last executing test programs: 4.14992588s ago: executing program 1 (id=273): syz_mount_image$udf(&(0x7f0000000140), &(0x7f0000000040)='./file1\x00', 0x14444, &(0x7f0000000280)=ANY=[@ANYBLOB="696f636861727365743d6b6f69382d72752c766f6c756d653d3030303030303030303030300000000063686f723d30303030303030303030303030303030303030342c6e6f6164696e6963622c6769643d69676e6f72652c7569643d6967ee6f7200006769643dc7865530221d5cf1ffa33f314577d414dd0f02989f344aa1daf1517b816480770a92f1eaeab3d78957fc83df545faf189820845d1a3ae48728ee6ed8684b4f3acff28b7d51848813c91e8e6278a3cfa72eec120ebbc7baaaf78c062300000000000000", @ANYRESDEC, @ANYRESDEC], 0xfe, 0xc17, &(0x7f0000001180)="$eJzs3UFsHNd9B+D/Gy1FSm4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmCIJkmpkI22ZXnroIUBR9JATgdYokKKB0RRBj2zrAsnFhyKnnogWNoKiB7YIkJPBYGbfikuKsmRTpEj7+2zqNzv73ux7b9YzsqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN97+dKZ59KjbgUAsJ+ujH/1zFn3fwD4RLnq//8BAAAAAAAAAAAAAOCgS1HE45Fi/sp6mqxedwxcbs/euj0xMrpztWOpqnmkKl/+DDx39tz5Lz0/fKGbH1z/YXsyXh2/eqn+0tzN+YXW4mJruj4x256am2498BF2W3+7oWoA6jdfuzV9/fpi/eyz57a8fXvwvf7HTg5eHH769FPdshMjo6PjPWVqfR/50+9yrxkeR6OI05Hime/9JDUjoojdj8V9vjt77VjViaGqExMjo1VHZtrN2aXyzbHuQBQR9Z5Kje4Y7cO52JVGxHLZ/LLBQ2X3xuebC81rM636WHNhqb3UnpsdS53Wlv2pRxEXUsRKRKz13324viiiFim+c2I9XYuII91x+GI1Mfje7Sj2sI8PoGxnvS9ipTgE5+wA648iXokUP327iKlyzPJPfCHilTJ/EPFmmS9GpPKLcT7i3R2+RxxOtSjiL8rzf3E9TVfXg+515fLX6l+ZvT7XU7Z7XTn094f9dMCvTQNRRLO64q+nj/6bHQAAAAAAAAAAAAAAAAAetmNRxJOR4uX/+KNqXnFU89JPXBz+/cFf7J0z/sR9jlOWfTYilosHm5N7NE8hHktjKT3iucSfZANRxB/n+X/fetSNAQAAAAAAAAAAAAAAAAAA+EQr4seR4oV3TqWV6F1TvD17o361eW2msypsd+3f7prpGxsbG/XUyUbOyZzLOVdyruZcyxlFrp+zkXMy53LOlZyrOddyxpFcP2cj52TO5ZwrOVdzruWMWq6fs5FzMudyzpWcqznXcsYBWbsXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODjpIgi3o8U3/7GeooUEY2Iyejkan+3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKPWnIr4fKep/0LizrxYRqfq341T5y/loHC3z09EYLvPFaFzK2ayy1vjWI2g/u9OXivhRpOgfeOvOCc/nv6/z6s7XIN785uarX6l18kj3zcH3+h87eeLi8OivPXGv7bRTA4Yut2dv3a5PjIyOjvfsruVP/3TPvsH8ucXD6ToRsfj6G681Z2ZaCzY+GRu1zkYtDkh79msjX6/ioLRn+0bjYDRjc+MRX5jYF+X9/91I8dvv/Gf3ht+9//9C59WdO3z87E827/8vbD/QHt3/H+/Z90L+3UhfLWJg6eZ838mIgcXX3zjdvtm80brRmj1/5syXh4e/fO5M39GIgevtmVbP1q6HCgAAAAAAAAAAAAAAAGB/pSJ+N1I0f7Se6hFxu5qvNXhx+OnTTx2JI9V8qy3ztl4dv3qp/tLczfmF1uJia7o+MduemptuPejHDVTTvSZGRvekM/d1bI/bf2zgpbn51xfaN/5wacf3jw9cura4tNCc2vntOBZFRKN3z1DV4ImR0arRM+3mbFV1bMfJdB9eXyrivyLF1Pl6+nzel+f/bZ/hv2X+//L2A+3R/L9P9ewrPzOlIn4WKX7rL5+Iz1ftPB53jVku97eRYujC53K5OFqW67ah81yBzszAsuz/RYp/fH9r2e58yMc3yz73wAN7SJTn/0Sk+P6ffzd+Pe/b+vyHnc//8e0H2qPz/5mefce3PK9g110nn//TkeLFx9+K38j7Puj5H0VsbGz8acSpXPjO8zn26Px/tmffYHQ+9zcfXvcBAAAAAAAAAAAOrb5UxN9FiqdGa+n5vO9B/v7f9PYD7dHf//rlnn3T+7Re0a4HFQAAAAAOiL5UxI8jxY2lt+7Mod46/7tn/ufvbK69PpK2vVv9Od8vVc8NeJh//tdrMH/u5O67DQAAAAAAAAAAAAAAAAAAAAdKSkU8n9dTn7zPeuqrkeLl/3kml0sny3LddeAHq18HrszNnr40MzM31VxqXptp1cfnm1Otsu5nIsX633wu1y2q9dW768131ngf2Oiuxb4QKUb/vlu2sxZ7d23yznrgnbXYy7KfihT//Q9by3bXsf7sZtmzZdm/jhRf/+edy57cLHuuLPvdSPHDr9e7ZY+XZbvPR+08k3SgFjOtZ6fmZu56FCoAAAAAAAAAAAAAAAAAAAB8WH2piD+LFP97cyWW87T/vP5/dwX+Wrfsm9/sWe9/m9vVOv+D1fr/99r+KOv/Dz60ngIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOGRoog3IsX8lfW02l++7hi43J69dXtiZHTnasdSVfNIVb78GXju7LnzX3p++EI3P7j+w/ZkvDp+9VL9pbmb8wutxcXWdH1itj01N9164CPstv7m0HUMVQNQv/narenr1xfrZ589t+Xt24Pv9T92cvDi8NOnn+qWnRgZHR3vKVPr+xCf/qEat+loFPFXkeKZ7/0k/Ut/RBG7H4v7fHf22rGqE0NVJyZGRquOzLSbs0vlm2PdgSgi6j2VGt0x2odzsSuNiOWy+WWDh8rujc83F5rXZlr1sebCUnupPTc7ljqtLftTjyIupIiViFjrv/twfVHEa5HiOyfW07/2RxzpjsMXr4x/9czZe7ej2MM+PoCynfW+iJXiEJyzA6w/ivinSPHTt0/Fv/VH1KLzE1+IeKXMH0S8WeaLEan8YpyPeHeH7xGHUy2K+P/y/F9cT2/3l9eD7nXl8tfqX5m9PtdTtntdOfT3h/10wK9NA1HED6sr/nr6d/9dAwAAAAAAAAAAAAAAABwgRfxqpHjhnVOpmh98Z05xe/ZG/Wrz2kxnWl937l93zvTGxsZGPXWykXMy53LOlZyrOddyRpHr52zknMy5nHMl52rOtZxxJNfP2cg5mXM550rO1ZxrOaOW6+ds5JzMuZxzJedqzrWccUDm7gEAAAAAAAAAAAAAAAAAAB8vRfVPim9/Yz1t9HfWl56MTq5aD/Rj7+cBAAD//1vO/Qs=") mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x4000, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}]}) 3.645277879s ago: executing program 1 (id=277): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[], &(0x7f0000000040)=""/249, 0x46, 0xf9, 0x6}, 0x28) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20008001) rt_tgsigqueueinfo(0x0, 0x0, 0x3e, &(0x7f0000000080)={0x0, 0xffffffff, 0x41}) 3.287804936s ago: executing program 1 (id=280): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder1\x00', 0x802, 0x0) r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4) 3.062484321s ago: executing program 1 (id=282): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc29c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0xb1, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x101, 0x2, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x44, 0x9, 0x2, 0xfb}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f00000003c0)={0x0, 0x8, 0x4, {0x4, 0x8, "2cf4"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 2.530854791s ago: executing program 0 (id=293): syz_usb_connect(0x2, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100003f3fdc20221802324a130102030109021b0001000010000904"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000200)={&(0x7f0000000240)=[{0x3137, 0x1801, 0x0, 0x0}, {0x8, 0x200, 0x0, 0x0}], 0x2}) 1.149247898s ago: executing program 1 (id=306): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x4, &(0x7f0000000d40)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=0x0, @ANYBLOB="2c0000000000000000052c747970653d207173212c62617272696572c52c1c20b3f31c5730f33c6dd01608be6cbd11d7fda9542e703030303030303030303030303030382c7569643d", @ANYRESHEX=0x0, @ANYBLOB="2c6e6c733d6370313235302c6e6c733d6b6f69382d72752c6e6f626172726965722c63726561746f723def6a74152c00"], 0x1, 0x6e0, &(0x7f0000000580)="$eJzs3c1vHGcdB/Dv7K7fUtE4bdIWVImoEQURkfhFKQQJJSCEfKhQBAckbiZxGiubtLJdcCME4f3aQ/+A9pAbJyTuQeUMFwRHi1MlRC+cfFs0s7Prje111nESx/D5VLPzzDzvv52Z3dnUmgD/txbOpnU/RRbOvrlebm/cm29v3JufqLPbScp0I2l1VyluJ8XHyeV0l3y23FmXL4b188Hyxe/9/T8bn3S3WvVSlW/srPfzTpIvjD6Lu/WS00ma9XqnsW3bE8nkw9u7OrS9fit9u8+/6OeUATvTCxwcts4Od/dTfej5DhwdRb7xmd32TyfH0v2YrD7n6qtD4+mO7vHb11UOAAAADtnCv0/N7af8VL0+vpnNrB/523gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4qoqk2V1VS6OXPp2i9/z/8Xpf6vSRdv+wBwAAAAAAAAAAO4w9sDWeZKK3cWn3Gp/fzGbW83xvu1NU/+b/WrVxsnp9Lu9mNUtZybmsZzFrWctKZpNMD3a2vri2tjI7Qs25XWvOPTiu5mgTnhytGAAAAAAAAAD8z/tlFrb+/R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4FRdLsrqrlZC89nUYryWSS8bLc3eSvvfQRUey28/7THwcAAAAcyOQj1Dm+mc2s5/nedqeo7vlfqu6XJ/Nubmcty1lLO0u5Vt9Dl3f9jY178+2Ne/O3yuXAQ69aTPe3h917fqUqMZXrWa72nMvVajDX0qhqlv6Z5FZvTDvH9YtPy7Yvdf1kxJFdq9dlZ+/3fkWYOPCEH4PppNXIWD8iM9XYugfBicEo7IzENz8d1ujl7qq1vacM9jSbRv+Xn5PdHsrkQ2N+acSZHavX5Xx+O+yXm8dtcqvTu0ML9SPRSBWJuYGj76W9Y5588Y+/f/9G+/bNG9dXzz6VKT1J24+J+YFIvDxCJH7wzEaitXd2Y/uOmWrnqd7mR88l+X7O5nSuZCXL+XEWs5alFPVMF+vjuXyd3jtSlx/YujJkAH3j9fvSrMv1x5SFfGfXMZ3Ot6vUYl6r6j6f5RR5O9eylDeq/+Yym6/mQi7k4sA7fGrouKu5VWd9Y39n/Zkv1YmpJL+r14ete1Eo43piIK6D19zpKm9rz9hAlF7Y+93deW18+JRbn6sTZR+/2vNoeNq2R2J2IBIv7h2Jjzrl62r79s2VG4vv7PLp2inGqvXfziSdTnff63VeecT95uFff/500Pk9xMB1rDxeXshkfSU5kbHu0Jq9vBf7V5kqXuOD9U728x78xB3PZHk+N7o9dc/U7w49U8fr73A7W5qr8l7eNW++yntlIG/w+1bydtr970MAPMOOffnY+NS/pv4y9eHUr6duTL05+a2Jr028Op6xP499vTXTfL3xavGHfJifbd3/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj271vTs3F9vtpZXdE43m0KwhiXTu3FzsPcln1FpZLeon6eyrr8NK9B/584yM54kkih17yhk/ni56Tz7aX62ZnUfU5cMM1D/2WyuTA1NuDi18rE50jnejtK8uprcfmcmQwhPdYDaHnKf1W/QoDxcFjoTza7feOb/63p2vLN9afGvpraXbYxcuXJy5eOGN+fPXl9tLM93Xwx4l8CRsfW8HAAAAAAAAAAAAjooR/67gyg9/VP0fgo/09xKHPUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgaFs4m9b9FJmdOTdTbm/cm2+XSy+9VbKVpNFIip8mxcfJ5XSXTA80Vwzr54Pli80kn2y11eqVb+xRrzMx0izu1ktOJ2nW6wN4oL2rB26v6M+wDNiZXuDgsP03AAD//9ev6fg=") syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804071, 0x0, 0x0, 0x0, &(0x7f0000000140)) rmdir(&(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 1.149097318s ago: executing program 3 (id=307): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000000), 0x4) setsockopt$MRT_DONE(r0, 0x0, 0xc9, 0x0, 0x0) 954.485982ms ago: executing program 3 (id=309): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x80042, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x19) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="7b4c2b0366", 