last executing test programs: 4m8.298007486s ago: executing program 2 (id=1163): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000002c0)={0x14, r1, 0x1, 0x170bd2b, 0x80, {0x1c}}, 0x14}, 0x1, 0x0, 0x0, 0x2004c804}, 0x4000000) 4m6.544174618s ago: executing program 2 (id=1173): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x4000000}, 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r0, 0xfff}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80000000}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4m6.075644914s ago: executing program 2 (id=1179): sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000001700)=[{&(0x7f0000000700)="7a3fd977809a0f96ab75492a5438b9ee5ceeeb39c4d266d4851810bdaac0f8c4802e201a30f93bbb6e4c353a341c10f709bf69315f97216f058566b69ae2dfda60597b0a6298f9fd90383d30de9eb23f0bf1431d235f998175a8bec61a48b9547868088fff056add782b8d26652b2b7c55ba0e028f89fcbb0d4dd9e48cf214fda1100ac920d3f1cdb59497bbcb7845f5c87e966f0402a98cca99dca32fc6fa18e671579cf5ed007c81603bcbc93f6e6b1ebe8c263becfc1d18ebdb069c7a8894c4a48fb6b6aa798bdf4b0f7d92daac21f6617525b258e03a864f7523de9a62bbd92c5809fba7698d347206a9c678ffff8facc647f67c9a502cb31a3faed3023b19a1388bf3696f3e3125dc1af46fe1cb52c19aa192e1f1394cca4b3dbd316deb25e5c32b9b43c79b64d1ec32ea0aa91d9a04f465ae04a68a9552dbd149b0b7b9a08911c01ddbaa61872ef1b691d5d63aecd29071b7e6b07a7b80e3eb624492e81823552384916dbcb38c4730ac72d89266d8e3232036743e71f7094b9f48fa3136fcc031b7b596e9ad44b1f15caff6dba913325736284912aca0c5d52294bb950dbd4daa792cd784b636b1cf40ebb6ee20a0e2f06389a67559fe2e62ddad68be2f139e4a416d69a1f316a11219415326c901b6bd6cf83e50aa7e4f93c43d8b9d854b6f27f2fe2373acfee8e5aaba7f6fecfb10f5e3ceefb5c3de7754d0b1e656838e0383c25461dadf18d1ab16b2c5ebe67d9c601a414893365f5195bf4b6354ce408afad01317fced3925d643b663116391699894edbf3f745ccec4bde145f024437762d6aa826fdf7710a84faa6798c0527b058436a4baac1ba35923fcf2517ac54a100cc77d5bf0c4ab37241c32efd7035d1af5ea66f3d4c349f2f1a53659c187f3141c5cf2e38ba6323d67b04003f0a02d1fc9d8259b6f14fa4cd43c895734241d95f02f25d94bead0a473d5d3c78650db710913ae4c2c75fccc18fa3f2e57292fe2f6ce661ea0e724948e0929be783d162ed33e2876eeccfa2d052d3ff436d3cad6915ec6f3e441391b0b0932531b1bba732a9b8aed0c89a117aca5d366e0449805e2e44a7116fea940933e1c041410b53f70bf727ac6bb1f6d269e478a907633520a93cc28df45dce3706b6d59b643663c52b14d9d4b635c0370a6713c3dbb9a643ffd7bf4b17b05953cbde0d49ceb8a6ede71fbae22f9b6be7c51e5803af8dd6e6ff375d5df883597c904c844131566dcf2fd00ca263b026969920758d49b2ff85dbc86cac5c1f534fc9ac2d05eb6eca119c3e6883567787bee1f69e18d01614bfb7439acca60cb8c21ab77752ac496d57ca0aaa15a2ed633e805beecebdc745f0277cf61d974a5a93ff08da6073a4c4f186b0c", 0x3d7}], 0x1, 0x0, 0x0, 0x80}, 0x40000800) r0 = socket$inet(0x2, 0x3, 0xa) sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1c000000000000000000000007000000860a00000003"], 0x20}}], 0x1, 0x24000004) 4m5.822538743s ago: executing program 2 (id=1183): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x800700, &(0x7f0000000680)={[{@minixdf}, {@stripe}, {@norecovery}, {@noinit_itable}, {@max_batch_time={'max_batch_time', 0x3d, 0x6}}, {@minixdf}, {@usrjquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@errors_continue}, {@dioread_lock}, {@noblock_validity}, {@noquota}]}, 0x3, 0x465, &(0x7f0000000f00)="$eJzs3M9vFFUcAPDvzLYgP1sRf4CoVWJs/NHSgsrBi0YTDxhN9IDH2hZCWKihNRFCpBqDFxND1LPxaOJf4M2LUU8mXvVuSIhyAT3VzOwM7C67pYXtLnQ/n2SX92Ze+963b97Mm3m7BNC3RrK3JGJrRPwREUO1bGOBkdo/Vy+fnf738tnpJJaW3v47yctduXx2uixa/tyWIjOaRqSfJkUljeZPnzk+Va3Oniry4wsn3h+fP33muWMnpo7OHp09OXnw4IH9Ey++MPn8Mq3fuOI4s7iu7P5obs+u19+98Mb04Qvv/fJ91t6txf76ODplJAv8n6Vc3eYvs7cnO11Zj22rSycDPWwIq1KJiKy7BvPxPxSVuN55Q/HaJz1tHLCmsmvTMlfRxSVgHUtihcViZQWBu0V5oc/uf8tXl6Yed4RLL9dugLK4rxav2p6BSIsyg033t500EhGHF//7JnvFGj2HAACo9/n014fi2VbzvzQeqCu3vVhDGY6IeyNiR0TcFxE7I+L+iLzsgxHxUNuaNrTc2rw0dOP8J714y8GtQDb/e6lY22qc/5Wzv8pwpchty+MfTI4cq87uK/4mozG4MctPLFPHj6/+/kW7ffXzv+yV1V/OBYt2XBxoekA3M7UwlU9KO+DSxxG7B1rFn1xbCchu/XdFxO7V/ertZeLY09/taVfo5vEvowPrTEvfRjxV6//FaIq/lCy/Pjl+T1Rn942XR8WNfv3t/Fvt6r+t+Dsg6//Njcd/c5HhpH69dn71dZz/87O29zS3evxvSN7J+6U8q3w4tbBwaiJiQ3Iozzdsn7z+s2W+LJ/FP7q39fjfUUtsyt4ejojsIH4kIh6NiMeKtj8eEU9ExN5l4v/5lfb77oT+n2l5/rt2/Df1/+oTleM//dCu/pX1/4E8NVpsyc9/N7HSBt7O3w4AAADuFmn+GfgkHbuWTtOxsdpn+HfG5rQ6N7/wzJG5D07O1D4rPxyDafmka6jueehEslj8xlp+snhWXO7fXzw3/qqyKc+PTc9VZ3ocO/S7LW3Gf+avSq9bB6y5Vutoky3Xaxu+yAasA83jP23Mnnuzm40Busr3taF/3WT8p91qB9B9rv/Qv1qN/3NNeWsBsD65/kP/Mv6hfxn/0L+Mf+hLt/O9/n5OZKfMO6AZ1aGiH7tfe6S9jl1iLRKt/58mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAu9X/AQAA//9l+OT1") chdir(&(0x7f0000000400)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 4m5.281687063s ago: executing program 2 (id=1192): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) mkdirat(r0, &(0x7f0000002040)='./file0\x00', 0x5) 4m4.995597703s ago: executing program 2 (id=1196): bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x5, 0xe, 0x8, 0xae, 0x0, 0x1, 0x20727ff, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffd, 0x10, 0x5}, 0x50) r0 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xff81, &(0x7f0000000100)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0x3e}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}, {&(0x7f00000001c0)="1663b331c3bf9534525784f9f4558909c5b1a19e7f7dd74f5576d99b7166c13465e7f5e4c47883e70aee845e1083df1768a76e40614062ed926c98b5347ed16d15f52193792db0cd93435ce1889dbe873555d16e308b1bfa4300386836d401f2a2dad5e2fba8b1977071ce9daeeba03df660c0c34a0d8c67000400008904a31f7cda422d62b091465305c421d2", 0x1e}], 0x3}, 0x400c010) 3m55.218851832s ago: executing program 4 (id=1280): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000025c0)=[{{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000000600)=""/108, 0x6c}, {&(0x7f0000000780)=""/242, 0xf2}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000000440)=""/19, 0x13}, {&(0x7f0000002ac0)=""/113, 0x71}, {&(0x7f00000018c0)=""/174, 0xae}], 0x6}, 0x60}], 0x1, 0x42, 0x0) 3m54.9807771s ago: executing program 4 (id=1283): memfd_create(&(0x7f0000000300)='[5\xdbX\xae\x03\x82\x00\x00\x00\x00\x00\x00\xd1md\xe7\xe2\x7f\x9b\xb7\xfbSR\x10\xf3\xfc\x00\x97\xba9\xd8\x14o\xd4`\xd9,\x00\x00\x00\x00\xe8\xf1||\xa0\xfd\xd2{~\xbd4_\xf0os\x8ez\xadT\xc8\f\xe5\x89\xbfA:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\x17QH\xd1\xca\x97\b\x00\x1e\x80\xd6\xd5%N&\xf8#\x80z88L\xd4_\xe8\xd1\x9f\n\xd6o\xa3T(\xc1X\xf7\xed\x1f%{\f\xdb2\xdf=g\x9f\\UbT\x98\x05\x18\xf4\xc0\xd1L\xae\x18\x05T\xca\x1d\x88\xc0\xefw\xa9\f\xf0M\xfd\xb3\x86U\x1d)\xd6\xb5iSUg\xda\xba\x00\xde\x99\f\xb0\x13\xa3\xbeS\xaaK\x84\x8a\xf3\x9d\v\xd8\xc7\xa3\x05\xae|{\x99|\x95,\x1e\xbd\xd4Z}\xcd\xdfpc\x9eH\xe6\xb5T\xf9\x0f<\x88\xe7C\xdd\x94?\xce\xf3\rJ\b\x94m\xae&wb\x94\xc2\x8c$\xd3\x14\xf6h+m\xc1\xce\xa8\x89\xfa\xde\x8f;\x03\xe1\xa4\xceUI\x96\xfd$\x90#\x83\x8c\xbd', 0x1) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001e00)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6939fc404000000c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a3449abe802f5ab3e89cf6cfdffffffb8580218ce740068720000074e8b1715807ea0ca469e46968eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000000000000005335000000143ea70c2ab40c7cb70c943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a33e680846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850af895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2200af6c7784a1975fa807de38a3a61e44a9ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d05d988d6efdffdf48dca02113a38300cabf2b5543ffc166955709009e000000000061629d1822f720ec23812770d72c700a44e113d17088fdd00600000f7889b8c7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f747c08f4010586903500000000000000000000be34cf652e28e700000000000000b24478a78a0f9d640dd782ac0cbc46903243d0d0f4bc7f253d0500000032daaf281c450e64c33aac8ff7e7d1c94c450503009688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0000f5e1671bc5eb7739daa7820a91cb0e732df2ae1d39c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b4cbaf5a6b649dd5f13cd776e6c7c4b5c4b0de20e033b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13e434aae9df81ecaf5f744f22f2e45afe2c9e8632276cffe5f1fc215c0797d0244cf1ce269d10525745caaa3f77d1b80116cb9a384002421d898913c45a9ac091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025e2a9a135c045a17e9a61c3b064e679508af1aec2926627b43bba1229a7466bdca64f514b7911458da09fe8681916d408d753226a83ae2434ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd911e0e5f00019be25b5910a3193e90be231a05fd82e6003969c3f081ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f5513662809073710937ed0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a58a0aa9a821667c68549e9da89ad4218cea744b332ab232a09cf1ec375627074ce2d3d7619936768a84a1465fff4eedba55955434f132ab7b8840558b3f918d675a79907a72a8252cd3fbaea5d3006a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68196c7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb511164f1502ab2ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f27859946e72f80bb1c9cfcde57b79625e2979fe689a5a246cbbdf6ad488f43f46b2536f175f46dfb27d522946727024de0c59ca3305e66825715e5e4cd5b54c1b05c09f04337a76a30373baac3ecec91fd546eb7c32dbecb18a308a0004be94dfab28c2a51dc856df00000000000000000000dfa4c12254f041804f7f7074356789b1d4dd55f3e045a48241a4ce04d06acb2cf11eab759ba78da5d00f26126d4cf2c73e5f94030000000000000000000000c301985d603403592486204054be3fdda91f9e315886941928e5a8bc1a00e69a98c0a8f7192f6ee93cc4124cf4e7610915efc08c834a44e1d685d6835a40b5bc615949cbcd98d0e68d7eef5d32d5fcc7923d7544fa492aa38717481c55e86dcd7816ad8940bd1995369d89ae6eadeb9117e8b94ab422c8d62fc9dfffeb13b4858875dccdbc89572231ef5d6df6a9c55f8df763c7c64da7cc017e1ef90ed4cb9fe6d19b11d4d38239d318016e622b9683b7e46be64dc097982e23462392a0cd05afb2e060fd42ef00dfbd057311aab94f307d10c7a1af0d8e5a0fcb547475d13c0000000000000000f1cc97103d714d1af45790517c4a0f5c6a5024e3359e8d83e3f6edf9e2afb5ab59c7b2b45cfb0a3c1303a98e4ed531ac11cca1cd744b431de74c7cd6533adaa8ec749061b2959d53da626aa189781dc1be4d5c81aebc0cada819895b377d6cf0a7878ba99864ae84464744c605646caf2e06b13eba7ba10acf77d91b2297e9573abb0a4da534d735a223626402b308daf7835780fa6f4e410000000000fb00000000000000000000b14952139bd4bdbccc5e334c49584655c4fce8c5bb7c54664aef6d78429d358aa54b4b49926c4be9ee4659153d9f9f5d07cc4efdab2c5f4503148d0255d0b748366dafe042d78479c21d832e1431ed6d646d13e8e7230300920a5642bbed1dee9b46b6f02e572024ccf3c8edd82660e5d74c52be71d780c300000000d0267ac40d1130a9000000000045f50812a1a0530b02baed19f4c977ac0d397ed6371ec589bf5943690250bdfa5b676d5d53d2ab3aeee1a6910c1a33b6c06c93386768f8b1bb27ec31cffbd4f5c7b0c2e14e4fc6c2f089ab08567254e93780afdddefb3f0d2143ad73c0bf2467859049d46dc5aa91f918a307e7dcaaccd6cbe66e8a04d201392a487f681f82528a800e27d65200ae10e1b5d39a29d8a2c8ed2dfa77e21249b45806733e674a9e8e72ad1cb0d3bfadb00a18a5008ea1e4c8fb93d311f52a476c576a3f65c9bdd4e4b870aed4cb9906a8aa25986e6e30be249d9911114b42b2fb51168e56000a62b794c193f7797ebeb7f8b91c70b6e720af06ecfcfb89a2d5a25f"], &(0x7f0000000140)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x18000000000002a0, 0x160, 0x0, &(0x7f0000000380)="b9e403c6630d698cb8a00b04339c", 0x0, 0x7ec, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 3m54.665240162s ago: executing program 4 (id=1286): r0 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x5452, &(0x7f0000000000)={r0}) sendmmsg$sock(r0, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000e40)=']', 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x4040) 3m54.411981931s ago: executing program 4 (id=1291): r0 = syz_open_dev$vbi(&(0x7f0000000400), 0x2, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x1, 0x8000000000000000, 0x19ef, 0x7, 0x19ef, 0x3, 0x6, 0x2800, 0x1, 0x2, 0xbb6, 0x0, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}}) 3m54.305592134s ago: executing program 4 (id=1292): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) mkdirat(r0, &(0x7f0000002040)='./file0\x00', 0x5) 3m54.037243504s ago: executing program 4 (id=1295): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x28, r0, 0x1, 0xfffffffe, 0x25dfdbfc, {{0x2}, {@val={0x8}, @val={0xc, 0x99, {0x1, 0x1}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 3m49.783134725s ago: executing program 32 (id=1196): bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x5, 0xe, 0x8, 0xae, 0x0, 0x1, 0x20727ff, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffd, 0x10, 0x5}, 0x50) r0 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xff81, &(0x7f0000000100)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0x3e}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}, {&(0x7f00000001c0)="1663b331c3bf9534525784f9f4558909c5b1a19e7f7dd74f5576d99b7166c13465e7f5e4c47883e70aee845e1083df1768a76e40614062ed926c98b5347ed16d15f52193792db0cd93435ce1889dbe873555d16e308b1bfa4300386836d401f2a2dad5e2fba8b1977071ce9daeeba03df660c0c34a0d8c67000400008904a31f7cda422d62b091465305c421d2", 0x1e}], 0x3}, 0x400c010) 3m38.874882045s ago: executing program 33 (id=1295): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x28, r0, 0x1, 0xfffffffe, 0x25dfdbfc, {{0x2}, {@val={0x8}, @val={0xc, 0x99, {0x1, 0x1}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 2m32.82409029s ago: executing program 5 (id=1856): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x5}, 0xe) 2m32.525926771s ago: executing program 5 (id=1859): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x84, @local, 0x4}, {0xa, 0x0, 0x3, @mcast1}, 0x0, {[0x2, 0x8, 0xa, 0x0, 0x0, 0x0, 0x7ff, 0x4]}}, 0x5c) ioctl$SIOCGETSGCNT(r0, 0x89e1, &(0x7f0000000000)={@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa0100fd}) 2m32.26052792s ago: executing program 5 (id=1861): r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x40, r0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x43}}, 0x0) 2m31.940304382s ago: executing program 5 (id=1864): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x804000, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) 2m30.889900329s ago: executing program 5 (id=1873): syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000001180)=ANY=[], 0x1, 0x17c, &(0x7f0000000380)="$eJzskr9OAkEQxr+9O/5oFDWxooGC+KdQjkONnZbY29lI4ETiocKRKITijDEUFsbSJ+A1THwBLYwPQE1BrM2ZvZ3bLL6C+yvu2/l2ZnZ2c+d+208B+JkOajhEhIkMPhiDBSDHhDcxhD6TfpI+CcE75R2Rf0+a9Xv9JAC+nceKMC6qnud28gC+I09a/sGdgUnU6ms6qPHFKYAwDEPu1QGejgUlxwTQVnKyFrAaXSKUORYNsA6g2G1dF/1ef6vZqjbchnvpmOU9e8e2d53iWdNzbfFlyhF0FXDdBJBKQ8L3EwAeKJ7HLEwZjfbZHE5kbTJ+www9IExZayi1sTK8yrlSSsUx1sDHugmWFLcQdbEQXakCBpOCkqXMJ85KRxvbtSuvPgQDi8tGsGSP0hgJGThqUN4PsChaDallgbRCOiIdk+b+/DJWwL+PFG0EQBK31W63U+KPJFYsXjnSc5YD9cH4qS/G7OXeDGg0Go1Go9FoNBrNf+c3AAD//8PfdhM=") prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) 2m29.706356752s ago: executing program 5 (id=1881): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r0, 0x8, 0x80000000) 2m14.30227969s ago: executing program 34 (id=1881): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r0, 0x8, 0x80000000) 3.680965939s ago: executing program 0 (id=2849): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x13, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000001d711875000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, 0x94) 3.250099814s ago: executing program 0 (id=2854): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="d8000000180081054e81f782db4cb90402200800fe00fe05e8fe55a10a0015000600142603600e1208000f007f370401a8001600200001401c00010003580461c1d67f6f94007134cf6efb8000a007a2", 0x50}], 0x1}, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x61637876) 3.231318385s ago: executing program 7 (id=2856): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x1008a, &(0x7f00000000c0)={[{@nomblk_io_submit}, {@usrjquota, 0x22}, {@errors_continue}, {@noload}, {@mblk_io_submit}, {@grpjquota, 0x22}, {@errors_continue}, {@errors_remount}, {@jqfmt_vfsv1}]}, 0xfe, 0x455, &(0x7f0000000fc0)="$eJzs3M9PHFUcAPDv7rJQ2iJY649iq2g1En9AoT/swUuNJh40MdFDjScE2mC3xRRMbEMUPeDRNPFuPJr4F3ixXox6MvGqd2NCDBerpzWzO0O3sAssLGx1P59k4L19b/Ped2be7ts3OxtAxxpK/uQiDkbErxHRX83eWWGo+u/WysLk3ysLk7kol9/4M1ep99fKwmRWNXvegWqmXN6g3aW3IyZKpemraX50/vJ7o3PXrj83c3ni4vTF6SvjZ8+eOnms+8z46ZbE2Zf0dfDD2aNHXnnrxmuT52+88+PXSX8PpuW1cbTKUHXv1vVkqxtrs76adK6rjR2hKYWISA5XsTL++6MQvatl/fHyJ23tHLCryuV8uadx8WIZ+B9LJupAJ8re6JPPv9m2R1OPu8LyuVhdx7iVbtWSrsindYrpZ6TdMBQR5xf/+SLZYpfWIQAAat08FxHP1pv/5eOBmnr3pNeGBiLi3og4FBH3RcThiLg/olL3wYh4qMn2114hWT//KfdvK7AtSuZ/L6TXtu6c/2WzvxgopLm+SvzF3IWZ0vSJdJ8MR7EnyY9t0MZ3L/3yWaOy2vlfsiXtZ3PBtB9/dK1ZoJuamJ/YScy1lj+OGOyqF39udc6bzI+PRMTgNtuYefqro43KNo9/Ay2YlJe/jHiqevwXY038mVzD65Njz58ZPz26L0rTJ0azs2K9n35eer1R+zuKvwWWb5Zjf93zfzX+gdy+iLlr1y9VrtfONd/G0m+fNvxMs93zvzv3ZiXdnT72wcT8/NWxiO7cq+sfH7/93Cyf1U/O/+Hj9cf/obi9Jx6OiOQkPhYRj0TEo2nfH4uIxyPi+Abx//DiE+82H/8Gq/ItlMQ/tdnxj9rj33yicOn7b5qPP5Mc/1OV1HD6yFZe/7bawZ3sOwAAAPivyFe+A5/Lj6ym8/mRkep3+A/H/nxpdm7+mQuz71+Zqn5XfiCK+Wylq79mPXQsXRvO8uNr8ifTdePPC72V/MjkbGmq3cFDhzvQYPwnfi+0u3fArnO/FnQu4x86l/EPncv4h85l/EPnqjf+P2pDP4C9t8n7f+9e9QPYe+b/0LmMf+hcxj90pIb3xud3dMu/RJsS33bv7Lcatp6I/F0S8q4neiNiL9oqRjXRExE1RV1b/jGLbSZ66ha1+5UJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNf4NAAD//xwt370=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020660b, &(0x7f0000000c00)={0x7, 0xfffffffffffffffd, 0x4, 0xb}) 2.924071816s ago: executing program 0 (id=2858): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000040)=ANY=[], 0x0, 0x295, &(0x7f0000000140)="$eJzs3E1rK1UYAOB3mtx7a0HShVAUwRE3rkJbceGuRSqIAUUJoriw2BQlUwsNFJJFPzb6JxT/gS7dCi7EjQv/gAhSBTd2JyJE8mmaTpJaSYPe59nM4cx5z/vORztlmJ53nzyo7x029i8vk7OIJIpJbMUfEauxFIUAAP6Pfm+347d2z6JrAQDuxuTn/yOLKgkAmLP8539xfNhrvc3pXZYGAMzJv3v/7x0BAPwXvfHW269sVyo7r6fpcsTBx8fV42p3O3i078cHkUUt1qMUf0a0h3rtl16u7KynHT+vRvXgtB9/elztfT24PYjfiFKs5sUnOxtpz9X4e7HSj/9hJWqxGaV4LD//Zm78/Xj2mZH85SjF9+/FYWSxF53Yv+NPNtL0xVcraRRjJP5Bd1xX/p85vpcAAAAAAAAAAAAAAAAAAAAAAODWyulQ7vo95fKk/b347cnrAy1fXR9ofH2eYjxxbZlhAAAAAAAAAAAAAAAAAAAAeDg1mq36bpbVjqY1Pvz2868jpo9pXnx39uaMeZqtetLPOzvpvBuPPv3TJ5PHnCezz08yI0WhP8c/LOyrp8Z63inkz7M02pOc3SDFcv/szy6jMKPUby7ef/y5xtrz13cNcnR7ho2x8AdzuKb3pt1av5YicqPOb5Er7VyMYc8XncbgqO/8Nh4c9cjPV/7gtU+3dr88+fGXm8489189AAAAAAAAAAAAAAAAAADAmO6/kd/IRy/MuxYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWJRGs1XfzbLa/Wi2Possqx0NeqY1kogY9Cz1Z5octeBDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA+CsAAP//3Pl/Vg==") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000300), &(0x7f0000000000)=""/10, 0x2}, 0x20) 2.656607585s ago: executing program 1 (id=2862): unshare(0x26020480) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="16000000000000000084000001"], 0x48) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000400)={r0, 0x0, 0x20000000, 0x4}, 0x20) 2.514555911s ago: executing program 0 (id=2863): r0 = socket$igmp(0x2, 0x3, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4008032, 0xffffffffffffffff, 