last executing test programs: 2m29.008961097s ago: executing program 1 (id=1546): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000100), &(0x7f0000000280)=0x4e) 2m28.828282703s ago: executing program 1 (id=1548): r0 = socket(0x2b, 0x1, 0x1) accept$unix(r0, 0x0, 0x0) 2m28.539896788s ago: executing program 1 (id=1551): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@ipv4_newroute={0x3c, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x1}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x4}}]}, 0x3c}}, 0x0) 2m28.320553188s ago: executing program 1 (id=1554): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, &(0x7f0000000180)) 2m28.17510296s ago: executing program 1 (id=1557): syz_mount_image$squashfs(&(0x7f0000000200), &(0x7f0000000000)='./file0\x00', 0x8010, &(0x7f0000000680)=ANY=[@ANYBLOB="005901e3fd18fb9c322293c67dcde48bfeffd1843c336e09b34af65ad26aafded7da5cfeeda2b8d8d900c2195f00f646f699eeb47813177405a6a6baf786c0d14f2079a9efa9db8973bcca25eb2973856c6760a483c41d0980c78a4cb096a5affa6b980600000000000000a1eacd2c820176737d4eb55dca564820dd769d8742f6d9ab243775a67afcdf845f978e95365cdf6f30aa43423b381881433e00ccbe6353b21300d8f0ca972589398eef9487db78486fcf174990c488031f8b39cc01bb509f3ea4bcde33d4c9e305ecb4dd88204c5d7bb5e469cabfda0feca3ce70c0acbc34d13e5a5c796eab23abfe3b717834f8e9d7120e1e925c4e210b4152c75210b3e979fbe8ddf23eef2d53733209b22206e0a4afc354c33d7ca2a00116a14d686e4aa86b6ec6a4130178c3ad8c723c0d8506bd7bff780000000000000000004b2ec61cfde813cc124715aaaf5508b93d8cf0860042108b660b74f94b1e4851eeec09fdb7a617eabeeeff8ce8bb99f4b1f9c2896cf31e19c3c24155b0ea7dc3cae1b56acb1946830cad94af3f1caf43ea03b38fc08a7e19480e283a4c0d", @ANYRESDEC, @ANYRESHEX, @ANYRESOCT, @ANYRES16, @ANYRES8, @ANYBLOB="eae535d4c5cd41b584d3bdb8d3fb3e37666220165c8aec9c235bc9af137d4058a50551a5b228bbbcf6cd1275ef3732adfeaebdf711988cbe9d1da671f8bbaac371392e227f548006163fc9aaf3d55e97410ccacb7df3444c03ac4170da3fbc69ae1c8a590318a7a33a774debbcc54bb6d6025bc65458b94791d5a8bcd898b75cce569e2c6fd55928c5084aab22c8196fb436916cff76302fd8c4b69ca674271f5db630ffad103ad9286287759d0d5470d0b54f701a713e8803665b87799065f31bb0cff21d9c109c1fbfffb640facdacd569f158f694c34ffb4c405b186aa90e8be7b47c56e6e439ae953605d89c131c711ff56f0adb96e5ee0d269b4cfc9d089794f60bdd06e845b5ffdccfefee032ecfd92f6cba5920130f685e807f88de4a2e595ea37f39a92dcbaeb2de15dab62a5a199d4666578eb1707e88ebb0b98140fdb62d60005fd6721f18a2054b2ba2ed308813164f8dbc7e1d26a11a707adc6978a25cca2fca5d62e51794447f656b92f8372ebf98934a0bc057b901080da81ef02ccfa18a29c9b82c90fd38eb554b83428948f3608cd8fd5845bed25a0d96b146f09bd4cce20efc1ecc7bf64bd88e7a460b372a298cb776eb1d78cc334da71dc6056b2d1119cdad3af9092a42c184e9d487076399f0be65a442fdc06901089e6b5178ecb57aa4b98ff1f538696e8510551dbb5cbd36b125efa2a3e719f22b96eeec80a178dae9c894a7dd170419c33817baedfc132cde868a1c55192b9c8a332772fc40fed9f6fee1aea0e2001752caeb58afb55ea7c421cd0eb5e6ea301f8e2f6b68484849f5d3e7bd1b4aa865d2cd049dfc773bb4281f5f8dd2a3f1563c8cd3655dd9e391424151dadf7415afb242cb99b9b9541b6780beafc6a8c2c0bd109749dde1e8535040d8d2cda8393abaa6cdae24e13917e867d6d301f6f39619bcbd70acc747e093ef3c22f0b1a8b8a4d8bd11bc19c7102e11a8603d563507423c96d1653a42d02ff1ee390934927f037d2022cbbf86cb605e82e2b6e2c2fa1d523f72b47738f318836defed1f898271bdd4fcbe7863e5aa7c7e468d9bad908de3c6851c696df710da87771840f46e63fc4c3d5d9b13b663ed2fef2e56a8690cdee9e6ac0a9824c9fe458ad29614f9485f9c18caf2d5c229f24a220ab84daa26ddb2a0d4059b43e073b703148d82fe4d91ae24db7224df2ee4e10d596846466d6a62faa9da7d24f9dd1e3b5cc291f4840b6603d1173204a452a9b05a5efcf4f9e09c2a3c38f2fd49322e718ddc8278ea182a359043387705c0be61be7e62ba7bb85dfa0f24400f89087f78d84d2296844944d186fb55045eb016dd3d602c85211d7b19dbebe3247313283da5bcbba09a3a74c590fdce8cdbef49a73b11413a9df4aaefc356e94f838cef801ba2380d7e5fdc8865140311f071c82bc1482c2033b8ad70d08a5a71e1c949f93cd8743b0bd4eefdaf45f5246efcf800444c8e9b8c2a01b76b6eb4e0639ee7381971172c53e165f14946fb56896e40424a3b981d97b4b01504806d797bb9e3405a7326d2ba7bfa6efc923c4c68d0165aea2d80ae953c7e2ec6534d0da7c28bbe255d81097e84254ff7bd065caa84fa7455885e1b28ab7d6243d0f02903860049935a764ebfe5384bdf9ae0b71f1641e457780da2071a84937dd88d2e4aec7ddaab66e335887f555a724ad9692ee996521ccaa35e2358aea1ab6a8c9845af8af552520fdec7ecb635d230074aa532c3efe6677c79b1328451a779501eccb4c11750744cfce16ba2ced0fc6dd2b75a5ff1770f3851c93bcf8850adf496012d94b8dd6a00d1f9f0c96989979b89838a29875072e0b678a2a55338f21625165c350134d7cb9119ac4dcc77f13a153fe6819d1bdc6b357e93531a68813913daf65d2e62d4bd09da6bb16e8d686518f6faff70dc0804b4b6810117d8698a4d27f0482f9adf9be3aae179dbcad90ab1fbd6b1ba15cdc78ee7686bd15a8fe1cf5af00fcc0a6981a77ac5c3485518921a1b4ea90b02e0059c2c71850d517bddc12bd61a5571da765a34b53e5f06a2b8bb122bf9d642f1ad50a0eb7afe34ef6fd2474d25f314adbf276a895b80b8de6e31eaee5fe4544f4709bf6416f26ec52d517dd3a350cb68df6791dc671495e0f056de8b158095b32ec8b43f65b1f3110cf7da37d2383e99a5bd9a0e0d5684a5b15246170bd11909ef22ee740aa5556dbc0f9dacc8ce440c137bf0ec673651067ef1146004701376116986c49b10226141bea12f679c3f53eaea945b1bb92e6c922a85a2221f768ff4f1c188dc82f9e8d947e140f43c4950430f88a47fb15dcd8ef8491ff08d7b287b280eab99e44a7fba6d4fe20fcb2c2cfa1a6f4d59b51755e66a3d9a325a08a286185c2bdac8c8c2910ed3ff8e047f28b2bf1827e0829f8ec8459241300583f1880c96b2e405b253af5f7e9ee91e34c3fa2cd5c53a71bc3b4b1a5741c17a7b73c8e7d3e8ec9e51a90772b8eb38f23fcb9e07eff8b0f68d4f7d4d68bfb8fbc8d90be681166fe5ed220e3a425c65c0e678e8b7470a99d7fccc7a3be07189ee02e1f8c81549b0b8c0113ef602d10d5d2429e8b60fa5aaddd55cb86141609bae35c185c5ad743d0fb0a1244ba6d67755e46073f3d428926c0d9033f8180120deab78a4b42664e36b6723039457195bff897760ede28bf2661a95715dd20bc744ae2a06bcb12ef8b7a373f3a5557f20256446ba95d45b7810d68494f954d1802aa8986279adc368c2365168c0619bc8952ec6ac60840d9968302edb8809d36f6b0c83dc6941193fb8eb2adcef36db70cbe51fd533ee108eaedebc05ab363058feecfb51e294419695019d0ba50a660ecbe3fd1b43ac973141b7e4c423c062f63ad24468ca79740502716b10a823821429d53f34409cc0757587a5de21663c33a8b194c988a3c209cec76b9fc18805649d9cc109635271c968972f4328e561b562ad6c32a71b269718a303ae3635e5b06717152817a11589d3efa0f803d7bb560c08132827333ada867d1a870e2feb3a5e7851363fc333bb681018764aab63eb740978994f62ec3147d4d6a40e099ada0c50c1a5f6a8196549be226508055aef349c76af40596f6c9b7217423628bb6dc07d9382f6d4c87c962ec97bee6384ba3e2522b76ee8619093500a75bcc8fd0fb9bb5093650ec0ca9c867a22260e2668ecf46047e3df87f5d82d992a558e45fb852be616c030edf6aeeae70848403dc1166e6a16776e8660f90449f297224f667563850480f259f6a59039b1a3ea5488971b5e4bcbf380c527c937055dbf4f5a676bacc09f4dde33c50a1286f6024980df1064a9dc4b3f101b129fa1fc141e54f52d4b7322a0cb1c2567205016f5ede0794122fcaa2d11fa77f5fddb3a5f3c7b3d85f0cb6f32cd11d752f755687fb8d93d40711a4c8873ec7c794f0f781bb9c10f9df22fa8f40cca06a48c37e66ea4480fcdd686526be62915ebe36e0bdf7dafd3940f698469ecdc792ca6105a37499a19382247a85bb734e4ba325dd307be8444b5860f99f9dbc7aa28c26747c89041bde3c10c459406786e10792078a52f4bcc32aff61b3f5798cb5dc2927f260f70a41d8e5fc38498b02d0053a86ae408d2efdc1aca9a8508ef9128dfd1fc6a92ba72f940ee469a3111e2cf6c28e77e5a206db6f09139db812fa4e4cfe33c8d184e4763bd8e54e0e473346215b8905d101463dd2ca855747c81c7ffd6c2625e0b59273a9516ec96a5cd8d9078c974980a16b6b87563986ba287821cd41f417792e42dd24e796e313b9cd943f1b9dd6ee35676ff4ad46dbd52db83abbc78f5dad11b6e7bd09a4ace8c246d0a52c36dcb1f0c6025f6ed2868f4b918b6e4e645c63689b7e7bc369dbe44725993b3b43f4572a7136b6e610adc161f45fc307c0937f2338ebc4fd571852b229b80ccd071e1a29c927f88b8b45efa503691758125d29463e742e2ef508babf30ae39ff8bb3a94cfee379f84348c002fdef77b410bee9f47f8119388b3fc159b409b9d9c9af97a4b75c38ca5fc0665cd975df293370de64714cefdd470c1d05a5d3e0f257182889d7a2d797ebf42d6935d1c6b5ef8cd1e2783cef3a316dbd4768510f26ee5b1c481bcac3e1608458d4b5ec6411cb3c921a131140440561931ca51b92231de91d1f950d992eec74c6500a6ecc9e8bc26eec367dba82720accd6dee234db88c132ec649baeef23a16ebb18c8e5b68b95aac984d8322a01b39636baf16911e458242730ea8b22c686bd01bc451e91c34f81fafe88485bbe97ec99299940ca897c3f802d080ecf8ca7e5032c728b8b33f162ab26a6805db239b88103c19ff8160a28268f8f7ac66593c67251fb0f3fa3004d5ad08107f48e0ecc1e4e910554f49ca72e3fd7e212d828fc3c0c40203e4642a3a372f36cfd13a037fd4dd107d6b386659b379c4c41813c8599cb71fd08e4b80f22dbb088d3d0257f30493b1c4d54201a00e049d998d291ecb659e65e2eed9776b367afc9b84b03957701bcbef289b0eea8e5722a63e1bd748d5af209c5ebff7df185d0d68e7ceabbf9a63bba55946cd3b52a09383fd9b9d2d956dc4e5af16986c5600dfd0db89e0e478420557d001c3716350c3e6ba0bbec1e5888435d296d8666f455d22205ea407a95eb60bc68a184e95ae3259f3783c594d3e550c018369df677ea11a37c757a3bd3c19eb257f5e228ad760562e431754a0c620004548962c3a4fb42d49259dafc1b9d365323fa2ace81876728a24f70b06e1198d5f863bfd00a04d5393b3adb15f4191d374c607c7ccb6b7ef84303454b6655392a23dccca41f55cb314a3bfbb637f57178cc9df4fe0645a8dc1ca0386d1fb0ff2cfc3e149991f97264d893fba0b013c027ce753c3e1f907a2988b1507eecd0e5e26368155ff5c55f616ffec31a613be450ee048955a46d68c272aa53f1db6ce199e2765f4be20933799d96f13b3a65f33cb60da1929023ff5d820172c423f83210a992264a37854033cd43c88129fabb5146367d2b748d84be96dc3a4ad95279ec7ed78dcb57056597a9f46a948708b0e9915b22f28216d94554db2082f4b9782a5802bf6700ef9017168a68304b6573f46c78a0a3be302e096b4f5b87313a2ef9a2b5f51956d9e315b08ee89a59aeec225227f3ece808c451e1103df7887f944138af1b93235bc93121fb84591d065d5f245c035c238a1c30d510be5db14725148919e8d57f1e3a36ead8be870e2505e3c9935c4461741c4a8dc4dff7e0e042167a7228bf218c9d8dd9c0be9e5ff4a79968d8f34cfc3206e0ade5889e9c5e44c918ed3755063d4148e7f1da9d2ce7aa45b9fc873f85cb92160b8a4d5b219884d0c43cc1194259ec4a6127887470d2fabbc1983b1bcc51e931f131d1238333c09740b43802fc5b1c01a942c5d08693b81e59429cb7d49f454f517cddc160d563a243182083008f2481e35312b4b35a2688468f18f4733f4b40d2f298c0b88ec2ad51e2efa509905233e3bbb9e172a1e697ab379f500c8c791aa97623bc8faa7f0468e02e6bc6f9bc40c75b4c01b92731fc371ad7c90928bead62a74580bb2d0aa1d8972fa857766ebe8aa00cd9eae79a591ea3e87a5ce636dc865b992c98a6fafe478973665936ad477558dac400fe179e86e6fef41aa074d0812f0c14f3992edb76358d02a2b763512ca9abc0940dd711670deb4d9abf196de9106efa5e1c14a673de86193908206ab9f72afd6ef1b05355f06ad0b9bc83750bb196654566b56e13e6e820d12bc34920b45c3"], 0xfd, 0x200, &(0x7f00000002c0)="$eJzskr9rFEEUx7+zO3fuaUIOORBFEDVoLJLbbDT+KBRsDCoIohADgsfdJS5u/JE90DsOXKsUNoIiJIiFIElhIf4DLqiN2CgEuxBJnSKFjSSsvNm3mwnY28ynuO/NvLfvve/M3A4fhDsAbK5360AZhEQF338JSAAHhNpCw07VYb3MWuT4BSvVmPUP6+bJzvgEIPxDy6NWvKdxUJTRU/n9dQV19N3E6deX3v24WnixtHvt7UfKv3i9/QHiaKPvzav3z87P9ary4saEXseO9887VAjA843x5RW5165ktfxoiVoXkPFyEsKddwAMfR6cO+v2PrW4Ztju3KkFQXMmPPfEwppq9XO9W6c/twAkBPsbA6DnkP1FzqG9fRK4BsBGkudIbFFtTd+vhu3OoD9dm2pONe963sioe9x1T3jVST9ouvQLcDf1OZ8gSI8BoGsq0QhCxXdRbINzdmI7VIfmivK496XE45fQrRe1qxs4jHRb65fZylQgZluOmgPKKlk+Ajrah5HQdvtVFQllbAwCNi+GpTZf2stRgaFP94LGLMgbf7YAmdcYXkUhX3j6YuRU5hCzrP3YujFigXWVNXvR2UuVqoLF73kgAop4VGu1kiR5jMUeXPmWRmhvxivm/8qRfmDUtWxvN3fG/setGAwGg8FgMBgMBsN/4m8AAAD//4Hjlpw=") open(&(0x7f0000000140)='./file2\x00', 0x0, 0x0) 2m27.091686946s ago: executing program 1 (id=1565): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="5000000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0c59eb3100000000300012800b0001006272696467650000200002800800150088a8ffff05000700070000000a0014000180c2"], 0x50}}, 0x0) 2m12.041027497s ago: executing program 32 (id=1565): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="5000000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0c59eb3100000000300012800b0001006272696467650000200002800800150088a8ffff05000700070000000a0014000180c2"], 0x50}}, 0x0) 2.931994221s ago: executing program 0 (id=3470): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000078000000090a010400000000000000000100fffd08000a40000000000900020073797a31000000000900010073797a300000000008000540000000253c0011800a0001006c696d69740000002c0002800c000240000000000000000308000440000000010c000140fffffffffffff7ff080003"], 0xc0}, 0x1, 0x0, 0x0, 0x40c0}, 0xc4) 2.741605488s ago: executing program 0 (id=3475): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000024c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000038000000030a01040000000000000000010000010900030073797a32000000000c00024000000000000000010900010073797a300000000054000000060a01040000000000000000010000000900010073797a310000000008000b40000000030c000640000000000000000314000480100001800b0001007470726f787900000900010073797a30"], 0x7904}, 0x1, 0x0, 0x0, 0x4040}, 0x0) 2.454333753s ago: executing program 0 (id=3479): r0 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) preadv(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x1, 0xd) 2.243467062s ago: executing program 0 (id=3482): r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0xac, 0x9b, 0xcc, 0x20, 0x18d1, 0x1eaf, 0x5abb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x7, 0x0, 0x80, 0xb, [{{0x9, 0x4, 0xbb, 0x6, 0x1, 0x3a, 0xe5, 0x4, 0x0, [], [{{0x9, 0x5, 0x7, 0x0, 0x20, 0x5, 0x0, 0xce}}]}}]}}]}}, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000e80)={0x44, &(0x7f0000000a00)={0x40, 0xd, 0x2, "def0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.968703796s ago: executing program 5 (id=3486): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x40, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_ADDRESS={0xa}]}, 0x40}}, 0x0) 1.448856132s ago: executing program 2 (id=3492): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x3a) 1.414401545s ago: executing program 5 (id=3493): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f0, 0x0, 0xc8, 0x8, 0x1c0, 0x5803, 0x320, 0x2e8, 0x2e8, 0x320, 0x2e8, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, [], [], 'erspan0\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1c0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1}}, @common=@inet=@socket3={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x13}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x450) 1.411966835s ago: executing program 3 (id=3494): r0 = fsopen(&(0x7f00000000c0)='virtiofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='dax\x00', &(0x7f0000000040)='\x00\x80', 0x0) 1.253568329s ago: executing program 2 (id=3496): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x300, 0x0) ioctl$PTP_SYS_OFFSET_EXTENDED(r0, 0xc4c03d09, 0x0) 1.203025343s ago: executing program 3 (id=3497): mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) move_pages(0x0, 0x2, &(0x7f0000000000)=[&(0x7f00003fb000/0x3000)=nil, &(0x7f0000025000/0x2000)=nil], 0x0, &(0x7f0000000040), 0x2) 1.083123484s ago: executing program 5 (id=3498): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000004c0)={[{@resuid}, {@init_itable}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) 1.082608744s ago: executing program 4 (id=3499): openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x121880, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x121880, 0x0) 954.988725ms ago: executing program 2 (id=3500): r0 = socket$inet(0xa, 0x801, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000a00)=@mangle={'mangle\x00', 0x44, 0x6, 0x460, 0x98, 0x160, 0x160, 0x0, 0x220, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x6, 0x0, {[{{@ip={@broadcast, @dev, 0xff, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x98}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00', {0xff}, {}, 0x6, 0x0, 0x40}, 0x0, 0x98, 0xc8, 0x0, {}, [@common=@unspec=@state={{0x28}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@private=0xa010102, @multicast1, 0xffffffff, 0xff000000, 'veth1\x00', 'veth1_to_hsr\x00', {0xff}, {0xff}, 0xff, 0x1, 0xc}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}]}, @TTL={0x28, 'TTL\x00', 0x0, {0x2, 0x7}}}, {{@ip={@rand_addr, @local, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00', {0xff}}, 0x0, 0xb8, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@socket0={{0x20}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xffff]}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4c0) 904.12529ms ago: executing program 3 (id=3501): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6, 0x8}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xc, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x14}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 857.813973ms ago: executing program 4 (id=3502): syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000740)='./file0\x00', &(0x7f0000000780)='system.posix_acl_access\x00', &(0x7f0000000dc0)={{}, {0x1, 0x6}, [], {}, [{0x8, 0x3, 0xffffffffffffffff}], {0x10, 0x2}, {0x20, 0x1}}, 0x2c, 0x1) 802.975349ms ago: executing program 4 (id=3503): r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000140)={0x0, 0x3, 0x2018}) 738.451774ms ago: executing program 3 (id=3504): r0 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0x22, &(0x7f0000000000)={{0xa, 0x4e21, 0xffff8000, @mcast1, 0x8}, {0xa, 0xffff, 0xfffffffe, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x0, {[0x6, 0x3cecb818, 0x101, 0xfffffefc, 0x2d, 0x1, 0x0, 0x200003]}}, 0x5c) 637.636893ms ago: executing program 2 (id=3505): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x203, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4400, 0x100}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @erspan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @empty}]}}}]}, 0x3c}}, 0x0) 595.764957ms ago: executing program 5 (id=3506): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="280000006a0005022abd700001dcdf25000000000000000008000500", @ANYRES32=0x0, @ANYBLOB="08000a00fbffffff"], 0x28}, 0x1, 0x0, 0x0, 0x4004011}, 0x0) 595.193917ms ago: executing program 4 (id=3507): socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_timeval(r0, 0x1, 0x1c, 0xffffffffffffffff, &(0x7f0000000000)) 502.341805ms ago: executing program 3 (id=3508): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000004500000002"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 406.474684ms ago: executing program 4 (id=3509): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0xd0, 0x43, 0xa0, 0x188, 0x98, 0x188, 0x178, 0x178, 0x188, 0x178, 0x49, 0x0, {[{{@ip={@local, @local, 0x0, 0xff000000, 'veth0_to_bond\x00', 'veth1_vlan\x00'}, 