0x5}, {0x0}], 0x2) 876.883973ms ago: executing program 1 (id=310): bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[], 0x0}, 0x94) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009e173610ef171e7206de010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000a80)={0x2c, &(0x7f0000000b40)=ANY=[@ANYBLOB="0003700000"], 0x0, 0x0, 0x0, 0x0}) 816.381674ms ago: executing program 3 (id=311): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522) ioctl$USBDEVFS_CLEAR_HALT(r0, 0xc0105502, &(0x7f0000000080)={0x1, 0x1}) 758.252775ms ago: executing program 0 (id=313): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802, 0x0, 0x0, 0x7fffffff}, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000380)={0x1c, 0x52, 0x1, 0x0, 0x0, {0xa}, [@typed={0x8, 0x2, 0x0, 0x0, @uid}]}, 0x1c}}, 0x0) 653.708467ms ago: executing program 3 (id=314): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) close_range(r0, r0, 0x2) fchown(r0, 0x0, 0x0) 629.587638ms ago: executing program 2 (id=315): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 566.214549ms ago: executing program 0 (id=316): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x40, r1, 0xc4fc9e906872338b, 0x20, 0x200, {{0x15}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x24, 0x11d, 0x0, 0x1, [{0x6, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4, 0x3, 0x0, 0x0}]}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xac}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x3b}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20004080}, 0x0) 511.93647ms ago: executing program 0 (id=317): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000d000000000001000000000000000141000000030017"], 0x38}}, 0x2040) 493.47747ms ago: executing program 3 (id=318): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000180)={0xb, {'syz0\x00', 'syz0\x00', 'syz1\x00', 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "03"}}, 0x119) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000040)="01000000", 0x4}, {&(0x7f0000000440)='\n\x00\x00\x00', 0x4}], 0x2) 426.435072ms ago: executing program 2 (id=319): syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000340)='.\x00', &(0x7f0000000040), 0x800000, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) 390.923452ms ago: executing program 0 (id=320): r0 = socket(0x11, 0x3, 0x8) syz_emit_ethernet(0x86, &(0x7f0000000200)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaa3c08"], 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f00000002c0)) 307.577124ms ago: executing program 3 (id=321): sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0) syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009a47ad20b80402024630000000010902120001000040000904"], 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) 261.544935ms ago: executing program 2 (id=322): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xe) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 189.633957ms ago: executing program 2 (id=323): r0 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000010300)=[{0x0}], 0x1) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {0x0}], 0x0, 0x2}, 0x20) 157.082627ms ago: executing program 0 (id=324): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x81, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) 54.347149ms ago: executing program 2 (id=325): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000fcffffff850000007300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x47, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="40000000100001002bbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="01000000000000400c002b8008000100", @ANYRES32=r0, @ANYBLOB="1400030076657468305f746f5f626174616476"], 0x40}, 0x1, 0x0, 0x0, 0x4010800}, 0x8054) 0s ago: executing program 2 (id=326): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/comedi3\x00', 0xc00, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x40404f26, 0x5, 0x2, 0x401, 0xc, 0x9, 0xfff, 0x5c95239c, 0x5, 0x3bf, 0x802, 0x1600, 0x1, 0x20000001, 0x9, 0xe1cb, 0x6, 0x0, 0x400, 0x195, 0x6, 0x0, 0xb, 0x402, 0x9, 0x3, 0x41, 0x5, 0x6, 0x8000003, 0xdffffffa]}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.248' (ED25519) to the list of known hosts. [ 57.941633][ T5771] cgroup: Unknown subsys name 'net' [ 58.076894][ T5771] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 59.466825][ T5771] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 60.985390][ T5791] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 60.996670][ T5794] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 61.005015][ T5794] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 61.012684][ T5791] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 61.015604][ T5794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 61.028103][ T5794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 61.036290][ T5796] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 61.040357][ T5795] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 61.045785][ T5796] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 61.053138][ T5792] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.063120][ T5795] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 61.066168][ T5792] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 61.079219][ T5794] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.079784][ T5795] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 61.087553][ T5794] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.094502][ T5796] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 61.101914][ T5794] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.109200][ T5796] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 61.115872][ T5794] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 61.122410][ T5796] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 61.128987][ T5794] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 61.143517][ T5104] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 61.143683][ T5794] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 61.158822][ T5104] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 61.623411][ T5783] chnl_net:caif_netlink_parms(): no params data found [ 61.682610][ T5780] chnl_net:caif_netlink_parms(): no params data found [ 61.701994][ T5782] chnl_net:caif_netlink_parms(): no params data found [ 61.772674][ T5781] chnl_net:caif_netlink_parms(): no params data found [ 61.894109][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.903259][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.911026][ T5783] bridge_slave_0: entered allmulticast mode [ 61.917823][ T5783] bridge_slave_0: entered promiscuous mode [ 61.928048][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.935648][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.943122][ T5783] bridge_slave_1: entered allmulticast mode [ 61.950837][ T5783] bridge_slave_1: entered promiscuous mode [ 61.957951][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.965151][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.972512][ T5780] bridge_slave_0: entered allmulticast mode [ 61.979205][ T5780] bridge_slave_0: entered promiscuous mode [ 62.016548][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.023780][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.031270][ T5780] bridge_slave_1: entered allmulticast mode [ 62.037948][ T5780] bridge_slave_1: entered promiscuous mode [ 62.065358][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.072649][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.079990][ T5782] bridge_slave_0: entered allmulticast mode [ 62.087381][ T5782] bridge_slave_0: entered promiscuous mode [ 62.094814][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.102113][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.109263][ T5782] bridge_slave_1: entered allmulticast mode [ 62.116456][ T5782] bridge_slave_1: entered promiscuous mode [ 62.167118][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.180073][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.192160][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.205861][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.215342][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.222679][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.229808][ T5781] bridge_slave_0: entered allmulticast mode [ 62.236874][ T5781] bridge_slave_0: entered promiscuous mode [ 62.244361][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.251619][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.258767][ T5781] bridge_slave_1: entered allmulticast mode [ 62.265724][ T5781] bridge_slave_1: entered promiscuous mode [ 62.316206][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.328527][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.379164][ T5783] team0: Port device team_slave_0 added [ 62.388350][ T5780] team0: Port device team_slave_0 added [ 62.397000][ T5780] team0: Port device team_slave_1 added [ 62.405405][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.417724][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.437630][ T5783] team0: Port device team_slave_1 added [ 62.486689][ T5782] team0: Port device team_slave_0 added [ 62.505568][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.512573][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.538656][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.563548][ T5781] team0: Port device team_slave_0 added [ 62.569992][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.577459][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.603699][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.617428][ T5782] team0: Port device team_slave_1 added [ 62.633557][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.640562][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.666600][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.679257][ T5781] team0: Port device team_slave_1 added [ 62.697040][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.704257][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.730405][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.789804][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.797414][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.824356][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.836761][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.844136][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.870129][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.882012][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.888978][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.915176][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.928101][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.935473][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.961423][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.026091][ T5783] hsr_slave_0: entered promiscuous mode [ 63.032935][ T5783] hsr_slave_1: entered promiscuous mode [ 63.058216][ T5780] hsr_slave_0: entered promiscuous mode [ 63.064551][ T5780] hsr_slave_1: entered promiscuous mode [ 63.071379][ T5780] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.079204][ T5780] Cannot create hsr debugfs directory [ 63.158479][ T5781] hsr_slave_0: entered promiscuous mode [ 63.164594][ T5788] Bluetooth: hci1: command tx timeout [ 63.170963][ T5788] Bluetooth: hci2: command tx timeout [ 63.176931][ T5781] hsr_slave_1: entered promiscuous mode [ 63.183142][ T5781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.191294][ T5781] Cannot create hsr debugfs directory [ 63.226319][ T5782] hsr_slave_0: entered promiscuous mode [ 63.233103][ T5782] hsr_slave_1: entered promiscuous mode [ 63.239143][ T5782] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.247035][ T5788] Bluetooth: hci0: command tx timeout [ 63.247106][ T5782] Cannot create hsr debugfs directory [ 63.253753][ T5794] Bluetooth: hci3: command tx timeout [ 63.552486][ T5780] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 63.591301][ T5780] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 63.601795][ T5780] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 63.612105][ T5780] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 63.677736][ T5783] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 63.688378][ T5783] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 63.699996][ T5783] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 63.736062][ T5783] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 63.791796][ T5782] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 63.812859][ T5782] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 63.823692][ T5782] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 63.833840][ T5782] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.947066][ T5781] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.964934][ T5781] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.976008][ T5781] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.985884][ T5781] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.048361][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.084374][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.104800][ T5780] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.132849][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.146919][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.154186][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.182778][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.189870][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.233633][ T3415] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.240811][ T3415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.249873][ T3415] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.257093][ T3415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.317350][ T5780] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.344900][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.366665][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.392730][ T5783] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.438144][ T5782] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.469420][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.476780][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.509049][ T5781] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.524727][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.531914][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.586981][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.594189][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.618902][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.626106][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.755258][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.794043][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.924620][ T5780] veth0_vlan: entered promiscuous mode [ 64.939134][ T5783] veth0_vlan: entered promiscuous mode [ 64.959328][ T5783] veth1_vlan: entered promiscuous mode [ 64.977474][ T5780] veth1_vlan: entered promiscuous mode [ 65.053735][ T5780] veth0_macvtap: entered promiscuous mode [ 65.068148][ T5783] veth0_macvtap: entered promiscuous mode [ 65.091552][ T5780] veth1_macvtap: entered promiscuous mode [ 65.113641][ T5783] veth1_macvtap: entered promiscuous mode [ 65.156422][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.182881][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.192878][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.209129][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.223700][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.235622][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.247552][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.251121][ T5794] Bluetooth: hci2: command tx timeout [ 65.259120][ T5788] Bluetooth: hci1: command tx timeout [ 65.263709][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.282231][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.302004][ T5783] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.312326][ T5783] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.321347][ T5788] Bluetooth: hci3: command tx timeout [ 65.321384][ T5788] Bluetooth: hci0: command tx timeout [ 65.335639][ T5783] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.344454][ T5783] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.356293][ T5780] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.365368][ T5780] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.375835][ T5780] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.384786][ T5780] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.456140][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.521415][ T5782] veth0_vlan: entered promiscuous mode [ 65.535787][ T5782] veth1_vlan: entered promiscuous mode [ 65.592366][ T1063] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.602061][ T1063] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.672502][ T3427] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.672525][ T5781] veth0_vlan: entered promiscuous mode [ 65.686130][ T3427] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.707375][ T5782] veth0_macvtap: entered promiscuous mode [ 65.725951][ T3415] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.737923][ T3415] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.757272][ T5781] veth1_vlan: entered promiscuous mode [ 65.776039][ T5782] veth1_macvtap: entered promiscuous mode [ 65.824304][ T3415] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.849387][ T3415] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.863155][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.875027][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.891747][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.902756][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.915102][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.947412][ T5781] veth0_macvtap: entered promiscuous mode [ 65.970868][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.982901][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.994078][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.004848][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.016787][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.038247][ T5781] veth1_macvtap: entered promiscuous mode [ 66.064946][ T5782] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.091430][ T5782] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.108786][ T5782] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.132838][ T5782] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.196642][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.215640][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.226899][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.240470][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.255255][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.266674][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.284166][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.326164][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.351055][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.365332][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.379355][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.400589][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.419454][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.431964][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.437976][ T5878] syz.1.8[5878]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 66.466209][ T5878] loop1: detected capacity change from 0 to 64 [ 66.468695][ T5876] team_slave_0: entered promiscuous mode [ 66.478433][ T5876] team_slave_1: entered promiscuous mode [ 66.483483][ T5878] ======================================================= [ 66.483483][ T5878] WARNING: The mand mount option has been deprecated and [ 66.483483][ T5878] and is ignored by this kernel. Remove the mand [ 66.483483][ T5878] option from the mount to silence this warning. [ 66.483483][ T5878] ======================================================= [ 66.491320][ T5876] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 66.541228][ T5876] team0: Device macvtap1 is already an upper device of the team interface [ 66.565141][ T5876] team_slave_0: left promiscuous mode [ 66.570708][ T5876] team_slave_1: left promiscuous mode [ 66.657755][ T5781] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.674242][ T5781] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.688575][ T5781] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.697705][ T5781] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.892355][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.912093][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.028643][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.050996][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.139728][ T3427] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.157469][ T3427] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.224024][ T1004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.257552][ T1004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.335683][ T5794] Bluetooth: hci2: command tx timeout [ 67.335696][ T5788] Bluetooth: hci1: command tx timeout [ 67.400310][ T5794] Bluetooth: hci0: command tx timeout [ 67.404525][ T5788] Bluetooth: hci3: command tx timeout [ 67.492708][ T5896] block nbd3: NBD_DISCONNECT [ 67.625771][ T5898] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 67.989606][ T5890] loop1: detected capacity change from 0 to 32768 [ 68.005766][ T5905] loop0: detected capacity change from 0 to 128 [ 68.078703][ T5890] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 68.128216][ T5905] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 68.180320][ T5905] ext4 filesystem being mounted at /1/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 68.291642][ T5781] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 68.336646][ T5892] loop2: detected capacity change from 0 to 32768 [ 68.377997][ T5783] (syz-executor,5783,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 68.388842][ T5892] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.15 (5892) [ 68.480817][ T5892] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 68.495010][ T5783] ocfs2: Unmounting device (7,1) on (node local) [ 68.510780][ T5892] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 68.541399][ T5892] BTRFS info (device loop2): using free space tree [ 68.791410][ T5892] BTRFS info (device loop2): enabling ssd optimizations [ 68.798830][ T5892] BTRFS info (device loop2): auto enabling async discard [ 69.204788][ T5780] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 69.242096][ T5915] loop0: detected capacity change from 0 to 32768 [ 69.358812][ T5915] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 69.400614][ T5788] Bluetooth: hci1: command tx timeout [ 69.414734][ T5788] Bluetooth: hci2: command tx timeout [ 69.480806][ T5788] Bluetooth: hci0: command tx timeout [ 69.484282][ T5794] Bluetooth: hci3: command tx timeout [ 69.510800][ T5940] loop1: detected capacity change from 0 to 32768 [ 69.533441][ T5940] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.23 (5940) [ 69.586657][ T5940] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 69.589283][ T5797] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 10 scanned by udevd (5797) [ 69.639655][ T5940] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 69.662633][ T5940] BTRFS info (device loop1): using free space tree [ 69.742527][ T5915] XFS (loop0): Ending clean mount [ 69.801316][ T5915] XFS (loop0): Quotacheck needed: Please wait. [ 69.912404][ T5915] XFS (loop0): Quotacheck: Done. [ 69.917723][ T5940] BTRFS info (device loop1): enabling ssd optimizations [ 69.950890][ T5940] BTRFS info (device loop1): auto enabling async discard [ 70.039032][ T5974] netlink: 44 bytes leftover after parsing attributes in process `syz.2.31'. [ 70.232192][ T5781] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 70.393600][ T5783] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 70.836837][ T5981] loop0: detected capacity change from 0 to 512 [ 70.875191][ T5981] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 71.012629][ T5978] loop2: detected capacity change from 0 to 32768 [ 71.077837][ T5981] EXT4-fs (loop0): 1 orphan inode deleted [ 71.117284][ T59] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 71.144646][ T5981] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.174030][ T59] EXT4-fs error (device loop0): ext4_release_dquot:6976: comm kworker/u4:4: Failed to release dquot type 1 [ 71.200292][ T5981] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.293541][ T5976] loop3: detected capacity change from 0 to 40427 [ 71.367944][ T5976] F2FS-fs (loop3): Wrong CP boundary, start(512) end(2365457920) blocks(1024) [ 71.397803][ T5976] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 71.458279][ T5781] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.472734][ T5976] F2FS-fs (loop3): invalid crc value [ 71.530699][ T5976] F2FS-fs (loop3): Found nat_bits in checkpoint [ 71.650925][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.657506][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.740417][ T5976] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 71.747741][ T5976] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 71.887199][ T6003] loop2: detected capacity change from 0 to 128 [ 72.202351][ T5991] loop1: detected capacity change from 0 to 32768 [ 72.245960][ T5991] JBD2: Ignoring recovery information on journal [ 72.305897][ T5991] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode. [ 72.595584][ T5783] ocfs2: Unmounting device (7,1) on (node local) [ 72.850409][ T6009] loop0: detected capacity change from 0 to 32768 [ 72.932980][ T6009] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 73.049990][ T6009] XFS (loop0): Ending clean mount [ 73.225963][ T5781] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 73.614777][ T6016] loop3: detected capacity change from 0 to 32768 [ 73.687475][ T6016] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 73.706554][ T6047] loop0: detected capacity change from 0 to 256 [ 73.734022][ T6047] exfat: Deprecated parameter 'namecase' [ 73.843240][ T6047] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e0d861, utbl_chksum : 0xe619d30d) [ 73.982797][ T6016] XFS (loop3): Ending clean mount [ 74.012616][ T28] audit: type=1800 audit(2000000000.390:2): pid=6047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.48" name="file1" dev="loop0" ino=1048595 res=0 errno=0 [ 74.055050][ T6016] XFS (loop3): Quotacheck needed: Please wait. [ 74.137867][ T6016] XFS (loop3): Quotacheck: Done. [ 74.326648][ T28] audit: type=1800 audit(2000000000.709:3): pid=6016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.42" name="file1" dev="loop3" ino=9286 res=0 errno=0 [ 74.474908][ T6052] loop2: detected capacity change from 0 to 32768 [ 74.538167][ T6052] JBD2: Ignoring recovery information on journal [ 74.640768][ T5782] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 74.689874][ T6052] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 74.795628][ T6057] loop0: detected capacity change from 0 to 40427 [ 74.877383][ T6057] F2FS-fs (loop0): Found nat_bits in checkpoint [ 74.948264][ T6057] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 75.026308][ T5780] ocfs2: Unmounting device (7,2) on (node local) [ 75.055045][ T6057] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 75.110598][ T6057] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix. [ 75.706000][ T6090] loop0: detected capacity change from 0 to 256 [ 75.734798][ T6090] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 75.907571][ T6094] netlink: 4 bytes leftover after parsing attributes in process `syz.0.68'. [ 76.376290][ T6092] loop1: detected capacity change from 0 to 32768 [ 76.424588][ T6092] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 76.496918][ T6088] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 76.505852][ T6088] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 76.532056][ T6088] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 76.563565][ T6088] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 76.571617][ T6088] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 76.608574][ T6088] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 76.615894][ T6092] XFS (loop1): Ending clean mount [ 76.626609][ T6088] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 76.627376][ T6092] XFS (loop1): Quotacheck needed: Please wait. [ 76.641399][ T6088] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 76.683477][ T6088] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 76.713081][ T6088] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 76.715419][ T6092] XFS (loop1): Quotacheck: Done. [ 76.733439][ T6088] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 76.743030][ T6088] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 76.824523][ T28] audit: type=1800 audit(2000000003.209:4): pid=6092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.67" name="file1" dev="loop1" ino=9286 res=0 errno=0 [ 76.829360][ T6120] loop0: detected capacity change from 0 to 2048 [ 76.898570][ T6120] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 76.951439][ T6122] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 77.035616][ T5783] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 77.084974][ T27] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 77.322708][ T27] usb 3-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 77.351905][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.375599][ T27] usb 3-1: Product: syz [ 77.379869][ T27] usb 3-1: Manufacturer: syz [ 77.394202][ T27] usb 3-1: SerialNumber: syz [ 77.430780][ T27] usb 3-1: config 0 descriptor?? [ 77.482641][ T27] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 77.567579][ T6133] loop0: detected capacity change from 0 to 4096 [ 77.618113][ T6133] ntfs3: loop0: ino=3, Correct links count -> 2. [ 77.813242][ T5794] Bluetooth: hci2: command 0x0c1a tx timeout [ 77.839633][ T6141] loop1: detected capacity change from 0 to 1024 [ 77.858454][ T6133] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 77.930770][ T6141] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 77.976906][ T6133] ntfs3: loop0: failed to convert "0080" to cp863 [ 78.000344][ T6141] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 78.058280][ T6133] ntfs3: loop0: failed to convert name for inode 1e. [ 78.058797][ T27] gspca_sq905c: sq905c_command: usb_control_msg failed (-71) [ 78.072769][ T27] sq905c: probe of 3-1:0.0 failed with error -71 [ 78.076891][ T6146] loop3: detected capacity change from 0 to 1024 [ 78.085942][ T27] usb 3-1: USB disconnect, device number 2 [ 78.140319][ T6146] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 78.190303][ T6146] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 78.220280][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 78.294893][ T6146] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.303101][ T6151] loop0: detected capacity change from 0 to 512 [ 78.384372][ T6151] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 78.407950][ T6151] netlink: 20 bytes leftover after parsing attributes in process `syz.0.89'. [ 78.435156][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.600402][ T5794] Bluetooth: hci0: command 0x0c1a tx timeout [ 78.683439][ T5794] Bluetooth: hci3: command 0x0c1a tx timeout [ 78.760228][ T5794] Bluetooth: hci1: command 0x0c1a tx timeout [ 78.772658][ T6159] loop1: detected capacity change from 0 to 128 [ 78.784699][ T6159] VFS: Found a Xenix FS (block size = 512) on device loop1 [ 78.913998][ T5783] sysv_free_block: trying to free block not in datazone [ 78.951368][ T5783] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 78.967977][ T6165] loop3: detected capacity change from 0 to 64 [ 79.036049][ T28] audit: type=1800 audit(2000000005.419:5): pid=6165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.95" name=3F20D8EE449015A7DFF7ACBA1F2BB47AB7DCA7D55C5AABB8F3AE47ABF9AE568570242CD5D69B998F5286A3DD45F3CEDC330BFAA98FAA26E6FF918B6F51893333EBFA687CCD7064D4D6F5DBDAB1F49A455F33DE77B9DD3D5D2E742208C607EE1BA4019F96BDD523DDD4CCE6F3178F0BCD6663C32D3C4C597832BD614249E98D945A67F80B0565D4D1F66E89755E5A7BD02DDB430466FA7D1A57FA6FE7D7C177EAAE1F9D1277FAA455766759A724FA079FBC35390CF7715FA87E56D601393A0BD64A3D560DED3A856364D3B4073D144CE41C108E9A9B779956FEE767F26156E75324F71267CCD3B3934C756D71B993C1754F0567FDEBE44019DC54EF0C2EB1C76B3D72469F735DBC2C5D4A141A65EE310E719E10A6AAAF7AC0F37F