0x0) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x7, 0x0, @vifc_lcl_addr=@multicast2, @remote}, 0x10) 2.24164542s ago: executing program 7 (id=2865): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000019300)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.174643492s ago: executing program 1 (id=2867): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in=@private=0xa010101, @in6=@loopback, 0x4e24, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa417}, {0x0, 0x0, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4002, 0x32}, 0x0, @in=@multicast2, 0x0, 0x3, 0x0, 0xfd}}, 0xe4) close(r0) 2.104236135s ago: executing program 0 (id=2868): r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f0000000600)={0x0, "de442bfc7910e10ac69ac014b0fa7807b11d2c99ed1f40d47a6edb3367b5cc008e1fd5102ae2d3d05f251f8d49025ceab4152b6e6d87cd6088e97a9d06d29103"}, 0x48, 0xffffffffffffffff) keyctl$chown(0x4, r0, 0xee01, 0xee00) keyctl$chown(0x4, r0, 0x0, 0xffffffffffffffff) 1.97138712s ago: executing program 6 (id=2869): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1e000000000000000c00000007"], 0x31) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) 1.843283035s ago: executing program 1 (id=2871): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000003c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000f4ff00006a0a00fe000000008500000027000000b70000000000000095000000000000009cc6b3fcd62c7d37623802000000505f80fc88943c4f0cf0dd467b597811638883f6f698caf503a22f868ee30a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c56f0979bd10b6d0e196bf02f46c7953ab1abda45cbe8d0d24b5069f8a98f3dc8f76b74635fc9f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e263aa743f7555193105000000b100400600e1ffff88208a2f7d25c32aac1c5d5b5be399f6609876b5887437a172fbc02a74067529194e533583412dff048f0000000000000000b2728a0481e9d6da43bb6cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13caec04a347903420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad3e328a100000000b515a1000000000000000eb2e9c15b6c8f6198282df27badac8507bc7d202e0990e0000000008919b3efce02a602b4ad38098774d1feaf5f277a4462a2fff2d6ff4780f9a30a2a5f5f284c00ad35e0a6f6a0f9dae214546d24ef6a9b8ced90b508dc3b55a8259614b731af86503e5849dc87ab86ec0f6a48f0d32f0d4a5f6a03c33612320bb44f2d80363dee9163424ac31469266877942abdbbb3729fd59c0ff048ed5ab58c81b74ef4e159d4594396864a65422fe5f8c8181309becc88091dd6641c2d7e5a68ecbe778f2aae1742b92dc6854de98da66f8e38d1eca95809b738c8ddcf4cf1693c7b1c2ae0a9c27bd1a6f1738f8ba2908139fd653908ca0105e72550fbb1f1543a9bcd48de441c364f1cdb53a1ed4169434fc8f705e262fb793cf25bcd60310991f0b0634fa08308c7100000834cba801f76f820ed6def799116ce2336cd308544fbd3b74e0093968fce3c425729a77ecb090000654680e715f4ce5c1ad2b75aab390700000000000000ed7ebe34db25cbe169138c15a6013220bba55923f62849392cf4fb0327877e22a4dc617a5541a7fb89223888c76d65850dd99997e727557a477a1131d06f6f7360cfcf137ccd2e0d516bb31be413b0c7bd1bd24d3dc2d8e3f4cdfa872b66d89332e313934e9e9a3471f7170832a775bb2a8e4aa6321b1a6546a56e4121231380b04eb55337c7edc66d6e3400b06fcb31b659be19cff61cfac6f1b771967aa7bfcf7dba26e279ab9bef181cc917fca8941819445dd6fd171c4065a526c7000000000000ef570531e36dd9cf4da9a269b71e05463dfadff8401bc3202a9c393e9658d15dc20655abad7f9c54fc89176071bf7645d221696fa24e1310598f1f0bbd6ea058fdec63fab905ac925b16bd5cedf4ea2775d897897473dce8a339e340519df5dc3c8ab91b6b96b10cb05637dc6f4f24b2b0ba824028fa0fa29c9cf80443de08b3fc140082c8aa79d6324e9c609b0d9c2eeba3accb49fe851b6f56a425f70b3157443d2b05a883700b554738fd8453ed2ba5af37121ff47dc759000000000000000000000000000000000d78287bf7833841f7d49160b8bf2bd448e49c9ce544f0fafba633b694965606fa98f10c1c9f55eee1aaf03d30e61c9a468758c151ebf809efcda19b880c534bce505e14b65bb4185bf0614f23c38d106f77e407cac3cdff686370d091d453f7b8f8731eb70c3053fbb1a7d1ec764f9436489e84941336e56ccdba860901290a3d27b6330b85d52095c3b28718"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0xffff0000, 0xf0, 0x0, &(0x7f0000001a40)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x48) 1.750978578s ago: executing program 0 (id=2872): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x3) 1.661619321s ago: executing program 6 (id=2873): unshare(0x400) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r0, &(0x7f0000000340), 0x0}, 0x20) 1.621742862s ago: executing program 3 (id=2874): pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) close(r0) 1.621521872s ago: executing program 7 (id=2875): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@ipv6_newnexthop={0x44, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_GROUP={0x2c, 0x2, [{0x2, 0x3}, {0x1, 0x7}, {0x1, 0x2d}, {0x2, 0x4}, {0x2, 0x5}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x60000000}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="5401000010003306000000000000000064010100000000000000000000000000fe80000000000007ff000000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe880000000000000000000000000001000004d232000000fc020000000000000000000000000000ff7f0000000000000e0000000000000001000000000000000000000000000000fcffffffffffffff010000000000000003000000000000007167000000000000fdbfffffffffffffffffffffffffffff00000000000000000000000000000000fcffffffffffffff0000000000000000000000000a000400300000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0004"], 0x154}}, 0x0) 1.282401175s ago: executing program 6 (id=2876): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local}) 1.203261547s ago: executing program 3 (id=2877): syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) 1.172576348s ago: executing program 1 (id=2878): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x20, r1, 0x603, 0x70bd2f, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}}, 0x10) 820.461441ms ago: executing program 3 (id=2879): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_WSCALE={0x5, 0x2, 0x10}, @NFTA_SYNPROXY_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1e}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) 782.429832ms ago: executing program 6 (id=2880): set_mempolicy(0x3, &(0x7f0000000080)=0x1ff, 0x5) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/profiling', 0x141a82, 0x4) sendfile(r0, r0, 0x0, 0x1) 700.358275ms ago: executing program 7 (id=2881): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x1, 0x5}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, [@call={0x85, 0x0, 0x0, 0x7b}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000020c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc) 697.035345ms ago: executing program 1 (id=2882): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x800002, &(0x7f0000000600)=ANY=[@ANYBLOB='force,nodecompose,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c63726561746f723dc6b763b82c6e6f626172726965722c706172743d3078303030303030303030303030303030352c6e6c733d6d616363726f617469616e2c63726561746f723d1c4e53c52c0022ec7e3834a2353b8bf69b5d1c4e030c09"], 0x1, 0x6b3, &(0x7f0000000780)="$eJzs3U9sHFcdB/DvbDbrbJBSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7HipJXjorRCZAMUJE6cUA8cilA49IQQQionRDkjIXHhlHskbhxyAIzmz9pre+PYieN1289Hmp03+96895tf5s/ubKwJ8Jl1/vXs76fI+RMXbpXL9+72Fu7d7V0flJNMJGkl7XqWopsUHyfnUk/5fPlm013xsHFevf9R0X7/w1691G6mqn1rs/U2GNmynxxYWdiXZKou/mcLHbZG91dNVT+XVvt7TMVK3GXCjg8SB+O2vEF/tXLUobHW1o9bYM+6XV83N5hMDqa+upafA9KcHR59Zhi/Tc9N/d2LAwAAAJ6Wkd/lhz3zIA9yK4d2JxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4dCjqZwYWzdQalKdSDJ7/3xl6pn5nzOE+ofeuVLPvPjPuQAAAAAAAAADgiRx7kAe5lUOD5eWi+s3/pWrhcPX6ubydm5nLYk7mVmazlKUsZibJ5FBHnVuzS0uLMxvX/GXKNZeXl283a54euebptXH11wc66n8abGgEAAAAAAAAAJ9ZP8r51d//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLyiSffWsmg4PypNptZMcSNIpplaad8Ya7A7487gDAAAAgKev28wPFf+rC8tF9Z3/SPW9/0Dezo0sZT5LWchcLlf3Aupv/a2/93sL9+72rpfTxo6/8a9txVH1mPrew+iRp6sWL6yscT7fzvdyIlO5mMXM5/uZzVLmMpVvVaXZFJls7l5M3rvbzSDWjfGeW7N0cX1sx4bKZXxHq0i6uZL5KraTudQZhN5q2h0dGu2PnWTdiHfK7BSvNbaYo8vNvNyiXzTzvWGy2vL9KxmZbnJfZuPZ4bxvzP0295P1I82ktXIP6vDqKOXi+pEeK+cHm3mZ658+3Zxv81ba2kz0f14uDfa+I5vnPPnyP/5y8WrrxrWrV26e2Du70WNav0/0hjLx4pYysVBmov8EmTjwJPHvnE6Tjfosur2z5UvVuocyn+/kzVzOXM5kOjM5m+l8LafTy+mhvL6weV6rY621vWPt+JeaQnlN+tnQtWnXTDysoszrs0N5HT7TTVZ1w++sZum5LWSp6GR0lv45MpT2F5pCOcaPh64447c+EzNDmXh+80z8+r/LSW4u3Li2eHX2rS2O93IzLw/b99aem3+zIxu0fc3mlvvLc+U/VurLxvDeUdY9P6hbl69O84tLu+lsTV0n1fFc1z3qSC17OnJnVE913YsjR+lVdUeH6tZ8ysmbWVj5FNLY9YMUgC04+MrBTvd+92/dD7o/6V7tXjjwzYmzE1/sZP9f23/a97vWb1tfL17JB/lhDo07UgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DS4+c6712YXFuYW92AhrR3u8M7IqkEq6nc6I9ocyx7IxiejMLHZHvX71I9resjqnXHE3M1D49ndQtq7MNZERlRdWHmnm7RW4klybY884A54Gk4tXX/r1M133v3K/PXZN+bemLtx+uyZ1870vjpz+9SV+YW56fq1adwec7DAjlr9GDDuSAAAAAAAAAAAAICt2o0/bxgxbNEfw7YCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn0znX8/+forMTJ+cLpfv3e0tlNOgvNqynaSVpPhBUnycnEs9ZXKou+Jh47x6/6Nfvfz+h73VvtqD9q116/3h38vL29yKfjNlKsm+Zv5oE1vq79JQf/1tBlYrVrawTNjxQeJg3P4fAAD//+/HBYc=") mount$nfs(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x201008, 0x0) mount$nfs(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x201008, 0x0) 614.965528ms ago: executing program 3 (id=2883): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x4, 0x2}, 0xe) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, 0x0, 0x0) 383.584227ms ago: executing program 6 (id=2884): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f00000001c0)=0x1) fcntl$setstatus(r0, 0x4, 0x0) 373.746757ms ago: executing program 7 (id=2885): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000600)={{0xa, 0x0, 0x8, @local}, {0xa, 0x0, 0x0, @empty}, 0x1}, 0x5c) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @empty}, 0x1, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xe3]}}, 0x5c) 364.226017ms ago: executing program 3 (id=2886): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$video(&(0x7f0000000040), 0x5, 0x800) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000240)={0x6, 0x8, 0x2, {0x9, @sdr={0x49323159, 0x6}}, 0x4}) 109.193336ms ago: executing program 1 (id=2887): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xc, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="850000002200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/ipc\x00') bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r0, 0x0, 0xcc0, 0xfffffffffffffde6, &(0x7f00000001c0)="348b0d151f8218e3c73697e4080049c416b90900000093291cfc5e8b99005e8b9900", 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 61.267838ms ago: executing program 7 (id=2888): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x3c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x10, 0x4, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @fib={{0x8}, @void}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) 32.332989ms ago: executing program 3 (id=2889): syz_mount_image$nilfs2(&(0x7f0000003380), &(0x7f0000000f00)='./file0\x00', 0x3210052, &(0x7f0000003300)={[{}, {@errors_continue}, {@norecovery}, {@order_strict}, {@nobarrier}, {@order_strict}, {@nodiscard}, {@order_relaxed}], [], 0x2c}, 0x3, 0xed3, &(0x7f0000002400)="$eJzs3U9sHNUZAPA3a6/txCZeAwUDJaTQikDBDkmkprcgUI+IS88FhYRGGIoaeiDiT+gBUQlRJMSp4kDFhVIpRWolUKsK9dT21Kq3nlBViUpVKgX1UtTEVZz31rsvnu56bM96d38/6du3b97sfN94I2dmPPs2AGOrsfZ49OhiEcLbH7/18ItPFL+6suyO9hoH1h6L2GuFEJod/SLb3qdxwaWLL5zYqC3C4bXH1A+PXGi/djaEcC4cCJ+EVvhgeeXz99956OCHr87c9MbZp17aod1vy/cDAABG0fk/rvz1nn/84b6FL87vPx6m28vT8Xkr9mfjcf+heKCcjpcbobtfdESnqWy9iRiNbL2JbL3JLM9kSb5mtp1myXpTPfJNdCzbaD8BAABgGKXz2lYoGktd/UZjaenqef8Vn85PFUvPnF45dWZAhQIAAACV/fvltZtuhRBCCCGEELs0/rs6+BqEEEMVxUbLV+cHfQUCAAAAGDf5fGHXOLe9M3W1t9bqL/+FBxsbvx62Qd3//uUfrvzvveI3DgAA1Y3q0WTar3QcneYxyOcRnMhet9nj/0a2nclN1lk2r+CwzDdYVmf+c92tyurf7Ps4KGX15/Nh7lZl9efzdO5WZfVP11xHVWX1z9RcR1Vl9e+puY6qyurfW3MdVZXVP1tzHVWV1T9Xcx1VldV/Xc11VFVW/76a66iqrP5hua22rP5WzXVUVVb/Qs11VFVW//U111FVWf031FxHVWX131hzHYNye2zTz2F/Nt55/pyf0w3LOR4AAACMu/+Y/08IIYQQQgghhBj5eHnQFyAAAACAgUufC0ifel+N0vhEj/HJHuPNHuNTPcane4wDAAAAIfz6tVO3vFmsf85/q/PhpXmj0vxLm53HKJ+PcLP5tzrv2VbzD8u8ZQAAAIyX4lufXL734XefW/ji/P7jHWe/l+P5bpoHdDJeG/go9tN9AXNZv0jn0Me78zRK1suvD1xXtr1Ht7ijAAAAMMbS+XsrFI2ljvPuVmg0lpbWz8cXQ7M4dXrl5KHYT9/P8vv55vSV5Q/UXDcAAADQv/Xz/Y3P/9P3+C6GqWLpmdMrp85c7c+1lzcbndcF5teXF53XBVrZ8sMly4/Efvr+zu/O71lbvnTieytPbPfOAwAAwJg48/zZpx5fWTn5fU888cST9pNB/2YCAAC222efvdX8wZG53179/P/6/Hfp8/8HYr8V5/b7U1wh3SeQPgdwzef1H+vOM1+23rPd67Wy9SZiTGd1z3RsJ3TMN5het1CWr9W9namSfLNZvrksXz5PwWS2fsq3L1uez0+Y1pvPlufzME5mOYos/50BAAAAyi0/9/Szy2eeP3v/6acff/LkkyefOXL42DePHTv0wDceWF67r3+58+5+AAAAYBit3/Q76EoAAAAAAAAAAAAAAAAAAABgfNXxdWKD3kcAAAAYd/96OYRwTghREle/AnPwdQghhBBiBOLvO51jYvD7KITYvbG6mn/TPAAAAMDOunTxhROd7TXOFduar7211tXmcsyb2rn7/7JwJdJqFx7svl6yd1urYdzV/e9f/uHK/94r25t/Jj3p+/dfo3sDx6vlvXv5Z4ud+W+d7DN/vv+PVst/MMt/d+gv/+q7Wf7HquW/J8u/t8/81+z/s9Xy3xvzL8b+wbv6zd/9/k/HNu3Hnj7zfz3b/ydCv/mz/W/1mTBzX8wPAOOoMegCdkg6SkjH0bOxn/Y3Hm6G/O6HzR7/N7LtTG658u7tpuOgm2M/HS/NZXmTzdY/m23vuop15oblrpKy+rfrfdxpZfU3a66jqrL6p2quo6qy+qdrrqOqsvpnaq6jqrL6+z0PHbSy+oflunJZ/bM111FVWf1zNddRVVn9m/1/fFDK6t9Xcx1VldU/X3MdVZXVX/GyWu3K6l+ouY6qyuq/vuY6qiqr/4aa66iqrP4ba65jUG6Lbdn5cDr/nI9jqd/K+tMb/CxH9doCAAAADJt/mv9PCCGEEEIIIYS4Et/5zeBr2LFYXR30FQgGaWc/zQzAbuX3/3jz/o837/948/7z/6R7+Iusn0z0GJ/sMd7sMT6Vjef/Xqd7jN+QbXc1SuM39hj/Uo/xfT3Gb+4xvthj/JYe47f2GL+txzgAAADj4abYOj8EAACA0fXizz96/Zd3P3Zx4Yvz+4+HqWvmnT8U+9Pxb+uvxX4+733SjH/z/2Hs/zS2v4vt37L13X8CAAAAOy99T4y//wMAAMDoSt9T6vwfAAAARtdCbJ3/AwAAwOi6PrbO/wEAAGCEFTMbL45tui5wZ2z7ndcPANj9vhzb22O7P7Z3xPYrsU3HAXfF9qs11QcAbJ+ffPtHx94s1uf7P5KNX4rLU3uNc1evFBSN7pn898R2b2y/1mc9+fcB9Js/2ddnnp3KP7/F/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6GisPR49uliE8PbHbz3846nX/3xl2R3tNQ6sPRax1wohNNuvS6Pr/V/EFS9dfOFEZ3s5tkU4HIpQtJeHRy60M82GEM6FA+GT0AofLK98/v47Dx388NWZm944+9RLO/gj6No/AAAAGEX/CwAA//96ziHH") r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f00000044c0)={0x2020}, 0x2020) 0s ago: executing program 6 (id=2890): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) writev(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): 1:1.1 failed with error -71 [ 343.189892][ T6437] usb 4-1: selecting invalid altsetting 1 [ 343.226324][ T6437] usb 4-1: cannot request logical cluster ID: 0 (err: -71) [ 343.268219][ T6437] usb 4-1: invalid MIXER UNIT descriptor 6 [ 343.327581][ T6437] snd-usb-audio: probe of 4-1:1.2 failed with error -71 [ 343.371059][ T6437] usb 4-1: USB disconnect, device number 19 [ 343.614861][T10135] loop1: detected capacity change from 0 to 16 [ 343.630740][ T6942] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 343.646844][T10135] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 343.656971][ T4793] udevd[4793]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 343.959827][ T6942] usb 7-1: Using ep0 maxpacket: 32 [ 344.114982][ T6942] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 344.135464][ T6942] usb 7-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 344.190604][ T6942] usb 7-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 344.238920][ T6942] usb 7-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 344.240854][T10145] loop3: detected capacity change from 0 to 256 [ 344.270277][ T6942] usb 7-1: config 0 interface 0 has no altsetting 0 [ 344.299309][ T6942] usb 7-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 344.307638][T10145] exfat: Deprecated parameter 'utf8' [ 344.328534][T10145] exfat: Deprecated parameter 'utf8' [ 344.330415][ T6942] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.414248][ T6942] usb 7-1: config 0 descriptor?? [ 344.492990][T10145] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 344.878236][T10131] loop0: detected capacity change from 0 to 40427 [ 344.950550][ T6942] corsair-cpro 0003:1B1C:0C10.0017: unknown main item tag 0x4 [ 344.962248][ T6942] corsair-cpro 0003:1B1C:0C10.0017: item fetching failed at offset 3/5 [ 345.020438][ T6942] corsair-cpro: probe of 0003:1B1C:0C10.0017 failed with error -22 [ 345.031678][T10161] loop1: detected capacity change from 0 to 128 [ 345.053315][T10131] F2FS-fs (loop0): Found nat_bits in checkpoint [ 345.241587][ T6942] usb 7-1: USB disconnect, device number 6 [ 345.324688][T10131] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 345.473390][ T26] audit: type=1800 audit(1774996011.046:45): pid=10131 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2073" name="file1" dev="loop0" ino=10 res=0 errno=0 [ 345.539046][ T4267] syz-executor: attempt to access beyond end of device [ 345.539046][ T4267] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 345.982415][T10169] netlink: 'syz.1.2100': attribute type 4 has an invalid length. [ 346.254331][T10158] loop3: detected capacity change from 0 to 40427 [ 346.326421][T10158] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 346.353132][T10158] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 346.363050][ C0] net_ratelimit: 5038 callbacks suppressed [ 346.363066][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 346.381921][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 346.394420][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 346.406819][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 346.419401][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 346.431895][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 346.444927][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 346.457398][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 346.469870][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 346.482238][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 346.550823][T10158] F2FS-fs (loop3): invalid crc_offset: 33558524 [ 346.612347][T10179] loop1: detected capacity change from 0 to 1024 [ 346.618055][T10165] loop7: detected capacity change from 0 to 40427 [ 346.680136][T10165] F2FS-fs (loop7): invalid crc value [ 346.685569][T10158] F2FS-fs (loop3): Found nat_bits in checkpoint [ 346.841374][ T46] hfsplus: b-tree write err: -5, ino 25 [ 346.847190][ T46] hfsplus: b-tree write err: -5, ino 4 [ 346.877429][ T46] hfsplus: b-tree write err: -5, ino 2 [ 346.893055][T10165] F2FS-fs (loop7): Found nat_bits in checkpoint [ 346.915240][T10158] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 346.942470][T10158] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 347.066568][T10170] loop6: detected capacity change from 0 to 32768 [ 347.172998][T10165] F2FS-fs (loop7): Start checkpoint disabled! [ 347.211751][T10170] (syz.6.2090,10170,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 347.230473][T10165] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6 [ 347.270213][T10170] (syz.6.2090,10170,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 347.393566][T10170] JBD2: Ignoring recovery information on journal [ 347.530417][T10170] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 347.591809][ T11] kworker/u4:1: attempt to access beyond end of device [ 347.591809][ T11] loop7: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 347.739270][T10174] loop0: detected capacity change from 0 to 32768 [ 347.874504][T10174] JBD2: Ignoring recovery information on journal [ 348.206525][T10174] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 348.342629][ T7936] ocfs2: Unmounting device (7,6) on (node local) [ 348.641704][ T26] audit: type=1326 audit(1774996014.216:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10199 comm="syz.1.2102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4dd79c819 code=0x7ffc0000 [ 348.728671][ T26] audit: type=1326 audit(1774996014.246:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10199 comm="syz.1.2102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7ff4dd79c819 code=0x7ffc0000 [ 348.770911][ T4267] ocfs2: Unmounting device (7,0) on (node local) [ 348.850984][ T26] audit: type=1326 audit(1774996014.246:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10199 comm="syz.1.2102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4dd79c819 code=0x7ffc0000 [ 348.954765][T10207] loop3: detected capacity change from 0 to 256 [ 348.971312][ T26] audit: type=1326 audit(1774996014.246:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10199 comm="syz.1.2102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4dd79c819 code=0x7ffc0000 [ 349.096468][ T26] audit: type=1326 audit(1774996014.246:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10199 comm="syz.1.2102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7ff4dd79c819 code=0x7ffc0000 [ 349.156495][T10207] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x32e3664b, utbl_chksum : 0xe619d30d) [ 349.225021][ T26] audit: type=1326 audit(1774996014.246:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10199 comm="syz.1.2102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4dd79c819 code=0x7ffc0000 [ 349.360830][ T26] audit: type=1326 audit(1774996014.246:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10199 comm="syz.1.2102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4dd79c819 code=0x7ffc0000 [ 349.680786][ T4523] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 349.893234][ T4523] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 349.913794][ T4523] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 349.954275][ T4523] usb 2-1: config 1 has no interface number 0 [ 349.960880][ T4523] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 350.001036][ T4523] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 350.028270][ T4523] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 350.048384][ T4523] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0 [ 350.066465][ T4523] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 350.099530][ T4523] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 350.160859][ T4523] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 350.179139][ T4523] usb 2-1: Product: syz [ 350.214303][ T4523] usb 2-1: Manufacturer: syz [ 350.244059][ T4523] usb 2-1: SerialNumber: syz [ 350.291046][T10215] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 350.533263][T10238] loop7: detected capacity change from 0 to 128 [ 350.614535][T10238] EXT4-fs (loop7): mounting ext2 file system using the ext4 subsystem [ 350.727085][T10218] loop0: detected capacity change from 0 to 40427 [ 350.761487][T10215] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 350.782155][T10238] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 350.837604][T10238] ext2 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 350.959167][T10243] loop3: detected capacity change from 0 to 4096 [ 350.982590][ T4523] cdc_ncm 2-1:1.1: failed GET_NTB_PARAMETERS [ 351.003835][ T4523] cdc_ncm 2-1:1.1: bind() failure [ 351.072232][ T4523] usb 2-1: USB disconnect, device number 23 [ 351.150022][T10218] F2FS-fs (loop0): Found nat_bits in checkpoint [ 351.183431][ T9819] EXT4-fs (loop7): unmounting filesystem. [ 351.277055][T10218] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2 [ 351.331016][T10218] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 351.388583][ C0] net_ratelimit: 4397 callbacks suppressed [ 351.388604][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 351.407007][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 351.420144][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 351.432693][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 351.445027][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 351.457550][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 351.469946][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 351.483204][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 351.495686][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 351.508731][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 351.562523][ T26] audit: type=1800 audit(1774996017.136:53): pid=10218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2101" name="file1" dev="loop0" ino=10 res=0 errno=0 [ 351.731260][ T4267] syz-executor: attempt to access beyond end of device [ 351.731260][ T4267] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 351.787482][T10243] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 352.063496][T10241] loop6: detected capacity change from 0 to 32768 [ 352.153956][T10254] netlink: 'syz.1.2124': attribute type 1 has an invalid length. [ 352.331995][T10241] XFS (loop6): Mounting V5 Filesystem [ 352.433073][T10249] loop7: detected capacity change from 0 to 32768 [ 352.600201][T10249] (syz.7.2121,10249,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 352.642136][T10249] (syz.7.2121,10249,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 352.695073][T10267] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2125'. [ 352.712140][T10241] XFS (loop6): Ending clean mount [ 352.817530][T10249] JBD2: Ignoring recovery information on journal [ 352.931213][ T7936] XFS (loop6): Unmounting Filesystem [ 353.003278][T10268] loop1: detected capacity change from 0 to 4096 [ 353.032114][T10249] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 353.049046][T10268] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 353.464256][ T9819] ocfs2: Unmounting device (7,7) on (node local) [ 354.258080][ T4617] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 354.419111][T10271] loop3: detected capacity change from 0 to 32768 [ 354.580213][T10271] XFS (loop3): Mounting V5 Filesystem [ 354.790949][ T4617] usb 2-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 354.807260][T10276] loop7: detected capacity change from 0 to 40427 [ 354.820723][ T4617] usb 2-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0 [ 354.840319][ T4617] usb 2-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 354.862395][T10276] F2FS-fs (loop7): build fault injection attr: rate: 771, type: 0x3ffff [ 354.892612][ T4617] usb 2-1: config 0 interface 0 has no altsetting 0 [ 354.899364][ T4617] usb 2-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 354.909314][T10276] F2FS-fs (loop7): invalid crc value [ 354.941149][ T4617] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.976363][T10276] F2FS-fs (loop7): Found nat_bits in checkpoint [ 354.995322][ T4617] usb 2-1: config 0 descriptor?? [ 355.043804][T10271] XFS (loop3): Ending clean mount [ 355.056328][T10294] loop6: detected capacity change from 0 to 4096 [ 355.062978][ T4274] Bluetooth: hci3: command 0x0406 tx timeout [ 355.131971][T10271] XFS (loop3): Quotacheck needed: Please wait. [ 355.168038][T10297] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 355.237575][T10276] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 355.354225][T10271] XFS (loop3): Quotacheck: Done. [ 355.508003][ T4617] holtek 0003:1241:5015.0018: unknown main item tag 0x0 [ 355.516138][ T4617] holtek 0003:1241:5015.0018: unknown main item tag 0x0 [ 355.526600][ T4617] holtek 0003:1241:5015.0018: unknown main item tag 0x0 [ 355.527075][ T9819] syz-executor: attempt to access beyond end of device [ 355.527075][ T9819] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 355.560801][ T4271] XFS (loop3): Unmounting Filesystem [ 355.567516][ T4617] holtek 0003:1241:5015.0018: unknown main item tag 0x0 [ 355.586653][ T4617] holtek 0003:1241:5015.0018: unknown main item tag 0x0 [ 355.632723][ T4617] holtek 0003:1241:5015.0018: hidraw0: USB HID v0.00 Device [HID 1241:5015] on usb-dummy_hcd.1-1/input0 [ 355.658191][ T4617] holtek 0003:1241:5015.0018: no inputs found [ 355.740829][ T4617] usb 2-1: USB disconnect, device number 24 [ 355.980234][T10301] fido_id[10301]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 356.390918][ C0] net_ratelimit: 5141 callbacks suppressed [ 356.390945][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 356.410077][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 356.422534][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 356.435651][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 356.448174][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 356.460552][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 356.472950][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 356.485338][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 356.498420][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 356.510920][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 357.558862][T10311] loop6: detected capacity change from 0 to 32768 [ 357.757377][T10311] XFS (loop6): Mounting V5 Filesystem [ 357.771433][T10309] loop1: detected capacity change from 0 to 32768 [ 357.841349][T10309] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz.1.2142 (10309) [ 357.970362][T10309] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 358.061673][T10309] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 358.092321][T10309] BTRFS info (device loop1): using free space tree [ 358.137536][T10311] XFS (loop6): Ending clean mount [ 358.152282][T10349] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2151'. [ 358.465724][T10370] loop7: detected capacity change from 0 to 2048 [ 358.475101][ T7936] XFS (loop6): Unmounting Filesystem [ 358.562948][T10374] sp0: Synchronizing with TNC [ 358.597461][T10370] NILFS (loop7): broken superblock, retrying with spare superblock (blocksize = 1024) [ 358.720896][T10379] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 358.768225][T10309] BTRFS info (device loop1): enabling ssd optimizations [ 359.207612][ T4276] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 359.931255][T10402] netlink: 168864 bytes leftover after parsing attributes in process `syz.6.2164'. [ 360.337684][T10410] Bluetooth: MGMT ver 1.22 [ 361.435652][T10441] loop0: detected capacity change from 0 to 1024 [ 361.442927][ C0] net_ratelimit: 3491 callbacks suppressed [ 361.442945][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 361.461787][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 361.474822][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 361.487293][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 361.499671][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 361.512025][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 361.524455][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 361.536901][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 361.550060][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 361.562533][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 363.001861][T10448] loop7: detected capacity change from 0 to 32768 [ 363.167409][T10448] XFS (loop7): Mounting V5 Filesystem [ 363.401814][T10460] loop0: detected capacity change from 0 to 32768 [ 363.437590][T10477] loop3: detected capacity change from 0 to 32768 [ 363.454633][T10460] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.2188 (10460) [ 363.535664][T10460] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 363.560863][T10460] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 363.579060][T10460] BTRFS info (device loop0): enabling auto defrag [ 363.589804][T10460] BTRFS info (device loop0): use no compression [ 363.606957][T10460] BTRFS info (device loop0): max_inline at 4096 [ 363.621186][T10460] BTRFS info (device loop0): using free space tree [ 363.661949][T10477] XFS (loop3): Mounting V5 Filesystem [ 363.809111][T10448] XFS (loop7): Ending clean mount [ 363.879031][T10448] XFS (loop7): Quotacheck needed: Please wait. [ 363.977102][T10477] XFS (loop3): Ending clean mount [ 363.987022][T10460] BTRFS info (device loop0): enabling ssd optimizations [ 364.014519][T10524] loop6: detected capacity change from 0 to 128 [ 364.057749][T10524] EXT4-fs: Ignoring removed nobh option [ 364.174857][T10524] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 364.238510][T10448] XFS (loop7): Quotacheck: Done. [ 364.271318][T10524] ext4 filesystem being mounted at /153/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 364.541327][ T4271] XFS (loop3): Unmounting Filesystem [ 364.585838][ T7936] EXT4-fs (loop6): unmounting filesystem. [ 364.637330][ T4267] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 364.683276][ T9819] XFS (loop7): Unmounting Filesystem [ 365.271095][ T5720] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 365.444756][T10537] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2199'. [ 365.471334][ T5720] usb 7-1: Using ep0 maxpacket: 32 [ 365.493162][ T5720] usb 7-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c [ 365.529549][ T5720] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.551140][ T5720] usb 7-1: Product: syz [ 365.555379][ T5720] usb 7-1: Manufacturer: syz [ 365.560011][ T5720] usb 7-1: SerialNumber: syz [ 365.628034][ T5720] usb 7-1: config 0 descriptor?? [ 365.664468][ T5720] dw2102: su3000_identify_state [ 365.712761][ T5720] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state. [ 365.727911][ T5720] dw2102: su3000_power_ctrl: 1, initialized 0 [ 365.734395][ T5720] dvb-usb: bulk message failed: -22 (2/0) [ 365.747527][ T5720] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 365.801363][ T5720] dvbdev: DVB: registering new adapter (Hauppauge MAX S2 or WinTV NOVA HD USB2.0) [ 365.841196][ T5720] usb 7-1: media controller created [ 365.850854][ T5720] dvb-usb: bulk message failed: -22 (6/0) [ 365.868005][ T5720] dw2102: i2c transfer failed. [ 365.900340][T10532] dvb-usb: bulk message failed: -22 (4/0) [ 365.918374][T10532] dw2102: i2c transfer failed. [ 365.951439][ T5720] dvb-usb: bulk message failed: -22 (6/0) [ 365.957254][ T5720] dw2102: i2c transfer failed. [ 365.991458][ T5720] dvb-usb: bulk message failed: -22 (6/0) [ 366.019517][ T5720] dw2102: i2c transfer failed. [ 366.033117][T10543] program syz.0.2207 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 366.063060][ T5720] dvb-usb: bulk message failed: -22 (6/0) [ 366.068884][ T5720] dw2102: i2c transfer failed. [ 366.116933][ T5720] dvb-usb: bulk message failed: -22 (6/0) [ 366.126525][ T5720] dw2102: i2c transfer failed. [ 366.135761][ T5720] dvb-usb: bulk message failed: -22 (6/0) [ 366.142024][ T5720] dw2102: i2c transfer failed. [ 366.146990][ T5720] dvb-usb: MAC address: 02:02:02:02:02:02 [ 366.168388][ T5720] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 366.224923][ T5720] dvb-usb: bulk message failed: -22 (3/0) [ 366.230799][ T5720] dw2102: command 0x0e transfer failed. [ 366.257462][ T5720] dvb-usb: bulk message failed: -22 (3/0) [ 366.288582][ T5720] dw2102: command 0x0e transfer failed. [ 366.348787][T10554] netlink: 'syz.3.2209': attribute type 1 has an invalid length. [ 366.357210][T10554] netlink: 120 bytes leftover after parsing attributes in process `syz.3.2209'. [ 366.450685][ C0] net_ratelimit: 4765 callbacks suppressed [ 366.450704][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 366.469757][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 366.482326][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 366.495523][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 366.508002][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 366.520396][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 366.532732][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 366.545170][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 366.557705][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 366.570962][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 366.631030][ T5720] dvb-usb: bulk message failed: -22 (3/0) [ 366.641277][ T5720] dw2102: command 0x0e transfer failed. [ 366.646968][ T5720] dvb-usb: bulk message failed: -22 (3/0) [ 366.670051][ T5720] dw2102: command 0x0e transfer failed. [ 366.686992][ T5720] dvb-usb: bulk message failed: -22 (1/0) [ 366.708494][ T5720] dw2102: command 0x51 transfer failed. [ 366.894875][ T5720] DVB: Unable to find symbol ds3000_attach() [ 366.908946][ T5720] dvb-usb: no frontend was attached by 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' [ 367.191137][ T5720] rc_core: IR keymap rc-su3000 not found [ 367.196916][ T5720] Registered IR keymap rc-empty [ 367.221493][ T5720] rc rc0: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0 [ 367.300911][ T5720] input: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0/input21 [ 367.342812][ T5720] dvb-usb: schedule remote query interval to 150 msecs. [ 367.349850][ T5720] dw2102: su3000_power_ctrl: 0, initialized 1 [ 367.392433][ T5720] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 successfully initialized and connected. [ 367.460546][ T5720] usb 7-1: USB disconnect, device number 7 [ 367.495254][T10570] loop7: detected capacity change from 0 to 256 [ 367.571714][ T5720] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2. successfully deinitialized and disconnected. [ 367.811787][T10570] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 367.954526][T10570] exFAT-fs (loop7): error, tried to truncate zeroed cluster. [ 367.965040][ T5720] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 368.033684][T10570] exFAT-fs (loop7): Filesystem has been set read-only [ 368.170813][ T5720] usb 7-1: Using ep0 maxpacket: 16 [ 368.178069][ T5720] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 368.219916][ T5720] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 368.262905][ T5720] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 368.302256][ T5720] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 368.321791][ T5720] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.342948][T10588] loop0: detected capacity change from 0 to 512 [ 368.349878][ T5720] usb 7-1: config 0 descriptor?? [ 368.388608][T10588] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 