0x12a, 0x70, 0xd0, 0x0, {0x0, 0x7a010000}}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x4, 0x6, 0x5, 0x1, 0x6], 0x4, 0x3}, {0xffffffffffffffff, [0x4, 0x1, 0x6, 0x3], 0x5, 0x6}}}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x280) 400.741584ms ago: executing program 2 (id=3510): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x55c, 0x101180) ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f0000000040)={0x10, 0x0, 0x0, 0xfffffffe, "0020882000002000201b14700c1e0ac74f000000001200001000000900"}) 336.87765ms ago: executing program 0 (id=3511): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="180000001814010000e9ffffffffffff070001"], 0x18}}, 0x0) 288.015514ms ago: executing program 5 (id=3512): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) write$sndseq(r0, &(0x7f0000000000)=[{0x6, 0x78, 0x0, 0x1, @tick=0x1f4, {}, {}, @quote={{0x8, 0x9a}, 0x4}}], 0x1c) 148.198536ms ago: executing program 4 (id=3513): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000000)={'tunl0\x00', &(0x7f0000000180)={'erspan0\x00', 0x0, 0x0, 0x8, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x5e55b37311de6d89, 0x0, @empty, @multicast1, {[@ra, @rr={0x7, 0x0, 0x4, [@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @broadcast, @multicast2, @rand_addr=0x64010100]}]}}}}}) 137.183057ms ago: executing program 5 (id=3514): r0 = openat$sequencer(0xffffff9c, &(0x7f00000000c0), 0x101003, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000040)=@s={0x5, @SEQ_MIDIPUTC=0xfc, 0x0, 0x80}) 107.96266ms ago: executing program 3 (id=3515): r0 = socket$inet(0x2b, 0x801, 0x0) setsockopt(r0, 0x0, 0x82, 0x0, 0x0) 94.827021ms ago: executing program 2 (id=3516): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000980)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f0800", 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 0 (id=3517): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c00000002060500000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900020073797a3000000000200007800c00018008000128000000000800080000000000080006400000000005000500020000000500010006"], 0x6c}}, 0x0) kernel console output (not intermixed with test programs): ed filesystem without journal. Quota mode: writeback. [ 195.661479][ T4354] usbhid 3-1:0.0: can't add hid device: -71 [ 195.674393][ T4354] usbhid: probe of 3-1:0.0 failed with error -71 [ 195.685267][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 195.686664][ T4354] usb 3-1: USB disconnect, device number 11 [ 195.799091][ T22] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 195.881421][ T9837] binfmt_misc: register: failed to install interpreter file ./file0/../file0 [ 196.003163][ T22] usb 4-1: Using ep0 maxpacket: 32 [ 196.016124][ T22] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe [ 196.045786][ T22] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.066296][ T22] usb 4-1: Product: syz [ 196.076440][ T22] usb 4-1: Manufacturer: syz [ 196.098030][ T22] usb 4-1: SerialNumber: syz [ 196.124203][ T22] usb 4-1: config 0 descriptor?? [ 196.341546][ T22] snd-usb-6fire 4-1:0.0: unknown device firmware state received from device: [ 196.363833][ T22] eb aa 3b 80 9b e4 7a f0 [ 196.379310][ T22] snd-usb-6fire: probe of 4-1:0.0 failed with error -5 [ 196.573389][ T22] usb 4-1: USB disconnect, device number 9 [ 196.633022][ T9875] loop2: detected capacity change from 0 to 4096 [ 196.697476][ T9875] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 196.882071][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 197.208866][ T22] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 197.422413][ T22] usb 5-1: Using ep0 maxpacket: 16 [ 197.433625][ T22] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 197.473924][ T22] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d [ 197.506182][ T22] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.532283][ T22] usb 5-1: Product: syz [ 197.543532][ T22] usb 5-1: Manufacturer: syz [ 197.558570][ T22] usb 5-1: SerialNumber: syz [ 197.578540][ T22] usb 5-1: config 0 descriptor?? [ 197.607984][ T22] gspca_main: STV06xx-2.14.0 probing 046d:08f0 [ 197.636865][ T22] gspca_stv06xx: st6422 sensor detected [ 197.749939][ T9944] ubi5: attaching mtd0 [ 197.767718][ T9944] ubi5: scanning is finished [ 197.794594][ T9944] ubi5: empty MTD device detected [ 197.823892][ T9947] tmpfs: Bad value for 'mpol' [ 197.928963][ T9944] ubi5: attached mtd0 (name "mtdram test device", size 0 MiB) [ 197.936795][ T9944] ubi5: PEB size: 4096 bytes (4 KiB), LEB size: 1689 bytes [ 197.963277][ T9944] ubi5: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 198.009588][ T9955] netlink: 'syz.3.1732': attribute type 10 has an invalid length. [ 198.017483][ T9955] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1732'. [ 198.027424][ T9944] ubi5: VID header offset: 2343 (aligned 2343), data offset: 2407 [ 198.049411][ T9955] bridge0: port 3(veth0_vlan) entered blocking state [ 198.056336][ T9955] bridge0: port 3(veth0_vlan) entered disabled state [ 198.064039][ T9944] ubi5: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 198.073270][ T9955] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 198.090439][ T9944] ubi5: user volume: 0, internal volumes: 1, max. volumes count: 9 [ 198.100227][ T9944] ubi5: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2889436139 [ 198.111872][ T9944] ubi5: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 198.121263][ T22] STV06xx: probe of 5-1:0.0 failed with error -71 [ 198.144909][ T22] usb 5-1: USB disconnect, device number 10 [ 198.169118][ T9952] ubi5: background thread "ubi_bgt5d" started, PID 9952 [ 198.772117][T10021] loop3: detected capacity change from 0 to 128 [ 198.842531][T10021] EXT4-fs: Ignoring removed nobh option [ 198.873214][T10021] EXT4-fs (loop3): Test dummy encryption mode enabled [ 198.895253][T10021] EXT4-fs (loop3): can't mount with journal_checksum, fs mounted w/o journal [ 199.121260][T10038] loop4: detected capacity change from 0 to 4096 [ 199.131646][T10038] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 199.206738][T10050] netlink: 'syz.0.1748': attribute type 29 has an invalid length. [ 199.218551][T10050] netlink: 'syz.0.1748': attribute type 29 has an invalid length. [ 199.238887][ T4255] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 199.434702][T10054] xt_CT: You must specify a L4 protocol and not use inversions on it [ 199.445241][ T4255] usb 4-1: Using ep0 maxpacket: 8 [ 199.460256][ T4255] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 199.487343][ T4255] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 199.508486][ T4255] usb 4-1: config 0 has no interface number 0 [ 199.544487][ T4255] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 199.571163][ T4255] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.608750][ T4255] usb 4-1: Product: syz [ 199.615030][ T4255] usb 4-1: Manufacturer: syz [ 199.649461][ T4255] usb 4-1: SerialNumber: syz [ 199.679956][ T4255] usb 4-1: config 0 descriptor?? [ 199.728200][T10067] netlink: 'syz.2.1753': attribute type 1 has an invalid length. [ 199.943374][ T4255] usb 4-1: USB disconnect, device number 10 [ 200.140397][ T4274] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 200.151235][ T4274] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 200.160852][ T4274] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 200.179808][ T4284] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 200.197901][ T4284] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 200.205471][ T4284] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 200.557392][T10083] chnl_net:caif_netlink_parms(): no params data found [ 200.611576][T10059] loop4: detected capacity change from 0 to 32768 [ 200.864529][T10083] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.884148][T10083] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.910899][T10083] device bridge_slave_0 entered promiscuous mode [ 200.920475][T10083] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.927696][T10083] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.958563][T10225] loop3: detected capacity change from 0 to 256 [ 200.959869][T10083] device bridge_slave_1 entered promiscuous mode [ 201.080282][T10225] FAT-fs (loop3): Directory bread(block 64) failed [ 201.104335][T10083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 201.113966][T10225] FAT-fs (loop3): Directory bread(block 65) failed [ 201.128179][T10225] FAT-fs (loop3): Directory bread(block 66) failed [ 201.142397][T10083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.151980][T10225] FAT-fs (loop3): Directory bread(block 67) failed [ 201.170770][T10225] FAT-fs (loop3): Directory bread(block 68) failed [ 201.212986][T10225] FAT-fs (loop3): Directory bread(block 69) failed [ 201.233320][T10225] FAT-fs (loop3): Directory bread(block 70) failed [ 201.249645][T10083] team0: Port device team_slave_0 added [ 201.255845][T10225] FAT-fs (loop3): Directory bread(block 71) failed [ 201.265358][T10083] team0: Port device team_slave_1 added [ 201.271825][T10225] FAT-fs (loop3): Directory bread(block 72) failed [ 201.282714][T10225] FAT-fs (loop3): Directory bread(block 73) failed [ 201.318190][T10083] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.320896][T10264] loop0: detected capacity change from 0 to 2048 [ 201.331067][T10083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.397349][T10083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.423213][T10083] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.432199][T10083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.475339][T10284] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 201.545455][T10264] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 201.556937][T10083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.613201][T10264] Remounting filesystem read-only [ 201.630448][T10264] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 201.659225][T10264] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 201.679621][T10264] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 201.719508][T10264] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 201.744274][T10083] device hsr_slave_0 entered promiscuous mode [ 201.751745][T10264] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 201.791629][T10264] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 201.816681][T10083] device hsr_slave_1 entered promiscuous mode [ 201.822285][T10264] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 201.859150][T10083] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.867045][T10083] Cannot create hsr debugfs directory [ 201.899019][T10264] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 201.938976][T10264] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 201.978105][ T27] audit: type=1800 audit(201.936:2489): pid=10264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1768" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 202.041734][T10186] loop2: detected capacity change from 0 to 32768 [ 202.132361][T10186] ERROR: (device loop2): dbAlloc: the hint is outside the map [ 202.132361][T10186] [ 202.140460][T10369] genirq: Flags mismatch irq 4. 00000000 (pcl818) vs. 00000000 (ttyS0) [ 202.196987][T10186] ialloc: diAlloc returned -5! [ 202.309138][ T4284] Bluetooth: hci5: command 0x0409 tx timeout [ 202.561835][T10083] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 202.597505][T10083] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 202.620041][T10417] ubi: mtd0 is already attached to ubi5 [ 202.652589][T10083] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 202.683045][T10083] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 202.721473][T10422] loop0: detected capacity change from 0 to 64 [ 202.825193][T10430] loop4: detected capacity change from 0 to 1024 [ 202.878244][T10430] EXT4-fs: Ignoring removed orlov option [ 203.001003][T10430] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 203.056968][T10442] xt_CT: You must specify a L4 protocol and not use inversions on it [ 203.078170][T10083] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.116343][T10083] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.135475][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.149241][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 203.229107][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 203.245468][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 203.279254][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.286477][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.299344][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 203.313595][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.337379][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.364739][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.372004][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.401549][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 203.439998][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.470945][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 203.515712][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 203.601597][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.614158][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 203.634452][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.673594][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.707468][ T4267] cgroup: fork rejected by pids controller in /syz2 [ 203.720939][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 203.728836][T10468] ubi: mtd0 is already attached to ubi5 [ 203.759281][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 203.794124][T10083] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 203.876908][T10083] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 203.902121][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 203.966012][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 204.389186][ T4284] Bluetooth: hci5: command 0x041b tx timeout [ 204.410002][T10502] loop0: detected capacity change from 0 to 1024 [ 204.490904][T10502] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 204.546468][T10502] EXT4-fs error (device loop0): ext4_get_journal_inode:5756: inode #32: comm syz.0.1797: iget: special inode unallocated [ 204.575477][ T46] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.599470][T10502] EXT4-fs (loop0): no journal found [ 204.604857][T10502] EXT4-fs (loop0): can't get journal size [ 204.623993][T10502] EXT4-fs (loop0): filesystem is read-only [ 204.676062][T10502] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 204.753727][T10502] EXT4-fs error (device loop0): ext4_lookup:1850: inode #2: comm syz.0.1797: bad inode number: 15 [ 204.814285][ T46] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.059939][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 205.268584][ T46] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.366003][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 205.424846][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 205.454642][T10083] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.583791][ T46] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.776754][ T4281] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 205.788015][ T4281] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 205.797857][ T4281] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 205.806162][ T4281] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 205.814573][ T4281] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 205.826246][ T4281] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 206.153031][T10562] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 206.198340][T10562] Cannot find del_set index 43 as target [ 206.468928][ T4281] Bluetooth: hci5: command 0x040f tx timeout [ 207.373350][T10647] device netdevsim0 entered promiscuous mode [ 207.407827][T10530] chnl_net:caif_netlink_parms(): no params data found [ 207.633902][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 207.657268][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 207.745373][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 207.769603][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 207.819539][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 207.869605][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 207.902468][T10083] device veth0_vlan entered promiscuous mode [ 207.909163][ T4281] Bluetooth: hci1: command 0x0409 tx timeout [ 208.045377][T10083] device veth1_vlan entered promiscuous mode [ 208.133699][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 208.310379][T10725] netlink: 136 bytes leftover after parsing attributes in process `syz.0.1826'. [ 208.340056][T10725] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 208.549231][ T4281] Bluetooth: hci5: command 0x0419 tx timeout [ 208.587988][T10083] device veth0_macvtap entered promiscuous mode [ 208.626545][T10530] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.670762][T10530] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.695495][T10767] loop0: detected capacity change from 0 to 256 [ 208.698032][T10530] device bridge_slave_0 entered promiscuous mode [ 208.728053][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 208.746389][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 208.805476][ T27] audit: type=1326 audit(208.766:2490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10771 comm="syz.3.1833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 208.832950][T10767] FAT-fs (loop0): Directory bread(block 64) failed [ 208.843797][T10530] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.865182][T10767] FAT-fs (loop0): Directory bread(block 65) failed [ 