dev="loop3" ino=21 res=0 errno=0 [ 79.549064][ T6158] loop2: detected capacity change from 0 to 32768 [ 79.618741][ T6158] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 79.736851][ T6158] XFS (loop2): Ending clean mount [ 79.749026][ T6158] XFS (loop2): Quotacheck needed: Please wait. [ 79.760249][ T5829] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 79.816285][ T6158] XFS (loop2): Quotacheck: Done. [ 79.828322][ T6189] loop3: detected capacity change from 0 to 4096 [ 79.866496][ T6189] ntfs: volume version 3.1. [ 79.880309][ T5794] Bluetooth: hci2: command 0x0c1a tx timeout [ 79.940989][ T28] audit: type=1800 audit(2000000006.329:6): pid=6158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.90" name="file1" dev="loop2" ino=9286 res=0 errno=0 [ 79.972659][ T5829] usb 1-1: Using ep0 maxpacket: 8 [ 79.991303][ T5829] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 80.028467][ T5829] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 80.047851][ T5829] usb 1-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00 [ 80.057424][ T5829] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.094662][ T5829] usb 1-1: config 0 descriptor?? [ 80.137381][ T5780] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 80.545410][ T5829] logitech 0003:046D:C298.0001: item fetching failed at offset 4/5 [ 80.571015][ T5829] logitech 0003:046D:C298.0001: parse failed [ 80.577138][ T5829] logitech: probe of 0003:046D:C298.0001 failed with error -22 [ 80.687182][ T5794] Bluetooth: hci0: command 0x0c1a tx timeout [ 80.740034][ T5829] usb 1-1: USB disconnect, device number 2 [ 80.760267][ T5794] Bluetooth: hci3: command 0x0c1a tx timeout [ 80.840246][ T5794] Bluetooth: hci1: command 0x0c1a tx timeout [ 81.051609][ T6206] loop3: detected capacity change from 0 to 32768 [ 81.777526][ T6217] loop1: detected capacity change from 0 to 32768 [ 81.844804][ T6217] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 81.906232][ T968] cfg80211: failed to load regulatory.db [ 81.960837][ T5794] Bluetooth: hci2: command 0x0c1a tx timeout [ 82.074840][ T6217] XFS (loop1): Ending clean mount [ 82.106300][ T6217] XFS (loop1): Quotacheck needed: Please wait. [ 82.169617][ T6217] XFS (loop1): Quotacheck: Done. [ 82.248174][ T28] audit: type=1800 audit(2000000008.629:7): pid=6217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.116" name="file1" dev="loop1" ino=9286 res=0 errno=0 [ 82.305462][ T6240] netlink: 5 bytes leftover after parsing attributes in process `syz.3.124'. [ 82.316714][ T5783] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 82.317266][ T6240] gretap0: entered promiscuous mode [ 82.365314][ T6240] netlink: 'syz.3.124': attribute type 1 has an invalid length. [ 82.378021][ T6240] netlink: 3 bytes leftover after parsing attributes in process `syz.3.124'. [ 82.386254][ T6219] loop2: detected capacity change from 0 to 65536 [ 82.454059][ T6219] XFS (loop2): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 82.588148][ T6219] XFS (loop2): Ending clean mount [ 82.630536][ T6219] XFS (loop2): Quotacheck needed: Please wait. [ 82.710388][ T6219] XFS (loop2): Quotacheck: Done. [ 82.765290][ T6219] XFS (loop2): EXPERIMENTAL online shrink feature in use. Use at your own risk! [ 82.768044][ T5794] Bluetooth: hci0: command 0x0c1a tx timeout [ 82.844835][ T5794] Bluetooth: hci3: command 0x0c1a tx timeout [ 82.874592][ T5780] XFS (loop2): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 82.920596][ T5794] Bluetooth: hci1: command 0x0c1a tx timeout [ 83.456471][ T28] audit: type=1326 audit(2000000009.839:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcded8ebe9 code=0x50000 [ 83.517570][ T28] audit: type=1326 audit(2000000009.869:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcded8ebe9 code=0x50000 [ 83.582034][ T28] audit: type=1326 audit(2000000009.869:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcded8ebe9 code=0x50000 [ 83.634610][ T28] audit: type=1326 audit(2000000009.869:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcded8ebe9 code=0x50000 [ 83.690178][ T28] audit: type=1326 audit(2000000009.869:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcded8ebe9 code=0x50000 [ 83.730222][ T28] audit: type=1326 audit(2000000009.869:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcded8ebe9 code=0x50000 [ 83.769304][ T6264] loop3: detected capacity change from 0 to 40427 [ 83.789104][ T28] audit: type=1326 audit(2000000009.869:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcded8ebe9 code=0x50000 [ 83.818473][ T6264] F2FS-fs (loop3): Wrong SSA boundary, start(3584) end(4096) blocks(0) [ 83.827083][ T6264] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 83.835752][ T28] audit: type=1326 audit(2000000009.869:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcded8ebe9 code=0x50000 [ 83.870755][ T6264] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x6 [ 83.886380][ T28] audit: type=1326 audit(2000000009.869:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcded8ebe9 code=0x50000 [ 83.926014][ T6264] F2FS-fs (loop3): invalid crc value [ 83.965566][ T6264] F2FS-fs (loop3): Found nat_bits in checkpoint [ 83.977830][ T6268] loop0: detected capacity change from 0 to 32768 [ 84.062743][ T6268] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 84.107235][ T6264] F2FS-fs (loop3): Start checkpoint disabled! [ 84.145593][ T6264] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 84.157218][ T6264] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 84.287079][ T6268] XFS (loop0): Ending clean mount [ 84.298473][ T6289] netlink: 12 bytes leftover after parsing attributes in process `syz.2.138'. [ 84.315373][ T6268] XFS (loop0): Quotacheck needed: Please wait. [ 84.389417][ T6268] XFS (loop0): Quotacheck: Done. [ 84.455044][ T3427] kworker/u4:9: attempt to access beyond end of device [ 84.455044][ T3427] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 84.518745][ T3427] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 84.539940][ T3427] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 84.550033][ T3427] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 84.692299][ T6299] loop1: detected capacity change from 0 to 1024 [ 84.715408][ T5781] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 84.716989][ T6299] EXT4-fs: Ignoring removed nobh option [ 84.734504][ T6299] EXT4-fs: Ignoring removed bh option [ 84.742138][ T6299] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 84.781581][ T6299] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.998322][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.009132][ T6296] loop2: detected capacity change from 0 to 32768 [ 85.016735][ T6296] XFS: noikeep mount option is deprecated. [ 85.084510][ T6296] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 85.260343][ T6296] XFS (loop2): Ending clean mount [ 85.276550][ T6296] XFS (loop2): Quotacheck needed: Please wait. [ 85.338874][ T6296] XFS (loop2): Quotacheck: Done. [ 85.446425][ T5780] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 85.941389][ T968] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 86.147754][ T968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 86.179862][ T968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 86.211554][ T968] usb 4-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 86.230003][ T968] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.254027][ T968] usb 4-1: config 0 descriptor?? [ 86.666850][ T6332] loop1: detected capacity change from 0 to 32768 [ 86.695092][ T968] zydacron 0003:13EC:0006.0002: unknown main item tag 0x6 [ 86.735714][ T6332] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 86.776194][ T968] zydacron 0003:13EC:0006.0002: hidraw0: USB HID v0.00 Device [HID 13ec:0006] on usb-dummy_hcd.3-1/input0 [ 86.815362][ T6353] loop2: detected capacity change from 0 to 256 [ 86.831943][ T6353] exfat: Deprecated parameter 'utf8' [ 86.887786][ T6353] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011d93, chksum : 0x4501cc6b, utbl_chksum : 0xe619d30d) [ 86.888836][ T968] usb 4-1: USB disconnect, device number 2 [ 86.954033][ T6332] XFS (loop1): Ending clean mount [ 86.988247][ T6332] XFS (loop1): Quotacheck needed: Please wait. [ 87.070490][ T6332] XFS (loop1): Quotacheck: Done. [ 87.085916][ T6354] fido_id[6354]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 87.269135][ T5783] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 87.637821][ T6367] loop3: detected capacity change from 0 to 1024 [ 87.782032][ T6367] hfsplus: walked past end of dir [ 88.216389][ T6388] netlink: 'syz.2.173': attribute type 1 has an invalid length. [ 88.228424][ T6390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.175'. [ 88.629700][ T6407] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 88.890231][ T5829] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 88.948800][ T6415] loop2: detected capacity change from 0 to 4096 [ 88.999045][ T6415] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.044668][ T6397] loop1: detected capacity change from 0 to 32768 [ 89.062170][ T6415] fs-verity: sha256 using implementation "sha256-avx2" [ 89.110724][ T6415] fs-verity (loop2, inode 16): fs-verity keyring is empty, rejecting signed file! [ 89.139967][ T5829] usb 4-1: config 0 has an invalid interface number: 23 but max is 0 [ 89.169131][ T5829] usb 4-1: config 0 has no interface number 0 [ 89.206541][ T5829] usb 4-1: config 0 interface 23 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 89.239943][ T5829] usb 4-1: config 0 interface 23 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1023 [ 89.269869][ T5829] usb 4-1: New USB device found, idVendor=03f0, idProduct=0307, bcdDevice= 0.01 [ 89.290453][ T5829] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.302172][ T5780] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.321672][ T5829] usb 4-1: Product: syz [ 89.326079][ T5829] usb 4-1: Manufacturer: syz [ 89.341338][ T5829] usb 4-1: SerialNumber: syz [ 89.352084][ T5829] usb 4-1: config 0 descriptor?? [ 89.357863][ T6406] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 89.390649][ T6406] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 89.422562][ T5829] ums-usbat 4-1:0.23: USB Mass Storage device detected [ 89.693642][ T5829] ums-usbat: probe of 4-1:0.23 failed with error -5 [ 89.735222][ T5829] usb 4-1: USB disconnect, device number 3 [ 90.150602][ T6433] loop0: detected capacity change from 0 to 32768 [ 90.183034][ T6433] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop0 scanned by syz.0.195 (6433) [ 90.258787][ T6433] BTRFS info (device loop0): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 90.290910][ T6433] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 90.312626][ T6433] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 90.360342][ T6433] BTRFS info (device loop0): use lzo compression, level 0 [ 90.390618][ T6433] BTRFS info (device loop0): using free space tree [ 90.519269][ T6471] loop1: detected capacity change from 0 to 128 [ 90.551666][ T6433] BTRFS info (device loop0): enabling ssd optimizations [ 90.569199][ T6471] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 90.581976][ T6433] BTRFS info (device loop0): auto enabling async discard [ 90.614508][ T6460] loop2: detected capacity change from 0 to 4096 [ 90.621300][ T6471] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 90.733574][ T968] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 90.774955][ T6460] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 90.785597][ T5781] BTRFS info (device loop0): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 90.943041][ T968] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 90.969378][ T968] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.027813][ T968] usb 4-1: config 0 descriptor?? [ 91.097883][ T968] gspca_main: spca508-2.14.0 probing 8086:0110 [ 91.260018][ T968] gspca_spca508: reg_read err -32 [ 91.315515][ T6483] loop2: detected capacity change from 0 to 512 [ 91.373869][ T6483] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.210: casefold flag without casefold feature [ 91.413400][ T6483] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.210: couldn't read orphan inode 15 (err -117) [ 91.436152][ T6483] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.479603][ T968] gspca_spca508: reg_read err -71 [ 91.520788][ T968] gspca_spca508: reg_read err -71 [ 91.535045][ T968] gspca_spca508: reg_read err -71 [ 91.551512][ T968] gspca_spca508: reg write: error -71 [ 91.557009][ T968] spca508: probe of 4-1:0.0 failed with error -71 [ 91.582182][ T968] usb 4-1: USB disconnect, device number 4 [ 91.611393][ T6493] program syz.1.214 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 91.629795][ T5780] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.018026][ T6507] netlink: 'syz.0.220': attribute type 5 has an invalid length. [ 92.188931][ T6511] netlink: 'syz.0.223': attribute type 4 has an invalid length. [ 92.829226][ T6539] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.410443][ T6565] netlink: 4 bytes leftover after parsing attributes in process `syz.3.248'. [ 93.873695][ T6589] capability: warning: `syz.2.258' uses deprecated v2 capabilities in a way that may be insecure [ 93.929582][ T6591] program syz.2.258 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 94.153150][ T6599] raw_sendmsg: syz.2.263 forgot to set AF_INET. Fix it! [ 94.202799][ T6601] loop0: detected capacity change from 0 to 1024 [ 94.227966][ T6601] EXT4-fs: Ignoring removed nobh option [ 94.264200][ T6601] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (1764!=20869) [ 94.299248][ T6601] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 94.323939][ T6601] EXT4-fs (loop0): can't mount with journal_checksum, fs mounted w/o journal [ 94.539152][ T6607] loop0: detected capacity change from 0 to 1764 [ 94.582396][ T6607] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 94.590715][ T6593] loop3: detected capacity change from 0 to 32768 [ 94.673604][ T6593] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 94.843071][ T6605] loop2: detected capacity change from 0 to 32768 [ 94.857445][ T6605] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.266 (6605) [ 94.879567][ T28] kauditd_printk_skb: 98 callbacks suppressed [ 94.879581][ T28] audit: type=1800 audit(2000000021.259:115): pid=6593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.260" name="file1" dev="loop3" ino=17058 res=0 errno=0 [ 94.925290][ T6605] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 94.945841][ T6605] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 94.975515][ T6605] BTRFS info (device loop2): using free space tree [ 95.050935][ T6619] netlink: 8 bytes leftover after parsing attributes in process `syz.1.269'. [ 95.098562][ T5782] ocfs2: Unmounting device (7,3) on (node local) [ 95.267391][ T6605] BTRFS info (device loop2): enabling ssd optimizations [ 95.290265][ T6605] BTRFS info (device loop2): auto enabling async discard [ 95.372083][ T6636] loop1: detected capacity change from 0 to 2048 [ 95.399714][ T6636] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 95.452488][ T6634] loop0: detected capacity change from 0 to 4096 [ 95.458577][ T6636] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 95.573911][ T6634] ntfs: volume version 3.1. [ 95.575930][ T5780] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 95.599443][ T6636] overlayfs: failed to resolve './file0': -2 [ 95.945832][ T6642] ieee802154 phy0 wpan0: encryption failed: -22 [ 95.997496][ T6645] tmpfs: Bad value for 'mpol' [ 96.649583][ T6667] netlink: 312 bytes leftover after parsing attributes in process `syz.2.286'. [ 96.660224][ T54] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 96.884751][ T54] usb 2-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 96.923846][ T54] usb 2-1: config 0 interface 0 has no altsetting 0 [ 96.936766][ T6679] netlink: 'syz.2.294': attribute type 30 has an invalid length. [ 96.944652][ T54] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 96.944679][ T54] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.961523][ T54] usb 2-1: config 0 descriptor?? [ 97.098557][ T6686] loop2: detected capacity change