368.541907][T10588] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm syz.0.2225: bg 0: block 104: invalid block bitmap [ 368.562177][T10588] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6180: Corrupt filesystem [ 368.572773][T10588] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.2225: invalid indirect mapped block 1 (level 1) [ 368.634526][T10588] EXT4-fs (loop0): 1 truncate cleaned up [ 368.640305][T10588] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 368.782691][T10588] EXT4-fs warning (device loop0): ext4_resize_begin:84: There are errors in the filesystem, so online resizing is not allowed [ 368.868123][T10594] tipc: Started in network mode [ 368.913696][T10594] tipc: Node identity 4246, cluster identity 9 [ 368.923663][ T5720] microsoft 0003:045E:07DA.0019: ignoring exceeding usage max [ 368.931343][T10594] tipc: Node number set to 16966 [ 368.983076][ T5720] microsoft 0003:045E:07DA.0019: unsupported Resolution Multiplier 0 [ 369.025118][ T5720] microsoft 0003:045E:07DA.0019: implement() called with n (152) > 32! (kworker/1:17) [ 369.117081][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 369.180559][ T5720] microsoft 0003:045E:07DA.0019: No inputs registered, leaving [ 369.201739][ T5720] microsoft 0003:045E:07DA.0019: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.6-1/input0 [ 369.294513][ T5720] microsoft 0003:045E:07DA.0019: no inputs found [ 369.345168][ T5720] microsoft 0003:045E:07DA.0019: could not initialize ff, continuing anyway [ 369.406157][ T5720] usb 7-1: USB disconnect, device number 8 [ 369.698086][T10612] device vlan1 entered promiscuous mode [ 369.878328][T10615] loop1: detected capacity change from 0 to 1024 [ 370.070873][T10615] hfsplus: xattr searching failed [ 370.119368][T10613] fido_id[10613]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 370.554056][T10628] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2243'. [ 370.794923][T10629] loop0: detected capacity change from 0 to 8192 [ 370.963469][T10633] loop1: detected capacity change from 0 to 4096 [ 371.019018][T10637] loop3: detected capacity change from 0 to 64 [ 371.037885][T10633] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 371.082134][T10637] hfs: gid requires an argument [ 371.087069][T10637] hfs: unable to parse mount options [ 371.410846][ T26] audit: type=1800 audit(1774996036.986:54): pid=10633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2244" name="file1" dev="loop1" ino=24 res=0 errno=0 [ 371.460897][ C0] net_ratelimit: 4754 callbacks suppressed [ 371.460917][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 371.479325][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 371.491948][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 371.505163][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 371.517643][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 371.530400][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 371.542810][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 371.555641][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 371.566337][ T4378] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 371.585293][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 371.597842][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 371.690384][T10646] loop6: detected capacity change from 0 to 164 [ 371.734802][ T4276] ntfs3: loop1: ntfs_sync_fs r=1a failed, -22. [ 371.787415][T10648] loop0: detected capacity change from 0 to 256 [ 371.800981][T10648] exfat: Deprecated parameter 'utf8' [ 371.808235][T10646] ISOFS: unable to read i-node block [ 371.818444][ T4276] ntfs3: loop1: ntfs_evict_inode r=1a failed, -22. [ 371.835489][T10646] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 371.846984][ T4276] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 371.917531][T10648] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x2c41917f, utbl_chksum : 0xe619d30d) [ 372.136567][ T26] audit: type=1326 audit(1774996037.706:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10652 comm="syz.3.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9638f9c819 code=0x7ffc0000 [ 372.230711][ T26] audit: type=1326 audit(1774996037.766:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10652 comm="syz.3.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f9638f9c819 code=0x7ffc0000 [ 372.340288][ T26] audit: type=1326 audit(1774996037.766:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10652 comm="syz.3.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9638f9c819 code=0x7ffc0000 [ 372.470724][ T26] audit: type=1326 audit(1774996037.766:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10652 comm="syz.3.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9638f9c819 code=0x7ffc0000 [ 372.560710][ T26] audit: type=1326 audit(1774996037.766:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10652 comm="syz.3.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f9638f9c819 code=0x7ffc0000 [ 372.673858][T10663] loop1: detected capacity change from 0 to 4096 [ 372.709417][ T26] audit: type=1326 audit(1774996037.766:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10652 comm="syz.3.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9638f9c819 code=0x7ffc0000 [ 372.831676][T10663] NILFS (loop1): invalid segment: Checksum error in segment payload [ 372.840005][ T26] audit: type=1326 audit(1774996037.766:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10652 comm="syz.3.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9638f9c819 code=0x7ffc0000 [ 372.872901][T10663] NILFS (loop1): trying rollback from an earlier position [ 372.914806][T10663] NILFS (loop1): recovery complete [ 372.926291][T10669] loop3: detected capacity change from 0 to 4096 [ 372.990785][ T26] audit: type=1326 audit(1774996037.766:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10652 comm="syz.3.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f9638f9c819 code=0x7ffc0000 [ 373.040191][T10674] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 373.088289][T10676] loop0: detected capacity change from 0 to 256 [ 373.099090][ T26] audit: type=1326 audit(1774996037.766:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10652 comm="syz.3.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f9638f9c819 code=0x7ffc0000 [ 373.245365][T10677] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 373.256888][T10669] NILFS error (device loop3): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 373.327623][T10669] NILFS (loop3): mounting fs with errors [ 373.509565][T10676] FAT-fs (loop0): Directory bread(block 64) failed [ 373.540551][T10676] FAT-fs (loop0): Directory bread(block 65) failed [ 373.575587][T10676] FAT-fs (loop0): Directory bread(block 66) failed [ 373.602943][T10676] FAT-fs (loop0): Directory bread(block 67) failed [ 373.637036][T10676] FAT-fs (loop0): Directory bread(block 68) failed [ 373.664135][T10676] FAT-fs (loop0): Directory bread(block 69) failed [ 373.718304][T10676] FAT-fs (loop0): Directory bread(block 70) failed [ 373.772231][T10676] FAT-fs (loop0): Directory bread(block 71) failed [ 373.779039][T10676] FAT-fs (loop0): Directory bread(block 72) failed [ 373.826730][T10676] FAT-fs (loop0): Directory bread(block 73) failed [ 374.019721][T10676] syz.0.2264: attempt to access beyond end of device [ 374.019721][T10676] loop0: rw=524288, sector=1192, nr_sectors = 4 limit=256 [ 374.194120][T10676] syz.0.2264: attempt to access beyond end of device [ 374.194120][T10676] loop0: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 374.219349][T10689] device bridge0 entered promiscuous mode [ 374.228965][T10688] device bridge0 left promiscuous mode [ 374.725751][T10679] loop7: detected capacity change from 0 to 40427 [ 374.805934][T10681] loop1: detected capacity change from 0 to 32768 [ 374.854880][T10679] F2FS-fs (loop7): invalid crc value [ 374.901752][T10679] F2FS-fs (loop7): Found nat_bits in checkpoint [ 374.910161][T10681] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.2266 (10681) [ 375.021759][T10681] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 375.035130][T10681] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 375.093504][T10681] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 375.116971][T10681] BTRFS info (device loop1): use zstd compression, level 3 [ 375.144933][T10679] F2FS-fs (loop7): Start checkpoint disabled! [ 375.160209][T10681] BTRFS info (device loop1): using free space tree [ 375.187006][T10679] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6 [ 375.224215][T10708] loop0: detected capacity change from 0 to 8 [ 375.501117][T10708] SQUASHFS error: Failed to read block 0x636: -5 [ 375.508124][T10708] SQUASHFS error: Unable to read metadata cache entry [634] [ 375.610958][T10708] SQUASHFS error: Unable to read metadata cache entry [634] [ 375.618450][T10708] SQUASHFS error: Unable to read directory block [629:0] [ 375.663990][ T4329] kworker/u4:8: attempt to access beyond end of device [ 375.663990][ T4329] loop7: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 375.695778][T10723] SQUASHFS error: Unable to read metadata cache entry [634] [ 375.715467][T10681] BTRFS info (device loop1): enabling ssd optimizations [ 375.746020][T10723] SQUASHFS error: Unable to read metadata cache entry [634] [ 375.760994][T10723] SQUASHFS error: Unable to read directory block [629:0] [ 375.910232][T10694] loop3: detected capacity change from 0 to 32768 [ 375.999541][T10694] JBD2: Ignoring recovery information on journal [ 376.236030][T10729] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2277'. [ 376.270473][ T4276] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 376.297496][T10694] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 376.386940][T10701] loop6: detected capacity change from 0 to 32768 [ 376.483525][ C0] net_ratelimit: 3947 callbacks suppressed [ 376.483543][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 376.501910][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 376.514298][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 376.526683][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 376.539062][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 376.551636][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 376.564745][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 376.577205][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 376.589831][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 376.602165][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 377.078507][T10742] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2282'. [ 377.146613][T10701] XFS (loop6): Mounting V5 Filesystem [ 377.187181][ T4271] ocfs2: Unmounting device (7,3) on (node local) [ 377.408066][T10701] XFS (loop6): Ending clean mount [ 377.453007][T10701] XFS (loop6): Quotacheck needed: Please wait. [ 377.615255][T10701] XFS (loop6): Quotacheck: Done. [ 377.894041][ T7936] XFS (loop6): Unmounting Filesystem [ 378.107805][T10759] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2278'. [ 378.173871][T10764] loop7: detected capacity change from 0 to 512 [ 378.193691][ T4274] Bluetooth: hci0: Dropping invalid advertising data [ 378.201868][ T4274] Bluetooth: hci0: Malformed LE Event: 0x02 [ 378.231584][T10764] EXT4-fs: Ignoring removed i_version option [ 378.237737][T10764] EXT4-fs: Ignoring removed oldalloc option [ 378.379498][T10764] EXT4-fs (loop7): Test dummy encryption mode enabled [ 378.460499][T10764] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c018, mo2=0103] [ 378.472041][T10764] EXT4-fs (loop7): orphan cleanup on readonly fs [ 378.494642][T10764] EXT4-fs error (device loop7): ext4_free_branches:1030: inode #13: comm syz.7.2289: invalid indirect mapped block 234881024 (level 0) [ 378.588500][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.594914][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.644262][T10773] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2293'. [ 378.659699][T10771] loop3: detected capacity change from 0 to 4096 [ 378.661395][T10764] EXT4-fs (loop7): 1 truncate cleaned up [ 378.700702][T10764] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 379.011481][ T9819] EXT4-fs (loop7): unmounting filesystem. [ 379.354127][ T6942] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 379.800718][T10800] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2303'. [ 379.910470][ T6942] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 379.910509][ T6942] usb 7-1: config 0 interface 0 has no altsetting 0 [ 380.149117][ T6942] usb 7-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 380.206308][ T6942] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 380.246687][ T6942] usb 7-1: Product: syz [ 380.252268][ T6942] usb 7-1: Manufacturer: syz [ 380.256960][ T6942] usb 7-1: SerialNumber: syz [ 380.300072][ T6942] usb 7-1: config 0 descriptor?? [ 380.323552][T10784] loop7: detected capacity change from 0 to 32768 [ 380.340824][T10808] loop0: detected capacity change from 0 to 256 [ 380.402057][ T6942] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 380.422347][ T6942] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 380.452203][ T6942] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 380.475303][ T6942] usb 7-1: media controller created [ 380.495305][T10808] FAT-fs (loop0): Directory bread(block 64) failed [ 380.513284][T10808] FAT-fs (loop0): Directory bread(block 65) failed [ 380.520010][T10808] FAT-fs (loop0): Directory bread(block 66) failed [ 380.567297][T10808] FAT-fs (loop0): Directory bread(block 67) failed [ 380.572828][ T6942] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 380.588001][T10808] FAT-fs (loop0): Directory bread(block 68) failed [ 380.602990][T10808] FAT-fs (loop0): Directory bread(block 69) failed [ 380.625145][T10784] XFS (loop7): Mounting V5 Filesystem [ 380.645032][T10808] FAT-fs (loop0): Directory bread(block 70) failed [ 380.672613][T10808] FAT-fs (loop0): Directory bread(block 71) failed [ 380.777329][T10808] FAT-fs (loop0): Directory bread(block 72) failed [ 380.821379][T10808] FAT-fs (loop0): Directory bread(block 73) failed [ 380.844074][T10784] XFS (loop7): Ending clean mount [ 380.854566][T10821] loop1: detected capacity change from 0 to 256 [ 380.887817][T10784] XFS (loop7): Quotacheck needed: Please wait. [ 380.919287][T10821] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d) [ 381.078796][T10784] XFS (loop7): Quotacheck: Done. [ 381.133819][ T6942] DVB: Unable to find symbol tda10046_attach() [ 381.140091][ T6942] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 381.185968][ T6942] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 381.412994][ T9819] XFS (loop7): Unmounting Filesystem [ 381.441756][T10826] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2311'. [ 381.490847][ C0] net_ratelimit: 5024 callbacks suppressed [ 381.490863][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 381.509201][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 381.522360][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 381.534818][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 381.547536][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 381.559924][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 381.572754][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 381.585206][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 381.597622][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 381.610029][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 381.639240][ T6942] dvb_usb_m920x: probe of 7-1:0.0 failed with error -71 [ 381.696032][ T6942] usb 7-1: USB disconnect, device number 9 [ 381.795684][T10828] loop1: detected capacity change from 0 to 256 [ 381.906621][T10806] loop3: detected capacity change from 0 to 32768 [ 381.997570][T10828] FAT-fs (loop1): Directory bread(block 64) failed [ 382.014640][T10828] FAT-fs (loop1): Directory bread(block 65) failed [ 382.034246][T10828] FAT-fs (loop1): Directory bread(block 66) failed [ 382.070871][T10828] FAT-fs (loop1): Directory bread(block 67) failed [ 382.077768][T10828] FAT-fs (loop1): Directory bread(block 68) failed [ 382.085575][T10828] FAT-fs (loop1): Directory bread(block 69) failed [ 382.092606][T10828] FAT-fs (loop1): Directory bread(block 70) failed [ 382.100883][T10828] FAT-fs (loop1): Directory bread(block 71) failed [ 382.117695][T10828] FAT-fs (loop1): Directory bread(block 72) failed [ 382.161809][T10828] FAT-fs (loop1): Directory bread(block 73) failed [ 382.213531][T10806] XFS (loop3): Mounting V5 Filesystem [ 382.400470][T10806] XFS (loop3): Ending clean mount [ 382.428988][T10806] XFS (loop3): Quotacheck needed: Please wait. [ 382.762688][T10806] XFS (loop3): Quotacheck: Done. [ 383.003157][ T4271] XFS (loop3): Unmounting Filesystem [ 383.269941][T10857] loop6: detected capacity change from 0 to 1024 [ 383.279123][T10858] netlink: 'syz.1.2323': attribute type 15 has an invalid length. [ 383.564749][T10862] loop1: detected capacity change from 0 to 1024 [ 383.577780][T10860] loop7: detected capacity change from 0 to 1024 [ 383.612024][T10860] EXT4-fs: Ignoring removed oldalloc option [ 383.618013][T10860] EXT4-fs: Ignoring removed bh option [ 383.685561][T10860] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 383.805292][T10857] hfsplus: request for non-existent node 33554434 in B*Tree [ 383.816145][T10857] hfsplus: request for non-existent node 33554434 in B*Tree [ 383.985791][T10856] hfsplus: request for non-existent node 33554434 in B*Tree [ 383.997532][T10860] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 384.074110][T10867] loop0: detected capacity change from 0 to 1764 [ 384.080615][T10856] hfsplus: request for non-existent node 33554434 in B*Tree [ 384.269395][ T75] hfsplus: request for non-existent node 33554434 in B*Tree [ 384.280773][ T75] hfsplus: request for non-existent node 33554434 in B*Tree [ 384.305206][T10876] loop3: detected capacity change from 0 to 16 [ 384.345044][ T9819] EXT4-fs (loop7): unmounting filesystem. [ 384.432380][T10876] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 384.569688][T10867] iso9660: Corrupted directory entry in block 14 of inode 1920 [ 384.900566][ T4617] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 385.430069][ T4617] usb 7-1: config 0 has an invalid interface number: 2 but max is 0 [ 385.430100][ T4617] usb 7-1: config 0 has no interface number 0 [ 385.430126][ T4617] usb 7-1: too many endpoints for config 0 interface 2 altsetting 0: 129, using