last executing test programs: 1m32.572806392s ago: executing program 3 (id=1434): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x406, &(0x7f0000000140)={[{@userxattr}, {@nfs_export_on}], [], 0x2c}) 1m32.279273431s ago: executing program 3 (id=1437): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020b06050e020909430009003f00064c0a000000040085a168d0bf46d32345653600648d04000500eb16000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a3200040016000b000a0000000000e000e018d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) 1m31.64452615s ago: executing program 3 (id=1441): r0 = socket(0x1e, 0x4, 0x0) connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmmsg$unix(r0, &(0x7f0000004400), 0x400000000000203, 0x0) connect$tipc(r0, &(0x7f0000000440)=@id={0x1e, 0x3, 0x1, {0x4e23, 0x2}}, 0x10) 1m31.059575803s ago: executing program 3 (id=1446): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000080)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@nodioread_nolock}, {@quota}, {@quota}]}, 0x3, 0x443, &(0x7f0000000dc0)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=") mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000640)='./file0\x00', 0x0, 0x2901090, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') pivot_root(&(0x7f0000000340)='.\x00', &(0x7f0000000180)='./file0/../file0/../file0\x00') 1m30.384366939s ago: executing program 3 (id=1453): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x800}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 1m26.708360681s ago: executing program 3 (id=1480): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000001680)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) 1m25.10070532s ago: executing program 32 (id=1480): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = socket(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000001680)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) 4.37033414s ago: executing program 2 (id=1996): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x54c, 0x3d5, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x9, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x1}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 3.877067663s ago: executing program 4 (id=2002): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./bus\x00', 0x4040, &(0x7f00000015c0)=ANY=[], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x404043000) 2.667755875s ago: executing program 0 (id=2009): r0 = shmget$private(0x0, 0x4000, 0x10, &(0x7f0000000000/0x4000)=nil) shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00') preadv(r1, &(0x7f0000000440)=[{&(0x7f0000000100)=""/230, 0xe6}], 0x1, 0x5f0e, 0x0) 2.641139785s ago: executing program 4 (id=2010): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000180)=0x4f1d, 0x4) sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0) 2.515856721s ago: executing program 1 (id=2011): syz_io_uring_setup(0x588b, &(0x7f0000000040)={0x0, 0xd9a1, 0x10000, 0x2, 0x1e6}, 0x0, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00'}) r0 = socket$isdn_base(0x22, 0x3, 0x0) ioctl(r0, 0x8b32, &(0x7f0000000040)) 2.292513761s ago: executing program 5 (id=2012): socketpair$unix(0x1, 0x2, 0x0, 0x0) unshare(0x20060400) pipe(&(0x7f0000000140)={0xffffffffffffffff}) fallocate(r0, 0x1a, 0xc, 0x8) 2.139041315s ago: executing program 2 (id=2013): r0 = socket$kcm(0x29, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/kcm\x00') ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000140)={r0}) preadv(r1, &(0x7f0000000100)=[{&(0x7f0000000000)=""/250, 0xfa}], 0x1, 0x185, 0x0) 2.123147786s ago: executing program 1 (id=2014): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x6], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x3], [0x0, 0x8]}}]}}]}, 0x8c}}, 0x0) 2.115454987s ago: executing program 0 (id=2015): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x50, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}, @TCA_RATE={0x6, 0x5, {0x4, 0x92}}]}, 0x50}}, 0x0) 1.97590793s ago: executing program 5 (id=2016): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_4ADDR={0x5}]}, 0x24}}, 0x4000000) 1.879776117s ago: executing program 4 (id=2017): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) shutdown(r0, 0x1) connect$bt_rfcomm(r0, &(0x7f0000000200)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa) close(r0) 1.705254098s ago: executing program 1 (id=2018): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000002304e800000000000000ea850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x10, 0x7, 0x70bd25, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@dev, 0x2000000, 0x2b}, @in6=@private1, {}, {0x0, 0x200000, 0x7}, {0x0, 0x400000}, 0x0, 0x3500, 0xa, 0x1, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in=@private=0xa010101}]}, 0x104}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 1.692771316s ago: executing program 0 (id=2019): syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000580), 0x1, 0x539, &(0x7f00000005c0)="$eJzs3V9v01YfwPGfS8tT5ZHQo+d5hFBV4FA2qZVKcBIIirjBc07SA44d2Q5qr1BFW1SRwkSZtPaOG7ZJ24vgdi9id7va7d4G2kvY5D8tKW2S0pIGVd9PBOfEPjnnd1LLPzmJbQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGK5ddsuWeIZv7Os+nPrYdAasH4i72/hQDFgXBEr+SfT03IlW3Tl/x9WX07+m5NZkT9FZFamk+fTsvvvy/+5/7/Jib3XDwjoTGzv7D5f7XbXX407kDFpat9EgWk5Ta1MFKhatWrfXmpEqmE8Ha1EsW4pN9ROHIRq3l1QpVqtonRxJej4zbrj6b2F926VbbuqHhbb2gmjwL/9sBi5S8bzjN9M2ySrkzb3kg3xkYlVrJ2WUhub3fXKsCCTRqXjNCoPa1S2y+VSqVwuVe/W7t6z7clDC+yPyKEW499oMV4j2IsDJzOR53/xxIgvHVkWdeTDlbqEEkjrwNIH+7VcmvgnZOHr2w8Gjtub/2ezRbNXPqyekTT/X8ueXeuX//vEenaPbdmRXXkuq9KVrqzLq5P2dH38cznJoylafDESSSBGWuKkS1S+RElNqlIVW57IkjQkEiUNMeKJlkhWJJJYdLpFuRKKFkdiCSQUJfPiyoIoKUlNalIRJVqKsiKBdMSXptTFSXvZkM30fa8MiHG/Uek4jcoDGpH/cXqj2I0DJ/L3Xv4HAAAAAADnlpV++p4c/0/J1bTWMJ62xx0WAAAAAAD4jNJv/meTYiqpXRWL438AAAAAAM4bKz3HzhKRglzPantnQvEhAAAAAAAA50T6/f+1pCgkteticfwPAAAAAMB58+P+1Xf7XWM3av/L+u0vCcMp6017+Stry0naOVsXstdd+LjHuDFjXco7SYvqZP7M1bNWfvXL/Ytgvs+LjWFxWJ8hAPlZbmRtbqxl5dremmyUQsN4uugG3v2SOM6liVgvx9+92Pxe0un/5LcuWbKx2V0vPn3ZXUtjeZP08mYrv4DioesoDojldXq9hfSciyNnPJWeiJGPW8jGtXvnn99yYeITxnwrc1mbuUJWFg7OfzoZs1S8X5LJo2afR1E65czfys2szc35m1lxRBTl4oe/wR95nweiKPdGcaL34hhRVIr9toQ8isopowCAcdkYkoWsw4n/BHu5Q9n94iiy+1uZz9rMz6Q71smZI/bo9rA9un3K7PbroXsg9cuxybi/fJRV3yUveNd33MgrW8lbeOH11rdyeXtn99bm1uqz9WfrL8rlStW+Y9t3yzKVTiMvyD0AgCMMv8fO0BbWnSFH1f/d/0lBUZ7KS+nKmiymZxukvzg4stdCz88QFocctRZ67vCyOOSortBzo5fjt62cwV8CAICzMzckDx8n/y8OOe4+mMsHHx335vIhBt9gEAAA9KXD91Yh/sEKQ9N+UqrVSk68pFUYuI9UaOpNrYwf69BdcvymVu0wiAM38JLKY1PXkYo67XYQxqoRhKodRGY5vfO7ym/9HumW48fGjdqediKt3MCPHTdWdRO5qt35xjPRkg7TF0dt7ZqG+T3/xDvohK4uKhVp3dPQ1LUfm4ZJqr5qh6blhCvqceB1WlrVdeSGph0HWYd7Yxm/EYQtJzaBXxz3mw0AwBdie2f3+Wq3u/5qhJVxzxEAABxElgYAAAAAAAAAAAAAAAAAAAAA4Ms3stP+LuYDjPTMQiojrHzqtjHxBcRM5eSVi3JgyZh3TABG7p8AAAD//xR6Tls=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fstatfs(r0, &(0x7f00000000c0)=""/226) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 1.60854447s ago: executing program 2 (id=2020): r0 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0xcd1d, 0x10100, 0x1}, &(0x7f0000000000)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x0, @fd_index=0x5, 0x0, &(0x7f00000001c0)=[{0x0}], 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee8, 0x2031, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x26c3, 0xdffffffb, 0x4c, 0x0, 0x0) 1.506655211s ago: executing program 5 (id=2021): r0 = inotify_init() close_range(r0, r0, 0x2) openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0xa2a0c2, 0x0) inotify_rm_watch(r0, 0x0) 1.31862469s ago: executing program 4 (id=2022): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) fchdir(r0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x9800, &(0x7f0000001dc0)={0x0, 0x0, 0x100000}, 0x20) 1.315705491s ago: executing program 0 (id=2023): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$MON_IOCX_GETX(r2, 0x4018920a, &(0x7f00000000c0)={&(0x7f00000012c0), 0x0}) 1.199962581s ago: executing program 2 (id=2024): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f00000001c0)={0xdb4, 0x1, 0x2, "3b9ff15183ec79ac3234ffb108ea1b6d40b737ca9bc66e4b922b07872c7b1092", 0x38416761}) 1.168299364s ago: executing program 1 (id=2025): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073794f310000000008000440080000000900010073797a3000000000080003400000000114000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f50000000000000000020000000900020073797a31000000000800034000000001"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0) 1.075554605s ago: executing program 5 (id=2026): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{&(0x7f0000000180)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000540)="b1", 0x1}], 0x1}}], 0x1, 0x8004804) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f00000000c0), 0x4) 782.631726ms ago: executing program 4 (id=2027): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000003d00)={0x20000002}) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000000)={0x40000001}) 767.731324ms ago: executing program 2 (id=2028): mknod(&(0x7f0000000300)='./bus\x00', 0x8000, 0x3) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f0000000180)='jfs\x00', 0x400080, &(0x7f00000001c0)='discard') 739.052226ms ago: executing program 0 (id=2029): prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0) 451.57912ms ago: executing program 5 (id=2030): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) fcntl$lock(r0, 0x26, &(0x7f0000000000)={0x0, 0x0, 0x3}) fcntl$lock(r0, 0x25, &(0x7f0000000240)={0x1, 0x2, 0x6, 0x7}) fcntl$lock(r0, 0x5, &(0x7f0000000140)={0x1, 0x2, 0x3c1, 0x3}) 450.912988ms ago: executing program 1 (id=2031): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xfffc}, 0xe) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000003000)={0x2}, 0x2) sendmmsg$inet(r0, &(0x7f0000006540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x854) 241.865049ms ago: executing program 4 (id=2032): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7fc}, 0xe) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r0, r0, 0xb, 0x0, 0x0, 0x8, 0xb6, 0x7f, 0x7, 0x801, 0x2, 0x10, 'syz0\x00'}) 235.644329ms ago: executing program 2 (id=2033): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x18, 0x209, 0x0, 0x0, {0x2}, [@typed={0x8, 0x800, 0x0, 0x0, @u32}, @nested={0x10, 0x9, 0x0, 0x1, [@typed={0xb, 0x0, 0x0, 0x0, @str='{&(/(:\x00'}]}]}, 0x2c}}, 0x0) 136.438477ms ago: executing program 0 (id=2034): ioprio_set$pid(0x2, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) 79.982635ms ago: executing program 5 (id=2035): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="001004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f0000000540)={0x40, 0x15, 0x6, "2ea049791a6d"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 1 (id=2036): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000010c0)=@newlink={0x40, 0x10, 0xc3b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x1006}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_FWMARK={0x8, 0x14, 0x5}]}}}]}, 0x40}}, 0x40080c0) kernel console output (not intermixed with test programs): 380.058163][ T8043] allowing incompatible features above 0.0: (unknown version) [ 380.066224][ T8043] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 380.084768][ T8043] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 380.095061][ T8043] bcachefs (loop3): recovering from clean shutdown, journal seq 10 [ 380.104732][ T8043] bcachefs (loop3): Version upgrade required: [ 380.104732][ T8043] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 380.104732][ T8043] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 380.104732][ T8043] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 380.185276][ T8043] bcachefs (loop3): dropping and reconstructing all alloc info [ 380.346822][ T8043] bcachefs (loop3): accounting_read... done [ 380.364985][ T8043] bcachefs (loop3): alloc_read... done [ 380.374200][ T8043] bcachefs (loop3): snapshots_read... done [ 380.395604][ T8043] bcachefs (loop3): done starting filesystem [ 380.525898][ T8043] syz.3.862 (8043) used greatest stack depth: 4096 bytes left [ 380.541322][ T5858] hid-steam 0003:28DE:1142.0008: unknown main item tag 0x0 [ 380.548023][ T5808] bcachefs (loop3): shutting down [ 380.550264][ T5858] hid-steam 0003:28DE:1142.0008: unknown main item tag 0x0 [ 380.561529][ T5858] hid-steam 0003:28DE:1142.0008: unknown main item tag 0x0 [ 380.575062][ T5858] hid-steam 0003:28DE:1142.0008: unknown main item tag 0x0 [ 380.582965][ T5858] hid-steam 0003:28DE:1142.0008: unknown main item tag 0x0 [ 380.655384][ T5808] bcachefs (loop3): shutdown complete [ 380.703693][ T5858] hid-steam 0003:28DE:1142.0008: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 380.745854][ T5858] usb 2-1: USB disconnect, device number 4 [ 382.722012][ T8067] loop0: detected capacity change from 0 to 32768 [ 382.735787][ T8063] loop2: detected capacity change from 0 to 65536 [ 382.762324][ T8067] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.870 (8067) [ 382.795796][ T8063] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 382.809561][ T8067] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 382.820215][ T8067] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm [ 382.830725][ T8067] BTRFS info (device loop0): using free-space-tree [ 382.989328][ T8063] XFS (loop2): Ending clean mount [ 383.000247][ T8063] XFS (loop2): Quotacheck needed: Please wait. [ 383.092483][ T8063] XFS (loop2): Quotacheck: Done. [ 383.281758][ T5804] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 383.305393][ T5798] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 384.340416][ T8098] loop4: detected capacity change from 0 to 512 [ 384.455805][ T8098] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 384.630105][ T8098] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 384.754116][ T8098] EXT4-fs (loop4): orphan cleanup on readonly fs [ 384.840915][ T8098] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.874: bg 0: block 361: padding at end of block bitmap is not set [ 384.978324][ T8098] EXT4-fs (loop4): Remounting filesystem read-only [ 385.024718][ T8098] EXT4-fs (loop4): 1 truncate cleaned up [ 385.032585][ T8098] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 385.539331][ T5812] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 385.675016][ T1897] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 385.862055][ T1897] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 385.870799][ T1897] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 385.880216][ T1897] usb 2-1: config 220 has an invalid descriptor of length 217, skipping remainder of the config [ 385.891107][ T1897] usb 2-1: config 220 has no interface number 2 [ 385.897763][ T1897] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 385.911330][ T1897] usb 2-1: config 220 interface 0 has no altsetting 0 [ 385.922804][ T1897] usb 2-1: config 220 interface 76 has no altsetting 0 [ 385.932349][ T1897] usb 2-1: config 220 interface 1 has no altsetting 0 [ 386.071886][ T1897] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 386.081707][ T1897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.090192][ T1897] usb 2-1: Product: syz [ 386.094806][ T1897] usb 2-1: Manufacturer: syz [ 386.099647][ T1897] usb 2-1: SerialNumber: syz [ 386.451119][ T1897] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 386.458075][ T1897] usb 2-1: No valid video chain found. [ 386.464095][ T1897] usb 2-1: selecting invalid altsetting 0 [ 386.542453][ T1897] usb 2-1: selecting invalid altsetting 0 [ 386.548644][ T1897] usbtest 2-1:220.1: probe with driver usbtest failed with error -22 [ 386.595067][ T1897] usb 2-1: USB disconnect, device number 5 [ 386.947698][ T8127] loop3: detected