last executing test programs: 16.142917474s ago: executing program 1 (id=1808): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffe, @empty, 0x5e}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x3) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0xfffffff8, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xba3}, 0x1c) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0xa7ba) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r7, 0x0) r8 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) 15.995004714s ago: executing program 1 (id=1809): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x17, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x107a655, 0x0, 0x0, 0x0, 0x10}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4c8c0) accept$phonet_pipe(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0) setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x20, 0x3f000000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x40010) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 15.351673698s ago: executing program 3 (id=1813): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) rt_sigqueueinfo(0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x7}) r3 = socket(0x10, 0x3, 0x0) connect$netlink(r3, 0x0, 0x0) write(r3, &(0x7f0000000000)='\"', 0xfdef) 14.507992886s ago: executing program 3 (id=1814): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0xffff2153, 0x2, 0xa, 0xd, 0x1c4, 0x7, 0x2, 0x6}}}}]}, 0x58}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0x4, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x1, 0x4}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20048091}, 0x0) 4.301817285s ago: executing program 4 (id=1827): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) prctl$PR_SET_NAME(0xf, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f00000005c0)={@void, @void, @eth={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}, @val={@void, {0x8100, 0x1, 0x1, 0x205}}, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, "4f791e", 0x12, 0x3a, 0x1, @private1={0xfc, 0x1, '\x00', 0x2}, @mcast2, {[@routing={0x98, 0x0, 0x2, 0x7}], @ndisc_rs={0x85, 0x0, 0x0, '\x00', [{0x3}]}}}}}}}, 0x4c) 3.126996066s ago: executing program 2 (id=1828): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$nl_audit(0x10, 0x3, 0x9) bind$netlink(r3, 0x0, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@getchain={0x34, 0x66, 0x602, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x3, 0xd}, {0x9, 0xd}, {0xfff3, 0x10}}, [{0x8, 0xb, 0x81}, {0xfffffffffffffd02, 0xb, 0x1fc}]}, 0x34}}, 0x0) semtimedop(0x0, &(0x7f0000000100)=[{0x4, 0x7ff}], 0x1f4, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r5) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xc, 0x4, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) r7 = socket(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmmsg(r7, &(0x7f0000000000), 0x4000000000001f2, 0x0) ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x800, 0xbbba, 0x0, 0x18, 0x0, {0x8000}, {0x0, 0xfffffffd, 0xfffffffe}, {0x0, 0x9}, {0x1000000}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x1, 0x0, 0x4}) 3.126852586s ago: executing program 0 (id=1829): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x180) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0xffffffffffffffff, {0xffffffffffffffff, 0x2, 0x80000001, 0x0, 0x0, 0x10000004, {0x40, 0xd08, 0x0, 0xfe, 0x0, 0x0, 0x7, 0x0, 0x122, 0x6000, 0x10000, 0x0, 0x0, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x3) ioctl$TIOCGPTPEER(r2, 0x80140912, 0x200000000005) 3.116221406s ago: executing program 1 (id=1830): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0082, 0x0) write$vga_arbiter(r0, &(0x7f0000000000)=@unlock_all, 0xb) 3.098415348s ago: executing program 3 (id=1831): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), 0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_AIE_ON(r3, 0x7001) 3.018994303s ago: executing program 1 (id=1832): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x2b5b09b, 0x0) mount$bind(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x80000, 0x0) umount2(&(0x7f0000000240)='./file0\x00', 0x0) 3.013925524s ago: executing program 4 (id=1833): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x0, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @flat=@binder={0x73622a85, 0x10b}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f0000000700)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000840)={@flat=@weak_binder={0x77622a85, 0x1100, 0x2}, @flat=@handle={0x73622a85, 0x1000, 0x1}, @fd}, &(0x7f00000003c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 2.992933604s ago: executing program 1 (id=1834): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r1) write(r0, &(0x7f0000000000)="1c0000001a94", 0x6) 2.654515418s ago: executing program 4 (id=1835): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) rt_sigqueueinfo(0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x7}) r3 = socket(0x10, 0x3, 0x0) connect$netlink(r3, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) write(r3, 0x0, 0x0) 2.637494239s ago: executing program 1 (id=1836): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x10040) r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2) r4 = getpid() ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x14, r3, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x2, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000", @ANYRES32], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = add_key(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff) keyctl$read(0x2, r7, &(0x7f00000000c0)=""/4096, 0x1000) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800) io_setup(0xff, 0x0) io_submit(0x0, 0x0, 0x0) syz_usb_connect(0x2, 0x36, 0x0, 0x0) 2.147552113s ago: executing program 2 (id=1837): syz_io_uring_setup(0x19e, &(0x7f0000000640)={0x0, 0x9db3, 0x0, 0x20, 0x62}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) msgrcv(0x0, 0x0, 0x0, 0x1, 0x4800) r3 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000000), 0x4) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, 0x0) 2.079003987s ago: executing program 0 (id=1838): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080010000000e8fe55a1180015000600142603600e120500210000000401a80016000a00014020000300036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) 2.021809352s ago: executing program 0 (id=1839): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_TYPE={0x8}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xfffffffa}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x84}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) 1.806302077s ago: executing program 4 (id=1840): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x17, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x107a655, 0x0, 0x0, 0x0, 0x10}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4c8c0) accept$phonet_pipe(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0) setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x20, 0x3f000000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x40010) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 1.725386152s ago: executing program 0 (id=1841): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0xffff2153, 0x2, 0xa, 0xd, 0x1c4, 0x7, 0x2, 0x6}}}}]}, 0x58}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0x4, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x1, 0x4}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20048091}, 0x0) 1.545066564s ago: executing program 3 (id=1842): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10) 1.515318496s ago: executing program 0 (id=1843): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') socket(0x1d, 0x2, 0x6) syz_usb_connect(0x0, 0xf2, &(0x7f0000000a80)=ANY=[@ANYBLOB="1201000296fdcf084f1712521040010203010902e0000106e370130904dc02000e0100010a2401ff0729000201020b240406bea33c2d2031e80b240304020205000a0010092403040404010503052406000105240004000d240f0109000000810000020606241a04003c0c241b070008000b100008107c"], 0x0) socket(0x14, 0x2, 0x4) r0 = socket(0x8, 0x3, 0x3) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x61d8, 0x0) 1.474590419s ago: executing program 3 (id=1844): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x32c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x8, 0x0, "", [{{0x9, 0x4, 0x0, 0x40, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x4, 0x10, 0x1, {0x22, 0x24}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0xfe, 0x7, 0xe9}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.002335131s ago: executing program 2 (id=1845): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x0, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @flat=@binder={0x73622a85, 0x10b}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f0000000700)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000840)={@flat=@weak_binder={0x77622a85, 0x1100, 0x2}, @flat=@handle={0x73622a85, 0x1000, 0x1}, @fd}, &(0x7f00000003c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 943.753855ms ago: executing program 2 (id=1846): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r1) write(r0, &(0x7f0000000000)="1c0000001a94", 0x6) 916.459237ms ago: executing program 2 (id=1847): r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/mnt\x00') ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 850.920471ms ago: executing program 3 (id=1848): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x180) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0xffffffffffffffff, {0xffffffffffffffff, 0x2, 0x80000001, 0x0, 0x0, 0x10000004, {0x40, 0xd08, 0x0, 0xfe, 0x0, 0x0, 0x7, 0x0, 0x122, 0x6000, 0x10000, 0x0, 0x0, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x3) ioctl$TIOCGPTPEER(r2, 0x80140912, 0x200000000005) 850.827022ms ago: executing program 2 (id=1849): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, 0x0, 0x0) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r1, 0x0, 0x0) connect$unix(r3, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) 832.988213ms ago: executing program 4 (id=1850): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) rt_sigqueueinfo(0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x7}) r3 = socket(0x10, 0x3, 0x0) connect$netlink(r3, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) write(r3, 0x0, 0x0) 177.624648ms ago: executing program 0 (id=1851): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_TYPE={0x8}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xfffffffa}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x84}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) 0s ago: executing program 4 (id=1852): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), 0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_AIE_ON(r3, 0x7001) kernel console output (not intermixed with test programs): usb_gadget_register_driver returned -16 [ 71.330618][ T5035] loop3: detected capacity change from 0 to 128 [ 71.340522][ T5035] EXT4-fs: inline encryption not supported [ 71.357699][ T5035] EXT4-fs (loop3): Test dummy encryption mode enabled [ 71.374978][ T5035] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 71.427110][ T5035] 9pnet_fd: Insufficient options for proto=fd [ 72.433753][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 72.958967][ T5064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 72.961603][ T5064] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.190'. [ 73.296266][ T5071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 73.302375][ T5071] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 73.582354][ T5078] netlink: 'syz.4.195': attribute type 1 has an invalid length. [ 73.592822][ T5078] 8021q: adding VLAN 0 to HW filter on device bond1 [ 73.862060][ T5083] loop3: detected capacity change from 0 to 128 [ 73.864707][ T5083] EXT4-fs: inline encryption not supported [ 73.869402][ T5083] EXT4-fs (loop3): Test dummy encryption mode enabled [ 73.900504][ T5083] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 73.912088][ T5083] 9pnet_fd: Insufficient options for proto=fd [ 74.725609][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 74.773732][ T5109] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.780722][ T5109] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.204'. [ 75.057111][ T5129] netem: incorrect ge model size [ 75.058181][ T5129] netem: change failed [ 75.755850][ T5137] loop1: detected capacity change from 0 to 128 [ 75.777516][ T5137] EXT4-fs: inline encryption not supported [ 75.783188][ T5137] EXT4-fs (loop1): Test dummy encryption mode enabled [ 75.808667][ T5137] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 75.832918][ T5137] 9pnet_fd: Insufficient options for proto=fd [ 76.361302][ T5149] netlink: 12 bytes leftover after parsing attributes in process `syz.3.219'. [ 76.368711][ T5149] 8021q: adding VLAN 0 to HW filter on device bond1 [ 76.621878][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 76.644787][ T5162] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.646336][ T5162] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.684559][ T5164] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 76.686776][ T5164] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.225'. [ 76.707512][ T5166] device syzkaller1 entered promiscuous mode [ 77.093121][ T5181] binder: 5180:5181 tried to acquire reference to desc 0, got 1 instead [ 77.129279][ T5181] binder: 5180:5181 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 77.131704][ T5181] binder: 5181 RLIMIT_NICE not set [ 77.132711][ T5181] binder: 5181 RLIMIT_NICE not set [ 77.140338][ T5181] binder: release 5180:5181 transaction 26 out, still active [ 77.141782][ T5181] binder: release 5180:5181 transaction 19 in, still active [ 77.143095][ T5181] binder: undelivered TRANSACTION_COMPLETE [ 77.148540][ T5181] binder: 5181 RLIMIT_NICE not set [ 77.163476][ T5181] binder: 5181 RLIMIT_NICE not set [ 77.164319][ T5181] binder: 5181:5180 reply target not found [ 77.165277][ T5181] binder: 5180:5181 transaction reply to 0:0 failed 27/29189/0, size 0-0 line 2975 [ 77.166797][ T5181] binder: send failed reply for transaction 26, target dead [ 77.167895][ T5181] binder: send failed reply for transaction 19 to 5180:5181 [ 77.354805][ T5188] loop1: detected capacity change from 0 to 128 [ 77.382587][ T5188] EXT4-fs: inline encryption not supported [ 77.472702][ T5188] EXT4-fs (loop1): Test dummy encryption mode enabled [ 77.529386][ T5188] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 77.571159][ T5188] 9pnet_fd: Insufficient options for proto=fd [ 77.656694][ T5194] loop0: detected capacity change from 0 to 128 [ 77.658330][ T5194] EXT4-fs: inline encryption not supported [ 77.659626][ T5194] EXT4-fs (loop0): Test dummy encryption mode enabled [ 77.663474][ T5194] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 77.678053][ T5194] 9pnet_fd: Insufficient options for proto=fd [ 77.980456][ T22] binder: undelivered TRANSACTION_ERROR: 29190 [ 77.982145][ T22] binder: undelivered TRANSACTION_ERROR: 29189 [ 78.221803][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 78.299721][ T5219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 78.302278][ T5219] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.244'. [ 78.524153][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 79.291027][ T5257] loop3: detected capacity change from 0 to 128 [ 79.292664][ T5257] EXT4-fs: inline encryption not supported [ 79.310344][ T5257] EXT4-fs (loop3): Test dummy encryption mode enabled [ 79.331385][ T5257] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 79.491882][ T5257] 9pnet_fd: Insufficient options for proto=fd [ 79.512122][ T5261] block device autoloading is deprecated and will be removed. [ 79.985428][ T5269] loop0: detected capacity change from 0 to 128 [ 80.002631][ T5269] EXT4-fs: inline encryption not supported [ 80.007715][ T5269] EXT4-fs (loop0): Test dummy encryption mode enabled [ 80.020786][ T5269] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 80.058537][ T5269] 9pnet_fd: Insufficient options for proto=fd [ 80.160127][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 80.182863][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 80.305292][ T5284] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 80.307954][ T5284] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.262'. [ 80.505743][ T5288] process 'syz.1.263' launched './file1' with NULL argv: empty string added [ 81.748408][ T5309] loop1: detected capacity change from 0 to 128 [ 81.752131][ T5309] EXT4-fs: inline encryption not supported [ 81.793989][ T5309] EXT4-fs (loop1): Test dummy encryption mode enabled [ 81.807069][ T5309] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 81.828264][ T5314] loop4: detected capacity change from 0 to 128 [ 81.831059][ T5309] 9pnet_fd: Insufficient options for proto=fd [ 81.950046][ T5314] EXT4-fs: inline encryption not supported [ 81.964288][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 81.970924][ T5314] EXT4-fs (loop4): Test dummy encryption mode enabled [ 82.005897][ T5314] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 82.024597][ T5314] 9pnet_fd: Insufficient options for proto=fd [ 82.915339][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 83.040932][ T5338] IPv6: NLM_F_REPLACE set, but no existing node found! [ 83.046937][ T5338] netlink: 56 bytes leftover after parsing attributes in process `syz.3.277'. [ 83.050373][ T5338] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.055393][ T5338] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.519705][ T5346] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 83.582174][ T5349] loop1: detected capacity change from 0 to 256 [ 83.588492][ T5349] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 83.592882][ T5349] mmap: syz.1.279 (5349) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 84.024423][ T5364] loop4: detected capacity change from 0 to 128 [ 84.030687][ T5364] EXT4-fs: inline encryption not supported [ 84.032209][ T5364] EXT4-fs (loop4): Test dummy encryption mode enabled [ 84.041599][ T5364] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 84.053020][ T5364] 9pnet_fd: Insufficient options for proto=fd [ 84.145318][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 84.382923][ T5377] ptrace attach of "./syz-executor exec"[4331] was attempted by " [ 84.626875][ T5378] netlink: 'syz.1.287': attribute type 1 has an invalid length. [ 84.653203][ T5378] 8021q: adding VLAN 0 to HW filter on device bond1 [ 85.060538][ T4328] Bluetooth: hci5: command 0x1003 tx timeout [ 85.062504][ T4325] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 85.121324][ T5398] loop4: detected capacity change from 0 to 128 [ 85.157223][ T5398] EXT4-fs: inline encryption not supported [ 85.166024][ T5398] EXT4-fs (loop4): Test dummy encryption mode enabled [ 85.171508][ T5398] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 85.231032][ T5398] 9pnet_fd: Insufficient options for proto=fd [ 85.243024][ T5405] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.449795][ T5412] loop1: detected capacity change from 0 to 256 [ 85.462082][ T5412] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 85.800220][ T5414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 85.801809][ T5414] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 85.930921][ T5420] netlink: 'syz.2.301': attribute type 1 has an invalid length. [ 85.938624][ T5420] 8021q: adding VLAN 0 to HW filter on device bond1 [ 85.942808][ T5420] netlink: 52 bytes leftover after parsing attributes in process `syz.2.301'. [ 85.984832][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 86.590798][ T5434] netlink: 20 bytes leftover after parsing attributes in process `syz.3.305'. [ 86.814900][ T5449] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 87.374683][ T5456] Zero length message leads to an empty skb [ 87.505411][ T5458] loop4: detected capacity change from 0 to 128 [ 87.512259][ T5458] EXT4-fs: inline encryption not supported [ 87.518112][ T5458] EXT4-fs (loop4): Test dummy encryption mode enabled [ 87.526490][ T5458] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 87.551442][ T5458] 9pnet_fd: Insufficient options for proto=fd [ 87.650204][ T5463] loop3: detected capacity change from 0 to 128 [ 87.656406][ T5463] EXT4-fs: inline encryption not supported [ 87.668658][ T5463] EXT4-fs (loop3): Test dummy encryption mode enabled [ 87.681285][ T5463] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 87.717659][ T5463] 9pnet_fd: Insufficient options for proto=fd [ 88.117009][ T5472] netlink: 20 bytes leftover after parsing attributes in process `syz.0.315'. [ 88.245538][ T5477] loop2: detected capacity change from 0 to 256 [ 88.268229][ T5477] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 88.466181][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 88.612771][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 88.649002][ T5472] netlink: 20 bytes leftover after parsing attributes in process `syz.0.315'. [ 89.802626][ T5507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 90.822476][ T5520] loop0: detected capacity change from 0 to 128 [ 90.857325][ T5520] EXT4-fs: inline encryption not supported [ 90.861568][ T5520] EXT4-fs (loop0): Test dummy encryption mode enabled [ 90.874403][ T5523] input: syz1 as /devices/virtual/input/input4 [ 90.876658][ T27] audit: type=1326 audit(90.860:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.1.326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa99771a8 code=0x7ffc0000 [ 90.893561][ T5520] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 90.904053][ T27] audit: type=1326 audit(90.890:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.1.326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa99771a8 code=0x7ffc0000 [ 90.904200][ T5521] syz.1.326 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 90.907491][ T27] audit: type=1326 audit(90.890:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.1.326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa99771a8 code=0x7ffc0000 [ 90.915877][ T27] audit: type=1326 audit(90.890:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.1.326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=103 compat=0 ip=0xffffa99771a8 code=0x7ffc0000 [ 90.921840][ T5520] 9pnet_fd: Insufficient options for proto=fd [ 91.010791][ T27] audit: type=1326 audit(90.920:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.1.326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa99771a8 code=0x7ffc0000 [ 91.014782][ T27] audit: type=1326 audit(90.920:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.1.326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa99771a8 code=0x7ffc0000 [ 91.019279][ T27] audit: type=1326 audit(90.920:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.1.326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa99771a8 code=0x7ffc0000 [ 91.023182][ T27] audit: type=1326 audit(90.990:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.1.326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffa9976ea0 code=0x7ffc0000 [ 91.026934][ T27] audit: type=1326 audit(90.990:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.1.326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffffa99771a8 code=0x7ffc0000 [ 91.030181][ T27] audit: type=1326 audit(90.990:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.1.326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa99771a8 code=0x7ffc0000 [ 91.048426][ T5531] loop4: detected capacity change from 0 to 128 [ 91.049928][ T5531] EXT4-fs: inline encryption not supported [ 91.076428][ T5531] EXT4-fs (loop4): Test dummy encryption mode enabled [ 91.089936][ T5531] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 91.122375][ T5531] 9pnet_fd: Insufficient options for proto=fd [ 91.717765][ T5545] loop2: detected capacity change from 0 to 256 [ 91.722200][ T5545] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 92.040164][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 92.060690][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 92.872370][ T5579] trusted_key: encrypted_key: insufficient parameters specified [ 94.154201][ T5596] loop3: detected capacity change from 0 to 128 [ 94.155763][ T5596] EXT4-fs: inline encryption not supported [ 94.158074][ T5596] EXT4-fs (loop3): Test dummy encryption mode enabled [ 94.160594][ T5596] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 94.171219][ T5596] 9pnet_fd: Insufficient options for proto=fd [ 94.260097][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 94.297765][ T5603] loop3: detected capacity change from 0 to 128 [ 94.299179][ T5603] EXT4-fs: inline encryption not supported [ 94.300418][ T5603] EXT4-fs (loop3): Test dummy encryption mode enabled [ 94.302893][ T5603] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 94.315231][ T5603] 9pnet_fd: Insufficient options for proto=fd [ 95.084609][ T5547] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 95.095125][ T5585] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 95.161255][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 95.262263][ T5617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 95.264221][ T5617] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.337782][ T5622] netlink: 64 bytes leftover after parsing attributes in process `syz.0.348'. [ 95.807426][ T5634] netlink: 'syz.3.354': attribute type 1 has an invalid length. [ 95.819139][ T5636] loop4: detected capacity change from 0 to 128 [ 95.828488][ T5636] EXT4-fs: inline encryption not supported [ 95.832099][ T5636] EXT4-fs (loop4): Test dummy encryption mode enabled [ 95.834749][ T5634] 8021q: adding VLAN 0 to HW filter on device bond2 [ 95.841118][ T5634] netlink: 52 bytes leftover after parsing attributes in process `syz.3.354'. [ 95.848965][ T5636] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 95.874052][ T5636] 9pnet_fd: Insufficient options for proto=fd [ 96.008921][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 96.023140][ T5643] loop0: detected capacity change from 0 to 128 [ 96.024697][ T5643] EXT4-fs: inline encryption not supported [ 96.026442][ T5643] EXT4-fs (loop0): Test dummy encryption mode enabled [ 96.072960][ T5649] loop4: detected capacity change from 0 to 512 [ 96.077242][ T5643] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 96.119132][ T5649] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 96.137770][ T5643] 9pnet_fd: Insufficient options for proto=fd [ 96.516922][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 96.621110][ T5663] loop0: detected capacity change from 0 to 128 [ 96.622569][ T5663] EXT4-fs: inline encryption not supported [ 96.942533][ T5663] EXT4-fs (loop0): Test dummy encryption mode enabled [ 96.999556][ T5663] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 97.007736][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 97.059934][ T5667] binder: BINDER_SET_CONTEXT_MGR already set [ 97.061172][ T5667] binder: 5665:5667 ioctl 4018620d 20004a80 returned -16 [ 97.068426][ T5667] binder: tried to use weak ref as strong ref [ 97.069775][ T5667] binder: 5665:5667 Acquire 1 refcount change on invalid ref 0 ret -22 [ 97.070844][ T5672] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 97.071519][ T5667] binder: 5665:5667 got transaction to invalid handle, 1 [ 97.078091][ T5663] 9pnet_fd: Insufficient options for proto=fd [ 97.084065][ T5667] binder: 5667:5665 cannot find target node [ 97.085009][ T5667] binder: 5665:5667 transaction call to 0:0 failed 30/29201/-22, size 72-24 line 3045 [ 97.087568][ T5667] binder: 5665:5667 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 97.096003][ T5667] binder: 5667 RLIMIT_NICE not set [ 97.164423][ T5681] binder: 5665:5681 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 97.170464][ T5681] binder: 5681 RLIMIT_NICE not set [ 97.978185][ T22] binder: undelivered TRANSACTION_ERROR: 29201 [ 98.005027][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 98.054952][ T5690] loop1: detected capacity change from 0 to 128 [ 98.058316][ T5690] EXT4-fs: inline encryption not supported [ 98.086241][ T5690] EXT4-fs (loop1): Test dummy encryption mode enabled [ 98.173584][ T5690] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 98.198865][ T5690] 9pnet_fd: Insufficient options for proto=fd [ 98.244996][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 98.281476][ T5698] netlink: 'syz.0.370': attribute type 1 has an invalid length. [ 98.376148][ T5698] 8021q: adding VLAN 0 to HW filter on device bond1 [ 98.380570][ T5701] netlink: 52 bytes leftover after parsing attributes in process `syz.0.370'. [ 98.902551][ T5728] binder: 5727:5728 tried to acquire reference to desc 0, got 1 instead [ 98.908466][ T5728] binder: 5727:5728 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 98.912623][ T5728] binder: 5728 RLIMIT_NICE not set [ 99.003241][ T5740] loop3: detected capacity change from 0 to 128 [ 99.010704][ T5740] EXT4-fs: inline encryption not supported [ 99.013901][ T5740] EXT4-fs (loop3): Test dummy encryption mode enabled [ 99.030982][ T5740] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 99.110084][ T5743] netlink: 'syz.2.382': attribute type 10 has an invalid length. [ 99.116999][ T5743] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.121472][ T5743] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 99.370680][ T5740] 9pnet_fd: Insufficient options for proto=fd [ 99.385609][ T5745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.386669][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 100.127592][ T4367] binder: release 5727:5728 transaction 35 out, still active [ 100.131799][ T4367] binder: undelivered TRANSACTION_COMPLETE [ 100.376752][ T7] binder: send failed reply for transaction 35, target dead [ 100.496812][ T5766] netlink: 'syz.2.392': attribute type 1 has an invalid length. [ 100.522282][ T5766] 8021q: adding VLAN 0 to HW filter on device bond2 [ 100.529335][ T5766] netlink: 52 bytes leftover after parsing attributes in process `syz.2.392'. [ 100.566867][ T5770] netlink: 'syz.4.393': attribute type 1 has an invalid length. [ 100.568224][ T5770] netlink: 224 bytes leftover after parsing attributes in process `syz.4.393'. [ 100.955938][ T5783] loop1: detected capacity change from 0 to 128 [ 100.957481][ T5783] EXT4-fs: inline encryption not supported [ 100.980802][ T5783] EXT4-fs (loop1): Test dummy encryption mode enabled [ 101.005402][ T5783] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 101.136755][ T5783] 9pnet_fd: Insufficient options for proto=fd [ 101.514499][ T5801] 9pnet_fd: Insufficient options for proto=fd [ 101.823449][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 101.848793][ T5804] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.374600][ T4523] binder: release 5796:5797 transaction 46 out, still active [ 102.378114][ T4523] binder: undelivered TRANSACTION_COMPLETE [ 102.384744][ T4523] binder: send failed reply for transaction 46, target dead [ 102.424847][ T5815] tipc: Started in network mode [ 102.425801][ T5815] tipc: Node identity 84e, cluster identity 4711 [ 102.426870][ T5815] tipc: Node number set to 2126 [ 102.841655][ T5820] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.857904][ T5820] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.418296][ T5826] netlink: 'syz.2.410': attribute type 1 has an invalid length. [ 103.427187][ T5826] 8021q: adding VLAN 0 to HW filter on device bond3 [ 103.439102][ T5826] netlink: 52 bytes leftover after parsing attributes in process `syz.2.410'. [ 103.617516][ T5834] loop1: detected capacity change from 0 to 128 [ 103.628260][ T5834] EXT4-fs: inline encryption not supported [ 103.637128][ T5834] EXT4-fs (loop1): Test dummy encryption mode enabled [ 103.645927][ T5834] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 103.811206][ T5834] 9pnet_fd: Insufficient options for proto=fd [ 104.078357][ T5855] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.473394][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 106.489169][ T5878] netlink: 'syz.1.425': attribute type 1 has an invalid length. [ 106.524480][ T5878] 8021q: adding VLAN 0 to HW filter on device bond2 [ 106.556350][ T5878] netlink: 52 bytes leftover after parsing attributes in process `syz.1.425'. [ 106.659085][ T5892] loop3: detected capacity change from 0 to 128 [ 106.666694][ T5892] EXT4-fs: inline encryption not supported [ 106.677295][ T5892] EXT4-fs (loop3): Test dummy encryption mode enabled [ 106.719918][ T5892] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 106.758409][ T5892] 9pnet_fd: Insufficient options for