last executing test programs: 4m24.033777562s ago: executing program 32 (id=3703): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='stat\x00') read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020) 2m26.088068474s ago: executing program 2 (id=5407): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000280)='./file0\x00', 0xc70f, &(0x7f0000000100)=ANY=[], 0x0, 0x23d, &(0x7f00000004c0)="$eJzs3EGLG2UYB/Cn29rubmmzBxEUxBe96GXoxk8QpAUxoKyNqAdh6k40ZEyWTFiJiPXm1c9RPHoT1C+wF2/eve1F8NKDGGmyaZM2IoJ11Px+EOZJ3vzhGTKE5w1kTt/+8qN+t8q6+Ti2tlNsbceZrUUR55ZeORcXY9nn8dLlX3589s133n2t1W5fP0jpRuvmy82U0tXnvv3406+e/358+a2vr35zKU723jv9ufnTyVMnT5/+dvPDXpV6VRoMxylPt4bDcX6rLNJhr+pnKb1RFnlVpN6gKkYr691yeHQ0Sfng8Mru0aioqpQPJqlfTNJ4mMajSco/yHuDlGVZurIb/JnOnYODvFV3Fzxeo1ErPx8RO4+sdO7U0hAAUKtH5v97I/3diD3z/wYw/2+Ce/P/7sqOfsH8DwAAAAAAAAAAAAAA/wV3p9PGdDptLI6Lx6WI2I6IxfO6++Tx8PlvtqU/7m1HlF8cd4478+N8vdWNXpRRxLVoxK+z6+HMvL7xavv6tTSzF9+Vt8/yt48751fz+9GIvfX5/Xk+reafiN3lfDMa8eT6fHNt/mK8+MJSPotG/PB+DHfKOJxd1w/yn+2n9Mrr7YfyO7P3AQAAwP9Blu5bu3/Psj9an+f/wu8DD+2vL8QzF+o9dwAAANgU1eSTfl6WxUihUCjuF3V/MwEAAH+3B0N/3Z0AAAAAAAAAAAAAAAAAAADA5vonbidW9zkCAAAAAAAAAAAAAAAAAAAAAADAv8XvAQAA//+LHy6J") lgetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)=@random={'osx.', 'user.incfs.metadata\x00'}, 0x0, 0x0) 2m25.831314197s ago: executing program 2 (id=5410): madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) syz_clone(0x0, 0x0, 0x41, 0x0, 0x0, 0x0) 2m25.524443571s ago: executing program 2 (id=5413): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0) 2m25.151534023s ago: executing program 2 (id=5421): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x1000806, &(0x7f00000016c0)={[{@iocharset={'iocharset', 0x3d, 'cp1255'}}, {}, {@gid={'gid', 0x3d, 0xee01}}, {@iocharset={'iocharset', 0x3d, 'none'}}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}, {}, {@errors_continue}, {}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@keep_last_dots}, {@uid={'uid', 0x3d, 0xee01}}, {@gid}], [{@appraise}]}, 0x9, 0x1505, &(0x7f0000000180)="$eJzs3Au4jdX2MPAx5pwvm9BKcp9jjpeVXCZJEknIJUmSJMktIUmSJCS33JKQhNyT3ENyC8n9fss9SY4kSUJCwvweHefzndPp9P2/0/mc59nj9zzz2XPstcZY411jr9u7n72/azewUp3K5WsxM/xb8K9fugJACgD0AYBrASACgOKZi2e+dHk6jV3/vRsRf66Hp1ztDsTVJPNP3WT+qZvMP3WT+aduMv/UTeafusn8UzeZvxCp2ZapOa6TlXqXnP9PzeT1P3WT+aduMv/UTeafusn8UzOW+adyMv/UTeafusn8hUjN/pTzyGkvF/svOJ/9H1h/u6uudh9/sKL/p7yr95MnhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECI1ORuuMADwt/3V7ksIIYQQQgghhBB/npD2ancghBBCCCGEEEKI/zwEMBoMRJAG0kIKpIP0cA1kgIyQCa6FBFwHmeF6yAI3QFbIBtkhB+SEXJAbLBA4YIghD+SFJNwI+eAmyA8FoCAUAg+FoQjcDEXhFigGt0JxuA1KwO1QEkrBHVAa7oQycBeUhXJQHu6GClARKkFluAeqwL1QFe6DanA/VIcHoAY8CDXhIagFD0NteATqwKNQFx6DelAfGkBDaPTP8/W/zn8JOsHL0Bm66Ev3QHd4BXpAT+gFvaEPvAp94TXoB69DfxgAA+ENGARvwmB4C4bAUBgGb8NwGAEjYRSMhjEwFt6BcfAujIf3YAJMhEkwGabAVJgG78N0mAEz4QOYBR/CbJgDc2EezIePYAEshEXwMSyGT2AJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQt8ClthG2yHHbATdsFu+Az2wOewF76AffDl/zD/zD/kt0dAQIUKDRpMg2kwBVMwPabHDJgBM2EmTGACM2NmzIJZMCtmxeyYHXNiTsyNuZGQkJExD+bBJCYxH+bD/JgfC2JB9OixCBbBongLFsNiWByLYwksgSWxFJbC0lgay2AZLItlsfztcwCwAlbCSngP3oP3YlWsitWwGlbH6lgDa2BNrIm1sBbWxtpYB+tgXayL9bAeNsAG2AgbYWNsjE2wCTbDZtgcm2MLbIEtsSW2wlbYGltjG2yDbbEttsN22B47YAd8CV/Cl/Fl7IIVVDfsjt2xB/bAXtgbe+Or2Bdfw9fwdeyPA3AgvoFv4Js4GE/jEByKw3AYllEjcCSOQlZjcCyOxXE4DsfjeJyAE3EiTsYpOBWn4TScjjNwBn6As/BD/BDn4Bych/NxPi7AhbgIF+FiPINLcCkuw+W4AlfiClyNa3A1rlN/e2huxs34KX6K23Ab7sAduAt34Wf4GX6On2N/3If7cD/uxwN4AA/iQTyEh/AwHsYjeASP4lE8hsfwOJ7Ak3gCT+EpPI1n8CyexXN4Ds/jCzm/qb2rwNr+oC4xyqg0Ko1KUSkqvUqvMqgMKpPKpBIqoTKrzCqLyqKyqqwqu8qucqqcKrfKrUiRYhWrPCqPSqqkyqfyAUBXVVAVVF55VUQVUUVVUVVMFVPF1W2qhLpdlVSlVFNfWpVWZVQzX1aVU+VVeVVBVVSVVGVVWVVRVVRVVVVVU9VUdVVd1VAPqpqqG/bCh9WlydRRA7CuGoj1VH3VQDVUb+LjqrEajE1UU9VMPamG4hBsoRr7luoZ1UqNxNbqOTUKn1dt1Rhsp15U7VUH1VG9pDqpJr6z6qImYDfVXU3GHqqn6qV6q+lYUV2aWCX1uuqvBqiB6g01D99Ug9Vbaogaqoapt9VwNUKNVKPUaDVGjVXvqHHqXTVevacmqIlqkpqspqipapp6X01XM9RM9YGapT5Us9UcNVfNU/PVR2qBWqgWqY/VYvWJWqKWqmVquVqhVqpVarVao9aqdWq92qA2qk1qs9qiPlVb1Ta1Xe1QO9UutVt9pvaoz9Ve9YXap75U+9Vf1AH1lTqovlaH1DfqsPpWHVHfqaPqe3VMdVHH1Ql1Uv2oTqmf1Gl1Rp1VP6tz6hd1Xl1QF1VQoFErrbXRkU6j0+oUnU6n19foDDqjzqSv1Ql9nc6sr9dZ9A06q86ms+scOqfOpXNrq0k7zTrWeXRendQ36nz6Jp1fF9AFdSHtdWFdRN+si+pbdDF9qy6ub9Ml9O26pC6l79Cl9Z26jL5Ll9XldHl9t66gK+pKurK+R1fR9+qq+j5dTd+vq+sHdA39oK6pH9K19MO6tn5E19GP6rr6MV1P19cNdEPdSD+uG+sndBPdVDfTT+rm+indQj+tW+pndCv9rG6tn9Nt9PO6rX5Bt9Mv6va6g+6oL+iLOujOuovuqrvp7voV3UP31L10b91Hv6r76td0P/267q8H6IH6DT1Iv6kH67f0ED1UD9Nv6+F6hB6pR+nReoweq9/R4/S7erx+T0/QE/UkPVlP0VN1r8uVZl7KN/Av89/9J/n9fr31zXqL/lRv1dv0dr1D79S79G69W+/Re/RevVfv0/v0fr1fH9AH9EF9UB/Sh/RhfVgf0Uf0UX1UH9PH9HF9Qv+sf9Sn9E/6tD6jz+if9Tl9Tp+/fB+AQaOMNsZEJo1Ja1JMOpPeXGMymIwmk7nWJMx1JrO53mQxN5isJpvJbnKYnCaXyW2sIeMMm9jkMXlN0txo8pmbTH5TwBQ0hYw3hU0Rc/Pv5UeXn+H+MP93+ls+6XJ+I9PINDaNTRPTxDQzzUxz09y0MC1MS9PStDKtTGvT2rQxbUxb09a0M+1Me9PedDQdTSfTyXRGMF1NV9PdvGJ6mJ6ml+lt+phXTV/T1/Qz/Ux/098MNAPNIDPIDDaDzRAzxAwzw8xwM9yMNCPNaDPajDVjzTgzzow3480EM8FMMpPMFDPFXHphvWSmmWlmmVlmtplt5pq5Zr6ZbxaYBWaRWWQWm8VmiVlqlprlZrlZaVaa1Wa1WWvWmvVmvdloNpolZovZYraarWa72W52mp1mt9lt9pg9Zq/Za/aZfWa/2W8OmAPmoDloDplD5rA5bI6YI+aoOWqOmWPmuDluTpqT5pQ5ZU6b0+asOWvOmXPmvDlvLpqLl972RSpSkYlMlCZKE6VEKVH6KH2UIcoQZYoyRYkoEWWOMkdZohuirFG2KHuUI8oZ5YpyRzaiyEUcxVGeKG+UjG6M8kU3RfmjAlHBqFDko8JRkejmqGh0S1QsujUqHt0WlYhuj0pGpaI7otLRnVGZ6K6obFQuKh/dHVWIKkaVosrRPVGV6N6oanRfVC26P6oePRDViB6MakYPRbWih6Pa0SNRnejRqG70WFQvqh81iBpGjf7U+iGczvaE72y72LTQzXa3r9getqftZXvbPvZV29e+ZvvZ121/O8AOtG/YQfZNO9i+ZYfYoXaYfdsOtyPsSDvKjrZj7Fj7jh1n37Xj7Xt2gp1oJ9nJdoqdaqfZ9+10O8POtB/YWfZDO9vOsXPtPDvffmQX2IV2kf3YLraf2CV2qV1ml9sVdqVdZVfbNXatXWfX2w12o91kN9st9lO71W6z2+0Ou9PusrvtZ3aP/dzutV/YffZLu9/+xR6wX9mD9mt7yH5jD9tv7RH7nT1qv7fH7A/2uD1hT9of7Sn7kz1tz9iz9md7zv5iz9sL9qINl97cX3p5J0OG0lAaSqEUSk/pKQNloEyUiRKUoMyUmbJQFspKWSk7ZaeclJNyU266hIkpD+WhJCUpH+Wj/JSfClJB8uSpCBWholSUilExKk7FqQSVuPxoAbqT7qS76C4qR+XobrqbKlJFqkyVqQpVoapUlapRNapO1akG1aCaVJNqUS2qTbWpDtWhulSX6lE9akANqBE1osbUmJpQE2pGzag5NacW1IJaUktqRa2oNbWmNtSG2lJbakftqD21p47UkTpRJ+pMnakrdaXu1J16UA/qRb2oD/WhvtSX+lE/6k/9aSANpEE0iAbTYBpCQ2kYvU3DaQSNpFE0msbQWBpL42gcjafxNIEm0CSaRFNoCk2jaTSdptNMmkmzaBbNptk0l+bSfJpPC2gBLaJFtJgW0xJaQstoGa2gFbSKVtEaWkPraB1toA20iTbRFtpCW2krbafttJN20m7aTXtoD+2lvbSP9tF+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifpJJ2iU3SaTtNZOkvn6Bc6TxfoIgVKcelceneNy+AyukzuWvePcXaXw+V0uVxuZ11Wl+3vYnLO5XcFXEFXyHlX2BVxN/8mLulKuTtcaXenK+PucmV/E1dx97qq7j5Xzd3vKrt7/i6u7h5wNdyjrqZ7zNVy9V1t19DVcY+6uu4xV8/Vdw1cQ9fcPeVauKddS/eMa+We/U28wC10a9xat86td3vc5+6s+9kdcd+5c+4X19l1cX3cq66ve831c6+7/m7Ab+Jh7m033I1wI90oN9qN+U08yU12U9xUN82976a7Gb+J57uP3Cy3yM12c9xcN+/X+FJPi9zHbrH7xC1xS90yt9ytcCvdKrf6f/e63G10m9xmt9t95ra6bW672+F2ul2/xpeOY6/7wu1zX7rD7lt3wH3lDrqj7pD75tf40vEddd+7Y+4Hd9ydcCfdj+6U+8mddmd+Pf5Lx/6ju+AuuuCAkRVrNhxxGk7LKZyO0/M1nIEzcia+lhN8HWfm6zkL38BZORtn5xyck3NxbrZM7Jg55jycl5N8I+fjmzg/F+CCXIg9F+YifDMX5Vu4GN/Kxfk2LsG3c0kuxXdwab6Ty/BdXJbLcXm+mytwRa7ElfkersL3clW+j6vx/VydH+Aa/CDX5Ie4Fj/MtfkRrsOPcl1+jOtxfW7ADbkRP86N+Qluwk25GT/JzfkpbsFPc0t+hlvxs9yan+M2/Dy35Re4Hb/I7bkDd+SXuBO/zJ25C3flbtydX+Ee3JN7cW/uw69yX36N+/Hr3J8H8EB+gwfxmzyY3+IhPJSH8ds8nEfwSB7Fo3kMj+V3eBy/y+P5PZ7AE3kST+YpPJWn8fs8nWfwTP6AZ/GHPJvn8Fyex/P5I17AC3kRf8yL+RNewkt5GS/nFbySV/FqXsNreR2v5w28kTfxZt7Cn/JW3sbIO3gn7+Ld/Bnv4c95L3/B+/hL3s9/4QP8FR/kr/kQf8OH+Vs+wt/xUf6ej/EPfJxP8En+kU/xT3yaz/BZ/pnP8S98ni/wRQ4MMcYq1rGJozhNnDZOidPF6eNr4gxxxjhTfG2ciK+LM8fXx1niG+KscbY4e5wjzhnninPHNqbYxRzHcZ44b5yMb4zzxTfF+eMCccG4UOzjwnGR+Oa4aHxLXCy+NS4e3xaXiG+PS8al4kfvLx3fGZeJ74rLxuXi8vHdcYW4YlwprhzfE1eJ742rxvfF1eL742LxA3GN+MG4ZvxQXCt+OK4dPxLXiR+N68aPxfXi+nGDuGHcKH48bhw/ETeJm8bN4ifj5vFTcYv46bhl/EzcKn72Dy/vGneLu8evxK/EIdyn5ybnJecnP0ouSC5MLkp+nFyc/CS5JLk0uSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ORlC5bTg0SuvvfGRT+PT+hSfzqf31/gMPqPP5K/1CX+dz+yv91n8DT6rz+az+xw+p8/lc3vryTvPPvZ5fF6f9Df6fP4mn98X8AV9Ie99YV/EN/SNfCPf2D/hm/imvpl/0j/pn/JP+af90/4Z38o/61v753wb/7xv61/wL/gXfXvfwXf0L/lO/mXf2XfxXX1X39139z18D9/L9/J9fB/f1/f1/Xw/399f8AP9QD/ID/KD/WA/xA/xw/wwP9wP9yP9SD/aj/Zj/Vg/zo/z4/14PyFlgp/kJ/kpfoqf5qf56X66n+ln+ln5Z/nZfraf6+f6+X6+X+AX+EV+kV/sF/slfolf5pf5FX6FX+VX+TV+jV/n1/kNfoPf5Df5LX6L3+q3+u1+u9/pd/rdfrff4/f4vX6v3+dDCF32nw3+gD/ov/aH/Df+sP/WH/Hf+aP+e3/M/+CP+xP+pP/Rn/I/+dP+jD/rf/bn/C/+vL/gL/rgxybeSYxLvJsYn3gvMSExMTEpMTkxJTE1MS3xfmJ6YkZiZuKDxKzEh4nZiTmJuYl5ifmJjxILEgsTixIfJxYnPkksSSxNLEssT6xIrEyEkGtrHPKEvCEZbgz5wk0hfygQCoZCwYfCoUi4ORQNt4Ri4dZQPNwWSoTbQ8lQKtwRHgv1Qv3QIDQMjcLjoXF4IjQJTUOz8GRoHp4KLcLToWV4JrQKz4bW4bnQJjwf2oYXQrvwYmgfOoSO4aXQKbwcOocuoWvoFrqHV0KP0DP8EnqHPuHV0De8FvqF10P/MCAMDG+EQeHNMDi8FYaEoWFYeDsMDyPCyDAqjA5jwtjwThgX3g3jw3thQpgYJoXJYUqYGqaF98P0MCPMDB+EWeHDMDvMCXPDvDA/fBQWhIVhUfg4LA6fhCVhaVgWlgdIWRlWhdVhTVgb1oX1YUPYGDaFzWFL+DRsDdvC9rAj7Ay7wu7wWdgTPg97wxdhX/gy7A9/CQfCV+Fg+DocCt+Ew+HbcCR8F46G78Ox8EM4Hk6EkwHDqfBTOB3OhLPh53Au/BLOhwvhovzNmhBCCCHE/xX9B5d3+yffU5cX/Pq7c4CM23Ic+seaG7L+dd9T5WyeAIBnurR7+G+rQoWuXbtevu4SDVHeOQCQuJKfBq7ES6EZPAUtoSkU/af99VQdzvG/rv8bKQCQHv6x/i2/U3/ErD+oHyXnAOTPeyUnHVyJr9Qv9jv1szX+g/rpvhoL0OT/yMkAV+Ir9YvAE/AstPy7awohhBBCCCGEEH/VU93R5o8+3176fJ7TXMlJC1fiP/p8LoQQQgghhBBCiKvv+Q4dn368ZcumbWRzFTbtMv51Cv8t/fzOJs1/Rxt/3gYvn736b+nnP70pd/nR/j/JumpPSUIIIYQQQoj/kCtv+q92J0IIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghROr1/+OfkF3tYxRCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGutv8VAAD//zmwHF0=") mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) 2m24.551193121s ago: executing program 2 (id=5431): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100)) socket$isdn_base(0x22, 0x3, 0x0) 2m22.648867966s ago: executing program 2 (id=5461): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) fcntl$lock(r0, 0x24, &(0x7f0000000180)={0x2, 0x4, 0x6, 0x800}) 2m22.453143149s ago: executing program 33 (id=5461): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) fcntl$lock(r0, 0x24, &(0x7f0000000180)={0x2, 0x4, 0x6, 0x800}) 1m34.389192025s ago: executing program 3 (id=6019): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0x4d00, 0x0) 1m33.786958908s ago: executing program 3 (id=6025): r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) connect$ax25(r0, 0x0, 0x0) 1m32.957972186s ago: executing program 3 (id=6032): fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x11, 0x4, 0x8, 0x201, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 1m32.434958802s ago: executing program 7 (id=6034): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000080)) 1m32.354104302s ago: executing program 3 (id=6036): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000003a80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000052c00000900010073797a300000000078000000030a01030000000000000000050000000900010073797a30000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a320000000008000a4000000003280004800800024000000000080001"], 0xc0}}, 0x0) 1m32.079882317s ago: executing program 5 (id=6037): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000040)=@mangle={'mangle\x00', 0x64, 0x6, 0x648, 0x0, 0x3d0, 0xd0, 0xd0, 0xd0, 0x578, 0x578, 0x578, 0x578, 0x578, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3d0}}, {{@ipv6={@private0, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x0, 0x3, 0x44}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private1, @mcast2}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0x160, 0x1a8, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private0, @local}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6a8) 1m31.749284017s ago: executing program 7 (id=6039): r0 = syz_open_procfs(0x0, &(0x7f0000001200)='auxv\x00') preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000280)=""/48, 0x30}], 0x1, 0xfffffffe, 0x80000000) 1m31.564970746s ago: executing program 3 (id=6040): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20100cc, &(0x7f0000000400), 0x1, 0x7b5, &(0x7f0000000440)="$eJzs3U1oHFUcAPD/bDbZfmlS8WBFNCDa4kfStCKpCE1ED4oHwV7Ei6FJS+z2gyaiLUJTvOpNvKlU8KoIetFL6cGLN29ePUm1iPbgcWVmZ5N1s5uP7SZjs78fTPPevJ2+N9n8983Oe8wLoG+Npv+UIg5ExFISMZzvTyJiMEuVI6bqr7v91/sn0y2JWu31P5PsNWk+mo5J7c0P2xURP99I4r6B1fUuXLp8ZqZanbuY58cXz14YX7h0+en5szOn507PnZuYPDZ5dPLIsWcnuz2145WWHS9/+vkbNz975fGrH709/f2bv/+dxFQcz8uaz6NXRmN0+XcSQ/Ufg/VfTbzY68oKMpCfT6lpX1IusEFsSqnpPXwghmMgVt684bjxbaGNAwC2RC3dAIA+k+j/AaDPNO4DNMb2tmIcDPh/ujUd2UD96vgvx1T2c1c2Zr3ndtI0MljOxrVHe1B/+n/88ePXX6ZbbNE4PNDe0tVs4L9N/CdZ/I9ks3ha478+Z2CqB/W3foaIf9g+dxL/r/WgfvEPAAAAAAAAvXN9OiIm243/lZbn/0Sb8b9KRBzuQf3rj/+VbvagGqCNW9MRz7ed/7v8RJeRgTx3TzYfYDA5NV+dS2P/3og4FIOVND+xRh0/vfvrC53Kmuf/pVtaf2MuYN6Om+WWB/nMzizO3Mk5A3W3rkY8WO48/yft/5M2/X9a9tYG6/jmk68e61Q2mm1rxT+wVWrXIg7mT/qL+G/8NyRrP59vPLseGG9cFaz28EvX/ulU//r9fydPbPZUgRZp/7+n7fX/cvyPJM3P61zYfB1ffHjioU5l3V7/DyUnsqeK5o/VjPdmFhcvTkQMJa+u3n9k822GnagRD414SeP/0KNZ/E91uv/X7vo/vWK4sME6J/b98FSnsu77f+BOpfE/u6n+f/OJ01eOnulU/8b6/2eyPv1Qvsf9P1jbRgO06HYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAvlSJiXySlseV0qTQ2FrE3Iu6PPaXq+YXFJ0+df+fcbFoWMRKDpVPz1bnDETFczydpfiJLr+SPtOSPRsT+iPi4sjvLj508X50t+uQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILe3w/r/qd8qRbcOANgyu4puAACw7fT/ANB/9P8A0H/a9P8ni2gHALB9fP8HgP7TZf//Xa/bAQAAAAAAAAAAAAAAAAAAAAAAAAA71P5Hrv+SRMTSc7uzLTWUlw0W2jJgq5WKbgBQmIGiGwAUplx0A4DC+I4PJG33VpZTrUuErLzeHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPrHwQPrrP/ffmEwYAdoXr2vVqtdKbApwDaz/j/0L+v/Q/+y/j+w3m2+lfX/l2p1jbz1/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6B8Lly6fmalW5y5K3NWJ+Q+6OGp3/kfQk2aUo7vDe1O7RFeJSueigj+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4K/wbAAD//3ZIMe8=") quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90}) 1m31.156121184s ago: executing program 5 (id=6043): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffa}, [@call={0x85, 0x0, 0x0, 0x2c}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x27, 0x8, 0x0, &(0x7f0000000140)="f9ad48cc42cb29fc", 0x0, 0x1400, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m31.06478497s ago: executing program 7 (id=6044): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@ipv6_delrule={0x1c, 0x21, 0x1, 0x0, 0x0, {0xa, 0x14}}, 0x1c}}, 0x0) 1m30.4079543s ago: executing program 7 (id=6047): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x3, 0x8, 0x301, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}]}, 0x1c}}, 0x0) 1m30.329043486s ago: executing program 5 (id=6048): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x14, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x57}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 1m29.873640766s ago: executing program 7 (id=6050): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 1m29.71278062s ago: executing program 5 (id=6051): r0 = openat$zero(0xffffff9c, &(0x7f0000000040), 0x8100, 0x0) read(r0, &(0x7f0000000340)=""/4096, 0x1000) 1m29.338904813s ago: executing program 7 (id=6052): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9c3}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'team_slave_1\x00'}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0) 1m29.338840861s ago: executing program 3 (id=6053): r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90d, 0x9, '\x00', @p_u8=&(0x7f0000000040)}}) 1m29.222698168s ago: executing program 5 (id=6054): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_SYNTH_ID(r0, 0xc08c5114, 0x0) 1m28.527390199s ago: executing program 5 (id=6057): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000001c0)=ANY=[@ANYBLOB="8c00000013000500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300766c616e300000000000000000000000080004000000000034002b8008000100", @ANYRES32, @ANYBLOB='\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\b\x00\b\x00', @ANYRES32, @ANYBLOB='\b\x00\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="06002400600600000a000100aaaaaaaaaa30"], 0x8c}}, 0x0) 1m28.394940488s ago: executing program 4 (id=6058): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000380)={0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, '\x00', 0x18}, 0x5}, 0x1c) 1m28.120011949s ago: executing program 6 (id=6059): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000013c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x120, 0x1170, 0x1398, 0x0, 0x1170, 0x2a8, 0x1398, 0x1398, 0x2a8, 0x1398, 0x3, 0x0, {[{{@ipv6={@empty, @mcast1, [], [], 'ip6tnl0\x00', 'veth0_to_hsr\x00'}, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@inet=@ecn={{0x28}, {0x21}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @private0, @private0, @loopback}}]}, @common=@unspec=@NFQUEUE0={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 1m27.889733216s ago: executing program 4 (id=6060): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x6, @broadcast, 0x4e22, 0x3, 'fo\x00', 0x20, 0xffff7991, 0x1d}, {@rand_addr=0x64010102, 0x4e23, 0x4, 0x3, 0x0, 0xd72f}}, 0x44) 1m27.56725634s ago: executing program 6 (id=6062): syz_mount_image$bfs(&(0x7f0000000280), &(0x7f0000000240)='./bus\x00', 0x808008, &(0x7f0000000200)=ANY=[], 0xf, 0xaa, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7Cb1kYEC2sb7+BRxNI0YqUI3sCbeBWPkN7CIq2II5iIiJ1FBPm+YuDNY+C1sz/t+kUWkTYRadibH9LDYrmaTYr6DL5SFhH/EZFHxKBT5+O47n6avqzW07L6fX38t219LwAA8L4sRs/5kpqLc/MLvIXuvc9b3gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwadcAAAD//xynKEA=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) 1m27.263411238s ago: executing program 4 (id=6064): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='attr/current\x00') read$FUSE(r0, &(0x7f0000002640)={0x2020}, 0x2020) 1m27.013922864s ago: executing program 6 (id=6066): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_QUERYSTD(r0, 0x8008563f, &(0x7f0000000040)) 1m26.805286232s ago: executing program 4 (id=6067): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000680)={0x16, 0x98, 0xfa00, {0x0, 0x0, 0xffffffffffffffff, 0x1c, 0x2, @in6={0xa, 0x0, 0x0, @private2}}}, 0xa0) 1m26.610684882s ago: executing program 6 (id=6069): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x2}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x10}}, 0x8c}}, 0x0) 1m26.4574957s ago: executing program 4 (id=6070): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x2810800, &(0x7f0000000100)={[{@shortname_win95}, {@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'cp852'}}, {@iocharset={'iocharset', 0x3d, 'cp862'}}, {@fat=@codepage={'codepage', 0x3d, '1250'}}, {@rodir}, {@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'default'}}, {@numtail}, {@rodir}, {@uni_xlateno}, {@utf8no}, {@rodir}, {@numtail}, {@utf8}, {@numtail}, {@shortname_lower}]}, 0x25, 0x336, &(0x7f0000004200)="$eJzs3T1sW9UXAPDjviROI/VvD3+pgsmwIaGqCWKAKVFVpIoMUGTxtWDRlI/YVIqFpTDE9QJiBLEgwcTWAcbOiAEhNgZWioQKiIVulVrxkP1e7OeP0BThlI/fb4iOzj3H976Xq/glSm5eWo/tC4tx8caN67G8XIqF9TPrcbMU1TgWSWQuBwDwb3IzTePXNHPn6vdX9qOlOa8LAJifwfv/KydGifK9XA0AcBQO+f3/UzOzl+a2LABgjqbe/x8cG574Mf/C8HcCAIB/rmeef+HJjc2I87XackTrnU69U4/HR+MbF+O1aMZWnI5K3I7IHhSyp4X+xyfObZ49Xev7sRr1fkenHtHqdurZk8JGMugvx2pUopr3p8P+pN+/OuivRcTl7mD+aJU69cVYyef/biW2Yi0q8f+p/ohzm2fXavkL1Fv7/d2IXizvX0R//aeiEt+8HJeiGRei3zta/95qrXYm3Rzr71wpD+oAAAAAAAAAAAAAAAAAAAAAAGAeTtWGqsPzb9JWt/P2+cmC6tj5OPVsOD8fqJedD5SW90/neTeZPB9o/HyeTn0hjt3TKwcAAAAAAAAAAAAAAAAAAIC/j/buUjSaza2d9u5b28WgW8i88dWnXxyPyZrXk1EmFrKXG6vJc1HoSmLYng7b02SsJg+SiFHxlavDFRdrysOrmGrvB+WpoVK+pkazeeKBHz6a1fXbKJPE1G0ZD0r5/IWh1v+y1B90HRys3aHmWpqmB7XvfTjdFaWIhalP3F8RfHn91fseaZ98dJD5PD/04aGHK89e++CTn7cbzchvTbO5tNO+nf7puZLC/inl97k0YyfMDnqjTG+nvdtIvv3lufvf+3qiOJm9f9Ji5s2D5/psMrOUBf1lHuZKF2ds/tnBi7eGu/fub+bJj9cbV/e+/+mwXYUvEg7qAAAAAAAAAAAAAAAAAACAI1H4W/G78NjT81sRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABy90f//LwS9qcxhglvdmB4qb+20D5z8+JFeKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2G/BwAA//9pxHjs") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) 1m26.180223212s ago: executing program 6 (id=6072): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)={{0x12, 0x1, 0x250, 0x18, 0x3b, 0x92, 0x20, 0x13b1, 0x42, 0x5816, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0xfd, 0xa, 0xc0, 0x5, [{{0x9, 0x4, 0x4f, 0x40, 0x1, 0xef, 0xf0, 0x4c, 0x4, [], [{{0x9, 0x5, 0x3, 0x3, 0x400, 0x62, 0x3, 0x8}}]}}]}}]}}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 1m25.923714462s ago: executing program 0 (id=6073): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff0408000340000000283c0000000c0a050000000000000000000a0000000900020073797a31000000000900010073797a300000000010000380"], 0xd0}}, 0x0) 1m25.673004743s ago: executing program 0 (id=6074): r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ec7000/0x3000)=nil, 0x3000, 0x200000b, 0x401d031, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x104, &(0x7f0000000040)=0x800000, 0x0, 0x4) 1m25.441696382s ago: executing program 0 (id=6075): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) inotify_rm_watch(0xffffffffffffffff, 