208.868765][T10530] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.894583][ T27] audit: type=1326 audit(208.766:2491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10771 comm="syz.3.1833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 208.907842][T10767] FAT-fs (loop0): Directory bread(block 66) failed [ 208.936817][T10530] device bridge_slave_1 entered promiscuous mode [ 208.975077][T10083] device veth1_macvtap entered promiscuous mode [ 208.989603][ T27] audit: type=1326 audit(208.766:2492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10771 comm="syz.3.1833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 208.991502][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 209.025572][T10767] FAT-fs (loop0): Directory bread(block 67) failed [ 209.042544][T10767] FAT-fs (loop0): Directory bread(block 68) failed [ 209.067438][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 209.069004][T10767] FAT-fs (loop0): Directory bread(block 69) failed [ 209.107116][T10767] FAT-fs (loop0): Directory bread(block 70) failed [ 209.114873][T10767] FAT-fs (loop0): Directory bread(block 71) failed [ 209.125584][T10767] FAT-fs (loop0): Directory bread(block 72) failed [ 209.137276][T10767] FAT-fs (loop0): Directory bread(block 73) failed [ 209.194181][T10530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.243808][T10530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.426967][T10530] team0: Port device team_slave_0 added [ 209.567938][T10828] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1837'. [ 209.737377][T10530] team0: Port device team_slave_1 added [ 209.850452][T10530] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.903545][T10530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.989144][ T4281] Bluetooth: hci1: command 0x041b tx timeout [ 210.077149][T10530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.114612][T10083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.151089][T10083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.218722][T10083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.249548][T10881] mmap: syz.4.1844 (10881): VmData 37445632 exceed data ulimit 2. Update limits or use boot option ignore_rlimit_data. [ 210.268934][T10083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.310101][T10083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.325621][T10083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.362551][T10083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.384611][T10083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.415464][T10083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.464688][T10083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.493018][T10083] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.733495][T10530] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.742962][T10530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.763079][T10904] loop3: detected capacity change from 0 to 256 [ 210.769161][ C1] vkms_vblank_simulate: vblank timer overrun [ 210.850580][T10530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.887917][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 210.914323][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 210.952701][T10083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.018388][T10083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.058810][T10083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.096556][T10083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.117832][T10083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.149482][T10083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.160243][T10083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.172623][T10083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.183132][T10083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.210713][T10083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.232957][T10083] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 211.261985][T10918] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1853'. [ 211.323337][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 211.355447][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 211.495001][ T46] device hsr_slave_0 left promiscuous mode [ 211.518486][ T46] device hsr_slave_1 left promiscuous mode [ 211.549572][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 211.569435][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 211.589437][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 211.596916][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 211.623456][ T46] device bond0 left promiscuous mode [ 211.646633][ T46] device bond_slave_0 left promiscuous mode [ 211.675994][ T46] device bond_slave_1 left promiscuous mode [ 211.694283][ T46] bridge0: port 3(bond0) entered disabled state [ 211.735956][ T46] device bridge_slave_1 left promiscuous mode [ 211.742798][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.789542][ T46] device bridge_slave_0 left promiscuous mode [ 211.796008][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.923999][ T46] device veth1_macvtap left promiscuous mode [ 211.936529][ T46] device veth0_macvtap left promiscuous mode [ 211.944503][ T46] device veth1_vlan left promiscuous mode [ 212.068870][ T4281] Bluetooth: hci1: command 0x040f tx timeout [ 212.165425][T10986] loop0: detected capacity change from 0 to 1024 [ 212.207595][T10986] hfsplus: detected inconsistent attributes file, running fsck.hfsplus is recommended. [ 212.438142][ T46] bond1 (unregistering): Released all slaves [ 212.562815][T11001] xt_TCPMSS: Only works on TCP SYN packets [ 213.131727][ T46] team0 (unregistering): Port device team_slave_1 removed [ 213.185319][ T46] team0 (unregistering): Port device team_slave_0 removed [ 213.235494][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 213.287861][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 213.629112][ T46] bond0 (unregistering): Released all slaves [ 213.746917][T10083] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.756144][T10083] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.765212][T10083] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.775426][T10083] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.791054][T10530] device hsr_slave_0 entered promiscuous mode [ 213.810825][T10530] device hsr_slave_1 entered promiscuous mode [ 213.817526][T10530] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.827474][T10530] Cannot create hsr debugfs directory [ 214.103456][T11052] netlink: 'syz.0.1873': attribute type 3 has an invalid length. [ 214.144582][T10501] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 214.154563][ T4281] Bluetooth: hci1: command 0x0419 tx timeout [ 214.228522][T10501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 214.253268][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 214.355104][ T4330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 214.383029][ T4330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 214.434128][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 214.939019][T11137] ieee802154 phy0 wpan0: encryption failed: -22 [ 215.357594][T11165] usb usb8: usbfs: process 11165 (syz.5.1887) did not claim interface 0 before use [ 215.892784][T10530] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 215.953644][T10530] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 216.032113][T10530] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 216.052883][T10530] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 216.336602][T10530] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.443398][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 216.463419][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 216.492327][T10530] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.540587][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 216.550415][T11233] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 216.571723][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 216.605907][T11233] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 216.609100][ T4330] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.620284][ T4330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.674433][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.748504][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 216.780932][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 216.840372][ T4330] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.847525][ T4330] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.856138][T11250] capability: warning: `syz.3.1904' uses 32-bit capabilities (legacy support in use) [ 216.913355][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 216.955593][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 216.976050][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 217.007436][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.063593][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 217.085300][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 217.118326][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.149079][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 217.201061][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 217.230252][T10530] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 217.322839][T10530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 217.356649][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 217.379439][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 217.421173][T11273] autofs4:pid:11273:autofs_fill_super: called with bogus options [ 218.438154][T11321] loop0: detected capacity change from 0 to 1024 [ 218.528575][T11328] xt_bpf: check failed: parse error [ 218.568792][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 218.576107][T11321] hfsplus: request for non-existent node 211 in B*Tree [ 218.616603][T11334] loop3: detected capacity change from 0 to 256 [ 218.618125][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 218.628843][T11321] hfsplus: request for non-existent node 211 in B*Tree [ 218.702265][T10530] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.749768][T11334] FAT-fs (loop3): Directory bread(block 64) failed [ 218.756364][T11334] FAT-fs (loop3): Directory bread(block 65) failed [ 218.824675][T11334] FAT-fs (loop3): Directory bread(block 66) failed [ 218.847202][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 218.852905][T11334] FAT-fs (loop3): Directory bread(block 67) failed [ 218.870882][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 218.927425][T11334] FAT-fs (loop3): Directory bread(block 68) failed [ 218.946003][T11341] loop5: detected capacity change from 0 to 256 [ 218.966011][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 218.971878][T11334] FAT-fs (loop3): Directory bread(block 69) failed [ 219.024943][T11334] FAT-fs (loop3): Directory bread(block 70) failed [ 219.047869][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 219.066373][T11334] FAT-fs (loop3): Directory bread(block 71) failed [ 219.090713][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 219.106315][T11341] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 219.108504][T11334] FAT-fs (loop3): Directory bread(block 72) failed [ 219.146120][T11334] FAT-fs (loop3): Directory bread(block 73) failed [ 219.162707][T10501] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 219.194577][T10530] device veth0_vlan entered promiscuous mode [ 219.260360][T10530] device veth1_vlan entered promiscuous mode [ 219.374939][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 219.400680][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 219.440900][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 219.489275][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 219.572697][T10530] device veth0_macvtap entered promiscuous mode [ 219.619661][T10530] device veth1_macvtap entered promiscuous mode [ 219.716955][T10530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.755461][T10530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.774570][T10530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.805501][T10530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.818457][T10530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.836858][T10530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.847181][T10530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.873851][T10530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.890427][T10530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.911309][T10530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.934095][T10530] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.956510][T10530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 219.980060][T10530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.038862][T10530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.088945][T10530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.108709][T10530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.126223][T10530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.141431][T10530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.152911][T10530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.163468][T10530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.176607][T10530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.192606][T10530] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.207530][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 220.228377][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 220.250917][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 220.285197][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 220.304904][T10530] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.339219][T10530] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.358265][T10530] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.398821][ T4315] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 220.416764][T10530] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.544963][T11405] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1943'. [ 220.629549][ T4315] usb 4-1: Using ep0 maxpacket: 32 [ 220.643349][ T4315] usb 4-1: config 0 interface 0 has no altsetting 0 [ 220.672663][ T4315] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 220.721398][ T4315] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.751914][ T4315] usb 4-1: Product: syz [ 220.756150][ T4315] usb 4-1: Manufacturer: syz [ 220.782183][ T4315] usb 4-1: SerialNumber: syz [ 220.800993][ T4315] usb 4-1: config 0 descriptor?? [ 220.859494][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.867477][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.935623][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 221.022863][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.059362][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.084092][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 221.134257][T11449] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1950'. [ 221.199059][ T22] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 221.254918][ T4315] gs_usb 4-1:0.0: Couldn't get device config: (err=-71) [ 221.266322][ T4315] gs_usb: probe of 4-1:0.0 failed with error -71 [ 221.307621][ T4315] usb 4-1: USB disconnect, device number 11 [ 221.401912][ T22] usb 1-1: config 0 has an invalid interface number: 31 but max is 0 [ 221.414435][ T22] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.440711][ T22] usb 1-1: config 0 has no interface number 0 [ 221.475681][ T22] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 221.509226][ T22] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.517308][ T22] usb 1-1: Product: syz [ 221.544910][ T22] usb 1-1: Manufacturer: syz [ 221.559986][ T22] usb 1-1: SerialNumber: syz [ 221.588975][T11474] netlink: 'syz.2.1953': attribute type 16 has an invalid length. [ 221.596871][T11474] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.1953'. [ 221.615468][ T22] usb 1-1: config 0 descriptor?? [ 221.635478][ T22] hub 1-1:0.31: bad descriptor, ignoring hub [ 221.642516][ T22] hub: probe of 1-1:0.31 failed with error -5 [ 221.651760][ T22] usb 1-1: Found UVC 0.04 device syz (046d:08c3) [ 221.665719][ T22] uvcvideo 1-1:0.31: Entity type for entity Output 6 was not initialized! [ 221.675631][ T22] usb 1-1: Failed to create links for entity 6 [ 221.695584][ T22] usb 1-1: Failed to register entities (-22). [ 221.778843][ T4315] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 221.878915][T11490] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1955'. [ 221.908554][T11490] netlink: 'syz.5.1955': attribute type 1 has an invalid length. [ 221.981065][ T4315] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 222.019443][ T4315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 222.029080][ T14] usb 1-1: USB disconnect, device number 10 [ 222.068808][ T4315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 222.100354][ T4315] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 222.163620][T11506] usb usb7: usbfs: process 11506 (syz.2.1959) did not claim interface 0 before use [ 222.173911][ T4315] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 222.218683][ T4315] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 222.226932][ T4315] usb 5-1: Manufacturer: syz [ 222.279662][ T4315] usb 5-1: config 0 descriptor?? [ 222.531551][ T4315] usb 5-1: USB disconnect, device number 11 [ 223.003164][T11561] loop0: detected capacity change from 0 to 16 [ 223.048255][T11561] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 223.618388][T11587] IPv6: Can't replace route, no match found [ 223.666280][T11589] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 224.750427][T11642] kernel read not supported for file /  (pid: 11642 comm: syz.0.1992) [ 224.776498][ T27] audit: type=1800 audit(224.736:2493): pid=11642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1992" name=200120 dev="mqueue" ino=49447 res=0 errno=0 [ 225.289779][T11672] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2001'. [ 225.480207][T11672] netlink: set zone limit has 4 unknown bytes [ 225.837976][T11702] xt_socket: unknown flags 0x4c [ 226.775511][T11751] netlink: 'syz.0.2022': attribute type 4 has an invalid length. [ 227.100035][T11775] libceph: resolve '4.' (ret=-3): failed [ 227.258748][T11781] syz.3.2032 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 227.647032][T11805] loop5: detected capacity change from 0 to 16 [ 227.689931][T11805] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 228.119927][T11820] loop2: detected capacity change from 0 to 4096 [ 228.142804][T11820] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512) [ 228.279155][T11836] netlink: 680 bytes leftover after parsing attributes in process `syz.3.2048'. [ 228.690114][T11854] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2054'. [ 229.359702][T11891] netlink: 'syz.2.2066': attribute type 10 has an invalid length. [ 229.538122][T11891] team0: Port device macvlan0 added [ 229.548980][T11901] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2069'. [ 229.826423][T11912] netlink: 'syz.2.2073': attribute type 30 has an invalid length. [ 230.166072][T11937] netlink: 'syz.4.2081': attribute type 8 has an invalid length. [ 230.963938][T11980] loop2: detected capacity change from 0 to 64 [ 230.990933][T11983] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2094'. [ 231.111850][T11992] loop4: detected capacity change from 0 to 64 [ 231.241293][ T27] audit: type=1800 audit(231.206:2494): pid=11992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2097" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 231.356585][T11998] loop0: detected capacity change from 0 to 1764 [ 232.142767][T12055] IPv6: NLM_F_CREATE should be specified when creating new route [ 232.558782][ T4315] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 232.614852][T12085] ipt_REJECT: TCP_RESET invalid for non-tcp [ 232.753641][ T4315] usb 6-1: Using ep0 maxpacket: 8 [ 232.764989][ T4315] usb 6-1: config 0 has an invalid interface number: 31 but max is 0 [ 232.818019][ T4315] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 232.843611][ T4315] usb 6-1: config 0 has no interface number 0 [ 232.879450][ T4315] usb 6-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 232.924766][ T4315] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.968965][ T4315] usb 6-1: Product: syz [ 232.973234][ T4315] usb 6-1: Manufacturer: syz [ 233.016553][ T4315] usb 6-1: SerialNumber: syz [ 233.035857][ T4315] usb 6-1: config 0 descriptor?? [ 233.278141][ T4315] usb 6-1: Found UVC 0.04 device syz (046d:08c3) [ 233.287766][ T4315] usb 6-1: No valid video chain found. [ 233.504316][ T4315] usb 6-1: USB disconnect, device number 2 [ 233.524169][ T27] audit: type=1400 audit(233.486:2495): apparmor="DENIED" operation="change_profile" info="label not found" error=-22 profile="unconfined" name="&" pid=12139 comm="syz.4.2136" [ 233.597752][T12130] loop0: detected capacity change from 0 to 4096 [ 233.689749][ T126] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 233.895820][ T126] usb 3-1: Using ep0 maxpacket: 16 [ 233.904601][ T126] usb 3-1: unable to get BOS descriptor or descriptor too short [ 233.956340][ T126] usb 3-1: config 192 has too many interfaces: 127, using maximum allowed: 32 [ 233.987345][ T126] usb 3-1: config 192 has an invalid interface association descriptor of length 5, skipping [ 234.009767][ T126] usb 3-1: config 192 has an invalid descriptor of length 0, skipping remainder of the config [ 234.061460][ T126] usb 3-1: config 192 has 0 interfaces, different from the descriptor's value: 127 [ 234.086213][ T126] usb 3-1: config 192 has too many interfaces: 127, using maximum allowed: 32 [ 234.096012][ T126] usb 3-1: config 192 has an invalid interface association descriptor of length 5, skipping [ 234.106893][ T126] usb 3-1: config 192 has an invalid descriptor of length 0, skipping remainder of the config [ 234.119771][ T126] usb 3-1: config 192 has 0 interfaces, different from the descriptor's value: 127 [ 234.135358][ T126] usb 3-1: New USB device found, idVendor=03eb, idProduct=7617, bcdDevice= 2.69 [ 234.159491][T12164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2141'. [ 234.178403][ T126] usb 3-1: New USB device strings: Mfr=3, Product=1, SerialNumber=9 [ 234.204506][ T126] usb 3-1: Product: syz [ 234.229000][T12164] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2141'. [ 234.238118][ T126] usb 3-1: Manufacturer: syz [ 234.258838][ T126] usb 3-1: SerialNumber: syz [ 234.519221][ T126] usb 3-1: USB disconnect, device number 12 [ 234.592337][T12184] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 234.722733][T12196] netlink: 'syz.0.2148': attribute type 5 has an invalid length. [ 234.955855][ T27] audit: type=1326 audit(234.916:2496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12204 comm="syz.5.2149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dc0d9c629 code=0x7ffc0000 [ 235.055929][ T27] audit: type=1326 audit(234.916:2497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12204 comm="syz.5.2149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dc0d9c629 code=0x7ffc0000 [ 235.169154][ T27] audit: type=1326 audit(234.916:2498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12204 comm="syz.5.2149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f2dc0d9c629 code=0x7ffc0000 [ 235.195553][T12220] loop4: detected capacity change from 0 to 164 [ 235.298366][ T27] audit: type=1326 audit(234.916:2499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12204 comm="syz.5.2149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dc0d9c629 code=0x7ffc0000 [ 235.426025][ T27] audit: type=1326 audit(234.916:2500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12204 comm="syz.5.2149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dc0d9c629 code=0x7ffc0000 [ 235.448221][ C0] vkms_vblank_simulate: vblank timer overrun [ 237.191025][ T14] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 237.378805][ T14] usb 5-1: Using ep0 maxpacket: 8 [ 237.385850][ T14] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 237.418439][ T14] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 237.449612][ T14] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 237.478753][ T14] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 237.510568][ T14] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 237.568682][ T14] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 237.577843][ T14] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.629375][ T14] usb 5-1: config 0 descriptor?? [ 237.635776][T12312] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 237.878477][T12361] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2196'. [ 237.979812][ C1] Bluetooth: hci6: Unexpected continuation: 1 bytes [ 237.987901][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 237.995203][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.003952][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.011570][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.018751][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.025780][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.032682][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.039558][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.046394][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.054151][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.061531][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.068563][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.077680][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.084722][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.091815][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.100071][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.107040][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.114663][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.121682][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.128933][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.135850][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.143244][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.150527][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.157673][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.164854][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.172148][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.179303][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.186251][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.193176][ T14] usb 5-1: USB disconnect, device number 12 [ 238.193815][ T4284] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 238.208309][ T4281] Bluetooth: hci6: Opcode 0x0c03 failed: -71 [ 238.657137][T12395] netlink: 'syz.5.2204': attribute type 46 has an invalid length. [ 238.689365][T12395] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2204'. [ 239.587567][T12426] loop4: detected capacity change from 0 to 64 [ 239.653068][T12429] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 239.673300][T12426] Trying to free block not in datazone [ 239.706968][T12426] minix_free_block (loop4:21): bit already cleared [ 239.735861][T12426] Trying to free block not in datazone [ 239.834834][T12392] loop3: detected capacity change from 0 to 40427 [ 239.949925][T12392] F2FS-fs (loop3): invalid crc value [ 240.008105][T12392] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 240.085609][T12443] loop4: detected capacity change from 0 to 256 [ 240.127585][T12443] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 240.256371][ T27] audit: type=1800 audit(240.216:2501): pid=12443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2218" name="file1" dev="loop4" ino=1048617 res=0 errno=0 [ 240.272579][T12392] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0 [ 240.315745][T12443] exFAT-fs (loop4): invalid start cluster (4278190088) [ 240.347297][T12392] F2FS-fs (loop3): Start checkpoint disabled! [ 240.451426][T12392] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 241.151972][T12483] overlayfs: unrecognized mount option "smackfstransmute=l-\]\" or missing value [ 241.659925][T12495] loop2: detected capacity change from 0 to 4096 [ 241.729531][T12495] ntfs: volume version 3.1. [ 241.846312][T12495] ntfs: (device loop2): ntfs_setattr(): Changes in user/group/mode are not supported yet, ignoring. [ 241.936894][T12514] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 242.012212][T12514] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 242.066694][T12514] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 242.076991][T12514] device bridge_slave_0 left promiscuous mode [ 242.091978][T12514] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.140592][T12514] device bridge_slave_1 left promiscuous mode [ 242.160852][T12514] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.204987][T12514] bond0: (slave bond_slave_0): Releasing backup interface [ 242.228730][ T126] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 242.279897][T12514] bond0: (slave bond_slave_1): Releasing backup interface [ 242.434167][T12514] team0: Port device team_slave_0 removed [ 242.436603][ T126] usb 6-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0 [ 242.466450][ T126] usb 6-1: config 0 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 242.485674][T12514] team0: Port device team_slave_1 removed [ 242.510389][ T126] usb 6-1: config 0 interface 0 has no altsetting 0 [ 242.523724][T12514] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 242.542700][T12530] loop4: detected capacity change from 0 to 4096 [ 242.547457][ T126] usb 6-1: New USB device found, idVendor=05ac, idProduct=0240, bcdDevice= 0.00 [ 242.559486][T12514] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 242.587217][T12530] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512) [ 242.589871][ T126] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.624239][T12514] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 242.637194][ T126] usb 6-1: config 0 descriptor?? [ 242.655242][T12514] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 242.681481][ T126] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input10 [ 242.867663][ T3622] bcm5974 6-1:0.0: could not read from device [ 242.895218][ T126] usb 6-1: USB disconnect, device number 3 [ 242.904850][ T3622] bcm5974 6-1:0.0: could not read from device [ 242.978762][ T14] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 243.178835][ T14] usb 3-1: Using ep0 maxpacket: 16 [ 243.186244][ T14] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 243.237078][ T14] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 243.277681][ T14] usb 3-1: config 0 interface 0 has no altsetting 0 [ 243.289403][ T14] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice= 2.eb [ 243.319133][ T14] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.369833][T12563] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 243.379754][ T14] usb 3-1: config 0 descriptor?? [ 243.815961][ T126] usb 3-1: USB disconnect, device number 13 [ 243.924083][T12594] loop5: detected capacity change from 0 to 2048 [ 244.001038][T12594] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 244.825923][T12631] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2264'. [ 245.386426][T12651] TCP: TCP_TX_DELAY enabled [ 245.444202][T12611] loop4: detected capacity change from 0 to 32768 [ 245.574695][T12611] jfs_strtoUCS: char2uni returned -22. [ 245.588912][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 245.597580][T12611] charset = cp864, char = 0x9f [ 245.866401][T12668] netlink: 220 bytes leftover after parsing attributes in process `syz.2.2277'. [ 246.245918][T12687] xt_recent: hitcount (134217728) is larger than allowed maximum (255) [ 246.619073][T12701] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0) [ 246.681192][T12707] netlink: 'syz.4.2288': attribute type 2 has an invalid length. [ 246.756538][T12707] netlink: 'syz.4.2288': attribute type 2 has an invalid length. [ 246.778705][T12707] netlink: 'syz.4.2288': attribute type 1 has an invalid length. [ 246.786497][T12707] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2288'. [ 246.850386][T12712] netlink: 220 bytes leftover after parsing attributes in process `syz.5.2291'. [ 247.174509][ T22] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 247.388754][ T22] usb 3-1: Using ep0 maxpacket: 16 [ 247.411118][ T22] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=81.0c [ 247.446502][ T22] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.485684][ T22] usb 3-1: Product: syz [ 247.494187][ T22] usb 3-1: Manufacturer: syz [ 247.514503][ T22] usb 3-1: SerialNumber: syz [ 247.539426][ T22] r8152-cfgselector 3-1: config 0 descriptor?? [ 247.894508][T12765] ip6t_REJECT: ECHOREPLY is not supported [ 248.020383][ T22] r8152-cfgselector 3-1: Unknown version 0x0000 [ 248.059933][ T22] r8152-cfgselector 3-1: USB disconnect, device number 14 [ 248.339409][T12790] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2311'. [ 248.358798][T12790] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2311'. [ 248.473306][T12789] loop4: detected capacity change from 0 to 4096 [ 248.512602][T12789] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 248.599004][T12789] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 248.884540][ T27] audit: type=1326 audit(248.846:2502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12807 comm="syz.3.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 248.988696][ T27] audit: type=1326 audit(248.886:2503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12807 comm="syz.3.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 249.103029][ T27] audit: type=1326 audit(248.886:2504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12807 comm="syz.3.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 249.233310][ T27] audit: type=1326 audit(248.886:2505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12807 comm="syz.3.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 249.491323][ T126] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 249.525191][T12838] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2325'. [ 249.576601][T12838] bond0: (slave bond_slave_0): Slave does not support ipsec offload [ 249.688778][ T126] usb 4-1: Using ep0 maxpacket: 8 [ 249.695848][ T126] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 249.741612][ T126] usb 4-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54 [ 249.771499][ T126] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.791761][ T126] usb 4-1: Product: syz [ 249.802067][ T126] usb 4-1: Manufacturer: syz [ 249.818740][ T126] usb 4-1: SerialNumber: syz [ 249.847604][ T126] usb 4-1: config 0 descriptor?? [ 249.873367][ T126] cdc_phonet 4-1:0.0: skipping garbage [ 249.886695][ T126] cdc_phonet: probe of 4-1:0.0 failed with error -22 [ 249.903487][T12849] loop4: detected capacity change from 0 to 2048 [ 249.952743][T12849] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 250.120566][ T126] usb 4-1: USB disconnect, device number 12 [ 250.917353][T12902] loop0: detected capacity change from 0 to 1024 [ 251.348464][T12933] netlink: 'syz.4.2351': attribute type 2 has an invalid length. [ 251.464566][T12924] loop5: detected capacity change from 0 to 4096 [ 251.503010][T12924] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 251.507699][T12933] device .