maximum allowed: 30 [ 385.430162][ T4617] usb 7-1: config 0 interface 2 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 385.430191][ T4617] usb 7-1: config 0 interface 2 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 385.430216][ T4617] usb 7-1: config 0 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129 [ 385.430257][ T4617] usb 7-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00 [ 385.430283][ T4617] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 385.441188][ T4617] usb 7-1: config 0 descriptor?? [ 385.692126][T10882] loop7: detected capacity change from 0 to 32768 [ 385.782216][T10882] XFS (loop7): Mounting V5 Filesystem [ 385.955393][T10882] XFS (loop7): Ending clean mount [ 385.970075][T10882] XFS (loop7): Quotacheck needed: Please wait. [ 386.030977][T10882] XFS (loop7): Quotacheck: Done. [ 386.136127][ T4617] wacom 0003:056A:0084.001A: unknown main item tag 0x0 [ 386.151006][ T4617] wacom 0003:056A:0084.001A: unknown main item tag 0x0 [ 386.176201][ T9819] XFS (loop7): Unmounting Filesystem [ 386.220714][ T4617] wacom 0003:056A:0084.001A: unknown main item tag 0x0 [ 386.281672][ T4617] wacom 0003:056A:0084.001A: unknown main item tag 0x0 [ 386.288928][ T4617] wacom 0003:056A:0084.001A: unknown main item tag 0x0 [ 386.297575][T10888] loop0: detected capacity change from 0 to 40427 [ 386.335779][T10888] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 386.348984][ T4617] wacom 0003:056A:0084.001A: unknown main item tag 0x0 [ 386.356018][ T4617] wacom 0003:056A:0084.001A: unknown main item tag 0x0 [ 386.387443][ T4617] wacom 0003:056A:0084.001A: hidraw0: USB HID vff.ea Device [HID 056a:0084] on usb-dummy_hcd.6-1/input2 [ 386.391416][T10888] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 386.474635][ T4617] usb 7-1: USB disconnect, device number 10 [ 386.508563][ C0] net_ratelimit: 5337 callbacks suppressed [ 386.508579][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 386.526962][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 386.538237][T10888] F2FS-fs (loop0): invalid crc value [ 386.541079][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 386.556449][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 386.569257][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 386.581708][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 386.594152][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 386.606534][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 386.618901][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 386.623657][T10892] loop1: detected capacity change from 0 to 32768 [ 386.632004][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 386.704816][T10888] F2FS-fs (loop0): Found nat_bits in checkpoint [ 386.742921][T10892] BTRFS: device fsid f8fbafda-0237-42f9-bd6b-a83e6ac3fc88 devid 1 transid 8 /dev/loop1 scanned by syz.1.2346 (10892) [ 386.847796][T10892] BTRFS info (device loop1): first mount of filesystem f8fbafda-0237-42f9-bd6b-a83e6ac3fc88 [ 386.894609][T10892] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 386.933571][T10888] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 386.955168][T10892] BTRFS info (device loop1): using free space tree [ 386.973922][T10888] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 387.026733][T10907] fido_id[10907]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 387.400989][T10892] BTRFS info (device loop1): enabling ssd optimizations [ 388.092183][T10937] loop7: detected capacity change from 0 to 256 [ 388.153553][ T4276] BTRFS info (device loop1): last unmount of filesystem f8fbafda-0237-42f9-bd6b-a83e6ac3fc88 [ 388.168540][T10904] loop3: detected capacity change from 0 to 40427 [ 388.250378][T10904] F2FS-fs (loop3): invalid crc value [ 388.378178][T10904] F2FS-fs (loop3): Found nat_bits in checkpoint [ 388.387225][T10940] mkiss: ax0: crc mode is auto. [ 388.655562][T10904] F2FS-fs (loop3): Start checkpoint disabled! [ 388.750859][T10904] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 389.008326][T10927] loop6: detected capacity change from 0 to 40427 [ 389.055451][T10927] F2FS-fs (loop6): build fault injection attr: rate: 690, type: 0x3ffff [ 389.081252][T10927] F2FS-fs (loop6): build fault injection attr: rate: 0, type: 0x2 [ 389.143429][T10927] F2FS-fs (loop6): invalid crc value [ 389.207635][T10927] F2FS-fs (loop6): Found nat_bits in checkpoint [ 389.258894][ T4319] kworker/u4:6: attempt to access beyond end of device [ 389.258894][ T4319] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 389.441316][T10927] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 389.833342][ T7936] syz-executor: attempt to access beyond end of device [ 389.833342][ T7936] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 391.164026][T10988] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2365'. [ 391.303838][T10992] loop6: detected capacity change from 0 to 512 [ 391.389095][T10958] loop7: detected capacity change from 0 to 40427 [ 391.550798][ C0] net_ratelimit: 4626 callbacks suppressed [ 391.550818][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 391.569092][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 391.581412][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 391.593748][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 391.606073][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 391.618535][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 391.631615][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 391.644023][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 391.656658][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 391.668977][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 391.689968][T10992] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 391.727350][T10982] loop3: detected capacity change from 0 to 32768 [ 391.747065][T10992] ext4 filesystem being mounted at /176/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 391.770397][T10958] F2FS-fs (loop7): Found nat_bits in checkpoint [ 391.900391][T10958] F2FS-fs (loop7): Cannot turn on quotas: -2 on 2 [ 391.920003][T10958] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 392.109055][ T7936] EXT4-fs (loop6): unmounting filesystem. [ 392.802792][T11004] loop0: detected capacity change from 0 to 131072 [ 392.812537][T11004] sched: RT throttling activated [ 392.853808][T11004] F2FS-fs (loop0): QUOTA feature is enabled, so ignore qf_name [ 392.864100][T11004] F2FS-fs (loop0): invalid crc value [ 392.994108][T11004] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 393.004338][T10982] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 393.044991][T10982] JBD2: Ignoring recovery information on journal [ 393.160829][T11023] loop6: detected capacity change from 0 to 512 [ 393.222321][T11004] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 393.363441][T11023] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.2373: bg 0: block 255: padding at end of block bitmap is not set [ 393.369129][T10982] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 393.390304][ T4524] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 393.428795][T11023] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6180: Corrupt filesystem [ 393.524655][T11023] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.2373: invalid indirect mapped block 1 (level 1) [ 393.621067][ T4524] usb 2-1: Using ep0 maxpacket: 8 [ 393.628708][ T4524] usb 2-1: unable to get BOS descriptor or descriptor too short [ 393.653902][T11023] EXT4-fs (loop6): 1 truncate cleaned up [ 393.665685][T11023] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 393.706309][ T4524] usb 2-1: config 4 interface 0 has no altsetting 0 [ 393.754806][ T4524] usb 2-1: string descriptor 0 read error: -22 [ 393.808819][ T4524] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 393.818543][T11023] EXT4-fs warning (device loop6): ext4_block_to_path:107: block 1057052516 > max in inode 18 [ 393.890964][ T4524] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 393.964077][ T4524] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 394.012253][ T4524] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 394.050457][ T4524] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 394.069759][ T7936] EXT4-fs (loop6): unmounting filesystem. [ 394.106063][ T4524] usb 2-1: media controller created [ 394.237151][ T4524] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 394.359571][ T4524] zl10353_read_register: readreg error (reg=127, ret==0) [ 394.509119][ T4524] usb 2-1: USB disconnect, device number 25 [ 394.531109][T11024] loop7: detected capacity change from 0 to 32768 [ 394.558252][ T4271] ocfs2: Unmounting device (7,3) on (node local) [ 394.885968][T11024] XFS (loop7): Mounting V5 Filesystem [ 395.252982][T11024] XFS (loop7): Ending clean mount [ 395.500135][T11056] netlink: 'syz.3.2387': attribute type 3 has an invalid length. [ 395.581379][T11056] netlink: 766 bytes leftover after parsing attributes in process `syz.3.2387'. [ 395.730575][ T9819] XFS (loop7): Unmounting Filesystem [ 396.417902][ T4620] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 396.560748][ C0] net_ratelimit: 3756 callbacks suppressed [ 396.560766][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 396.579153][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 396.592394][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 396.604970][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 396.617713][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 396.630099][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 396.642952][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 396.655457][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 396.667835][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 396.680225][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 396.877207][ T4620] usb 4-1: Using ep0 maxpacket: 32 [ 396.895900][T11075] netlink: 332 bytes leftover after parsing attributes in process `syz.1.2397'. [ 396.935390][T11075] netlink: 196 bytes leftover after parsing attributes in process `syz.1.2397'. [ 397.016454][ T4620] usb 4-1: config 2 has an invalid interface number: 88 but max is 0 [ 397.040677][ T4620] usb 4-1: config 2 has no interface number 0 [ 397.046939][ T4620] usb 4-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256 [ 397.097510][ T4620] usb 4-1: config 2 interface 88 has no altsetting 0 [ 397.230301][ T4620] usb 4-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 397.250702][ T4620] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.258886][ T4620] usb 4-1: Product: syz [ 397.300697][ T4620] usb 4-1: Manufacturer: syz [ 397.305418][ T4620] usb 4-1: SerialNumber: syz [ 397.342761][T11066] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 397.370358][T11083] loop7: detected capacity change from 0 to 1024 [ 397.588728][T11083] hfsplus: bad catalog entry type [ 397.600528][T11066] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 397.624042][T11087] sch_fq: defrate 4294967295 ignored. [ 397.693486][ T31] hfsplus: b-tree write err: -5, ino 25 [ 397.699721][ T31] hfsplus: b-tree write err: -5, ino 4 [ 397.705402][ T31] hfsplus: b-tree write err: -5, ino 2 [ 397.924678][T11089] loop7: detected capacity change from 0 to 128 [ 398.089575][ T4620] asix 4-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 398.099949][ T4620] asix: probe of 4-1:2.88 failed with error -71 [ 398.140490][ T4620] usb 4-1: USB disconnect, device number 20 [ 398.831923][T11103] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2410'. [ 400.326384][T11140] mkiss: ax0: crc mode is auto. [ 400.525377][T11147] loop1: detected capacity change from 0 to 4096 [ 400.680059][T11154] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 400.701859][T11153] loop3: detected capacity change from 0 to 1024 [ 400.887283][T11153] hfsplus: b-tree write err: -5, ino 2 [ 401.164794][ T75] hfsplus: b-tree write err: -5, ino 25 [ 401.174679][ T75] hfsplus: b-tree write err: -5, ino 4 [ 401.180298][ T75] hfsplus: b-tree write err: -5, ino 2 [ 401.230771][ T75] hfsplus: b-tree write err: -5, ino 26 [ 401.576044][ C0] net_ratelimit: 6693 callbacks suppressed [ 401.576066][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 401.595152][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 401.607538][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 401.620283][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 401.632756][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 401.645093][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 401.657421][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 401.669772][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 401.682091][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 401.694490][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 401.818269][T11156] loop6: detected capacity change from 0 to 32768 [ 401.838529][ T4620] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 401.979010][T11156] XFS (loop6): Mounting V5 Filesystem [ 402.139459][T11184] loop0: detected capacity change from 0 to 128 [ 402.150957][T11184] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 402.170582][T11184] hpfs: filesystem error: improperly stopped [ 402.180293][T11184] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 402.190052][T11184] hpfs: You really don't want any checks? You are crazy... [ 402.198032][T11184] hpfs: hpfs_map_sector(): read error [ 402.204064][T11184] hpfs: code page support is disabled [ 402.214191][T11184] hpfs: hpfs_map_4sectors(): unaligned read [ 402.220315][T11184] hpfs: hpfs_map_4sectors(): unaligned read [ 402.247146][T11184] hpfs: filesystem error: unable to find root dir [ 402.256349][ T4620] usb 2-1: Using ep0 maxpacket: 32 [ 402.425631][T11187] loop3: detected capacity change from 0 to 4096 [ 402.517228][ T4620] usb 2-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 402.526506][ T4620] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.572801][ T4620] usb 2-1: Product: syz [ 402.580156][ T4620] usb 2-1: Manufacturer: syz [ 402.628589][ T4620] usb 2-1: SerialNumber: syz [ 402.648295][ T4620] usb 2-1: config 0 descriptor?? [ 402.676422][T11187] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 402.740715][ T4620] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 402.748440][ T4620] dvb-usb: bulk message failed: -22 (4/0) [ 402.772966][T11156] XFS (loop6): Ending clean mount [ 402.779298][ T4620] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 402.821205][T11195] netlink: 88 bytes leftover after parsing attributes in process `syz.7.2447'. [ 402.833783][ T4620] dvb-usb: bulk message failed: -22 (5/0) [ 402.839598][ T4620] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 402.851554][T11195] tipc: Started in network mode [ 402.856560][T11195] tipc: Node identity ac141442, cluster identity 4711 [ 402.875295][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 402.930313][ T4620] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 402.945141][T11195] tipc: Enabling of bearer rejected, failed to enable media [ 403.001559][T11156] XFS (loop6): Quotacheck needed: Please wait. [ 403.026872][ T4620] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 403.035124][ T4620] usb 2-1: media controller created [ 403.063405][ T4620] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 403.132224][ T4620] usb 2-1: selecting invalid altsetting 3 [ 403.138031][ T4620] ttusb2: set interface to alts=3 failed [ 403.242782][T11156] XFS (loop6): Quotacheck: Done. [ 403.310763][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 403.310779][ T26] audit: type=1800 audit(1774996068.886:66): pid=11156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2433" name="file1" dev="loop6" ino=4422 res=0 errno=0 [ 403.427750][T11202] loop0: detected capacity change from 0 to 4096 [ 403.542228][ T4620] DVB: Unable to find symbol tda10086_attach() [ 403.558631][ T4620] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 403.602395][T11202] ntfs: volume version 3.1. [ 403.611607][ T4620] dvb-usb: bulk message failed: -22 (4/0) [ 403.617412][ T4620] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 403.658256][ T4620] dvb-usb: bulk message failed: -22 (5/0) [ 403.685020][ T4617] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 403.700743][ T4620] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 403.746264][ T4620] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 403.762564][T11202] ntfs: (device loop0): map_mft_record_page(): Attempt to read mft record 0xf80, which is beyond the end of the mft. This is probably a bug in the ntfs driver. [ 403.863582][ T4620] usb 2-1: USB disconnect, device number 26 [ 403.889923][T11202] ntfs: (device loop0): map_mft_record(): Failed with error code 2. [ 403.900498][T11209] syz.1.2452 (11209) used obsolete PPPIOCDETACH ioctl [ 403.910231][ T7936] XFS (loop6): Unmounting Filesystem [ 403.915761][T11202] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xf80 as bad. Run chkdsk. [ 403.978465][ T4620] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 404.136459][ T4617] usb 4-1: Using ep0 maxpacket: 8 [ 404.202026][ T4267] ntfs: (device loop0): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 404.348914][ T4617] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 404.371304][ T4617] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 404.395285][ T4617] usb 4-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00 [ 404.424121][ T4617] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.492583][ T4617] usb 4-1: config 0 descriptor?? [ 405.014220][ T4617] dragonrise 0003:0079:0006.001B: item fetching failed at offset 2/41 [ 405.033422][ T4617] dragonrise 0003:0079:0006.001B: parse failed [ 405.039677][ T4617] dragonrise: probe of 0003:0079:0006.001B failed with error -22 [ 405.276143][ T6942] usb 4-1: USB disconnect, device number 21 [ 405.837262][T11241] netlink: 616 bytes leftover after parsing attributes in process `syz.7.2468'. [ 406.330519][T11259] loop1: detected capacity change from 0 to 64 [ 406.581548][ C0] net_ratelimit: 5315 callbacks suppressed [ 406.581571][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 406.599846][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 406.612633][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 406.625077][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 406.637423][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 406.649807][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 