0x0) 1m25.253594447s ago: executing program 4 (id=6076): r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000101c0)={'ip6gre0\x00', &(0x7f0000010140)={'ip6_vti0\x00', 0x0, 0x4, 0x20, 0x0, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x20, 0x10, 0x7, 0x8}}) 1m25.16295177s ago: executing program 0 (id=6077): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) getsockopt$bt_hci(r0, 0x84, 0x6d, 0x0, 0x0) 1m24.859035156s ago: executing program 0 (id=6078): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x1a, 0x10, &(0x7f0000000b40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000002dd0000b70300000800000085000000a500000095"], &(0x7f0000000300)='GPL\x00', 0x9, 0xff8, &(0x7f0000001e00)=""/4088, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 1m24.573400898s ago: executing program 0 (id=6079): r0 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8b0f, &(0x7f0000000000)={'virt_wifi0\x00', @random="8dffffff0600"}) 1m24.28288261s ago: executing program 6 (id=6080): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newtaction={0x78, 0x30, 0xb, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ct={0x60, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x7}, @TCA_CT_LABELS_MASK={0x14, 0x8, "2f6fe29659ae06f5aa3843f88f2a3e34"}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0) 1m14.069023814s ago: executing program 34 (id=6052): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9c3}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'team_slave_1\x00'}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0) 1m13.685298044s ago: executing program 35 (id=6053): r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90d, 0x9, '\x00', @p_u8=&(0x7f0000000040)}}) 1m13.065468773s ago: executing program 36 (id=6057): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000001c0)=ANY=[@ANYBLOB="8c00000013000500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300766c616e300000000000000000000000080004000000000034002b8008000100", @ANYRES32, @ANYBLOB='\b\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\b\x00\b\x00', @ANYRES32, @ANYBLOB='\b\x00\b\x00', @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="06002400600600000a000100aaaaaaaaaa30"], 0x8c}}, 0x0) 1m10.096831838s ago: executing program 37 (id=6076): r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000101c0)={'ip6gre0\x00', &(0x7f0000010140)={'ip6_vti0\x00', 0x0, 0x4, 0x20, 0x0, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x20, 0x10, 0x7, 0x8}}) 1m9.114722334s ago: executing program 38 (id=6079): r0 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8b0f, &(0x7f0000000000)={'virt_wifi0\x00', @random="8dffffff0600"}) 1m9.02088289s ago: executing program 39 (id=6080): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newtaction={0x78, 0x30, 0xb, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ct={0x60, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x7}, @TCA_CT_LABELS_MASK={0x14, 0x8, "2f6fe29659ae06f5aa3843f88f2a3e34"}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0) 16.725169318s ago: executing program 1 (id=6210): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x1f5d00c4, 0xfffffffd, 0x0, 0x0, 0x0, 0x2000]}}) 16.553470044s ago: executing program 1 (id=6211): r0 = openat$sequencer2(0xffffff9c, &(0x7f0000000000), 0x4ac00, 0x0) ioctl$SNDCTL_TMR_TIMEBASE(r0, 0xc0045401, &(0x7f0000000100)=0x65) 16.374695824s ago: executing program 1 (id=6212): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x3810744, &(0x7f00000001c0)={[{@noauto_da_alloc}, {@minixdf}, {@prjquota}, {@init_itable}, {@grpquota}, {@noinit_itable}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x400000}}, {@i_version}, {@sb={'sb', 0x3d, 0x1}}]}, 0xff, 0x451, &(0x7f0000000d00)="$eJzs281vVFUbAPDn3pkCL/DSivgBglbR2PjR0oLKwo1GExeamOgCl7UtBBmooTUR0mg1BpeGxL1xaeJf4MqVUVcmbnVvSIg2JqAbx9yZe9vOdKb0Y8pU5vdLBs6Ze+ae8+Tcc+fMOb0B9KzB7J8kYm9E/BIR/fVsY4HB+n83F+Ym/lqYm0iiWn3j96RW7sbC3ERRtPjcnjwzlEaknyR5JY1mLl0+N16pTF3M8yOz598dmbl0+emz58fPTJ2ZujB28uSJ46PPPTv2TEfizNp049AH04cPvvLW1dcmTl19+4evs/bee6R+fHkcnTKYBf5Htab52GOdrqzL/qkuxZmUu90a1qoUEVl39dXGf3+UYqnz+uPlj7vaOGBLZffsne0Pz1eBO1gS3W4B0B3FF332+7d43aapx7Zw/YX6D6As7pv5q36kHGlepm8L6x+MiFPzf3+RvaJpHaLaYt0AAGCzvs3mP0+tnP/V9kaWlUvyvaGBiLgrIvZHxN0RcSAi7snL3hcR96+z/uatoZXzz/TaBkNbk2z+93y+t9U4/ytmfzFQynP/r8Xfl5w+W5k6FhH7ImIo+nZm+dFWJy9O8dLPn7Wrf/n8L3tl9Rdzwfwk18pNC3ST47PjnZqUXv8o4lC5VfzJ4k5A1vcHI+LQ+k69r0icfeKrw+0K3Tr+VXRgn6n6ZcTj9f6fj6b4C8nq+5Mju6IydWykuCpW+vGnK6+3q39T8XdA1v+7G6//phL9fybL92tn1l/HlV8/bfubsrzB639H8mZtz3pH/t7747OzF0cjdiSv1vIN748tfbbIF+Wz+IeOth7/+/PPZPE/EBHZRXwkIh6MiIfyvns4Ih6JiKOrxP/9i4++0+7Yduj/yZb3v8Xrf6Cx/9efKJ377pt29a/t/neilhrK36nd/26hfXN25SU2ejUDAADAf08aEXsjSYcX02k6PFz/e/kDsTutTM/MPnl6+r0Lk/VnBAaiLy1WuvqXrYeOJvP5Gev5sXytuDh+PF83/rz0v1p+eGK6Mtnl2KHX7Wkz/jO/lbrdOmDLeV4Lelfz+E+71A7g9vP9D73L+IfeZfxD72o1/j9sytsLgDuT73/oXcY/9C7jH3qX8Q89aTPP9W9VorzK0/sS2yUR6bZohkSLRLkDo7vLNyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAO+TcAAP//uZjx6g==") mknod(&(0x7f0000000080)='./file0\x00', 0x8001420, 0x0) 15.955622393s ago: executing program 1 (id=6213): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0xa, 0x20, 0x9, 0x7, 0x0, 0x70bd2d, 0x25dfdbfd, [@sadb_x_filter={0x5, 0x1a, @in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0xe195d7631088e587, 0x14}]}, 0x38}}, 0x20008060) 15.710738313s ago: executing program 1 (id=6214): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x804000, &(0x7f0000000040)={[{@errors_remount}, {@noauto_da_alloc}, {@delalloc}, {@nobh}, {@dioread_lock}]}, 0x3, 0x4c0, &(0x7f0000000540)="$eJzs3VFrXFkdAPD/vUlq2qYmVR9qwRq0khbtTNLYNvjQVhB9Kqj1PcZkEkImmZCZtE0okuIHEERU9MknXwQ/gCD9CCIU9F2WZZey23Yf9mF3Z7kzd9psmCTtNpnpZn4/OLnn3Hsz//+ZYc7MmXu5N4CeNRoRNyOiLyIuRsRwvj7NS2w1S7bf0yf3Z7OSRL1++70kknxd67GSfHky/7fBiPj5TyJ+lSTNFdtUNzaXZsrl0lreLtaWV4vVjc1Li8szC6WF0srk5MTVqWtTV6bGD6yv13/09h9++7cfX//X9+7+f/rdC7/O8h3Kt23vx0FqPicDjeeipT8i1g4jWBf05f0Z6HYiAAC8lOw7/lci4lsR8ezP3c4GAAAAOAz1G0PxURJRBwAAAI6stHEObJIW8nMBhiJNC4XmObxfixtRrlRr352vrK/MNc+VHYmBdH6xXBrPzxUeiYEka0806i/al3e0JyPidET8fvh4o12YrZTnuv3jBwAAAPSIbJ4/lDbr2eKD4eb8HwAAADhiRrqdAAAAAHDozP8BAADg6Nt1/p/0dzYRAAAA4DD89NatrNRb97+eu7OxvlS5c2muVF0qLK/PFmYra6uFhUploXHNvuX9Hq9cqax+P1bW7xVrpWqtWN3YnF6urK/Uphv39Z4uuU80AAAAdN7pbz78XxIRWz843iiZY/k2c3U42tJX2z05rDyAzuvrdgJA1zjBF3qXOT6w38R+sEN5AAAAh2fs647/Q696xeP/wBHi+D/0Lsf/oXeZ4wOf+/j/vw8+FwAA4HAMNUqSFvJjgUORpoVCxKnGbQEGkvnFcmk8Ir4cEf8dHvhS1p7odtIAAAAAAAAAAAAAAAAAAAAAAAAA8AVTrydRBwAAAI60iPSdJL//19jw+aGdvw8cSz4cbiwj4u5fbv/x3kyttjaRrX//+fran/L1l7vxCwYAAACwU2ue3prHAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBBevrk/myrdDLu4x9GxEi7+P0x2FgOxkBEnHiWRP+2/0siou8A4m89iIgz7eInWVoxkmexM34aEcc7FL9d/7P4Jw8gPvSyh9n4c7Pd+y+N0cay/fu/Py+v6/HobuNf+nz869tl/Du1z2Mfy5dnH/2juGv8BxFn+9uPP634yWuOv7/8xebmbtvqf40Ya/v5k3wmVrG2vFqsbmxeWlyeWSgtlFYmJyeuTl2bujI1XpxfLJfyv21j/O4b//xkr/6f2CX+yD79P7+tvddz8fGje0++ukf8C99u//qf2SN+Fu87+edAtn2sVd9q1rc79/f/nNur/3O79H+/1//CHn3e7uLPfvPWS+4KAHRAdWNzaaZcLq29TCWNV9hZ5TUro29GGiq9WckHiMEuD1AAAMCBefGlv9uZAAAAAAAAAAAAAAAAAAAAQO/qxOXEtsdzOTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4E31aQAAAP//YGHTsw==") lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f00000002c0), 0x24, 0x0) 15.412098636s ago: executing program 1 (id=6215): r0 = socket$inet6(0xa, 0x3, 0xff) sendmmsg$inet6(r0, &(0x7f0000001b40)=[{{&(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c, 0x0}}], 0x1, 0x20000890) 0s ago: executing program 40 (id=6215): r0 = socket$inet6(0xa, 0x3, 0xff) sendmmsg$inet6(r0, &(0x7f0000001b40)=[{{&(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c, 0x0}}], 0x1, 0x20000890) kernel console output (not intermixed with test programs): 546.098590][T17550] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 546.187911][T17609] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4888'. [ 546.249802][T17609] netlink: 156 bytes leftover after parsing attributes in process `syz.3.4888'. [ 546.450625][T17550] XFS (loop0): Ending clean mount [ 546.515629][T17624] IPv6: Can't replace route, no match found [ 546.845579][ T5836] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 546.966576][T17645] xt_socket: unknown flags 0x50 [ 547.458340][T17665] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4912'. [ 547.467457][T17665] openvswitch: netlink: EtherType 0 is less than min 600 [ 547.550271][T17673] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4919'. [ 547.708834][T17669] loop4: detected capacity change from 0 to 4096 [ 547.934325][T17680] loop5: detected capacity change from 0 to 512 [ 547.976574][T17680] EXT4-fs: Ignoring removed nobh option [ 548.033925][T17660] loop0: detected capacity change from 0 to 32768 [ 548.060604][T17669] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 548.086051][T17680] EXT4-fs (loop5): mounted filesystem 00800000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 548.140975][T17660] gfs2: can't find protocol dlm [ 548.214916][T17680] EXT4-fs error (device loop5): ext4_generic_delete_entry:2680: inode #2: block 3: comm syz.5.4921: bad entry in directory: rec_len is too small for name_len - offset=24, inode=11, rec_len=20, size=4096 fake=0 [ 548.270648][ T8] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 548.306812][T17695] loop6: detected capacity change from 0 to 256 [ 548.333192][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 548.475593][T17695] exFAT-fs (loop6): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 548.476901][ T5145] Bluetooth: hci2: unexpected event for opcode 0x1003 [ 548.530193][T17680] EXT4-fs (loop5): Remounting filesystem read-only [ 548.572562][ T8] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 548.582746][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.590233][T17680] EXT4-fs warning (device loop5): ext4_rename_delete:3733: inode #2: comm syz.5.4921: Deleting old file: nlink 4, error=-117 [ 548.602755][ T8] usb 4-1: Product: syz [ 548.609139][ T8] usb 4-1: Manufacturer: syz [ 548.619064][ T8] usb 4-1: SerialNumber: syz [ 548.653394][ T8] usb 4-1: config 0 descriptor?? [ 548.843615][ T5841] EXT4-fs (loop5): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 548.903169][ T9] usb 4-1: USB disconnect, device number 94 [ 548.960798][T17710] CIFS: iocharset name too long [ 549.219152][ T5904] usb 1-1: new high-speed USB device number 90 using dummy_hcd [ 549.399515][ T5904] usb 1-1: Using ep0 maxpacket: 16 [ 549.406712][ T5904] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 549.457777][ T5904] usb 1-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76 [ 549.473137][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 549.509475][ T5904] usb 1-1: Product: syz [ 549.524068][ T5904] usb 1-1: Manufacturer: syz [ 549.528731][ T5904] usb 1-1: SerialNumber: syz [ 549.536019][T17697] loop2: detected capacity change from 0 to 32768 [ 549.557502][ T5904] usb 1-1: config 0 descriptor?? [ 549.569389][T17697] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4928 (17697) [ 549.647081][T17697] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 549.669662][T17697] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 549.691451][T17737] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4947'. [ 549.711911][T17697] BTRFS info (device loop2): using free-space-tree [ 549.867928][ T5904] usb 1-1: ignoring: not an USB2CAN converter [ 549.884827][T17751] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4950'. [ 549.943821][T17758] loop4: detected capacity change from 0 to 256 [ 550.089793][ T963] usb 1-1: USB disconnect, device number 90 [ 550.106514][ T5842] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 550.140396][ T5904] usb 6-1: new high-speed USB device number 88 using dummy_hcd [ 550.161253][T17763] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4952'. [ 550.189692][T17763] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4952'. [ 550.315982][ T5904] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 550.359754][ T5904] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 550.402122][ T5904] usb 6-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 550.433758][ T29] audit: type=1326 audit(529851.093:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17767 comm="syz.6.4956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85dcd7e719 code=0x7ffc0000 [ 550.458002][ T5904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 550.458036][ T5904] usb 6-1: Product: syz [ 550.458057][ T5904] usb 6-1: Manufacturer: syz [ 550.458077][ T5904] usb 6-1: SerialNumber: syz [ 550.468585][ T5904] usb 6-1: config 0 descriptor?? [ 550.473566][T17753] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 550.473703][T17753] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 550.499936][ T29] audit: type=1326 audit(529851.093:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17767 comm="syz.6.4956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85dcd7e719 code=0x7ffc0000 [ 550.511814][ T29] audit: type=1326 audit(529851.183:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17767 comm="syz.6.4956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7f85dcd7e719 code=0x7ffc0000 [ 550.511914][ T29] audit: type=1326 audit(529851.183:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17767 comm="syz.6.4956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85dcd7e719 code=0x7ffc0000 [ 550.511961][ T29] audit: type=1326 audit(529851.183:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17767 comm="syz.6.4956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85dcd7e719 code=0x7ffc0000 [ 550.699350][T17753] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 550.699497][T17753] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 550.768086][ C1] vkms_vblank_simulate: vblank timer overrun [ 550.917494][T17783] netlink: 'syz.2.4962': attribute type 8 has an invalid length. [ 550.942029][ T5904] Error reading MAC address [ 550.946125][ T5904] usb 6-1: USB disconnect, device number 88 [ 550.952777][T17782] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4961'. [ 551.864141][T17804] loop6: detected capacity change from 0 to 4096 [ 552.027559][T17804] ntfs3(loop6): Mark volume as dirty due to NTFS errors [ 552.395937][T17832] loop3: detected capacity change from 0 to 512 [ 552.478499][T17832] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 552.501949][T17832] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 552.516648][T17832] EXT4-fs (loop3): orphan cleanup on readonly fs [ 552.561648][T17832] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4984: bg 0: block 361: padding at end of block bitmap is not set [ 552.748435][T17848] loop6: detected capacity change from 0 to 8 [ 552.825230][T17853] xt_HMARK: spi-set and port-set can't be combined [ 552.860178][T17832] EXT4-fs (loop3): Remounting filesystem read-only [ 552.870670][T17832] EXT4-fs (loop3): 1 truncate cleaned up [ 552.894924][T17854] loop2: detected capacity change from 0 to 1024 [ 552.938644][T17848] SQUASHFS error: Failed to read block 0x1ec: -5 [ 552.945705][T17848] SQUASHFS error: Unable to read metadata cache entry [1ea] [ 552.962620][T17832] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 553.154406][T17790] loop0: detected capacity change from 0 to 32768 [ 553.196743][T17790] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 553.213535][T17790] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 553.340035][T17832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 553.357729][T17790] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 553.381902][ T9] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 553.389310][ T9] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 553.508700][ T9] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 119ms [ 553.587233][ T9] gfs2: fsid=syz:syz.0: jid=0: Done [ 553.624322][T17886] Scaler: ================= START STATUS ================= [ 553.632293][T17886] Scaler: ================== END STATUS ================== [ 553.714295][T17790] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 554.379347][T17912] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5015'. [ 554.644225][T17926] netlink: 'syz.0.5018': attribute type 15 has an invalid length. [ 555.535376][T17969] loop0: detected capacity change from 0 to 128 [ 555.592482][ T9] usb 4-1: new high-speed USB device number 95 using dummy_hcd [ 555.810567][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 555.849206][ T9] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 555.922642][ T9] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 555.983570][ T9] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 556.082609][ T9] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 556.138117][ T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 556.163086][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 556.232591][ T9] usb 4-1: Product: syz [ 556.249648][ T9] usb 4-1: Manufacturer: syz [ 556.292817][ T9] usb 4-1: SerialNumber: syz [ 556.512078][T17999] loop6: detected capacity change from 0 to 1024 [ 556.551506][T17999] hfsplus: inconsistency in B*Tree (-1,0,1,1,0) [ 556.558353][T17999] hfsplus: failed to load root directory [ 556.797671][T17985] loop4: detected capacity change from 0 to 32768 [ 556.813459][ T1194] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 556.834801][ T9] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 556.945301][ T9] usb 4-1: USB disconnect, device number 95 [ 557.063221][ T1194] usb 7-1: Using ep0 maxpacket: 8 [ 557.089646][ T25] usb 6-1: new full-speed USB device number 89 using dummy_hcd [ 557.126807][ T1194] usb 7-1: config 0 has an invalid interface descriptor of length 8, skipping [ 557.136122][ T1194] usb 7-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 557.137241][ T6515] udevd[6515]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 557.146347][ T1194] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 557.146396][ T1194] usb 7-1: New USB device found, idVendor=05a9, idProduct=2640, bcdDevice=55.12 [ 557.180763][ T1194] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.180843][T18022] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 557.205957][ T1194] usb 7-1: config 0 descriptor?? [ 557.306784][ T25] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 557.317136][ T25] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 557.342004][ T25] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 557.390063][ T25] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 557.463287][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.572657][T18012] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 557.580074][ T5904] usb 7-1: USB disconnect, device number 4 [ 557.589772][ T25] hub 6-1:1.0: bad descriptor, ignoring hub [ 557.595897][ T25] hub 6-1:1.0: probe with driver hub failed with error -5 [ 557.603767][ T25] cdc_wdm 6-1:1.0: skipping garbage [ 557.608993][ T25] cdc_wdm 6-1:1.0: skipping garbage [ 557.631598][ T25] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 557.637663][ T25] cdc_wdm 6-1:1.0: Unknown control protocol [ 557.775362][ T5857] Bluetooth: hci1: command 0x0405 tx timeout [ 557.881797][T18046] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5067'. [ 557.913778][ T25] usb 6-1: USB disconnect, device number 89 [ 558.049522][T18051] trusted_key: encrypted_key: keylen parameter is missing [ 558.068851][T18053] netlink: 'syz.0.5069': attribute type 8 has an invalid length. [ 558.218343][T18057] loop6: detected capacity change from 0 to 128 [ 558.290608][T18057] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 558.515028][T18057] EXT4-fs (loop6): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w. Quota mode: none. [ 558.679919][T14704] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 558.739224][T18081] netlink: 'syz.2.5083': attribute type 11 has an invalid length. [ 558.929915][T18062] loop3: detected capacity change from 0 to 32768 [ 559.213286][T18101] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5091'. [ 559.238768][T18062] XFS (loop3): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 559.506084][T18113] loop6: detected capacity change from 0 to 4096 [ 559.533681][T18113] EXT4-fs: Ignoring removed nobh option [ 559.538280][T18062] XFS (loop3): Ending clean mount [ 559.556179][T18117] loop5: detected capacity change from 0 to 256 [ 559.589341][T18062] XFS (loop3): Quotacheck needed: Please wait. [ 559.616375][T18113] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 559.663883][T18117] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 