*! entered promiscuous mode [ 251.551744][T12934] loop2: detected capacity change from 0 to 4096 [ 251.644186][T12934] ntfs: volume version 3.1. [ 252.501577][T12984] loop0: detected capacity change from 0 to 256 [ 252.604734][T12984] FAT-fs (loop0): Directory bread(block 64) failed [ 252.638846][T12984] FAT-fs (loop0): Directory bread(block 65) failed [ 252.671245][T12984] FAT-fs (loop0): Directory bread(block 66) failed [ 252.704788][T12984] FAT-fs (loop0): Directory bread(block 67) failed [ 252.758271][T12984] FAT-fs (loop0): Directory bread(block 68) failed [ 252.775108][T12984] FAT-fs (loop0): Directory bread(block 69) failed [ 252.818949][T12984] FAT-fs (loop0): Directory bread(block 70) failed [ 252.825565][T12984] FAT-fs (loop0): Directory bread(block 71) failed [ 252.848878][T12984] FAT-fs (loop0): Directory bread(block 72) failed [ 252.855503][T12984] FAT-fs (loop0): Directory bread(block 73) failed [ 253.251613][T13015] loop4: detected capacity change from 0 to 64 [ 253.888227][T12976] loop5: detected capacity change from 0 to 40427 [ 253.972667][T12976] F2FS-fs (loop5): Fix alignment : done, start(4096) end(16896) block(12288) [ 254.022494][T12976] F2FS-fs (loop5): invalid crc value [ 254.064900][T12976] F2FS-fs (loop5): Found nat_bits in checkpoint [ 254.309702][T12976] F2FS-fs (loop5): Cannot turn on quotas: -2 on 1 [ 254.351767][T12976] F2FS-fs (loop5): Cannot turn on quotas: -2 on 2 [ 254.361721][T12976] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 254.688916][T13085] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2392'. [ 255.093410][T13109] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING [ 255.352439][T13121] netlink: 'syz.3.2402': attribute type 11 has an invalid length. [ 255.398736][T13121] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2402'. [ 255.830786][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.837194][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.844170][T13147] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2411'. [ 256.395353][T13178] xt_policy: output policy not valid in PREROUTING and INPUT [ 256.618083][T13188] loop4: detected capacity change from 0 to 128 [ 256.902071][ T27] audit: type=1326 audit(256.866:2506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13201 comm="syz.2.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbb0d9c629 code=0x7ffc0000 [ 256.974011][ T27] audit: type=1326 audit(256.866:2507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13201 comm="syz.2.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7ffbb0d9c629 code=0x7ffc0000 [ 257.032292][ T27] audit: type=1326 audit(256.866:2508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13201 comm="syz.2.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbb0d9c629 code=0x7ffc0000 [ 257.033222][T13212] overlayfs: missing 'lowerdir' [ 257.156278][ T27] audit: type=1326 audit(256.866:2509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13201 comm="syz.2.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbb0d9c629 code=0x7ffc0000 [ 258.123940][T13275] netlink: 'syz.0.2450': attribute type 2 has an invalid length. [ 258.634971][T13303] loop4: detected capacity change from 0 to 512 [ 258.696995][T13307] netlink: 'syz.2.2460': attribute type 21 has an invalid length. [ 258.724231][T13307] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2460'. [ 258.738071][T13307] netlink: 'syz.2.2460': attribute type 4 has an invalid length. [ 258.746437][T13303] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 258.756804][T13307] netlink: 'syz.2.2460': attribute type 3 has an invalid length. [ 258.766721][T13307] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2460'. [ 258.785442][T13313] xt_connbytes: Forcing CT accounting to be enabled [ 258.821017][T13303] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 259.088272][T13329] netlink: 'syz.2.2466': attribute type 95 has an invalid length. [ 259.120454][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 259.175456][ T57] Quota error (device loop4): remove_tree: Cycle in quota tree detected: block 5 index 0 [ 259.195866][ T57] EXT4-fs error (device loop4): ext4_release_dquot:6871: comm kworker/u4:4: Failed to release dquot type 1 [ 259.708845][T13359] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2476'. [ 260.104873][T13377] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2481'. [ 260.158943][T13377] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2481'. [ 260.169145][T13377] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2481'. [ 260.822638][T13403] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2490'. [ 260.989962][T13409] binder: binder_mmap: 13408 200000ffb000-200000ffd000 bad vm_flags failed -1 [ 261.121643][T13354] loop0: detected capacity change from 0 to 40427 [ 261.156788][T13354] F2FS-fs (loop0): build fault injection attr: rate: 684, type: 0x3ffff [ 261.215600][T13354] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x35f7 [ 261.289281][T13354] F2FS-fs (loop0): invalid crc value [ 261.320825][T13354] F2FS-fs (loop0): Found nat_bits in checkpoint [ 261.331818][T13424] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2496'. [ 261.505017][T13337] loop5: detected capacity change from 0 to 65536 [ 261.571267][T13427] x_tables: unsorted underflow at hook 1 [ 261.627219][T13354] F2FS-fs (loop0): Start checkpoint disabled! [ 261.642138][T13337] XFS (loop5): Mounting V5 Filesystem [ 261.745821][T13354] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 261.814212][T13337] XFS (loop5): Ending clean mount [ 261.993635][T13446] loop2: detected capacity change from 0 to 256 [ 262.111202][T13446] FAT-fs (loop2): Directory bread(block 64) failed [ 262.143363][T10083] XFS (loop5): Unmounting Filesystem [ 262.151322][T13446] FAT-fs (loop2): Directory bread(block 65) failed [ 262.158074][T13446] FAT-fs (loop2): Directory bread(block 66) failed [ 262.211716][T13446] FAT-fs (loop2): Directory bread(block 67) failed [ 262.218446][T13446] FAT-fs (loop2): Directory bread(block 68) failed [ 262.256522][T13446] FAT-fs (loop2): Directory bread(block 69) failed [ 262.291799][T13446] FAT-fs (loop2): Directory bread(block 70) failed [ 262.298404][T13446] FAT-fs (loop2): Directory bread(block 71) failed [ 262.349679][T13446] FAT-fs (loop2): Directory bread(block 72) failed [ 262.378889][T13446] FAT-fs (loop2): Directory bread(block 73) failed [ 262.446610][ T4327] kworker/u4:6: attempt to access beyond end of device [ 262.446610][ T4327] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 262.636863][T13417] loop3: detected capacity change from 0 to 32768 [ 262.766125][T13417] [ 262.766125][T13417] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 262.766125][T13417] [ 263.015723][ T4277] [ 263.015723][ T4277] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.015723][ T4277] [ 263.063009][ T4277] [ 263.063009][ T4277] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.063009][ T4277] [ 263.700784][T13501] loop0: detected capacity change from 0 to 64 [ 263.982265][T13515] trusted_key: encrypted_key: master key parameter '' is invalid [ 264.582249][T13542] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2526'. [ 265.410002][T13592] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2540'. [ 265.446988][T13592] netlink: 'syz.4.2540': attribute type 1 has an invalid length. [ 265.617764][T13600] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2543'. [ 266.009930][ T4354] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 266.220669][ T4354] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 959 [ 266.241216][ T4354] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 266.275190][ T4354] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 266.327770][ T4354] usb 6-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38 [ 266.369259][ T4354] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.377895][T13639] cifs: Unknown parameter 'Ü[—Íñ¦bšÿÿÿITäŒ&¬æ:ÅèÙ"‚Õëï1:ºÃÃÓ­'Ä4,Zz-#FÇ<æõ]%gCžÊ [ 266.377895][T13639] SÃȘØÈžZ§6ŸÂ' [ 266.408311][ T4354] usb 6-1: Product: syz [ 266.423093][ T4354] usb 6-1: Manufacturer: syz [ 266.427850][ T4354] usb 6-1: SerialNumber: syz [ 266.450839][ T4354] usb 6-1: config 0 descriptor?? [ 266.476695][T13609] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 266.767188][ T4316] usb 6-1: USB disconnect, device number 4 [ 267.483518][T13695] loop4: detected capacity change from 0 to 4096 [ 267.531318][T13703] netlink: 129384 bytes leftover after parsing attributes in process `syz.5.2572'. [ 267.948780][ T14] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 268.174748][ T14] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 268.212153][ T14] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 268.289302][ T14] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 268.328798][T13734] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2580'. [ 268.338517][ T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 268.358714][ T14] usb 1-1: SerialNumber: syz [ 268.471789][T13742] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 268.546190][T13742] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 268.646558][ T14] usb 1-1: 0:2 : does not exist [ 268.733376][ T14] usb 1-1: USB disconnect, device number 11 [ 268.999536][ T4407] udevd[4407]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 269.848914][ T4354] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 270.071634][ T4354] usb 6-1: unable to get BOS descriptor or descriptor too short [ 270.098904][ T4354] usb 6-1: config 66 has an invalid descriptor of length 0, skipping remainder of the config [ 270.129656][ T4354] usb 6-1: config 66 has 1 interface, different from the descriptor's value: 2 [ 270.170198][ T4354] usb 6-1: config 66 has no interface number 0 [ 270.196249][ T4354] usb 6-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=a4.95 [ 270.247902][ T4354] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.266972][ T4354] usb 6-1: Product: syz [ 270.288766][ T4354] usb 6-1: Manufacturer: syz [ 270.293536][ T4354] usb 6-1: SerialNumber: syz [ 270.577250][ T4354] usb 6-1: USB disconnect, device number 5 [ 270.792270][T13879] openvswitch: netlink: Message has 4 unknown bytes. [ 270.889666][ T27] audit: type=1326 audit(270.856:2510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13884 comm="syz.0.2620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b1b19c629 code=0x7ffc0000 [ 270.946523][ T27] audit: type=1326 audit(270.896:2511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13884 comm="syz.0.2620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b1b19c629 code=0x7ffc0000 [ 271.001283][ T27] audit: type=1326 audit(270.906:2512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13884 comm="syz.0.2620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7f7b1b19c629 code=0x7ffc0000 [ 271.093680][ T27] audit: type=1326 audit(270.906:2513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13884 comm="syz.0.2620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b1b19c629 code=0x7ffc0000 [ 271.167114][ T27] audit: type=1326 audit(270.906:2514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13884 comm="syz.0.2620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b1b19c629 code=0x7ffc0000 [ 271.323789][T13906] xt_CT: You must specify a L4 protocol and not use inversions on it [ 271.403258][T13910] loop5: detected capacity change from 0 to 512 [ 271.453527][T13910] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 271.537380][T13920] netlink: 'syz.4.2630': attribute type 11 has an invalid length. [ 272.674423][T13972] raw_sendmsg: syz.4.2645 forgot to set AF_INET. Fix it! [ 273.958019][T14049] netlink: zone id is out of range [ 274.292194][T14069] loop0: detected capacity change from 0 to 164 [ 274.371586][T14072] netlink: 'syz.2.2679': attribute type 1 has an invalid length. [ 274.376923][T14069] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 274.502363][T14080] loop4: detected capacity change from 0 to 64 [ 274.747418][T14092] loop5: detected capacity change from 0 to 256 [ 274.901815][T14092] FAT-fs (loop5): Directory bread(block 64) failed [ 274.928741][T14092] FAT-fs (loop5): Directory bread(block 65) failed [ 274.974895][T14092] FAT-fs (loop5): Directory bread(block 66) failed [ 275.007201][T14092] FAT-fs (loop5): Directory bread(block 67) failed [ 275.029659][T14092] FAT-fs (loop5): Directory bread(block 68) failed [ 275.058779][T14092] FAT-fs (loop5): Directory bread(block 69) failed [ 275.067572][T14109] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2689'. [ 275.087957][T14092] FAT-fs (loop5): Directory bread(block 70) failed [ 275.109057][T14092] FAT-fs (loop5): Directory bread(block 71) failed [ 275.146448][T14092] FAT-fs (loop5): Directory bread(block 72) failed [ 275.166621][T14092] FAT-fs (loop5): Directory bread(block 73) failed [ 275.350004][T14119] printk: syz.0.2692 (14119): Attempt to access syslog with CAP_SYS_ADMIN but no CAP_SYSLOG (deprecated). [ 275.368809][T14122] netlink: 45 bytes leftover after parsing attributes in process `syz.2.2693'. [ 276.677546][T14205] IPv6: sit1: Disabled Multicast RS [ 276.754285][T14215] overlayfs: empty lowerdir [ 277.182285][T14236] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2725'. [ 277.207700][T14240] netlink: 'syz.2.2726': attribute type 8 has an invalid length. [ 277.780429][T14273] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2737'. [ 277.805603][T14278] loop4: detected capacity change from 0 to 64 [ 278.143769][ T4407] udevd[4407]: inotify_add_watch(7, /dev/nbd2p5, 10) failed: No such file or directory [ 278.158917][ T126] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 278.298937][T14309] netlink: 'syz.2.2745': attribute type 2 has an invalid length. [ 278.347346][T14309] netlink: 'syz.2.2745': attribute type 1 has an invalid length. [ 278.380687][ T126] usb 1-1: config 0 has an invalid interface number: 200 but max is 0 [ 278.405180][ T126] usb 1-1: config 0 has no interface number 0 [ 278.433356][ T126] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=91.6f [ 278.455316][ T126] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.515403][ T126] usb 1-1: config 0 descriptor?? [ 278.780065][ T126] RobotFuzz Open Source InterFace, OSIF 1-1:0.200: version 91.6f found at bus 001 address 012 [ 278.919989][T14348] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 279.024614][ T126] usb 1-1: USB disconnect, device number 12 [ 279.130408][T14365] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 279.824648][T14399] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2768'. [ 279.874849][T14399] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2768'. [ 280.118960][ T126] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 280.312036][ T126] usb 4-1: unable to get BOS descriptor or descriptor too short [ 280.331323][ T126] usb 4-1: not running at top speed; connect to a high speed hub [ 280.354292][ T126] usb 4-1: config 97 has an invalid interface number: 135 but max is 0 [ 280.406634][ T126] usb 4-1: config 97 has an invalid descriptor of length 0, skipping remainder of the config [ 280.449548][T14436] Cannot find set identified by id 0 to match [ 280.456577][ T126] usb 4-1: config 97 has no interface number 0 [ 280.490416][T14444] loop4: detected capacity change from 0 to 256 [ 280.493656][ T126] usb 4-1: config 97 interface 135 has no altsetting 0 [ 280.534835][ T126] usb 4-1: New USB device found, idVendor=13d3, idProduct=5103, bcdDevice=8b.d4 [ 280.546280][T14444] FAT-fs (loop4): Directory bread(block 64) failed [ 280.569026][ T126] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.579295][T14444] FAT-fs (loop4): Directory bread(block 65) failed [ 280.615800][T14444] FAT-fs (loop4): Directory bread(block 66) failed [ 280.624412][ T126] usb 4-1: Product: syz [ 280.648663][ T126] usb 4-1: Manufacturer: syz [ 280.653598][T14444] FAT-fs (loop4): Directory bread(block 67) failed [ 280.663646][ T126] usb 4-1: SerialNumber: syz [ 280.664301][T14444] FAT-fs (loop4): Directory bread(block 68) failed [ 280.694364][T14444] FAT-fs (loop4): Directory bread(block 69) failed [ 280.716366][T14444] FAT-fs (loop4): Directory bread(block 70) failed [ 280.738785][T14444] FAT-fs (loop4): Directory bread(block 71) failed [ 280.756019][T14444] FAT-fs (loop4): Directory bread(block 72) failed [ 280.763056][T14444] FAT-fs (loop4): Directory bread(block 73) failed [ 280.896507][ T126] usb 4-1: USB disconnect, device number 13 [ 281.304650][ T27] audit: type=1326 audit(281.266:2515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14486 comm="syz.4.2792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1719c629 code=0x7ffc0000 [ 281.408820][ T27] audit: type=1326 audit(281.296:2516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14486 comm="syz.4.2792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f7f1719c629 code=0x7ffc0000 [ 281.430680][ C0] vkms_vblank_simulate: vblank timer overrun [ 281.547027][ T27] audit: type=1326 audit(281.296:2517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14486 comm="syz.4.2792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1719c629 code=0x7ffc0000 [ 281.619017][ T27] audit: type=1326 audit(281.296:2518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14486 comm="syz.4.2792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1719c629 code=0x7ffc0000 [ 281.764848][ T27] audit: type=1326 audit(281.726:2519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14506 comm="syz.5.2800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dc0d9c629 code=0x7ffc0000 [ 281.855449][ T27] audit: type=1326 audit(281.756:2520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14506 comm="syz.5.2800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dc0d9c629 code=0x7ffc0000 [ 281.968745][ T27] audit: type=1326 audit(281.756:2521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14506 comm="syz.5.2800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dc0d9c629 code=0x7ffc0000 [ 282.058972][ T27] audit: type=1326 audit(281.776:2522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14506 comm="syz.5.2800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7f2dc0d9c629 code=0x7ffc0000 [ 282.128764][T14529] QAT: failed to copy from user cfg_data. [ 282.166739][ T27] audit: type=1326 audit(281.776:2523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14506 comm="syz.5.2800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dc0d9c629 code=0x7ffc0000 [ 282.298009][ T27] audit: type=1326 audit(281.776:2524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14506 comm="syz.5.2800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dc0d9c629 code=0x7ffc0000 [ 282.679167][T14557] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2817'. [ 283.494281][T14604] netlink: 'syz.2.2831': attribute type 8 has an invalid length. [ 283.555455][T14604] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.2831'. [ 283.632361][T14614] loop5: detected capacity change from 0 to 512 [ 283.667813][T14614] EXT4-fs (loop5): orphan cleanup on readonly fs [ 283.688802][T14614] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13 [ 283.699609][T14614] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1113: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 283.771440][T14614] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #13: comm syz.5.2834: attempt to clear invalid blocks 2 len 1 [ 283.854493][T14614] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.2834: invalid indirect mapped block 1819239214 (level 0) [ 283.895985][T14627] netlink: 'syz.2.2836': attribute type 10 has an invalid length. [ 283.906402][T14614] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.2834: invalid indirect mapped block 1819239214 (level 1) [ 283.948976][T14627] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2836'. [ 283.972360][T14614] EXT4-fs (loop5): 1 truncate cleaned up [ 284.023684][T14627] team0: Port device geneve0 added [ 284.029242][T14614] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 284.126506][T14614] EXT4-fs error (device loop5): __ext4_remount:6644: comm syz.5.2834: Abort forced by user [ 284.166780][T14614] EXT4-fs (loop5): re-mounted. Quota mode: writeback. [ 284.296398][T14645] program syz.2.2843 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 284.353295][T10083] EXT4-fs (loop5): unmounting filesystem. [ 284.549641][T14657] cgroup: Invalid name [ 284.782697][T14661] loop2: detected capacity change from 0 to 4096 [ 284.792775][T14664] loop4: detected capacity change from 0 to 4096 [ 284.809217][T14664] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 284.846095][T14661] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 284.932825][T14664] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 284.997441][T14661] ntfs3: loop2: ntfs_sync_fs r=1a failed, -22. [ 285.021998][T14661] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 285.074986][T14678] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.162387][T10530] ntfs3: loop2: ntfs_sync_fs r=1a failed, -22. [ 285.201195][T10530] ntfs3: loop2: ntfs_evict_inode r=1a failed, -22. [ 285.652820][T14707] netlink: 216 bytes leftover after parsing attributes in process `syz.5.2861'. [ 285.688800][T14710] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2862'. [ 285.795469][T14717] loop0: detected capacity change from 0 to 256 [ 285.867063][T14717] FAT-fs (loop0): Directory bread(block 64) failed [ 285.890942][T14717] FAT-fs (loop0): Directory bread(block 65) failed [ 285.915233][T14717] FAT-fs (loop0): Directory bread(block 66) failed [ 285.943221][T14717] FAT-fs (loop0): Directory bread(block 67) failed [ 285.986227][T14717] FAT-fs (loop0): Directory bread(block 68) failed [ 285.996738][T14717] FAT-fs (loop0): Directory bread(block 69) failed [ 286.031912][T14717] FAT-fs (loop0): Directory bread(block 70) failed [ 286.074104][T14717] FAT-fs (loop0): Directory bread(block 71) failed [ 286.109315][T14717] FAT-fs (loop0): Directory bread(block 72) failed [ 286.115933][T14717] FAT-fs (loop0): Directory bread(block 73) failed [ 286.436635][T14746] loop2: detected capacity change from 0 to 1024 [ 286.490690][T14746] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 286.668979][T14746] hfsplus: filesystem is marked journaled, leaving read-only. [ 286.927934][T14774] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2879'. [ 286.988955][T14774] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2879'. [ 287.266916][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 287.266934][ T27] audit: type=1326 audit(287.226:2527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14788 comm="syz.3.2884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 287.301516][T14792] ipt_ECN: cannot use operation on non-tcp rule [ 287.426626][ T27] audit: type=1326 audit(287.236:2528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14788 comm="syz.3.2884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 287.509039][ T27] audit: type=1326 audit(287.236:2529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14788 comm="syz.3.2884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 287.590565][ T27] audit: type=1326 audit(287.236:2530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14788 comm="syz.3.2884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 287.688705][ T27] audit: type=1326 audit(287.236:2531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14788 comm="syz.3.2884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 287.789809][ T27] audit: type=1326 audit(287.236:2532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14788 comm="syz.3.2884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 287.834762][T14817] loop3: detected capacity change from 0 to 136 [ 287.875185][ T27] audit: type=1326 audit(287.236:2533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14788 comm="syz.3.2884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 287.935835][T14817] syz.3.2894: attempt to access beyond end of device [ 287.935835][T14817] loop3: rw=524288, sector=164, nr_sectors = 64 limit=136 [ 287.989051][ T27] audit: type=1326 audit(287.236:2534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14788 comm="syz.3.2884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f7b8f19c629 code=0x7ffc0000 [ 288.029869][T14817] syz.3.2894: attempt to access beyond end of device [ 288.029869][T14817] loop3: rw=524288, sector=228, nr_sectors = 128 limit=136 [ 288.119455][T14817] syz.3.2894: attempt to access beyond end of device [ 288.119455][T14817] loop3: rw=0, sector=164, nr_sectors = 8 limit=136 [ 288.151574][ T27] audit: type=1400 audit(287.286:2535): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name=26260A3AF6 pid=14791 comm="syz.4.2885" [ 288.216658][ T27] audit: type=1800 audit(288.156:2536): pid=14817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2894" name="file0" dev="loop3" ino=1542 res=0 errno=0 [ 288.229075][T14834] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 288.373656][T14844] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2902'. [ 288.851170][T14868] tmpfs: Bad value for 'mpol' [ 288.958293][T14876] snd_dummy snd_dummy.0: control 4:9:6:syz1:6 is already present [ 289.501349][T14903] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2923'. [ 289.527463][T14903] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2923'. [ 289.590316][T14903] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2923'. [ 289.601842][T14903] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2923'. [ 289.649437][T14903] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2923'. [ 289.696621][T14903] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2923'. [ 289.731296][T14903] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2923'. [ 289.766642][T14916] loop2: detected capacity change from 0 to 512 [ 289.779099][T14903] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2923'. [ 289.795161][T14903] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2923'. [ 289.814110][T14916] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 289.823107][T14903] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 289.834717][T14916] EXT4-fs (loop2): orphan cleanup on readonly fs [ 289.850532][T14903] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 289.861441][T14903] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 289.862068][T14916] EXT4-fs error (device loop2): ext4_acquire_dquot:6835: comm syz.2.2926: Failed to acquire dquot type 1 [ 289.907588][T14916] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.2926: bg 0: block 40: padding at end of block bitmap is not set [ 289.923057][T14916] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6181: Corrupt filesystem [ 289.940836][T14916] EXT4-fs (loop2): 1 truncate cleaned up [ 289.946694][T14916] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 290.092544][T10530] EXT4-fs (loop2): unmounting filesystem. [ 291.046420][T14973] binfmt_misc: register: failed to install interpreter file ./file0 [ 291.509909][T14993] loop0: detected capacity change from 0 to 512 [ 291.539051][T14993] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 291.567367][T14952] loop2: detected capacity change from 0 to 32768 [ 291.584427][T14993] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 291.680909][T14993] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.2951: inode has both inline data and extents flags [ 291.699229][T14952] XFS (loop2): Mounting V5 Filesystem [ 291.743750][T14993] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.2951: couldn't read orphan inode 15 (err -117) [ 291.765841][T14993] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 291.946905][T14952] XFS (loop2): Ending clean mount [ 292.037479][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 292.168883][T10530] XFS (loop2): Unmounting Filesystem [ 293.146707][T15083] loop0: detected capacity change from 0 to 256 [ 293.210538][T15083] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 293.243649][T15083] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d) [ 293.666623][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 293.666639][ T27] audit: type=1326 audit(293.626:2537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15107 comm="syz.4.2981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1719c629 code=0x7ffc0000 [ 293.799586][ T27] audit: type=1326 audit(293.636:2538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15107 comm="syz.4.2981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7f7f1719c629 code=0x7ffc0000 [ 293.878756][ T27] audit: type=1326 audit(293.636:2539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15107 comm="syz.4.2981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1719c629 code=0x7ffc0000 [ 293.890032][T15118] loop3: detected capacity change from 0 to 1024 [ 294.023327][ T27] audit: type=1326 audit(293.636:2540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15107 comm="syz.4.2981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1719c629 code=0x7ffc0000 [ 294.038960][T15118] hfsplus: trying to free free bnode 0(1) [ 294.108795][ T7] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 294.269832][ T4330] hfsplus: b-tree write err: -5, ino 4 [ 294.308768][ T7] usb 3-1: Using ep0 maxpacket: 16 [ 294.318145][ T7] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 294.329173][T15142] xt_CT: You must specify a L4 protocol and not use inversions on it [ 294.353723][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.373665][ T7] usb 3-1: Product: syz [ 294.403106][ T7] usb 3-1: Manufacturer: syz [ 294.407787][ T7] usb 3-1: SerialNumber: syz [ 294.445609][ T7] usb 3-1: config 0 descriptor?? [ 294.456940][ T7] visor 3-1:0.0: Sony Clie 3.5 converter detected [ 294.512102][T15154] loop5: detected capacity change from 0 to 256 [ 294.560356][T15154] exfat: Deprecated parameter 'utf8' [ 294.566478][T15154] exfat: Deprecated parameter 'namecase' [ 294.599807][T15154] exfat: Deprecated parameter 'namecase' [ 294.662962][ T7] usb 3-1: clie_3_5_startup: get config number bad return length: 0 [ 294.682626][T15154] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x200001de, utbl_chksum : 0xe619d30d) [ 294.718780][ T7] visor: probe of 3-1:0.0 failed with error -5 [ 294.894384][ T7] usb 3-1: USB disconnect, device number 15 [ 294.899959][T15171] __nla_validate_parse: 76 callbacks suppressed [ 294.899978][T15171] netlink: 220 bytes leftover after parsing attributes in process `syz.4.2998'. [ 295.188054][T15188] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3002'. [ 295.335490][T15149] loop3: detected capacity change from 0 to 32768 [ 296.008820][ T22] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 296.204252][ T22] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 296.245065][ T22] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.274964][ T22] usb 4-1: Product: syz [ 296.304620][ T22] usb 4-1: Manufacturer: syz [ 296.338654][ T22] usb 4-1: SerialNumber: syz [ 296.373702][ T22] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 296.439473][ T22] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 296.471872][T15252] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3020'. [ 296.486184][T15255] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3021'. [ 296.716912][T15262] loop5: detected capacity change from 0 to 256 [ 296.725363][ C1] usb 4-1: ath: unknown panic pattern! [ 296.782949][T15270] dlm: no locking on control device [ 296.819034][T15269] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 296.828255][T15262] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 296.903363][T15262] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d) [ 296.934243][ T4321] usb 4-1: USB disconnect, device number 14 [ 297.006708][T15282] netlink: 'syz.0.3028': attribute type 27 has an invalid length. [ 297.029862][T15282] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 297.508746][ T22] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 297.526019][ T22] ath9k_htc: Failed to initialize the device [ 297.564739][ T4321] usb 4-1: ath9k_htc: USB layer deinitialized [ 297.663788][T15318] x_tables: unsorted underflow at hook 2 [ 297.914008][T15333] netlink: 184 bytes leftover after parsing attributes in process `syz.5.3043'. [ 297.958108][T15336] loop0: detected capacity change from 0 to 128 [ 298.688931][T15376] ksmbd: Unknown IPC event: 4, ignore. [ 298.920708][T15390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3060'. [ 298.974768][T15390] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 299.030497][T15390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3060'. [ 299.086557][T15390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3060'. [ 299.117261][T15390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3060'. [ 299.172074][T15390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3060'. [ 299.226557][T15390] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 299.316279][T15390] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 299.355995][T15390] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 299.448996][ T7] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 299.528826][ T7] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 299.790926][T15436] loop0: detected capacity change from 0 to 1024 [ 299.867807][T15436] hfsplus: trying to free free bnode 0(1) [ 300.036015][T15446] netlink: 'syz.3.3078': attribute type 21 has an invalid length. [ 300.039016][ T11] hfsplus: b-tree write err: -5, ino 4 [ 300.129806][T15452] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 300.445162][T15470] loop4: detected capacity change from 0 to 64 [ 300.535503][ T27] audit: type=1800 audit(300.496:2541): pid=15470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3085" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 300.554575][ C1] vkms_vblank_simulate: vblank timer overrun [ 300.570008][T15477] netlink: 'syz.0.3087': attribute type 12 has an invalid length. [ 300.669673][T15477] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (255) [ 300.942272][T15485] 8021q: adding VLAN 0 to HW filter on device bond1 [ 300.997931][T15531] trusted_key: encrypted_key: keyword 'ryptfs' not recognized [ 301.222571][T15545] loop3: detected capacity change from 0 to 164 [ 301.244511][T15542] __nla_validate_parse: 75 callbacks suppressed [ 301.244529][T15542] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3096'. [ 301.274118][T15545] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 301.334622][T15542] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3096'. [ 301.475218][T15557] loop2: detected capacity change from 0 to 64 [ 301.643972][T15564] loop0: detected capacity change from 0 to 256 [ 301.690713][T15564] exfat: Deprecated parameter 'utf8' [ 301.718853][T15564] exfat: Deprecated parameter 'namecase' [ 301.724730][T15564] exfat: Deprecated parameter 'namecase' [ 301.832904][T15564] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011e8b, chksum : 0xf0cee8ef, utbl_chksum : 0xe619d30d) [ 301.883360][T15580] loop3: detected capacity change from 0 to 2048 [ 301.884164][T15582] netlink: 'syz.2.3108': attribute type 27 has an invalid length. [ 301.904158][T15582] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 301.944696][T15580] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 302.217974][T15595] netlink: 'syz.4.3111': attribute type 3 has an invalid length. [ 302.249888][T15598] loop0: detected capacity change from 0 to 256 [ 302.310322][T15595] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.3111'. [ 