proto=fd [ 107.211188][ T5910] device syzkaller0 entered promiscuous mode [ 107.329909][ T5919] input: syz1 as /devices/virtual/input/input5 [ 107.749900][ T5932] netlink: 64 bytes leftover after parsing attributes in process `syz.2.435'. [ 108.396022][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 108.475464][ T5949] netlink: 'syz.2.442': attribute type 1 has an invalid length. [ 108.528179][ T5949] 8021q: adding VLAN 0 to HW filter on device bond4 [ 108.535820][ T5953] netlink: 52 bytes leftover after parsing attributes in process `syz.2.442'. [ 108.905061][ T5955] input: syz1 as /devices/virtual/input/input6 [ 109.029623][ T5964] loop1: detected capacity change from 0 to 128 [ 109.031105][ T5964] EXT4-fs: inline encryption not supported [ 109.043184][ T5964] EXT4-fs (loop1): Test dummy encryption mode enabled [ 109.046110][ T5964] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 109.061080][ T5964] 9pnet_fd: Insufficient options for proto=fd [ 109.256063][ T5981] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 109.257897][ T5981] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 109.356845][ T5987] netlink: 12 bytes leftover after parsing attributes in process `syz.0.454'. [ 110.385679][ T5998] input: syz1 as /devices/virtual/input/input7 [ 110.566665][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 110.624715][ T6017] loop1: detected capacity change from 0 to 128 [ 110.626154][ T6017] EXT4-fs: inline encryption not supported [ 110.636439][ T6017] EXT4-fs (loop1): Test dummy encryption mode enabled [ 110.668575][ T6017] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 110.766263][ T6023] SET target dimension over the limit! [ 111.111828][ T6035] input: syz1 as /devices/virtual/input/input8 [ 111.113116][ T6035] input: failed to attach handler leds to device input8, error: -6 [ 111.121268][ T6033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.123103][ T6033] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.137114][ T6033] random: crng reseeded on system resumption [ 111.468496][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 111.583042][ T6055] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.590072][ T6055] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.877648][ T6068] input: syz1 as /devices/virtual/input/input9 [ 111.878958][ T6068] input: failed to attach handler leds to device input9, error: -6 [ 112.194068][ T6072] loop3: detected capacity change from 0 to 128 [ 112.199843][ T6072] EXT4-fs: inline encryption not supported [ 112.210284][ T6072] EXT4-fs (loop3): Test dummy encryption mode enabled [ 112.218389][ T6072] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 112.271644][ T6075] binder_user_error: 6 callbacks suppressed [ 112.271653][ T6075] binder: 6074:6075 context manager tried to acquire desc 0 [ 112.284340][ T6075] binder: 6074:6075 ioctl c0306201 20000080 returned -22 [ 113.597717][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 113.857578][ T6114] input: syz1 as /devices/virtual/input/input10 [ 113.858732][ T6114] input: failed to attach handler leds to device input10, error: -6 [ 114.273333][ C0] sched: RT throttling activated [ 115.765864][ T6134] loop0: detected capacity change from 0 to 128 [ 115.767372][ T6134] EXT4-fs: inline encryption not supported [ 115.775589][ T6134] EXT4-fs (loop0): Test dummy encryption mode enabled [ 115.834151][ T6134] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 115.845823][ T6144] device syzkaller0 entered promiscuous mode [ 115.992873][ T6145] 9pnet_fd: Insufficient options for proto=fd [ 117.040902][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 118.507036][ T6180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.523202][ T6180] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.495816][ T6195] loop3: detected capacity change from 0 to 128 [ 119.499745][ T6195] EXT4-fs: inline encryption not supported [ 119.503033][ T6195] EXT4-fs (loop3): Test dummy encryption mode enabled [ 119.545253][ T6195] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 119.555575][ T6195] 9pnet_fd: Insufficient options for proto=fd [ 119.886854][ T6209] No such timeout policy "syz1" [ 119.894272][ T6209] netlink: 8 bytes leftover after parsing attributes in process `syz.1.525'. [ 120.114798][ T27] kauditd_printk_skb: 52 callbacks suppressed [ 120.114860][ T27] audit: type=1326 audit(120.010:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6201 comm="syz.1.525" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffffa99771a8 code=0x0 [ 120.371980][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 120.750497][ T6227] netlink: 8 bytes leftover after parsing attributes in process `syz.3.535'. [ 120.752142][ T6227] netlink: 20 bytes leftover after parsing attributes in process `syz.3.535'. [ 120.784625][ T6227] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 120.786256][ T6227] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 120.787640][ T6227] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 120.789132][ T6227] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 120.803512][ T6227] netlink: 8 bytes leftover after parsing attributes in process `syz.3.535'. [ 120.805320][ T6227] netlink: 20 bytes leftover after parsing attributes in process `syz.3.535'. [ 121.634377][ T6230] 9pnet_fd: Insufficient options for proto=fd [ 122.439616][ T6251] loop2: detected capacity change from 0 to 128 [ 122.441248][ T6251] EXT4-fs: inline encryption not supported [ 122.448681][ T6251] EXT4-fs (loop2): Test dummy encryption mode enabled [ 122.452914][ T6251] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 122.461213][ T6250] loop3: detected capacity change from 0 to 1024 [ 122.463827][ T6251] 9pnet_fd: Insufficient options for proto=fd [ 122.471089][ T6250] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 122.849005][ T6250] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 122.850797][ T6250] EXT4-fs (loop3): orphan cleanup on readonly fs [ 122.870930][ T6250] EXT4-fs error (device loop3): ext4_read_inode_bitmap:168: comm syz.3.542: Inode bitmap for bg 0 marked uninitialized [ 122.879769][ T6250] EXT4-fs (loop3): Remounting filesystem read-only [ 122.886647][ T6250] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 123.160799][ T3897] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 123.404760][ T3897] usb 1-1: unable to get BOS descriptor or descriptor too short [ 123.407431][ T3897] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 108, changing to 10 [ 123.411584][ T3897] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64 [ 123.423937][ T3897] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1015 [ 123.434905][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 123.450289][ T3897] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 123.459314][ T3897] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.466976][ T3897] usb 1-1: Product: syz [ 123.467678][ T3897] usb 1-1: Manufacturer: syz [ 123.477061][ T3897] usb 1-1: SerialNumber: syz [ 123.516751][ T6265] device syzkaller0 entered promiscuous mode [ 124.019415][ T3897] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found [ 124.022474][ T3897] cdc_ncm 1-1:1.0: bind() failure [ 124.038677][ T3897] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 124.042694][ T3897] cdc_ncm 1-1:1.1: bind() failure [ 124.061544][ T3897] usb 1-1: USB disconnect, device number 3 [ 125.277233][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 125.963749][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.964976][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 126.406795][ T6297] loop4: detected capacity change from 0 to 128 [ 126.408214][ T6297] EXT4-fs: inline encryption not supported [ 126.439794][ T6297] EXT4-fs (loop4): Test dummy encryption mode enabled [ 126.464781][ T6297] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 126.507761][ T6297] 9pnet_fd: Insufficient options for proto=fd [ 126.708004][ T6313] loop3: detected capacity change from 0 to 1024 [ 126.716706][ T6313] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 126.722542][ T6313] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 126.725157][ T6313] EXT4-fs (loop3): orphan cleanup on readonly fs [ 126.726764][ T6313] EXT4-fs error (device loop3): ext4_read_inode_bitmap:168: comm syz.3.560: Inode bitmap for bg 0 marked uninitialized [ 126.732369][ T6313] EXT4-fs (loop3): Remounting filesystem read-only [ 126.761086][ T6313] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 127.291001][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 128.616187][ T6341] device syzkaller0 entered promiscuous mode [ 128.721997][ T6344] loop1: detected capacity change from 0 to 128 [ 128.728929][ T6344] EXT4-fs: inline encryption not supported [ 128.734265][ T6344] EXT4-fs (loop1): Test dummy encryption mode enabled [ 128.774526][ T6344] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 128.801085][ T6344] 9pnet_fd: Insufficient options for proto=fd [ 128.864900][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 129.073131][ T6358] SET target dimension over the limit! [ 129.601438][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 130.010565][ T6363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.012088][ T6363] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 130.022556][ T6365] loop2: detected capacity change from 0 to 128 [ 130.030435][ T6365] EXT4-fs: inline encryption not supported [ 130.036690][ T6365] EXT4-fs (loop2): Test dummy encryption mode enabled [ 130.045546][ T6365] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 130.089409][ T6365] 9pnet_fd: Insufficient options for proto=fd [ 130.303253][ T6376] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.591455][ T6381] random: crng reseeded on system resumption [ 130.960664][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 131.029572][ T6391] loop3: detected capacity change from 0 to 128 [ 131.030925][ T6391] EXT4-fs: inline encryption not supported [ 131.042628][ T6391] EXT4-fs (loop3): Test dummy encryption mode enabled [ 131.450137][ T6391] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 131.482463][ T6391] 9pnet_fd: Insufficient options for proto=fd [ 131.797468][ T6406] device syzkaller0 entered promiscuous mode [ 131.911797][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 132.002545][ T6414] loop3: detected capacity change from 0 to 128 [ 132.008101][ T6414] EXT4-fs: inline encryption not supported [ 132.016907][ T6414] EXT4-fs (loop3): Test dummy encryption mode enabled [ 132.029008][ T6414] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 132.052881][ T6414] 9pnet_fd: Insufficient options for proto=fd [ 132.226119][ T6427] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.261735][ T6429] device syzkaller0 entered promiscuous mode [ 132.334435][ T6437] loop2: detected capacity change from 0 to 128 [ 132.349259][ T6437] EXT4-fs: inline encryption not supported [ 132.354372][ T6437] EXT4-fs (loop2): Test dummy encryption mode enabled [ 132.374077][ T6437] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 132.436020][ T6437] 9pnet_fd: Insufficient options for proto=fd [ 132.804194][ T6446] xt_TPROXY: Can be used only with -p tcp or -p udp [ 132.811989][ T4368] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 132.886044][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 133.111602][ T6449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.119157][ T6449] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.130369][ T6449] syz.4.603 (6449): attempted to duplicate a private mapping with mremap. This is not supported. [ 133.215009][ T4368] usb 1-1: Using ep0 maxpacket: 32 [ 133.229669][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 133.229729][ T4368] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.232591][ T4368] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 133.234206][ T4368] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 133.235647][ T4368] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.245171][ T4368] usb 1-1: config 0 descriptor?? [ 133.261026][ T6454] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.263134][ T6454] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.479584][ T6459] device syzkaller0 entered promiscuous mode [ 133.685604][ T4368] ft260 0003:0403:6030.0001: unknown main item tag 0x0 [ 133.686933][ T4368] ft260 0003:0403:6030.0001: unknown main item tag 0x0 [ 133.695587][ T4368] ft260 0003:0403:6030.0001: hidraw0: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.0-1/input0 [ 133.848125][ T6469] device syzkaller0 entered promiscuous mode [ 133.896529][ T4368] ft260 0003:0403:6030.0001: chip code: 0000 0000 [ 133.924943][ T6474] loop4: detected capacity change from 0 to 128 [ 133.926458][ T6474] EXT4-fs: inline encryption not supported [ 133.934302][ T6474] EXT4-fs (loop4): Test dummy encryption mode enabled [ 133.936810][ T6474] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 133.956441][ T6474] 9pnet_fd: Insufficient options for proto=fd [ 134.081395][ T6481] loop3: detected capacity change from 0 to 128 [ 134.085396][ T6481] EXT4-fs: inline encryption not supported [ 134.112236][ T6481] EXT4-fs (loop3): Test dummy encryption mode enabled [ 134.129992][ T14] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 134.136648][ T6481] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 134.143022][ T14] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz1] on syz0 [ 134.153400][ T6481] 9pnet_fd: Insufficient options for proto=fd [ 134.460296][ T4368] ft260 0003:0403:6030.0001: failed to retrieve status: -32 [ 134.485930][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 134.543950][ T6490] fido_id[6490]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 134.845715][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 135.005747][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 135.165274][ T6507] qfq: no options [ 135.426559][ T6513] device syzkaller0 entered promiscuous mode [ 136.376738][ T6529] device syzkaller0 entered promiscuous mode [ 136.578596][ T6533] loop1: detected capacity change from 0 to 128 [ 136.580310][ T6533] EXT4-fs: inline encryption not supported [ 136.613523][ T6533] EXT4-fs (loop1): Test dummy encryption mode enabled [ 136.635201][ T6535] loop3: detected capacity change from 0 to 128 [ 136.637847][ T6535] EXT4-fs: inline encryption not supported [ 136.641959][ T6535] EXT4-fs (loop3): Test dummy encryption mode enabled [ 136.647415][ T6533] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 136.672677][ T6535] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 136.683692][ T6539] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 136.723800][ T6535] 9pnet_fd: Insufficient options for proto=fd [ 136.813528][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 136.917124][ T6553] device syzkaller0 entered promiscuous mode [ 137.267217][ T6559] loop2: detected capacity change from 0 to 1024 [ 137.272442][ T6559] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 137.286257][ T6559] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 137.290456][ T6559] EXT4-fs (loop2): orphan cleanup on readonly fs [ 137.292786][ T6559] EXT4-fs error (device loop2): ext4_read_inode_bitmap:168: comm syz.2.638: Inode bitmap for bg 0 marked uninitialized [ 137.295215][ T6559] EXT4-fs (loop2): Remounting filesystem read-only [ 137.298310][ T6559] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 137.498708][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 138.547587][ T4325] Bluetooth: hci3: command 0x0406 tx timeout [ 138.923579][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 139.166757][ T6589] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 139.689424][ T6594] loop3: detected capacity change from 0 to 128 [ 139.692820][ T6594] EXT4-fs: inline encryption not supported [ 139.694321][ T6594] EXT4-fs (loop3): Test dummy encryption mode enabled [ 139.726682][ T6594] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 139.915306][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -110 [ 139.916750][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.918869][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 139.920222][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.922289][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 