capacity change from 0 to 64 [ 387.056462][ T8129] netlink: 16 bytes leftover after parsing attributes in process `syz.2.887'. [ 387.415972][ T8134] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 387.511065][ T8141] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 387.511065][ T8141] The task syz.1.890 (8141) triggered the difference, watch for misbehavior. [ 387.577871][ T30] audit: type=1326 audit(1751535993.457:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8139 comm="syz.2.892" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb187b8e929 code=0x0 [ 388.884082][ T8161] loop2: detected capacity change from 0 to 256 [ 388.960042][ T8161] exFAT-fs (loop2): Invalid boot checksum (boot checksum : 0x0306abd0, checksum : 0x1119abd0) [ 388.970878][ T8161] exFAT-fs (loop2): invalid boot region [ 388.976938][ T8161] exFAT-fs (loop2): failed to recognize exfat type [ 389.612764][ T8172] loop0: detected capacity change from 0 to 512 [ 389.657359][ T8171] loop1: detected capacity change from 0 to 512 [ 389.740928][ T8171] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 389.844091][ T8172] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 389.857468][ T8172] ext4 filesystem being mounted at /181/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 389.955358][ T8171] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 389.968618][ T8171] ext4 filesystem being mounted at /184/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 390.003511][ T8178] netlink: 'syz.4.906': attribute type 6 has an invalid length. [ 390.265570][ T30] audit: type=1800 audit(1751535996.047:37): pid=8172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.915" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 390.287096][ T30] audit: type=1800 audit(1751535996.057:38): pid=8172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.915" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 390.371409][ T8177] loop3: detected capacity change from 0 to 32768 [ 390.395311][ T8177] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.908 (8177) [ 390.431492][ T8177] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 390.442196][ T8177] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm [ 390.453095][ T8177] BTRFS info (device loop3): using free-space-tree [ 390.685175][ T30] audit: type=1800 audit(1751535996.567:39): pid=8193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.909" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 390.737475][ T5798] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 390.802257][ T5802] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 390.861154][ T8201] loop4: detected capacity change from 0 to 1024 [ 390.869941][ T8201] EXT4-fs: Ignoring removed i_version option [ 390.886190][ T8201] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 390.896488][ T8201] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (49802!=20869) [ 390.906608][ T8201] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 390.925361][ T8201] EXT4-fs error (device loop4): ext4_get_journal_inode:5796: inode #5: comm syz.4.910: unexpected bad inode w/o EXT4_IGET_BAD [ 390.947314][ T8201] EXT4-fs (loop4): no journal found [ 391.098945][ T5808] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 391.618453][ T8212] loop4: detected capacity change from 0 to 1024 [ 391.863130][ T8218] loop0: detected capacity change from 0 to 512 [ 391.867705][ T8212] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 391.924940][ T8218] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 391.932738][ T8218] UDF-fs: Scanning with blocksize 512 failed [ 392.717571][ T8220] loop2: detected capacity change from 0 to 32768 [ 392.754603][ T8220] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.919 (8220) [ 392.764044][ T8218] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 392.777212][ T8218] UDF-fs: Scanning with blocksize 1024 failed [ 392.798180][ T30] audit: type=1800 audit(1751535998.687:40): pid=8212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.914" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 392.818792][ T8220] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 392.824161][ T5858] kernel write not supported for file /uinput (pid: 5858 comm: kworker/0:5) [ 392.830877][ T8220] BTRFS info (device loop2): using sha256 (sha256-x86_64) checksum algorithm [ 392.849246][ T8220] BTRFS info (device loop2): using free-space-tree [ 392.888326][ T8218] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 392.896663][ T8218] UDF-fs: Scanning with blocksize 2048 failed [ 392.917006][ T8218] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 393.013837][ T8218] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 393.248048][ T5804] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 393.270386][ T5812] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 393.935443][ T8255] loop0: detected capacity change from 0 to 1024 [ 393.944124][ T8255] EXT4-fs: Ignoring removed i_version option [ 393.954868][ T8255] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 393.965143][ T8255] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (49802!=20869) [ 393.975353][ T8255] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 393.991591][ T8255] EXT4-fs error (device loop0): ext4_get_journal_inode:5796: inode #5: comm syz.0.926: unexpected bad inode w/o EXT4_IGET_BAD [ 394.017729][ T8255] EXT4-fs (loop0): no journal found [ 394.142903][ T8258] loop4: detected capacity change from 0 to 512 [ 394.233763][ T8258] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 394.445621][ T8258] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 394.458702][ T8258] ext4 filesystem being mounted at /178/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 394.543806][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 395.027983][ T8273] bridge0: port 3(vlan2) entered blocking state [ 395.040959][ T8273] bridge0: port 3(vlan2) entered disabled state [ 395.048032][ T8273] vlan2: entered allmulticast mode [ 395.053549][ T8273] gretap0: entered allmulticast mode [ 395.062303][ T8273] vlan2: entered promiscuous mode [ 395.067892][ T8273] gretap0: entered promiscuous mode [ 395.076275][ T8273] bridge0: port 3(vlan2) entered blocking state [ 395.083017][ T8273] bridge0: port 3(vlan2) entered forwarding state [ 395.131391][ T5812] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 395.602615][ T8278] loop1: detected capacity change from 0 to 4096 [ 395.715227][ T8288] loop0: detected capacity change from 0 to 512 [ 395.758013][ T8284] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 395.775493][ T8288] EXT4-fs: Ignoring removed bh option [ 395.782750][ T8288] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 395.840445][ T8288] EXT4-fs (loop0): 1 truncate cleaned up [ 395.851114][ T8288] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 396.025285][ T8278] ntfs3(loop1): ino=1a, mi_enum_attr [ 396.030905][ T8278] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 396.218871][ T5798] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 396.546066][ T8297] netlink: 'syz.0.940': attribute type 6 has an invalid length. [ 397.461868][ T8312] batadv1: entered promiscuous mode [ 397.506369][ T8307] loop3: detected capacity change from 0 to 2048 [ 397.643681][ T8307] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 398.096544][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 398.154677][ T8320] program syz.4.948 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 398.743884][ T1897] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 398.792909][ T8334] loop0: detected capacity change from 0 to 64 [ 398.831997][ T8333] loop1: detected capacity change from 0 to 512 [ 398.885705][ T8333] EXT4-fs: Ignoring removed nomblk_io_submit option [ 398.943868][ T1897] usb 5-1: Using ep0 maxpacket: 16 [ 398.945786][ T8333] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 398.981133][ T1897] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 398.992595][ T1897] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 399.002862][ T1897] usb 5-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 399.012303][ T1897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.058309][ T1897] usb 5-1: config 0 descriptor?? [ 399.098242][ T8333] EXT4-fs (loop1): 1 truncate cleaned up [ 399.106452][ T8333] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 399.204982][ T30] audit: type=1800 audit(1751536005.087:41): pid=8333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.956" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 399.579626][ T5802] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 399.604169][ T1897] playstation 0003:054C:05C4.0009: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.4-1/input0 [ 399.719521][ T8344] netlink: 20 bytes leftover after parsing attributes in process `syz.3.960'. [ 399.768858][ T1897] playstation 0003:054C:05C4.0009: Invalid reportID received, expected 18 got 168 [ 399.778761][ T1897] playstation 0003:054C:05C4.0009: Failed to retrieve DualShock4 pairing info: -22 [ 399.788634][ T1897] playstation 0003:054C:05C4.0009: Failed to get MAC address from DualShock4 [ 399.798160][ T1897] playstation 0003:054C:05C4.0009: Failed to create dualshock4. [ 399.869396][ T1897] playstation 0003:054C:05C4.0009: probe with driver playstation failed with error -22 [ 400.045809][ T1897] usb 5-1: USB disconnect, device number 6 [ 400.091733][ T8348] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 400.633714][ T1897] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 400.649817][ T8354] loop3: detected capacity change from 0 to 2048 [ 400.752027][ T8354] EXT4-fs: Ignoring removed mblk_io_submit option [ 400.830686][ T1897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 400.842223][ T1897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 400.856602][ T1897] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 400.866122][ T1897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.934118][ T8354] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 400.955428][ T1897] usb 2-1: config 0 descriptor?? [ 401.132240][ T8354] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.965: bg 0: block 234: padding at end of block bitmap is not set [ 401.202185][ T8354] EXT4-fs (loop3): Remounting filesystem read-only [ 401.409936][ T1897] hid-steam 0003:28DE:1142.000A: item fetching failed at offset 0/5 [ 401.441899][ T1897] hid-steam 0003:28DE:1142.000A: steam_probe:parse of hid interface failed [ 401.451838][ T1897] hid-steam 0003:28DE:1142.000A: probe with driver hid-steam failed with error -22 [ 401.499766][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 401.627452][ T1897] usb 2-1: USB disconnect, device number 6 [ 402.663855][ T5858] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 402.768504][ T1897] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 402.867707][ T5858] usb 5-1: Using ep0 maxpacket: 16 [ 402.931292][ T5858] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 402.943114][ T5858] usb 5-1: config 0 interface 0 has no altsetting 0 [ 402.950246][ T5858] usb 5-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 402.959742][ T5858] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.992340][ T5858] usb 5-1: config 0 descriptor?? [ 403.060618][ T1897] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.02 [ 403.070108][ T1897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.078790][ T1897] usb 2-1: Product: syz [ 403.083178][ T1897] usb 2-1: Manufacturer: syz [ 403.088238][ T1897] usb 2-1: SerialNumber: syz [ 403.193878][ T1897] usb 2-1: config 0 descriptor?? [ 403.474451][ T1897] hso 2-1:0.0: Failed to find BULK IN ep [ 403.492262][ T5858] logitech-djreceiver 0003:046D:C71B.000B: hidraw0: USB HID v0.05 Device [HID 046d:c71b] on usb-dummy_hcd.4-1/input0 [ 403.697961][ T1897] usb 2-1: USB disconnect, device number 7 [ 403.961368][ T8386] netlink: 'syz.0.976': attribute type 10 has an invalid length. [ 403.970128][ T8386] netlink: 40 bytes leftover after parsing attributes in process `syz.0.976'. [ 404.006014][ T1897] usb 5-1: USB disconnect, device number 7 [ 404.051038][ T8386] team0: Port device netdevsim1 added [ 405.174416][ T1897] kernel read not supported for file /dsp (pid: 1897 comm: kworker/1:2) [ 405.633880][ T5858] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 405.856944][ T5858] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 405.867580][ T5858] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 405.942017][ T5858] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 405.951951][ T5858] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.960880][ T5858] usb 1-1: Product: syz [ 405.965455][ T5858] usb 1-1: Manufacturer: syz [ 405.970304][ T5858] usb 1-1: SerialNumber: syz [ 406.051010][ T5858] usb 1-1: config 0 descriptor?? [ 406.059202][ T8401] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 406.071011][ T8401] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 406.408329][ T8401] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 406.434010][ T8401] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 406.903833][ T5858] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 407.097449][ T5858] dm9601 1-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 407.173010][ T5858] usb 1-1: USB disconnect, device number 5 [ 407.377660][ T8423] loop1: detected capacity change from 0 to 1024 [ 407.502670][ T8423] hfsplus: bad catalog entry type [ 407.759189][ T4790] hfsplus: b-tree write err: -5, ino 4 [ 408.253912][ T1897] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 408.434301][ T1897] usb 2-1: Using ep0 maxpacket: 16 [ 408.435195][ T8434] loop0: detected capacity change from 0 to 4096 [ 408.482327][ T1897] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 408.492896][ T1897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 408.499742][ T8434] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 408.504226][ T1897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 408.523417][ T1897] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 408.533522][ T1897] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 408.634017][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 408.677174][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 408.683923][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 408.728719][ T1897] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 408.738329][ T1897] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 408.748874][ T1897] usb 2-1: Manufacturer: syz [ 408.824882][ T1897] usb 2-1: config 0 descriptor?? [ 408.972075][ T8434] ntfs3(loop0): ino=1b, "file0" indx_read [ 409.316864][ T8443] loop3: detected capacity change from 0 to 512 [ 409.395781][ T8443] EXT4-fs: Ignoring removed orlov option [ 409.414934][ T8443] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 409.435777][ T1897] rc_core: IR keymap rc-hauppauge not found [ 409.442002][ T1897] Registered IR keymap rc-empty [ 409.448300][ T1897] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 409.499978][ T1897] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 409.529805][ T1897] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 409.545768][ T1897] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input9 [ 409.598271][ T1897] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 409.634728][ T1897] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 409.697889][ T1897] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 409.723972][ T1897] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 409.744647][ T1897] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 409.753015][ T8443] EXT4-fs (loop3): 1 truncate cleaned up [ 409.761271][ T8443] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 409.764297][ T1897] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 409.820720][ T1897] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 409.852145][ T1897] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 409.898811][ T1897] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 409.929216][ T8449] EXT4-fs error (device loop3): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.3.1002: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 409.962118][ T1897] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 410.014015][ T1897] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 410.046213][ T1897] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 410.056452][ T1897] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 410.094917][ T8449] EXT4-fs error (device loop3) in ext4_delete_entry:2739: Corrupt filesystem [ 410.154589][ T8449] EXT4-fs warning (device loop3): ext4_rename_delete:3726: inode #2: comm syz.3.1002: Deleting old file: nlink 5, error=-117 [ 410.170235][ T1897] usb 2-1: USB disconnect, device number 8 [ 410.567188][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 411.159218][ T8461] loop2: detected capacity change from 0 to 64 [ 411.354183][ T8463] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1010'. [ 411.946411][ T8471] loop3: detected capacity change from 0 to 1024 [ 411.986404][ T8471] EXT4-fs: Ignoring removed nobh option [ 411.992611][ T8471] EXT4-fs: Ignoring removed oldalloc option [ 411.999300][ T8471] EXT4-fs: Ignoring removed bh option [ 412.121063][ T8476] loop0: detected capacity change from 0 to 164 [ 412.220236][ T8471] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 412.363574][ T8476] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 412.430621][ T8471] EXT4-fs (loop3): shut down requested (1) [ 412.975032][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 412.986271][ T8486] af_packet: tpacket_rcv: packet too big, clamped from 62 to 4294967286. macoff=82 [ 414.347863][ T8497] loop0: detected capacity change from 0 to 32768 [ 414.438332][ T8497] JFS: metapage_get_blocks failed [ 414.443876][ T8497] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 414.443876][ T8497] [ 414.455320][ T8497] ERROR: (device loop0): remounting filesystem as read-only [ 414.556123][ T112] blkno = 5002c, nblocks = 1 [ 414.560934][ T112] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 414.560934][ T112] [ 417.230719][ T8532] loop3: detected capacity change from 0 to 512 [ 417.331819][ T8532] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 417.345279][ T8532] ext4 filesystem being mounted at /216/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 417.959983][ T8540] loop1: detected capacity change from 0 to 1764 [ 418.107274][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 419.678101][ T8562] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1052'. [ 419.869123][ T8558] loop2: detected capacity change from 0 to 32768 [ 419.976558][ T8558] o2cb: This node has not been configured. [ 419.982587][ T8558] o2cb: Cluster check failed. Fix errors before retrying. [ 419.990335][ T8558] (syz.2.1049,8558,1):ocfs2_dlm_init:3354 ERROR: status = -22 [ 420.002056][ T8558] (syz.2.1049,8558,1):ocfs2_mount_volume:1735 ERROR: status = -22 [ 420.013067][ T8558] (syz.2.1049,8558,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 420.582061][ T8570] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1054'. [ 420.591995][ T8570] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.601678][ T8570] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.613990][ T8587] loop1: detected capacity change from 0 to 64 [ 421.831415][ T8591] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1062'. [ 422.635467][ T8601] bond0: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 422.648531][ T8601] bond0: (slave ipvlan0): The slave device specified does not support setting the MAC address [ 422.659617][ T8601] bond0: (slave ipvlan0): Error -95 calling set_mac_address [ 422.786509][ T8603] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 422.792831][ T8603] syzkaller1: linktype set to 823 [ 423.065521][ T8605] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 423.085965][ T8605] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.095816][ T8605] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.507400][ T8609] loop3: detected capacity change from 0 to 512 [ 423.659876][ T8609] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.1071: iget: bad i_size value: 38620345925642 [ 423.784227][ T8609] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.1071: couldn't read orphan inode 15 (err -117) [ 423.875657][ T8609] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 424.478340][ T8623] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1075'. [ 424.761487][ T8625] loop4: detected capacity change from 0 to 1024 [ 425.148797][ T8624] loop1: detected capacity change from 0 to 32768 [ 425.162592][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 425.188577][ T8627] loop0: detected capacity change from 0 to 256 [ 425.254161][ T8624] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 425.561508][ T8624] XFS (loop1): Ending clean mount [ 425.652285][ T5802] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 426.804185][ T8646] loop4: detected capacity change from 0 to 128 [ 427.066388][ T8651] loop3: detected capacity change from 0 to 128 [ 427.115280][ T8650] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1082'. [ 427.142878][ T8651] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 427.394107][ T8651] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 427.678066][ T8654] input: syz0 as /devices/virtual/input/input10 [ 428.777818][ T8661] xt_CT: No such helper "snmp" [ 428.958033][ T8668] loop4: detected capacity change from 0 to 512 [ 429.045929][ T8668] EXT4-fs: Ignoring removed orlov option [ 429.268396][ T8668] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 429.441017][ T8668] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 429.713091][ T8670] loop3: detected capacity change from 0 to 32768 [ 429.715057][ T8668] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.1092: corrupted in-inode xattr: e_value size too large [ 429.806189][ T8670] o2cb: This node has not been configured. [ 429.812206][ T8670] o2cb: Cluster check failed. Fix errors before retrying. [ 429.819767][ T8670] (syz.3.1091,8670,0):ocfs2_dlm_init:3354 ERROR: status = -22 [ 429.824235][ T8675] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1094'. [ 429.829803][ T8670] (syz.3.1091,8670,0):ocfs2_mount_volume:1735 ERROR: status = -22 [ 429.853684][ T8670] (syz.3.1091,8670,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 430.020052][ T8680] loop0: detected capacity change from 0 to 128 [ 430.031498][ T8668] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.1092: couldn't read orphan inode 15 (err -117) [ 430.167453][ T8668] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 430.250899][ T30] audit: type=1800 audit(1751536036.137:42): pid=8680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1096" name="file1" dev="loop0" ino=1048663 res=0 errno=0 [ 430.323897][ T750] FAT-fs (loop0): error, invalid FAT chain (i_pos 548, last_block 8) [ 430.332332][ T750] FAT-fs (loop0): Filesystem has been set read-only [ 430.340091][ T750] FAT-fs (loop0): error, corrupted file size (i_pos 548, 522) [ 430.955825][ T5812] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 431.874120][ T8694] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 431.931153][ T8689] loop0: detected capacity change from 0 to 40427 [ 432.412146][ T8689] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 432.657475][ T8702] batman_adv: batadv0: Adding interface: ipvlan2 [ 432.664228][ T8702] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 432.690474][ T8702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 432.701349][ T8702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 432.713430][ T8702] batman_adv: batadv0: Interface activated: ipvlan2 [ 432.795688][ T8703] loop2: detected capacity change from 0 to 1024 [ 433.521515][ T8709] loop1: detected capacity change from 0 to 256 [ 433.600824][ T8709] exfat: Deprecated parameter 'namecase' [ 433.607855][ T8709] exfat: Deprecated parameter 'namecase' [ 433.886494][ T8709] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 434.450002][ T8713] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551615) [ 434.465324][ T8713] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647 [ 434.671534][ T8707] loop3: detected capacity change from 0 to 65536 [ 434.775121][ T8707] XFS (loop3): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 434.995769][ T8723] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1111'. [ 435.142131][ T8707] XFS (loop3): Ending clean mount [ 435.306257][ T5808] XFS (loop3): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 436.039220][ T8732] loop4: detected capacity change from 0 to 16 [ 436.085445][ T8732] erofs (device loop4): mounted with root inode @ nid 36. [ 436.160665][ T8732] overlayfs: maximum fs stacking depth exceeded [ 437.232052][ T8738] loop2: detected capacity change from 0 to 32768 [ 437.341953][ T8738] bio_check_eod: 13 callbacks suppressed [ 437.342033][ T8738] syz.2.1118: attempt to access beyond end of device [ 437.342033][ T8738] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 437.362923][ T8738] lbmIODone: I/O error in JFS log [ 437.368288][ T8738] *** Log Format Error ! *** [ 437.374813][ T8738] lmLogInit: exit(-22) [ 437.379132][ T8738] lmLogOpen: exit(-22) [ 438.472023][ T8746] loop4: detected capacity change from 0 to 32768 [ 438.500381][ T8746] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section members_v2: device 0: invalid btree_bitmap_shift 255 [ 438.500381][ T8746] members_v2 (size 152): [ 438.500381][ T8746] Device: 0 [ 438.500381][ T8746] Label: (none) [ 438.500381][ T8746] UUID: 7af6772b-00de-4159-84cd-1faead05aceb [ 438.500381][ T8746] Size: 16777216 [ 438.500381][ T8746] read errors: 0 [ 438.500381][ T8746] write errors: 0 [ 438.500381][ T8746] checksum errors: 0 [ 438.500381][ T8746] seqread iops: 0 [ 438.500381][ T8746] seqwrite iops: 0 [ 438.500381][ T8746] randread iops: 0 [ 438.500381][ T8746] randwrite iops: 0 [ 438.500381][ T8746] Bucket size: 131072 [ 438.500381][ T8746] First bucket: 0 [ 438.500381][ T8746] Buckets: 128 [ 438.500381][ T8746] Last mount: 1714681267 [ 438.500381][ T8746] Last superblock write: 42 [ 438.500381][ T8746] State: rw [ 438.500381][ T8746] Data allowed: journal,btree,user [ 438.500381][ T8746] Has data: (none) [ 438.500381][ T8746] Btree allocated bitmap blocksize:(invalid shift 255) [ 438.500381][ T8746] Btree allocated bitmap: 0000000000000000000001000010000010011000000000000000000000000000 [ 438.500381][ T8746] [ 438.501191][ T8746] bcachefs: bch2_fs_get_tree() error: invalid_sb_members [ 439.482763][ T8757] loop4: detected capacity change from 0 to 512 [ 439.556060][ T8757] EXT4-fs: Ignoring removed nomblk_io_submit option [ 439.666044][ T8757] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 439.685521][ T8757] ext4 filesystem being mounted at /211/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 439.823991][ T30] audit: type=1800 audit(1751536045.697:43): pid=8757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1129" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 439.844921][ T30] audit: type=1800 audit(1751536045.697:44): pid=8757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1129" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 440.126397][ T5812] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 440.494464][ T8765] loop0: detected capacity change from 0 to 256 [ 440.596753][ T8765] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000e8a4, chksum : 0x7bc75166, utbl_chksum : 0xe619d30d) [ 441.019344][ T8774] loop4: detected capacity change from 0 to 1024 [ 441.028633][ T8775] loop1: detected capacity change from 0 to 1024 [ 441.154504][ T8777] loop0: detected capacity change from 0 to 256 [ 441.188147][ T8774] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 441.304388][ T8777] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 441.313602][ T30] audit: type=1800 audit(1751536047.177:45): pid=8777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1136" name="file1" dev="loop0" ino=1048664 res=0 errno=0 [ 441.618370][ T5812] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 442.481164][ T8784] loop1: detected capacity change from 0 to 32768 [ 442.561587][ T8784] (syz.1.1138,8784,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xc2d589a7, computed 0xa7538fce. Applying ECC. [ 442.578672][ T8784] (syz.1.1138,8784,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 442.594441][ T8784] (syz.1.1138,8784,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 442.665551][ T8784] (syz.1.1138,8784,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xa9c51222, computed 0xb6cc4dbf. Applying ECC. [ 442.708628][ T8784] JBD2: Ignoring recovery information on journal [ 442.794205][ T8784] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 442.825808][ T64] (kworker/u8:4,64,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xa9c51222, computed 0xb6cc4dbf. Applying ECC. [ 442.878806][ T8796] loop2: detected capacity change from 0 to 512 [ 442.898233][ T8784] (syz.1.1138,8784,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xc2d589a7, computed 0xa7538fce. Applying ECC. [ 442.935781][ T8796] EXT4-fs: Ignoring removed nobh option [ 442.965329][ T8796] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 442.988462][ T8784] (syz.1.1138,8784,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xdf8356d3, computed 0x2e880d5e. Applying ECC. [ 443.002351][ T8784] (syz.1.1138,8784,0):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xdf8356d3, computed 0x960d5e93 [ 443.015296][ T8784] (syz.1.1138,8784,0):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 443.024084][ T8784] (syz.1.1138,8784,0):ocfs2_quota_read:201 ERROR: status = -5 [ 443.031836][ T8784] Quota error (device loop1): find_block_dqentry: Can't read quota tree block 6 [ 443.041692][ T8784] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 443.054042][ T8784] (syz.1.1138,8784,0):ocfs2_acquire_dquot:890 ERROR: status = -5 [ 443.065132][ T8784] (syz.1.1138,8784,0):ocfs2_mknod:314 ERROR: status = -5 [ 443.072474][ T8784] (syz.1.1138,8784,0):ocfs2_mknod:502 ERROR: status = -5 [ 443.080890][ T8784] (syz.1.1138,8784,0):ocfs2_create:675 ERROR: status = -5 [ 443.349789][ T5802] ocfs2: Unmounting device (7,1) on (node local) [ 443.476908][ T8796] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.1141: iget: bad i_size value: 38620345925642 [ 443.530103][ T8796] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.1141: couldn't read orphan inode 15 (err -117) [ 443.605910][ T8796] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 443.723648][ T8796] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.1141: invalid indirect mapped block 3973251072 (level 0) [ 443.936955][ T5804] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 444.105374][ T8813] netlink: 'syz.3.1146': attribute type 4 has an invalid length. [ 445.841866][ T8837] IPv6: Can't replace route, no match found [ 446.365315][ T8832] loop1: detected capacity change from 0 to 32768 [ 446.381930][ T8839] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1158'. [ 446.535266][ T8832] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,nojournal_transaction_names,nocow [ 446.535386][ T8832] allowing incompatible features