559.705874][T18062] XFS (loop3): Quotacheck: Done. [ 559.757408][T18113] Quota error (device loop6): find_block_dqentry: Quota for id 0 referenced but not present [ 559.820218][T18122] loop0: detected capacity change from 0 to 64 [ 559.829136][T18113] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0 [ 559.859917][T18113] EXT4-fs error (device loop6): ext4_acquire_dquot:6879: comm syz.6.5096: Failed to acquire dquot type 1 [ 559.922970][T18124] overlay: Unknown parameter 'reiser\s\' [ 559.929268][ T5834] XFS (loop3): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 560.012404][T18086] loop4: detected capacity change from 0 to 32768 [ 560.119248][T14704] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 560.207445][T18128] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5104'. [ 560.222104][T18126] openvswitch: netlink: Message has 1 unknown bytes. [ 560.416415][T18134] loop6: detected capacity change from 0 to 256 [ 560.497460][T18136] loop4: detected capacity change from 0 to 64 [ 560.534326][T18109] loop2: detected capacity change from 0 to 32768 [ 560.535957][T18134] FAT-fs (loop6): Directory bread(block 64) failed [ 560.553384][T18109] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.5092 (18109) [ 560.585559][T18134] FAT-fs (loop6): Directory bread(block 65) failed [ 560.643315][T18136] syz.4.5106: attempt to access beyond end of device [ 560.643315][T18136] loop4: rw=0, sector=2590, nr_sectors = 2 limit=64 [ 560.655927][T18134] FAT-fs (loop6): Directory bread(block 66) failed [ 560.663399][T18136] Buffer I/O error on dev loop4, logical block 1295, async page read [ 560.692477][T18134] FAT-fs (loop6): Directory bread(block 67) failed [ 560.701568][T18109] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 560.728700][T18134] FAT-fs (loop6): Directory bread(block 68) failed [ 560.735147][T18109] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 560.757546][T18109] BTRFS info (device loop2): using free-space-tree [ 560.777236][T18134] FAT-fs (loop6): Directory bread(block 69) failed [ 560.778079][T18136] syz.4.5106: attempt to access beyond end of device [ 560.778079][T18136] loop4: rw=0, sector=2590, nr_sectors = 2 limit=64 [ 560.827449][T18134] FAT-fs (loop6): Directory bread(block 70) failed [ 560.845619][T18136] Buffer I/O error on dev loop4, logical block 1295, async page read [ 560.854203][ T29] audit: type=1800 audit(529861.508:121): pid=18136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5106" name="file2" dev="loop4" ino=6 res=0 errno=0 [ 560.865079][T18134] FAT-fs (loop6): Directory bread(block 71) failed [ 560.898085][T18134] FAT-fs (loop6): Directory bread(block 72) failed [ 560.912186][T18134] FAT-fs (loop6): Directory bread(block 73) failed [ 561.456964][T18168] loop4: detected capacity change from 0 to 256 [ 561.464179][T18168] vfat: Bad value for 'uid' [ 561.469040][T18168] vfat: Bad value for 'uid' [ 561.917733][ T5842] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 561.970148][T18184] QAT: failed to copy from user cfg_data. [ 562.073316][ T9] usb 6-1: new high-speed USB device number 90 using dummy_hcd [ 562.249322][ T9] usb 6-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 562.263610][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.309346][ T9] usb 6-1: Product: syz [ 562.313564][ T9] usb 6-1: Manufacturer: syz [ 562.357473][ T9] usb 6-1: SerialNumber: syz [ 562.512607][ T9] usb 6-1: config 0 descriptor?? [ 562.745342][ T9] mos7840 6-1:0.0: required endpoints missing [ 562.878515][T18219] loop3: detected capacity change from 0 to 16 [ 562.886789][ T25] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 562.896230][T18219] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 562.963905][ T9] usb 6-1: USB disconnect, device number 90 [ 563.047666][T18225] netlink: 'syz.4.5142': attribute type 3 has an invalid length. [ 563.090168][ T25] usb 3-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 563.126201][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.163603][ T25] usb 3-1: config 0 descriptor?? [ 563.210017][ T25] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input53 [ 563.303206][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.309710][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.445543][T18237] loop0: detected capacity change from 0 to 8 [ 563.505055][T18237] SQUASHFS error: Corrupted symlink [ 563.539030][ T5904] usb 3-1: USB disconnect, device number 91 [ 563.573691][T18240] loop6: detected capacity change from 0 to 256 [ 563.597612][T18240] exfat: Deprecated parameter 'utf8' [ 563.600179][T18241] syz.4.5150: attempt to access beyond end of device [ 563.600179][T18241] nbd4: rw=0, sector=2, nr_sectors = 2 limit=0 [ 563.643706][T18240] exfat: Deprecated parameter 'utf8' [ 563.650572][T18241] MINIX-fs: unable to read superblock [ 563.702863][T18244] loop5: detected capacity change from 0 to 512 [ 563.742191][T18244] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 563.763986][T18244] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 563.771114][T18240] exFAT-fs (loop6): failed to load upcase table (idx : 0x00011ded, chksum : 0x9858084d, utbl_chksum : 0xe619d30d) [ 563.794680][T18244] EXT4-fs (loop5): orphan cleanup on readonly fs [ 563.839368][T18248] tmpfs: Group quota block hardlimit too large. [ 563.850314][T18244] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.5151: bg 0: block 361: padding at end of block bitmap is not set [ 563.869603][T18250] loop3: detected capacity change from 0 to 512 [ 563.906754][T18244] EXT4-fs (loop5): Remounting filesystem read-only [ 563.916019][T18252] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5154'. [ 563.916639][T18244] EXT4-fs (loop5): 1 truncate cleaned up [ 563.941139][T18244] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 563.976128][T18250] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 564.044709][T18244] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 564.164733][T18250] EXT4-fs error (device loop3): ext4_xattr_block_find:1877: inode #15: comm syz.3.5153: corrupted xattr block 33: invalid ea_ino [ 564.333492][T18266] netlink: 'syz.6.5160': attribute type 2 has an invalid length. [ 564.361593][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 564.393973][T18271] openvswitch: netlink: Actions may not be safe on all matching packets [ 564.607586][T18275] loop5: detected capacity change from 0 to 1024 [ 565.016822][T18295] netlink: 'syz.0.5171': attribute type 1 has an invalid length. [ 565.025642][T18295] netlink: 244 bytes leftover after parsing attributes in process `syz.0.5171'. [ 565.297229][ T5904] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 565.389914][T18263] loop2: detected capacity change from 0 to 32768 [ 565.416078][T18263] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.5158 (18263) [ 565.450020][T18263] BTRFS info (device loop2): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 565.473463][ T5904] usb 7-1: config 0 has an invalid interface number: 242 but max is 0 [ 565.479531][T18263] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 565.496107][ T5904] usb 7-1: config 0 has no interface number 0 [ 565.505471][T18263] BTRFS info (device loop2): using free-space-tree [ 565.583342][ T5904] usb 7-1: New USB device found, idVendor=0403, idProduct=bdc8, bcdDevice=cb.ec [ 565.592517][ T5904] usb 7-1: New USB device strings: Mfr=1, Product=142, SerialNumber=70 [ 565.600993][ T5904] usb 7-1: Product: syz [ 565.605180][ T5904] usb 7-1: Manufacturer: syz [ 565.610018][ T5904] usb 7-1: SerialNumber: syz [ 565.619046][ T5904] usb 7-1: config 0 descriptor?? [ 565.626889][ T5904] ftdi_sio 7-1:0.242: FTDI USB Serial Device converter detected [ 565.635374][ T5904] ftdi_sio ttyUSB0: unknown device type: 0xcbec [ 565.842415][ T5904] usb 7-1: USB disconnect, device number 5 [ 565.852774][ T5904] ftdi_sio 7-1:0.242: device disconnected [ 565.968497][T18337] netlink: 2 bytes leftover after parsing attributes in process `syz.0.5186'. [ 566.074954][ T5842] BTRFS info (device loop2): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 566.101629][T18340] loop3: detected capacity change from 0 to 1024 [ 566.137816][T18340] EXT4-fs: Ignoring removed orlov option [ 566.187727][T18340] EXT4-fs: Ignoring removed nomblk_io_submit option [ 566.245148][T18340] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84ec018, mo2=0002] [ 566.284736][T18340] System zones: 0-1, 3-36 [ 566.331648][T18347] netlink: set zone limit has 4 unknown bytes [ 566.338483][T18340] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 566.578160][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 566.773075][ T5897] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 566.962355][ T5897] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 566.982502][ T5897] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 567.034416][ T5897] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 567.061670][T18365] netlink: 48 bytes leftover after parsing attributes in process `syz.5.5197'. [ 567.078223][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.098244][ T5897] usb 3-1: Product: syz [ 567.102517][ T5897] usb 3-1: Manufacturer: syz [ 567.114609][ T5897] usb 3-1: SerialNumber: syz [ 567.150470][ T5897] usb 3-1: config 0 descriptor?? [ 567.158727][T18351] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 567.188299][T18351] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 567.307635][T18370] loop5: detected capacity change from 0 to 1024 [ 567.390289][T18370] hfsplus: keylen 65060 too large [ 567.486612][T18351] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 567.538690][T18351] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 567.776587][ T5897] Error reading MAC address [ 567.806906][T18383] netlink: 'syz.5.5206': attribute type 7 has an invalid length. [ 567.835273][ T5897] usb 3-1: USB disconnect, device number 92 [ 567.852676][T18383] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.5206'. [ 568.014886][T18361] loop6: detected capacity change from 0 to 32768 [ 568.382089][T18407] loop4: detected capacity change from 0 to 64 [ 568.539449][T18361] XFS (loop6): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 568.746079][T18427] qrtr: Invalid version 27 [ 568.850486][T18433] loop0: detected capacity change from 0 to 256 [ 568.923846][T18361] XFS (loop6): Ending clean mount [ 568.933554][T18361] XFS (loop6): Quotacheck needed: Please wait. [ 569.109124][T18361] XFS (loop6): Quotacheck: Done. [ 569.236388][T18445] loop5: detected capacity change from 0 to 2048 [ 569.266644][T14704] XFS (loop6): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 569.297017][T18452] netlink: 'syz.4.5238': attribute type 1 has an invalid length. [ 569.340475][T18452] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5238'. [ 569.459247][ T963] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 569.653839][ T963] usb 3-1: too many configurations: 159, using maximum allowed: 8 [ 569.694704][ T963] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 569.697878][T18466] loop4: detected capacity change from 0 to 1024 [ 569.715932][ T963] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 569.785448][ T963] usb 3-1: Product: syz [ 569.805058][ T963] usb 3-1: Manufacturer: syz [ 569.827931][ T963] usb 3-1: SerialNumber: syz [ 569.929679][T18470] loop6: detected capacity change from 0 to 64 [ 569.973692][ T61] hfsplus: b-tree write err: -5, ino 4 [ 569.989966][ T963] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 570.189450][ T9] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 570.505959][T18485] loop6: detected capacity change from 0 to 1024 [ 570.625513][ T5897] usb 3-1: USB disconnect, device number 93 [ 570.650068][ T5904] usb 6-1: new high-speed USB device number 91 using dummy_hcd [ 570.837210][ T5904] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 570.855766][ T5904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.877437][ T5904] usb 6-1: Product: syz [ 570.888941][ T5904] usb 6-1: Manufacturer: syz [ 570.901107][ T5904] usb 6-1: SerialNumber: syz [ 570.933514][ T5904] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 570.959600][ T1194] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 571.258106][ T9] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 571.287728][ T9] ath9k_htc: Failed to initialize the device [ 571.317388][ T5897] usb 3-1: ath9k_htc: USB layer deinitialized [ 571.349408][T18480] loop0: detected capacity change from 0 to 32768 [ 571.428431][T18480] XFS (loop0): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 571.467343][ T25] usb 6-1: USB disconnect, device number 91 [ 571.659332][T18480] XFS (loop0): Ending clean mount [ 571.690111][T18480] XFS (loop0): Quotacheck needed: Please wait. [ 571.746102][T18487] loop4: detected capacity change from 0 to 32768 [ 571.823882][T18480] XFS (loop0): Quotacheck: Done. [ 571.858225][T18487] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 571.919224][T18516] Cannot find add_set index 0 as target [ 572.002215][T18487] OCFS2: ERROR (device loop4): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has bit count 512 but claims that 2046 are free [ 572.031575][ T1194] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 572.055254][ T1194] ath9k_htc: Failed to initialize the device [ 572.068603][ T5836] XFS (loop0): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 572.107836][T18487] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 572.111364][ T25] usb 6-1: ath9k_htc: USB layer deinitialized [ 572.137949][T18487] OCFS2: File system is now read-only. [ 572.187501][T18487] (syz.4.5254,18487,0):ocfs2_search_chain:1814 ERROR: status = -30 [ 572.214475][T18523] netlink: 'syz.2.5268': attribute type 25 has an invalid length. [ 572.231909][T18487] (syz.4.5254,18487,0):ocfs2_search_chain:1926 ERROR: status = -30 [ 572.240134][T18487] (syz.4.5254,18487,0):ocfs2_claim_suballoc_bits:1995 ERROR: status = -30 [ 572.289356][T18523] netlink: 'syz.2.5268': attribute type 44 has an invalid length. [ 572.330998][T18487] (syz.4.5254,18487,0):ocfs2_claim_suballoc_bits:2038 ERROR: status = -30 [ 572.360654][T18487] (syz.4.5254,18487,0):ocfs2_claim_new_inode:2273 ERROR: status = -30 [ 572.370998][T18487] (syz.4.5254,18487,0):ocfs2_claim_new_inode:2288 ERROR: status = -30 [ 572.389772][T18527] loop6: detected capacity change from 0 to 1024 [ 572.428082][T18527] hfsplus: bad catalog entry type [ 572.450922][T18487] (syz.4.5254,18487,1):ocfs2_mknod_locked:637 ERROR: status = -30 [ 572.476452][T18487] (syz.4.5254,18487,1):ocfs2_mknod:383 ERROR: status = -30 [ 572.531856][T18487] (syz.4.5254,18487,1):ocfs2_mknod:500 ERROR: status = -30 [ 572.573569][T18487] (syz.4.5254,18487,1):ocfs2_create:674 ERROR: status = -30 [ 572.603977][ T3470] hfsplus: b-tree write err: -5, ino 4 [ 572.754734][ T5847] ocfs2: Unmounting device (7,4) on (node local) [ 572.786490][T18536] loop2: detected capacity change from 0 to 64 [ 573.194441][T18543] loop0: detected capacity change from 0 to 4096 [ 573.322557][T18543] ntfs3(loop0): try to read out of volume at offset 0x3fffffc7000 [ 573.340648][T18531] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 573.981026][T18567] loop0: detected capacity change from 0 to 8 [ 574.155187][T18541] loop3: detected capacity change from 0 to 32768 [ 574.178332][T18545] loop6: detected capacity change from 0 to 32768 [ 574.209435][T18541] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.5276 (18541) [ 574.334406][T18545] BTRFS: device /dev/loop6 (7:6) using temp-fsid a3bc02f4-0588-4d36-9791-eb923d3ceaef [ 574.355293][T18541] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 574.384468][T18545] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.5279 (18545) [ 574.396440][T18579] loop4: detected capacity change from 0 to 512 [ 574.401754][T18541] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm [ 574.465464][T18579] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 574.468221][T18541] BTRFS info (device loop3): using free-space-tree [ 574.485300][T18545] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 574.513204][T18581] netlink: 'syz.2.5296': attribute type 3 has an invalid length. [ 574.597494][T18545] BTRFS info (device loop6): using sha256 (sha256-ni) checksum algorithm [ 574.631855][T18545] BTRFS info (device loop6): using free-space-tree [ 574.780872][T18579] EXT4-fs error (device loop4): ext4_empty_dir:3096: inode #12: block 32: comm syz.4.5295: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 574.998046][T18579] EXT4-fs warning (device loop4): ext4_empty_dir:3098: inode #12: comm syz.4.5295: directory missing '.' [ 575.069194][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 575.128237][T18613] loop5: detected capacity change from 0 to 256 [ 575.393493][ T5834] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 575.553983][T18638] netlink: 224 bytes leftover after parsing attributes in process `syz.5.5308'. [ 575.722798][T14704] BTRFS info (device loop6): last unmount of filesystem a3bc02f4-0588-4d36-9791-eb923d3ceaef [ 576.006321][T18649] loop0: detected capacity change from 0 to 1024 [ 576.016913][T18647] xt_bpf: check failed: parse error [ 576.384444][T18659] loop5: detected capacity change from 0 to 256 [ 576.391430][T18659] exfat: Deprecated parameter 'utf8' [ 576.411909][T18659] exfat: Deprecated parameter 'utf8' [ 576.480232][T18659] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 576.512806][ T9] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 576.687062][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 576.714763][ T9] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 576.740974][ T9] usb 5-1: config 0 has no interface number 0 [ 576.764746][ T9] usb 5-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 576.775185][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.797974][ T9] usb 5-1: Product: syz [ 576.802173][ T9] usb 5-1: Manufacturer: syz [ 576.843257][ T9] usb 5-1: SerialNumber: syz [ 576.913508][ T9] usb 5-1: config 0 descriptor?? [ 577.030057][T18678] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.5325'. [ 577.150855][ T9] usb 5-1: selecting invalid altsetting 1 [ 577.185244][ T9] speedtch 5-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 577.217766][ T9] speedtch 5-1:0.1: usbatm_usb_probe: bind failed: -22! [ 577.262602][ T9] speedtch 5-1:0.1: probe with driver speedtch failed with error -22 [ 577.281767][ T9] usb 5-1: USB disconnect, device number 84 [ 577.504973][T18696] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5333'. [ 577.684034][T18704] netlink: 'syz.2.5337': attribute type 10 has an invalid length. [ 577.692241][T18704] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.5337'. [ 577.887851][T18710] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5339'. [ 578.263514][T18723] loop0: detected capacity change from 0 to 2048 [ 578.485726][T18731] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 578.740186][T18723] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 8796093022222 [ 578.762265][T18723] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=16) [ 578.873052][T18748] gre1: entered promiscuous mode [ 578.878366][T18748] gre1: entered allmulticast mode [ 578.949927][T18742] loop5: detected capacity change from 0 to 4096 [ 579.029831][T18723] Remounting filesystem read-only [ 579.064061][T18723] NILFS (loop0): error -5 truncating bmap (ino=16) [ 579.112678][T18742] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512). [ 579.137375][T18758] loop4: detected capacity change from 0 to 4096 [ 579.260070][T18758] ntfs3(loop4): try to read out of volume at offset 0x3fffffc7000 [ 579.273226][ T5836] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 579.364381][ T5904] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 579.524407][ T5904] usb 7-1: Using ep0 maxpacket: 32 [ 579.553461][ T5904] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 579.583216][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 579.619297][T18772] unsupported nla_type 25944 [ 579.625461][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid maxpacket 8704, setting to 1024 [ 579.656945][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 579.696845][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 579.744005][ T5904] usb 7-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 579.784439][ T5904] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.831769][ T5904] usb 7-1: Product: syz [ 579.854408][ T5904] usb 7-1: Manufacturer: syz [ 579.859968][ T5904] usb 7-1: SerialNumber: syz [ 579.893463][ T5904] usb 7-1: config 0 descriptor?? [ 580.175325][T18791] loop5: detected capacity change from 0 to 512 [ 580.368263][ T5904] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 580.377341][T18798] loop4: detected capacity change from 0 to 164 [ 580.389554][ T5904] input input54: Device does not respond to id packet M [ 580.406973][ T5904] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 580.413211][ T5904] input input54: Device does not respond to id packet P [ 580.430216][T18798] rock: directory entry would overflow storage [ 580.437284][ T5904] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 580.451934][T18798] rock: sig=0x66, size=4, remaining=3 [ 580.457607][ T25] usb 6-1: new high-speed USB device number 92 using dummy_hcd [ 580.474296][ T5904] input input54: Device does not respond to id packet B [ 580.498438][ T5904] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 580.504833][T18798] rock: directory entry would overflow storage [ 580.511008][T18798] rock: sig=0x66, size=4, remaining=3 [ 580.535012][ T5904] input input54: Device does not respond to id packet N [ 580.550870][T18798] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 580.559741][ T5904] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 580.581013][ T5904] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 580.598323][ T5904] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 580.610614][ T5904] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 580.631503][ T5904] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input54 [ 580.643607][ T25] usb 6-1: Using ep0 maxpacket: 8 [ 580.669953][ T25] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 580.702187][ T25] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 580.742268][ T5904] usb 7-1: USB disconnect, device number 6 [ 580.762776][ T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 240, changing to 11 [ 580.818382][ T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 59246, setting to 1024 [ 580.861196][T18810] netlink: 'syz.3.5389': attribute type 1 has an invalid length. [ 580.873054][ T25] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 580.919636][ T25] usb 6-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 580.936113][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.975230][ T25] usb 6-1: Product: syz [ 580.979476][ T25] usb 6-1: Manufacturer: syz [ 580.984091][ T25] usb 6-1: SerialNumber: syz [ 581.059252][ T25] usb 6-1: config 0 descriptor?? [ 581.085663][T18791] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 581.233280][T18822] netlink: 'syz.3.5395': attribute type 1 has an invalid length. [ 581.264333][ T25] rc_core: IR keymap rc-imon-rsc not found [ 581.270675][ T25] Registered IR keymap rc-empty [ 581.277327][ T25] rc rc0: iMON Station as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 581.288136][ T25] input: iMON Station as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input55 [ 581.361265][ T963] usb 6-1: USB disconnect, device number 92 [ 581.383409][ T5904] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 581.576400][T18795] loop0: detected capacity change from 0 to 40427 [ 581.595282][T18795] F2FS-fs (loop0): Invalid log blocks per segment (4278190089) [ 581.600297][ T5904] usb 5-1: Using ep0 maxpacket: 16 [ 581.604058][T18795] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 581.618094][ T5904] usb 5-1: too many endpoints for config 1 interface 0 altsetting 7: 255, using maximum allowed: 30 [ 581.630826][T18795] F2FS-fs (loop0): invalid crc value [ 581.676483][T18795] F2FS-fs (loop0): Found nat_bits in checkpoint [ 581.692381][ T5904] usb 5-1: config 1 interface 0 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 581.748496][ T5904] usb 5-1: config 1 interface 0 altsetting 7 bulk endpoint 0x82 has invalid maxpacket 0 [ 581.758558][ T5897] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 581.789425][T18795] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 581.807447][T18795] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 581.809432][ T5904] usb 5-1: config 1 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 32 [ 581.843004][ T5904] usb 5-1: config 1 interface 0 altsetting 7 has 2 endpoint descriptors, different from the interface descriptor's value: 255 [ 581.847588][T18795] F2FS-fs (loop0): Corrupted max_depth of 3: 769 [ 581.879120][ T5904] usb 5-1: config 1 interface 0 has no altsetting 0 [ 581.887427][ T5904] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 581.896977][ T5904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 581.905106][ T5904] usb 5-1: SerialNumber: syz [ 581.908654][T18795] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 581.923054][T18814] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 581.955622][ T5897] usb 7-1: Using ep0 maxpacket: 16 [ 581.967653][ T5897] usb 7-1: config 0 has an invalid interface number: 105 but max is 0 [ 581.987625][ T5897] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 582.018373][ T5897] usb 7-1: config 0 has no interface number 0 [ 582.034853][ T5897] usb 7-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 582.052602][ T5897] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.066238][ T5897] usb 7-1: Product: syz [ 582.075900][ T5897] usb 7-1: Manufacturer: syz [ 582.100075][ T5897] usb 7-1: SerialNumber: syz [ 582.139098][ T5897] usb 7-1: config 0 descriptor?? [ 582.246787][ T963] usb 5-1: USB disconnect, device number 85 [ 582.273846][T18851] netlink: 'syz.5.5408': attribute type 39 has an invalid length. [ 582.302503][T18852] loop2: detected capacity change from 0 to 128 [ 582.345802][T18851] netlink: 'syz.5.5408': attribute type 4 has an invalid length. [ 582.364870][T18851] netlink: 152 bytes leftover after parsing attributes in process `syz.5.5408'. [ 582.382228][ T5897] usb 7-1: USB disconnect, device number 7 [ 582.491563][T18851] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 583.204621][T18883] loop3: detected capacity change from 0 to 64 [ 583.278050][T18884] loop2: detected capacity change from 0 to 256 [ 583.482635][T18884] exFAT-fs (loop2): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 583.759476][T18902] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5430'. [ 584.085050][T18919] loop4: detected capacity change from 0 to 256 [ 584.159452][T18922] netlink: 2 bytes leftover after parsing attributes in process `syz.3.5441'. [ 585.231938][T18948] loop5: detected capacity change from 0 to 32768 [ 585.668616][T18948] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 585.680445][T18966] loop0: detected capacity change from 0 to 2048 [ 585.796129][T14770] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 585.859298][T18948] XFS (loop5): Ending clean mount [ 585.890104][T18966] NILFS error (device loop0): nilfs_check_folio: bad entry in directory #2: unaligned directory entry - offset=32, inode=15564440312192434187, rec_len=11150, name_len=126 [ 585.930939][T18972] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 585.957113][T18966] Remounting filesystem read-only [ 586.001435][T18973] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5464'. [ 586.068993][ T5841] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 586.118943][T18977] netlink: 484 bytes leftover after parsing attributes in process `syz.6.5466'. [ 586.248669][ T5145] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 586.286330][ T5145] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 586.304373][ T5145] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 586.314600][ T5145] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 586.322526][ T5145] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 586.330353][ T5145] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 586.405398][T14770] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 586.476492][T18984] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5469'. [ 586.719192][T18995] TCP: TCP_TX_DELAY enabled [ 586.845681][T19001] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5477'. [ 586.969062][T14770] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.086384][ T25] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 587.232907][T14770] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.328743][ T25] usb 5-1: Using ep0 maxpacket: 32 [ 587.446788][ T25] usb 5-1: New USB device found, idVendor=17cc, idProduct=1010, bcdDevice=40.72 [ 587.459621][ T25] usb 5-1: New USB device strings: Mfr=1, Product=129, SerialNumber=0 [ 587.501385][ T25] usb 5-1: Product: syz [ 587.515787][ T25] usb 5-1: Manufacturer: syz [ 587.557814][ T25] usb 5-1: config 0 descriptor?? [ 587.706047][T14770] bridge_slave_1: left allmulticast mode [ 587.732757][T14770] bridge_slave_1: left promiscuous mode [ 587.734121][T19033] loop3: detected capacity change from 0 to 64 [ 587.794439][ T25] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -71 [ 587.798895][T14770] bridge0: port 2(bridge_slave_1) entered disabled state [ 587.804988][ T25] usb 5-1: USB disconnect, device number 86 [ 587.959504][T14770] bridge_slave_0: left allmulticast mode [ 587.995230][T14770] bridge_slave_0: left promiscuous mode [ 588.039876][T14770] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.121698][T19046] netlink: 'syz.5.5495': attribute type 1 has an invalid length. [ 588.137919][T19046] netlink: 'syz.5.5495': attribute type 2 has an invalid length. [ 588.414700][T19057] loop5: detected capacity change from 0 to 164 [ 588.439019][ T5857] Bluetooth: hci3: command tx timeout [ 588.494046][T19057] Unable to read rock-ridge attributes [ 588.505281][T19057] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 588.879061][ T25] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 589.060658][ T25] usb 7-1: Using ep0 maxpacket: 16 [ 589.070648][ T25] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x88 has invalid maxpacket 145 [ 589.098385][ T25] usb 7-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 589.109189][ T25] usb 7-1: New USB device strings: Mfr=181, Product=2, SerialNumber=3 [ 589.117404][ T25] usb 7-1: Product: syz [ 589.146114][ T25] usb 7-1: Manufacturer: syz [ 589.159031][ T25] usb 7-1: SerialNumber: syz [ 589.165830][ T25] usb 7-1: config 0 descriptor?? [ 589.183144][T19061] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 589.406842][ T25] keyspan 7-1:0.0: Keyspan 4 port adapter converter detected [ 589.415076][ T25] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 81 [ 589.437326][ T25] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 1 [ 589.450246][ T25] usb 7-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 589.474602][ T25] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 2 [ 589.491401][ T25] usb 7-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 589.512381][ T25] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 4 [ 589.521511][ T25] usb 7-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 589.541363][ T25] keyspan 7-1:0.0: found no endpoint descriptor for endpoint 6 [ 589.558776][ T25] usb 7-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 589.570492][ T25] usb 7-1: USB disconnect, device number 8 [ 589.580653][ T25] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 589.593655][ T25] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 589.605806][ T25] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 589.618109][ T25] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 589.654713][ T25] keyspan 7-1:0.0: device disconnected [ 589.695694][T19064] loop4: detected capacity change from 0 to 40427 [ 589.711283][T19064] F2FS-fs (loop4): invalid crc value [ 589.721039][T19064] F2FS-fs (loop4): Found nat_bits in checkpoint [ 589.774429][T14770] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 589.797582][T14770] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 589.824686][T14770] bond0 (unregistering): Released all slaves [ 589.893009][T19064] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 589.894574][T14770] bond1 (unregistering): Released all slaves [ 590.135882][T19088] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5516'. [ 590.239700][T19088] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5516'. [ 590.252091][T14770] : left promiscuous mode [ 590.454128][T18981] chnl_net:caif_netlink_parms(): no params data found [ 590.527934][ T5857] Bluetooth: hci3: command tx timeout [ 590.622108][T19106] loop3: detected capacity change from 0 to 4096 [ 590.648106][T19106] ntfs3(loop3): It is recommened to use chkdsk. [ 590.656480][T19106] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00 [ 590.702598][T19106] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00 [ 590.712033][T19106] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00 [ 590.721275][T19106] ntfs3(loop3): try to read out of volume at offset 0x3fffffc0c00 [ 590.729199][T19106] ntfs3(loop3): try to read out of volume at offset 0x3fffffc1c00 [ 590.737201][T19106] ntfs3(loop3): try to read out of volume at offset 0x3fffffc2c00 [ 590.745211][T19106] ntfs3(loop3): try to read out of volume at offset 0x3fffffc4c00 [ 590.753938][T19106] ntfs3(loop3): try to read out of volume at offset 0x3fffffc8c00 [ 590.761873][T19106] ntfs3(loop3): try to read out of volume at offset 0x3fffffd0c00 [ 590.971392][T18981] bridge0: port 1(bridge_slave_0) entered blocking state [ 590.990284][T18981] bridge0: port 1(bridge_slave_0) entered disabled state [ 591.001907][ T5857] Bluetooth: hci1: command 0x0405 tx timeout [ 591.038138][T18981] bridge_slave_0: entered allmulticast mode [ 591.046806][T18981] bridge_slave_0: entered promiscuous mode [ 591.292171][T19134] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 591.310670][T18981] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.317852][T18981] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.410408][T18981] bridge_slave_1: entered allmulticast mode [ 591.430711][T18981] bridge_slave_1: entered promiscuous mode [ 591.967541][T18981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 592.104931][T19113] loop0: detected capacity change from 0 to 32768 [ 592.159542][T19162] loop5: detected capacity change from 0 to 512 [ 592.219376][T18981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 592.314018][T19113] ERROR: (device loop0): xtTruncate: XT_GETPAGE: xtree page corrupt [ 592.314018][T19113] [ 592.371957][T19113] ERROR: (device loop0): remounting filesystem as read-only [ 592.386611][T19162] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 592.451122][T19162] EXT4-fs error (device loop5): ext4_map_blocks:671: inode #2: block 18: comm syz.5.5542: lblock 23 mapped to illegal pblock 18 (length 1) [ 592.578431][T19167] dvmrp2: entered allmulticast mode [ 592.622023][ T5145] Bluetooth: hci3: command tx timeout [ 592.791159][ T5841] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 592.977583][T18981] team0: Port device team_slave_0 added [ 593.232034][ T29] audit: type=1326 audit(529893.842:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19202 comm="syz.3.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efeb577e719 code=0x7ffc0000 [ 593.254066][ C1] vkms_vblank_simulate: vblank timer overrun [ 593.270556][T18981] team0: Port device team_slave_1 added [ 593.394347][ T29] audit: type=1326 audit(529893.842:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19202 comm="syz.3.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efeb577e719 code=0x7ffc0000 [ 593.502415][T18981] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 593.513019][T18981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 593.538931][ C1] vkms_vblank_simulate: vblank timer overrun [ 593.561375][ T29] audit: type=1326 audit(529893.842:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19202 comm="syz.3.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7efeb577e719 code=0x7ffc0000 [ 593.666375][ T29] audit: type=1326 audit(529893.842:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19202 comm="syz.3.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efeb577e719 code=0x7ffc0000 [ 593.689020][ C1] vkms_vblank_simulate: vblank timer overrun [ 593.738932][T18981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 593.822526][ T29] audit: type=1326 audit(529893.842:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19202 comm="syz.3.5560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efeb577e719 code=0x7ffc0000 [ 593.911680][T14770] hsr_slave_0: left promiscuous mode [ 593.959796][T14770] hsr_slave_1: left promiscuous mode [ 594.019969][T14770] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 594.041961][T14770] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 594.074793][T14770] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 594.076034][ T29] audit: type=1326 audit(529894.721:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19236 comm="syz.4.5570" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b48d7e719 code=0x0 [ 594.104565][ C1] vkms_vblank_simulate: vblank timer overrun [ 594.128493][T14770] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 594.142908][T19240] hfs: can't find a HFS filesystem on dev nullb0 [ 594.258072][T14770] veth1_macvtap: left promiscuous mode [ 594.282665][T14770] veth0_macvtap: left promiscuous mode [ 594.295592][T14770] veth1_vlan: left promiscuous mode [ 594.304666][T14770] veth0_vlan: left promiscuous mode [ 594.501622][T19222] loop5: detected capacity change from 0 to 32768 [ 594.519964][T19222] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.5565 (19222) [ 594.540597][T19222] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 594.551344][T19222] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm [ 594.562382][T19222] BTRFS info (device loop5): using free-space-tree [ 594.673353][ T5145] Bluetooth: hci3: command tx timeout [ 594.730581][ T5841] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 595.071168][T19269] loop5: detected capacity change from 0 to 1764 [ 595.152117][T19269] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 595.426983][T19275] loop5: detected capacity change from 0 to 512 [ 595.455603][ T25] usb 4-1: new high-speed USB device number 96 using dummy_hcd [ 595.455822][T19275] EXT4-fs: Ignoring removed oldalloc option [ 595.492844][T19275] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b842e02d, mo2=0002] [ 595.500842][T19275] System zones: 1-12 [ 595.530988][T19275] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.5579: invalid indirect mapped block 1 (level 1) [ 595.569303][T19275] EXT4-fs (loop5): Remounting filesystem read-only [ 595.576465][T19275] EXT4-fs (loop5): 1 truncate cleaned up [ 595.583517][T19275] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 595.603768][T19275] EXT4-fs warning (device loop5): ext4_empty_dir:3090: inode #2: lblock 0: comm syz.5.5579: error -117 reading directory block [ 595.647851][ T25] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 595.665231][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 595.676646][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 255, changing to 11 [ 595.677599][ T5841] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 595.688342][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 59391, setting to 1024 [ 595.711963][ T25] usb 4-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 595.727759][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 595.751603][ T25] usb 4-1: Product: syz [ 595.768741][ T25] usb 4-1: Manufacturer: syz [ 595.780005][ T25] usb 4-1: SerialNumber: syz [ 595.797976][ T25] usb 4-1: config 0 descriptor?? [ 595.818492][T19271] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 596.036129][T14770] team0 (unregistering): Port device team_slave_1 removed [ 596.126378][T14770] team0 (unregistering): Port device team_slave_0 removed [ 597.129110][T18981] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 597.138021][T18981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 597.173680][T18981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 597.205180][T19232] tc_dump_action: action bad kind [ 597.224024][T19297] netlink: 'syz.3.5589': attribute type 21 has an invalid length. [ 597.283262][T19297] netlink: 128 bytes leftover after parsing attributes in process `syz.3.5589'. [ 597.293821][T19297] netlink: 'syz.3.5589': attribute type 4 has an invalid length. [ 597.301667][T19297] netlink: 