139.923681][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.929072][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 139.930407][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.932350][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 139.933868][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.943502][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 139.944819][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.950213][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 139.951836][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.955933][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 139.957206][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.962469][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 139.963833][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.967964][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 139.969946][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.974051][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 139.976510][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.980511][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 139.981889][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.986996][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 139.988225][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.992304][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 139.993792][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 139.998815][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.000062][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.019047][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.050227][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.057679][ T6610] loop2: detected capacity change from 0 to 1024 [ 140.059672][ T6610] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 140.062398][ T6610] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 140.064216][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.081200][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.086652][ T6610] EXT4-fs (loop2): orphan cleanup on readonly fs [ 140.089989][ T6610] EXT4-fs error (device loop2): ext4_read_inode_bitmap:168: comm syz.2.653: Inode bitmap for bg 0 marked uninitialized [ 140.094717][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.109400][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.113234][ T6610] EXT4-fs (loop2): Remounting filesystem read-only [ 140.113489][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.114471][ T6610] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 140.124440][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.143901][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.145824][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.160638][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.169987][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.187227][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.197179][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.208613][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.213445][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.222111][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.229071][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.239881][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.241236][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.254331][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.262639][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.280249][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.282746][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.291296][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.292666][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.311037][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.314619][ T4368] ft260 0003:0403:6030.0001: ft260_hid_output_report_check_status: failed to start transfer, ret -38 [ 140.325226][ T4368] ft260 0003:0403:6030.0001: failed to reset I2C controller: -32 [ 140.356742][ T4368] usb 1-1: USB disconnect, device number 4 [ 140.496536][ T6619] fido_id[6619]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 140.605798][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 141.155336][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 141.256666][ T6637] netlink: 28 bytes leftover after parsing attributes in process `syz.2.664'. [ 141.773730][ T6650] loop4: detected capacity change from 0 to 128 [ 141.775770][ T6650] EXT4-fs: inline encryption not supported [ 141.785320][ T6650] EXT4-fs (loop4): Test dummy encryption mode enabled [ 141.793930][ T6650] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 141.943681][ T6656] loop1: detected capacity change from 0 to 1024 [ 141.947671][ T6656] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 141.969371][ T6656] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 141.972600][ T6656] EXT4-fs (loop1): orphan cleanup on readonly fs [ 141.979450][ T6656] EXT4-fs error (device loop1): ext4_read_inode_bitmap:168: comm syz.1.671: Inode bitmap for bg 0 marked uninitialized [ 141.981625][ T6656] EXT4-fs (loop1): Remounting filesystem read-only [ 141.982951][ T6656] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 142.177105][ T6660] xt_TPROXY: Can be used only with -p tcp or -p udp [ 142.471574][ T6664] capability: warning: `syz.0.672' uses 32-bit capabilities (legacy support in use) [ 142.703362][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 143.690890][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 143.877523][ T6694] loop2: detected capacity change from 0 to 128 [ 143.879099][ T6694] EXT4-fs: inline encryption not supported [ 145.020706][ T6694] EXT4-fs (loop2): Test dummy encryption mode enabled [ 145.080386][ T6694] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 145.095739][ T6711] loop3: detected capacity change from 0 to 128 [ 145.102754][ T6711] EXT4-fs: inline encryption not supported [ 145.111649][ T6711] EXT4-fs (loop3): Test dummy encryption mode enabled [ 145.116694][ T6694] 9pnet_fd: Insufficient options for proto=fd [ 145.132286][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 145.149235][ T6711] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 145.167500][ T6711] 9pnet_fd: Insufficient options for proto=fd [ 145.201553][ T6717] device syzkaller0 entered promiscuous mode [ 145.236419][ T6721] loop1: detected capacity change from 0 to 1024 [ 145.248390][ T6721] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 145.274301][ T6721] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 145.276063][ T6721] EXT4-fs (loop1): orphan cleanup on readonly fs [ 145.277338][ T6721] EXT4-fs error (device loop1): ext4_read_inode_bitmap:168: comm syz.1.691: Inode bitmap for bg 0 marked uninitialized [ 145.283181][ T6721] EXT4-fs (loop1): Remounting filesystem read-only [ 145.284378][ T6721] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 146.015112][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 146.114344][ T14] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 146.140956][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 147.185945][ T6753] loop2: detected capacity change from 0 to 128 [ 147.195471][ T6753] EXT4-fs: inline encryption not supported [ 147.200123][ T6753] EXT4-fs (loop2): Test dummy encryption mode enabled [ 147.212790][ T6753] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 147.285918][ T14] usb 1-1: Using ep0 maxpacket: 8 [ 147.291167][ T14] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 147.292813][ T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.298262][ T6753] 9pnet_fd: Insufficient options for proto=fd [ 147.314659][ T14] pvrusb2: Hardware description: Terratec Grabster AV400 [ 147.317163][ T14] pvrusb2: ********** [ 147.317865][ T14] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 147.321672][ T14] pvrusb2: Important functionality might not be entirely working. [ 147.323034][ T14] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 147.324904][ T14] pvrusb2: ********** [ 147.338013][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 147.774397][ T2834] pvrusb2: Invalid write control endpoint [ 147.802132][ T2834] pvrusb2: Invalid write control endpoint [ 147.803606][ T2834] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 147.805731][ T2834] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 147.806942][ T2834] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 147.808560][ T2834] pvrusb2: Device being rendered inoperable [ 147.810676][ T2834] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 147.820871][ T2834] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 147.826638][ T2834] pvrusb2: Attached sub-driver cx25840 [ 147.827749][ T2834] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 147.829399][ T2834] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 147.990735][ T6735] pvrusb2: Attempted to execute control transfer when device not ok [ 147.993896][ T6662] usb 1-1: USB disconnect, device number 5 [ 148.424709][ T6778] netlink: 4 bytes leftover after parsing attributes in process `syz.1.706'. [ 148.426045][ T6778] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 148.547175][ T6777] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.549507][ T6777] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.964907][ T6786] loop0: detected capacity change from 0 to 1024 [ 148.992698][ T6786] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 149.002608][ T6786] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 149.010435][ T6778] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 149.025266][ T6786] EXT4-fs (loop0): orphan cleanup on readonly fs [ 149.026797][ T6786] EXT4-fs error (device loop0): ext4_read_inode_bitmap:168: comm syz.0.708: Inode bitmap for bg 0 marked uninitialized [ 149.029849][ T6786] EXT4-fs (loop0): Remounting filesystem read-only [ 149.031599][ T6786] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 150.156917][ T6807] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.158552][ T6807] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.322675][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 150.536695][ T6817] device syzkaller0 entered promiscuous mode [ 150.815744][ T6825] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.817423][ T6825] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.922443][ T6826] random: crng reseeded on system resumption [ 152.196399][ T6856] device syzkaller0 entered promiscuous mode [ 153.190163][ T6882] random: crng reseeded on system resumption [ 154.111837][ T6897] device syzkaller0 entered promiscuous mode [ 155.062826][ T4333] Bluetooth: hci2: command 0x0406 tx timeout [ 155.062850][ T4328] Bluetooth: hci0: command 0x0406 tx timeout [ 155.062868][ T4325] Bluetooth: hci1: command 0x0406 tx timeout [ 155.066340][ T4332] Bluetooth: hci3: command 0x0406 tx timeout [ 155.070035][ T4328] Bluetooth: hci4: command 0x0406 tx timeout [ 155.129639][ T6918] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 155.131639][ T6918] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 155.743564][ T6931] random: crng reseeded on system resumption [ 156.626925][ T6941] device syzkaller0 entered promiscuous mode [ 158.449842][ T6981] device syzkaller0 entered promiscuous mode [ 158.676458][ T6984] device syzkaller0 entered promiscuous mode [ 159.091397][ T6990] qfq: no options [ 160.409563][ T7014] device syzkaller0 entered promiscuous mode [ 160.477357][ T7017] capability: warning: `syz.2.780' uses deprecated v2 capabilities in a way that may be insecure [ 160.672196][ T7024] device syzkaller0 entered promiscuous mode [ 160.975218][ T7033] qfq: no options [ 162.083718][ T7051] device syzkaller0 entered promiscuous mode [ 162.620573][ T7080] qfq: no options [ 163.824896][ T7095] device syzkaller0 entered promiscuous mode [ 164.105110][ T7112] device syzkaller0 entered promiscuous mode [ 164.200518][ T7115] device syzkaller0 entered promiscuous mode [ 164.355187][ T7120] qfq: no options [ 165.160633][ T7137] device syzkaller0 entered promiscuous mode [ 165.478402][ T7149] device syzkaller0 entered promiscuous mode [ 165.749633][ T7147] device syzkaller0 entered promiscuous mode [ 166.069638][ T7178] device syzkaller0 entered promiscuous mode [ 166.183155][ T7182] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 166.187016][ T7182] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.831'. [ 166.629042][ T7185] SET target dimension over the limit! [ 167.021760][ T7201] device syzkaller0 entered promiscuous mode [ 167.372610][ T7212] device syzkaller0 entered promiscuous mode [ 167.674701][ T7229] netlink: 'syz.1.847': attribute type 1 has an invalid length. [ 167.682751][ T7229] 8021q: adding VLAN 0 to HW filter on device bond3 [ 167.694828][ T7229] bond3: (slave gretap1): making interface the new active one [ 167.699073][ T7229] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 167.700723][ T5505] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 167.749916][ T7232] loop1: detected capacity change from 0 to 128 [ 167.758130][ T7232] EXT4-fs: inline encryption not supported [ 167.762026][ T7232] EXT4-fs (loop1): Test dummy encryption mode enabled [ 167.784279][ T7232] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 168.328537][ T7248] device syzkaller0 entered promiscuous mode [ 168.432387][ T7249] SET target dimension over the limit! [ 168.661959][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 168.710875][ T7252] device syzkaller0 entered promiscuous mode [ 169.137800][ T7281] loop3: detected capacity change from 0 to 128 [ 169.163775][ T7281] EXT4-fs: inline encryption not supported [ 169.175500][ T7281] EXT4-fs (loop3): Test dummy encryption mode enabled [ 169.187785][ T7281] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 169.229105][ T7284] device syzkaller0 entered promiscuous mode [ 170.234180][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 171.032960][ T4523] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 171.231656][ T7320] SET target dimension over the limit! [ 171.428392][ T7323] netlink: 'syz.2.878': attribute type 1 has an invalid length. [ 171.428498][ T4523] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 171.431639][ T4523] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 171.434424][ T4523] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 171.436569][ T4523] usb 1-1: config 1 has no interface number 0 [ 171.439811][ T4523] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 171.441313][ T4523] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.442630][ T4523] usb 1-1: Product: syz [ 171.443330][ T4523] usb 1-1: Manufacturer: syz [ 171.444196][ T4523] usb 1-1: SerialNumber: syz [ 171.453034][ T7323] 8021q: adding VLAN 0 to HW filter on device bond5 [ 171.471049][ T7327] bond5: (slave gretap1): making interface the new active one [ 171.474975][ T7327] bond5: (slave gretap1): Enslaving as an active interface with an up link [ 171.476852][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bond5: link becomes ready [ 171.485032][ T7323] netlink: 8 bytes leftover after parsing attributes in process `syz.2.878'. [ 171.599812][ T7338] loop2: detected capacity change from 0 to 128 [ 171.601383][ T7338] EXT4-fs: inline encryption not supported [ 171.605522][ T7338] EXT4-fs (loop2): Test dummy encryption mode enabled [ 171.613600][ T7338] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 172.526556][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 173.301845][ T4523] libceph: connect (1)[c::]:6789 error -101 [ 173.321268][ T4523] libceph: mon0 (1)[c::]:6789 connect error [ 173.532896][ T4367] usb 1-1: USB disconnect, device number 6 [ 173.578499][ T7387] loop2: detected capacity change from 0 to 128 [ 173.580116][ T7387] EXT4-fs: inline encryption not supported [ 173.593800][ T7387] EXT4-fs (loop2): Test dummy encryption mode enabled [ 173.599362][ T4371] libceph: connect (1)[c::]:6789 error -101 [ 173.601239][ T4371] libceph: mon0 (1)[c::]:6789 connect error [ 173.641274][ T7387] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 173.672790][ T7378] ceph: No mds server is up or the cluster is laggy [ 174.497986][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 