302.571955][T15613] netlink: 'syz.0.3116': attribute type 3 has an invalid length. [ 303.257053][T15645] loop4: detected capacity change from 0 to 256 [ 303.307053][T15601] loop2: detected capacity change from 0 to 32768 [ 303.486747][T15601] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 303.527502][T15601] XFS (loop2): Mounting V5 Filesystem [ 303.743766][T15671] netlink: 'syz.3.3132': attribute type 10 has an invalid length. [ 303.773913][T15601] XFS (loop2): Ending clean mount [ 303.852426][T15671] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 304.019081][T15641] loop0: detected capacity change from 0 to 32768 [ 304.113487][T10530] XFS (loop2): Unmounting Filesystem [ 304.197909][T15641] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 304.217907][T15688] loop3: detected capacity change from 0 to 16 [ 304.280374][T15641] (syz.0.3125,15641,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: directory entry overrun - offset=0, inode=65, rec_len=16, name_len=1 [ 304.327049][T15688] erofs: (device loop3): mounted with root inode @ nid 36. [ 304.379042][T15641] (syz.0.3125,15641,1):ocfs2_prepare_dir_for_insert:4311 ERROR: status = -2 [ 304.417847][T15688] erofs: (device loop3): z_erofs_read_folio: failed to read, err [-117] [ 304.428863][T15641] (syz.0.3125,15641,1):ocfs2_mknod:298 ERROR: status = -2 [ 304.448801][T15641] (syz.0.3125,15641,1):ocfs2_mknod:502 ERROR: status = -2 [ 304.502432][T15641] (syz.0.3125,15641,1):ocfs2_create:676 ERROR: status = -2 [ 304.592576][ T4273] ocfs2: Unmounting device (7,0) on (node local) [ 304.728674][ T4321] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 304.921084][ T4321] usb 6-1: config 0 has an invalid interface number: 255 but max is 0 [ 304.931616][T15719] 9pnet_fd: Insufficient options for proto=fd [ 304.937955][ T4321] usb 6-1: config 0 has no interface number 0 [ 304.959266][ T4321] usb 6-1: config 0 interface 255 has no altsetting 0 [ 304.967993][T15721] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3145'. [ 304.996325][ T4321] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 305.026514][ T4321] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.056121][ T4321] usb 6-1: config 0 descriptor?? [ 305.104767][ T4321] cp210x 6-1:0.255: cp210x converter detected [ 305.244401][T15741] cgroup: none used incorrectly [ 305.550344][ T4321] cp210x 6-1:0.255: failed to get vendor val 0x000e size 3: -71 [ 305.580752][ T4321] usb 6-1: cp210x converter now attached to ttyUSB0 [ 305.635562][ T4321] usb 6-1: USB disconnect, device number 6 [ 305.714235][ T4321] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 305.756418][ T4321] cp210x 6-1:0.255: device disconnected [ 305.816839][T15777] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3156'. [ 305.856753][T15777] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3156'. [ 306.096276][T15798] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 306.525136][T15821] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3169'. [ 306.569190][T15821] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3169'. [ 306.689689][T15831] xt_l2tp: v2 sid > 0xffff: 117440512 [ 307.278747][ T4316] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 307.335582][T15859] loop4: detected capacity change from 0 to 4096 [ 307.373945][T15859] ntfs: (device loop4): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 307.431922][T15859] ntfs: (device loop4): ntfs_read_locked_inode(): $DATA attribute is missing. [ 307.484936][ T4316] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 307.516526][ T4316] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.525210][T15859] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 307.549736][ T4316] usb 1-1: Product: syz [ 307.558304][ T4316] usb 1-1: Manufacturer: syz [ 307.567839][ T4316] usb 1-1: SerialNumber: syz [ 307.574415][T15859] ntfs: (device loop4): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 307.605180][ T4316] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 307.689507][ T4316] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 307.726588][T15859] ntfs: volume version 3.1. [ 307.830032][T15859] ntfs: (device loop4): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 307.858782][T15859] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x40 as bad. Run chkdsk. [ 308.168975][ T4315] usb 1-1: USB disconnect, device number 13 [ 308.701313][T15934] netlink: 'syz.4.3202': attribute type 5 has an invalid length. [ 308.748314][T15929] loop2: detected capacity change from 0 to 4096 [ 308.770456][T15934] device ip6erspan0 entered promiscuous mode [ 308.829389][T15940] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 308.949000][ T4316] usb 1-1: Service connection timeout for: 256 [ 308.956013][ T4316] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 308.977754][ T4316] ath9k_htc: Failed to initialize the device [ 309.019945][ T4315] usb 1-1: ath9k_htc: USB layer deinitialized [ 309.085008][T15950] netlink: 'syz.4.3206': attribute type 21 has an invalid length. [ 309.111816][T15950] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3206'. [ 309.396247][T15963] ieee802154 phy0 wpan0: encryption failed: -90 [ 309.494182][T15972] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3211'. [ 309.548915][T15972] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3211'. [ 310.034857][T15989] loop5: detected capacity change from 0 to 4096 [ 310.082215][T15989] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512) [ 310.178827][ T4315] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 310.235302][T15989] ntfs3: loop5: failed to convert "c46c" to iso8859-4 [ 310.244432][ T14] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 310.379560][ T4315] usb 5-1: Using ep0 maxpacket: 16 [ 310.386673][ T4315] usb 5-1: config 0 has an invalid interface number: 41 but max is 0 [ 310.414332][ T4315] usb 5-1: config 0 has no interface number 0 [ 310.443655][ T14] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 52, changing to 4 [ 310.444198][ T4315] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 310.477867][ T14] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 13368, setting to 1023 [ 310.490130][T16022] netlink: 'syz.0.3226': attribute type 21 has an invalid length. [ 310.498094][T16022] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3226'. [ 310.517654][T16022] netlink: 'syz.0.3226': attribute type 5 has an invalid length. [ 310.526972][T16022] netlink: 'syz.0.3226': attribute type 6 has an invalid length. [ 310.528537][ T4315] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 310.540401][ T14] usb 4-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 310.562095][ T14] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.562128][ T14] usb 4-1: Product: syz [ 310.562144][ T14] usb 4-1: Manufacturer: syz [ 310.562160][ T14] usb 4-1: SerialNumber: syz [ 310.563079][T16022] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3226'. [ 310.573785][ T14] usb 4-1: config 0 descriptor?? [ 310.574752][ T4315] usb 5-1: config 0 interface 41 has no altsetting 0 [ 310.577396][ T4315] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 310.577429][ T4315] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.577451][ T4315] usb 5-1: Product: syz [ 310.577467][ T4315] usb 5-1: Manufacturer: syz [ 310.577564][ T4315] usb 5-1: SerialNumber: syz [ 310.586377][ T4315] usb 5-1: config 0 descriptor?? [ 310.587094][T15995] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 310.587249][T15995] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 310.783168][ T14] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input12 [ 310.796654][T15995] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 310.859151][ C1] vkms_vblank_simulate: vblank timer overrun [ 310.949771][T15995] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 311.013926][ T14] usb 4-1: USB disconnect, device number 15 [ 311.202702][ T4315] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): set LINK LED failed : -71 [ 311.219449][ T4315] CoreChips: probe of 5-1:0.41 failed with error -71 [ 311.259828][ T4315] usb 5-1: USB disconnect, device number 13 [ 311.913508][T16099] netlink: 'syz.3.3243': attribute type 11 has an invalid length. [ 311.950308][T16099] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3243'. [ 312.023412][T16109] syz.5.3247 uses old SIOCAX25GETINFO [ 312.033511][T16111] loop4: detected capacity change from 0 to 128 [ 312.091678][T16111] syz.4.3246: attempt to access beyond end of device [ 312.091678][T16111] loop4: rw=0, sector=25674, nr_sectors = 2 limit=128 [ 312.157279][T16111] Buffer I/O error on dev loop4, logical block 12837, async page read [ 312.178723][ T4316] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 312.211332][T16111] Trying to free block not in datazone [ 312.387129][ T4316] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 312.408668][ T4316] usb 3-1: New USB device strings: Mfr=13, Product=2, SerialNumber=3 [ 312.416817][ T4316] usb 3-1: Product: syz [ 312.441022][T16129] netlink: 'syz.3.3252': attribute type 2 has an invalid length. [ 312.458735][T16129] netlink: 'syz.3.3252': attribute type 1 has an invalid length. [ 312.465569][ T4316] usb 3-1: Manufacturer: syz [ 312.473004][ T4316] usb 3-1: SerialNumber: syz [ 312.485260][T16129] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3252'. [ 312.486916][ T4316] r8152-cfgselector 3-1: config 0 descriptor?? [ 312.960320][ T4316] r8152-cfgselector 3-1: Unknown version 0x0000 [ 312.980216][ T4316] r8152-cfgselector 3-1: USB disconnect, device number 16 [ 313.022906][T16149] loop0: detected capacity change from 0 to 4096 [ 313.038809][ T4315] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 313.231368][ T4315] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 313.274955][ T4315] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 313.317825][ T4315] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 313.338174][ T4315] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.364868][ T4315] usb 4-1: Product: syz [ 313.375836][ T4315] usb 4-1: Manufacturer: syz [ 313.395513][ T4315] usb 4-1: SerialNumber: syz [ 313.459089][ T4315] usb 4-1: config 0 descriptor?? [ 313.464797][T16144] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 313.472666][T16144] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 313.709568][T16144] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 313.717353][T16144] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 313.923416][T16209] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3270'. [ 313.953006][ T14] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 313.989346][ T4315] Error reading MAC address [ 314.009007][ T4315] usb 4-1: USB disconnect, device number 16 [ 314.156663][ T14] usb 6-1: Using ep0 maxpacket: 32 [ 314.178414][ T14] usb 6-1: config 0 has an invalid interface number: 35 but max is 0 [ 314.207301][ T14] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 314.257985][ T14] usb 6-1: config 0 has no interface number 0 [ 314.264389][ T14] usb 6-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 314.301767][ T14] usb 6-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 314.322453][ T14] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.364826][ T14] usb 6-1: Product: syz [ 314.379118][ T14] usb 6-1: Manufacturer: syz [ 314.388695][ T14] usb 6-1: SerialNumber: syz [ 314.395614][T16234] tmpfs: Bad value for 'mpol' [ 314.414147][ T14] usb 6-1: config 0 descriptor?? [ 314.428202][ T14] radio-si470x 6-1:0.35: could not find interrupt in endpoint [ 314.456713][ T14] radio-si470x: probe of 6-1:0.35 failed with error -5 [ 314.557243][T16237] loop2: detected capacity change from 0 to 4096 [ 314.565167][T16242] ieee802154 phy0 wpan0: encryption failed: -22 [ 314.583850][T16237] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 314.639870][ T14] radio-raremono 6-1:0.35: this is not Thanko's Raremono. [ 314.647350][ T14] usbhid 6-1:0.35: couldn't find an input interrupt endpoint [ 314.744757][T16237] ntfs3: loop2: failed to convert "c46c" to cp862 [ 314.914717][ T4316] usb 6-1: USB disconnect, device number 7 [ 315.101552][T16269] loop2: detected capacity change from 0 to 512 [ 315.167476][T16269] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 315.203361][T16269] EXT4-fs (loop2): orphan cleanup on readonly fs [ 315.255431][T16269] Quota error (device loop2): find_block_dqentry: Quota for id 0 referenced but not present [ 315.287542][T16269] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 315.308423][T16269] EXT4-fs error (device loop2): ext4_acquire_dquot:6835: comm syz.2.3285: Failed to acquire dquot type 1 [ 315.344783][T16269] EXT4-fs (loop2): Remounting filesystem read-only [ 315.372820][T16269] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.3285: bg 0: block 40: padding at end of block bitmap is not set [ 315.388973][ T4321] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 315.436806][T16269] EXT4-fs (loop2): Remounting filesystem read-only [ 315.468767][T16269] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6181: Corrupt filesystem [ 315.508703][T16269] EXT4-fs (loop2): Remounting filesystem read-only [ 315.516118][T16269] EXT4-fs (loop2): 1 truncate cleaned up [ 315.531319][T16269] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 315.580851][ T4321] usb 1-1: config 3 has an invalid interface number: 106 but max is 0 [ 315.618749][ T4321] usb 1-1: config 3 has no interface number 0 [ 315.625124][ T4321] usb 1-1: config 3 interface 106 altsetting 243 endpoint 0xD has invalid wMaxPacketSize 0 [ 315.671046][ T4321] usb 1-1: config 3 interface 106 altsetting 243 endpoint 0xE has invalid maxpacket 1024, setting to 1023 [ 315.683765][T10530] EXT4-fs (loop2): unmounting filesystem. [ 315.729510][ T4321] usb 1-1: config 3 interface 106 has no altsetting 0 [ 315.764265][ T4321] usb 1-1: New USB device found, idVendor=fff0, idProduct=fff0, bcdDevice=b7.6a [ 315.812099][ T4321] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.837914][ T4321] usb 1-1: Product: syz [ 315.858608][ T4321] usb 1-1: Manufacturer: syz [ 315.868776][ T4321] usb 1-1: SerialNumber: syz [ 315.992106][T16309] netlink: 'syz.5.3296': attribute type 5 has an invalid length. [ 316.015214][T16309] netlink: 7 bytes leftover after parsing attributes in process `syz.5.3296'. [ 316.106247][ T4321] usbtest 1-1:3.106: usb test device [ 316.128631][ T4321] usbtest 1-1:3.106: full-speed {control in/out bulk-out iso-out} tests (+alt) [ 316.380075][ T4321] usb 1-1: USB disconnect, device number 14 [ 316.576681][T16351] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3303'. [ 316.950739][ T4315] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 317.163414][ T4315] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 317.200259][ T4315] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.208335][ T4315] usb 4-1: Product: syz [ 317.253313][ T4315] usb 4-1: Manufacturer: syz [ 317.257991][ T4315] usb 4-1: SerialNumber: syz [ 317.272136][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.279165][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.319488][ T4315] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 317.348850][ T4321] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 317.396132][ T4316] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 317.467803][T16408] netlink: 'syz.2.3316': attribute type 1 has an invalid length. [ 317.554125][ T4321] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 317.576583][ T4321] usb 5-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 317.617459][ T4321] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.629014][T16414] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3318'. [ 317.647948][T16414] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3318'. [ 317.658040][ T4321] usb 5-1: Product: syz [ 317.687325][ T4321] usb 5-1: Manufacturer: syz [ 317.698694][ T4321] usb 5-1: SerialNumber: syz [ 317.729040][ T4321] usb 5-1: config 0 descriptor?? [ 317.734332][T16417] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3319'. [ 317.765497][ T4321] powermate: probe of 5-1:0.0 failed with error -5 [ 317.918647][ T4315] usb 4-1: USB disconnect, device number 17 [ 317.957675][ T4321] usb 5-1: USB disconnect, device number 14 [ 318.274400][T16452] loop0: detected capacity change from 0 to 16 [ 318.312446][T16452] erofs: (device loop0): mounted with root inode @ nid 36. [ 318.365934][T16452] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 318.445917][T16452] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -46 in[60, 4036] out[1851] [ 318.481935][ T4316] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 318.512612][ T4316] ath9k_htc: Failed to initialize the device [ 318.528668][T16452] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117] [ 318.541639][ T4315] usb 4-1: ath9k_htc: USB layer deinitialized [ 318.603344][T16471] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3330'. [ 318.676869][T16474] loop3: detected capacity change from 0 to 512 [ 318.709482][T16474] EXT4-fs (loop3): Test dummy encryption mode enabled [ 318.741307][T16474] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 318.798270][T16474] EXT4-fs error (device loop3): ext4_orphan_get:1425: comm syz.3.3329: bad orphan inode 131083 [ 318.857475][T16490] netlink: 64985 bytes leftover after parsing attributes in process `syz.4.3331'. [ 318.868403][T16489] netlink: 124 bytes leftover after parsing attributes in process `syz.0.3333'. [ 318.905801][T16474] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 319.189504][ T4277] EXT4-fs (loop3): unmounting filesystem. [ 320.174329][ T27] audit: type=1326 audit(320.136:2542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16565 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1719c629 