406.662186][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 406.674692][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 406.687146][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 406.700326][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 407.299956][T11266] loop7: detected capacity change from 0 to 32768 [ 407.446108][T11266] jfs_mkdir: dtInsert returned -EIO [ 407.460685][T11266] ERROR: (device loop7): jfs_mkdir: [ 407.460685][T11266] [ 407.496642][T11266] ERROR: (device loop7): remounting filesystem as read-only [ 407.542586][T11266] jfs_lookup: iget failed on inum 4 [ 407.549386][T11266] jfs_lookup: iget failed on inum 4 [ 408.389171][T11271] loop3: detected capacity change from 0 to 32768 [ 408.399859][T11274] loop6: detected capacity change from 0 to 32768 [ 408.638162][T11271] XFS (loop3): Mounting V5 Filesystem [ 408.646454][T11274] XFS (loop6): Mounting V5 Filesystem [ 408.768773][T11274] XFS (loop6): Ending clean mount [ 408.816993][T11271] XFS (loop3): Ending clean mount [ 409.059736][ T7936] XFS (loop6): Unmounting Filesystem [ 409.204430][T11285] loop0: detected capacity change from 0 to 32768 [ 409.218313][ T4271] XFS (loop3): Unmounting Filesystem [ 409.819626][T11292] loop1: detected capacity change from 0 to 32768 [ 409.995439][T11292] XFS (loop1): Mounting V5 Filesystem [ 410.202524][T11292] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 410.343406][T11292] XFS (loop1): Starting recovery (logdev: internal) [ 410.661705][T11292] XFS (loop1): Ending recovery (logdev: internal) [ 410.919222][ T4276] XFS (loop1): Unmounting Filesystem [ 411.001122][ T4274] Bluetooth: hci5: link tx timeout [ 411.011066][ T4274] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 411.590804][ C0] net_ratelimit: 5473 callbacks suppressed [ 411.590822][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 411.609080][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 411.621457][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 411.633925][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 411.649047][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 411.661473][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 411.674295][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 411.686616][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 411.699417][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 411.711837][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 413.018236][T11384] loop1: detected capacity change from 0 to 164 [ 413.070771][ T4274] Bluetooth: hci5: command 0x0406 tx timeout [ 413.203192][T11388] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 413.577648][T11394] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 ! [ 413.830253][T11396] mkiss: ax0: crc mode is auto. [ 413.952318][T11399] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 414.031047][T11399] CIFS mount error: No usable UNC path provided in device string! [ 414.031047][T11399] [ 414.062086][T11399] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 414.178673][T11383] loop7: detected capacity change from 0 to 32768 [ 414.293023][T11383] ocfs2: Slot 0 on device (7,7) was already allocated to this node! [ 414.327720][T11406] loop1: detected capacity change from 0 to 512 [ 414.361989][T11383] JBD2: Ignoring recovery information on journal [ 414.457987][T11390] loop3: detected capacity change from 0 to 32768 [ 414.512651][T11390] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.2527 (11390) [ 414.623284][T11390] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 414.632018][T11383] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 414.706694][T11406] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 414.730984][T11390] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 414.739869][T11390] BTRFS info (device loop3): setting nodatasum [ 414.747495][T11406] ext4 filesystem being mounted at /557/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 414.759516][ T26] audit: type=1800 audit(1774996080.316:67): pid=11383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2524" name="file1" dev="loop7" ino=17058 res=0 errno=0 [ 414.790495][T11390] BTRFS info (device loop3): force zlib compression, level 3 [ 414.870375][T11390] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 414.952335][T11390] BTRFS info (device loop3): use lzo compression, level 0 [ 414.976231][ T4276] EXT4-fs (loop1): unmounting filesystem. [ 415.003597][T11390] BTRFS info (device loop3): turning on flush-on-commit [ 415.014021][ T9819] ocfs2: Unmounting device (7,7) on (node local) [ 415.040681][T11390] BTRFS info (device loop3): enabling auto defrag [ 415.116461][T11390] BTRFS info (device loop3): max_inline at 4096 [ 415.157883][T11390] BTRFS info (device loop3): using free space tree [ 415.466827][T11390] BTRFS info (device loop3): enabling ssd optimizations [ 415.733060][ T14] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 415.733902][ T4271] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 416.107457][ T14] usb 7-1: Using ep0 maxpacket: 16 [ 416.323306][ T14] usb 7-1: unable to get BOS descriptor or descriptor too short [ 416.448177][ T14] usb 7-1: config 127 has an invalid interface number: 124 but max is 0 [ 416.463465][ T14] usb 7-1: config 127 has no interface number 0 [ 416.497901][ T14] usb 7-1: config 127 interface 124 has no altsetting 0 [ 416.602444][ C0] net_ratelimit: 5498 callbacks suppressed [ 416.602462][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 416.620771][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 416.633055][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 416.645366][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 416.657688][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 416.669965][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 416.682383][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 416.695526][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 416.707905][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 416.720556][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 416.876042][ T14] usb 7-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=36.87 [ 416.890661][ T14] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.940675][ T14] usb 7-1: Product: syz [ 416.944914][ T14] usb 7-1: Manufacturer: syz [ 416.949543][ T14] usb 7-1: SerialNumber: syz [ 417.754905][T11481] sp0: Synchronizing with TNC [ 418.047774][ T14] usb 7-1: USB disconnect, device number 11 [ 418.100874][ T4268] Bluetooth: hci0: command 0x0c1a tx timeout [ 418.107063][ T4274] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 418.276573][T11494] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 418.290763][T11494] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 418.306652][T11494] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 418.340988][T11494] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 418.360188][T11494] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 418.361207][ T14] usb 7-1: new full-speed USB device number 12 using dummy_hcd [ 418.379022][T11494] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 418.379210][T11494] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 418.379247][T11494] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 418.379284][T11494] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 418.379320][T11494] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 418.379355][T11494] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 418.379391][T11494] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 418.619818][T11496] loop7: detected capacity change from 0 to 4096 [ 418.855240][T11503] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 418.950247][T11496] NILFS (loop7): nilfs_sufile_do_free: segment 9 is already clean [ 418.975387][T11486] loop0: detected capacity change from 0 to 32768 [ 419.290916][T11486] XFS (loop0): Mounting V5 Filesystem [ 419.470154][T11486] XFS (loop0): Ending clean mount [ 419.789235][ T4267] XFS (loop0): Unmounting Filesystem [ 419.797178][T11531] tipc: Enabling of bearer <“dp:s> rejected, media not registered [ 419.822546][T11533] 9pnet_fd: Insufficient options for proto=fd [ 420.374490][T11540] loop1: detected capacity change from 0 to 4096 [ 420.421540][T11545] delete_channel: no stack [ 420.439907][T11544] hugetlbfs: Bad value 'k' for mount option 'nr_inodes' [ 420.439907][T11544] [ 420.458503][T11542] delete_channel: no stack [ 420.544207][T11547] loop3: detected capacity change from 0 to 1024 [ 420.594083][T11540] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 420.721836][ T26] audit: type=1800 audit(1774996086.266:68): pid=11540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2580" name="file1" dev="loop1" ino=30 res=0 errno=0 [ 420.853685][ T4313] kernel write not supported for file /audio (pid: 4313 comm: kworker/0:5) [ 420.948947][ T4319] hfsplus: b-tree write err: -5, ino 25 [ 420.965573][ T4319] hfsplus: b-tree write err: -5, ino 4 [ 420.985153][ T4319] hfsplus: b-tree write err: -5, ino 2 [ 421.071777][T11555] vivid-003: disconnect [ 421.102886][T11554] vivid-003: reconnect [ 421.612491][ C0] net_ratelimit: 5545 callbacks suppressed [ 421.612509][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 421.630898][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 421.643237][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 421.655584][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 421.667925][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 421.670939][ T5516] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 421.680907][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 421.699946][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 421.712962][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 421.725460][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 421.738164][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 421.932560][ T5516] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 421.962209][ T5516] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 422.000657][ T5516] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 422.040261][ T5516] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 422.071911][ T5516] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 422.123315][ T5516] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 422.150695][ T5516] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 422.179276][ T5516] usb 2-1: Product: syz [ 422.199548][ T5516] usb 2-1: Manufacturer: syz [ 422.220420][T11563] loop0: detected capacity change from 0 to 32768 [ 422.243945][ T5516] cdc_wdm 2-1:1.0: skipping garbage [ 422.249339][ T5516] cdc_wdm 2-1:1.0: skipping garbage [ 422.281367][T11563] XFS: attr2 mount option is deprecated. [ 422.327903][ T5516] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 422.358245][ T5516] cdc_wdm 2-1:1.0: Unknown control protocol [ 422.427070][T11559] loop7: detected capacity change from 0 to 40427 [ 422.536068][T11559] F2FS-fs (loop7): Invalid SB checksum offset: 0 [ 422.545786][T11559] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock [ 422.599349][T11571] loop6: detected capacity change from 0 to 32768 [ 422.645257][T11563] XFS (loop0): Mounting V5 Filesystem [ 422.650961][T11571] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop6 scanned by syz.6.2595 (11571) [ 422.669190][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 422.702621][ T5516] usb 2-1: USB disconnect, device number 27 [ 422.722441][T11559] F2FS-fs (loop7): invalid crc value [ 422.768927][T11563] XFS (loop0): Ending clean mount [ 422.790773][T11571] BTRFS info (device loop6): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 422.801644][T11573] loop3: detected capacity change from 0 to 40427 [ 422.813831][T11571] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm [ 422.836092][T11571] BTRFS info (device loop6): enabling disk space caching [ 422.847410][T11573] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 422.869230][T11571] BTRFS info (device loop6): force clearing of disk cache [ 422.876222][T11559] F2FS-fs (loop7): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 422.901570][T11573] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 422.911384][T11571] BTRFS info (device loop6): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 422.939769][T11573] F2FS-fs (loop3): invalid crc value [ 422.945423][T11563] XFS (loop0): Quotacheck needed: Please wait. [ 422.986647][T11571] BTRFS info (device loop6): use zstd compression, level 3 [ 423.035650][T11571] BTRFS info (device loop6): disk space caching is enabled [ 423.111149][T11563] XFS (loop0): Quotacheck: Done. [ 423.149634][T11573] F2FS-fs (loop3): Found nat_bits in checkpoint [ 423.156029][T11559] F2FS-fs (loop7): Try to recover 2th superblock, ret: 0 [ 423.171815][T11559] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 423.500262][T11573] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 423.519072][T11573] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 423.576766][T11571] BTRFS info (device loop6): enabling ssd optimizations [ 423.597547][T11571] BTRFS info (device loop6): rebuilding free space tree [ 423.626185][T11607] tipc: Started in network mode [ 423.656246][T11571] BTRFS info (device loop6): disabling free space tree [ 423.677213][T11607] tipc: Node identity aaaaaaaaaa33, cluster identity 4711 [ 423.685061][ T9819] syz-executor: attempt to access beyond end of device [ 423.685061][ T9819] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 423.706699][T11571] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 423.754731][T11607] tipc: Enabled bearer , priority 10 [ 423.790669][T11571] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 423.992488][ T4267] XFS (loop0): Unmounting Filesystem [ 424.251753][ T7936] BTRFS info (device loop6): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 424.970023][ T4793] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 11 /dev/loop6 scanned by udevd (4793) [ 425.061858][ T4338] tipc: Node number set to 10070698 [ 426.356537][T11634] loop3: detected capacity change from 0 to 32768 [ 426.395495][T11634] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.2610 (11634) [ 426.477562][T11634] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 426.487981][T11634] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 426.527183][T11634] BTRFS info (device loop3): setting nodatacow, compression disabled [ 426.559422][T11634] BTRFS info (device loop3): force zlib compression, level 3 [ 426.566959][T11634] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 426.595385][T11634] BTRFS info (device loop3): use lzo compression, level 0 [ 426.622334][T11634] BTRFS info (device loop3): turning on flush-on-commit [ 426.629466][T11634] BTRFS info (device loop3): enabling auto defrag [ 426.637026][ C0] net_ratelimit: 4278 callbacks suppressed [ 426.637042][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 426.655477][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 426.668197][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 426.680696][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 426.693023][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 426.705316][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 426.717609][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 426.729895][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 426.742257][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 426.755277][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 426.808002][T11634] BTRFS info (device loop3): using free space tree [ 427.111123][T11634] BTRFS info (device loop3): enabling ssd optimizations [ 427.477891][ T4271] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 427.637037][T11692] loop7: detected capacity change from 0 to 512 [ 427.718176][T11692] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 427.789845][T11693] loop1: detected capacity change from 0 to 4096 [ 427.855139][T11692] EXT4-fs (loop7): 1 truncate cleaned up [ 427.860960][T11692] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 428.005511][ T26] audit: type=1800 audit(1774996093.576:69): pid=11692 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.2630" name="file1" dev="loop7" ino=15 res=0 errno=0 [ 428.023777][T11697] loop3: detected capacity change from 0 to 256 [ 428.056031][T11697] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 428.115510][T11698] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 428.203111][ T9819] EXT4-fs (loop7): unmounting filesystem. [ 428.419562][T11670] loop0: detected capacity change from 0 to 40427 [ 428.497681][T11670] F2FS-fs (loop0): invalid crc value [ 428.634341][T11700] loop7: detected capacity change from 0 to 4096 [ 428.678158][T11700] NILFS: invalid option "cp=0x00": invalid checkpoint number 0 [ 428.742384][T11700] overlayfs: unrecognized mount option "\strict" or missing value [ 428.801079][T11670] F2FS-fs (loop0): Found nat_bits in checkpoint [ 429.010694][T11714] IPVS: sync thread started: state = BACKUP, mcast_ifn = macvlan1, syncid = 512, id = 0 [ 429.036667][T11670] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 429.055000][T11713] IPVS: stopping backup sync thread 11714 ... [ 429.089533][ T26] audit: type=1326 audit(1774996094.656:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11715 comm="syz.7.2637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb879c819 code=0x7ffc0000 [ 429.180680][ T26] audit: type=1326 audit(1774996094.686:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11715 comm="syz.7.2637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fdcb879c819 code=0x7ffc0000 [ 429.393857][ T26] audit: type=1326 audit(1774996094.686:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11715 comm="syz.7.2637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb879c819 code=0x7ffc0000 [ 429.473363][ T26] audit: type=1326 audit(1774996094.686:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11715 comm="syz.7.2637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb879c819 code=0x7ffc0000 [ 429.497199][ T4267] syz-executor: attempt to access beyond end of device [ 429.497199][ T4267] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 429.573134][T11724] netlink: 'syz.7.2639': attribute type 30 has an invalid length. [ 429.616122][ T26] audit: type=1326 audit(1774996094.686:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11715 comm="syz.7.2637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7fdcb879c819 code=0x7ffc0000 [ 429.770679][ T26] audit: type=1326 audit(1774996094.686:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11715 comm="syz.7.2637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb879c819 code=0x7ffc0000 [ 429.889981][ T26] audit: type=1326 audit(1774996094.686:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11715 comm="syz.7.2637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcb879c819 code=0x7ffc0000 [ 431.268402][T11732] loop7: detected capacity change from 0 to 40427 [ 431.331029][T11732] F2FS-fs (loop7): invalid crc value [ 431.418169][T11732] F2FS-fs (loop7): Found nat_bits in checkpoint [ 431.595819][T11768] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2660'. [ 431.643616][ C0] net_ratelimit: 4640 callbacks suppressed [ 431.643640][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 431.657133][T11768] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2660'. [ 431.663863][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 431.683448][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 431.696105][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 431.708507][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 431.721465][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 431.733938][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 431.740052][T11732] F2FS-fs (loop7): Cannot turn on quotas: -2 on 0 [ 431.746720][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 431.764886][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 431.774998][T11768] netlink: 52 bytes leftover after parsing attributes in process `syz.6.2660'. [ 431.777904][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 431.815292][T11732] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4 [ 431.940954][T11759] loop0: detected capacity change from 0 to 32768 [ 432.180519][T11759] JBD2: Ignoring recovery information on journal [ 432.291386][T11773] loop3: detected capacity change from 0 to 512 [ 432.343193][ T9819] syz-executor: attempt to access beyond end of device [ 432.343193][ T9819] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 432.452819][T11774] loop6: detected capacity change from 0 to 4096 [ 432.462971][T11773] EXT4-fs (loop3): 1 truncate cleaned up [ 432.471287][T11773] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 432.585173][T11774] ntfs3: loop6: Mark volume as dirty due to NTFS errors [ 432.599919][T11759] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 432.700769][T11773] EXT4-fs: can't change dax mount option while remounting [ 432.756268][T11774] ntfs3: loop6: Failed to load $Extend. [ 432.920777][T11778] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 7: invalid block bitmap [ 433.018617][ T26] audit: type=1804 audit(1774996098.586:77): pid=11783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2661" name="/newroot/230/file1/file1" dev="loop6" ino=30 res=1 errno=0 [ 433.064246][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 433.170114][ T26] audit: type=1800 audit(1774996098.726:78): pid=11783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2661" name="file1" dev="loop6" ino=30 res=0 errno=0 [ 433.235057][ T4267] ocfs2: Unmounting device (7,0) on (node local) [ 433.627842][T11795] loop6: detected capacity change from 0 to 256 [ 433.681586][T11795] exfat: Deprecated parameter 'utf8' [ 433.687035][T11795] exfat: Deprecated parameter 'namecase' [ 433.953117][T11795] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d) [ 434.089836][T11804] loop0: detected capacity change from 0 to 4096 [ 434.580754][T11818] loop1: detected capacity change from 0 to 1024 [ 435.899746][T11854] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0 [ 435.996193][T11858] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2699'. [ 436.209752][T11859] loop6: detected capacity change from 0 to 8192 [ 436.653195][ C0] net_ratelimit: 4632 callbacks suppressed [ 436.653214][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 436.671704][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 436.684956][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 436.697476][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 436.710453][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 436.722867][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 436.735789][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 436.748298][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 436.760791][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 436.773285][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 437.406904][T11890] loop0: detected capacity change from 0 to 512 [ 437.420955][ T4526] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 437.470945][ T4277] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 437.508882][T11890] EXT4-fs (loop0): 1 truncate cleaned up [ 437.548753][T11890] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 437.616443][ T4526] usb 7-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d [ 437.644416][ T4526] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.702752][ T4526] usb 7-1: config 0 descriptor?? [ 437.720784][ T4277] usb 4-1: Using ep0 maxpacket: 32 [ 437.728926][ T4277] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 437.766100][T11890] EXT4-fs: can't change dax mount option while remounting [ 437.778888][ T4277] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 437.827471][ T4277] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 437.857502][ T4277] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.880303][ T4277] usb 4-1: config 0 descriptor?? [ 437.892727][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 437.931183][ T4277] hub 4-1:0.0: USB hub found [ 438.127156][ T4277] hub 4-1:0.0: 29 ports detected [ 438.136853][ T4526] hackrf 7-1:0.0: Board ID: 00 [ 438.142424][ T4526] hackrf 7-1:0.0: Firmware version: [ 438.148448][ T4277] hub 4-1:0.0: insufficient power available to use all downstream ports [ 438.176768][ T4526] hackrf 7-1:0.0: Registered as swradio24 [ 438.193036][ T4526] videodev: could not get a free minor [ 438.203200][ T4526] hackrf 7-1:0.0: Failed to register as video device (-23) [ 438.254274][ T4526] hackrf: probe of 7-1:0.0 failed with error -23 [ 438.263085][T11901] loop7: detected capacity change from 0 to 1024 [ 438.360396][ T4526] usb 7-1: USB disconnect, device number 13 [ 438.431776][T11901] hfsplus: bad catalog entry type [ 438.578147][ T4329] hfsplus: b-tree write err: -5, ino 25 [ 438.590303][ T4329] hfsplus: b-tree write err: -5, ino 4 [ 438.596489][ T4329] hfsplus: b-tree write err: -5, ino 2 [ 438.611739][ T4277] usb 4-1: USB disconnect, device number 22 [ 438.857766][T11911] netlink: 'syz.7.2719': attribute type 1 has an invalid length. [ 438.888916][T11908] loop0: detected capacity change from 0 to 8192 [ 438.944895][T11908] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 439.361703][T11915] loop6: detected capacity change from 0 to 4096 [ 439.460699][T11919] sp0: Synchronizing with TNC [ 439.561054][T11915] ntfs: volume version 3.1. [ 439.877622][T11927] loop3: detected capacity change from 0 to 512 [ 439.969454][T11927] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 440.002904][T11927] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 440.028119][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.034561][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.095307][T11927] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 440.113792][T11927] System zones: 0-2, 18-18, 34-34 [ 440.120447][T11927] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.2729: inode #15: comm syz.3.2729: iget: illegal inode # [ 440.259466][T11927] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.2729: couldn't read orphan inode 15 (err -117) [ 440.314113][T11927] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 440.562035][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 441.187039][T11956] netlink: 5364 bytes leftover after parsing attributes in process `syz.1.2742'. [ 441.465492][T11962] loop3: detected capacity change from 0 to 1024 [ 441.506376][T11962] EXT4-fs: inline encryption not supported [ 441.586130][T11964] loop6: detected capacity change from 0 to 512 [ 441.625160][T11964] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 441.652437][T11962] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 441.662461][T11962] ext4 filesystem being mounted at /573/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 441.681026][ C0] net_ratelimit: 5882 callbacks suppressed [ 441.681041][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 441.699392][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 441.711747][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 441.717766][T11964] EXT4-fs (loop6): orphan cleanup on readonly fs [ 441.724083][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 441.742749][T11964] EXT4-fs warning (device loop6): ext4_enable_quotas:7087: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 441.742798][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 441.769890][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 441.782299][T11964] EXT4-fs (loop6): Cannot turn on quotas: error -22 [ 441.784464][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 441.801350][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 441.813764][T11964] EXT4-fs error (device loop6): ext4_ext_check_inode:530: inode #13: comm syz.6.2746: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 441.814479][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 441.844217][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 441.873234][T11964] EXT4-fs error (device loop6): ext4_orphan_get:1404: comm syz.6.2746: couldn't read orphan inode 13 (err -117) [ 441.921155][T11964] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 441.955070][T11964] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 441.965292][T11964] EXT4-fs (loop6): warning: mounting fs with errors, running e2fsck is recommended [ 441.967600][ T31] EXT4-fs error (device loop3): ext4_map_blocks:745: inode #15: block 3: comm kworker/u4:2: lblock 3 mapped to illegal pblock 3 (length 3) [ 442.024440][ T31] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 442.043449][ T31] EXT4-fs (loop3): This should not happen!! Data will be lost [ 442.043449][ T31] [ 442.075344][T11964] EXT4-fs warning (device loop6): ext4_enable_quotas:7087: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 442.091508][ T46] EXT4-fs error (device loop3): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:3: lblock 8 mapped to illegal pblock 8 (length 8) [ 442.131242][ T4273] Bluetooth: hci4: command 0x0406 tx timeout [ 442.159656][ T46] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 442.183566][T11964] EXT4-fs (loop6): warning: mounting unchecked fs, running e2fsck is recommended [ 442.249516][ T46] EXT4-fs (loop3): This should not happen!! Data will be lost [ 442.249516][ T46] [ 442.296942][T11964] EXT4-fs warning (device loop6): ext4_enable_quotas:7087: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 442.366809][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 442.506841][ T7936] EXT4-fs (loop6): unmounting filesystem. [ 442.525354][T11981] loop7: detected capacity change from 0 to 4096 [ 442.737195][T11988] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2749'. [ 442.750900][T11987] MPTCP: kernel_bind error, err=-22 [ 443.224215][T11995] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2757'. [ 443.262570][T11997] loop6: detected capacity change from 0 to 128 [ 443.305045][T11995] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2757'. [ 443.338126][T11995] netlink: 'syz.0.2757': attribute type 15 has an invalid length. [ 443.347579][T11997] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 443.380893][T11995] netlink: 'syz.0.2757': attribute type 18 has an invalid length. [ 443.485590][T11997] ext4 filesystem being mounted at /250/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 443.540996][ T4277] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 443.673765][ T7936] EXT4-fs (loop6): unmounting filesystem. [ 443.760737][ T4277] usb 4-1: Using ep0 maxpacket: 16 [ 443.768531][ T4277] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 443.809827][ T4277] usb 4-1: config 0 has no interface number 0 [ 443.848060][ T4277] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 443.886534][T12015] loop0: detected capacity change from 0 to 256 [ 443.890135][ T4277] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 443.916221][ T4277] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 443.958793][ T4277] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.994438][ T4277] usb 4-1: config 0 descriptor?? [ 444.615527][ T4277] uclogic 0003:28BD:0071.001C: failed retrieving string descriptor #100: -71 [ 444.635013][ T4277] uclogic 0003:28BD:0071.001C: failed retrieving pen parameters: -71 [ 444.650768][ T4277] uclogic 0003:28BD:0071.001C: pen probing failed: -71 [ 444.680787][ T4277] uclogic 0003:28BD:0071.001C: failed probing parameters: -71 [ 444.688370][ T4277] uclogic: probe of 0003:28BD:0071.001C failed with error -71 [ 444.737465][T12034] loop0: detected capacity change from 0 to 256 [ 444.751962][ T4277] usb 4-1: USB disconnect, device number 23 [ 444.940891][ T4526] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 445.086377][T12034] FAT-fs (loop0): Directory bread(block 64) failed [ 445.105594][T12034] FAT-fs (loop0): Directory bread(block 65) failed [ 445.124924][T12034] FAT-fs (loop0): Directory bread(block 66) failed [ 445.144841][ T4526] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 445.167307][ T4526] usb 2-1: config 0 has no interface number 0 [ 445.181266][T12034] FAT-fs (loop0): Directory bread(block 67) failed [ 445.201258][ T4526] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 445.221046][T12034] FAT-fs (loop0): Directory bread(block 68) failed [ 445.227881][T12040] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 445.258916][T12034] FAT-fs (loop0): Directory bread(block 69) failed [ 445.266415][ T4526] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.280998][T12034] FAT-fs (loop0): Directory bread(block 70) failed [ 445.298331][ T4526] usb 2-1: config 0 descriptor?? [ 445.303736][T12034] FAT-fs (loop0): Directory bread(block 71) failed [ 445.326960][ T4526] usb 2-1: selecting invalid altsetting 1 [ 445.357662][T12034] FAT-fs (loop0): Directory bread(block 72) failed [ 445.372880][ T4526] dvb_ttusb_budget: ttusb_init_controller: error [ 445.386358][T12043] loop3: detected capacity change from 0 to 512 [ 445.399286][T12034] FAT-fs (loop0): Directory bread(block 73) failed [ 445.408431][ T4526] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 445.489095][T12043] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 445.539327][T12043] EXT4-fs (loop3): can't mount with journal_checksum, fs mounted w/o journal [ 445.768072][ T4526] DVB: Unable to find symbol cx22700_attach() [ 446.021088][ T4526] DVB: Unable to find symbol tda10046_attach() [ 446.027324][ T4526] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 446.082215][ T4526] usb 2-1: USB disconnect, device number 28 [ 446.239370][T12061] netem: incorrect ge model size [ 446.280193][T12061] netem: change failed [ 446.507932][T12064] loop0: detected capacity change from 0 to 512 [ 446.579875][T12069] loop6: detected capacity change from 0 to 512 [ 446.698243][T12064] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 446.711360][ C0] net_ratelimit: 5056 callbacks suppressed [ 446.711380][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 446.729803][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 446.742470][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 446.754914][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 446.767661][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 446.780139][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 446.792514][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 446.804883][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 446.817231][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 446.829609][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 446.878344][T12064] ext4 filesystem being mounted at /564/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 446.945679][T12065] loop3: detected capacity change from 0 to 8192 [ 447.061600][ T4267] EXT4-fs (loop0): unmounting filesystem. [ 447.085982][T12065] loop3: p1 < > p3 < p5 > p4 [ 447.110245][T12065] loop3: partition table partially beyond EOD, truncated [ 447.143385][T12065] loop3: p1 start 4294967040 is beyond EOD, truncated [ 447.867607][ T4378] udevd[4378]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 447.898089][ T4793] udevd[4793]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 447.911436][ T4353] udevd[4353]: inotify_add_watch(7, /dev/loop3p5, 10) failed: No such file or directory [ 447.967783][T12098] loop7: detected capacity change from 0 to 164 [ 448.554991][T12112] loop6: detected capacity change from 0 to 64 [ 448.676896][T12084] loop1: detected capacity change from 0 to 40427 [ 448.717209][T12084] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 448.780457][T12112] hfs: request for non-existent node 196608 in B*Tree [ 448.828253][T12084] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 448.858367][T12112] hfs: request for non-existent node 196608 in B*Tree [ 448.889755][T12084] F2FS-fs (loop1): invalid crc value [ 448.929375][T12084] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 9809626597) [ 449.183462][T12121] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2813'. [ 449.262237][T12084] F2FS-fs (loop1): recover fsync data on readonly fs [ 449.285529][T12084] F2FS-fs (loop1): Try to recover 1th superblock, ret: -30 [ 449.347833][T12084] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 449.802677][T12131] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2818'. [ 450.232406][T12142] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 450.238933][T12142] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 450.297837][T12142] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 450.340101][T12142] comedi comedi3: 8255: I/O port conflict (0x7fffffff,4) [ 450.372008][T12144] loop6: detected capacity change from 0 to 764 [ 450.441227][T12142] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 450.461363][T12142] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 450.478192][T12142] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 