'syz.3.5589': attribute type 5 has an invalid length. [ 597.363286][T19297] netlink: 3 bytes leftover after parsing attributes in process `syz.3.5589'. [ 597.763176][T19309] loop3: detected capacity change from 0 to 2048 [ 597.828243][T19314] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 597.956274][T18981] hsr_slave_0: entered promiscuous mode [ 597.999251][T19314] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 598.034998][T18981] hsr_slave_1: entered promiscuous mode [ 598.049004][T19314] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4) [ 598.111242][T19314] Remounting filesystem read-only [ 598.113835][T18981] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 598.144148][T18981] Cannot create hsr debugfs directory [ 598.155518][ T5834] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 598.452643][T19332] loop5: detected capacity change from 0 to 2048 [ 599.311251][T19347] loop3: detected capacity change from 0 to 32768 [ 599.464277][T19362] dlm: Unknown command passed to DLM device : 0 [ 599.464277][T19362] [ 599.496106][T19364] loop5: detected capacity change from 0 to 8 [ 599.562859][T19347] jfs_strtoUCS: char2uni returned -22. [ 599.652415][T19347] charset = cp869, char = 0x81 [ 599.726533][T19364] SQUASHFS error: Unable to read directory block [629:26] [ 599.999546][T19379] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551359) [ 600.010419][T19379] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647 [ 600.084570][ T963] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 600.142378][T18981] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 600.229359][T18981] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 600.270048][T19387] loop5: detected capacity change from 0 to 128 [ 600.299026][T18981] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 600.333961][ T963] usb 7-1: not running at top speed; connect to a high speed hub [ 600.350358][T18981] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 600.354222][ T963] usb 7-1: config 1 interface 0 altsetting 5 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 600.394538][ T963] usb 7-1: config 1 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 600.407766][ T963] usb 7-1: config 1 interface 0 has no altsetting 0 [ 600.479152][T19387] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 600.593322][T18981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 600.611242][T18981] 8021q: adding VLAN 0 to HW filter on device team0 [ 600.633496][ T5919] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.640688][ T5919] bridge0: port 1(bridge_slave_0) entered forwarding state [ 600.686721][ T5919] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.693944][ T5919] bridge0: port 2(bridge_slave_1) entered forwarding state [ 600.845951][ T963] usb 7-1: string descriptor 0 read error: -22 [ 600.853119][ T963] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 600.862645][ T963] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 600.930639][T19373] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 601.315643][ T9] usb 7-1: USB disconnect, device number 9 [ 601.494526][T18981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 601.544308][T19415] IPVS: set_ctl: invalid protocol: 3 10.1.1.2:0 [ 601.667699][ T5841] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 601.739842][T19389] loop4: detected capacity change from 0 to 32768 [ 601.803946][T19389] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.5628 (19389) [ 601.966763][T19389] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 602.021781][T19399] loop0: detected capacity change from 0 to 32768 [ 602.075935][T19389] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 602.087483][T19389] BTRFS info (device loop4): using free-space-tree [ 602.549917][T18981] veth0_vlan: entered promiscuous mode [ 602.669339][T18981] veth1_vlan: entered promiscuous mode [ 602.823045][T19452] loop0: detected capacity change from 0 to 4096 [ 602.895562][T18981] veth0_macvtap: entered promiscuous mode [ 602.985705][T18981] veth1_macvtap: entered promiscuous mode [ 603.008828][ T5847] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 603.033106][T19452] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 603.071166][T19452] ntfs3(loop0): Failed to load $Extend (-2). [ 603.087268][T19452] ntfs3(loop0): Failed to initialize $Extend. [ 603.119803][T18981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.246738][T18981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.306780][T18981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.336147][T18981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.376321][T18981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.421921][T18981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.493985][T18981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.535130][T18981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.572464][T18981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.619245][T18981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.653133][T18981] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 603.669410][T18981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 603.713638][T18981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.765541][T18981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 603.826627][T18981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.838403][T18981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 603.848929][T18981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.858819][T18981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 603.874585][T18981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.886620][T18981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 603.897277][T18981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.908951][T18981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 604.028438][T18981] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 604.046341][T18981] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 604.055947][T18981] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 604.064953][T18981] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 604.446591][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 604.464828][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 604.672770][ T5919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 604.740678][ T5919] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 605.212077][T19520] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 605.509568][T19530] tmpfs: Bad value for 'size' [ 605.887847][ T29] audit: type=1326 audit(529906.505:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19543 comm="syz.4.5675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b48d7e719 code=0x7ffc0000 [ 606.026031][ T29] audit: type=1326 audit(529906.555:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19543 comm="syz.4.5675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f4b48d7e719 code=0x7ffc0000 [ 606.160771][ T29] audit: type=1326 audit(529906.555:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19543 comm="syz.4.5675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b48d7e719 code=0x7ffc0000 [ 606.276628][ T29] audit: type=1326 audit(529906.555:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19543 comm="syz.4.5675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b48d7e719 code=0x7ffc0000 [ 606.307789][ T1194] usb 1-1: new high-speed USB device number 91 using dummy_hcd [ 606.418668][ T29] audit: type=1326 audit(529906.955:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19563 comm="syz.6.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85dcd7e719 code=0x7ffc0000 [ 606.522449][ T1194] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 606.549707][ T29] audit: type=1326 audit(529906.955:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19563 comm="syz.6.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85dcd7e719 code=0x7ffc0000 [ 606.574213][ T1194] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 606.613676][T19574] loop4: detected capacity change from 0 to 256 [ 606.626693][ T1194] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 606.634460][T19572] loop7: detected capacity change from 0 to 1024 [ 606.686553][ T29] audit: type=1326 audit(529906.975:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19563 comm="syz.6.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f85dcd7e719 code=0x7ffc0000 [ 606.718917][T19572] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 606.725774][ T1194] usb 1-1: New USB device found, idVendor=0086, idProduct=0b5b, bcdDevice=e1.c5 [ 606.778033][ T1194] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.821339][T19572] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 606.835974][ T29] audit: type=1326 audit(529906.975:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19563 comm="syz.6.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85dcd7e719 code=0x7ffc0000 [ 606.854690][ T1194] usb 1-1: Product: syz [ 606.858233][ T29] audit: type=1326 audit(529906.975:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19563 comm="syz.6.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85dcd7e719 code=0x7ffc0000 [ 606.888252][ T1194] usb 1-1: Manufacturer: syz [ 606.893041][ T1194] usb 1-1: SerialNumber: syz [ 606.941169][ T1194] usb 1-1: config 0 descriptor?? [ 606.983637][T19574] FAT-fs (loop4): Directory bread(block 64) failed [ 607.028125][T19574] FAT-fs (loop4): Directory bread(block 65) failed [ 607.034988][T19574] FAT-fs (loop4): Directory bread(block 66) failed [ 607.041736][T19574] FAT-fs (loop4): Directory bread(block 67) failed [ 607.049249][T19574] FAT-fs (loop4): Directory bread(block 68) failed [ 607.055800][T19574] FAT-fs (loop4): Directory bread(block 69) failed [ 607.097356][T18981] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 607.140980][T19574] FAT-fs (loop4): Directory bread(block 70) failed [ 607.183327][T19574] FAT-fs (loop4): Directory bread(block 71) failed [ 607.255351][T19574] FAT-fs (loop4): Directory bread(block 72) failed [ 607.328210][T19574] FAT-fs (loop4): Directory bread(block 73) failed [ 607.482419][ T5843] usb 1-1: USB disconnect, device number 91 [ 607.653025][T19608] netlink: 52 bytes leftover after parsing attributes in process `syz.5.5701'. [ 608.312687][T19632] ieee802154 phy0 wpan0: encryption failed: -90 [ 608.353005][T19635] IPv6: sit1: Disabled Multicast RS [ 608.908449][T19654] libceph: resolve '0.' (ret=-3): failed [ 608.979641][T19658] tmpfs: Bad value for 'mpol' [ 609.019337][ T5898] usb 1-1: new high-speed USB device number 92 using dummy_hcd [ 609.063175][T19662] xt_CT: You must specify a L4 protocol and not use inversions on it [ 609.191360][ T5898] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 609.217340][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.284974][ T5898] usb 1-1: config 0 descriptor?? [ 609.557665][T19679] kAFS: unparsable volume name [ 609.719157][ T5898] ath6kl: Failed to submit usb control message: -71 [ 609.728888][ T5898] ath6kl: unable to send the bmi data to the device: -71 [ 609.780328][ T5898] ath6kl: Unable to send get target info: -71 [ 609.815422][ T5898] ath6kl: Failed to init ath6kl core: -71 [ 609.850286][ T5898] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 609.910568][ T5898] usb 1-1: USB disconnect, device number 92 [ 610.512999][T19711] xt_NFQUEUE: number of total queues is 0 [ 610.719197][ T5898] usb 6-1: new high-speed USB device number 93 using dummy_hcd [ 610.909127][ T5898] usb 6-1: Using ep0 maxpacket: 8 [ 610.956595][ T5898] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 610.987117][ T5898] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 0 [ 611.055462][T19734] ip6t_srh: unknown srh invflags 7401 [ 611.061101][ T5898] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 134, changing to 11 [ 611.103988][ T5898] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 59360, setting to 1024 [ 611.176237][ T5898] usb 6-1: New USB device found, idVendor=110a, idProduct=1110, bcdDevice=ab.5d [ 611.221873][ T5898] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 611.270107][ T5898] usb 6-1: Product: syz [ 611.274332][ T5898] usb 6-1: Manufacturer: syz [ 611.295266][ T5898] usb 6-1: SerialNumber: syz [ 611.332509][T19710] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 611.348613][ T5898] ti_usb_3410_5052 6-1:1.0: TI USB 3410 1 port adapter converter detected [ 611.641154][ T963] usb 6-1: USB disconnect, device number 93 [ 611.937713][T19756] tmpfs: Bad value for 'mpol' [ 612.192092][T19770] loop7: detected capacity change from 0 to 8192 [ 612.411320][T19724] loop0: detected capacity change from 0 to 40427 [ 612.468704][T19724] F2FS-fs (loop0): heap/no_heap options were deprecated [ 612.513945][T19770] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 612.566250][T19724] F2FS-fs (loop0): invalid crc value [ 612.593094][T19770] FAT-fs (loop7): error, fat_free_clusters: deleting FAT entry beyond EOF [ 612.660829][T19770] FAT-fs (loop7): Filesystem has been set read-only [ 612.694738][T19785] loop4: detected capacity change from 0 to 1024 [ 612.732676][T19724] F2FS-fs (loop0): Found nat_bits in checkpoint [ 612.896172][T19724] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 612.915214][T19785] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 613.173702][ T5836] syz-executor: attempt to access beyond end of device [ 613.173702][ T5836] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 613.273299][ T5836] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 613.434847][T19806] loop3: detected capacity change from 0 to 512 [ 613.514382][T19806] EXT4-fs: Ignoring removed orlov option [ 613.551121][T19814] netlink: 'syz.6.5786': attribute type 3 has an invalid length. [ 613.559081][T19814] netlink: 201372 bytes leftover after parsing attributes in process `syz.6.5786'. [ 613.679769][T19819] loop6: detected capacity change from 0 to 512 [ 613.909340][T19802] loop7: detected capacity change from 0 to 32768 [ 613.959328][T19802] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.5783 (19802) [ 614.072253][T19806] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8846c028, mo2=0102] [ 614.259199][T19802] BTRFS info (device loop7): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 614.342406][T19802] BTRFS info (device loop7): using xxhash64 (xxhash64-generic) checksum algorithm [ 614.406686][T19806] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 614.452409][T19802] BTRFS info (device loop7): disk space caching is enabled [ 614.472232][T19802] BTRFS warning (device loop7): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 614.483009][T19806] EXT4-fs warning (device loop3): dx_probe:881: Enable large directory feature to access it [ 614.545270][T19819] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 614.621022][T19806] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.5784: Corrupt directory, running e2fsck is recommended [ 614.682307][T19843] netlink: 'syz.0.5781': attribute type 9 has an invalid length. [ 614.721403][T19850] netlink: 'syz.5.5797': attribute type 7 has an invalid length. [ 614.749387][T19850] netlink: 'syz.5.5797': attribute type 8 has an invalid length. [ 614.763605][T19850] netlink: 224 bytes leftover after parsing attributes in process `syz.5.5797'. [ 614.782537][T19806] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 614.791449][T19806] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.5784: corrupted in-inode xattr: invalid ea_ino [ 614.845825][T19806] EXT4-fs (loop3): Remounting filesystem read-only [ 614.868102][T19806] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 614.899421][T19858] loop4: detected capacity change from 0 to 256 [ 614.919420][T14704] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 615.212807][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 615.892022][T19802] BTRFS info (device loop7): rebuilding free space tree [ 615.917746][T19802] BTRFS info (device loop7): disabling free space tree [ 615.931052][T19802] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 615.964766][T19906] loop6: detected capacity change from 0 to 8 [ 616.051814][T19802] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 616.323548][T18981] BTRFS info (device loop7): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 616.418371][T19917] loop5: detected capacity change from 0 to 64 [ 616.443526][ T25] iguanair 4-1:0.0: failed to get version [ 616.449948][ T25] iguanair 4-1:0.0: probe with driver iguanair failed with error -110 [ 616.467869][ T25] usb 4-1: USB disconnect, device number 96 [ 616.479260][T19921] binder: 19920:19921 ioctl 400c620e 0 returned -14 [ 616.661566][T19922] netlink: 48 bytes leftover after parsing attributes in process `syz.3.5818'. [ 616.882070][T19936] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5828'. [ 616.884960][T19932] loop6: detected capacity change from 0 to 1024 [ 617.075085][T19932] hfsplus: request for non-existent node 128 in B*Tree [ 617.082648][T19932] hfsplus: request for non-existent node 128 in B*Tree [ 617.223221][ T1194] usb 1-1: new high-speed USB device number 93 using dummy_hcd [ 617.490652][ T1194] usb 1-1: Using ep0 maxpacket: 32 [ 617.526142][T19972] openvswitch: netlink: Actions may not be safe on all matching packets [ 617.643571][ T1194] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 617.654934][ T1194] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 617.665205][ T1194] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 617.674891][ T1194] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 617.734787][ T1194] usb 1-1: config 0 descriptor?? [ 617.758623][ T1194] hub 1-1:0.0: USB hub found [ 618.027975][ T1194] hub 1-1:0.0: 1 port detected [ 618.232443][ T1194] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 618.248240][ T1194] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 618.271293][T19994] netlink: 'syz.6.5847': attribute type 8 has an invalid length. [ 618.293781][T19994] netlink: 'syz.6.5847': attribute type 7 has an invalid length. [ 618.301580][T19994] netlink: 224 bytes leftover after parsing attributes in process `syz.6.5847'. [ 618.313187][ T1194] usbhid 1-1:0.0: can't add hid device: -71 [ 618.330263][ T1194] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 618.434821][ T1194] usb 1-1: USB disconnect, device number 93 [ 618.549528][T20008] team_slave_1: entered promiscuous mode [ 618.632845][T20010] loop6: detected capacity change from 0 to 1024 [ 618.657635][T20012] loop7: detected capacity change from 0 to 256 [ 618.664980][T20010] EXT4-fs: Ignoring removed nomblk_io_submit option [ 618.682762][T20008] team0: Port device team_slave_1 removed [ 618.725942][T20010] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 618.805343][T20017] loop5: detected capacity change from 0 to 1764 [ 618.929552][T14704] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 619.032582][T20025] loop4: detected capacity change from 0 to 64 [ 619.180256][T20032] x_tables: ip_tables: osf match: only valid for protocol 6 [ 619.457509][T20045] loop4: detected capacity change from 0 to 24 [ 619.476320][T20045] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 619.507605][T20045] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 619.579868][T20045] VFS: Lookup of 'file0' in romfs loop4 would have caused loop [ 619.629356][T20042] xt_connbytes: Forcing CT accounting to be enabled [ 619.969387][T20054] loop5: detected capacity change from 0 to 4096 [ 620.119565][T20066] xt_CT: No such helper "snmp" [ 620.157755][T20054] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 620.197102][T20054] ntfs3(loop5): Failed to load $Extend (-2). [ 620.213567][T20054] ntfs3(loop5): Failed to initialize $Extend. [ 620.254408][T20054] ntfs3(loop5): ino=5, "/" directory corrupted [ 620.923539][T20094] loop6: detected capacity change from 0 to 32768 [ 620.931390][T20094] XFS (loop6): sunit and swidth must be specified together [ 621.005833][T20102] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 621.678431][T20129] netlink: 'syz.5.5910': attribute type 26 has an invalid length. [ 622.274710][T20154] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5913'. [ 622.502082][T20165] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 622.586484][ T8] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 622.942231][T20177] loop7: detected capacity change from 0 to 128 [ 622.952497][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 623.026604][T20183] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5928'. [ 623.166421][ T8] usb 5-1: config 0 has an invalid interface number: 206 but max is 1 [ 623.174651][ T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 623.185264][ T8] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 623.194823][ T8] usb 5-1: config 0 has no interface number 0 [ 623.202053][ T8] usb 5-1: config 0 interface 206 altsetting 2 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 623.216356][ T8] usb 5-1: config 0 interface 206 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 32 [ 623.226620][ T8] usb 5-1: config 0 interface 206 altsetting 2 bulk endpoint 0xD has invalid maxpacket 1023 [ 623.237033][ T8] usb 5-1: config 0 interface 206 altsetting 2 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 623.249098][ T8] usb 5-1: config 0 interface 206 altsetting 2 has 5 endpoint descriptors, different from the interface descriptor's value: 7 [ 623.262670][ T8] usb 5-1: config 0 interface 206 has no altsetting 0 [ 623.266196][ T1194] usb 6-1: new high-speed USB device number 94 using dummy_hcd [ 623.285144][ T8] usb 5-1: New USB device found, idVendor=0499, idProduct=1007, bcdDevice=df.8f [ 623.302654][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.311038][ T8] usb 5-1: Product: syz [ 623.315457][ T8] usb 5-1: Manufacturer: syz [ 623.345529][ T8] usb 5-1: SerialNumber: syz [ 623.382811][ T8] usb 5-1: config 0 descriptor?? [ 623.394001][T20156] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 623.395512][T20134] loop3: detected capacity change from 0 to 40427 [ 623.403058][T20156] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 623.506097][T20134] F2FS-fs (loop3): Found nat_bits in checkpoint [ 623.546735][ T1194] usb 6-1: Using ep0 maxpacket: 16 [ 623.561224][ T1194] usb 6-1: config 0 has an invalid interface number: 105 but max is 0 [ 623.574862][ T1194] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 623.615892][ T1194] usb 6-1: config 0 has no interface number 0 [ 623.657271][ T1194] usb 6-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 623.696591][ T1194] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.703949][ T8] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 623.704697][ T1194] usb 6-1: Product: syz [ 623.770334][T20134] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 623.779171][ T1194] usb 6-1: Manufacturer: syz [ 623.783801][ T1194] usb 6-1: SerialNumber: syz [ 623.843725][ T1194] usb 6-1: config 0 descriptor?? [ 623.861028][ T8] usb 5-1: USB disconnect, device number 87 [ 623.879586][T20134] F2FS-fs (loop3): Unrecognized mount option "ÿÿÿÿÿÿÿÿÿÿ¤ Z*¬ð¿Ë m˜.Dc8'ñ@Ø×C9Gö9œùõ?