code=0x7ffc0000 [ 320.217575][T16567] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3352'. [ 320.298734][ T27] audit: type=1326 audit(320.166:2543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16565 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1719c629 code=0x7ffc0000 [ 320.369040][T16577] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 320.399566][ T27] audit: type=1326 audit(320.166:2544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16565 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7f7f1719c629 code=0x7ffc0000 [ 320.508094][ T27] audit: type=1326 audit(320.166:2545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16565 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1719c629 code=0x7ffc0000 [ 320.614092][ T27] audit: type=1326 audit(320.166:2546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16565 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1719c629 code=0x7ffc0000 [ 321.710585][T16635] loop0: detected capacity change from 0 to 4096 [ 321.796588][T16661] ipt_CLUSTERIP: Please specify an interface name [ 321.811573][T16635] ntfs: volume version 3.1. [ 322.214873][ T27] audit: type=1326 audit(322.176:2547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16680 comm="syz.2.3379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbb0d9c629 code=0x7ffc0000 [ 322.305219][ T27] audit: type=1326 audit(322.226:2548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16680 comm="syz.2.3379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7ffbb0d9c629 code=0x7ffc0000 [ 322.421443][ T27] audit: type=1326 audit(322.226:2549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16680 comm="syz.2.3379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbb0d9c629 code=0x7ffc0000 [ 322.508964][ T27] audit: type=1326 audit(322.226:2550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16680 comm="syz.2.3379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbb0d9c629 code=0x7ffc0000 [ 322.675913][T16709] loop0: detected capacity change from 0 to 16 [ 322.733312][T16709] erofs: (device loop0): mounted with root inode @ nid 36. [ 322.777550][T16716] loop2: detected capacity change from 0 to 256 [ 322.903252][T16716] FAT-fs (loop2): Directory bread(block 64) failed [ 322.938791][T16716] FAT-fs (loop2): Directory bread(block 65) failed [ 322.945548][T16716] FAT-fs (loop2): Directory bread(block 66) failed [ 322.996749][T16716] FAT-fs (loop2): Directory bread(block 67) failed [ 323.011518][T16716] FAT-fs (loop2): Directory bread(block 68) failed [ 323.018152][T16716] FAT-fs (loop2): Directory bread(block 69) failed [ 323.037722][T16716] FAT-fs (loop2): Directory bread(block 70) failed [ 323.089830][T16716] FAT-fs (loop2): Directory bread(block 71) failed [ 323.118715][T16716] FAT-fs (loop2): Directory bread(block 72) failed [ 323.125327][T16716] FAT-fs (loop2): Directory bread(block 73) failed [ 323.358871][T16743] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3392'. [ 323.659540][T16762] usb usb8: check_ctrlrecip: process 16762 (syz.4.3397) requesting ep 01 but needs 81 [ 323.708726][T16762] usb usb8: usbfs: process 16762 (syz.4.3397) did not claim interface 0 before use [ 324.468683][ T4281] Bluetooth: hci5: command 0x0406 tx timeout [ 324.735167][T16822] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3417'. [ 324.784107][T16822] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3417'. [ 325.150993][T16872] affs: No valid root block on device nbd3 [ 325.351479][T16884] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3427'. [ 325.368740][T16884] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3427'. [ 325.714635][T16900] loop2: detected capacity change from 0 to 2048 [ 325.789261][T16900] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 325.797485][T16900] UDF-fs: Scanning with blocksize 512 failed [ 325.855136][T16901] loop5: detected capacity change from 0 to 4096 [ 325.909314][T16901] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512) [ 325.959696][T16900] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 326.078668][T16901] ntfs3: loop5: failed to convert "c46c" to cp862 [ 326.202289][T16927] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3441'. [ 326.304345][T16927] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3441'. [ 326.919210][T16965] loop3: detected capacity change from 0 to 128 [ 326.973042][T16965] FAT-fs (loop3): Directory bread(block 162) failed [ 326.989907][T16965] FAT-fs (loop3): Directory bread(block 163) failed [ 327.021084][T16965] FAT-fs (loop3): Directory bread(block 164) failed [ 327.074519][T16965] FAT-fs (loop3): Directory bread(block 165) failed [ 327.099489][T16965] FAT-fs (loop3): Directory bread(block 166) failed [ 327.138779][T16965] FAT-fs (loop3): Directory bread(block 167) failed [ 327.145754][T16965] FAT-fs (loop3): Directory bread(block 168) failed [ 327.194133][T16965] FAT-fs (loop3): Directory bread(block 169) failed [ 327.257359][T16965] FAT-fs (loop3): Directory bread(block 162) failed [ 327.290941][T16965] FAT-fs (loop3): Directory bread(block 163) failed [ 327.305593][T16965] syz.3.3453: attempt to access beyond end of device [ 327.305593][T16965] loop3: rw=3, sector=226, nr_sectors = 6 limit=128 [ 327.321449][T16965] syz.3.3453: attempt to access beyond end of device [ 327.321449][T16965] loop3: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 327.937795][T16996] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3460'. [ 327.974197][T16996] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3460'. [ 327.989187][T17009] netlink: 'syz.3.3462': attribute type 21 has an invalid length. [ 328.260379][T17040] xt_TCPMSS: Only works on TCP SYN packets [ 328.762705][T17069] netlink: 'syz.4.3473': attribute type 75 has an invalid length. [ 329.350557][T17071] team0: Port device macvlan0 removed [ 329.518727][ T126] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 329.588967][ T4284] Bluetooth: hci1: command 0x0406 tx timeout [ 329.716440][ T126] usb 1-1: Using ep0 maxpacket: 32 [ 329.732452][ T126] usb 1-1: unable to get BOS descriptor or descriptor too short [ 329.770717][ T126] usb 1-1: config 7 has an invalid interface number: 187 but max is 0 [ 329.789361][ T126] usb 1-1: config 7 has no interface number 0 [ 329.802052][ T126] usb 1-1: config 7 interface 187 has no altsetting 0 [ 329.825992][T17098] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3484'. [ 329.841320][ T126] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 329.851656][ T27] audit: type=1107 audit(329.806:2551): pid=17150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='>' [ 329.881352][ T126] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.913481][ T126] usb 1-1: Product: syz [ 329.918349][ T126] usb 1-1: Manufacturer: syz [ 329.942349][ T126] usb 1-1: SerialNumber: syz [ 330.106490][T17163] ip6t_rpfilter: unknown options [ 330.184009][ T126] usb 1-1: Limiting number of CPorts to U8_MAX [ 330.203201][ T126] usb 1-1: Unknown endpoint type found, address 0x07 [ 330.219186][ T126] usb 1-1: Not enough endpoints found in device, aborting! [ 330.381308][T17177] loop5: detected capacity change from 0 to 512 [ 330.414618][ T4321] usb 1-1: USB disconnect, device number 15 [ 330.423771][T17177] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 330.512219][T17191] xt_TPROXY: Can be used only with -p tcp or -p udp [ 330.522798][T17177] EXT4-fs (loop5): 1 truncate cleaned up [ 330.528502][T17177] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 330.773977][T10083] EXT4-fs (loop5): unmounting filesystem. [ 331.169247][T17228] netlink: 'syz.0.3511': attribute type 1 has an invalid length. [ 331.348943][ T28] INFO: task syz-executor:4266 blocked for more than 143 seconds. [ 331.356834][ T28] Not tainted syzkaller #0 [ 331.394151][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 331.418516][ T28] task:syz-executor state:D stack:22064 pid:4266 ppid:1 flags:0x00004004 [ 331.472179][ T28] Call Trace: [ 331.490596][ T28] [ 331.504834][ T28] __schedule+0x11d1/0x40e0 [ 331.530102][ T28] ? mark_lock+0x94/0x320 [ 331.549649][ T28] ? __sched_text_start+0x8/0x8 [ 331.573367][ T28] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 331.584267][ T28] ? lock_chain_count+0x20/0x20 [ 331.593835][ T28] ? _raw_spin_lock_irq+0xb7/0xf0 [ 331.605419][ T28] ? _raw_spin_lock_irqsave+0x100/0x100 [ 331.611607][ T28] schedule+0xb9/0x180 [ 331.616547][ T28] io_schedule+0x7c/0xd0 [ 331.627864][ T28] folio_wait_bit_common+0x70a/0xfa0 [ 331.634286][ T28] ? folio_wait_bit+0x30/0x30 [ 331.641748][ T28] ? migration_entry_wait_on_locked+0xe90/0xe90 [ 331.648103][ T28] ? folio_mapping+0x1ba/0x4d0 [ 331.653249][ T28] truncate_inode_pages_range+0x9fe/0x1090 [ 331.659221][ T28] ? mapping_evict_folio+0x520/0x520 [ 331.664650][ T28] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 331.670893][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 331.676136][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 331.681421][ T28] evict+0x4dc/0x8d0 [ 331.685365][ T28] ? proc_nr_inodes+0x2f0/0x2f0 [ 331.690285][ T28] ? do_raw_spin_unlock+0x11d/0x230 [ 331.695506][ T28] ? do_raw_spin_unlock+0x11d/0x230 [ 331.700786][ T28] evict_inodes+0x60c/0x6a0 [ 331.705376][ T28] ? clear_inode+0x150/0x150 [ 331.710160][ T28] generic_shutdown_super+0x93/0x340 [ 331.715475][ T28] kill_block_super+0x7c/0xe0 [ 331.720378][ T28] deactivate_locked_super+0x93/0xf0 [ 331.725826][ T28] cleanup_mnt+0x42c/0x4b0 [ 331.730363][ T28] ? lockdep_hardirqs_on+0x94/0x140 [ 331.735945][ T28] task_work_run+0x1d0/0x260 [ 331.740626][ T28] ? task_work_cancel+0x220/0x220 [ 331.745899][ T28] ? exit_to_user_mode_loop+0x3b/0x110 [ 331.751515][ T28] exit_to_user_mode_loop+0xe6/0x110 [ 331.756846][ T28] exit_to_user_mode_prepare+0xee/0x180 [ 331.762591][ T28] syscall_exit_to_user_mode+0x16/0x40 [ 331.768082][ T28] do_syscall_64+0x58/0xa0 [ 331.772561][ T28] ? clear_bhb_loop+0x60/0xb0 [ 331.777285][ T28] ? clear_bhb_loop+0x60/0xb0 [ 331.782065][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 331.788012][ T28] RIP: 0033:0x7f8ddf59d897 [ 331.792549][ T28] RSP: 002b:00007ffe888d5688 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 331.801140][ T28] RAX: 0000000000000000 RBX: 00007f8ddf631ef0 RCX: 00007f8ddf59d897 [ 331.809411][ T28] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe888d5740 [ 331.817504][ T28] RBP: 00007ffe888d5740 R08: 00007ffe888d6740 R09: 00000000ffffffff [ 331.825718][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe888d67d0 [ 331.834075][ T28] R13: 00007f8ddf631ef0 R14: 000000000002cf6c R15: 00007ffe888d6810 [ 331.842574][ T28] [ 331.845660][ T28] [ 331.845660][ T28] Showing all locks held in the system: [ 331.853713][ T28] 1 lock held by rcu_tasks_kthre/12: [ 331.859123][ T28] #0: ffffffff8cb2dfb0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 [ 331.869930][ T28] 1 lock held by rcu_tasks_trace/13: [ 331.875251][ T28] #0: ffffffff8cb2e7d0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 [ 331.886540][ T28] 1 lock held by khungtaskd/28: [ 331.891536][ T28] #0: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 [ 331.901589][ T28] 2 locks held by getty/4025: [ 331.906312][ T28] #0: ffff88814d156098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 331.916330][ T28] #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x429/0x1390 [ 331.926781][ T28] 1 lock held by syz-executor/4266: [ 331.932074][ T28] #0: ffff8880570020e0 (&type->s_umount_key#109){+.+.}-{3:3}, at: deactivate_super+0xa0/0xd0 [ 331.942888][ T28] 2 locks held by kworker/u4:7/4330: [ 331.948222][ T28] #0: ffff8880b8e3ab18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 [ 331.958215][ T28] #1: ffff8880b8e27888 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x312/0x6d0 [ 331.969787][ T28] [ 331.972134][ T28] ============================================= [ 331.972134][ T28] [ 331.981018][ T28] NMI backtrace for cpu 1 [ 331.985554][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted syzkaller #0 [ 331.992770][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 332.002847][ T28] Call Trace: [ 332.006138][ T28] [ 332.009079][ T28] dump_stack_lvl+0x188/0x24e [ 332.013787][ T28] ? irq_work_queue+0xb8/0x140 [ 332.018575][ T28] ? show_regs_print_info+0x12/0x12 [ 332.023876][ T28] ? load_image+0x400/0x400 [ 332.028410][ T28] ? vprintk_emit+0x59f/0x6a0 [ 332.033201][ T28] ? printk_sprint+0x460/0x460 [ 332.037987][ T28] nmi_cpu_backtrace+0x3e6/0x460 [ 332.042952][ T28] ? nmi_trigger_cpumask_backtrace+0x450/0x450 [ 332.049211][ T28] ? _printk+0xda/0x130 [ 332.053558][ T28] ? load_image+0x400/0x400 [ 332.058069][ T28] ? load_image+0x400/0x400 [ 332.062667][ T28] ? nmi_trigger_cpumask_backtrace+0xf3/0x450 [ 332.068813][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 332.074974][ T28] nmi_trigger_cpumask_backtrace+0x1d4/0x450 [ 332.081226][ T28] watchdog+0xeee/0xf30 [ 332.085393][ T28] ? watchdog+0x1ed/0xf30 [ 332.089736][ T28] kthread+0x29d/0x330 [ 332.093814][ T28] ? hungtask_pm_notify+0x40/0x40 [ 332.099130][ T28] ? kthread_blkcg+0xd0/0xd0 [ 332.103725][ T28] ret_from_fork+0x1f/0x30 [ 332.108163][ T28] [ 332.112181][ T28] Sending NMI from CPU 1 to CPUs 0: [ 332.117805][ C0] NMI backtrace for cpu 0 [ 332.117818][ C0] CPU: 0 PID: 3626 Comm: klogd Not tainted syzkaller #0 [ 332.117833][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 332.117840][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 332.117864][ C0] Code: 2e 0f 1f 84 00 00 00 00 00 90 53 48 89 fb e8 17 00 00 00 48 8b 3d 40 5a 9d 0c 48 89 de 5b e9 47 22 50 00 00 00 cc cc 00 00 cc <48> 8b 04 24 65 48 8b 0d 14 fa 7f 7e 65 8b 15 15 fa 7f 7e 81 e2 00 [ 332.117876][ C0] RSP: 0018:ffffc900032978b8 EFLAGS: 00000a02 [ 332.117891][ C0] RAX: f3f8f8f8f1f1f1f1 RBX: ffffffff8a8cd980 RCX: 8c817761b90c1f00 [ 332.117901][ C0] RDX: ffffc90003297a00 RSI: ffffffff8a8cd980 RDI: ffffc90003297b11 [ 332.117911][ C0] RBP: ffffc900032979b0 R08: ffffc90003297797 R09: ffffc90003297780 [ 332.117921][ C0] R10: dffffc0000000000 R11: fffff52000652ef3 R12: 1ffff92000652f20 [ 332.117931][ C0] R13: dffffc0000000000 R14: ffffc90003297b11 R15: ffffc90003297920 [ 332.117941][ C0] FS: 00007fa35e27fc80(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 332.117963][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 332.117973][ C0] CR2: 00007f7b8f3e6158 CR3: 000000007e446000 CR4: 00000000003506f0 [ 332.117988][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 332.117996][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 332.118005][ C0] Call Trace: [ 332.118010][ C0] [ 332.118015][ C0] sprintf+0x92/0x140 [ 332.118033][ C0] ? vsprintf+0x30/0x30 [ 332.118048][ C0] ? desc_read+0x1b8/0x3f0 [ 332.118064][ C0] info_print_prefix+0x20c/0x360 [ 332.118086][ C0] ? msg_add_dict_text+0x3d0/0x3d0 [ 332.118110][ C0] record_print_text+0x173/0x440 [ 332.118131][ C0] ? syslog_print+0x4c8/0x630 [ 332.118148][ C0] ? __lock_acquire+0x7d10/0x7d10 [ 332.118166][ C0] ? kmsg_dump_get_line+0x3e0/0x3e0 [ 332.118186][ C0] ? __might_fault+0xa6/0x120 [ 332.118200][ C0] ? __might_fault+0xc2/0x120 [ 332.118212][ C0] ? __might_fault+0xa6/0x120 [ 332.118228][ C0] syslog_print+0x3c7/0x630 [ 332.118247][ C0] ? do_syslog+0x900/0x900 [ 332.118268][ C0] ? aa_sock_msg_perm+0x94/0x150 [ 332.118284][ C0] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 332.118297][ C0] ? security_socket_sendmsg+0x7c/0xa0 [ 332.118319][ C0] ? apparmor_capable+0x12c/0x190 [ 332.118338][ C0] ? bpf_lsm_capable+0x5/0x10 [ 332.118353][ C0] ? security_capable+0x85/0xb0 [ 332.118370][ C0] do_syslog+0x817/0x900 [ 332.118389][ C0] ? log_buf_vmcoreinfo_setup+0x450/0x450 [ 332.118414][ C0] ? lock_chain_count+0x20/0x20 [ 332.118435][ C0] __x64_sys_syslog+0x78/0x90 [ 332.118454][ C0] do_syscall_64+0x4c/0xa0 [ 332.118471][ C0] ? clear_bhb_loop+0x60/0xb0 [ 332.118487][ C0] ? clear_bhb_loop+0x60/0xb0 [ 332.118503][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 332.118518][ C0] RIP: 0033:0x7fa35e449a37 [ 332.118536][ C0] Code: 73 01 c3 48 8b 0d c1 f3 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 f3 0c 00 f7 d8 64 89 01 48 [ 332.118548][ C0] RSP: 002b:00007ffed51d5268 EFLAGS: 00000206 ORIG_RAX: 0000000000000067 [ 332.118562][ C0] RAX: ffffffffffffffda RBX: 00007fa35e5e9490 RCX: 00007fa35e449a37 [ 332.118572][ C0] RDX: 00000000000003ff RSI: 00007fa35e5e9490 RDI: 0000000000000002 [ 332.118581][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 332.118590][ C0] R10: 0000000000004000 R11: 0000000000000206 R12: 00007fa35e5e9490 [ 332.118599][ C0] R13: 00007fa35e5c6dfe R14: 00007fa35e5e9879 R15: 00007fa35e5e9879 [ 332.118616][ C0] [ 332.486092][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 332.493086][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted syzkaller #0 [ 332.500398][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 332.510551][ T28] Call Trace: [ 332.513840][ T28] [ 332.516777][ T28] dump_stack_lvl+0x188/0x24e [ 332.521571][ T28] ? memcpy+0x3c/0x60 [ 332.525578][ T28] ? show_regs_print_info+0x12/0x12 [ 332.530820][ T28] ? load_image+0x400/0x400 [ 332.535342][ T28] panic+0x2e5/0x730 [ 332.539245][ T28] ? schedule_preempt_disabled+0x20/0x20 [ 332.544976][ T28] ? bpf_jit_dump+0xd0/0xd0 [ 332.549499][ T28] ? __irq_work_queue_local+0x12c/0x190 [ 332.555071][ T28] ? nmi_trigger_cpumask_backtrace+0x35b/0x450 [ 332.561411][ T28] ? nmi_trigger_cpumask_backtrace+0x360/0x450 [ 332.568198][ T28] watchdog+0xf2d/0xf30 [ 332.572365][ T28] ? watchdog+0x1ed/0xf30 [ 332.576804][ T28] kthread+0x29d/0x330 [ 332.580960][ T28] ? hungtask_pm_notify+0x40/0x40 [ 332.585996][ T28] ? kthread_blkcg+0xd0/0xd0 [ 332.590762][ T28] ret_from_fork+0x1f/0x30 [ 332.595207][ T28] [ 332.598608][ T28] Kernel Offset: disabled [ 332.602983][ T28] Rebooting in 86400 seconds..