0x764/0x7f4 [ 339.630575][T13216] ext4_process_orphan+0x240/0x2b4 [ 339.631345][T13216] ext4_orphan_cleanup+0x908/0x104c [ 339.632107][T13216] ext4_fill_super+0x6440/0x68a8 [ 339.632860][T13216] get_tree_bdev+0x358/0x544 [ 339.633620][T13216] ext4_get_tree+0x28/0x38 [ 339.634303][T13216] vfs_get_tree+0x90/0x274 [ 339.634948][T13216] do_new_mount+0x228/0x810 [ 339.635601][T13216] path_mount+0x5b4/0xe78 [ 339.636246][T13216] __arm64_sys_mount+0x49c/0x584 [ 339.636958][T13216] invoke_syscall+0x98/0x2bc [ 339.637668][T13216] el0_svc_common+0x138/0x258 [ 339.638388][T13216] do_el0_svc+0x58/0x13c [ 339.639036][T13216] el0_svc+0x58/0x138 [ 339.639634][T13216] el0t_64_sync_handler+0x84/0xf0 [ 339.640406][T13216] el0t_64_sync+0x18c/0x190 [ 339.641115][T13216] irq event stamp: 3539 [ 339.641712][T13216] hardirqs last enabled at (3539): [] _raw_spin_unlock_irqrestore+0x48/0xac [ 339.643273][T13216] hardirqs last disabled at (3538): [] _raw_spin_lock_irqsave+0xa4/0xb4 [ 339.644762][T13216] softirqs last enabled at (2852): [] handle_softirqs+0xaf8/0xc6c [ 339.646203][T13216] softirqs last disabled at (2845): [] __do_softirq+0x14/0x20 [ 339.647623][T13216] ---[ end trace 0000000000000000 ]--- [ 339.654008][T13216] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #18: comm syz.3.2888: iget: bad extra_isize 90 (inode size 256) [ 339.658647][T13216] EXT4-fs (loop3): Remounting filesystem read-only [ 339.660173][T13216] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.2888: error while reading EA inode 18 err=-117 [ 339.662535][T13216] EXT4-fs (loop3): Remounting filesystem read-only [ 339.663461][T13216] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #18: comm syz.3.2888: iget: bad extra_isize 90 (inode size 256) [ 339.665537][T13216] EXT4-fs (loop3): Remounting filesystem read-only [ 339.666583][T13216] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.2888: error while reading EA inode 18 err=-117 [ 339.669144][T13216] EXT4-fs (loop3): Remounting filesystem read-only [ 339.670293][T13216] EXT4-fs (loop3): 1 orphan inode deleted [ 339.671294][T13216] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 339.683218][ T4321] EXT4-fs (loop3): unmounting filesystem. [ 340.767690][ T4338] Bluetooth: hci5: command 0x041b tx timeout [ 341.399094][ T5109] team0 (unregistering): Port device team_slave_1 removed [ 341.570642][ T5109] team0 (unregistering): Port device team_slave_0 removed [ 341.740751][ T5109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 341.975914][ T5109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 342.991285][ T4323] Bluetooth: hci5: command 0x040f tx timeout [ 344.544061][ T5109] bond0 (unregistering): Released all slaves [ 344.803146][T13095] device veth0_vlan entered promiscuous mode [ 344.806125][T13095] device veth1_vlan entered promiscuous mode [ 344.812070][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 344.813495][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 344.814951][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 344.816422][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 344.817782][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 344.819098][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 344.823777][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 344.825370][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 344.827559][T13095] device veth0_macvtap entered promiscuous mode [ 344.829602][T13095] device veth1_macvtap entered promiscuous mode [ 344.833406][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 344.835028][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.836540][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 344.838089][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.839576][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 344.842005][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.843501][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 344.845140][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.847537][T13095] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 344.848825][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 344.850372][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 344.854213][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 344.855871][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 344.858154][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.859906][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.861405][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.863351][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.864841][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.866417][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.867930][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.869424][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.871327][T13095] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 344.873059][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 344.874585][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 344.876866][T13095] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.878239][T13095] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.879659][T13095] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.881106][T13095] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.889832][T13095] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht' [ 344.898100][ T289] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.898442][T13095] ieee80211 phy14: Selected rate control algorithm 'minstrel_ht' [ 344.899413][ T289] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.901925][ T289] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 344.909170][ T5531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.910449][ T5531] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.911633][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 345.214711][ T4338] Bluetooth: hci5: command 0x0419 tx timeout