À9†Så¦{»1Ÿ¿JÆöÌÕ¬¿á5 æÒÔŒöÀ‰Ýöqqÿ³±Yˆç³”ÅÚóá" or missing value [ 623.910225][ T1194] usb 6-1: Found UVC 0.00 device syz (046d:08f3) [ 623.956572][ T1194] usb 6-1: No valid video chain found. [ 624.216231][ T1194] usb 6-1: USB disconnect, device number 94 [ 624.367471][T20224] netlink: 'syz.4.5946': attribute type 1 has an invalid length. [ 624.737017][ T8] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 624.774778][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.782021][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.811728][T20226] loop0: detected capacity change from 0 to 4096 [ 624.874297][T20226] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 624.951987][ T8] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 624.961510][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.980371][ T8] usb 5-1: Product: syz [ 624.997530][ T8] usb 5-1: Manufacturer: syz [ 625.032977][ T8] usb 5-1: SerialNumber: syz [ 625.073121][T20246] netlink: 'syz.5.5956': attribute type 28 has an invalid length. [ 625.102730][ T8] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 625.210313][ T5898] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 625.640455][T20264] loop5: detected capacity change from 0 to 1024 [ 625.917961][T20268] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5966'. [ 626.673404][ T5843] usb 1-1: new full-speed USB device number 94 using dummy_hcd [ 626.740452][T20279] overlayfs: cannot append lower layer [ 626.874616][T20262] loop7: detected capacity change from 0 to 32768 [ 626.899865][ T5843] usb 1-1: config 0 has an invalid descriptor of length 100, skipping remainder of the config [ 626.963600][ T5843] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 627.043842][ T5843] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10 [ 627.143434][ T5843] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 65535, setting to 64 [ 627.211953][ T5843] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 18403, setting to 64 [ 627.315008][ T5843] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 627.346124][ T5843] usb 1-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 627.356204][ T5843] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.364388][ T5843] usb 1-1: Product: syz [ 627.368767][ T5843] usb 1-1: Manufacturer: syz [ 627.373380][ T5843] usb 1-1: SerialNumber: syz [ 627.479717][T20297] loop5: detected capacity change from 0 to 512 [ 627.525546][T20297] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 627.545233][ T5898] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 627.570275][ T5898] ath9k_htc: Failed to initialize the device [ 627.709770][ T5843] usb 1-1: config 0 descriptor?? [ 627.725868][T20275] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 627.734413][T20275] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 628.028344][T20305] loop4: detected capacity change from 0 to 1024 [ 628.170278][T20262] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 628.180657][T20297] EXT4-fs (loop5): 1 orphan inode deleted [ 628.186435][T20297] EXT4-fs (loop5): 1 truncate cleaned up [ 628.284274][T20297] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 628.474581][T20297] EXT4-fs error (device loop5): empty_inline_dir:1850: inode #12: block 7: comm syz.5.5977: bad entry in directory: directory entry overrun - offset=4, inode=13, rec_len=784, size=60 fake=0 [ 628.634550][T20262] XFS (loop7): Ending clean mount [ 628.672240][T20262] XFS (loop7): Quotacheck needed: Please wait. [ 628.709316][T20297] EXT4-fs (loop5): Remounting filesystem read-only [ 628.778078][T20297] EXT4-fs warning (device loop5): empty_inline_dir:1857: bad inline directory (dir #12) - inode 13, rec_len 784, name_len 5inline size 60 [ 628.995033][T20262] XFS (loop7): Quotacheck: Done. [ 629.369263][ T5843] rc_core: IR keymap rc-snapstream-firefly not found [ 629.376047][ T5843] Registered IR keymap rc-empty [ 629.390334][ T5841] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 629.472105][T18981] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 629.530074][ T5843] rc rc0: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 629.687303][ T5843] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input57 [ 629.812361][ T5843] input: syz syz mouse as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input58 [ 630.152908][ T5843] usb 1-1: USB disconnect, device number 94 [ 630.159011][ C1] ati_remote 1-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19 [ 631.455587][T20358] loop4: detected capacity change from 0 to 2048 [ 631.543199][T20365] delete_channel: no stack [ 631.586862][T20358] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 632.079304][T20368] loop7: detected capacity change from 0 to 4096 [ 632.750176][T20386] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 632.951569][T20392] xt_TCPMSS: Only works on TCP SYN packets [ 633.291493][ C0] sched: DL replenish lagged too much [ 634.907942][T20432] loop5: detected capacity change from 0 to 1024 [ 634.981330][T20432] EXT4-fs: Ignoring removed orlov option [ 635.072156][T20432] EXT4-fs: Ignoring removed nomblk_io_submit option [ 635.224324][T20432] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 635.342919][T20432] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 635.461844][T20432] EXT4-fs (loop5): invalid journal inode [ 635.522506][T20432] EXT4-fs (loop5): can't get journal size [ 635.603908][T20432] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 636.215452][T20459] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6036'. [ 636.255269][T20460] loop0: detected capacity change from 0 to 16 [ 636.266752][ T5841] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 636.431517][T20460] erofs: (device loop0): mounted with root inode @ nid 36. [ 637.257913][T20470] loop3: detected capacity change from 0 to 2048 [ 637.454342][T20470] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 637.578084][T20470] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 637.822820][T20470] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002] [ 637.923173][T20470] System zones: 0-19 [ 638.026252][T20470] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 638.244042][ T1194] usb 1-1: new high-speed USB device number 95 using dummy_hcd [ 638.542692][ T1194] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 638.593966][ T1194] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 638.674358][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 638.713970][ T1194] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 638.802422][ T1194] usb 1-1: config 1 has no interface number 1 [ 638.866499][ T1194] usb 1-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 638.991119][ T1194] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 639.063761][ T1194] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.195192][ T1194] usb 1-1: Product: syz [ 639.236838][ T1194] usb 1-1: Manufacturer: syz [ 639.246674][T20505] team_slave_1: entered promiscuous mode [ 639.276991][ T1194] usb 1-1: SerialNumber: syz [ 639.668992][ T1194] usb 1-1: USB disconnect, device number 95 [ 639.876948][ T5860] udevd[5860]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 640.450349][T20523] xt_ecn: cannot match TCP bits for non-tcp packets [ 640.936900][T20531] loop6: detected capacity change from 0 to 64 [ 642.036522][T20554] loop4: detected capacity change from 0 to 256 [ 642.187257][T20554] FAT-fs (loop4): Directory bread(block 64) failed [ 642.212047][T20554] FAT-fs (loop4): Directory bread(block 65) failed [ 642.263242][T20554] FAT-fs (loop4): Directory bread(block 66) failed [ 642.312182][T20554] FAT-fs (loop4): Directory bread(block 67) failed [ 642.333812][T20554] FAT-fs (loop4): Directory bread(block 68) failed [ 642.362126][T20554] FAT-fs (loop4): Directory bread(block 69) failed [ 642.393811][T20554] FAT-fs (loop4): Directory bread(block 70) failed [ 642.434349][T20554] FAT-fs (loop4): Directory bread(block 71) failed [ 642.462741][T20554] FAT-fs (loop4): Directory bread(block 72) failed [ 642.480845][T20554] FAT-fs (loop4): Directory bread(block 73) failed [ 642.535854][ T5843] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 642.720121][ T5843] usb 7-1: Using ep0 maxpacket: 32 [ 642.778518][ T5843] usb 7-1: unable to get BOS descriptor or descriptor too short [ 642.787646][ T5843] usb 7-1: config 253 has an invalid interface number: 79 but max is 0 [ 642.815950][ T5843] usb 7-1: config 253 has no interface number 0 [ 642.847631][ T5843] usb 7-1: config 253 interface 79 altsetting 64 endpoint 0x3 has an invalid bInterval 98, changing to 10 [ 642.925390][ T5843] usb 7-1: config 253 interface 79 has no altsetting 0 [ 642.958301][ T5843] usb 7-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 642.994622][ T5843] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 643.024384][ T5843] usb 7-1: Product: syz [ 643.038433][ T5843] usb 7-1: Manufacturer: syz [ 643.065686][ T5843] usb 7-1: SerialNumber: syz [ 643.386574][ T5843] usb 7-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 643.417645][ T5843] usb 7-1: USB disconnect, device number 10 [ 655.337018][ T5857] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 655.367610][ T5856] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 655.385798][ T5856] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 655.394151][ T5856] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 655.402024][ T5856] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 655.409962][ T5856] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 655.418202][ T5856] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 655.428244][ T5856] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 655.437588][ T5856] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 655.445626][ T5856] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 655.461953][ T5856] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 655.477737][ T5856] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 655.915121][ T5145] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 655.929666][ T5145] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 655.942608][ T5145] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 655.950460][ T5145] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 655.958705][ T5145] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 655.966205][ T5145] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 657.603691][ T5856] Bluetooth: hci6: command tx timeout [ 657.609934][ T5856] Bluetooth: hci7: command tx timeout [ 658.073685][ T5856] Bluetooth: hci8: command tx timeout [ 658.591728][ T5145] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 658.601973][ T5145] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 658.614705][ T5145] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 658.623079][ T5145] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 658.631801][ T5145] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 658.640127][ T5145] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 659.684435][ T5145] Bluetooth: hci7: command tx timeout [ 659.689904][ T5145] Bluetooth: hci6: command tx timeout [ 659.970113][ T5857] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 659.980152][ T5857] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 659.989115][ T5857] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 659.997376][ T5857] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 660.009351][ T5857] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 660.017134][ T5857] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 660.027787][ T5857] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 660.040036][ T5857] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 660.048865][ T5857] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 660.057454][ T5857] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 660.095358][ T5857] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 660.107708][ T5857] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 660.154805][ T5857] Bluetooth: hci8: command tx timeout [ 660.717263][ T5857] Bluetooth: hci9: command tx timeout [ 661.755698][ T5145] Bluetooth: hci7: command tx timeout [ 661.765234][ T5857] Bluetooth: hci6: command tx timeout [ 662.145844][ T5857] Bluetooth: hci11: command tx timeout [ 662.235802][ T5857] Bluetooth: hci8: command tx timeout [ 662.241294][ T5857] Bluetooth: hci10: command tx timeout [ 662.482722][T20505] team0: Port device team_slave_1 removed [ 662.512854][T20516] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6057'. [ 662.579073][T20516] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6057'. [ 662.836370][ T5857] Bluetooth: hci9: command tx timeout [ 663.837011][ T5857] Bluetooth: hci6: command tx timeout [ 663.842615][ T5145] Bluetooth: hci7: command tx timeout [ 664.251744][ T5145] Bluetooth: hci11: command tx timeout [ 664.307540][ T5145] Bluetooth: hci10: command tx timeout [ 664.313184][ T5145] Bluetooth: hci8: command tx timeout [ 664.880355][ T5145] Bluetooth: hci9: command tx timeout [ 666.318027][ T5145] Bluetooth: hci11: command tx timeout [ 666.398295][ T5145] Bluetooth: hci10: command tx timeout [ 666.958300][ T5145] Bluetooth: hci9: command tx timeout [ 668.401170][ T5145] Bluetooth: hci11: command tx timeout [ 668.479045][ T5145] Bluetooth: hci10: command tx timeout [ 677.864968][T20566] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.047013][T20591] chnl_net:caif_netlink_parms(): no params data found [ 679.259992][T20591] bridge0: port 1(bridge_slave_0) entered blocking state [ 679.282962][T20591] bridge0: port 1(bridge_slave_0) entered disabled state [ 679.295479][T20591] bridge_slave_0: entered allmulticast mode [ 679.302766][T20591] bridge_slave_0: entered promiscuous mode [ 679.334166][T20591] bridge0: port 2(bridge_slave_1) entered blocking state [ 679.343308][T20591] bridge0: port 2(bridge_slave_1) entered disabled state [ 679.367181][T20591] bridge_slave_1: entered allmulticast mode [ 679.385331][T20591] bridge_slave_1: entered promiscuous mode [ 679.492892][T20591] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 679.512311][T20591] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 679.627118][T20591] team0: Port device team_slave_0 added [ 679.648759][T20591] team0: Port device team_slave_1 added [ 679.721681][T20591] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 679.736553][T20591] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 679.774259][T20591] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 679.810948][T20591] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 679.827513][T20591] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 679.864632][T20591] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 679.949558][T20591] hsr_slave_0: entered promiscuous mode [ 679.967213][T20591] hsr_slave_1: entered promiscuous mode [ 679.983152][T20591] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 679.991387][T20591] Cannot create hsr debugfs directory [ 682.453096][T20591] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 682.513100][T20591] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 682.544319][T20591] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 682.574127][T20591] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 682.678093][T20591] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.686126][T20591] bridge0: port 2(bridge_slave_1) entered forwarding state [ 682.695864][T20591] bridge0: port 1(bridge_slave_0) entered blocking state [ 682.703021][T20591] bridge0: port 1(bridge_slave_0) entered forwarding state [ 683.040628][T20591] 8021q: adding VLAN 0 to HW filter on device bond0 [ 683.133196][T20591] 8021q: adding VLAN 0 to HW filter on device team0 [ 683.880327][T20591] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 684.074296][T20591] veth0_vlan: entered promiscuous mode [ 684.132483][T20591] veth1_vlan: entered promiscuous mode [ 684.257940][T20591] veth0_macvtap: entered promiscuous mode [ 684.286442][T20591] veth1_macvtap: entered promiscuous mode [ 684.352968][T20591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 684.409525][T20591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 684.438655][T20591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 684.477072][T20591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 684.521728][T20591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 684.560301][T20591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 684.592718][T20591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 684.622179][T20591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 684.650887][T20591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 684.696946][T20591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 684.723383][T20591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 684.769243][T20591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 684.799940][T20591] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 684.819762][T20591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 684.840947][T20591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 684.858315][T20591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 684.877521][T20591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 684.895408][T20591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 684.913749][T20591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 684.931358][T20591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 684.949137][T20591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 684.967216][T20591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 684.985925][T20591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 