450.528262][T12142] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 450.555861][T12142] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 450.590433][ T4274] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 450.600246][ T4274] Bluetooth: hci1: Injecting HCI hardware error event [ 450.610716][ T4273] Bluetooth: hci1: hardware error 0x00 [ 450.632150][T12142] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 450.674222][T12142] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 451.018344][T12133] loop3: detected capacity change from 0 to 32768 [ 451.218604][T12133] XFS (loop3): Mounting V5 Filesystem [ 451.267724][T12164] netlink: 56 bytes leftover after parsing attributes in process `syz.7.2830'. [ 451.318908][T12133] XFS (loop3): Ending clean mount [ 451.328473][T12164] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2830'. [ 451.347637][T12133] XFS (loop3): Quotacheck needed: Please wait. [ 451.521833][T12133] XFS (loop3): Quotacheck: Done. [ 451.618820][T12133] xfs: Unexpected value for 'quota' [ 451.644680][T12168] loop7: detected capacity change from 0 to 1024 [ 451.700281][T12168] EXT4-fs: inline encryption not supported [ 451.722071][ C0] net_ratelimit: 5028 callbacks suppressed [ 451.722092][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 451.740742][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 451.753557][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 451.765983][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 451.778796][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 451.791295][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 451.803680][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 451.817632][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 451.830054][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 451.842497][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 451.872246][ T4271] XFS (loop3): Unmounting Filesystem [ 451.884415][T12168] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 451.893379][T12168] ext4 filesystem being mounted at /152/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 451.975636][ T46] EXT4-fs error (device loop7): ext4_map_blocks:745: inode #15: block 3: comm kworker/u4:3: lblock 3 mapped to illegal pblock 3 (length 3) [ 451.994795][ T46] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 452.015657][ T46] EXT4-fs (loop7): This should not happen!! Data will be lost [ 452.015657][ T46] [ 452.036933][ T46] EXT4-fs error (device loop7): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:3: lblock 8 mapped to illegal pblock 8 (length 8) [ 452.061747][ T46] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 452.083344][ T46] EXT4-fs (loop7): This should not happen!! Data will be lost [ 452.083344][ T46] [ 452.101034][ T9819] EXT4-fs (loop7): unmounting filesystem. [ 452.279333][T12174] loop7: detected capacity change from 0 to 4096 [ 452.311491][T12174] ntfs: (device loop7): ntfs_read_locked_inode(): $DATA attribute is missing. [ 452.333097][T12174] ntfs: (device loop7): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 452.346843][T12174] ntfs: (device loop7): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 452.359765][T12174] ntfs: volume version 3.1. [ 452.368808][T12174] ntfs: (device loop7): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 452.402803][T12174] ntfs: (device loop7): ntfs_read_locked_index_inode(): Failed with error code -5 while reading index inode (mft_no 0x18, name_len 2. [ 452.447418][T12174] ntfs: (device loop7): load_and_init_quota(): Failed to load $Quota/$Q index. [ 452.467429][T12174] ntfs: (device loop7): load_system_files(): Failed to load $Quota. Mounting read-only. Run chkdsk. [ 452.671158][ T4273] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 453.595617][T12176] loop1: detected capacity change from 0 to 32768 [ 453.689394][T12176] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 453.807244][T12176] JBD2: Ignoring recovery information on journal [ 454.094450][T12176] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 454.247307][ T26] audit: type=1800 audit(1774996119.816:79): pid=12176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2835" name="file1" dev="loop1" ino=17058 res=0 errno=0 [ 454.547877][ T4276] ocfs2: Unmounting device (7,1) on (node local) [ 454.786631][T12224] loop7: detected capacity change from 0 to 512 [ 454.839650][T12224] EXT4-fs: Ignoring removed nomblk_io_submit option [ 454.882236][T12224] EXT4-fs: Ignoring removed mblk_io_submit option [ 455.006908][T12224] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -2 [ 455.038722][T12224] EXT4-fs (loop7): Cannot turn on journaled quota: type 1: error -2 [ 455.074662][T12233] loop0: detected capacity change from 0 to 256 [ 455.134340][T12224] EXT4-fs (loop7): 1 truncate cleaned up [ 455.164944][T12224] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 455.197189][T12233] FAT-fs (loop0): bogus logical sector size 128 [ 455.207403][T12233] FAT-fs (loop0): Can't find a valid FAT filesystem [ 455.311402][T12224] EXT4-fs error (device loop7): ext4_map_blocks:635: inode #2: block 4: comm syz.7.2856: lblock 0 mapped to illegal pblock 4 (length 1) [ 455.465201][T12224] EXT4-fs (loop7): Remounting filesystem read-only [ 455.555982][T12243] syz.3.2864[12243] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 455.556162][T12243] syz.3.2864[12243] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 455.639269][ T9819] EXT4-fs (loop7): unmounting filesystem. [ 456.750100][ C0] net_ratelimit: 4383 callbacks suppressed [ 456.750121][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 456.768559][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 456.780950][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 456.793537][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 456.805891][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 456.818259][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 456.830986][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:e6:7e:b9:2b:80:0d, vlan:0) [ 456.844668][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 456.857183][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 456.870193][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 456.933617][ T14] kernel write not supported for file /sg0 (pid: 14 comm: kworker/0:1) [ 457.327089][T12283] loop1: detected capacity change from 0 to 1024 [ 457.716001][ T4329] hfsplus: b-tree write err: -5, ino 25 [ 457.747348][ T4329] hfsplus: b-tree write err: -5, ino 4 [ 457.767226][ T4329] hfsplus: b-tree write err: -5, ino 2 [ 457.940946][ T28] INFO: task syz-executor:7802 blocked for more than 143 seconds. [ 457.948892][ T28] Not tainted syzkaller #0 [ 457.976002][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 458.030852][ T28] task:syz-executor state:D stack:22096 pid:7802 ppid:1 flags:0x00004004 [ 458.040186][ T28] Call Trace: [ 458.062999][ T28] [ 458.084301][ T28] __schedule+0x11d1/0x40e0 [ 458.098053][ T28] ? mark_lock+0x94/0x320 [ 458.134131][ T28] ? __sched_text_start+0x8/0x8 [ 458.163392][ T28] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 458.180798][T12301] loop3: detected capacity change from 0 to 4096 [ 458.198816][ T28] ? lock_chain_count+0x20/0x20 [ 458.239542][ T28] ? _raw_spin_lock_irq+0xb7/0xf0 [ 458.260338][ T28] ? _raw_spin_lock_irqsave+0x100/0x100 [ 458.273349][ T28] schedule+0xb9/0x180 [ 458.282049][ T28] io_schedule+0x7c/0xd0 [ 458.298538][ T28] folio_wait_bit_common+0x70a/0xfa0 [ 458.310234][ T28] ? folio_wait_bit+0x30/0x30 [ 458.317842][ T28] ? migration_entry_wait_on_locked+0xe90/0xe90 [ 458.324599][ T28] ? __lock_acquire+0x7d10/0x7d10 [ 458.329800][ T28] ? __filemap_get_folio+0x10f/0xdb0 [ 458.337261][ T28] __filemap_get_folio+0x423/0xdb0 [ 458.347447][T12305] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 458.358221][ T28] ? __filemap_get_folio+0x10f/0xdb0 [ 458.364418][ T28] ? page_cache_prev_miss+0x380/0x380 [ 458.369994][ T28] ? mlock_page_drain_local+0x75/0x490 [ 458.376264][ T28] ? mlock_page_drain_local+0x289/0x490 [ 458.382236][ T28] truncate_inode_pages_range+0x402/0x1090 [ 458.388228][ T28] ? mapping_evict_folio+0x520/0x520 [ 458.394047][ T28] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 458.413926][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 458.423836][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 458.432563][ T28] evict+0x4dc/0x8d0 [ 458.440243][ T28] ? proc_nr_inodes+0x2f0/0x2f0 [ 458.450220][ T28] ? do_raw_spin_unlock+0x11d/0x230 [ 458.459155][ T28] ? do_raw_spin_unlock+0x11d/0x230 [ 458.469150][ T28] evict_inodes+0x60c/0x6a0 [ 458.479536][ T28] ? clear_inode+0x150/0x150 [ 458.488582][ T28] generic_shutdown_super+0x93/0x340 [ 458.494404][ T28] kill_block_super+0x7c/0xe0 [ 458.499314][ T28] deactivate_locked_super+0x93/0xf0 [ 458.515854][ T28] cleanup_mnt+0x42c/0x4b0 [ 458.530437][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 458.551769][ T28] task_work_run+0x1d0/0x260 [ 458.568414][ T28] ? task_work_cancel+0x220/0x220 [ 458.580662][ T28] ? exit_to_user_mode_loop+0x3b/0x110 [ 458.601584][ T28] exit_to_user_mode_loop+0xe6/0x110 [ 458.606977][ T28] exit_to_user_mode_prepare+0xee/0x180 [ 458.622064][ T28] syscall_exit_to_user_mode+0x16/0x40 [ 458.627622][ T28] do_syscall_64+0x58/0xa0 [ 458.645425][ T28] ? clear_bhb_loop+0x60/0xb0 [ 458.650214][ T28] ? clear_bhb_loop+0x60/0xb0 [ 458.670652][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 458.676664][ T28] RIP: 0033:0x7fcfb159da57 [ 458.708264][ T28] RSP: 002b:00007ffc5ffccd98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 458.730775][ T28] RAX: 0000000000000000 RBX: 00007fcfb1632048 RCX: 00007fcfb159da57 [ 458.739020][ T28] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc5ffcce50 [ 458.747682][ T28] RBP: 00007ffc5ffcce50 R08: 00007ffc5ffcde50 R09: 00000000ffffffff [ 458.757938][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc5ffcdee0 [ 458.768379][ T28] R13: 00007fcfb1632048 R14: 000000000004b30e R15: 00007ffc5ffcdf20 [ 458.798506][ T28] [ 458.807439][ T28] [ 458.807439][ T28] Showing all locks held in the system: [ 458.828926][ T28] 1 lock held by rcu_tasks_kthre/12: [ 458.846077][ T28] #0: ffffffff8cb2df30 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 [ 458.919147][ T28] 1 lock held by rcu_tasks_trace/13: [ 458.930249][ T28] #0: ffffffff8cb2e750 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 [ 458.954052][ T28] 2 locks held by kworker/0:1/14: [ 458.964828][ T28] #0: ffff888017472138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 458.987805][ T28] #1: ffffc90000137d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 459.011908][ T28] 3 locks held by ksoftirqd/0/15: [ 459.022692][ T28] 1 lock held by khungtaskd/28: [ 459.034834][ T28] #0: ffffffff8cb2d5a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 [ 459.055898][ T28] 2 locks held by getty/4025: [ 459.061528][ T28] #0: ffff88814d692098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 459.071687][ T28] #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x429/0x1390 [ 459.082246][ T28] 3 locks held by kworker/0:5/4313: [ 459.087603][ T28] #0: ffff888017470938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 459.098968][ T28] #1: ffffc90004637d00 (xfrm_state_gc_work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 459.109959][ T28] #2: ffffffff8cb33278 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3c0/0x890 [ 459.128670][ T28] 1 lock held by syz-executor/7802: [ 459.134307][ T28] #0: ffff88807cef60e0 (&type->s_umount_key#87){+.+.}-{3:3}, at: deactivate_super+0xa0/0xd0 [ 459.156673][ T28] [ 459.159203][ T28] ============================================= [ 459.159203][ T28] [ 459.170338][ T28] NMI backtrace for cpu 1 [ 459.174756][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted syzkaller #0 [ 459.182011][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 459.192203][ T28] Call Trace: [ 459.195525][ T28] [ 459.198522][ T28] dump_stack_lvl+0x188/0x24e [ 459.203256][ T28] ? irq_work_queue+0xb8/0x140 [ 459.208058][ T28] ? show_regs_print_info+0x12/0x12 [ 459.213294][ T28] ? load_image+0x400/0x400 [ 459.217828][ T28] ? vprintk_emit+0x59f/0x6a0 [ 459.222539][ T28] ? printk_sprint+0x460/0x460 [ 459.227341][ T28] nmi_cpu_backtrace+0x3e6/0x460 [ 459.232337][ T28] ? nmi_trigger_cpumask_backtrace+0x450/0x450 [ 459.238525][ T28] ? _printk+0xda/0x130 [ 459.242724][ T28] ? load_image+0x400/0x400 [ 459.247254][ T28] ? load_image+0x400/0x400 [ 459.251782][ T28] ? nmi_trigger_cpumask_backtrace+0xf3/0x450 [ 459.257884][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 459.263983][ T28] nmi_trigger_cpumask_backtrace+0x1d4/0x450 [ 459.270003][ T28] watchdog+0xeee/0xf30 [ 459.274188][ T28] ? watchdog+0x1ed/0xf30 [ 459.278551][ T28] kthread+0x29d/0x330 [ 459.282639][ T28] ? hungtask_pm_notify+0x40/0x40 [ 459.287705][ T28] ? kthread_blkcg+0xd0/0xd0 [ 459.292323][ T28] ret_from_fork+0x1f/0x30 [ 459.296793][ T28] [ 459.300742][ T28] Sending NMI from CPU 1 to CPUs 0: [ 459.306009][ C0] NMI backtrace for cpu 0 [ 459.306021][ C0] CPU: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 [ 459.306045][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 459.306055][ C0] RIP: 0010:nbp_switchdev_frame_mark_tx_fwd_offload+0x0/0x170 [ 459.306094][ C0] Code: c1 e5 07 e9 63 ff ff ff 44 89 f1 80 e1 07 38 c1 7c e5 4c 89 f7 e8 10 19 ba f8 eb db 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 <55> 41 57 41 56 41 54 53 48 89 f3 49 89 fe e8 fd 0d 69 f8 66 90 e8 [ 459.306110][ C0] RSP: 0018:ffffc90000146ff8 EFLAGS: 00000246 [ 459.306126][ C0] RAX: ffffffff89117d18 RBX: ffff88807b63b140 RCX: ffff88813fecbb80 [ 459.306141][ C0] RDX: 0000000000000100 RSI: ffff88807b63b140 RDI: ffff88802f6cc800 [ 459.306155][ C0] RBP: ffffc900001470e0 R08: ffff8880555e80e3 R09: 1ffff1100aabd01c [ 459.306168][ C0] R10: dffffc0000000000 R11: ffffed100aabd01d R12: dffffc0000000000 [ 459.306183][ C0] R13: ffff88802f6cc800 R14: ffff8880584d5dc0 R15: 0000000000000000 [ 459.306196][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 459.306212][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 459.306226][ C0] CR2: 00007f4596bbc000 CR3: 000000005bbdf000 CR4: 00000000003506f0 [ 459.306242][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 459.306253][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 459.306265][ C0] Call Trace: [ 459.306270][ C0] [ 459.306275][ C0] __br_forward+0x83/0x610 [ 459.306303][ C0] ? __copy_skb_header+0x3ba/0x4f0 [ 459.306333][ C0] ? should_deliver+0x380/0x380 [ 459.306362][ C0] ? skb_clone+0x21b/0x370 [ 459.306390][ C0] maybe_deliver+0xb5/0x150 [ 459.306418][ C0] br_flood+0x2fc/0x450 [ 459.306447][ C0] br_handle_frame_finish+0x1248/0x16f0 [ 459.306475][ C0] ? lock_chain_count+0x20/0x20 [ 459.306506][ C0] ? brport_get_ownership+0x80/0x80 [ 459.306532][ C0] ? __local_bh_enable_ip+0x136/0x1c0 [ 459.306550][ C0] ? _local_bh_enable+0xa0/0xa0 [ 459.306572][ C0] ? ip6t_do_table+0x131e/0x14d0 [ 459.306596][ C0] ? nf_hook_slow+0x168/0x200 [ 459.306618][ C0] ? brport_get_ownership+0x80/0x80 [ 459.306653][ C0] br_nf_hook_thresh+0x3c9/0x4a0 [ 459.306678][ C0] ? brnf_get_logical_dev+0x2c0/0x2c0 [ 459.306699][ C0] ? brport_get_ownership+0x80/0x80 [ 459.306737][ C0] br_nf_pre_routing_finish_ipv6+0x9da/0xd00 [ 459.306759][ C0] ? brport_get_ownership+0x80/0x80 [ 459.306793][ C0] br_nf_pre_routing_ipv6+0x345/0x6b0 [ 459.306815][ C0] ? br_nf_pre_routing_ipv6+0x3ee/0x6b0 [ 459.306837][ C0] ? br_nf_check_hbh_len+0x590/0x590 [ 459.306860][ C0] ? br_nf_pre_routing_ipv6+0x6b0/0x6b0 [ 459.306885][ C0] ? br_nf_hook_thresh+0x4a0/0x4a0 [ 459.306906][ C0] br_handle_frame+0x1167/0x13c0 [ 459.306938][ C0] ? br_handle_frame_dummy+0x10/0x10 [ 459.306968][ C0] ? brport_get_ownership+0x80/0x80 [ 459.306999][ C0] ? br_handle_frame_dummy+0x10/0x10 [ 459.307027][ C0] __netif_receive_skb_core+0x1004/0x38f0 [ 459.307058][ C0] ? ip6_rcv_finish+0x196/0x230 [ 459.307087][ C0] ? qdisc_run+0x230/0x230 [ 459.307120][ C0] ? read_lock_is_recursive+0x10/0x10 [ 459.307147][ C0] ? process_backlog+0x2cb/0x6f0 [ 459.307174][ C0] __netif_receive_skb+0x74/0x290 [ 459.307204][ C0] ? process_backlog+0x2cb/0x6f0 [ 459.307231][ C0] process_backlog+0x38d/0x6f0 [ 459.307265][ C0] ? trigger_rx_softirq+0x60/0x60 [ 459.307292][ C0] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 459.307320][ C0] ? lock_chain_count+0x20/0x20 [ 459.307345][ C0] __napi_poll+0xc0/0x460 [ 459.307370][ C0] ? net_rx_action+0x30b/0xb20 [ 459.307401][ C0] net_rx_action+0x5dd/0xb20 [ 459.307434][ C0] ? net_tx_action+0x930/0x930 [ 459.307461][ C0] ? detach_timer+0x350/0x350 [ 459.307482][ C0] ? lock_chain_count+0x20/0x20 [ 459.307511][ C0] handle_softirqs+0x2a1/0x930 [ 459.307528][ C0] ? __sched_text_start+0x8/0x8 [ 459.307555][ C0] ? run_ksoftirqd+0xa4/0x100 [ 459.307575][ C0] ? do_softirq+0x210/0x210 [ 459.307591][ C0] ? preempt_schedule_common+0xa5/0xd0 [ 459.307621][ C0] run_ksoftirqd+0xa4/0x100 [ 459.307645][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 459.307664][ C0] ? preempt_schedule_thunk+0x16/0x18 [ 459.307693][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 459.307711][ C0] smpboot_thread_fn+0x64a/0xa40 [ 459.307737][ C0] ? smpboot_thread_fn+0x4c/0xa40 [ 459.307767][ C0] kthread+0x29d/0x330 [ 459.307782][ C0] ? cpu_report_death+0x240/0x240 [ 459.307807][ C0] ? kthread_blkcg+0xd0/0xd0 [ 459.307824][ C0] ret_from_fork+0x1f/0x30 [ 459.307854][ C0] [ 459.829283][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 459.836207][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted syzkaller #0 [ 459.843469][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 459.853567][ T28] Call Trace: [ 459.856886][ T28] [ 459.859878][ T28] dump_stack_lvl+0x188/0x24e [ 459.864626][ T28] ? memcpy+0x3c/0x60 [ 459.868660][ T28] ? show_regs_print_info+0x12/0x12 [ 459.873919][ T28] ? load_image+0x400/0x400 [ 459.878487][ T28] panic+0x2e5/0x730 [ 459.882426][ T28] ? schedule_preempt_disabled+0x20/0x20 [ 459.888122][ T28] ? bpf_jit_dump+0xd0/0xd0 [ 459.892696][ T28] ? __irq_work_queue_local+0x12c/0x190 [ 459.898315][ T28] ? nmi_trigger_cpumask_backtrace+0x35b/0x450 [ 459.904533][ T28] ? nmi_trigger_cpumask_backtrace+0x360/0x450 [ 459.910754][ T28] watchdog+0xf2d/0xf30 [ 459.914961][ T28] ? watchdog+0x1ed/0xf30 [ 459.919351][ T28] kthread+0x29d/0x330 [ 459.923462][ T28] ? hungtask_pm_notify+0x40/0x40 [ 459.928535][ T28] ? kthread_blkcg+0xd0/0xd0 [ 459.933172][ T28] ret_from_fork+0x1f/0x30 [ 459.937687][ T28] [ 459.941428][ T28] Kernel Offset: disabled [ 459.945770][ T28] Rebooting in 86400 seconds..