above 0.0: (unknown version) [ 446.535484][ T8832] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 446.581375][ T8832] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 446.590756][ T8832] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 446.600611][ T8832] bcachefs (loop1): Version upgrade required: [ 446.600611][ T8832] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 446.600611][ T8832] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 446.600611][ T8832] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 446.771874][ T8832] bcachefs (loop1): error reading btree root btree=alloc level=0: btree_node_read_error, fixing [ 446.910618][ T8832] bcachefs (loop1): btree node read error at btree freespace level 0/0 [ 446.910722][ T8832] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [ 446.910832][ T8832] loop1 node offset 8/32 bset u64s 35: checksum error, type none: got should be [ 446.910919][ T8832] flagging btree freespace lost data [ 446.910987][ T8832] ret fsck_errors_not_fixed [ 446.959793][ T8832] bcachefs (loop1): error reading btree root btree=freespace level=0: btree_node_read_error, fixing [ 446.997895][ T8832] bcachefs (loop1): check_topology... done [ 447.010425][ T8832] bcachefs (loop1): accounting_read... done [ 447.019272][ T8832] bcachefs (loop1): alloc_read... done [ 447.027411][ T8832] bcachefs (loop1): snapshots_read... done [ 447.036096][ T8832] bcachefs (loop1): Fixed errors, running fsck a second time to verify fs is clean [ 447.047912][ T8832] bcachefs (loop1): done starting filesystem [ 447.243628][ T5802] bcachefs (loop1): shutting down [ 447.338580][ T5802] bcachefs (loop1): shutdown complete [ 447.835852][ T5803] Bluetooth: hci3: unexpected event for opcode 0x2036 [ 448.337464][ T8868] x_tables: (null)_tables: DNAT target: only valid in nat table, not syz0 [ 449.127808][ T8878] loop2: detected capacity change from 0 to 16 [ 449.182105][ T8878] erofs (device loop2): mounted with root inode @ nid 36. [ 449.352175][ T8878] overlayfs: maximum fs stacking depth exceeded [ 451.017835][ T8902] loop4: detected capacity change from 0 to 2048 [ 451.125975][ T8902] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 451.490971][ T30] audit: type=1326 audit(1751536057.377:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8912 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f338e929 code=0x7ffc0000 [ 451.513997][ T30] audit: type=1326 audit(1751536057.377:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8912 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f338e929 code=0x7ffc0000 [ 451.553704][ T30] audit: type=1326 audit(1751536057.437:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8912 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f85f338e929 code=0x7ffc0000 [ 451.578979][ T30] audit: type=1326 audit(1751536057.437:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8912 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f338e929 code=0x7ffc0000 [ 451.602942][ T30] audit: type=1326 audit(1751536057.437:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8912 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f338e929 code=0x7ffc0000 [ 451.635948][ T30] audit: type=1326 audit(1751536057.517:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8912 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f85f338e929 code=0x7ffc0000 [ 451.662579][ T30] audit: type=1326 audit(1751536057.527:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8912 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f338e929 code=0x7ffc0000 [ 451.686373][ T30] audit: type=1326 audit(1751536057.527:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8912 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f85f33858e7 code=0x7ffc0000 [ 451.709789][ T30] audit: type=1326 audit(1751536057.527:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8912 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f85f332ab19 code=0x7ffc0000 [ 451.732372][ T30] audit: type=1326 audit(1751536057.527:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8912 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f85f33858e7 code=0x7ffc0000 [ 451.757503][ T5812] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 451.826372][ T8917] loop2: detected capacity change from 0 to 64 [ 452.001882][ T5812] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 452.151576][ T8920] loop3: detected capacity change from 0 to 128 [ 452.380219][ T8920] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 548, start 00000401) [ 452.391096][ T8920] FAT-fs (loop3): Filesystem has been set read-only [ 452.480383][ T8920] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 548, start 00000401) [ 452.547993][ T8926] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 548, start 00000401) [ 453.656821][ T8945] loop3: detected capacity change from 0 to 1024 [ 453.905643][ T8945] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 453.924165][ T8945] ext4 filesystem being mounted at /237/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 454.436183][ T8963] loop1: detected capacity change from 0 to 2048 [ 454.536164][ T8954] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 393: padding at end of block bitmap is not set [ 454.642208][ T8963] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 454.645740][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 454.654888][ T8963] ext4 filesystem being mounted at /255/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 454.666995][ T8965] loop4: detected capacity change from 0 to 1024 [ 454.704009][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 455.068811][ T5802] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 455.431746][ T3952] hfsplus: b-tree write err: -5, ino 4 [ 456.174803][ T8977] loop3: detected capacity change from 0 to 40427 [ 456.201496][ T8977] F2FS-fs (loop3): Mismatch start address, segment0(0) cp_blkaddr(512) [ 456.210212][ T8977] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 456.242952][ T8977] F2FS-fs (loop3): Ignore s_resuid=0, s_resgid=60929 w/o reserve_root [ 456.284035][ T8983] loop1: detected capacity change from 0 to 2048 [ 456.313539][ T8977] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 456.463541][ T8983] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 456.606484][ T8977] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 456.613918][ T8977] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 458.237614][ T9014] netlink: 'syz.1.1226': attribute type 10 has an invalid length. [ 458.245999][ T9014] team0: Device dummy0 is up. Set it down before adding it as a team port [ 458.840434][ T1897] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 459.025411][ T1897] usb 1-1: Using ep0 maxpacket: 32 [ 459.074381][ T1897] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 459.082814][ T1897] usb 1-1: config 0 has no interface number 0 [ 459.121494][ T1897] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 459.130996][ T1897] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.143125][ T1897] usb 1-1: Product: syz [ 459.148811][ T1897] usb 1-1: Manufacturer: syz [ 459.153806][ T1897] usb 1-1: SerialNumber: syz [ 459.268901][ T1897] usb 1-1: config 0 descriptor?? [ 459.300916][ T1897] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 459.526785][ T1897] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 459.618785][ T1897] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 459.970230][ T9026] loop2: detected capacity change from 0 to 128 [ 459.993244][ C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 460.004926][ T1897] usb 1-1: USB disconnect, device number 6 [ 460.027751][ T1897] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 460.069025][ T1897] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 460.082529][ T1897] quatech2 1-1:0.51: device disconnected [ 460.275628][ T9026] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 460.394155][ T9026] ext4 filesystem being mounted at /230/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 460.525855][ T9026] fscrypt (loop2, inode 12): Mutually exclusive encryption flags (0x19) [ 460.600526][ T9034] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1236'. [ 461.287605][ T5804] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 461.642536][ T9040] loop4: detected capacity change from 0 to 32768 [ 461.657257][ T9040] (syz.4.1238,9040,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xc2d589a7, computed 0xa7538fce. Applying ECC. [ 461.671669][ T9040] (syz.4.1238,9040,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 461.688686][ T9040] (syz.4.1238,9040,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 461.724205][ T9040] (syz.4.1238,9040,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xa9c51222, computed 0xb6cc4dbf. Applying ECC. [ 461.744879][ T9040] JBD2: Ignoring recovery information on journal [ 461.847847][ T9040] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 461.876344][ T750] (kworker/u8:5,750,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xa9c51222, computed 0xb6cc4dbf. Applying ECC. [ 461.930642][ T9040] (syz.4.1238,9040,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xc2d589a7, computed 0xa7538fce. Applying ECC. [ 461.986963][ T9040] (syz.4.1238,9040,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xdf8356d3, computed 0x2e880d5e. Applying ECC. [ 462.014397][ T9040] (syz.4.1238,9040,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xdf8356d3, computed 0x960d5e93 [ 462.027426][ T9040] (syz.4.1238,9040,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 462.036192][ T9040] (syz.4.1238,9040,1):ocfs2_quota_read:201 ERROR: status = -5 [ 462.044048][ T9040] __quota_error: 8 callbacks suppressed [ 462.044118][ T9040] Quota error (device loop4): find_block_dqentry: Can't read quota tree block 6 [ 462.059757][ T9040] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 462.071101][ T9040] (syz.4.1238,9040,1):ocfs2_acquire_dquot:890 ERROR: status = -5 [ 462.079372][ T9040] (syz.4.1238,9040,1):ocfs2_mknod:314 ERROR: status = -5 [ 462.087002][ T9040] (syz.4.1238,9040,1):ocfs2_mknod:502 ERROR: status = -5 [ 462.094495][ T9040] (syz.4.1238,9040,1):ocfs2_create:675 ERROR: status = -5 [ 462.561647][ T9050] loop1: detected capacity change from 0 to 2048 [ 462.687721][ T9048] loop3: detected capacity change from 0 to 32768 [ 462.765910][ T9048] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1242 (9048) [ 462.787430][ T9048] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 462.798157][ T9048] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm [ 462.807468][ T9048] BTRFS info (device loop3): using free-space-tree [ 462.856670][ T5812] ocfs2: Unmounting device (7,4) on (node local) [ 462.898565][ T9050] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 462.955866][ T9050] ext4 filesystem being mounted at /263/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 463.442709][ T5808] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 463.556145][ T5802] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 465.398344][ T9086] loop2: detected capacity change from 0 to 32768 [ 465.415386][ T9086] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1252 (9086) [ 465.497762][ T9086] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 465.508407][ T9086] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm [ 465.519075][ T9086] BTRFS info (device loop2): using free-space-tree [ 466.586736][ T9115] loop4: detected capacity change from 0 to 16 [ 466.777864][ T9115] overlayfs: missing 'lowerdir' [ 466.790969][ T9086] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 467.558566][ T9120] netlink: 'syz.0.1260': attribute type 83 has an invalid length. [ 467.673986][ T9124] loop2: detected capacity change from 0 to 256 [ 468.179321][ T3870] Bluetooth: hci5: Frame reassembly failed (-84) [ 468.219212][ T9132] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 468.368699][ T9136] loop2: detected capacity change from 0 to 16 [ 469.528141][ T9154] netlink: 'syz.0.1276': attribute type 1 has an invalid length. [ 469.536267][ T9154] netlink: 'syz.0.1276': attribute type 2 has an invalid length. [ 469.657740][ T9157] loop1: detected capacity change from 0 to 128 [ 469.687687][ T9157] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 469.735119][ T9157] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 470.095282][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 470.101917][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 470.152544][ T3870] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 470.231163][ T49] Bluetooth: hci5: command 0x1003 tx timeout [ 470.237712][ T5803] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 471.479483][ T30] audit: type=1326 audit(1751536077.367:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9168 comm="syz.0.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f338e929 code=0x7fc00000 [ 471.910316][ T5856] kernel write not supported for file /sequencer (pid: 5856 comm: kworker/0:4) [ 472.023964][ T9193] loop2: detected capacity change from 0 to 2048 [ 472.191475][ T9193] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 472.204241][ T9193] ext4 filesystem being mounted at /242/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 472.246311][ T9204] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1300'. [ 472.255786][ T9204] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1300'. [ 472.350097][ T9207] loop1: detected capacity change from 0 to 512 [ 472.377629][ T9207] EXT4-fs: Ignoring removed nomblk_io_submit option [ 472.408188][ T9207] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 472.433442][ T5856] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 472.490692][ T9207] EXT4-fs (loop1): 1 truncate cleaned up [ 472.498847][ T9207] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 472.553647][ T5804] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.576190][ T30] audit: type=1800 audit(1751536078.457:65): pid=9207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1299" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 472.634065][ T5856] usb 5-1: Using ep0 maxpacket: 32 [ 472.660125][ T5856] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 472.668977][ T5856] usb 5-1: config 0 has no interface number 0 [ 472.702918][ T5856] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 472.712663][ T5856] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.720996][ T5856] usb 5-1: Product: syz [ 472.725460][ T5856] usb 5-1: Manufacturer: syz [ 472.730306][ T5856] usb 5-1: SerialNumber: syz [ 472.886933][ T5856] usb 5-1: config 0 descriptor?? [ 472.915249][ T5856] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 472.989456][ T5802] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 473.184629][ T5856] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 473.241872][ T5856] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 473.311481][ T9222] loop1: detected capacity change from 0 to 256 [ 473.478286][ T9222] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 473.581064][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 473.584269][ T1897] usb 5-1: USB disconnect, device number 8 [ 473.632670][ T1897] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 473.695102][ T1897] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 473.708519][ T1897] quatech2 5-1:0.51: device disconnected [ 474.388203][ T9243] loop3: detected capacity change from 0 to 64 [ 474.449441][ T9245] loop2: detected capacity change from 0 to 16 [ 474.930162][ T9251] loop3: detected capacity change from 0 to 128 [ 475.054261][ T9257] loop2: detected capacity change from 0 to 256 [ 475.099767][ T9257] exfat: Deprecated parameter 'namecase' [ 475.162677][ T9257] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 475.705807][ T9269] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1326'. [ 476.814201][ T5856] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 477.173668][ T5856] usb 5-1: Using ep0 maxpacket: 8 [ 477.197646][ T5856] usb 5-1: config 0 has an invalid interface number: 52 but max is 0 [ 477.206468][ T5856] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 477.216869][ T5856] usb 5-1: config 0 has no interface number 0 [ 477.223327][ T5856] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 477.234906][ T5856] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 477.248156][ T5856] usb 5-1: config 0 interface 52 has no altsetting 0 [ 477.392172][ T5856] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 477.401686][ T5856] usb 5-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 477.410216][ T5856] usb 5-1: Manufacturer: syz [ 477.520219][ T5856] usb 5-1: config 0 descriptor?? [ 477.819520][ T5856] input: syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.52/input/input11 [ 478.290344][ T9297] loop3: detected capacity change from 0 to 40427 [ 478.307787][ T9297] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 478.315272][ T9297] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 478.324576][ T9297] F2FS-fs (loop3): heap/no_heap options were deprecated [ 478.331843][ T9297] F2FS-fs (loop3): build fault injection type: 0x0 [ 478.342228][ T9297] F2FS-fs (loop3): invalid crc value [ 478.514205][ C0] synaptics_usb 5-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 478.523543][ T5856] usb 5-1: USB disconnect, device number 9 [ 478.629741][ T9297] F2FS-fs (loop3): Try to recover 1th superblock, ret: -30 [ 478.637429][ T9297] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 478.731872][ T9297] F2FS-fs (loop3): Try to recover all the superblocks, ret: 0 [ 479.233325][ T9309] loop4: detected capacity change from 0 to 64 [ 479.414039][ T9303] loop1: detected capacity change from 0 to 4096 [ 479.672503][ T9303] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 479.956692][ T9322] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1349'. [ 480.081784][ T5802] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 481.184988][ T9339] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1343'. [ 481.194428][ T9339] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1343'. [ 482.527046][ T9359] loop3: detected capacity change from 0 to 2048 [ 482.548580][ T9353] loop1: detected capacity change from 0 to 40427 [ 482.565671][ T9353] F2FS-fs (loop1): build fault injection rate: 690 [ 482.572642][ T9353] F2FS-fs (loop1): Image doesn't support compression [ 482.585087][ T9353] F2FS-fs (loop1): Image doesn't support compression [ 482.595947][ T9353] F2FS-fs (loop1): invalid crc value [ 482.754133][ T9359] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 482.910302][ T9353] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 482.940637][ T9359] EXT4-fs: Ignoring removed bh option [ 482.996835][ T9359] EXT4-fs (loop3): can't disable delalloc during remount [ 483.460375][ T5808] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 483.688635][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 484.296151][ T9388] loop2: detected capacity change from 0 to 64 [ 485.013689][ T9400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1382'. [ 485.693069][ T9413] IPv6: NLM_F_CREATE should be specified when creating new route [ 486.256597][ T9418] loop2: detected capacity change from 0 to 1024 [ 486.344910][ T9418] hfsplus: bad catalog entry type [ 486.433120][ T9427] loop3: detected capacity change from 0 to 64 [ 486.548523][ T9427] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 486.878712][ T4222] hfsplus: b-tree write err: -5, ino 4 [ 487.738678][ T9440] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1397'. [ 487.766298][ T9435] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1397'. [ 487.835647][ T9440] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1397'. [ 488.314618][ T9444] xt_CT: No such helper "snmp" [ 488.366245][ T9452] loop1: detected capacity change from 0 to 2048 [ 488.373543][ T1897] IPVS: starting estimator thread 0... [ 488.392628][ T9455] IPVS: sed: SCTP 172.20.20.187:0 - no destination available [ 488.452458][ T9453] loop3: detected capacity change from 0 to 2048 [ 488.484717][ T9452] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 488.496067][ T9456] IPVS: using max 240 ests per chain, 12000 per kthread [ 488.578357][ T9453] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 488.808235][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 489.772253][ T9480] syz_tun: entered promiscuous mode [ 490.562594][ T9485] loop2: detected capacity change from 0 to 32768 [ 490.603235][ T9485] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1427 (9485) [ 490.842549][ T9485] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 490.853647][ T9485] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm [ 490.862825][ T9485] BTRFS info (device loop2): using free-space-tree [ 491.170186][ T5804] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 491.978384][ T9516] loop4: detected capacity change from 0 to 32768 [ 491.987796][ T9516] btrfs: Deprecated parameter 'usebackuproot' [ 491.994324][ T9516] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 492.013972][ T9516] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1423 (9516) [ 492.032913][ T9516] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 492.043495][ T9516] BTRFS info (device loop4): using sha256 (sha256-x86_64) checksum algorithm [ 492.055510][ T9516] BTRFS info (device loop4): using free-space-tree [ 492.155315][ T3913] BTRFS warning (device loop4): checksum verify failed on logical 5332992 mirror 1 wanted 0x1335c47d3f94e85552e31a8ecc9dd4db4dece1445f3fbef1d5b0b5e8324c15d5 found 0xeeb68f94f6163b58abd1d17637ea2b75b366f935039bb541580d115b84930374 level 0 [ 492.179247][ T9516] BTRFS warning (device loop4): couldn't read tree root [ 492.187464][ T9516] BTRFS warning (device loop4): try to load backup roots slot 1 [ 492.386378][ T3776] BTRFS warning (device loop4): checksum verify failed on logical 5267456 mirror 1 wanted 0xb8512a1d2916df35de1eb979e5409d57680a9623aa14e80f6c4e3536403d44d6 found 0xf7d650412737a973d362b5db5c34966879819a6f1288cc7eaef75e84bc061cff level 0 [ 492.410236][ T9516] BTRFS warning (device loop4): failed to read fs tree: -5 [ 492.521697][ T9516] BTRFS error (device loop4): open_ctree failed: -5 [ 493.324984][ T9549] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1433'. [ 493.346615][ T9551] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 493.358709][ T9551] overlayfs: missing 'lowerdir' [ 493.405921][ T9555] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1425'. [ 493.417206][ T9555] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1425'. [ 493.448708][ T9555] bridge0: port 4(vlan3) entered blocking state [ 493.458258][ T9555] bridge0: port 4(vlan3) entered disabled state [ 493.469907][ T9555] vlan3: entered allmulticast mode [ 493.475472][ T9555] bridge0: entered allmulticast mode [ 493.594566][ T9555] vlan3: left allmulticast mode [ 493.599697][ T9555] bridge0: left allmulticast mode [ 493.816752][ T9560] netlink: 'syz.3.1437': attribute type 11 has an invalid length. [ 494.884116][ T9583] loop3: detected capacity change from 0 to 512 [ 494.930433][ T9574] loop4: detected capacity change from 0 to 8192 [ 494.953528][ T9583] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 495.050113][ T9583] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 495.091113][ T9583] EXT4-fs (loop3): 1 truncate cleaned up [ 495.099390][ T9583] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 495.361100][ T5808] EXT4-fs error (device loop3): ext4_inlinedir_to_tree:1340: inode #12: block 7: comm syz-executor: path /280/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=20, inode=2147483648, rec_len=0, size=60 fake=0 [ 495.476446][ T5808] EXT4-fs error (device loop3): empty_inline_dir:1786: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=20, inode=2147483648, rec_len=0, size=60 fake=0 [ 495.539727][ T5808] EXT4-fs warning (device loop3): empty_inline_dir:1793: bad inline directory (dir #12) - inode 2147483648, rec_len 0, name_len 0inline size 60 [ 495.570323][ T5808] EXT4-fs error (device loop3): ext4_inlinedir_to_tree:1340: inode #12: block 7: comm syz-executor: path /280/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=20, inode=2147483648, rec_len=0, size=60 fake=0 [ 495.649403][ T5808] EXT4-fs error (device loop3): empty_inline_dir:1786: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=20, inode=2147483648, rec_len=0, size=60 fake=0 [ 495.669817][ C1] vkms_vblank_simulate: vblank timer overrun [ 495.739684][ T5808] EXT4-fs warning (device loop3): empty_inline_dir:1793: bad inline directory (dir #12) - inode 2147483648, rec_len 0, name_len 0inline size 60 [ 495.756662][ T5808] EXT4-fs error (device loop3): ext4_inlinedir_to_tree:1340: inode #12: block 7: comm syz-executor: path /280/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=20, inode=2147483648, rec_len=0, size=60 fake=0 [ 495.832403][ T9601] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1454'. [ 495.833886][ T5808] EXT4-fs error (device loop3): empty_inline_dir:1786: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=20, inode=2147483648, rec_len=0, size=60 fake=0 [ 495.873605][ T9601] netlink: 'syz.4.1454': attribute type 1 has an invalid length. [ 495.881556][ T9601] netlink: 'syz.4.1454': attribute type 2 has an invalid length. [ 495.932369][ T5808] EXT4-fs warning (device loop3): empty_inline_dir:1793: bad inline directory (dir #12) - inode 2147483648, rec_len 0, name_len 0inline size 60 [ 495.969754][ T5808] EXT4-fs error (device loop3): ext4_inlinedir_to_tree:1340: inode #12: block 7: comm syz-executor: path /280/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=20, inode=2147483648, rec_len=0, size=60 fake=0 [ 496.022749][ T5808] EXT4-fs error (device loop3): empty_inline_dir:1786: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=20, inode=2147483648, rec_len=0, size=60 fake=0 [ 496.092633][ T5808] EXT4-fs warning (device loop3): empty_inline_dir:1793: bad inline directory (dir #12) - inode 2147483648, rec_len 0, name_len 0inline size 60 [ 496.184436][ T5808] EXT4-fs error (device loop3): ext4_inlinedir_to_tree:1340: inode #12: block 7: comm syz-executor: path /280/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=20, inode=2147483648, rec_len=0, size=60 fake=0 [ 496.261504][ T5808] EXT4-fs error (device loop3): empty_inline_dir:1786: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=20, inode=2147483648, rec_len=0, size=60 fake=0 [ 496.348331][ T5808] EXT4-fs warning (device loop3): empty_inline_dir:1793: bad inline directory (dir #12) - inode 2147483648, rec_len 0, name_len 0inline size 60 [ 496.465533][ T5808] EXT4-fs warning (device loop3): empty_inline_dir:1793: bad inline directory (dir #12) - inode 2147483648, rec_len 0, name_len 0inline size 60 [ 496.500629][ T5808] EXT4-fs warning (device loop3): empty_inline_dir:1793: bad inline directory (dir #12) - inode 2147483648, rec_len 0, name_len 0inline size 60 [ 496.609599][ T9611] netem: unknown loss type 0 [ 496.616132][ T9611] netem: change failed [ 496.621560][ T5808] EXT4-fs warning (device loop3): empty_inline_dir:1793: bad inline directory (dir #12) - inode 2147483648, rec_len 0, name_len 0inline size 60 [ 496.692073][ T5808] EXT4-fs warning (device loop3): empty_inline_dir:1793: bad inline directory (dir #12) - inode 2147483648, rec_len 0, name_len 0inline size 60 [ 496.778784][ T5808] EXT4-fs warning (device loop3): empty_inline_dir:1793: bad inline directory (dir #12) - inode 2147483648, rec_len 0, name_len 0inline size 60 [ 496.858332][ T9615] loop4: detected capacity change from 0 to 1024 [ 496.998673][ T9615] hfsplus: bad catalog entry type [ 497.132260][ T4222] hfsplus: b-tree write err: -5, ino 4 [ 498.610104][ T9641] loop4: detected capacity change from 0 to 1764 [ 498.753014][ T9644] tap0: tun_chr_ioctl cmd 1074025677 [ 498.759221][ T9644] tap0: linktype set to 769 [ 498.891831][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 498.913590][ T1897] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 498.913814][ T3952] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.104009][ T1897] usb 2-1: Using ep0 maxpacket: 8 [ 499.129491][ T3952] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.136946][ T1897] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 499.148803][ T1897] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 499.159358][ T1897] usb 2-1: config 0 has no interface number 0 [ 499.165838][ T1897] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 499.179244][ T1897] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 499.193144][ T1897] usb 2-1: config 0 interface 52 has no altsetting 0 [ 499.260402][ T1897] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 499.270215][ T1897] usb 2-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 499.280785][ T1897] usb 2-1: Manufacturer: syz [ 499.300976][ T3952] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.340970][ T1897] usb 2-1: config 0 descriptor?? [ 499.431117][ T3952] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.599534][ T1897] input: syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.52/input/input12 [ 499.960791][ C1] synaptics_usb 2-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 499.970124][ T1897] usb 2-1: USB disconnect, device number 9 [ 499.979545][ T3952] bridge_slave_1: left allmulticast mode [ 499.986145][ T3952] bridge_slave_1: left promiscuous mode [ 499.995471][ T3952] bridge0: port 2(bridge_slave_1) entered disabled state [ 500.492258][ T3952] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 500.550702][ T3952] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 500.565277][ T3952] bond0 (unregistering): Released all slaves [ 501.090405][ T9657] loop1: detected capacity change from 0 to 2048 [ 501.372088][ T9657] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 501.384991][ T9657] ext4 filesystem being mounted at /312/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 501.565471][ T3952] hsr_slave_0: left promiscuous mode [ 501.621720][ T3952] hsr_slave_1: left promiscuous mode [ 501.632318][ T3952] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 501.640202][ T3952] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 501.758576][ T9657] fs-verity: sha512 using implementation "sha512-generic" [ 501.794418][ T30] audit: type=1800 audit(2000000014.170:66): pid=9657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1484" name="file0" dev="loop1" ino=13 res=0 errno=0 [ 501.807439][ T3952] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 501.822965][ T3952] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 501.951251][ T9657] fs-verity (loop1, inode 13): Error -4 building Merkle tree [ 502.067226][ T3952] veth0_macvtap: left allmulticast mode [ 502.073404][ T3952] veth1_macvtap: left promiscuous mode [ 502.079216][ T3952] veth0_macvtap: left promiscuous mode [ 502.085274][ T3952] veth1_vlan: left promiscuous mode [ 502.090881][ T3952] veth0_vlan: left promiscuous mode [ 502.177352][ T49] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 502.215110][ T49] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 502.358012][ T49] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 502.373857][ T49] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 502.448540][ T49] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 