684.999373][T20591] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 685.017609][T20591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 685.050165][T20591] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 685.063570][T20591] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.087032][T20591] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.095779][T20591] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.113715][T20591] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 685.267166][ T3470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 685.275061][ T3470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 685.351651][ T3470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 685.369099][ T3470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 686.318506][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.324853][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.117217][T20740] loop1: detected capacity change from 0 to 256 [ 688.165988][T20740] FAT-fs (loop1): Directory bread(block 64) failed [ 688.198825][T20740] FAT-fs (loop1): Directory bread(block 65) failed [ 688.205486][T20740] FAT-fs (loop1): Directory bread(block 66) failed [ 688.237069][T20740] FAT-fs (loop1): Directory bread(block 67) failed [ 688.258416][T20740] FAT-fs (loop1): Directory bread(block 68) failed [ 688.267410][T20740] FAT-fs (loop1): Directory bread(block 69) failed [ 688.282257][T20740] FAT-fs (loop1): Directory bread(block 70) failed [ 688.290642][T20740] FAT-fs (loop1): Directory bread(block 71) failed [ 688.297337][T20740] FAT-fs (loop1): Directory bread(block 72) failed [ 688.320017][T20740] FAT-fs (loop1): Directory bread(block 73) failed [ 688.387786][T20740] FAT-fs (loop1): error, invalid access to FAT (entry 0x00006c61) [ 688.444989][ T29] audit: type=1800 audit(529988.984:137): pid=20740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.6106" name="cpu.stat" dev="loop1" ino=1048652 res=0 errno=0 [ 690.547699][T20760] loop1: detected capacity change from 0 to 32768 [ 690.571254][T20760] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 690.601341][T20760] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 690.636654][T20760] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 690.663606][ T5897] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 690.681355][ T5897] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 690.831980][ T5897] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 150ms [ 690.858432][ T5897] gfs2: fsid=syz:syz.0: jid=0: Done [ 690.867933][T20760] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 690.918340][T20760] UBIFS error (pid: 20760): cannot open "./file0", error -22 [ 691.408052][T20765] loop1: detected capacity change from 0 to 64 [ 691.449796][T20765] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 692.582148][T20781] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 692.710572][T20783] netlink: 'syz.1.6126': attribute type 10 has an invalid length. [ 692.754035][T20783] macvlan0: entered promiscuous mode [ 692.770372][T20783] macvlan0: entered allmulticast mode [ 692.786349][T20783] veth1_vlan: entered allmulticast mode [ 692.803668][T20783] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 694.319863][T20805] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6137'. [ 694.337814][T20805] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 695.982719][ T1194] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 696.162862][ T1194] usb 2-1: Using ep0 maxpacket: 32 [ 696.183116][ T1194] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 696.203880][ T1194] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 696.221005][ T1194] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 696.240042][ T1194] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 696.279142][ T1194] usb 2-1: config 0 descriptor?? [ 696.295082][ T1194] hub 2-1:0.0: USB hub found [ 696.557647][ T1194] hub 2-1:0.0: 1 port detected [ 696.763035][ T1194] hub 2-1:0.0: hub_hub_status failed (err = -71) [ 696.769445][ T1194] hub 2-1:0.0: config failed, can't get hub status (err -71) [ 696.828491][ T1194] usbhid 2-1:0.0: can't add hid device: -71 [ 696.849687][ T1194] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 696.943859][ T1194] usb 2-1: USB disconnect, device number 92 [ 698.451980][T20839] netlink: 156 bytes leftover after parsing attributes in process `syz.1.6154'. [ 698.606873][T20841] netlink: 'syz.1.6155': attribute type 21 has an invalid length. [ 698.630798][T20841] netlink: 132 bytes leftover after parsing attributes in process `syz.1.6155'. [ 699.044427][ T5897] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 699.259731][ T5897] usb 2-1: config index 0 descriptor too short (expected 2207, got 159) [ 699.273017][ T5897] usb 2-1: config 1 has an invalid interface number: 3 but max is 2 [ 699.287168][ T5897] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 699.304359][ T5897] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 699.324255][ T5897] usb 2-1: config 1 has no interface number 1 [ 699.330881][ T5897] usb 2-1: too many endpoints for config 1 interface 3 altsetting 0: 187, using maximum allowed: 30 [ 699.351050][ T5897] usb 2-1: config 1 interface 3 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 187 [ 699.372070][ T5897] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 699.405185][ T5897] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 699.416981][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 699.435405][ T5897] usb 2-1: Product: syz [ 699.439615][ T5897] usb 2-1: Manufacturer: syz [ 699.445880][ T5897] usb 2-1: SerialNumber: syz [ 699.679862][ T5897] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor [ 699.746528][ T5897] hub 2-1:1.3: bad descriptor, ignoring hub [ 699.752666][ T5897] hub 2-1:1.3: probe with driver hub failed with error -5 [ 699.819506][ T5897] usb 2-1: USB disconnect, device number 93 [ 699.949987][T20845] udevd[20845]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 701.205350][ T5897] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 701.395473][ T5897] usb 2-1: Using ep0 maxpacket: 32 [ 701.412841][ T5897] usb 2-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.08 [ 701.428448][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 701.443597][ T5897] usb 2-1: Product: syz [ 701.450489][ T5897] usb 2-1: Manufacturer: syz [ 701.455105][ T5897] usb 2-1: SerialNumber: syz [ 701.466209][ T5897] usb 2-1: config 0 descriptor?? [ 701.497029][ T5897] go7007 2-1:0.0: probe with driver go7007 failed with error -12 [ 701.715663][ T5897] usb 2-1: USB disconnect, device number 94 [ 703.813228][T20882] loop1: detected capacity change from 0 to 1024 [ 706.839243][T20920] loop1: detected capacity change from 0 to 32768 [ 706.869898][T20920] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.6190 (20920) [ 706.919750][T20920] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 706.948096][T20920] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 706.988312][T20920] BTRFS info (device loop1): disk space caching is enabled [ 706.995575][T20920] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 707.108888][T20920] BTRFS info (device loop1): rebuilding free space tree [ 707.179329][T20920] BTRFS info (device loop1): disabling free space tree [ 707.196030][T20920] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 707.239004][T20920] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 707.378797][T20920] BTRFS info (device loop1): balance: start -f -sprofiles=data|metadata,limit=10617159155730,stripes=4..255 [ 707.422880][T20920] BTRFS info (device loop1): balance: ended with status: 0 [ 707.554649][T20591] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 707.997845][T20938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6191'. [ 708.526147][T20944] cgroup: name respecified [ 709.557639][T20960] loop1: detected capacity change from 0 to 8 [ 709.653260][T20960] SQUASHFS error: Failed to read block 0x2fc: -5 [ 709.667400][T20960] SQUASHFS error: Unable to read metadata cache entry [2fa] [ 709.681575][T20960] SQUASHFS error: Unable to read directory block [247:26] [ 711.031412][T20972] loop1: detected capacity change from 0 to 32768 [ 711.056411][T20972] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.6208 (20972) [ 711.104477][T20972] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 711.140434][T20972] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 711.149887][T20972] BTRFS error (device loop1): superblock checksum mismatch [ 711.212029][T20972] BTRFS error (device loop1): open_ctree failed [ 712.016895][T20981] loop1: detected capacity change from 0 to 512 [ 712.067015][T20981] EXT4-fs: Ignoring removed i_version option [ 712.106999][T20981] EXT4-fs error (device loop1): __ext4_iget:4952: inode #11: block 1: comm syz.1.6212: invalid block [ 712.143301][T20981] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.6212: couldn't read orphan inode 11 (err -117) [ 712.203142][T20981] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 712.241464][T20981] EXT4-fs error (device loop1): ext4_add_entry:2437: inode #2: comm syz.1.6212: Directory hole found for htree leaf block 0 [ 712.334964][T20591] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 712.640709][T20987] loop1: detected capacity change from 0 to 512 [ 712.676258][T20987] EXT4-fs: Ignoring removed nobh option [ 712.729963][T20987] EXT4-fs (loop1): mounted filesystem 00800000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 712.780657][T20987] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 712.809715][T20987] EXT4-fs (loop1): Remounting filesystem read-only [ 712.876427][T20591] EXT4-fs (loop1): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 715.509058][ T5857] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 715.518530][ T5857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 715.527138][ T5857] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 715.536417][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 715.544191][ T5857] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 715.554430][ T5857] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 715.611983][ T5145] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 715.628784][ T5145] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 715.637728][ T5145] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 715.646557][ T5145] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 715.655610][ T5145] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 715.662940][ T5145] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 717.703740][ T5857] Bluetooth: hci1: command tx timeout [ 717.783759][ T5857] Bluetooth: hci0: command tx timeout [ 719.304811][ T5145] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 719.316764][ T5145] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 719.325202][ T5145] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 719.349487][ T5145] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 719.364808][ T5145] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 719.373903][ T5145] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 719.784490][ T5145] Bluetooth: hci1: command tx timeout [ 719.854700][ T5145] Bluetooth: hci0: command tx timeout [ 720.493833][ T5857] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 720.505778][ T5857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 720.524116][ T5857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 720.532724][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 720.545139][ T5857] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 720.552481][ T5857] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 720.656673][ T5857] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 720.666999][ T5857] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 720.675223][ T5857] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 720.683871][ T5857] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 720.693033][ T5857] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 720.715418][ T5857] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 721.465745][ T5857] Bluetooth: hci2: command tx timeout [ 721.865772][ T5857] Bluetooth: hci1: command tx timeout [ 721.945733][ T5857] Bluetooth: hci0: command tx timeout [ 722.666074][ T5857] Bluetooth: hci3: command tx timeout [ 722.826157][ T5857] Bluetooth: hci4: command tx timeout [ 723.546500][ T5857] Bluetooth: hci2: command tx timeout [ 723.947314][ T5857] Bluetooth: hci1: command tx timeout [ 724.027046][ T5857] Bluetooth: hci0: command tx timeout [ 724.748319][ T5857] Bluetooth: hci3: command tx timeout [ 724.907162][ T5857] Bluetooth: hci4: command tx timeout [ 725.632999][ T5857] Bluetooth: hci2: command tx timeout [ 726.828193][ T5857] Bluetooth: hci3: command tx timeout [ 726.988269][ T5857] Bluetooth: hci4: command tx timeout [ 727.713294][ T5857] Bluetooth: hci2: command tx timeout [ 728.699220][ T5145] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 728.709488][ T5145] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 728.720391][ T5145] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 728.746842][ T5145] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 728.755393][ T5145] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 728.763130][ T5145] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 728.918009][ T5857] Bluetooth: hci3: command tx timeout [ 729.069341][ T5857] Bluetooth: hci4: command tx timeout [ 730.830108][ T5857] Bluetooth: hci5: command tx timeout [ 732.920937][ T5857] Bluetooth: hci5: command tx timeout [ 734.380394][ T5919] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 734.401704][ T5919] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 734.994386][ T5857] Bluetooth: hci5: command tx timeout [ 737.073258][ T5857] Bluetooth: hci5: command tx timeout [ 747.710294][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.716964][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 779.239685][T20587] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 779.268291][T20587] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 779.296200][T20587] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 779.312083][T20587] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 779.321549][T20587] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 779.333683][T20587] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 779.545941][T21017] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 779.569231][T21017] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 779.578455][T21017] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 779.586590][T21017] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 779.596870][T21017] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 779.624550][T21017] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 780.034135][T20587] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 780.056541][T20587] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 780.065935][T20587] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 780.074238][T20587] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 780.085620][T20587] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 780.093365][T20587] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 780.542133][T20587] Bluetooth: hci6: command 0x0406 tx timeout [ 780.554735][T21017] Bluetooth: hci7: command 0x0406 tx timeout [ 781.113366][ T5856] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 781.123255][ T5856] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 781.133498][ T5856] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 781.146600][ T5856] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 781.156570][ T5856] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 781.163946][ T5856] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 781.257681][ T5145] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 781.268076][ T5145] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 781.279613][ T5145] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 781.292886][ T5145] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 781.318153][ T5145] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 781.325748][ T5145] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 781.415689][ T5145] Bluetooth: hci8: command tx timeout [ 781.735567][ T5145] Bluetooth: hci12: command tx timeout [ 782.143929][ T5145] Bluetooth: hci13: command tx timeout [ 783.256377][ T5145] Bluetooth: hci14: command tx timeout [ 783.416570][ T5145] Bluetooth: hci15: command tx timeout [ 783.496546][ T5145] Bluetooth: hci8: command tx timeout [ 783.816571][ T5145] Bluetooth: hci12: command tx timeout [ 784.216931][ T5145] Bluetooth: hci13: command tx timeout [ 785.337449][ T5857] Bluetooth: hci14: command tx timeout [ 785.497606][ T5857] Bluetooth: hci15: command tx timeout [ 785.577644][ T5857] Bluetooth: hci8: command tx timeout [ 785.668527][ T5857] Bluetooth: hci10: command 0x0406 tx timeout [ 785.674733][ T5857] Bluetooth: hci11: command 0x0406 tx timeout [ 785.684518][ T5857] Bluetooth: hci9: command 0x0406 tx timeout [ 785.897794][ T5856] Bluetooth: hci12: command tx timeout [ 786.300477][ T5856] Bluetooth: hci13: command tx timeout [ 787.418443][ T5856] Bluetooth: hci14: command tx timeout [ 787.578671][ T5856] Bluetooth: hci15: command tx timeout [ 787.658600][ T5856] Bluetooth: hci8: command tx timeout [ 787.968870][ T5856] Bluetooth: hci12: command tx timeout [ 788.379062][ T5856] Bluetooth: hci13: command tx timeout [ 789.279377][T20587] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 789.315764][T20587] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 789.325346][T20587] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 789.336331][T20587] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 789.345838][T20587] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 789.353801][T20587] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 789.499509][T20587] Bluetooth: hci14: command tx timeout [ 789.659671][T20587] Bluetooth: hci15: command tx timeout [ 791.420483][T20587] Bluetooth: hci16: command tx timeout [ 793.501388][T20587] Bluetooth: hci16: command tx timeout [ 795.582555][T20587] Bluetooth: hci16: command tx timeout [ 797.663555][T20587] Bluetooth: hci16: command tx timeout [ 807.908838][ T30] INFO: task syz-executor:20599 blocked for more than 143 seconds. [ 807.917537][ T30] Not tainted 6.12.0-rc5-syzkaller #0 [ 807.969708][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 808.018552][ T30] task:syz-executor state:D stack:24128 pid:20599 tgid:20599 ppid:1 flags:0x00004006 [ 808.076843][ T30] Call Trace: [ 808.089416][ T30] [ 808.092417][ T30] __schedule+0x18af/0x4bd0 [ 808.096972][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 808.217377][ T30] ? __pfx___schedule+0x10/0x10 [ 808.288790][ T30] ? __pfx_lock_release+0x10/0x10 [ 808.293912][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 808.375663][ T30] ? schedule+0x90/0x320 [ 808.384430][ T30] schedule+0x14b/0x320 [ 808.408691][ T30] schedule_preempt_disabled+0x13/0x30 [ 808.414202][ T30] __mutex_lock+0x6a7/0xd70 [ 808.477751][ T30] ? xas_find_marked+0xf5d/0x10e0 [ 808.526423][ T30] ? __mutex_lock+0x52a/0xd70 [ 808.538734][ T30] ? add_one_compat_dev+0x10d/0x710 [ 808.543991][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 808.610906][ T30] ? xa_find+0x36c/0x420 [ 808.615237][ T30] ? __pfx_down_read+0x10/0x10 [ 808.682135][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 808.687864][ T30] add_one_compat_dev+0x10d/0x710 [ 808.758278][ T30] ? fs_reclaim_acquire+0x93/0x130 [ 808.779059][ T30] rdma_dev_init_net+0x1f1/0x280 [ 808.784074][ T30] ? __pfx_rdma_dev_init_net+0x10/0x10 [ 808.837136][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 808.869617][ T30] ops_init+0x320/0x590 [ 808.873850][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 808.921861][ T30] setup_net+0x287/0x9e0 [ 808.926194][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 808.965619][ T30] ? __pfx_setup_net+0x10/0x10 [ 808.989168][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 808.994869][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 809.059122][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 809.064887][ T30] copy_net_ns+0x33f/0x570 [ 809.108529][ T30] create_new_namespaces+0x425/0x7b0 [ 