175.701406][ T7454] loop4: detected capacity change from 0 to 128 [ 175.706697][ T7454] EXT4-fs: inline encryption not supported [ 175.720231][ T7454] EXT4-fs (loop4): Test dummy encryption mode enabled [ 175.748887][ T7454] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 176.753933][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 176.800671][ T7463] netlink: 8 bytes leftover after parsing attributes in process `syz.1.926'. [ 177.951795][ T7501] loop2: detected capacity change from 0 to 128 [ 177.965675][ T7501] EXT4-fs: inline encryption not supported [ 177.971273][ T7501] EXT4-fs (loop2): Test dummy encryption mode enabled [ 178.026924][ T7501] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 178.133142][ T7508] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 178.134811][ T7508] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 179.247100][ T7505] loop1: detected capacity change from 0 to 1024 [ 179.270873][ T7505] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 179.309066][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 179.349763][ T7505] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 179.351573][ T7505] EXT4-fs (loop1): orphan cleanup on readonly fs [ 179.352986][ T7505] EXT4-fs error (device loop1): ext4_read_inode_bitmap:168: comm syz.1.941: Inode bitmap for bg 0 marked uninitialized [ 179.355181][ T7505] EXT4-fs (loop1): Remounting filesystem read-only [ 179.356305][ T7505] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 180.664544][ T7533] netlink: 24 bytes leftover after parsing attributes in process `syz.4.950'. [ 180.763658][ T7537] Bluetooth: MGMT ver 1.22 [ 181.154500][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 181.956659][ T7570] loop0: detected capacity change from 0 to 1024 [ 181.979391][ T7570] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 182.003452][ T7570] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 182.005440][ T7570] EXT4-fs (loop0): orphan cleanup on readonly fs [ 182.014209][ T7570] EXT4-fs error (device loop0): ext4_read_inode_bitmap:168: comm syz.0.964: Inode bitmap for bg 0 marked uninitialized [ 182.016739][ T7570] EXT4-fs (loop0): Remounting filesystem read-only [ 182.018016][ T7570] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 182.350289][ T7583] dlm: Unknown command passed to DLM device : 3 [ 182.350289][ T7583] [ 182.561177][ T7583] batman_adv: batadv0: Adding interface: macsec1 [ 182.562322][ T7583] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.566628][ T7583] batman_adv: batadv0: Interface activated: macsec1 [ 182.644455][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 182.708687][ T7586] syz.2.969 uses obsolete (PF_INET,SOCK_PACKET) [ 183.424592][ T7616] loop0: detected capacity change from 0 to 1024 [ 183.440510][ T7616] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 183.446547][ T7616] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 183.448288][ T7616] EXT4-fs (loop0): orphan cleanup on readonly fs [ 183.449526][ T7616] EXT4-fs error (device loop0): ext4_read_inode_bitmap:168: comm syz.0.978: Inode bitmap for bg 0 marked uninitialized [ 183.452494][ T7616] EXT4-fs (loop0): Remounting filesystem read-only [ 183.453713][ T7616] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 183.594575][ T7625] netlink: 'syz.2.982': attribute type 1 has an invalid length. [ 183.691057][ T7625] 8021q: adding VLAN 0 to HW filter on device bond6 [ 183.820688][ T7633] usb usb7: usbfs: process 7633 (syz.4.983) did not claim interface 0 before use [ 184.834909][ T7661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.837329][ T7661] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.978897][ T7664] netlink: 'syz.1.995': attribute type 1 has an invalid length. [ 184.994386][ T7664] 8021q: adding VLAN 0 to HW filter on device bond4 [ 186.147459][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 186.227670][ T7695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.235743][ T7697] device syzkaller0 entered promiscuous mode [ 186.875795][ T7710] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1011'. [ 187.249540][ T7713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.252542][ T7713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.939857][ T7749] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 189.547265][ T7755] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1024'. [ 189.899495][ T7764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 189.904305][ T7764] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.447935][ T7778] SET target dimension over the limit! [ 191.149555][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 191.151925][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 191.284976][ T7796] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 192.601418][ T7836] SET target dimension over the limit! [ 192.766993][ T7844] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 192.776495][ T7844] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 193.145245][ T7851] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 193.530312][ T7867] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1063'. [ 193.814896][ T7871] binder: 7870:7871 tried to acquire reference to desc 0, got 1 instead [ 193.818680][ T7871] binder: 7870:7871 got transaction with invalid fd, -1 [ 193.819764][ T7871] binder: 7871:7870 translate fd failed [ 193.824284][ T7871] binder: 7870:7871 transaction async to 7870:0 failed 65/29201/-9, size 72-24 line 3415 [ 193.845222][ T4371] binder: release 7870:7871 transaction 58 out, still active [ 193.846614][ T4371] binder: undelivered TRANSACTION_COMPLETE [ 193.849114][ T4371] binder: undelivered TRANSACTION_ERROR: 29201 [ 193.850220][ T4371] binder: send failed reply for transaction 58, target dead [ 193.896824][ T7880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 193.899570][ T7880] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.246520][ T7889] SET target dimension over the limit! [ 194.484295][ T7897] device syzkaller0 entered promiscuous mode [ 195.033317][ T7911] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 195.088905][ T7915] device syzkaller0 entered promiscuous mode [ 195.259741][ T7919] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1086'. [ 195.769196][ T7934] loop2: detected capacity change from 0 to 128 [ 195.770780][ T7934] EXT4-fs: inline encryption not supported [ 195.784454][ T7934] EXT4-fs (loop2): Test dummy encryption mode enabled [ 195.806493][ T7934] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 196.603324][ T7966] device syzkaller0 entered promiscuous mode [ 197.287428][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 197.388810][ T7996] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.408998][ T7996] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.624303][ T4371] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 198.827461][ T4371] usb 1-1: Using ep0 maxpacket: 16 [ 198.831195][ T4371] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 198.833068][ T4371] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.834966][ T4371] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 198.838474][ T4371] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 198.842219][ T4371] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.846981][ T4371] usb 1-1: config 0 descriptor?? [ 199.048174][ T8051] binder: 8050:8051 got transaction to invalid handle, 3 [ 199.049784][ T8051] binder: 8051:8050 cannot find target node [ 199.050834][ T8051] binder: 8050:8051 transaction async to 0:0 failed 69/29201/-22, size 72-24 line 3045 [ 199.060942][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 199.086116][ T8054] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 199.495456][ T4371] hid-generic 0003:0955:7214.0003: unknown main item tag 0x0 [ 199.496826][ T4371] hid-generic 0003:0955:7214.0003: unknown main item tag 0x0 [ 199.498084][ T4371] hid-generic 0003:0955:7214.0003: unknown main item tag 0x0 [ 199.499333][ T4371] hid-generic 0003:0955:7214.0003: unknown main item tag 0x0 [ 199.500651][ T4371] hid-generic 0003:0955:7214.0003: unknown main item tag 0x0 [ 199.504155][ T4371] hid-generic 0003:0955:7214.0003: hidraw0: USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 199.717165][ T6662] usb 1-1: USB disconnect, device number 7 [ 200.054178][ T8079] binder: 8077:8079 tried to acquire reference to desc 0, got 1 instead [ 200.057743][ T8079] binder_alloc: 8077: binder_alloc_buf, no vma [ 200.059100][ T8079] binder: cannot allocate buffer: vma cleared, target dead or dying [ 200.059131][ T8079] binder: 8077:8079 transaction async to 8077:0 failed 81/29189/-3, size 72-24 line 3230 [ 200.062429][ T4371] binder: release 8077:8079 transaction 74 out, still active [ 200.063709][ T4371] binder: undelivered TRANSACTION_COMPLETE [ 200.071604][ T4371] binder: undelivered TRANSACTION_ERROR: 29189 [ 200.072647][ T4371] binder: send failed reply for transaction 74, target dead [ 200.296499][ T8086] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 201.108213][ T8100] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 201.442928][ T8119] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1152'. [ 202.558064][ T8142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 202.564339][ T8142] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 202.581445][ T8141] netlink: 'syz.2.1163': attribute type 5 has an invalid length. [ 202.634131][ T8141] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1163'. [ 203.213802][ T8160] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 204.002967][ T8172] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1172'. [ 205.267334][ T8183] binder: 8182:8183 tried to acquire reference to desc 0, got 1 instead [ 205.271240][ T8183] binder: 8182:8183 got transaction to invalid handle, 3 [ 205.272413][ T8183] binder: 8183:8182 cannot find target node [ 205.274020][ T8183] binder: 8182:8183 transaction async to 0:0 failed 86/29201/-22, size 72-24 line 3045 [ 205.284499][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 205.361501][ T8192] device syzkaller0 entered promiscuous mode [ 207.416841][ T4513] nci: nci_rsp_packet: unknown rsp opcode 0x27 [ 210.556179][ T8222] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 216.397864][ T8270] 9pnet_fd: Insufficient options for proto=fd [ 219.670155][ T8284] loop3: detected capacity change from 0 to 128 [ 219.687251][ T8284] EXT4-fs: inline encryption not supported [ 219.689211][ T8284] EXT4-fs (loop3): Test dummy encryption mode enabled [ 219.757772][ T8284] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 219.773517][ T8287] device syzkaller0 entered promiscuous mode [ 221.278842][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 222.366985][ T8309] device syzkaller0 entered promiscuous mode [ 222.884758][ T8329] hfsplus: unable to find HFS+ superblock [ 222.916679][ T8329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 222.918767][ T8329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.011355][ T8344] loop4: detected capacity change from 0 to 512 [ 224.031772][ T8344] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 224.224842][ T8349] overlayfs: failed to resolve './bus': -2 [ 224.923181][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 225.858858][ T8366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.860400][ T8366] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.833071][ T8366] netlink: 'syz.2.1219': attribute type 5 has an invalid length. [ 235.195502][ T8382] binder: tried to use weak ref as strong ref [ 235.196711][ T8382] binder: 8381:8382 Acquire 1 refcount change on invalid ref 0 ret -22 [ 235.200753][ T8382] binder: 8381:8382 got transaction to invalid handle, 1 [ 235.201936][ T8382] binder: 8382:8381 cannot find target node [ 235.210833][ T8382] binder: 8381:8382 transaction call to 0:0 failed 89/29201/-22, size 72-24 line 3045 [ 235.857247][ T4523] binder: undelivered TRANSACTION_ERROR: 29201 [ 235.978447][ T8394] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 235.980025][ T8394] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 236.726075][ T8414] loop0: detected capacity change from 0 to 128 [ 237.057152][ T8414] EXT4-fs: inline encryption not supported [ 237.058560][ T8414] EXT4-fs (loop0): Test dummy encryption mode enabled [ 237.065855][ T8414] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 237.122646][ T8419] device syzkaller0 entered promiscuous mode [ 237.430196][ T8426] binder: BINDER_SET_CONTEXT_MGR already set [ 237.433862][ T8426] binder: 8425:8426 ioctl 4018620d 20004a80 returned -16 [ 237.438272][ T8426] binder: 8425:8426 got transaction to invalid handle, 3 [ 237.439620][ T8426] binder: 8426:8425 cannot find target node [ 237.442302][ T8426] binder: 8425:8426 transaction async to 0:0 failed 92/29201/-22, size 72-24 line 3045 [ 237.463563][ T4369] binder: undelivered TRANSACTION_ERROR: 29201 [ 238.202558][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 238.716209][ T8454] device syzkaller0 entered promiscuous mode [ 238.740006][ T8463] loop2: detected capacity change from 0 to 128 [ 238.743061][ T8463] EXT4-fs: inline encryption not supported [ 238.744412][ T8463] EXT4-fs (loop2): Test dummy encryption mode enabled [ 238.791277][ T8463] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 239.336444][ T8479] loop3: detected capacity change from 0 to 128 [ 239.341674][ T8479] EXT4-fs: inline encryption not supported [ 239.380319][ T8479] EXT4-fs (loop3): Test dummy encryption mode enabled [ 239.407343][ T8479] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 239.706725][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 240.464179][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 240.528188][ T8503] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1261'. [ 240.591236][ T8512] device syzkaller0 entered promiscuous mode [ 240.833284][ T8525] device syzkaller0 entered promiscuous mode [ 240.979328][ T8533] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1273'. [ 241.587121][ T8556] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 241.590696][ T8556] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 241.600829][ T8556] netlink: 'syz.4.1280': attribute type 5 has an invalid length. [ 241.649719][ T8556] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1280'. [ 241.685720][ T8558] device syzkaller0 entered promiscuous mode [ 241.975086][ T8572] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1284'. [ 242.007061][ T8574] device syzkaller0 entered promiscuous mode [ 242.086086][ T8582] fuse: Unknown parameter 'group_id00000000000000000000' [ 242.232589][ T8589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 242.241158][ T8589] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 242.315503][ T8591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 242.317329][ T8591] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 242.320906][ T8591] netlink: 'syz.4.1294': attribute type 5 has an invalid length. [ 242.358250][ T8591] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1294'. [ 242.813113][ T8597] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1295'. [ 243.555361][ T8619] Injecting memory failure for pfn 0x211003 at process virtual address 0x20000000 [ 243.558714][ T8619] Memory failure: 0x211003: recovery action for reserved kernel page: Ignored [ 243.620972][ T8624] device syzkaller0 entered promiscuous mode [ 244.655419][ T8639] loop0: detected capacity change from 0 to 128 [ 245.284259][ T8639] EXT4-fs: inline encryption not supported [ 245.294367][ T8639] EXT4-fs (loop0): Test dummy encryption mode enabled [ 245.312048][ T8639] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 245.534732][ T8657] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 245.563420][ T8657] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 246.124505][ T8651] netlink: 'syz.4.1312': attribute type 5 has an invalid length. [ 246.127523][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 246.193072][ T8666] device syzkaller0 entered promiscuous mode [ 248.138388][ T8699] loop2: detected capacity change from 0 to 128 [ 248.181983][ T8699] EXT4-fs: inline encryption not supported [ 248.188034][ T8699] EXT4-fs (loop2): Test dummy encryption mode enabled [ 248.202128][ T8699] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 249.265045][ T8712] device syzkaller0 entered promiscuous mode [ 249.315435][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 249.337247][ T8714] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1331'. [ 249.737773][ T8720] fuse: Bad value for 'fd' [ 250.392578][ T8744] loop3: detected capacity change from 0 to 128 [ 250.419100][ T8744] EXT4-fs: inline encryption not supported [ 250.427530][ T8744] EXT4-fs (loop3): Test dummy encryption mode enabled [ 250.448267][ T8744] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 251.683532][ T8757] fuse: Bad value for 'fd' [ 251.684322][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 251.794040][ T27] audit: type=1326 audit(244.126:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm=FF exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffba7771a8 code=0x7ffc0000 [ 251.810804][ T27] audit: type=1326 audit(244.144:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm=FF exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffba7771a8 code=0x7ffc0000 [ 251.827156][ T27] audit: type=1326 audit(244.154:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm="syz.0.1348" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffba7771a8 code=0x7ffc0000 [ 251.830294][ T8760] device syzkaller0 entered promiscuous mode [ 251.838475][ T27] audit: type=1326 audit(244.163:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm="syz.0.1348" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffba7771a8 code=0x7ffc0000 [ 251.842026][ T27] audit: type=1326 audit(244.163:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm=FF exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=425 compat=0 ip=0xffffba7771a8 code=0x7ffc0000 [ 251.845352][ T27] audit: type=1326 audit(244.163:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm=FF exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffba776ea0 code=0x7ffc0000 [ 251.848613][ T27] audit: type=1326 audit(244.163:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm=FF exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffba776ea0 code=0x7ffc0000 [ 251.852207][ T27] audit: type=1326 audit(244.163:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm=FF exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffba7771a8 code=0x7ffc0000 [ 251.856914][ T27] audit: type=1326 audit(244.163:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm=FF exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffba7771a8 code=0x7ffc0000 [ 251.860161][ T27] audit: type=1326 audit(244.163:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8761 comm="syz.0.1348" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=436 compat=0 ip=0xffffba7771a8 code=0x7ffc0000 [ 252.164019][ T8786] fuse: Bad value for 'fd' [ 253.194462][ T8810] device syzkaller0 entered promiscuous mode [ 253.749674][ T8818] fuse: Bad value for 'fd' [ 255.120897][ T8843] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.157891][ T8843] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 255.195567][ T8849] device syzkaller0 entered promiscuous mode [ 255.263932][ T8851] fuse: Bad value for 'fd' [ 255.588756][ T8865] netlink: 'syz.0.1384': attribute type 1 has an invalid length. [ 255.604557][ T8865] 8021q: adding VLAN 0 to HW filter on device bond2 [ 255.628665][ T8865] bond2: (slave gretap1): making interface the new active one [ 255.639363][ T8865] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 255.640939][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 255.755007][ T8873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.769435][ T8873] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 256.668582][ T8885] fuse: Bad value for 'fd' [ 256.739255][ T8887] device syzkaller0 entered promiscuous mode [ 256.778330][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.779516][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.357444][ T8896] netlink: 'syz.3.1396': attribute type 1 has an invalid length. [ 257.412497][ T8896] 8021q: adding VLAN 0 to HW filter on device bond3 [ 257.418537][ T8902] bond3: (slave gretap1): making interface the new active one [ 257.420573][ T8903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 257.422035][ T8903] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 257.424798][ T8902] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 257.427953][ T8298] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready [ 257.570444][ T8908] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 257.577581][ T8908] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 257.800048][ T8914] loop4: detected capacity change from 0 to 128 [ 257.815075][ T8914] EXT4-fs: inline encryption not supported [ 257.816433][ T8914] EXT4-fs (loop4): Test dummy encryption mode enabled [ 257.838470][ T8914] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 258.109308][ T8920] loop2: detected capacity change from 0 to 1024 [ 258.122743][ T8920] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 258.130880][ T8920] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 258.132974][ T8920] EXT4-fs (loop2): orphan cleanup on readonly fs [ 258.138281][ T8920] EXT4-fs error (device loop2): ext4_read_inode_bitmap:168: comm syz.2.1402: Inode bitmap for bg 0 marked uninitialized [ 258.145912][ T8920] EXT4-fs (loop2): Remounting filesystem read-only [ 258.148900][ T8920] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 259.020709][ T8924] fuse: Invalid rootmode [ 259.177576][ T8927] device syzkaller0 entered promiscuous mode [ 259.293287][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 260.173414][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 260.231073][ T8939] netlink: 'syz.4.1408': attribute type 1 has an invalid length. [ 260.243347][ T8939] 8021q: adding VLAN 0 to HW filter on device bond2 [ 260.279010][ T8939] bond2: (slave gretap1): making interface the new active one [ 260.281571][ T8939] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 260.283428][ T6149] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 260.627785][ T8950] binder: BINDER_SET_CONTEXT_MGR already set [ 260.632887][ T8950] binder: 8949:8950 ioctl 4018620d 20004a80 returned -16 [ 260.849784][ T8953] binder: 8949:8953 got transaction to invalid handle, 3 [ 260.851148][ T8953] binder: 8953:8949 cannot find target node [ 260.852146][ T8953] binder: 8949:8953 transaction async to 0:0 failed 94/29201/-22, size 72-24 line 3045 [ 260.884941][ T4367] binder: undelivered TRANSACTION_ERROR: 29201 [ 260.921347][ T8955] loop3: detected capacity change from 0 to 128 [ 260.931084][ T8955] EXT4-fs: inline encryption not supported [ 260.940299][ T8955] EXT4-fs (loop3): Test dummy encryption mode enabled [ 260.947591][ T8955] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 261.057845][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 261.098006][ T8959] loop3: detected capacity change from 0 to 1024 [ 261.102203][ T8959] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 261.112263][ T8959] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 261.114036][ T8959] EXT4-fs (loop3): orphan cleanup on readonly fs [ 261.115915][ T8959] EXT4-fs error (device loop3): ext4_read_inode_bitmap:168: comm syz.3.1415: Inode bitmap for bg 0 marked uninitialized [ 261.121620][ T8959] EXT4-fs (loop3): Remounting filesystem read-only [ 261.122953][ T8959] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 261.147573][ T8962] device syzkaller0 entered promiscuous mode [ 261.733805][ T8972] netlink: 'syz.2.1420': attribute type 1 has an invalid length. [ 262.006821][ T8972] 8021q: adding VLAN 0 to HW filter on device bond7 [ 262.011931][ T8978] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1420'. [ 262.298975][ T8986] binder: 8985:8986 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 262.313502][ T8986] binder: 8985:8986 got transaction to invalid handle, 1 [ 262.314784][ T8986] binder: 8986:8985 cannot find target node [ 262.315679][ T8986] binder: 8985:8986 transaction call to 0:0 failed 97/29201/-22, size 72-24 line 3045 [ 262.322428][ T8986] binder: 8985:8986 got transaction to invalid handle, 3 [ 262.331537][ T8986] binder: 8986:8985 cannot find target node [ 262.333752][ T8986] binder: 8985:8986 transaction async to 0:0 failed 98/29201/-22, size 72-24 line 3045 [ 262.386017][ T4405] binder: undelivered TRANSACTION_ERROR: 29201 [ 262.387338][ T4405] binder: undelivered TRANSACTION_ERROR: 29201 [ 262.428944][ T8988] loop4: detected capacity change from 0 to 128 [ 262.449113][ T8988] EXT4-fs: inline encryption not supported [ 262.467939][ T8988] EXT4-fs (loop4): Test dummy encryption mode enabled [ 262.491409][ T8988] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 262.562835][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 262.618210][ T8995] device syzkaller0 entered promiscuous mode [ 262.707523][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 262.976840][ T9006] netlink: 'syz.1.1431': attribute type 1 has an invalid length. [ 263.146197][ T9006] 8021q: adding VLAN 0 to HW filter on device bond5 [ 263.230919][ T9012] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1431'. [ 264.063381][ T9028] binder: 9027:9028 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 264.071430][ T9028] binder: 9027:9028 got transaction to invalid handle, 1 [ 264.072632][ T9028] binder: 9028:9027 cannot find target node [ 264.074410][ T9028] binder: 9027:9028 got transaction to invalid handle, 3 [ 264.134385][ T9030] loop3: detected capacity change from 0 to 1024 [ 264.159731][ T9030] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 264.175539][ T9030] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 264.177455][ T9030] EXT4-fs (loop3): orphan cleanup on readonly fs [ 264.180139][ T9030] EXT4-fs error (device loop3): ext4_read_inode_bitmap:168: comm syz.3.1438: Inode bitmap for bg 0 marked uninitialized [ 264.182495][ T9030] EXT4-fs (loop3): Remounting filesystem read-only [ 264.186305][ T9030] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 264.284260][ T9033] loop0: detected capacity change from 0 to 128 [ 264.290711][ T9033] EXT4-fs: inline encryption not supported [ 264.299810][ T9033] EXT4-fs (loop0): Test dummy encryption mode enabled [ 264.313923][ T9033] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 264.432834][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 264.935304][ T9043] device syzkaller0 entered promiscuous mode [ 265.436296][ T9047] netlink: 'syz.4.1443': attribute type 1 has an invalid length. [ 265.472000][ T9047] 8021q: adding VLAN 0 to HW filter on device bond3 [ 265.483460][ T9047] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1443'. [ 266.251018][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 266.430146][ T9063] binder: 9062:9063 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 266.498139][ T9063] binder: 9062:9063 got transaction to invalid handle, 1 [ 266.499577][ T9063] binder_debug: 5 callbacks suppressed [ 266.499589][ T9063] binder: 9063:9062 cannot find target node [ 266.501716][ T9063] binder: 9062:9063 transaction call to 0:0 failed 105/29201/-22, size 72-24 line 3045 [ 266.505742][ T9063] binder: 9062:9063 got transaction to invalid handle, 3 [ 266.522069][ T9063] binder: 9063:9062 cannot find target node [ 266.524262][ T9063] binder: 9062:9063 transaction async to 0:0 failed 106/29201/-22, size 72-24 line 3045 [ 266.537693][ T22] binder: undelivered TRANSACTION_ERROR: 29201 [ 266.538895][ T22] binder: undelivered TRANSACTION_ERROR: 29201 [ 266.578312][ T9072] loop1: detected capacity change from 0 to 128 [ 266.578673][ T9072] EXT4-fs: inline encryption not supported [ 266.582443][ T9072] EXT4-fs (loop1): Test dummy encryption mode enabled [ 266.588214][ T9072] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 267.292482][ T9078] device syzkaller0 entered promiscuous mode [ 267.451750][ T9082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 267.453479][ T9082] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 267.456077][ T9082] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1455'. [ 267.508682][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 267.730203][ T9103] binder: 9102:9103 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 268.556539][ T9103] binder: 9102:9103 got transaction to invalid handle, 3 [ 268.557736][ T9103] binder: 9103:9102 cannot find target node [ 268.558734][ T9103] binder: 9102:9103 transaction async to 0:0 failed 108/29201/-22, size 72-24 line 3045 [ 268.685985][ T22] binder: undelivered TRANSACTION_ERROR: 29201 [ 268.949273][ T4405] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 268.960593][ T9120] device syzkaller0 entered promiscuous mode [ 268.988131][ T9122] loop2: detected capacity change from 0 to 128 [ 268.989718][ T9122] EXT4-fs: inline encryption not supported [ 268.991271][ T9122] EXT4-fs (loop2): Test dummy encryption mode enabled [ 269.012391][ T9122] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 269.175539][ T4405] usb 1-1: config 0 has no interfaces? [ 269.176590][ T4405] usb 1-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 269.178343][ T4405] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.181532][ T4405] usb 1-1: config 0 descriptor?? [ 269.420717][ T4405] usb 1-1: USB disconnect, device number 8 [ 269.929310][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 269.961713][ T9142] binder: 9141:9142 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 269.964792][ T9142] binder: 9141:9142 got transaction to invalid handle, 3 [ 269.966021][ T9142] binder: 9142:9141 cannot find target node [ 270.027560][ T9145] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 270.029314][ T9145] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 270.035331][ T9145] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1474'. [ 270.423748][ T9157] device syzkaller0 entered promiscuous mode [ 270.732563][ T9165] loop3: detected capacity change from 0 to 128 [ 270.740280][ T9165] EXT4-fs: inline encryption not supported [ 270.744003][ T9165] EXT4-fs (loop3): Test dummy encryption mode enabled [ 270.761275][ T9165] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 271.649210][ T9177] binder: 9176:9177 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 271.649275][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 271.652124][ T9177] binder: 9176:9177 got transaction to invalid handle, 3 [ 272.281395][ T9200] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 272.283122][ T9200] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 272.287170][ T9200] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1493'. [ 272.311119][ T9197] device syzkaller0 entered promiscuous mode [ 272.438965][ T9207] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 272.441191][ T9207] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 272.670974][ T9213] tipc: Started in network mode [ 272.671787][ T9213] tipc: Node identity aa259aff567c, cluster identity 4711 [ 272.681190][ T9213] tipc: Enabled bearer , priority 0 [ 272.685754][ T9213] device syzkaller0 entered promiscuous mode [ 272.694179][ T9212] tipc: Resetting bearer [ 272.743993][ T9212] tipc: Disabling bearer [ 272.950964][ T9221] binder: 9220:9221 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 272.954407][ T9221] binder: 9220:9221 got transaction to invalid handle, 3 [ 272.955648][ T9221] binder_debug: 5 callbacks suppressed [ 272.955655][ T9221] binder: 9221:9220 cannot find target node [ 272.957683][ T9221] binder: 9220:9221 transaction async to 0:0 failed 114/29201/-22, size 72-24 line 3045 [ 272.966748][ T24] binder: undelivered TRANSACTION_ERROR: 29201 [ 273.914743][ T9240] device syzkaller0 entered promiscuous mode [ 274.474196][ T9252] binder: 9251:9252 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 274.481791][ T9252] binder: 9251:9252 got transaction to invalid handle, 3 [ 274.489508][ T9252] binder: 9252:9251 cannot find target node [ 274.490598][ T9252] binder: 9251:9252 transaction async to 0:0 failed 116/29201/-22, size 72-24 line 3045 [ 274.508173][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 274.541323][ T9260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 274.542816][ T9260] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 274.554612][ T9260] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1512'. [ 274.622063][ T9263] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1510'. [ 274.736353][ T9266] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1516'. [ 274.788139][ T6662] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 274.944225][ T6662] usb 1-1: device descriptor read/64, error -71 [ 275.286863][ T6662] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 275.457100][ T6662] usb 1-1: device descriptor read/64, error -71 [ 275.585741][ T6662] usb usb1-port1: attempt power cycle [ 276.066413][ T6662] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 276.157990][ T6662] usb 1-1: device descriptor read/8, error -71 [ 276.488650][ T9295] device syzkaller0 entered promiscuous mode [ 276.515264][ T6662] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 276.558160][ T6662] usb 1-1: device descriptor read/8, error -71 [ 276.697009][ T6662] usb usb1-port1: unable to enumerate USB device [ 276.724641][ T9299] binder: 9298:9299 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 276.728510][ T9299] binder: 9298:9299 got transaction to invalid handle, 3 [ 276.732484][ T9299] binder: 9299:9298 cannot find target node [ 276.733582][ T9299] binder: 9298:9299 transaction async to 0:0 failed 118/29201/-22, size 72-24 line 3045 [ 276.743413][ T4523] binder: undelivered TRANSACTION_ERROR: 29201 [ 276.968774][ T9309] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 276.975057][ T9309] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 276.977687][ T9309] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 276.980890][ T9309] device bridge_slave_0 left promiscuous mode [ 276.983261][ T9309] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.988861][ T9311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 276.991580][ T9311] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.994790][ T9311] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1530'. [ 277.018538][ T9309] device bridge_slave_1 left promiscuous mode [ 277.019837][ T9309] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.062173][ T9309] bond0: (slave bond_slave_0): Releasing backup interface [ 277.117843][ T9309] bond0: (slave bond_slave_1): Releasing backup interface [ 277.182989][ T9309] team0: Port device team_slave_0 removed [ 277.201363][ T9309] team0: Port device team_slave_1 removed [ 277.202948][ T9309] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 277.204332][ T9309] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 277.219729][ T9309] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 277.226647][ T9309] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 277.233684][ T9309] bond2: (slave gretap1): Releasing active interface [ 277.620986][ T9319] device syzkaller0 entered promiscuous mode [ 277.781056][ T9327] binder: 9326:9327 ioctl 4018620d 0 returned -22 [ 277.783910][ T9327] binder: 9326:9327 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 277.798759][ T9327] binder: 9326:9327 got transaction to invalid handle, 1 [ 277.799975][ T9327] binder: 9327:9326 cannot find target node [ 277.802329][ T9327] binder: 9326:9327 got transaction to invalid handle, 3 [ 278.536698][ T9250] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 278.546994][ T9347] 9pnet_virtio: no channels available for device syz [ 278.724215][ T9357] device syzkaller0 entered promiscuous mode [ 278.846809][ T9360] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.851554][ T9360] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.988368][ T9363] binder: 9362:9363 ioctl 4018620d 0 returned -22 [ 278.990218][ T9363] binder: 9362:9363 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 278.998844][ T9363] binder: 9362:9363 got transaction to invalid handle, 1 [ 279.000250][ T9363] binder_debug: 5 callbacks suppressed [ 279.000263][ T9363] binder: 9363:9362 cannot find target node [ 279.008980][ T9363] binder: 9362:9363 transaction call to 0:0 failed 127/29201/-22, size 72-24 line 3045 [ 279.011466][ T9363] binder: 9362:9363 got transaction to invalid handle, 3 [ 279.012695][ T9363] binder: 9363:9362 cannot find target node [ 279.023554][ T9363] binder: 9362:9363 transaction async to 0:0 failed 128/29201/-22, size 72-24 line 3045 [ 279.043214][ T4523] binder: undelivered TRANSACTION_ERROR: 29201 [ 279.044536][ T4523] binder: undelivered TRANSACTION_ERROR: 29201 [ 280.059247][ T9376] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 280.715386][ T4333] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 280.716603][ T4332] Bluetooth: hci5: command 0x1003 tx timeout [ 280.716705][ T4328] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 280.720268][ T4328] Bluetooth: hci3: Injecting HCI hardware error event [ 280.722721][ T4333] Bluetooth: hci3: hardware error 0x00 [ 280.737591][ T9382] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 280.743657][ T9382] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 280.754047][ T9382] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1556'. [ 280.925245][ T9391] device syzkaller0 entered promiscuous mode [ 280.981343][ T9393] binder: 9392:9393 ioctl 4018620d 0 returned -22 [ 280.983794][ T9393] binder: 9392:9393 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 280.986970][ T9393] binder: 9392:9393 got transaction to invalid handle, 1 [ 280.988333][ T9393] binder: 9393:9392 cannot find target node [ 280.989278][ T9393] binder: 9392:9393 transaction call to 0:0 failed 131/29201/-22, size 72-24 line 3045 [ 280.991656][ T9393] binder: 9392:9393 got transaction to invalid handle, 3 [ 280.993509][ T9393] binder: 9393:9392 cannot find target node [ 280.994660][ T9393] binder: 9392:9393 transaction async to 0:0 failed 132/29201/-22, size 72-24 line 3045 [ 281.161425][ T9399] 9pnet_virtio: no channels available for device syz [ 281.513811][ T9402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 281.521027][ T9402] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 282.266915][ T9421] binder: BINDER_SET_CONTEXT_MGR already set [ 282.269323][ T9421] binder: 9420:9421 ioctl 4018620d 20004a80 returned -16 [ 282.274146][ T9421] binder: 9420:9421 got transaction to invalid handle, 3 [ 282.322381][ T9423] loop3: detected capacity change from 0 to 1024 [ 282.324480][ T9423] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 282.326838][ T9423] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 282.329872][ T9423] EXT4-fs (loop3): orphan cleanup on readonly fs [ 282.331209][ T9423] EXT4-fs error (device loop3): ext4_read_inode_bitmap:168: comm syz.3.1573: Inode bitmap for bg 0 marked uninitialized [ 282.334072][ T9423] EXT4-fs (loop3): Remounting filesystem read-only [ 282.335387][ T9423] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 283.130884][ T4333] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 283.737563][ T9459] loop1: detected capacity change from 0 to 128 [ 283.753842][ T9459] EXT4-fs: inline encryption not supported [ 283.763937][ T9459] EXT4-fs (loop1): Test dummy encryption mode enabled [ 283.806870][ T9459] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 283.836332][ T4405] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 283.855555][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 283.985489][ T9463] binder: BINDER_SET_CONTEXT_MGR already set [ 283.986804][ T9463] binder: 9462:9463 ioctl 4018620d 20004a80 returned -16 [ 283.994236][ T9467] binder: 9462:9467 got transaction to invalid handle, 3 [ 284.145971][ T9470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 284.162083][ T9470] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 284.172678][ T4405] usb 1-1: config 0 has no interfaces? [ 284.176123][ T4405] usb 1-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 284.177993][ T4405] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.207129][ T4405] usb 1-1: config 0 descriptor?? [ 284.226501][ T9473] binder: 9472:9473 tried to acquire reference to desc 0, got 1 instead [ 284.237407][ T9473] binder: 9472:9473 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 284.240788][ T9473] binder: 9472:9473 ioctl c0306201 20000680 returned -14 [ 284.431042][ T9437] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1577'. [ 284.433970][ T7] usb 1-1: USB disconnect, device number 13 [ 284.867614][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 285.112258][ T9489] fuse: Unknown parameter 'user_i00000000000000000000' [ 285.232379][ T9490] 9pnet_virtio: no channels available for device syz [ 286.113939][ T9494] loop3: detected capacity change from 0 to 1024 [ 286.115874][ T9494] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 286.121232][ T9494] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 286.123076][ T9494] EXT4-fs (loop3): orphan cleanup on readonly fs [ 286.124376][ T9494] EXT4-fs error (device loop3): ext4_read_inode_bitmap:168: comm syz.3.1593: Inode bitmap for bg 0 marked uninitialized [ 286.126633][ T9494] EXT4-fs (loop3): Remounting filesystem read-only [ 286.127745][ T9494] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 286.411257][ T9502] binder: BINDER_SET_CONTEXT_MGR already set [ 286.412387][ T9502] binder: 9501:9502 ioctl 4018620d 20004a80 returned -16 [ 286.414433][ T9502] binder_user_error: 2 callbacks suppressed [ 286.414439][ T9502] binder: 9501:9502 got transaction to invalid handle, 3 [ 286.416547][ T9502] binder_debug: 11 callbacks suppressed [ 286.416559][ T9502] binder: 9502:9501 cannot find target node [ 286.436605][ T9502] binder: 9501:9502 transaction async to 0:0 failed 143/29201/-22, size 72-24 line 3045 [ 286.445800][ T9510] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 286.447338][ T9510] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 286.472596][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 286.508204][ T9513] fuse: Unknown parameter 'user_i00000000000000000000' [ 287.487628][ T9527] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 287.520487][ T9528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 287.535640][ T9528] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 287.644933][ T9528] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1606'. [ 288.073377][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 288.437957][ T9544] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1612'. [ 288.852623][ T9550] fuse: Unknown parameter 'user_i00000000000000000000' [ 289.685893][ T9560] loop3: detected capacity change from 0 to 40427 [ 289.689551][ T9560] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 289.690779][ T9560] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 289.696767][ T9560] F2FS-fs (loop3): invalid crc value [ 289.707552][ T9560] F2FS-fs (loop3): Found nat_bits in checkpoint [ 289.742120][ T9560] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 289.743504][ T9560] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 289.812420][ T4405] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 290.000835][ T4405] usb 1-1: Using ep0 maxpacket: 16 [ 290.470246][ T4405] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 290.472084][ T4405] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 290.473525][ T4405] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 290.475059][ T4405] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.480510][ T4405] usb 1-1: config 0 descriptor?? [ 290.571486][ T9572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 290.574272][ T9572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 290.576485][ T9572] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1621'. [ 291.069537][ T9589] fuse: Unknown parameter 'user_id00000000000000000000' [ 291.214903][ T9597] loop4: detected capacity change from 0 to 128 [ 291.216326][ T9597] EXT4-fs: inline encryption not supported [ 291.225253][ T9597] EXT4-fs (loop4): Test dummy encryption mode enabled [ 291.353588][ T9597] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 291.675216][ T9616] fuse: Unknown parameter 'user_id00000000000000000000' [ 291.724197][ T9620] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1638'. [ 291.848127][ T9618] loop2: detected capacity change from 0 to 40427 [ 291.859956][ T9618] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 291.862670][ T9622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 291.865039][ T9622] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 291.867618][ T9618] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 291.869898][ T9622] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1639'. [ 291.872866][ T9618] F2FS-fs (loop2): invalid crc value [ 291.895733][ T9618] F2FS-fs (loop2): Found nat_bits in checkpoint [ 291.911356][ T9618] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 291.912636][ T9618] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 292.189786][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 292.773734][ T7] usb 1-1: USB disconnect, device number 14 [ 293.263964][ T9655] fuse: Unknown parameter 'user_id00000000000000000000' [ 293.319242][ T9658] binder: 9657:9658 got transaction to invalid handle, 1 [ 293.320882][ T9658] binder: 9658:9657 cannot find target node [ 293.321874][ T9658] binder: 9657:9658 transaction call to 0:0 failed 147/29201/-22, size 72-24 line 3045 [ 293.331116][ T9658] binder: 9657:9658 got transaction to invalid handle, 3 [ 293.332639][ T9658] binder: 9658:9657 cannot find target node [ 293.333638][ T9658] binder: 9657:9658 transaction async to 0:0 failed 148/29201/-22, size 72-24 line 3045 [ 293.353821][ T22] binder: undelivered TRANSACTION_ERROR: 29201 [ 293.355232][ T22] binder: undelivered TRANSACTION_ERROR: 29201 [ 293.420299][ T7] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 293.612975][ T7] usb 1-1: Using ep0 maxpacket: 32 [ 293.618080][ T7] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 293.621910][ T7] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 293.628962][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.630654][ T7] usb 1-1: Product: syz [ 293.631343][ T7] usb 1-1: Manufacturer: syz [ 293.637623][ T7] usb 1-1: SerialNumber: syz [ 293.641669][ T7] usb 1-1: config 0 descriptor?? [ 293.654730][ T9641] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 293.664611][ T7] hub 1-1:0.0: bad descriptor, ignoring hub [ 293.665806][ T7] hub: probe of 1-1:0.0 failed with error -5 [ 294.009062][ T7] usb 1-1: USB disconnect, device number 15 [ 294.291389][ T9666] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 294.293020][ T9666] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 294.339157][ T9665] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1652'. [ 294.379840][ T9668] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1653'. [ 294.670011][ T9685] fuse: Bad value for 'fd' [ 296.141184][ T9676] loop1: detected capacity change from 0 to 40427 [ 296.233603][ T9676] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 296.234862][ T9676] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 296.247601][ T9676] F2FS-fs (loop1): invalid crc value [ 296.773236][ T9676] F2FS-fs (loop1): Found nat_bits in checkpoint [ 296.783475][ T9676] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 296.784778][ T9676] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 298.093757][ T9715] device syzkaller0 entered promiscuous mode [ 298.135806][ T9700] Process accounting resumed [ 299.847986][ T9733] fuse: Bad value for 'fd' [ 299.851498][ T9732] binder: 9730:9732 got transaction to invalid handle, 1 [ 299.852901][ T9732] binder: 9732:9730 cannot find target node [ 299.855268][ T9732] binder: 9730:9732 transaction call to 0:0 failed 152/29201/-22, size 72-24 line 3045 [ 299.862307][ T9732] binder: 9730:9732 got transaction to invalid handle, 3 [ 299.863743][ T9732] binder: 9732:9730 cannot find target node [ 299.888159][ T9732] binder: 9730:9732 transaction async to 0:0 failed 153/29201/-22, size 72-24 line 3045 [ 299.911932][ T22] binder: undelivered TRANSACTION_ERROR: 29201 [ 299.913285][ T22] binder: undelivered TRANSACTION_ERROR: 29201 [ 300.773111][ T9755] loop0: detected capacity change from 0 to 1024 [ 300.790042][ T9755] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 300.814252][ T9755] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 300.821316][ T9755] EXT4-fs (loop0): orphan cleanup on readonly fs [ 300.823300][ T9755] EXT4-fs error (device