from 0 to 4096 [ 97.146630][ T6687] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 97.224351][ T6686] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 97.270763][ T5829] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 97.280016][ T6686] Remounting filesystem read-only [ 97.297095][ T6689] loop3: detected capacity change from 0 to 1024 [ 97.337062][ T5780] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 97.344858][ T5780] NILFS (loop2): discard dirty block: blocknr=23, size=4096 [ 97.354496][ T5780] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 97.367245][ T5780] NILFS (loop2): discard dirty block: blocknr=24, size=4096 [ 97.376894][ T6689] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.391214][ T5780] NILFS (loop2): discard dirty page: offset=8192, ino=6 [ 97.398191][ T5780] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [ 97.406612][ T6689] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.416395][ T54] logitech 0003:046D:C29C.0003: hidraw0: USB HID v1.01 Device [HID 046d:c29c] on usb-dummy_hcd.1-1/input0 [ 97.445665][ T6689] EXT4-fs: Ignoring removed orlov option [ 97.451577][ T6689] EXT4-fs: can't change dax mount option while remounting [ 97.482123][ T5829] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.525469][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.561565][ T5829] usb 1-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a [ 97.597460][ T5829] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.610548][ T54] logitech 0003:046D:C29C.0003: no inputs found [ 97.619437][ T5829] usb 1-1: Product: syz [ 97.629053][ T5829] usb 1-1: Manufacturer: syz [ 97.637415][ T5829] usb 1-1: SerialNumber: syz [ 97.663785][ T5829] usb 1-1: config 0 descriptor?? [ 97.692653][ T54] usb 2-1: USB disconnect, device number 2 [ 97.714007][ T5829] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state. [ 97.742007][ T5829] dvb-usb: bulk message failed: -22 (3/0) [ 97.771829][ T6699] loop2: detected capacity change from 0 to 128 [ 97.787450][ T5829] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 97.793448][ T6699] EXT4-fs: Ignoring removed nobh option [ 97.815706][ T6699] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 97.822753][ T5829] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device) [ 97.844570][ T6699] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.886211][ T5829] usb 1-1: media controller created [ 97.917246][ T6683] dvb-usb: bulk message failed: -22 (2/0) [ 97.948129][ T5829] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 98.028409][ T5829] dvb-usb: bulk message failed: -22 (6/0) [ 98.044537][ T5829] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' [ 98.074109][ T5829] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input6 [ 98.095656][ T5829] dvb-usb: schedule remote query interval to 150 msecs. [ 98.100062][ T5780] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 98.105242][ T5829] dvb-usb: bulk message failed: -22 (3/0) [ 98.140285][ T5829] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected. [ 98.212298][ T5829] usb 1-1: USB disconnect, device number 3 [ 98.285555][ T6711] netlink: 802 bytes leftover after parsing attributes in process `syz.2.305'. [ 98.306880][ T6713] loop1: detected capacity change from 0 to 1024 [ 98.347214][ T5829] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected. [ 98.900252][ T5829] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 98.997701][ T968] hid-generic 0000:0000:0000.0004: item fetching failed at offset 0/1 [ 99.008285][ T27] kernel write not supported for file /cpu/0/msr (pid: 27 comm: kworker/1:1) [ 99.013427][ T968] hid-generic: probe of 0000:0000:0000.0004 failed with error -22 [ 99.110245][ T5829] usb 2-1: Using ep0 maxpacket: 16 [ 99.127159][ T5829] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 99.147927][ T5829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.157402][ T5829] usb 2-1: Product: syz [ 99.182664][ T5829] usb 2-1: Manufacturer: syz [ 99.204478][ T5829] usb 2-1: SerialNumber: syz [ 99.224559][ T5829] r8152-cfgselector 2-1: config 0 descriptor?? [ 99.432110][ T6753] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN [ 99.440408][ T23] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 99.443865][ T6753] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 99.443897][ T6753] CPU: 0 PID: 6753 Comm: syz.2.326 Not tainted syzkaller #0 [ 99.467140][ T6753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 99.477212][ T6753] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 [ 99.482803][ T6753] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 49 0b e0 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 28 0b e0 f9 4d 8b 24 24 48 83 c3 [ 99.502514][ T6753] RSP: 0018:ffffc90019d9fa80 EFLAGS: 00010206 [ 99.508579][ T6753] RAX: 0000000000000005 RBX: ffff8880217ffc80 RCX: 0000000000080000 [ 99.516626][ T6753] RDX: ffffc9000d28b000 RSI: 00000000000007be RDI: 00000000000007bf [ 99.524591][ T6753] RBP: 0000000000000001 R08: ffff88802a71c92f R09: 1ffff110054e3925 [ 99.532562][ T6753] R10: dffffc0000000000 R11: ffffed10054e3926 R12: 0000000000000028 [ 99.540524][ T6753] R13: dffffc0000000000 R14: ffff88802a71c800 R15: dffffc0000000000 [ 99.548494][ T6753] FS: 00007fdcdfb826c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 99.557517][ T6753] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 99.564090][ T6753] CR2: 0000001b2e223ffc CR3: 00000000259a5000 CR4: 00000000003506f0 [ 99.572058][ T6753] Call Trace: [ 99.575325][ T6753] [ 99.578245][ T6753] pcl818_detach+0x66/0xd0 [ 99.582741][ T6753] comedi_device_detach_locked+0x172/0x710 [ 99.588548][ T6753] comedi_unlocked_ioctl+0xccc/0xfe0 [ 99.593830][ T6753] ? comedi_poll+0x8c0/0x8c0 [ 99.598423][ T6753] ? __fget_files+0x28/0x4d0 [ 99.603011][ T6753] ? bpf_lsm_file_ioctl+0x9/0x10 [ 99.607953][ T6753] ? security_file_ioctl+0x80/0xa0 [ 99.613079][ T6753] ? comedi_poll+0x8c0/0x8c0 [ 99.617710][ T6753] __se_sys_ioctl+0xfd/0x170 [ 99.622300][ T6753] do_syscall_64+0x55/0xb0 [ 99.626705][ T6753] ? clear_bhb_loop+0x40/0x90 [ 99.631370][ T6753] ? clear_bhb_loop+0x40/0x90 [ 99.636037][ T6753] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 99.641929][ T6753] RIP: 0033:0x7fdcded8ebe9 [ 99.646329][ T6753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.666015][ T6753] RSP: 002b:00007fdcdfb82038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 99.674419][ T6753] RAX: ffffffffffffffda RBX: 00007fdcdefc5fa0 RCX: 00007fdcded8ebe9 [ 99.682416][ T6753] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000003 [ 99.690376][ T6753] RBP: 00007fdcdee11e19 R08: 0000000000000000 R09: 0000000000000000 [ 99.698330][ T6753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.706290][ T6753] R13: 00007fdcdefc6038 R14: 00007fdcdefc5fa0 R15: 00007ffc77c6c218 [ 99.714257][ T6753] [ 99.717262][ T6753] Modules linked in: [ 99.728073][ T6753] ---[ end trace 0000000000000000 ]--- [ 99.743090][ T6753] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 [ 99.748868][ T6753] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 49 0b e0 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 28 0b e0 f9 4d 8b 24 24 48 83 c3 [ 99.759379][ T5829] usbip-host 2-1: 2-1 is not in match_busid table... skip! [ 99.770588][ T6753] RSP: 0018:ffffc90019d9fa80 EFLAGS: 00010206 [ 99.782319][ T6753] RAX: 0000000000000005 RBX: ffff8880217ffc80 RCX: 0000000000080000 [ 99.790705][ T6753] RDX: ffffc9000d28b000 RSI: 00000000000007be RDI: 00000000000007bf [ 99.798825][ T6753] RBP: 0000000000000001 R08: ffff88802a71c92f R09: 1ffff110054e3925 [ 99.807874][ T6753] R10: dffffc0000000000 R11: ffffed10054e3926 R12: 0000000000000028 [ 99.816135][ T6753] R13: dffffc0000000000 R14: ffff88802a71c800 R15: dffffc0000000000 [ 99.824643][ T6753] FS: 00007fdcdfb826c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 99.833823][ T6753] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 99.841226][ T6753] CR2: 00007fa4d23397ea CR3: 00000000259a5000 CR4: 00000000003506f0 [ 99.844369][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 99.849208][ T6753] Kernel panic - not syncing: Fatal exception [ 99.849676][ T6753] Kernel Offset: disabled