502.571396][ T5802] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 502.711821][ T9677] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1492'. [ 502.932525][ T3952] team0 (unregistering): Port device team_slave_1 removed [ 502.965834][ T3952] team0 (unregistering): Port device team_slave_0 removed [ 503.967274][ T9670] chnl_net:caif_netlink_parms(): no params data found [ 504.103755][ T5856] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 504.282846][ T5856] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 504.352760][ T5856] usb 3-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a [ 504.362330][ T5856] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.371051][ T5856] usb 3-1: Product: syz [ 504.375658][ T5856] usb 3-1: Manufacturer: syz [ 504.380501][ T5856] usb 3-1: SerialNumber: syz [ 504.447990][ T5856] usb 3-1: config 0 descriptor?? [ 504.480625][ T5856] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state. [ 504.492846][ T5856] dvb-usb: bulk message failed: -22 (3/0) [ 504.544690][ T5803] Bluetooth: hci3: command tx timeout [ 504.567773][ T5856] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 504.580787][ T5856] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device) [ 504.592621][ T5856] usb 3-1: media controller created [ 504.637454][ T5856] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 504.698624][ T5856] dvb-usb: bulk message failed: -22 (6/0) [ 504.706843][ T5856] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' [ 504.719857][ T9690] dvb-usb: bulk message failed: -22 (2/0) [ 504.757829][ T5856] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input13 [ 504.791404][ T5856] dvb-usb: schedule remote query interval to 150 msecs. [ 504.799522][ T5856] dvb-usb: bulk message failed: -22 (3/0) [ 504.824176][ T5856] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected. [ 504.881942][ T5856] usb 3-1: USB disconnect, device number 7 [ 504.969403][ T5856] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected. [ 505.049598][ T9670] bridge0: port 1(bridge_slave_0) entered blocking state [ 505.060111][ T9670] bridge0: port 1(bridge_slave_0) entered disabled state [ 505.068501][ T9670] bridge_slave_0: entered allmulticast mode [ 505.080634][ T9670] bridge_slave_0: entered promiscuous mode [ 505.101691][ T9670] bridge0: port 2(bridge_slave_1) entered blocking state [ 505.111625][ T9670] bridge0: port 2(bridge_slave_1) entered disabled state [ 505.121442][ T9670] bridge_slave_1: entered allmulticast mode [ 505.132372][ T9670] bridge_slave_1: entered promiscuous mode [ 505.311195][ T9670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 505.348642][ T9670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 505.365762][ T9715] loop4: detected capacity change from 0 to 16 [ 505.408430][ T9715] erofs (device loop4): mounted with root inode @ nid 36. [ 505.580522][ T9670] team0: Port device team_slave_0 added [ 505.597558][ T9670] team0: Port device team_slave_1 added [ 505.809837][ T9670] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 505.818144][ T9670] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 505.846590][ T9670] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 505.964977][ T9670] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 505.972152][ T9670] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 505.998727][ T9670] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 506.182213][ T9670] hsr_slave_0: entered promiscuous mode [ 506.192120][ T9670] hsr_slave_1: entered promiscuous mode [ 506.200828][ T9670] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 506.208666][ T9670] Cannot create hsr debugfs directory [ 506.629359][ T5803] Bluetooth: hci3: command tx timeout [ 506.897334][ T9670] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 506.984817][ T9670] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 507.056416][ T9670] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 507.124608][ T9670] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 507.373460][ T5856] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 507.467098][ T9747] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 507.485979][ T9747] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1521'. [ 507.609481][ T5856] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 507.619511][ T5856] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.707996][ T5856] usb 1-1: config 0 descriptor?? [ 507.736596][ T5856] cp210x 1-1:0.0: cp210x converter detected [ 508.004686][ T9745] loop2: detected capacity change from 0 to 32768 [ 508.017166][ T9745] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1520 (9745) [ 508.040110][ T9745] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 508.050789][ T9745] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 508.061105][ T9745] BTRFS info (device loop2): using free-space-tree [ 508.237177][ T5856] usb 1-1: cp210x converter now attached to ttyUSB0 [ 508.279018][ T9745] BTRFS info (device loop2): rebuilding free space tree [ 508.442173][ T5804] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 508.500712][ T9768] loop4: detected capacity change from 0 to 256 [ 508.530504][ T9768] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 508.542361][ T9768] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 508.571004][ T9670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 508.640307][ T9768] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 508.704709][ T5803] Bluetooth: hci3: command tx timeout [ 508.714572][ T9670] 8021q: adding VLAN 0 to HW filter on device team0 [ 508.826802][ T4222] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.834433][ T4222] bridge0: port 1(bridge_slave_0) entered forwarding state [ 508.928431][ T4222] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.936081][ T4222] bridge0: port 2(bridge_slave_1) entered forwarding state [ 509.382192][ T9774] loop4: detected capacity change from 0 to 256 [ 509.465252][ T9774] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x09066d1f, utbl_chksum : 0xe619d30d) [ 509.555632][ T9774] exFAT-fs (loop4): error, data size is invalid(150994954) [ 509.563358][ T9774] exFAT-fs (loop4): Filesystem has been set read-only [ 509.711675][ T9777] loop1: detected capacity change from 0 to 2048 [ 509.795112][ T9779] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 510.117952][ T9781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1525'. [ 510.118577][ T9779] NILFS (loop1): vblocknr = 18 has abnormal lifetime: start cno (= 504403158265495554) > current cno (= 3) [ 510.141383][ T9779] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=2) [ 510.172395][ T9779] Remounting filesystem read-only [ 510.188473][ T5802] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 510.389311][ T5857] usb 1-1: USB disconnect, device number 7 [ 510.430958][ T5857] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 510.511614][ T9670] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 510.534378][ T5857] cp210x 1-1:0.0: device disconnected [ 510.669770][ T9792] netlink: 'syz.0.1533': attribute type 1 has an invalid length. [ 510.791024][ T5803] Bluetooth: hci3: command tx timeout [ 512.134838][ T9670] veth0_vlan: entered promiscuous mode [ 512.201910][ T9670] veth1_vlan: entered promiscuous mode [ 512.391505][ T9670] veth0_macvtap: entered promiscuous mode [ 512.437017][ T9670] veth1_macvtap: entered promiscuous mode [ 512.567178][ T9670] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 512.692751][ T9670] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 512.761079][ T9670] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.770459][ T9670] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.780171][ T9670] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.790506][ T9670] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 514.589643][ T9861] geneve3: entered promiscuous mode [ 514.595509][ T9861] geneve3: entered allmulticast mode [ 515.530733][ T9878] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1565'. [ 516.026338][ T9885] netlink: 'syz.1.1568': attribute type 14 has an invalid length. [ 517.928480][ T3952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 517.937606][ T3952] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 518.163529][ T750] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 518.171612][ T750] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 518.355311][ T9924] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes [ 519.167709][ T5856] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 519.342273][ T5856] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 519.355285][ T5856] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 519.365744][ T5856] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 519.378937][ T5856] usb 1-1: New USB device found, idVendor=056a, idProduct=005d, bcdDevice= 0.00 [ 519.388324][ T5856] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.464168][ T5856] usb 1-1: config 0 descriptor?? [ 519.555519][ T9932] loop5: detected capacity change from 0 to 40427 [ 519.612019][ T9932] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 519.620291][ T9932] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 519.635820][ T9932] F2FS-fs (loop5): invalid crc value [ 519.947126][ T9932] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 519.954618][ T9932] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 520.125956][ T5856] usb 1-1: USB disconnect, device number 8 [ 520.737969][ T9955] Illegal XDP return value 2850919871 on prog (id 160) dev N/A, expect packet loss! [ 520.895581][ T9957] netlink: 277 bytes leftover after parsing attributes in process `syz.4.1594'. [ 521.619742][ T9966] sctp: [Deprecated]: syz.1.1599 (pid 9966) Use of int in max_burst socket option deprecated. [ 521.619742][ T9966] Use struct sctp_assoc_value instead [ 522.340727][ T9980] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1604'. [ 522.350357][ T9980] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1604'. [ 522.484559][ T5856] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 522.663566][ T5856] usb 1-1: Using ep0 maxpacket: 16 [ 523.478274][ T9988] loop2: detected capacity change from 0 to 64 [ 523.522821][ T9985] loop1: detected capacity change from 0 to 40427 [ 523.533780][ T9985] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 523.544261][ T9985] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 523.559245][ T5856] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 523.571694][ T5856] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 523.581765][ T5856] usb 1-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 523.594987][ T5856] usb 1-1: config 0 interface 0 has no altsetting 0 [ 523.601885][ T5856] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 523.611340][ T5856] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.625154][ T5856] usb 1-1: config 0 descriptor?? [ 523.630954][ T9985] F2FS-fs (loop1): invalid crc value [ 523.662584][ T9983] loop4: detected capacity change from 0 to 8192 [ 524.073401][ T9985] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 524.081010][ T9985] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 524.255661][ T9996] pimreg: entered allmulticast mode [ 524.313041][ T5856] hid (null): unknown global tag 0xc [ 524.395080][ T9998] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 524.414618][ T9996] pimreg: left allmulticast mode [ 524.514828][ T5856] usb 1-1: USB disconnect, device number 9 [ 526.197901][T10006] loop4: detected capacity change from 0 to 32768 [ 526.262285][T10006] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 526.697585][T10020] loop2: detected capacity change from 0 to 2048 [ 526.758632][T10020] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 526.972615][T10006] XFS (loop4): Ending clean mount [ 526.995431][T10006] XFS (loop4): Quotacheck needed: Please wait. [ 527.067366][T10006] XFS (loop4): Quotacheck: Done. [ 527.255565][ T5812] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 527.428276][ T5857] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 527.632831][ T5857] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 527.645628][ T5857] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 527.656204][ T5857] usb 2-1: New USB device found, idVendor=172f, idProduct=0038, bcdDevice= 0.00 [ 527.665745][ T5857] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.791780][ T5857] usb 2-1: config 0 descriptor?? [ 527.940025][ T42] IPVS: starting estimator thread 0... [ 528.033738][T10041] IPVS: using max 240 ests per chain, 12000 per kthread [ 528.289371][ T5857] waltop 0003:172F:0038.000E: hidraw0: USB HID v0.00 Device [HID 172f:0038] on usb-dummy_hcd.1-1/input0 [ 528.357811][T10045] loop2: detected capacity change from 0 to 764 [ 528.428795][T10045] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 528.463479][ T5856] usb 2-1: USB disconnect, device number 10 [ 528.507259][T10047] netlink: 'syz.5.1631': attribute type 6 has an invalid length. [ 529.163544][ T5856] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 529.383735][ T5856] usb 1-1: Using ep0 maxpacket: 32 [ 529.391203][T10058] loop5: detected capacity change from 0 to 2048 [ 529.422409][ T5856] usb 1-1: config 0 has an invalid interface number: 85 but max is 0 [ 529.430901][ T5856] usb 1-1: config 0 has no interface number 0 [ 529.437453][ T5856] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 529.448911][ T5856] usb 1-1: config 0 interface 85 has no altsetting 0 [ 529.497146][ T5856] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 529.506702][ T5856] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.515249][ T5856] usb 1-1: Product: syz [ 529.519673][ T5856] usb 1-1: Manufacturer: syz [ 529.524737][ T5856] usb 1-1: SerialNumber: syz [ 529.567053][ T5856] usb 1-1: config 0 descriptor?? [ 530.005092][T10061] loop2: detected capacity change from 0 to 4096 [ 530.046809][T10061] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 530.104030][ T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 530.212988][ T5856] appletouch 1-1:0.85: Geyser mode initialized. [ 530.222079][ T5856] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input16 [ 530.266186][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 530.284200][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 530.294762][ T9] usb 2-1: config 0 has no interfaces? [ 530.330040][T10061] ntfs3(loop2): Failed to initialize $Extend/$Reparse. [ 530.340194][ T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 530.350229][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.358645][ T9] usb 2-1: Product: syz [ 530.363031][ T9] usb 2-1: Manufacturer: syz [ 530.368042][ T9] usb 2-1: SerialNumber: syz [ 530.395291][ T9] usb 2-1: config 0 descriptor?? [ 530.424383][ T5856] usb 1-1: USB disconnect, device number 10 [ 530.455019][ T5856] appletouch 1-1:0.85: input: appletouch disconnected [ 530.620725][ T9] usb 2-1: USB disconnect, device number 11 [ 530.621165][T10069] loop4: detected capacity change from 0 to 512 [ 530.650847][T10071] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1642'. [ 530.661649][T10071] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1642'. [ 530.724702][T10069] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 530.771453][T10069] EXT4-fs (loop4): 1 truncate cleaned up [ 530.779893][T10069] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 530.871727][T10069] fscrypt (loop4, inode 18): Unsupported encryption flags (0x98) [ 531.016123][T10075] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1643'. [ 531.205605][ T5812] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 