loop0): ext4_read_inode_bitmap:168: comm syz.0.1680: Inode bitmap for bg 0 marked uninitialized [ 300.833461][ T9755] EXT4-fs (loop0): Remounting filesystem read-only [ 300.834849][ T9755] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 300.963298][ T9759] device syzkaller0 entered promiscuous mode [ 301.086310][ T9764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 301.087854][ T9764] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 301.389223][ T9769] fuse: Bad value for 'fd' [ 301.427826][ T9772] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1687'. [ 302.463165][ T9808] 9pnet_virtio: no channels available for device syz [ 302.649714][ T9814] fuse: Unknown parameter '0x0000000000000003' [ 303.344081][ T9841] loop2: detected capacity change from 0 to 1024 [ 303.351310][ T9841] EXT4-fs: Ignoring removed bh option [ 303.391636][ T9841] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 303.404063][ T9841] EXT4-fs error (device loop2): __ext4_remount:6644: comm syz.2.1708: Abort forced by user [ 303.408265][ T9841] EXT4-fs (loop2): Remounting filesystem read-only [ 303.409955][ T9841] EXT4-fs (loop2): re-mounted. Quota mode: none. [ 303.431530][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 304.060699][ T9858] binder: 9857:9858 got transaction to invalid handle, 1 [ 304.062099][ T9858] binder: 9858:9857 cannot find target node [ 304.063301][ T9858] binder: 9857:9858 transaction call to 0:0 failed 163/29201/-22, size 72-24 line 3045 [ 304.066501][ T9858] binder: 9857:9858 got transaction to invalid handle, 3 [ 304.067886][ T9858] binder: 9858:9857 cannot find target node [ 304.068805][ T9858] binder: 9857:9858 transaction async to 0:0 failed 164/29201/-22, size 72-24 line 3045 [ 304.145066][ T4326] EXT4-fs (loop0): unmounting filesystem. [ 304.924857][ T9895] 9pnet_virtio: no channels available for device syz [ 305.891362][ T9897] binder: tried to use weak ref as strong ref [ 305.892410][ T9897] binder: 9892:9897 Acquire 1 refcount change on invalid ref 0 ret -22 [ 305.894452][ T9897] binder: 9892:9897 got transaction to invalid handle, 1 [ 305.895604][ T9897] binder_debug: 2 callbacks suppressed [ 305.895613][ T9897] binder: 9897:9892 cannot find target node [ 305.897348][ T9897] binder: 9892:9897 transaction call to 0:0 failed 169/29201/-22, size 72-24 line 3045 [ 305.960733][ T9901] loop3: detected capacity change from 0 to 1024 [ 305.965415][ T9901] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 305.970133][ T4523] binder: undelivered TRANSACTION_ERROR: 29201 [ 305.981865][ T9901] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 305.983546][ T9901] EXT4-fs (loop3): orphan cleanup on readonly fs [ 305.984810][ T9901] EXT4-fs error (device loop3): ext4_read_inode_bitmap:168: comm syz.3.1725: Inode bitmap for bg 0 marked uninitialized [ 305.986889][ T9901] EXT4-fs (loop3): Remounting filesystem read-only [ 305.988249][ T9901] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 306.065606][ T9909] binder: 9907:9909 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 306.155386][ T9918] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1732'. [ 306.423915][ T9931] netlink: 'syz.1.1736': attribute type 21 has an invalid length. [ 306.456278][ T9933] raw_sendmsg: syz.1.1738 forgot to set AF_INET. Fix it! [ 306.481653][ T9935] binder: tried to use weak ref as strong ref [ 306.483051][ T9935] binder: 9934:9935 Acquire 1 refcount change on invalid ref 0 ret -22 [ 306.484926][ T9935] binder: 9934:9935 got transaction to invalid handle, 1 [ 306.486072][ T9935] binder: 9935:9934 cannot find target node [ 306.487036][ T9935] binder: 9934:9935 transaction call to 0:0 failed 172/29201/-22, size 72-24 line 3045 [ 306.509015][ T4523] binder: undelivered TRANSACTION_ERROR: 29201 [ 306.521620][ T9939] fuse: Unknown parameter '0x0000000000000003' [ 306.543089][ T9941] binder: 9940:9941 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 307.637826][ T9965] fuse: Unknown parameter '0x0000000000000003' [ 307.653362][ T9967] binder: tried to use weak ref as strong ref [ 307.655157][ T9967] binder: 9966:9967 Acquire 1 refcount change on invalid ref 0 ret -22 [ 307.657501][ T9967] binder: 9967:9966 cannot find target node [ 307.658561][ T9967] binder: 9966:9967 transaction call to 0:0 failed 177/29201/-22, size 72-24 line 3045 [ 307.691900][ T4523] binder: undelivered TRANSACTION_ERROR: 29201 [ 308.604751][ T9983] netlink: 'syz.1.1758': attribute type 29 has an invalid length. [ 308.610438][ T9983] netlink: 'syz.1.1758': attribute type 3 has an invalid length. [ 308.611965][ T9983] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1758'. [ 308.813647][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 308.877867][ T9992] fuse: Unknown parameter '0x0000000000000003' [ 308.924660][ T9997] binder: 9996:9997 ioctl 4018620d 0 returned -22 [ 308.930102][ T9997] binder: 9997:9996 cannot find target node [ 309.670915][T10016] loop2: detected capacity change from 0 to 1024 [ 309.696629][T10016] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 309.721740][T10016] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 309.726022][T10016] EXT4-fs (loop2): orphan cleanup on readonly fs [ 309.736432][T10016] EXT4-fs error (device loop2): ext4_read_inode_bitmap:168: comm syz.2.1771: Inode bitmap for bg 0 marked uninitialized [ 309.749709][T10016] EXT4-fs (loop2): Remounting filesystem read-only [ 309.757235][T10016] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 310.132841][T10023] fuse: Unknown parameter 'fd0x0000000000000003' [ 310.233795][T10025] binder: 10024:10025 ioctl 4018620d 0 returned -22 [ 310.312214][T10032] device syzkaller0 entered promiscuous mode [ 311.352984][T10052] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 311.355708][T10052] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 311.357189][T10052] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 311.843306][T10059] binder: 10058:10059 ioctl 4018620d 0 returned -22 [ 311.844895][T10059] binder_user_error: 12 callbacks suppressed [ 311.844902][T10059] binder: tried to use weak ref as strong ref [ 311.847128][T10059] binder: 10058:10059 Acquire 1 refcount change on invalid ref 0 ret -22 [ 311.850975][T10059] binder: 10058:10059 got transaction to invalid handle, 1 [ 311.852147][T10059] binder_debug: 11 callbacks suppressed [ 311.852157][T10059] binder: 10059:10058 cannot find target node [ 311.863219][T10059] binder: 10058:10059 transaction call to 0:0 failed 193/29201/-22, size 72-24 line 3045 [ 311.866025][T10059] binder: 10058:10059 got transaction to invalid handle, 3 [ 311.867292][T10059] binder: 10059:10058 cannot find target node [ 311.868231][T10059] binder: 10058:10059 transaction async to 0:0 failed 194/29201/-22, size 72-24 line 3045 [ 311.901862][ T22] binder: undelivered TRANSACTION_ERROR: 29201 [ 311.903118][ T22] binder: undelivered TRANSACTION_ERROR: 29201 [ 311.946716][T10061] binder: 10060:10061 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 312.561652][ T4327] EXT4-fs (loop2): unmounting filesystem. [ 312.644210][T10076] device syzkaller0 entered promiscuous mode [ 313.540327][T10094] binder: 10093:10094 ioctl c0306201 0 returned -14 [ 313.548569][T10094] binder: 10093:10094 got transaction to invalid handle, 1 [ 313.554702][T10094] binder: 10094:10093 cannot find target node [ 313.555903][T10094] binder: 10093:10094 transaction call to 0:0 failed 199/29201/-22, size 72-24 line 3045 [ 313.570643][T10094] binder: 10093:10094 got transaction to invalid handle, 3 [ 313.572002][T10094] binder: 10094:10093 cannot find target node [ 313.572913][T10094] binder: 10093:10094 transaction async to 0:0 failed 200/29201/-22, size 72-24 line 3045 [ 313.942949][T10107] loop3: detected capacity change from 0 to 1024 [ 313.951679][T10107] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 313.962739][T10107] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 313.964594][T10107] EXT4-fs (loop3): orphan cleanup on readonly fs [ 313.967184][T10107] EXT4-fs error (device loop3): ext4_read_inode_bitmap:168: comm syz.3.1803: Inode bitmap for bg 0 marked uninitialized [ 313.972665][T10107] EXT4-fs (loop3): Remounting filesystem read-only [ 313.973836][T10107] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 314.014225][T10103] device syzkaller0 entered promiscuous mode [ 315.358440][ T4322] EXT4-fs (loop3): unmounting filesystem. [ 315.396869][T10137] binder: 10136:10137 ioctl c0306201 0 returned -14 [ 315.398671][T10137] binder: 10136:10137 got transaction to invalid handle, 1 [ 315.400671][T10137] binder: 10136:10137 got transaction to invalid handle, 3 [ 320.309923][T10169] loop4: detected capacity change from 0 to 1024 [ 320.313936][T10169] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 320.316155][T10169] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 320.318643][T10169] EXT4-fs (loop4): orphan cleanup on readonly fs [ 320.320303][T10169] EXT4-fs error (device loop4): ext4_read_inode_bitmap:168: comm syz.4.1821: Inode bitmap for bg 0 marked uninitialized [ 320.322561][T10169] EXT4-fs (loop4): Remounting filesystem read-only [ 320.323742][T10169] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 321.466890][ T4331] EXT4-fs (loop4): unmounting filesystem. [ 321.498689][T10174] binder: 10173:10174 ioctl c0306201 0 returned -14 [ 321.500148][T10174] binder: 10173:10174 got transaction to invalid handle, 1 [ 321.501299][T10174] binder_debug: 8 callbacks suppressed [ 321.501312][T10174] binder: 10174:10173 cannot find target node [ 321.508052][T10174] binder: 10173:10174 transaction call to 0:0 failed 209/29201/-22, size 72-24 line 3045 [ 321.510581][T10174] binder: 10173:10174 got transaction to invalid handle, 3 [ 321.511716][T10174] binder: 10174:10173 cannot find target node [ 321.512680][T10174] binder: 10173:10174 transaction async to 0:0 failed 210/29201/-22, size 72-24 line 3045 [ 321.521301][ T6662] binder: undelivered TRANSACTION_ERROR: 29201 [ 321.522372][ T6662] binder: undelivered TRANSACTION_ERROR: 29201 [ 322.469253][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.480026][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 327.894706][T10209] binder: 10208:10209 got transaction to invalid handle, 1 [ 328.180273][T10209] binder: 10209:10208 cannot find target node [ 328.181786][T10209] binder: 10208:10209 transaction call to 0:0 failed 214/29201/-22, size 72-24 line 3045 [ 328.199137][T10211] binder: 10208:10211 got transaction to invalid handle, 3 [ 328.200655][T10211] binder: 10211:10208 cannot find target node [ 328.201637][T10211] binder: 10208:10211 transaction async to 0:0 failed 215/29201/-22, size 72-24 line 3045 [ 328.221802][ T4371] binder: undelivered TRANSACTION_ERROR: 29201 [ 328.223018][ T4371] binder: undelivered TRANSACTION_ERROR: 29201 [ 328.811222][T10229] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1838'. [ 328.816754][T10229] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 329.425304][T10246] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 329.431528][T10246] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 329.689012][ T4405] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 329.889704][T10248] binder: 10247:10248 got transaction to invalid handle, 1 [ 329.891096][T10248] binder: 10248:10247 cannot find target node [ 329.900112][T10248] binder: 10247:10248 transaction call to 0:0 failed 219/29201/-22, size 72-24 line 3045 [ 329.903520][ T4405] usb 1-1: Using ep0 maxpacket: 8 [ 329.906112][ T4405] usb 1-1: config 6 has an invalid interface number: 220 but max is 0 [ 329.907449][ T4405] usb 1-1: config 6 has no interface number 0 [ 329.908583][ T4405] usb 1-1: config 6 interface 220 has no altsetting 0 [ 329.910684][T10248] binder: 10247:10248 got transaction to invalid handle, 3 [ 329.911527][ T4405] usb 1-1: New USB device found, idVendor=174f, idProduct=5212, bcdDevice=40.10 [ 329.912030][T10248] binder: 10248:10247 cannot find target node [ 329.913697][ T4405] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.914962][T10248] binder: 10247:10248 transaction async to 0:0 failed 220/29201/-22, size 72-24 line 3045 [ 329.915812][ T4405] usb 1-1: Product: syz [ 329.919661][ T4405] usb 1-1: Manufacturer: syz [ 329.920495][ T4405] usb 1-1: SerialNumber: syz [ 330.882883][ T4405] usb 1-1: Found UVC 7.ff device syz (174f:5212) [ 330.884055][ T4405] uvcvideo 1-1:6.220: Entity type for entity Output 4 was not initialized! [ 330.886170][ T4405] ------------[ cut here ]------------ [ 330.886946][ T4405] WARNING: CPU: 1 PID: 4405 at drivers/media/mc/mc-entity.c:1069 media_create_pad_link+0x888/0xa14 [ 330.888705][ T4405] Modules linked in: [ 330.889330][ T4405] CPU: 1 PID: 4405 Comm: kworker/1:6 Not tainted syzkaller #0 [ 330.890605][ T4405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 330.892253][ T4405] Workqueue: usb_hub_wq hub_event [ 330.893073][ T4405] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 330.894282][ T4405] pc : media_create_pad_link+0x888/0xa14 [ 330.895232][ T4405] lr : media_create_pad_link+0x888/0xa14 [ 330.896121][ T4405] sp : ffff800020de68e0 [ 330.896741][ T4405] x29: ffff800020de6940 x28: ffff0000c324a880 x27: ffff0000dc446080 [ 330.898012][ T4405] x26: 0000000000000003 x25: ffff0000c324a9d0 x24: 0000000000000002 [ 330.899301][ T4405] x23: 0000000000000000 x22: 0000000000000002 x21: 0000000000000000 [ 330.900602][ T4405] x20: dfff800000000000 x19: ffff0000c324aa00 x18: ffff800011b9bf60 [ 330.901884][ T4405] x17: ffff80001835a000 x16: ffff8000082eef80 x15: ffff800017e3b000 [ 330.903108][ T4405] x14: 0000000000000001 x13: 1fffe0001bac9497 x12: 0000000000100000 [ 330.904367][ T4405] x11: 00000000000fffff x10: ffff800031d23000 x9 : ffff80000e0dcfc8 [ 330.905752][ T4405] x8 : 0000000000100000 x7 : 0000000000000000 x6 : 0000000000000000 [ 330.907140][ T4405] x5 : ffff80001867e7d0 x4 : 0000000000000003 x3 : 0000000000000000 [ 330.908479][ T4405] x2 : ffff0000c324a880 x1 : 0000000000000000 x0 : 0000000000000002 [ 330.909903][ T4405] Call trace: [ 330.910490][ T4405] media_create_pad_link+0x888/0xa14 [ 330.911392][ T4405] uvc_mc_register_entities+0x624/0x88c [ 330.912336][ T4405] uvc_register_chains+0x370/0x468 [ 330.913136][ T4405] uvc_probe+0x78b0/0x816c [ 330.913807][ T4405] usb_probe_interface+0x514/0x99c [ 330.914579][ T4405] really_probe+0x39c/0xacc [ 330.915326][ T4405] __driver_probe_device+0x180/0x310 [ 330.916159][ T4405] driver_probe_device+0x78/0x324 [ 330.917009][ T4405] __device_attach_driver+0x290/0x4d4 [ 330.917895][ T4405] bus_for_each_drv+0x154/0x1e4 [ 330.918685][ T4405] __device_attach+0x2ac/0x3dc [ 330.919553][ T4405] device_initial_probe+0x24/0x34 [ 330.920365][ T4405] bus_probe_device+0xbc/0x1c4 [ 330.921155][ T4405] device_add+0xb04/0xf90 [ 330.921896][ T4405] usb_set_configuration+0x1594/0x1b04 [ 330.922864][ T4405] usb_generic_driver_probe+0x8c/0x144 [ 330.923753][ T4405] usb_probe_device+0x120/0x258 [ 330.924573][ T4405] really_probe+0x39c/0xacc [ 330.925328][ T4405] __driver_probe_device+0x180/0x310 [ 330.926166][ T4405] driver_probe_device+0x78/0x324 [ 330.926940][ T4405] __device_attach_driver+0x290/0x4d4 [ 330.927874][ T4405] bus_for_each_drv+0x154/0x1e4 [ 330.928728][ T4405] __device_attach+0x2ac/0x3dc [ 330.929529][ T4405] device_initial_probe+0x24/0x34 [ 330.930410][ T4405] bus_probe_device+0xbc/0x1c4 [ 330.931323][ T4405] device_add+0xb04/0xf90 [ 330.932100][ T4405] usb_new_device+0x7f8/0x11e4 [ 330.932923][ T4405] hub_event+0x2248/0x3dd8 [ 330.933700][ T4405] process_one_work+0x7f8/0x13a4 [ 330.934535][ T4405] worker_thread+0x8c4/0xfec [ 330.935314][ T4405] kthread+0x250/0x2d8 [ 330.936044][ T4405] ret_from_fork+0x10/0x20 [ 330.936794][ T4405] irq event stamp: 376574 [ 330.937478][ T4405] hardirqs last enabled at (376573): [] _raw_spin_unlock_irqrestore+0x48/0xac [ 330.939169][ T4405] hardirqs last disabled at (376574): [] el1_dbg+0x24/0x80 [ 330.940675][ T4405] softirqs last enabled at (376570): [] handle_softirqs+0xaec/0xc60 [ 330.942216][ T4405] softirqs last disabled at (376553): [] __do_softirq+0x14/0x20 [ 330.943976][ T4405] ---[ end trace 0000000000000000 ]--- [ 330.952414][ T4405] usb 1-1: Failed to create links for entity 4 [ 330.953492][ T4405] usb 1-1: Failed to register entities (-22). [ 330.961765][ T4405] usb 1-1: USB disconnect, device number 16