809.119031][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 809.124819][ T30] ksys_unshare+0x57d/0xa70 [ 809.179073][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 809.184600][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.192252][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 809.198636][ T30] ? do_syscall_64+0x100/0x230 [ 809.215828][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.249283][ T30] __x64_sys_unshare+0x38/0x40 [ 809.254206][ T30] do_syscall_64+0xf3/0x230 [ 809.258746][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.345818][ T30] RIP: 0033:0x7fca42f7ff17 [ 809.353604][ T30] RSP: 002b:00007ffdcf681d38 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 809.397910][ T30] RAX: ffffffffffffffda RBX: 00007fca43135f40 RCX: 00007fca42f7ff17 [ 809.442012][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 809.489375][ T30] RBP: 00007fca43136a38 R08: 0000000000000000 R09: 0000000000000000 [ 809.497426][ T30] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000c [ 809.586560][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 809.618441][ T30] [ 809.625903][ T30] [ 809.625903][ T30] Showing all locks held in the system: [ 809.640793][ T30] 3 locks held by kworker/0:0/8: [ 809.645755][ T30] 4 locks held by kworker/0:1/9: [ 809.660525][ T30] 3 locks held by kworker/u8:0/11: [ 809.665686][ T30] 1 lock held by khungtaskd/30: [ 809.700058][ T30] #0: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 809.720021][ T30] 3 locks held by kworker/u8:4/61: [ 809.725168][ T30] #0: ffff88801ac81148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 809.744585][ T30] #1: ffffc900015c7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 809.762153][ T30] #2: ffffffff8fcd3248 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 809.785850][ T30] 2 locks held by kworker/0:2/963: [ 809.799589][ T30] 2 locks held by kworker/u8:7/3470: [ 809.805017][ T30] 1 lock held by dhcpcd/5501: [ 809.818929][ T30] #0: ffffffff8fcd3248 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 809.853595][ T30] 2 locks held by getty/5589: [ 809.858315][ T30] #0: ffff8880350fa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 809.878884][ T30] #1: ffffc900032532f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 809.899500][ T30] 3 locks held by kworker/1:3/5843: [ 809.904730][ T30] #0: ffff88801ac78948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 809.929778][ T30] #1: ffffc90003a07d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 809.948386][ T30] #2: ffffffff8fcd3248 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 809.964196][ T30] 2 locks held by kworker/0:3/5898: [ 809.984837][ T30] 3 locks held by kworker/u8:9/14790: [ 809.999453][ T30] #0: ffff88814d14b148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 810.019739][ T30] #1: ffffc9001caf7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 810.048013][ T30] #2: ffffffff8fcd3248 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 810.062747][ T30] 6 locks held by kworker/u8:10/20566: [ 810.076076][ T30] #0: ffff88801bae5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 810.090878][ T30] #1: ffffc9000324fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 810.117032][ T30] #2: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 810.131623][ T30] #3: ffff88805e4ce0e8 (&dev->mutex){....}-{3:3}, at: devlink_pernet_pre_exit+0x13b/0x440 [ 810.154620][ T30] #4: ffff88805e4cf250 (&devlink->lock_key#4){+.+.}-{3:3}, at: devlink_pernet_pre_exit+0x14d/0x440 [ 810.176069][ T30] #5: ffffffff8fcd3248 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0 [ 810.187832][ T30] 6 locks held by syz-executor/20582: [ 810.199160][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 810.211441][ T30] #1: ffffffff8fa422d0 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 810.228290][ T30] #2: ffffffff8fa42490 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 810.266694][ T30] #3: ffff88807b41cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 810.287905][ T30] #4: ffff88807b41d230 (&rxe->usdev_lock){+.+.}-{3:3}, at: rxe_query_port+0x61/0x260 [ 810.298091][ T30] #5: ffffffff8fcd3248 (rtnl_mutex){+.+.}-{3:3}, at: ib_get_eth_speed+0x153/0x800 [ 810.316170][ T30] 2 locks held by syz-executor/20583: [ 810.324321][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 810.342589][ T30] #1: ffffffff8fcd3248 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 810.366167][ T30] 2 locks held by syz-executor/20594: [ 810.382402][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 810.403204][ T30] #1: ffffffff8fcd3248 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 810.418896][ T30] 1 lock held by syz-executor/20598: [ 810.426884][ T30] #0: ffffffff8fcd3248 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_newlink+0xab7/0x20a0 [ 810.445079][ T30] 4 locks held by syz-executor/20599: [ 810.453084][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 810.470214][ T30] #1: ffffffff8fa422d0 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 810.486201][ T30] #2: ffffffff8fa42490 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 810.508812][ T30] #3: ffff88807b41cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 810.529788][ T30] 2 locks held by syz-executor/20992: [ 810.540953][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 810.557850][ T30] #1: ffffffff8fcd3248 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 810.569552][ T30] 4 locks held by syz-executor/20993: [ 810.585759][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 810.598019][ T30] #1: ffffffff8fa422d0 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 810.620019][ T30] #2: ffffffff8fa42490 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 810.650126][ T30] #3: ffff88807b41cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 810.668588][ T30] 4 locks held by syz-executor/20997: [ 810.674284][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 810.689809][ T30] #1: ffffffff8fa422d0 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 810.699574][ T30] #2: ffffffff8fa42490 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 810.718643][ T30] #3: ffff88807b41cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 810.737636][ T30] 4 locks held by syz-executor/21004: [ 810.751766][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 810.776309][ T30] #1: ffffffff8fa422d0 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 810.791780][ T30] #2: ffffffff8fa42490 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 810.809864][ T30] #3: ffff88807b41cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 810.829494][ T30] 4 locks held by syz-executor/21006: [ 810.835162][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 810.857288][ T30] #1: ffffffff8fa422d0 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 810.874546][ T30] #2: ffffffff8fa42490 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 810.894464][ T30] #3: ffff88807b41cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 810.913744][ T30] 4 locks held by syz-executor/21009: [ 810.919174][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 810.938685][ T30] #1: ffffffff8fa422d0 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 810.966077][ T30] #2: ffffffff8fa42490 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 810.981738][ T30] #3: ffff88807b41cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 811.005431][ T30] 4 locks held by syz-executor/21018: [ 811.012222][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 811.030182][ T30] #1: ffffffff8fa422d0 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 811.043141][ T30] #2: ffffffff8fa42490 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 811.072994][ T30] #3: ffff88807b41cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 811.098325][ T30] 4 locks held by syz-executor/21023: [ 811.110081][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 811.119625][ T30] #1: ffffffff8fa422d0 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 811.137858][ T30] #2: ffffffff8fa42490 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 811.148365][ T30] #3: ffff88807b41cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 811.169700][ T30] 4 locks held by syz-executor/21025: [ 811.181700][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 811.212397][ T30] #1: ffffffff8fa422d0 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 811.229273][ T30] #2: ffffffff8fa42490 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 811.240870][ T30] #3: ffff88807b41cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 811.261742][ T30] 4 locks held by syz-executor/21029: [ 811.267147][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 811.287891][ T30] #1: ffffffff8fa422d0 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 811.304693][ T30] #2: ffffffff8fa42490 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 811.324744][ T30] #3: ffff88807b41cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 811.348323][ T30] 1 lock held by syz-executor/21031: [ 811.360149][ T30] #0: ffffffff8fcd3248 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 811.369661][ T30] 4 locks held by syz-executor/21038: [ 811.386613][ T30] #0: ffffffff8fcc6750 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 811.404563][ T30] #1: ffffffff8fa422d0 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 811.420727][ T30] #2: ffffffff8fa42490 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 811.438351][ T30] #3: ffff88807b41cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 811.457895][ T30] [ 811.471657][ T30] ============================================= [ 811.471657][ T30] [ 811.480096][ T30] NMI backtrace for cpu 1 [ 811.484434][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc5-syzkaller #0 [ 811.493219][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 811.503300][ T30] Call Trace: [ 811.506600][ T30] [ 811.509564][ T30] dump_stack_lvl+0x241/0x360 [ 811.514276][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 811.519503][ T30] ? __pfx__printk+0x10/0x10 [ 811.524134][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 811.529110][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 811.534607][ T30] ? _printk+0xd5/0x120 [ 811.538826][ T30] ? __pfx__printk+0x10/0x10 [ 811.543457][ T30] ? __wake_up_klogd+0xcc/0x110 [ 811.548345][ T30] ? __pfx__printk+0x10/0x10 [ 811.552960][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 811.558635][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 811.563698][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 811.569714][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 811.575819][ T30] watchdog+0xff4/0x1040 [ 811.580096][ T30] ? watchdog+0x1ea/0x1040 [ 811.584550][ T30] ? __pfx_watchdog+0x10/0x10 [ 811.589266][ T30] kthread+0x2f2/0x390 [ 811.593358][ T30] ? __pfx_watchdog+0x10/0x10 [ 811.598068][ T30] ? __pfx_kthread+0x10/0x10 [ 811.602700][ T30] ret_from_fork+0x4d/0x80 [ 811.607156][ T30] ? __pfx_kthread+0x10/0x10 [ 811.611775][ T30] ret_from_fork_asm+0x1a/0x30 [ 811.616587][ T30] [ 811.621097][ T30] Sending NMI from CPU 1 to CPUs 0: [ 811.626331][ C0] NMI backtrace for cpu 0 [ 811.626348][ C0] CPU: 0 UID: 0 PID: 963 Comm: kworker/0:2 Not tainted 6.12.0-rc5-syzkaller #0 [ 811.626373][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 811.626390][ C0] Workqueue: wg-crypt-wg0 wg_packet_tx_worker [ 811.626428][ C0] RIP: 0010:usb_hcd_submit_urb+0x618/0x1e80 [ 811.626458][ C0] Code: 8f be 03 00 00 00 ba 01 00 00 00 31 c9 e8 30 a2 35 fa eb 05 e8 59 17 5d fa 4c 89 ff e8 81 94 00 00 48 c7 44 24 60 0e 36 e0 45 <43> c7 44 25 00 00 00 00 00 4b c7 44 25 10 00 00 00 00 65 48 8b 04 [ 811.626477][ C0] RSP: 0018:ffffc900000076c0 EFLAGS: 00000046 [ 811.626497][ C0] RAX: ffffffff8737beb9 RBX: 0000000000000000 RCX: ffff888025f2da00 [ 811.626516][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 811.626531][ C0] RBP: ffffc90000007838 R08: ffffffff8737beac R09: 1ffff110050d6800 [ 811.626549][ C0] R10: dffffc0000000000 R11: ffffed10050d6801 R12: 1ffff92000000ee4 [ 811.626568][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888144bd2218 [ 811.626589][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 811.626609][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 811.626626][ C0] CR2: 00007f85dcd19e10 CR3: 000000000e734000 CR4: 0000000000350ef0 [ 811.626646][ C0] Call Trace: [ 811.626655][ C0] [ 811.626665][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 811.626699][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 811.626737][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 811.626769][ C0] ? nmi_handle+0x2a/0x5a0 [ 811.626805][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 811.626837][ C0] ? nmi_handle+0x151/0x5a0 [ 811.626862][ C0] ? nmi_handle+0x2a/0x5a0 [ 811.626892][ C0] ? usb_hcd_submit_urb+0x618/0x1e80 [ 811.626919][ C0] ? default_do_nmi+0x63/0x160 [ 811.626953][ C0] ? exc_nmi+0x123/0x1f0 [ 811.626986][ C0] ? end_repeat_nmi+0xf/0x53 [ 811.627017][ C0] ? usb_hcd_submit_urb+0x37c/0x1e80 [ 811.627042][ C0] ? usb_hcd_submit_urb+0x389/0x1e80 [ 811.627069][ C0] ? usb_hcd_submit_urb+0x618/0x1e80 [ 811.627096][ C0] ? usb_hcd_submit_urb+0x618/0x1e80 [ 811.627124][ C0] ? usb_hcd_submit_urb+0x618/0x1e80 [ 811.627151][ C0] [ 811.627159][ C0] [ 811.627175][ C0] ? __pfx_usb_hcd_submit_urb+0x10/0x10 [ 811.627200][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 811.627232][ C0] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 811.627259][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 811.627288][ C0] ? usb_submit_urb+0x10e4/0x1930 [ 811.627319][ C0] ? kcov_remote_start+0x97/0x7d0 [ 811.627352][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 811.627386][ C0] ath9k_hif_usb_reg_in_cb+0x4ce/0x6e0 [ 811.627420][ C0] ? usb_unanchor_urb+0x7d/0xc0 [ 811.627452][ C0] __usb_hcd_giveback_urb+0x42e/0x6e0 [ 811.627482][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 811.627508][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 811.627540][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 811.627569][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 811.627604][ C0] dummy_timer+0x856/0x4620 [ 811.627637][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 811.627672][ C0] ? debug_object_deactivate+0x2d5/0x390 [ 811.627724][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 811.627771][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 811.627808][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 811.627841][ C0] __hrtimer_run_queues+0x59d/0xd50 [ 811.627866][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 811.627914][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 811.627939][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 811.627968][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 811.628004][ C0] hrtimer_run_softirq+0x19a/0x2c0 [ 811.628033][ C0] handle_softirqs+0x2c7/0x980 [ 811.628069][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 811.628103][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 811.628137][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 811.628166][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 811.628191][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 811.628222][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 811.628256][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 811.628288][ C0] irq_exit_rcu+0x9/0x30 [ 811.628317][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 811.628341][ C0] [ 811.628350][ C0] [ 811.628360][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 811.628386][ C0] RIP: 0010:preempt_schedule_irq+0xf6/0x1c0 [ 811.628413][ C0] Code: 89 f5 49 c1 ed 03 eb 0d 48 f7 03 08 00 00 00 0f 84 8b 00 00 00 bf 01 00 00 00 e8 65 21 94 f5 e8 80 94 cd f5 fb bf 01 00 00 00 e5 ab ff ff 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 35 8b 2f f6 48 [ 811.628433][ C0] RSP: 0018:ffffc9000391f900 EFLAGS: 00000286 [ 811.628452][ C0] RAX: f1b1c241914d1800 RBX: 1ffff92000723f28 RCX: ffffffff8170be1a [ 811.628471][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0acaa0 RDI: 0000000000000001 [ 811.628488][ C0] RBP: ffffc9000391f9c0 R08: ffffffff942ca8f7 R09: 1ffffffff285951e [ 811.628507][ C0] R10: dffffc0000000000 R11: fffffbfff285951f R12: 1ffff92000723f20 [ 811.628525][ C0] R13: 1ffff92000723f24 R14: ffffc9000391f920 R15: dffffc0000000000 [ 811.628550][ C0] ? mark_lock+0x9a/0x360 [ 811.628577][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 811.628604][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 811.628648][ C0] irqentry_exit+0x5e/0x90 [ 811.628672][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 811.628699][ C0] RIP: 0010:__local_bh_enable_ip+0x170/0x200 [ 811.628731][ C0] Code: 8c e8 44 89 6f 0a 65 66 8b 05 a4 5a ac 7e 66 85 c0 75 5d bf 01 00 00 00 e8 9d b0 0b 00 e8 18 22 45 00 fb 65 8b 05 68 5a ac 7e <85> c0 75 05 e8 27 39 a9 ff 48 c7 44 24 20 0e 36 e0 45 49 c7 04 1c [ 811.628751][ C0] RSP: 0018:ffffc9000391fa80 EFLAGS: 00000282 [ 811.628770][ C0] RAX: 0000000080000000 RBX: 1ffff92000723f54 RCX: ffffffff8170be1a [ 811.628788][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0acaa0 RDI: ffffffff8c610360 [ 811.628807][ C0] RBP: ffffc9000391fb40 R08: ffffffff942ca8f7 R09: 1ffffffff285951e [ 811.628825][ C0] R10: dffffc0000000000 R11: fffffbfff285951f R12: dffffc0000000000 [ 811.628844][ C0] R13: 1ffff92000723f58 R14: ffffc9000391fac0 R15: 0000000000000200 [ 811.628867][ C0] ? mark_lock+0x9a/0x360 [ 811.628899][ C0] ? wg_packet_tx_worker+0x25f/0x810 [ 811.628934][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 811.628965][ C0] ? rcu_read_lock_bh_held+0x7e/0x120 [ 811.628994][ C0] ? __pfx_rcu_read_lock_bh_held+0x10/0x10 [ 811.629027][ C0] ? wg_packet_tx_worker+0x25f/0x810 [ 811.629061][ C0] wg_packet_tx_worker+0x755/0x810 [ 811.629096][ C0] ? wg_packet_tx_worker+0x25f/0x810 [ 811.629131][ C0] ? process_scheduled_works+0x976/0x1850 [ 811.629165][ C0] process_scheduled_works+0xa65/0x1850 [ 811.629216][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 811.629255][ C0] ? assign_work+0x364/0x3d0 [ 811.629290][ C0] worker_thread+0x870/0xd30 [ 811.629332][ C0] ? __kthread_parkme+0x169/0x1d0 [ 811.629369][ C0] ? __pfx_worker_thread+0x10/0x10 [ 811.629403][ C0] kthread+0x2f2/0x390 [ 811.629425][ C0] ? __pfx_worker_thread+0x10/0x10 [ 811.629458][ C0] ? __pfx_kthread+0x10/0x10 [ 811.629482][ C0] ret_from_fork+0x4d/0x80 [ 811.629515][ C0] ? __pfx_kthread+0x10/0x10 [ 811.629539][ C0] ret_from_fork_asm+0x1a/0x30 [ 811.629582][ C0] [ 812.387905][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 812.394809][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc5-syzkaller #0 [ 812.403589][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 812.413658][ T30] Call Trace: [ 812.416952][ T30] [ 812.419899][ T30] dump_stack_lvl+0x241/0x360 [ 812.424612][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 812.429836][ T30] ? __pfx__printk+0x10/0x10 [ 812.434454][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 812.440481][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 812.446166][ T30] ? vscnprintf+0x5d/0x90 [ 812.450527][ T30] panic+0x349/0x880 [ 812.454442][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 812.460103][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 812.466317][ T30] ? __pfx_panic+0x10/0x10 [ 812.470884][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 812.476283][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 812.481964][ T30] ? __irq_work_queue_local+0x137/0x410 [ 812.487540][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 812.493197][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 812.498590][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 812.504775][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 812.510965][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 812.516620][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 812.522826][ T30] watchdog+0x1033/0x1040 [ 812.527193][ T30] ? watchdog+0x1ea/0x1040 [ 812.531647][ T30] ? __pfx_watchdog+0x10/0x10 [ 812.536354][ T30] kthread+0x2f2/0x390 [ 812.540442][ T30] ? __pfx_watchdog+0x10/0x10 [ 812.545146][ T30] ? __pfx_kthread+0x10/0x10 [ 812.549754][ T30] ret_from_fork+0x4d/0x80 [ 812.554206][ T30] ? __pfx_kthread+0x10/0x10 [ 812.558820][ T30] ret_from_fork_asm+0x1a/0x30 [ 812.563630][ T30] [ 812.567907][ T30] Kernel Offset: disabled [ 812.572229][ T30] Rebooting in 86400 seconds..