531.292575][T10077] loop5: detected capacity change from 0 to 2048 [ 531.432819][T10077] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 531.445744][T10077] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 531.494888][T10082] loop2: detected capacity change from 0 to 1024 [ 531.526869][T10082] EXT4-fs: Ignoring removed orlov option [ 531.532925][T10082] EXT4-fs: Ignoring removed nomblk_io_submit option [ 531.541703][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 531.541957][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 531.597936][T10082] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 531.815136][ T9670] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 532.091409][ T5804] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 532.739377][T10108] loop2: detected capacity change from 0 to 64 [ 532.802593][T10108] syz.2.1657: attempt to access beyond end of device [ 532.802593][T10108] loop2: rw=2049, sector=268435468, nr_sectors = 2 limit=64 [ 533.458334][T10121] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1661'. [ 533.524166][T10116] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1661'. [ 533.531837][T10120] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1663'. [ 533.548792][T10122] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1661'. [ 533.568990][T10119] loop4: detected capacity change from 0 to 1024 [ 534.003906][ T3870] hfsplus: b-tree write err: -5, ino 4 [ 534.549275][T10142] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1673'. [ 534.559136][T10142] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1673'. [ 534.574375][ T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 534.753909][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 534.809262][ T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 534.819655][ T9] usb 5-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 534.829860][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 534.940389][ T9] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 534.950026][ T9] usb 5-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3 [ 534.958601][ T9] usb 5-1: Product: syz [ 534.962986][ T9] usb 5-1: Manufacturer: syz [ 534.967995][ T9] usb 5-1: SerialNumber: syz [ 535.146529][ T9] usb 5-1: config 0 descriptor?? [ 535.679275][T10146] loop2: detected capacity change from 0 to 32768 [ 535.770530][ T9] gs_usb 5-1:0.0: Configuring for 1 interfaces [ 536.001531][ T9] gs_usb 5-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 536.017522][ T9] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -22 [ 536.234955][ T42] usb 5-1: USB disconnect, device number 10 [ 536.406465][ T5857] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 536.603726][ T5857] usb 1-1: Using ep0 maxpacket: 8 [ 536.623809][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 536.642177][ T5857] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 536.653030][ T5857] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.771300][ T5857] pvrusb2: Hardware description: Terratec Grabster AV400 [ 536.778734][ T5857] pvrusb2: ********** [ 536.782890][ T5857] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 536.793537][ T5857] pvrusb2: Important functionality might not be entirely working. [ 536.801530][ T5857] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 536.813279][ T5857] pvrusb2: ********** [ 536.990635][ T2328] pvrusb2: Invalid write control endpoint [ 537.187726][ T5857] usb 1-1: USB disconnect, device number 11 [ 537.337155][ T2328] pvrusb2: Invalid write control endpoint [ 537.343592][ T2328] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 537.355169][ T2328] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 537.362918][ T2328] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 537.375429][ T2328] pvrusb2: Device being rendered inoperable [ 537.381644][ T2328] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 537.389433][ T2328] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 537.398771][ T2328] pvrusb2: Attached sub-driver cx25840 [ 537.404593][ T2328] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 537.415031][ T2328] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 537.638269][T10175] loop2: detected capacity change from 0 to 256 [ 537.669544][T10175] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 537.682642][T10175] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 537.781376][T10175] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 538.219336][T10183] sctp: [Deprecated]: syz.0.1690 (pid 10183) Use of int in maxseg socket option. [ 538.219336][T10183] Use struct sctp_assoc_value instead [ 538.313549][T10190] loop2: detected capacity change from 0 to 256 [ 538.459635][T10190] exFAT-fs (loop2): failed to load upcase table (idx : 0x000106cd, chksum : 0x3aeaf2c0, utbl_chksum : 0xe619d30d) [ 538.567866][T10190] exFAT-fs (loop2): error, in sector 160, dentry 11 should be unused, but 0xc1 [ 538.579664][T10190] exFAT-fs (loop2): Filesystem has been set read-only [ 539.397878][T10205] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 540.160274][T10210] loop5: detected capacity change from 0 to 4096 [ 540.190560][T10210] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 542.363801][ T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 542.548589][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 542.582138][ T9] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 542.595871][ T9] usb 3-1: config 179 has no interface number 0 [ 542.602398][ T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 542.614336][ T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 542.625917][ T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 542.637454][ T9] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 542.649348][ T9] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 542.663069][ T9] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 542.672438][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 542.838248][T10254] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 543.179389][ T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input17 [ 543.415213][ T5857] usb 3-1: USB disconnect, device number 8 [ 543.415262][ C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 543.415423][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 543.438069][ T5857] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 545.194636][T10294] loop5: detected capacity change from 0 to 16 [ 545.274659][T10294] erofs (device loop5): mounted with root inode @ nid 36. [ 545.318661][T10287] loop2: detected capacity change from 0 to 32768 [ 545.384106][T10287] gfs2: can't find protocol dlm [ 546.272326][ T9] kernel write not supported for file /uhid (pid: 9 comm: kworker/0:0) [ 546.789647][T10317] loop1: detected capacity change from 0 to 128 [ 546.906553][T10317] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 546.985148][T10317] ext4 filesystem being mounted at /377/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 547.406817][T10317] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 547.714126][T10333] xt_CT: You must specify a L4 protocol and not use inversions on it [ 548.566573][T10344] loop4: detected capacity change from 0 to 512 [ 548.660021][T10344] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities [ 548.966398][T10353] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1768'. [ 549.014163][T10356] syz.0.1770 uses obsolete (PF_INET,SOCK_PACKET) [ 549.027371][T10353] hsr_slave_0: left promiscuous mode [ 549.068998][T10353] hsr_slave_1: left promiscuous mode [ 550.209741][T10366] loop4: detected capacity change from 0 to 32768 [ 550.274171][T10366] ocfs2: Slot 0 on device (7,4) was already allocated to this node! [ 550.318718][T10366] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 550.377143][T10366] OCFS2: ERROR (device loop4): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has an invalid bg_blkno of 4278207136 [ 550.394666][T10366] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 550.405016][T10366] OCFS2: File system is now read-only. [ 550.410698][T10366] (syz.4.1774,10366,0):ocfs2_search_chain:1817 ERROR: status = -30 [ 550.418954][T10366] (syz.4.1774,10366,0):ocfs2_search_chain:1940 ERROR: status = -30 [ 550.427310][T10366] (syz.4.1774,10366,0):ocfs2_claim_suballoc_bits:2010 ERROR: status = -30 [ 550.436297][T10366] (syz.4.1774,10366,0):ocfs2_claim_suballoc_bits:2063 ERROR: status = -30 [ 550.445202][T10366] (syz.4.1774,10366,0):ocfs2_claim_new_inode:2298 ERROR: status = -30 [ 550.453691][T10366] (syz.4.1774,10366,0):ocfs2_claim_new_inode:2313 ERROR: status = -30 [ 550.462113][T10366] (syz.4.1774,10366,0):ocfs2_mknod_locked:638 ERROR: status = -30 [ 550.470865][T10366] (syz.4.1774,10366,0):ocfs2_mknod:385 ERROR: status = -30 [ 550.480092][T10366] (syz.4.1774,10366,0):ocfs2_mknod:502 ERROR: status = -30 [ 550.487977][T10366] (syz.4.1774,10366,0):ocfs2_create:675 ERROR: status = -30 [ 550.694977][ T5812] ocfs2: Unmounting device (7,4) on (node local) [ 552.116829][T10402] loop1: detected capacity change from 0 to 256 [ 552.176678][T10402] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 552.187726][T10402] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 552.378690][T10402] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 552.452254][T10409] sctp: [Deprecated]: syz.0.1794 (pid 10409) Use of struct sctp_assoc_value in delayed_ack socket option. [ 552.452254][T10409] Use struct sctp_sack_info instead [ 552.794582][T10413] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1795'. [ 552.863075][T10415] loop2: detected capacity change from 0 to 128 [ 552.915593][T10415] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 552.929241][T10415] ext4 filesystem being mounted at /354/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 553.308493][ T5804] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 553.323471][ T9] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 553.489534][ T9] usb 2-1: config 0 has an invalid interface number: 3 but max is 0 [ 553.502010][ T9] usb 2-1: config 0 has no interface number 0 [ 553.510135][ T9] usb 2-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59 [ 553.520629][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.589430][ T9] usb 2-1: config 0 descriptor?? [ 553.606060][ T9] hub 2-1:0.3: bad descriptor, ignoring hub [ 553.612240][ T9] hub 2-1:0.3: probe with driver hub failed with error -5 [ 553.624412][ T9] sierra 2-1:0.3: Sierra USB modem converter detected [ 553.648558][T10436] loop4: detected capacity change from 0 to 64 [ 553.704656][T10436] hfs: unable to locate alternate MDB [ 553.710527][T10436] hfs: continuing without an alternate MDB [ 553.837609][ T9] usb 2-1: Sierra USB modem converter now attached to ttyUSB0 [ 553.849879][ T30] audit: type=1800 audit(2000000066.250:67): pid=10436 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1805" name="file1" dev="loop4" ino=18 res=0 errno=0 [ 553.939185][ T9] usb 2-1: USB disconnect, device number 12 [ 553.952046][ T9] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 553.963641][ T9] sierra 2-1:0.3: device disconnected [ 555.157672][T10458] loop5: detected capacity change from 0 to 1024 [ 555.215773][T10458] EXT4-fs: Ignoring removed oldalloc option [ 555.315648][T10458] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 555.714475][ T9670] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 556.073522][T10477] loop5: detected capacity change from 0 to 1024 [ 556.114904][T10477] EXT4-fs: Ignoring removed nobh option [ 556.120765][T10477] EXT4-fs: Ignoring removed bh option [ 556.264744][T10477] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 556.347171][T10477] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 15: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 556.526695][ T9670] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 556.965017][T10499] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1832'. [ 557.060095][ T30] audit: type=1326 audit(2000000069.470:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10500 comm="syz.1.1833" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f561258e929 code=0x0 [ 557.256886][T10506] loop5: detected capacity change from 0 to 256 [ 557.281429][T10506] exfat: Deprecated parameter 'namecase' [ 557.291580][T10506] exfat: Deprecated parameter 'utf8' [ 557.378131][T10506] exFAT-fs (loop5): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 557.633504][ T5857] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 557.803669][ T5857] usb 5-1: Using ep0 maxpacket: 16 [ 557.841833][ T5857] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 557.854411][ T5857] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 557.868015][ T5857] usb 5-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.00 [ 557.877513][ T5857] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.975455][ T5857] usb 5-1: config 0 descriptor?? [ 558.154974][ T9] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 558.411589][ T5857] logitech 0003:046D:C623.000F: item fetching failed at offset 8/69 [ 558.467757][ T5857] logitech 0003:046D:C623.000F: parse failed [ 558.474824][ T5857] logitech 0003:046D:C623.000F: probe with driver logitech failed with error -22 [ 558.608934][T10528] loop5: detected capacity change from 0 to 512 [ 558.628489][ T5857] usb 5-1: USB disconnect, device number 11 [ 558.888754][T10522] loop1: detected capacity change from 0 to 32768 [ 558.935121][T10522] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1842 (10522) [ 558.981838][ T9] usb 1-1: config 0 has an invalid interface number: 106 but max is 0 [ 558.990710][ T9] usb 1-1: config 0 has no interface number 0 [ 558.997127][ T9] usb 1-1: config 0 interface 106 has no altsetting 0 [ 559.073300][ T9] usb 1-1: New USB device found, idVendor=413c, idProduct=8217, bcdDevice=b2.59 [ 559.084522][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.092811][ T9] usb 1-1: Product: syz [ 559.097936][ T9] usb 1-1: Manufacturer: syz [ 559.102769][ T9] usb 1-1: SerialNumber: syz [ 559.134741][ T9] usb 1-1: config 0 descriptor?? [ 559.220575][T10528] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 559.234610][T10528] ext4 filesystem being mounted at /54/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 559.492781][ T9] usb 1-1: USB disconnect, device number 12 [ 559.505374][T10528] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 559.862481][T10522] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 559.873340][T10522] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 559.882938][T10522] BTRFS info (device loop1): using free-space-tree [ 559.991313][T10522] BTRFS info (device loop1): rebuilding free space tree [ 560.222828][ T5802] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 560.430873][T10532] loop2: detected capacity change from 0 to 65536 [ 560.501763][ T9670] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 560.505031][T10532] XFS (loop2): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 560.656188][T10532] XFS (loop2): Ending clean mount [ 560.765158][ T5804] XFS (loop2): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 560.842403][T10566] loop4: detected capacity change from 0 to 1024 [ 561.054631][T10566] hfsplus: bad catalog entry type [ 561.329045][ T3913] hfsplus: b-tree write err: -5, ino 4 [ 562.265417][T10586] netlink: 348 bytes leftover after parsing attributes in process `syz.1.1858'. [ 563.994573][T10606] loop2: detected capacity change from 0 to 32768 [ 564.009118][T10606] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1852 (10606) [ 564.030540][T10614] loop4: detected capacity change from 0 to 1024 [ 564.044169][T10606] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 564.054796][T10606] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm [ 564.064115][T10606] BTRFS info (device loop2): using free-space-tree [ 564.534872][ T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 564.551463][ T5804] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 564.757344][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 564.781532][ T9] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 564.793928][ T9] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 564.805070][ T9] usb 2-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 564.820479][ T9] usb 2-1: config 0 interface 0 has no altsetting 0 [ 564.827749][ T9] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 564.837293][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.901362][ T9] usb 2-1: config 0 descriptor?? [ 565.362907][ T9] hid (null): invalid report_size 27418 [ 565.369577][ T9] hid (null): report_id 1505116794 is invalid [ 565.375980][ T9] hid (null): unknown global tag 0xe [ 565.574924][ T9] usb 2-1: USB disconnect, device number 13 [ 565.674109][ T5857] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 565.854634][ T5857] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 565.864304][ T5857] usb 6-1: config 0 has no interface number 0 [ 565.905216][ T5857] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 565.914921][ T5857] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 565.924825][ T5857] usb 6-1: Product: syz [ 565.929240][ T5857] usb 6-1: Manufacturer: syz [ 565.935455][ T5857] usb 6-1: SerialNumber: syz [ 565.996368][ T5857] usb 6-1: config 0 descriptor?? [ 566.050480][T10659] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1882'. [ 566.220067][ T5857] usb 6-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 566.280446][ T5857] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 566.291984][ T5857] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 566.300583][ T5857] usb 6-1: media controller created [ 566.406504][ T5857] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 566.622535][T10664] netlink: 'syz.0.1884': attribute type 10 has an invalid length. [ 567.569418][ T5857] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 567.869428][ T5857] usb 6-1: USB disconnect, device number 2 [ 567.993845][T10684] loop2: detected capacity change from 0 to 2048 [ 568.061213][T10684] EXT4-fs (loop2): failed to initialize system zone (-117) [ 568.137269][T10684] EXT4-fs (loop2): mount failed [ 568.442481][T10695] loop1: detected capacity change from 0 to 512 [ 568.530906][T10695] EXT4-fs (loop1): invalid journal inode [ 568.774207][T10702] syz.4.1901 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 569.100294][T10711] loop5: detected capacity change from 0 to 64 [ 569.131503][T10712] bond0: option mode: unable to set because the bond device has slaves [ 569.436142][T10719] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1908'. [ 570.313804][T10737] loop5: detected capacity change from 0 to 1024 [ 570.366146][T10737] EXT4-fs: Ignoring removed nomblk_io_submit option [ 570.640822][T10737] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 570.689711][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 570.735016][T10745] ref_ctr_offset mismatch. inode: 0x7a4 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4 [ 570.883540][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 570.957145][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 570.968603][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 570.978757][ T9] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 570.988210][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.141270][T10739] loop1: detected capacity change from 0 to 32768 [ 571.152158][T10739] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1917 (10739) [ 571.185687][T10739] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 571.197490][T10739] BTRFS info (device loop1): using sha256 (sha256-x86_64) checksum algorithm [ 571.209903][T10739] BTRFS info (device loop1): using free-space-tree [ 571.225436][ T9] usb 1-1: config 0 descriptor?? [ 571.268903][ T9670] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 571.604404][ T5802] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 571.681206][T10770] netlink: 'syz.5.1923': attribute type 13 has an invalid length. [ 571.693850][ T9] ft260 0003:0403:6030.0011: unknown main item tag 0x7 [ 571.883720][ T9] ft260 0003:0403:6030.0011: failed to retrieve chip version [ 571.892845][ T9] ft260 0003:0403:6030.0011: probe with driver ft260 failed with error -71 [ 572.202575][ T9] usb 1-1: USB disconnect, device number 13 [ 572.473857][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 572.732649][ T3952] Bluetooth: hci5: Frame reassembly failed (-84) [ 572.788193][T10782] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 574.783670][ T5803] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 574.929449][T10820] loop1: detected capacity change from 0 to 64 [ 575.265429][T10825] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1945'. [ 577.029130][T10860] random: crng reseeded on system resumption [ 577.203797][ T5857] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 577.364905][ T5857] usb 1-1: Using ep0 maxpacket: 32 [ 577.381087][ T5857] usb 1-1: config 0 interface 0 has no altsetting 0 [ 577.390241][ T5857] usb 1-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 577.400336][ T5857] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.461699][T10854] loop4: detected capacity change from 0 to 32768 [ 577.476345][ T5857] usb 1-1: config 0 descriptor?? [ 577.495844][T10854] (syz.4.1960,10854,0):ocfs2_verify_volume:2308 ERROR: bad block number on superblock: found 0, should be 2 [ 577.511176][T10854] (syz.4.1960,10854,0):ocfs2_verify_volume:2331 ERROR: status = -22 [ 577.519592][T10854] (syz.4.1960,10854,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 577.528681][T10854] (syz.4.1960,10854,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 577.984028][ T5857] ryos 0003:1E7D:31CE.0012: item fetching failed at offset 5/7 [ 578.009962][ T5857] ryos 0003:1E7D:31CE.0012: parse failed [ 578.016427][ T5857] ryos 0003:1E7D:31CE.0012: probe with driver ryos failed with error -22 [ 578.180739][ T5857] usb 1-1: USB disconnect, device number 14 [ 578.211425][T10867] loop5: detected capacity change from 0 to 1024 [ 578.481146][ T750] hfsplus: b-tree write err: -5, ino 4 [ 578.482647][T10875] loop1: detected capacity change from 0 to 128 [ 578.566947][T10875] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 578.638786][T10875] ext4 filesystem being mounted at /421/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 578.745110][T10875] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:375: inode #2: comm syz.1.1970: No space for directory leaf checksum. Please run e2fsck -D. [ 578.761389][T10875] EXT4-fs error (device loop1): __ext4_find_entry:1626: inode #2: comm syz.1.1970: checksumming directory block 0 [ 578.858772][ T5802] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 580.098974][T10905] cifs: Unknown parameter 'mode' [ 580.366883][T10907] loop5: detected capacity change from 0 to 1024 [ 580.546221][T10915] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1987'. [ 580.575245][T10915] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 580.584328][T10915] macsec2: entered allmulticast mode [ 580.589906][T10915] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 580.678427][T10915] mac80211_hwsim hwsim2 wlan0: left allmulticast mode [ 580.687436][T10915] mac80211_hwsim hwsim2 wlan0: left promiscuous mode [ 581.305439][T10929] netlink: 'syz.0.1994': attribute type 1 has an invalid length. [ 581.313951][T10929] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1994'. [ 581.773665][ T5856] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 581.907662][T10942] netlink: 116 bytes leftover after parsing attributes in process `syz.5.2000'. [ 581.920054][T10942] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2000'. [ 581.984162][ T5856] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 581.996215][ T5856] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 582.007083][ T5856] usb 3-1: config 0 interface 0 has no altsetting 0 [ 582.016251][ T5856] usb 3-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 582.025895][ T5856] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.068006][ T5856] usb 3-1: config 0 descriptor?? [ 582.215681][T10945] loop4: detected capacity change from 0 to 2048 [ 582.357022][T10945] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 582.589775][ T5856] input: HID 054c:03d5 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:054C:03D5.0013/input/input20 [ 582.737070][ T5856] sony 0003:054C:03D5.0013: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.2-1/input0 [ 582.828133][ T5857] usb 3-1: USB disconnect, device number 9 [ 582.894332][T10945] UDF-fs: warning (device loop4): udf_truncate_tail_extent: Too long extent after EOF in inode 1346: i_size: 17247358976 lbcount: 17247363072 extent 129+61440 [ 583.075716][T10961] tun0: tun_chr_ioctl cmd 1074025677 [ 583.088589][T10961] tun0: linktype set to 805 [ 583.163197][ T30] audit: type=1800 audit(2000000095.560:69): pid=10964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2009" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 584.892470][T10999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2025'. [ 584.930735][T10999] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2025'. [ 585.197479][T11005] JFS: discard option not supported on device [ 585.204743][T11005] Mount JFS Failure: -22 [ 585.209219][T11005] jfs_mount failed w/return code = -22 [ 585.734751][T11017] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input21 [ 585.806580][ T4222] ===================================================== [ 585.814344][ T4222] BUG: KMSAN: uninit-value in n_tty_receive_buf_standard+0xafd/0x98a0 [ 585.822756][ T4222] n_tty_receive_buf_standard+0xafd/0x98a0 [ 585.829061][ T4222] n_tty_receive_buf_common+0x1a68/0x2540 [ 585.835954][ T4222] n_tty_receive_buf2+0x4c/0x60 [ 585.841043][ T4222] tty_ldisc_receive_buf+0xc6/0x2c0 [ 585.846637][ T4222] tty_port_default_receive_buf+0xd7/0x1a0 [ 585.852683][ T4222] flush_to_ldisc+0x49d/0xf00 [ 585.857784][ T4222] process_scheduled_works+0xb8e/0x1d80 [ 585.864130][ T4222] worker_thread+0xedf/0x1590 [ 585.869053][ T4222] kthread+0xd5c/0xf00 [ 585.873955][ T4222] ret_from_fork+0x1e0/0x310 [ 585.878762][ T4222] ret_from_fork_asm+0x1a/0x30 [ 585.885644][ T4222] [ 585.888086][ T4222] Uninit was stored to memory at: [ 585.894431][ T4222] n_tty_receive_buf_standard+0xaf6/0x98a0 [ 585.900492][ T4222] n_tty_receive_buf_common+0x1a68/0x2540 [ 585.907888][ T4222] n_tty_receive_buf2+0x4c/0x60 [ 585.912946][ T4222] tty_ldisc_receive_buf+0xc6/0x2c0 [ 585.918798][ T4222] tty_port_default_receive_buf+0xd7/0x1a0 [ 585.926520][ T4222] flush_to_ldisc+0x49d/0xf00 [ 585.931452][ T4222] process_scheduled_works+0xb8e/0x1d80 [ 585.937684][ T4222] worker_thread+0xedf/0x1590 [ 585.942624][ T4222] kthread+0xd5c/0xf00 [ 585.946989][ T4222] ret_from_fork+0x1e0/0x310 [ 585.951750][ T4222] ret_from_fork_asm+0x1a/0x30 [ 585.957002][ T4222] [ 585.959438][ T4222] Uninit was created at: [ 585.964086][ T4222] __kmalloc_noprof+0x95f/0x1310 [ 585.969240][ T4222] __tty_buffer_request_room+0x3d4/0x7a0 [ 585.975338][ T4222] __tty_insert_flip_string_flags+0x157/0x6f0 [ 585.981732][ T4222] uart_insert_char+0x368/0x930 [ 585.988753][ T4222] serial8250_read_char+0x1ba/0x670 [ 585.994892][ T4222] serial8250_handle_irq+0x930/0x1110 [ 586.000479][ T4222] serial8250_default_handle_irq+0x116/0x2b0 [ 586.008186][ T4222] serial8250_interrupt+0xcb/0x400 [ 586.014062][ T4222] __handle_irq_event_percpu+0x11c/0xbf0 [ 586.019913][ T4222] handle_irq_event+0xe0/0x2a0 [ 586.025029][ T4222] handle_edge_irq+0x31c/0xc80 [ 586.029985][ T4222] __common_interrupt+0xa2/0x220 [ 586.035362][ T4222] common_interrupt+0x94/0xb0 [ 586.040256][ T4222] asm_common_interrupt+0x2b/0x40 [ 586.045736][ T4222] [ 586.048233][ T4222] CPU: 1 UID: 0 PID: 4222 Comm: kworker/u8:25 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) [ 586.060931][ T4222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 586.071397][ T4222] Workqueue: events_unbound flush_to_ldisc [ 586.078118][ T4222] ===================================================== [ 586.085310][ T4222] Disabling lock debugging due to kernel taint [ 586.093502][ T4222] Kernel panic - not syncing: kmsan.panic set ... [ 586.100116][ T4222] CPU: 1 UID: 0 PID: 4222 Comm: kworker/u8:25 Tainted: G B 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) [ 586.114330][ T4222] Tainted: [B]=BAD_PAGE [ 586.118617][ T4222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 586.128854][ T4222] Workqueue: events_unbound flush_to_ldisc [ 586.134923][ T4222] Call Trace: [ 586.138328][ T4222] [ 586.141417][ T4222] __dump_stack+0x26/0x30 [ 586.146004][ T4222] dump_stack_lvl+0x53/0x270 [ 586.150828][ T4222] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 586.156915][ T4222] dump_stack+0x1e/0x25 [ 586.161313][ T4222] panic+0x4bd/0xd50 [ 586.165500][ T4222] kmsan_report+0x31c/0x320 [ 586.170253][ T4222] ? __msan_warning+0x1b/0x30 [ 586.175259][ T4222] ? n_tty_receive_buf_standard+0xafd/0x98a0 [ 586.181509][ T4222] ? n_tty_receive_buf_common+0x1a68/0x2540 [ 586.187641][ T4222] ? n_tty_receive_buf2+0x4c/0x60 [ 586.192884][ T4222] ? tty_ldisc_receive_buf+0xc6/0x2c0 [ 586.198521][ T4222] ? tty_port_default_receive_buf+0xd7/0x1a0 [ 586.204711][ T4222] ? flush_to_ldisc+0x49d/0xf00 [ 586.209833][ T4222] ? process_scheduled_works+0xb8e/0x1d80 [ 586.216272][ T4222] ? worker_thread+0xedf/0x1590 [ 586.221425][ T4222] ? kthread+0xd5c/0xf00 [ 586.225899][ T4222] ? ret_from_fork+0x1e0/0x310 [ 586.230903][ T4222] ? ret_from_fork_asm+0x1a/0x30 [ 586.236111][ T4222] ? ret_from_fork_asm+0x1a/0x30 [ 586.241332][ T4222] ? stack_depot_save_flags+0x35/0x7b0 [ 586.247012][ T4222] ? kmsan_get_metadata+0xfb/0x160 [ 586.252375][ T4222] ? kmsan_get_metadata+0x150/0x160 [ 586.257833][ T4222] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 586.264425][ T4222] ? kmsan_get_metadata+0x150/0x160 [ 586.269883][ T4222] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 586.275982][ T4222] ? n_tty_receive_char+0xfae/0x1440 [ 586.281521][ T4222] ? kmsan_get_metadata+0xfb/0x160 [ 586.286875][ T4222] __msan_warning+0x1b/0x30 [ 586.291582][ T4222] n_tty_receive_buf_standard+0xafd/0x98a0 [ 586.297603][ T4222] ? kmsan_get_metadata+0xfb/0x160 [ 586.302927][ T4222] ? kmsan_get_metadata+0xfb/0x160 [ 586.308251][ T4222] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 586.314807][ T4222] n_tty_receive_buf_common+0x1a68/0x2540 [ 586.320789][ T4222] n_tty_receive_buf2+0x4c/0x60 [ 586.325810][ T4222] ? __pfx_n_tty_receive_buf2+0x10/0x10 [ 586.331529][ T4222] tty_ldisc_receive_buf+0xc6/0x2c0 [ 586.336962][ T4222] tty_port_default_receive_buf+0xd7/0x1a0 [ 586.342958][ T4222] flush_to_ldisc+0x49d/0xf00 [ 586.347841][ T4222] ? __pfx_tty_port_default_receive_buf+0x10/0x10 [ 586.354451][ T4222] ? __pfx_flush_to_ldisc+0x10/0x10 [ 586.359910][ T4222] process_scheduled_works+0xb8e/0x1d80 [ 586.365742][ T4222] worker_thread+0xedf/0x1590 [ 586.370685][ T4222] kthread+0xd5c/0xf00 [ 586.374931][ T4222] ? __pfx_worker_thread+0x10/0x10 [ 586.380273][ T4222] ? __pfx_kthread+0x10/0x10 [ 586.385064][ T4222] ret_from_fork+0x1e0/0x310 [ 586.389828][ T4222] ? __pfx_kthread+0x10/0x10 [ 586.394603][ T4222] ret_from_fork_asm+0x1a/0x30 [ 586.399600][ T4222] [ 586.403087][ T4222] Kernel Offset: disabled [ 586.407516][ T4222] Rebooting in 86400 seconds..